I use a request dialog in my app where the user can send requests to their friends. Once the user sends the request i redirect the app to a page where it posts on the users page. I use the below code to get an access_token:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/oauth/access_token?client_id='.APP_ID.'&client_secret='.APP_SECRET.'&redirect_uri=http://www.facebook.com/pages/Cosmetics/167231286678063?sk=app_233227910028874&grant_type=client_credentials');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);

$token = curl_exec($ch);

$me = $facebook->api('/me?'.$token);

but when I try to post on the wall it shows this error:

Fatal error: Uncaught OAuthException: Invalid OAuth access token signature.

Why don't you use PHP SDK 3.0.1 ?

Its easy if you use the sdk provided by facebook, here's the sample for authentication using php sdk 3.0.1:

<?php

// Requires Facebook PHP SDK 3.0.1: https://github.com/facebook/php-sdk/
require ('facebook.php');

define('FACEBOOK_APP_ID',"YOUR-APP-ID-HERE");
define('FACEBOOK_SECRET',"YOUR-APP-API-SECRET-HERE");
define('REDIRECT_URI',"YOUR-REDIRECT-URL-HERE");
define('PERMISSIONS_REQUIRED', "publish_stream,user_photos");
$user = null;

$facebook = new Facebook(array(
    'appId' => FACEBOOK_APP_ID,
    'secret' => FACEBOOK_SECRET,
    'cookie' => true
));

$user = $facebook->getUser(); // Get the UID of the connected user, or 0 if the Facebook user is not connected.

if($user == 0) {
    // If the user is not connected to your application, redirect the user to authentication page
    /**
     * Get a Login URL for use with redirects. By default, full page redirect is
     * assumed. If you are using the generated URL with a window.open() call in
     * JavaScript, you can pass in display=popup as part of the $params.
     * 
     * The parameters:
     * - redirect_uri: the url to go to after a successful login
     * - scope: comma separated list of requested extended perms
     */

    $login_url = $facebook->getLoginUrl($params = array('redirect_uri' => REDIRECT_URI,'scope' => PERMISSIONS_REQUIRED));

    echo ("<script> top.location.href='".$login_url."'</script>");

} else {
    // if the user is already connected, then fetch access_token and user's information or show some content to logged in user.
    try
    {
        $access_token = $facebook->getAccessToken(); // Gives you current user's access_token

        $user = $facebook->api('/me'); // Gets User's information based on permissions the user has granted to your application.

    } catch(FacebookApiException $e){
        $results = $e->getResult();
        // Print results if you want to debug.
    }

}

?>

I'm not sure on how exactly you are trying to authenticate.. It might be ok doing a request that way, but the method I use is the one documented here: http://developers.facebook.com/docs/authentication/

That is, you first redirect the user to a Facebook page in order to make him accept permissions. Once he accepts, he gets redirected to an URL you provided, with a code=### get argument you need to perform a server-side request in order to get the real access_token you need..

Example redirect url:

$my_url = 'http://www.example.com';
"http://www.facebook.com/dialog/oauth?client_id=". $app_id ."&redirect_uri=". urlencode($my_url);

Then, when the user clicks on Accept, he gets redirected to, for example

http://www.example.com?code=ABCDEF

Then, on the server-side, you need to get the access_token making a call like this:

"https://graph.facebook.com/oauth/access_token?"
   . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
   . "&client_secret=" . $app_secret . "&code=" . $code;

Then double check the returned text from that call, and try getting

"https://graph.facebook.com/me?access_token=". $access_token;

(You can also check this by hand)

EDIT

Also, you probably need some more permissions from the user in order to publishi on his stream. So, ask for permissions adding a scope=publish_stream get to the first (user authorization) URL.

You're using &grant_type=client_credentials which gives you an access token for your app as a whole, not for your current user. To get an access token for your current user you need to redirect them to the same url, but without the &grant_type=client_credentials and then Facebook will redirect them back to your redirect_uri and send along the access_token you need. Alternatively you can use the Javascript SDK to obtain an access token through a pop up window without redirecting them.

Here's a link to another question for how to authenticate with the JS SDK and no redirect: Facebook Authentication Without Redirect?

What you are doing there is getting the application access token:

App Login allows you to take various administrative actions for your app, such as retrieving Insights data or approving Requests. Graph API calls that require an app access token are clearly denoted in the API reference.

What you need is a user access token with some permissions, in your case it would be publish_stream.