Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/www.guidonia.net/wp/wp-content/plugins/fbconnect/facebook-client4/facebook.php@ 44

Last change on this file since 44 was 44, checked in by luciano, 14 years ago

File size: 9.7 KB

Line
1	<?php
2	//
3	// +---------------------------------------------------------------------------+
4	// \| Facebook Platform PHP4 client \|
5	// +---------------------------------------------------------------------------+
6	// \| Copyright (c) 2007 Facebook, Inc. \|
7	// \| All rights reserved. \|
8	// \| \|
9	// \| Redistribution and use in source and binary forms, with or without \|
10	// \| modification, are permitted provided that the following conditions \|
11	// \| are met: \|
12	// \| \|
13	// \| 1. Redistributions of source code must retain the above copyright \|
14	// \| notice, this list of conditions and the following disclaimer. \|
15	// \| 2. Redistributions in binary form must reproduce the above copyright \|
16	// \| notice, this list of conditions and the following disclaimer in the \|
17	// \| documentation and/or other materials provided with the distribution. \|
18	// \| \|
19	// \| THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR \|
20	// \| IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES \|
21	// \| OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. \|
22	// \| IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, \|
23	// \| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT \|
24	// \| NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
25	// \| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
26	// \| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
27	// \| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF \|
28	// \| THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
29	// +---------------------------------------------------------------------------+
30	// \| For help with this library, contact developers-help@facebook.com \|
31	// +---------------------------------------------------------------------------+
32	// no changes were made to this file - Kev
33	if (!class_exists('Facebook')):
34	include_once 'facebookapi_php4_restlib.php';
35
36	class Facebook {
37	var $api_client;
38
39	var $api_key;
40	var $secret;
41
42	var $fb_params;
43	var $user;
44
45	var $ec;
46
47	function Facebook($api_key, $secret) {
48	$this->api_key = $api_key;
49	$this->secret = $secret;
50
51	$this->api_client = new FacebookRestClient($api_key, $secret, $this);
52	$this->ec = new FacebookAPIErrorCodes();
53
54	$this->validate_fb_params();
55
56	if (isset($this->fb_params['friends'])) {
57	$this->api_client->friends_list = explode(',', $this->fb_params['friends']);
58	}
59	if (isset($this->fb_params['added'])) {
60	$this->api_client->added = $this->fb_params['added'];
61	}
62	}
63
64	function validate_fb_params() {
65	$this->fb_params = $this->get_valid_fb_params($_POST, 48*3600, 'fb_sig');
66	if (!$this->fb_params) {
67	$this->fb_params = $this->get_valid_fb_params($_GET, 48*3600, 'fb_sig');
68	}
69	if ($this->fb_params) {
70	// If we got any fb_params passed in at all, then either:
71	// - they included an fb_user / fb_session_key, which we should assume to be correct
72	// - they didn't include an fb_user / fb_session_key, which means the user doesn't have a
73	// valid session and if we want to get one we'll need to use require_login(). (Calling
74	// set_user with null values for user/session_key will work properly.)
75	// Note that we should not use our cookies in this scenario, since they may be referring to
76	// the wrong user.
77	$user = isset($this->fb_params['user']) ? $this->fb_params['user'] : null;
78	$session_key = isset($this->fb_params['session_key']) ? $this->fb_params['session_key'] : null;
79	$expires = isset($this->fb_params['expires']) ? $this->fb_params['expires'] : null;
80	$this->set_user($user, $session_key, $expires);
81	} else if (!empty($_COOKIE) && $cookies = $this->get_valid_fb_params($_COOKIE, null, $this->api_key)) {
82	// use $api_key . '_' as a prefix for the cookies in case there are
83	// multiple facebook clients on the same domain.
84	$this->set_user($cookies['user'], $cookies['session_key']);
85	} else if (isset($_GET['auth_token']) && $session = $this->do_get_session($_GET['auth_token'])) {
86	$this->set_user($session['uid'], $session['session_key'], $session['expires']);
87	}
88
89	return !empty($this->fb_params);
90	}
91
92	function do_get_session($auth_token) {
93	$res = $this->api_client->auth_getSession($auth_token);
94	if (is_array($res)) {
95	return $res;
96	}
97	return false;
98	}
99
100	function redirect($url) {
101	if ($this->in_fb_canvas()) {
102	echo '<fb:redirect url="' . $url . '"/>';
103	} else if (preg_match('/^https?:\/\/([^\/]*\.)?facebook\.com(:\d+)?/i', $url)) {
104	// make sure facebook.com url's load in the full frame so that we don't
105	// get a frame within a frame.
106	echo "<script type=\"text/javascript\">\ntop.location.href = \"$url\";\n</script>";
107	} else {
108	header('Location: ' . $url);
109	}
110	exit;
111	}
112
113	function in_frame() {
114	return isset($this->fb_params['in_canvas']) \|\| isset($this->fb_params['in_iframe']);
115	}
116	function in_fb_canvas() {
117	return isset($this->fb_params['in_canvas']);
118	}
119
120	function get_loggedin_user() {
121	return $this->user;
122	}
123
124	function current_url() {
125	return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
126	}
127
128	function require_login() {
129	if ($user = $this->get_loggedin_user()) {
130	return $user;
131	}
132	$this->redirect($this->get_login_url($this->current_url(), $this->in_frame()));
133	}
134
135	function require_install() {
136	// this was renamed, keeping for compatibility's sake
137	return $this->require_add();
138	}
139
140	function require_add() {
141	if ($user = $this->get_loggedin_user()) {
142	if ($this->fb_params['added']) {
143	return $user;
144	}
145	}
146	$this->redirect($this->get_add_url($this->current_url()));
147	}
148
149	function require_frame() {
150	if (!$this->in_frame()) {
151	$this->redirect($this->get_login_url($this->current_url(), true));
152	}
153	}
154
155	function get_facebook_url($subdomain='www') {
156	return 'http://' . $subdomain . '.facebook.com';
157	}
158
159	function get_install_url($next=null) {
160	// this was renamed, keeping for compatibility's sake
161	return $this->get_add_url($next);
162	}
163
164	function get_add_url($next=null) {
165	return $this->get_facebook_url().'/add.php?api_key='.$this->api_key .
166	($next ? '&next=' . urlencode($next) : '');
167	}
168
169	function get_login_url($next, $canvas) {
170	return $this->get_facebook_url().'/login.php?v=1.0&api_key=' . $this->api_key .
171	($next ? '&next=' . urlencode($next) : '') .
172	($canvas ? '&canvas' : '');
173	}
174
175	function generate_sig($params_array, $secret) {
176	$str = '';
177
178	ksort($params_array);
179	// Note: make sure that the signature parameter is not already included in
180	// $params_array.
181	foreach ($params_array as $k=>$v) {
182	$str .= "$k=$v";
183	}
184	$str .= $secret;
185
186	return md5($str);
187	}
188
189	function set_user($user, $session_key, $expires=null) {
190	if (!$this->in_fb_canvas() && (!isset($_COOKIE[$this->api_key . '_user'])
191	\|\| $_COOKIE[$this->api_key . '_user'] != $user)) {
192	$cookies = array();
193	$cookies['user'] = $user;
194	$cookies['session_key'] = $session_key;
195	$sig = $this->generate_sig($cookies, $this->secret);
196	foreach ($cookies as $name => $val) {
197	setcookie($this->api_key . '_' . $name, $val, (int)$expires);
198	$_COOKIE[$this->api_key . '_' . $name] = $val;
199	}
200	setcookie($this->api_key, $sig, (int)$expires);
201	$_COOKIE[$this->api_key] = $sig;
202	}
203	$this->user = $user;
204	$this->api_client->session_key = $session_key;
205	}
206
207	/**
208	* Tries to undo the badness of magic quotes as best we can
209	* @param string $val Should come directly from $_GET, $_POST, etc.
210	* @return string val without added slashes
211	*/
212	function no_magic_quotes($val) {
213	if (get_magic_quotes_gpc()) {
214	return stripslashes($val);
215	} else {
216	return $val;
217	}
218	}
219
220	function get_valid_fb_params($params, $timeout=null, $namespace='fb_sig') {
221	$prefix = $namespace . '_';
222	$prefix_len = strlen($prefix);
223	$fb_params = array();
224	foreach ($params as $name => $val) {
225	if (strpos($name, $prefix) === 0) {
226	$fb_params[substr($name, $prefix_len)] = $this->no_magic_quotes($val);
227	}
228	}
229	if ($timeout && (!isset($fb_params['time']) \|\| time() - $fb_params['time'] > $timeout)) {
230	return array();
231	}
232	if (!isset($params[$namespace]) \|\| !$this->verify_signature($fb_params, $params[$namespace])) {
233	return array();
234	}
235	return $fb_params;
236	}
237
238	function verify_signature($fb_params, $expected_sig) {
239	return $this->generate_sig($fb_params, $this->secret) == $expected_sig;
240	}
241
242	function expire_session() {
243	$this->api_client->auth_expireSession();
244	if (!$this->in_fb_canvas() && isset($_COOKIE[$this->api_key . '_user'])) {
245
246	$cookies = array('user', 'session_key', 'expires', 'ss');
247	foreach ($cookies as $name) {
248	setcookie($this->api_key . '_' . $name, false, time() - 3600,"/");
249	unset($_COOKIE[$this->api_key . '_' . $name]);
250	//echo "SET ".$this->api_key . '_' . $name;
251	}
252	setcookie($this->api_key, false, time() - 3600,"/");
253	unset($_COOKIE[$this->api_key]);
254	}
255	$this->user = 0;
256	$this->api_client->session_key = 0;
257	return true;
258	}
259	}
260	endif;
261	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: