Jump to content
Sign in to follow this  

check if facebook user exists

Recommended Posts

Can someone give any suggestion how to check if a facebook address is valid when send by form input?

I created a function checking the url address with get_headers at status code 302. This doesn't work when a facebook username doesn't exist, because it still gives true.

How to solve this problem?


Share this post

Link to post
Share on other sites

302 is a redirect.  I don't think redirect would be "true", I think that would be false.  Maybe you can check the location header to see where it's trying to redirect to and base your conclusion on that.

Share this post

Link to post
Share on other sites


this is a part of the code:


	$url_inp = 'http://www.facebook.com/thisisnothingbutcrap';

	$array = get_headers($url_inp);
	$string = $array[0];
	//    if( strpos($string,"200") || strpos($string,"301") || strpos($string,"302") || strpos($string,"403")   ) {
	 if(  strpos($string,"302")    ) {  


Share this post

Link to post
Share on other sites

and here you have the output of the script:

array (size=36)
  0 => string 'HTTP/1.1 302 Found' (length=18)
  1 => string 'Location: https://www.facebook.com/thisisnothingbutcrap' (length=55)
  2 => string 'Vary: Accept-Encoding' (length=21)
  3 => string 'Content-Type: text/html; charset=UTF-8' (length=38)
  4 => string 'X-FB-Debug: H2nqcWjKt6OFa3H/7fqtn4AmaBe8bs8XU7D8p5iiBbjfIFxKPFk0AXrzmYcsb1j6CQpEAr1WWY+BMO7chtE4vg==' (length=100)
  5 => string 'Date: Thu, 10 Aug 2017 08:20:45 GMT' (length=35)
  6 => string 'Connection: close' (length=17)
  7 => string 'Content-Length: 0' (length=17)
  8 => string 'HTTP/1.1 302 Found' (length=18)
  9 => string 'Location: https://www.facebook.com/unsupportedbrowser' (length=53)
  10 => string 'Strict-Transport-Security: max-age=15552000; preload' (length=52)
  11 => string 'access-control-allow-method: OPTIONS' (length=36)
  12 => string 'Vary: Origin' (length=12)
  13 => string 'Access-Control-Expose-Headers: X-FB-Debug, X-Loader-Length' (length=58)
  14 => string 'Access-Control-Allow-Origin: https://www.facebook.com' (length=53)
  15 => string 'Access-Control-Allow-Credentials: true' (length=38)
  16 => string 'Vary: Accept-Encoding' (length=21)
  17 => string 'Content-Type: text/html; charset=UTF-8' (length=38)
  18 => string 'X-FB-Debug: fc06dn16MiWV1IVm6K5HuEgZBb+X33cGRs/6WG+s8ayq3bhc48K3/4zopvdDa0ikEY97osK2u8Y/OCHRO3eLYQ==' (length=100)
  19 => string 'Date: Thu, 10 Aug 2017 08:20:45 GMT' (length=35)
  20 => string 'Connection: close' (length=17)
  21 => string 'Content-Length: 0' (length=17)
  22 => string 'HTTP/1.1 200 OK' (length=15)
  23 => string 'X-XSS-Protection: 0' (length=19)
  24 => string 'public-key-pins-report-only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/"' (length=259)
  25 => string 'Pragma: no-cache' (length=16)
  26 => string 'Cache-Control: private, no-cache, no-store, must-revalidate' (length=59)
  27 => string 'X-Frame-Options: DENY' (length=21)
  28 => string 'Strict-Transport-Security: max-age=15552000; preload' (length=52)
  29 => string 'X-Content-Type-Options: nosniff' (length=31)
  30 => string 'Expires: Sat, 01 Jan 2000 00:00:00 GMT' (length=38)
  31 => string 'Vary: Accept-Encoding' (length=21)
  32 => string 'Content-Type: text/html; charset=UTF-8' (length=38)
  33 => string 'X-FB-Debug: 2DMvDPHSjk4qfRmBAJo9RN+YmquJZHNnvnK7JtWUJ5tiz9sFiScne55HgP9PRhnrC/oQQjaPhBiCadng5jtfSg==' (length=100)
  34 => string 'Date: Thu, 10 Aug 2017 08:20:45 GMT' (length=35)
  35 => string 'Connection: close' (length=17)

X:mylocation\test-forumpost.php:16:string 'http://www.facebook.com/thisisnothingbutcrap' (length=44)

X:mylocation\test-forumpost.php:18:string 'HTTP/1.1 302 Found' (length=18)


I deliberately input a non existing user and get the output above, similar to a user that does exist. Which of the offsets is used to determine whether it is false or not?


Edited by Balderick

Share this post

Link to post
Share on other sites

I don't think any header will tell you if a user exists or not.  The original redirect is just because they're redirecting you from http to https.  I wouldn't assume that Facebook will send a header telling you whether or not something exists on their site.

Facebook does have an API, I haven't looked deeply into the capabilities but I would imagine that most things which people need would be supported in their API.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...