source: trunk/www.guidonia.net/wp/wp-content/plugins/fbconnect/facebook-client4/facebook.php@ 44

Last change on this file since 44 was 44, checked in by luciano, 15 years ago
File size: 9.7 KB
Line 
1<?php
2//
3// +---------------------------------------------------------------------------+
4// | Facebook Platform PHP4 client |
5// +---------------------------------------------------------------------------+
6// | Copyright (c) 2007 Facebook, Inc. |
7// | All rights reserved. |
8// | |
9// | Redistribution and use in source and binary forms, with or without |
10// | modification, are permitted provided that the following conditions |
11// | are met: |
12// | |
13// | 1. Redistributions of source code must retain the above copyright |
14// | notice, this list of conditions and the following disclaimer. |
15// | 2. Redistributions in binary form must reproduce the above copyright |
16// | notice, this list of conditions and the following disclaimer in the |
17// | documentation and/or other materials provided with the distribution. |
18// | |
19// | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
20// | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
21// | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
22// | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
23// | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
24// | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
28// | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29// +---------------------------------------------------------------------------+
30// | For help with this library, contact developers-help@facebook.com |
31// +---------------------------------------------------------------------------+
32// no changes were made to this file - Kev
33if (!class_exists('Facebook')):
34include_once 'facebookapi_php4_restlib.php';
35
36class Facebook {
37 var $api_client;
38
39 var $api_key;
40 var $secret;
41
42 var $fb_params;
43 var $user;
44
45 var $ec;
46
47 function Facebook($api_key, $secret) {
48 $this->api_key = $api_key;
49 $this->secret = $secret;
50
51 $this->api_client = new FacebookRestClient($api_key, $secret, $this);
52 $this->ec = new FacebookAPIErrorCodes();
53
54 $this->validate_fb_params();
55
56 if (isset($this->fb_params['friends'])) {
57 $this->api_client->friends_list = explode(',', $this->fb_params['friends']);
58 }
59 if (isset($this->fb_params['added'])) {
60 $this->api_client->added = $this->fb_params['added'];
61 }
62 }
63
64 function validate_fb_params() {
65 $this->fb_params = $this->get_valid_fb_params($_POST, 48*3600, 'fb_sig');
66 if (!$this->fb_params) {
67 $this->fb_params = $this->get_valid_fb_params($_GET, 48*3600, 'fb_sig');
68 }
69 if ($this->fb_params) {
70 // If we got any fb_params passed in at all, then either:
71 // - they included an fb_user / fb_session_key, which we should assume to be correct
72 // - they didn't include an fb_user / fb_session_key, which means the user doesn't have a
73 // valid session and if we want to get one we'll need to use require_login(). (Calling
74 // set_user with null values for user/session_key will work properly.)
75 // Note that we should *not* use our cookies in this scenario, since they may be referring to
76 // the wrong user.
77 $user = isset($this->fb_params['user']) ? $this->fb_params['user'] : null;
78 $session_key = isset($this->fb_params['session_key']) ? $this->fb_params['session_key'] : null;
79 $expires = isset($this->fb_params['expires']) ? $this->fb_params['expires'] : null;
80 $this->set_user($user, $session_key, $expires);
81 } else if (!empty($_COOKIE) && $cookies = $this->get_valid_fb_params($_COOKIE, null, $this->api_key)) {
82 // use $api_key . '_' as a prefix for the cookies in case there are
83 // multiple facebook clients on the same domain.
84 $this->set_user($cookies['user'], $cookies['session_key']);
85 } else if (isset($_GET['auth_token']) && $session = $this->do_get_session($_GET['auth_token'])) {
86 $this->set_user($session['uid'], $session['session_key'], $session['expires']);
87 }
88
89 return !empty($this->fb_params);
90 }
91
92 function do_get_session($auth_token) {
93 $res = $this->api_client->auth_getSession($auth_token);
94 if (is_array($res)) {
95 return $res;
96 }
97 return false;
98 }
99
100 function redirect($url) {
101 if ($this->in_fb_canvas()) {
102 echo '<fb:redirect url="' . $url . '"/>';
103 } else if (preg_match('/^https?:\/\/([^\/]*\.)?facebook\.com(:\d+)?/i', $url)) {
104 // make sure facebook.com url's load in the full frame so that we don't
105 // get a frame within a frame.
106 echo "<script type=\"text/javascript\">\ntop.location.href = \"$url\";\n</script>";
107 } else {
108 header('Location: ' . $url);
109 }
110 exit;
111 }
112
113 function in_frame() {
114 return isset($this->fb_params['in_canvas']) || isset($this->fb_params['in_iframe']);
115 }
116 function in_fb_canvas() {
117 return isset($this->fb_params['in_canvas']);
118 }
119
120 function get_loggedin_user() {
121 return $this->user;
122 }
123
124 function current_url() {
125 return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
126 }
127
128 function require_login() {
129 if ($user = $this->get_loggedin_user()) {
130 return $user;
131 }
132 $this->redirect($this->get_login_url($this->current_url(), $this->in_frame()));
133 }
134
135 function require_install() {
136 // this was renamed, keeping for compatibility's sake
137 return $this->require_add();
138 }
139
140 function require_add() {
141 if ($user = $this->get_loggedin_user()) {
142 if ($this->fb_params['added']) {
143 return $user;
144 }
145 }
146 $this->redirect($this->get_add_url($this->current_url()));
147 }
148
149 function require_frame() {
150 if (!$this->in_frame()) {
151 $this->redirect($this->get_login_url($this->current_url(), true));
152 }
153 }
154
155 function get_facebook_url($subdomain='www') {
156 return 'http://' . $subdomain . '.facebook.com';
157 }
158
159 function get_install_url($next=null) {
160 // this was renamed, keeping for compatibility's sake
161 return $this->get_add_url($next);
162 }
163
164 function get_add_url($next=null) {
165 return $this->get_facebook_url().'/add.php?api_key='.$this->api_key .
166 ($next ? '&next=' . urlencode($next) : '');
167 }
168
169 function get_login_url($next, $canvas) {
170 return $this->get_facebook_url().'/login.php?v=1.0&api_key=' . $this->api_key .
171 ($next ? '&next=' . urlencode($next) : '') .
172 ($canvas ? '&canvas' : '');
173 }
174
175 function generate_sig($params_array, $secret) {
176 $str = '';
177
178 ksort($params_array);
179 // Note: make sure that the signature parameter is not already included in
180 // $params_array.
181 foreach ($params_array as $k=>$v) {
182 $str .= "$k=$v";
183 }
184 $str .= $secret;
185
186 return md5($str);
187 }
188
189 function set_user($user, $session_key, $expires=null) {
190 if (!$this->in_fb_canvas() && (!isset($_COOKIE[$this->api_key . '_user'])
191 || $_COOKIE[$this->api_key . '_user'] != $user)) {
192 $cookies = array();
193 $cookies['user'] = $user;
194 $cookies['session_key'] = $session_key;
195 $sig = $this->generate_sig($cookies, $this->secret);
196 foreach ($cookies as $name => $val) {
197 setcookie($this->api_key . '_' . $name, $val, (int)$expires);
198 $_COOKIE[$this->api_key . '_' . $name] = $val;
199 }
200 setcookie($this->api_key, $sig, (int)$expires);
201 $_COOKIE[$this->api_key] = $sig;
202 }
203 $this->user = $user;
204 $this->api_client->session_key = $session_key;
205 }
206
207 /**
208 * Tries to undo the badness of magic quotes as best we can
209 * @param string $val Should come directly from $_GET, $_POST, etc.
210 * @return string val without added slashes
211 */
212 function no_magic_quotes($val) {
213 if (get_magic_quotes_gpc()) {
214 return stripslashes($val);
215 } else {
216 return $val;
217 }
218 }
219
220 function get_valid_fb_params($params, $timeout=null, $namespace='fb_sig') {
221 $prefix = $namespace . '_';
222 $prefix_len = strlen($prefix);
223 $fb_params = array();
224 foreach ($params as $name => $val) {
225 if (strpos($name, $prefix) === 0) {
226 $fb_params[substr($name, $prefix_len)] = $this->no_magic_quotes($val);
227 }
228 }
229 if ($timeout && (!isset($fb_params['time']) || time() - $fb_params['time'] > $timeout)) {
230 return array();
231 }
232 if (!isset($params[$namespace]) || !$this->verify_signature($fb_params, $params[$namespace])) {
233 return array();
234 }
235 return $fb_params;
236 }
237
238 function verify_signature($fb_params, $expected_sig) {
239 return $this->generate_sig($fb_params, $this->secret) == $expected_sig;
240 }
241
242 function expire_session() {
243 $this->api_client->auth_expireSession();
244 if (!$this->in_fb_canvas() && isset($_COOKIE[$this->api_key . '_user'])) {
245
246 $cookies = array('user', 'session_key', 'expires', 'ss');
247 foreach ($cookies as $name) {
248 setcookie($this->api_key . '_' . $name, false, time() - 3600,"/");
249 unset($_COOKIE[$this->api_key . '_' . $name]);
250 //echo "SET ".$this->api_key . '_' . $name;
251 }
252 setcookie($this->api_key, false, time() - 3600,"/");
253 unset($_COOKIE[$this->api_key]);
254 }
255 $this->user = 0;
256 $this->api_client->session_key = 0;
257 return true;
258 }
259}
260endif;
261?>
Note: See TracBrowser for help on using the repository browser.