I currently have my iOS app hooked up to facebooks API to log users into my app. I don't give users any other way to login, so they do not have local passwords on my database now. The app currently posts the facebook user_id to my server and if it is in the DB, it completes the login, if not, it redirects the user to register. Obviously, this is a pretty lousy way to do it, as anyone can just submit the user id if they know it (it's public info) and log in to my app as someone else. I do have if statements in my PHP to make sure the user is actually in the table before posting.
My question is how can I make the login process secure so people can't just submit a user id and gain access? I've read the facebook API, but I'm not very familiar with programming and would appreciate the help. I know facebook must have something for this purpose, I either overlooked it because I don't understand it or missed it entirely.
Thanks in advance!