| 1 | <?php
|
|---|
| 2 | // Copyright 2004-2008 Facebook. All Rights Reserved.
|
|---|
| 3 | //
|
|---|
| 4 | // +---------------------------------------------------------------------------+
|
|---|
| 5 | // | Facebook Platform PHP5 client |
|
|---|
| 6 | // +---------------------------------------------------------------------------+
|
|---|
| 7 | // | Copyright (c) 2007 Facebook, Inc. |
|
|---|
| 8 | // | All rights reserved. |
|
|---|
| 9 | // | |
|
|---|
| 10 | // | Redistribution and use in source and binary forms, with or without |
|
|---|
| 11 | // | modification, are permitted provided that the following conditions |
|
|---|
| 12 | // | are met: |
|
|---|
| 13 | // | |
|
|---|
| 14 | // | 1. Redistributions of source code must retain the above copyright |
|
|---|
| 15 | // | notice, this list of conditions and the following disclaimer. |
|
|---|
| 16 | // | 2. Redistributions in binary form must reproduce the above copyright |
|
|---|
| 17 | // | notice, this list of conditions and the following disclaimer in the |
|
|---|
| 18 | // | documentation and/or other materials provided with the distribution. |
|
|---|
| 19 | // | |
|
|---|
| 20 | // | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
|---|
| 21 | // | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
|---|
| 22 | // | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
|---|
| 23 | // | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
|---|
| 24 | // | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
|---|
| 25 | // | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
|---|
| 26 | // | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
|---|
| 27 | // | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
|---|
| 28 | // | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
|---|
| 29 | // | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|---|
| 30 | // +---------------------------------------------------------------------------+
|
|---|
| 31 | // | For help with this library, contact developers-help@facebook.com |
|
|---|
| 32 | // +---------------------------------------------------------------------------+
|
|---|
| 33 | //
|
|---|
| 34 |
|
|---|
| 35 | /**
|
|---|
| 36 | * This class extends and modifies the "Facebook" class to better
|
|---|
| 37 | * suit desktop apps.
|
|---|
| 38 | */
|
|---|
| 39 | class FacebookDesktop extends Facebook {
|
|---|
| 40 | // the application secret, which differs from the session secret
|
|---|
| 41 | public $app_secret;
|
|---|
| 42 | public $verify_sig;
|
|---|
| 43 |
|
|---|
| 44 | public function __construct($api_key, $secret) {
|
|---|
| 45 | $this->app_secret = $secret;
|
|---|
| 46 | $this->verify_sig = false;
|
|---|
| 47 | parent::__construct($api_key, $secret);
|
|---|
| 48 | }
|
|---|
| 49 |
|
|---|
| 50 | public function do_get_session($auth_token) {
|
|---|
| 51 | $this->api_client->secret = $this->app_secret;
|
|---|
| 52 | $this->api_client->session_key = null;
|
|---|
| 53 | $session_info = parent::do_get_session($auth_token);
|
|---|
| 54 | if (!empty($session_info['secret'])) {
|
|---|
| 55 | // store the session secret
|
|---|
| 56 | $this->set_session_secret($session_info['secret']);
|
|---|
| 57 | }
|
|---|
| 58 | return $session_info;
|
|---|
| 59 | }
|
|---|
| 60 |
|
|---|
| 61 | public function set_session_secret($session_secret) {
|
|---|
| 62 | $this->secret = $session_secret;
|
|---|
| 63 | $this->api_client->secret = $session_secret;
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | public function require_login() {
|
|---|
| 67 | if ($this->get_loggedin_user()) {
|
|---|
| 68 | try {
|
|---|
| 69 | // try a session-based API call to ensure that we have the correct
|
|---|
| 70 | // session secret
|
|---|
| 71 | $user = $this->api_client->users_getLoggedInUser();
|
|---|
| 72 |
|
|---|
| 73 | // now that we have a valid session secret, verify the signature
|
|---|
| 74 | $this->verify_sig = true;
|
|---|
| 75 | if ($this->validate_fb_params(false)) {
|
|---|
| 76 | return $user;
|
|---|
| 77 | } else {
|
|---|
| 78 | // validation failed
|
|---|
| 79 | return null;
|
|---|
| 80 | }
|
|---|
| 81 | } catch (FacebookRestClientException $ex) {
|
|---|
| 82 | if (isset($_GET['auth_token'])) {
|
|---|
| 83 | // if we have an auth_token, use it to establish a session
|
|---|
| 84 | $session_info = $this->do_get_session($_GET['auth_token']);
|
|---|
| 85 | if ($session_info) {
|
|---|
| 86 | return $session_info['uid'];
|
|---|
| 87 | }
|
|---|
| 88 | }
|
|---|
| 89 | }
|
|---|
| 90 | }
|
|---|
| 91 | // if we get here, we need to redirect the user to log in
|
|---|
| 92 | $this->redirect($this->get_login_url(self::current_url(), $this->in_fb_canvas()));
|
|---|
| 93 | }
|
|---|
| 94 |
|
|---|
| 95 | public function verify_signature($fb_params, $expected_sig) {
|
|---|
| 96 | // we don't want to verify the signature until we have a valid
|
|---|
| 97 | // session secret
|
|---|
| 98 | if ($this->verify_sig) {
|
|---|
| 99 | return parent::verify_signature($fb_params, $expected_sig);
|
|---|
| 100 | } else {
|
|---|
| 101 | return true;
|
|---|
| 102 | }
|
|---|
| 103 | }
|
|---|
| 104 | }
|
|---|
