source: trunk/www.guidonia.net/wp/wp-content/plugins/fbconnect/facebook-client/facebook_desktop.php@ 44

Last change on this file since 44 was 44, checked in by luciano, 15 years ago
File size: 4.5 KB
Line 
1<?php
2// Copyright 2004-2009 Facebook. All Rights Reserved.
3//
4// +---------------------------------------------------------------------------+
5// | Facebook Platform PHP5 client |
6// +---------------------------------------------------------------------------+
7// | Copyright (c) 2007 Facebook, Inc. |
8// | All rights reserved. |
9// | |
10// | Redistribution and use in source and binary forms, with or without |
11// | modification, are permitted provided that the following conditions |
12// | are met: |
13// | |
14// | 1. Redistributions of source code must retain the above copyright |
15// | notice, this list of conditions and the following disclaimer. |
16// | 2. Redistributions in binary form must reproduce the above copyright |
17// | notice, this list of conditions and the following disclaimer in the |
18// | documentation and/or other materials provided with the distribution. |
19// | |
20// | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
21// | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
22// | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
23// | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
24// | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
25// | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
26// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
27// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
28// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
29// | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
30// +---------------------------------------------------------------------------+
31// | For help with this library, contact developers-help@facebook.com |
32// +---------------------------------------------------------------------------+
33//
34
35/**
36 * This class extends and modifies the "Facebook" class to better
37 * suit desktop apps.
38 */
39class FacebookDesktop extends Facebook {
40 // the application secret, which differs from the session secret
41 public $app_secret;
42 public $verify_sig;
43
44 public function __construct($api_key, $secret) {
45 $this->app_secret = $secret;
46 $this->verify_sig = false;
47 parent::__construct($api_key, $secret);
48 }
49
50 public function do_get_session($auth_token) {
51 $this->api_client->secret = $this->app_secret;
52 $this->api_client->session_key = null;
53 $session_info = parent::do_get_session($auth_token);
54 if (!empty($session_info['secret'])) {
55 // store the session secret
56 $this->set_session_secret($session_info['secret']);
57 }
58 return $session_info;
59 }
60
61 public function set_session_secret($session_secret) {
62 $this->secret = $session_secret;
63 $this->api_client->secret = $session_secret;
64 }
65
66 public function require_login() {
67 if ($this->get_loggedin_user()) {
68 try {
69 // try a session-based API call to ensure that we have the correct
70 // session secret
71 $user = $this->api_client->users_getLoggedInUser();
72
73 // now that we have a valid session secret, verify the signature
74 $this->verify_sig = true;
75 if ($this->validate_fb_params(false)) {
76 return $user;
77 } else {
78 // validation failed
79 return null;
80 }
81 } catch (FacebookRestClientException $ex) {
82 if (isset($_GET['auth_token'])) {
83 // if we have an auth_token, use it to establish a session
84 $session_info = $this->do_get_session($_GET['auth_token']);
85 if ($session_info) {
86 return $session_info['uid'];
87 }
88 }
89 }
90 }
91 // if we get here, we need to redirect the user to log in
92 $this->redirect($this->get_login_url(self::current_url(), $this->in_fb_canvas()));
93 }
94
95 public function verify_signature($fb_params, $expected_sig) {
96 // we don't want to verify the signature until we have a valid
97 // session secret
98 if ($this->verify_sig) {
99 return parent::verify_signature($fb_params, $expected_sig);
100 } else {
101 return true;
102 }
103 }
104}
Note: See TracBrowser for help on using the repository browser.