[44] | 1 | <?php
|
---|
| 2 | //
|
---|
| 3 | // +---------------------------------------------------------------------------+
|
---|
| 4 | // | Facebook Platform PHP4 client |
|
---|
| 5 | // +---------------------------------------------------------------------------+
|
---|
| 6 | // | Copyright (c) 2007 Facebook, Inc. |
|
---|
| 7 | // | All rights reserved. |
|
---|
| 8 | // | |
|
---|
| 9 | // | Redistribution and use in source and binary forms, with or without |
|
---|
| 10 | // | modification, are permitted provided that the following conditions |
|
---|
| 11 | // | are met: |
|
---|
| 12 | // | |
|
---|
| 13 | // | 1. Redistributions of source code must retain the above copyright |
|
---|
| 14 | // | notice, this list of conditions and the following disclaimer. |
|
---|
| 15 | // | 2. Redistributions in binary form must reproduce the above copyright |
|
---|
| 16 | // | notice, this list of conditions and the following disclaimer in the |
|
---|
| 17 | // | documentation and/or other materials provided with the distribution. |
|
---|
| 18 | // | |
|
---|
| 19 | // | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
---|
| 20 | // | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
---|
| 21 | // | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
---|
| 22 | // | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
---|
| 23 | // | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
---|
| 24 | // | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
---|
| 25 | // | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
---|
| 26 | // | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
---|
| 27 | // | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
---|
| 28 | // | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
---|
| 29 | // +---------------------------------------------------------------------------+
|
---|
| 30 | // | For help with this library, contact developers-help@facebook.com |
|
---|
| 31 | // +---------------------------------------------------------------------------+
|
---|
| 32 | // no changes were made to this file - Kev
|
---|
| 33 | if (!class_exists('Facebook')):
|
---|
| 34 | include_once 'facebookapi_php4_restlib.php';
|
---|
| 35 |
|
---|
| 36 | class Facebook {
|
---|
| 37 | var $api_client;
|
---|
| 38 |
|
---|
| 39 | var $api_key;
|
---|
| 40 | var $secret;
|
---|
| 41 |
|
---|
| 42 | var $fb_params;
|
---|
| 43 | var $user;
|
---|
| 44 |
|
---|
| 45 | var $ec;
|
---|
| 46 |
|
---|
| 47 | function Facebook($api_key, $secret) {
|
---|
| 48 | $this->api_key = $api_key;
|
---|
| 49 | $this->secret = $secret;
|
---|
| 50 |
|
---|
| 51 | $this->api_client = new FacebookRestClient($api_key, $secret, $this);
|
---|
| 52 | $this->ec = new FacebookAPIErrorCodes();
|
---|
| 53 |
|
---|
| 54 | $this->validate_fb_params();
|
---|
| 55 |
|
---|
| 56 | if (isset($this->fb_params['friends'])) {
|
---|
| 57 | $this->api_client->friends_list = explode(',', $this->fb_params['friends']);
|
---|
| 58 | }
|
---|
| 59 | if (isset($this->fb_params['added'])) {
|
---|
| 60 | $this->api_client->added = $this->fb_params['added'];
|
---|
| 61 | }
|
---|
| 62 | }
|
---|
| 63 |
|
---|
| 64 | function validate_fb_params() {
|
---|
| 65 | $this->fb_params = $this->get_valid_fb_params($_POST, 48*3600, 'fb_sig');
|
---|
| 66 | if (!$this->fb_params) {
|
---|
| 67 | $this->fb_params = $this->get_valid_fb_params($_GET, 48*3600, 'fb_sig');
|
---|
| 68 | }
|
---|
| 69 | if ($this->fb_params) {
|
---|
| 70 | // If we got any fb_params passed in at all, then either:
|
---|
| 71 | // - they included an fb_user / fb_session_key, which we should assume to be correct
|
---|
| 72 | // - they didn't include an fb_user / fb_session_key, which means the user doesn't have a
|
---|
| 73 | // valid session and if we want to get one we'll need to use require_login(). (Calling
|
---|
| 74 | // set_user with null values for user/session_key will work properly.)
|
---|
| 75 | // Note that we should *not* use our cookies in this scenario, since they may be referring to
|
---|
| 76 | // the wrong user.
|
---|
| 77 | $user = isset($this->fb_params['user']) ? $this->fb_params['user'] : null;
|
---|
| 78 | $session_key = isset($this->fb_params['session_key']) ? $this->fb_params['session_key'] : null;
|
---|
| 79 | $expires = isset($this->fb_params['expires']) ? $this->fb_params['expires'] : null;
|
---|
| 80 | $this->set_user($user, $session_key, $expires);
|
---|
| 81 | } else if (!empty($_COOKIE) && $cookies = $this->get_valid_fb_params($_COOKIE, null, $this->api_key)) {
|
---|
| 82 | // use $api_key . '_' as a prefix for the cookies in case there are
|
---|
| 83 | // multiple facebook clients on the same domain.
|
---|
| 84 | $this->set_user($cookies['user'], $cookies['session_key']);
|
---|
| 85 | } else if (isset($_GET['auth_token']) && $session = $this->do_get_session($_GET['auth_token'])) {
|
---|
| 86 | $this->set_user($session['uid'], $session['session_key'], $session['expires']);
|
---|
| 87 | }
|
---|
| 88 |
|
---|
| 89 | return !empty($this->fb_params);
|
---|
| 90 | }
|
---|
| 91 |
|
---|
| 92 | function do_get_session($auth_token) {
|
---|
| 93 | $res = $this->api_client->auth_getSession($auth_token);
|
---|
| 94 | if (is_array($res)) {
|
---|
| 95 | return $res;
|
---|
| 96 | }
|
---|
| 97 | return false;
|
---|
| 98 | }
|
---|
| 99 |
|
---|
| 100 | function redirect($url) {
|
---|
| 101 | if ($this->in_fb_canvas()) {
|
---|
| 102 | echo '<fb:redirect url="' . $url . '"/>';
|
---|
| 103 | } else if (preg_match('/^https?:\/\/([^\/]*\.)?facebook\.com(:\d+)?/i', $url)) {
|
---|
| 104 | // make sure facebook.com url's load in the full frame so that we don't
|
---|
| 105 | // get a frame within a frame.
|
---|
| 106 | echo "<script type=\"text/javascript\">\ntop.location.href = \"$url\";\n</script>";
|
---|
| 107 | } else {
|
---|
| 108 | header('Location: ' . $url);
|
---|
| 109 | }
|
---|
| 110 | exit;
|
---|
| 111 | }
|
---|
| 112 |
|
---|
| 113 | function in_frame() {
|
---|
| 114 | return isset($this->fb_params['in_canvas']) || isset($this->fb_params['in_iframe']);
|
---|
| 115 | }
|
---|
| 116 | function in_fb_canvas() {
|
---|
| 117 | return isset($this->fb_params['in_canvas']);
|
---|
| 118 | }
|
---|
| 119 |
|
---|
| 120 | function get_loggedin_user() {
|
---|
| 121 | return $this->user;
|
---|
| 122 | }
|
---|
| 123 |
|
---|
| 124 | function current_url() {
|
---|
| 125 | return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
---|
| 126 | }
|
---|
| 127 |
|
---|
| 128 | function require_login() {
|
---|
| 129 | if ($user = $this->get_loggedin_user()) {
|
---|
| 130 | return $user;
|
---|
| 131 | }
|
---|
| 132 | $this->redirect($this->get_login_url($this->current_url(), $this->in_frame()));
|
---|
| 133 | }
|
---|
| 134 |
|
---|
| 135 | function require_install() {
|
---|
| 136 | // this was renamed, keeping for compatibility's sake
|
---|
| 137 | return $this->require_add();
|
---|
| 138 | }
|
---|
| 139 |
|
---|
| 140 | function require_add() {
|
---|
| 141 | if ($user = $this->get_loggedin_user()) {
|
---|
| 142 | if ($this->fb_params['added']) {
|
---|
| 143 | return $user;
|
---|
| 144 | }
|
---|
| 145 | }
|
---|
| 146 | $this->redirect($this->get_add_url($this->current_url()));
|
---|
| 147 | }
|
---|
| 148 |
|
---|
| 149 | function require_frame() {
|
---|
| 150 | if (!$this->in_frame()) {
|
---|
| 151 | $this->redirect($this->get_login_url($this->current_url(), true));
|
---|
| 152 | }
|
---|
| 153 | }
|
---|
| 154 |
|
---|
| 155 | function get_facebook_url($subdomain='www') {
|
---|
| 156 | return 'http://' . $subdomain . '.facebook.com';
|
---|
| 157 | }
|
---|
| 158 |
|
---|
| 159 | function get_install_url($next=null) {
|
---|
| 160 | // this was renamed, keeping for compatibility's sake
|
---|
| 161 | return $this->get_add_url($next);
|
---|
| 162 | }
|
---|
| 163 |
|
---|
| 164 | function get_add_url($next=null) {
|
---|
| 165 | return $this->get_facebook_url().'/add.php?api_key='.$this->api_key .
|
---|
| 166 | ($next ? '&next=' . urlencode($next) : '');
|
---|
| 167 | }
|
---|
| 168 |
|
---|
| 169 | function get_login_url($next, $canvas) {
|
---|
| 170 | return $this->get_facebook_url().'/login.php?v=1.0&api_key=' . $this->api_key .
|
---|
| 171 | ($next ? '&next=' . urlencode($next) : '') .
|
---|
| 172 | ($canvas ? '&canvas' : '');
|
---|
| 173 | }
|
---|
| 174 |
|
---|
| 175 | function generate_sig($params_array, $secret) {
|
---|
| 176 | $str = '';
|
---|
| 177 |
|
---|
| 178 | ksort($params_array);
|
---|
| 179 | // Note: make sure that the signature parameter is not already included in
|
---|
| 180 | // $params_array.
|
---|
| 181 | foreach ($params_array as $k=>$v) {
|
---|
| 182 | $str .= "$k=$v";
|
---|
| 183 | }
|
---|
| 184 | $str .= $secret;
|
---|
| 185 |
|
---|
| 186 | return md5($str);
|
---|
| 187 | }
|
---|
| 188 |
|
---|
| 189 | function set_user($user, $session_key, $expires=null) {
|
---|
| 190 | if (!$this->in_fb_canvas() && (!isset($_COOKIE[$this->api_key . '_user'])
|
---|
| 191 | || $_COOKIE[$this->api_key . '_user'] != $user)) {
|
---|
| 192 | $cookies = array();
|
---|
| 193 | $cookies['user'] = $user;
|
---|
| 194 | $cookies['session_key'] = $session_key;
|
---|
| 195 | $sig = $this->generate_sig($cookies, $this->secret);
|
---|
| 196 | foreach ($cookies as $name => $val) {
|
---|
| 197 | setcookie($this->api_key . '_' . $name, $val, (int)$expires);
|
---|
| 198 | $_COOKIE[$this->api_key . '_' . $name] = $val;
|
---|
| 199 | }
|
---|
| 200 | setcookie($this->api_key, $sig, (int)$expires);
|
---|
| 201 | $_COOKIE[$this->api_key] = $sig;
|
---|
| 202 | }
|
---|
| 203 | $this->user = $user;
|
---|
| 204 | $this->api_client->session_key = $session_key;
|
---|
| 205 | }
|
---|
| 206 |
|
---|
| 207 | /**
|
---|
| 208 | * Tries to undo the badness of magic quotes as best we can
|
---|
| 209 | * @param string $val Should come directly from $_GET, $_POST, etc.
|
---|
| 210 | * @return string val without added slashes
|
---|
| 211 | */
|
---|
| 212 | function no_magic_quotes($val) {
|
---|
| 213 | if (get_magic_quotes_gpc()) {
|
---|
| 214 | return stripslashes($val);
|
---|
| 215 | } else {
|
---|
| 216 | return $val;
|
---|
| 217 | }
|
---|
| 218 | }
|
---|
| 219 |
|
---|
| 220 | function get_valid_fb_params($params, $timeout=null, $namespace='fb_sig') {
|
---|
| 221 | $prefix = $namespace . '_';
|
---|
| 222 | $prefix_len = strlen($prefix);
|
---|
| 223 | $fb_params = array();
|
---|
| 224 | foreach ($params as $name => $val) {
|
---|
| 225 | if (strpos($name, $prefix) === 0) {
|
---|
| 226 | $fb_params[substr($name, $prefix_len)] = $this->no_magic_quotes($val);
|
---|
| 227 | }
|
---|
| 228 | }
|
---|
| 229 | if ($timeout && (!isset($fb_params['time']) || time() - $fb_params['time'] > $timeout)) {
|
---|
| 230 | return array();
|
---|
| 231 | }
|
---|
| 232 | if (!isset($params[$namespace]) || !$this->verify_signature($fb_params, $params[$namespace])) {
|
---|
| 233 | return array();
|
---|
| 234 | }
|
---|
| 235 | return $fb_params;
|
---|
| 236 | }
|
---|
| 237 |
|
---|
| 238 | function verify_signature($fb_params, $expected_sig) {
|
---|
| 239 | return $this->generate_sig($fb_params, $this->secret) == $expected_sig;
|
---|
| 240 | }
|
---|
| 241 |
|
---|
| 242 | function expire_session() {
|
---|
| 243 | $this->api_client->auth_expireSession();
|
---|
| 244 | if (!$this->in_fb_canvas() && isset($_COOKIE[$this->api_key . '_user'])) {
|
---|
| 245 |
|
---|
| 246 | $cookies = array('user', 'session_key', 'expires', 'ss');
|
---|
| 247 | foreach ($cookies as $name) {
|
---|
| 248 | setcookie($this->api_key . '_' . $name, false, time() - 3600,"/");
|
---|
| 249 | unset($_COOKIE[$this->api_key . '_' . $name]);
|
---|
| 250 | //echo "SET ".$this->api_key . '_' . $name;
|
---|
| 251 | }
|
---|
| 252 | setcookie($this->api_key, false, time() - 3600,"/");
|
---|
| 253 | unset($_COOKIE[$this->api_key]);
|
---|
| 254 | }
|
---|
| 255 | $this->user = 0;
|
---|
| 256 | $this->api_client->session_key = 0;
|
---|
| 257 | return true;
|
---|
| 258 | }
|
---|
| 259 | }
|
---|
| 260 | endif;
|
---|
| 261 | ?>
|
---|