| 1 |
<?php |
| 2 |
// Copyright 2004-2008 Facebook. All Rights Reserved. |
| 3 |
// |
| 4 |
// +---------------------------------------------------------------------------+ |
| 5 |
// | Facebook Platform PHP5 client | |
| 6 |
// +---------------------------------------------------------------------------+ |
| 7 |
// | Copyright (c) 2007 Facebook, Inc. | |
| 8 |
// | All rights reserved. | |
| 9 |
// | | |
| 10 |
// | Redistribution and use in source and binary forms, with or without | |
| 11 |
// | modification, are permitted provided that the following conditions | |
| 12 |
// | are met: | |
| 13 |
// | | |
| 14 |
// | 1. Redistributions of source code must retain the above copyright | |
| 15 |
// | notice, this list of conditions and the following disclaimer. | |
| 16 |
// | 2. Redistributions in binary form must reproduce the above copyright | |
| 17 |
// | notice, this list of conditions and the following disclaimer in the | |
| 18 |
// | documentation and/or other materials provided with the distribution. | |
| 19 |
// | | |
| 20 |
// | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
| 21 |
// | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
| 22 |
// | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 23 |
// | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
| 24 |
// | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
| 25 |
// | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 26 |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
| 27 |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 28 |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
| 29 |
// | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 30 |
// +---------------------------------------------------------------------------+ |
| 31 |
// | For help with this library, contact developers-help@facebook.com | |
| 32 |
// +---------------------------------------------------------------------------+ |
| 33 |
// |
| 34 |
|
| 35 |
include_once 'facebook.php'; |
| 36 |
|
| 37 |
/** |
| 38 |
* This class extends and modifies the "Facebook" class to better |
| 39 |
* suit desktop apps. |
| 40 |
*/ |
| 41 |
class FacebookDesktop extends Facebook { |
| 42 |
// the application secret, which differs from the session secret |
| 43 |
public $app_secret; |
| 44 |
public $verify_sig; |
| 45 |
|
| 46 |
public function __construct($api_key, $secret) { |
| 47 |
$this->app_secret = $secret; |
| 48 |
$this->verify_sig = false; |
| 49 |
parent::__construct($api_key, $secret); |
| 50 |
} |
| 51 |
|
| 52 |
public function do_get_session($auth_token) { |
| 53 |
$this->api_client->secret = $this->app_secret; |
| 54 |
$this->api_client->session_key = null; |
| 55 |
$session_info = parent::do_get_session($auth_token); |
| 56 |
if (!empty($session_info['secret'])) { |
| 57 |
// store the session secret |
| 58 |
$this->set_session_secret($session_info['secret']); |
| 59 |
} |
| 60 |
return $session_info; |
| 61 |
} |
| 62 |
|
| 63 |
public function set_session_secret($session_secret) { |
| 64 |
$this->secret = $session_secret; |
| 65 |
$this->api_client->secret = $session_secret; |
| 66 |
} |
| 67 |
|
| 68 |
public function require_login() { |
| 69 |
if ($this->get_loggedin_user()) { |
| 70 |
try { |
| 71 |
// try a session-based API call to ensure that we have the correct |
| 72 |
// session secret |
| 73 |
$user = $this->api_client->users_getLoggedInUser(); |
| 74 |
|
| 75 |
// now that we have a valid session secret, verify the signature |
| 76 |
$this->verify_sig = true; |
| 77 |
if ($this->validate_fb_params(false)) { |
| 78 |
return $user; |
| 79 |
} else { |
| 80 |
// validation failed |
| 81 |
return null; |
| 82 |
} |
| 83 |
} catch (FacebookRestClientException $ex) { |
| 84 |
if (isset($_GET['auth_token'])) { |
| 85 |
// if we have an auth_token, use it to establish a session |
| 86 |
$session_info = $this->do_get_session($_GET['auth_token']); |
| 87 |
if ($session_info) { |
| 88 |
return $session_info['uid']; |
| 89 |
} |
| 90 |
} |
| 91 |
} |
| 92 |
} |
| 93 |
// if we get here, we need to redirect the user to log in |
| 94 |
$this->redirect($this->get_login_url(self::current_url(), $this->in_fb_canvas())); |
| 95 |
} |
| 96 |
|
| 97 |
public function verify_signature($fb_params, $expected_sig) { |
| 98 |
// we don't want to verify the signature until we have a valid |
| 99 |
// session secret |
| 100 |
if ($this->verify_sig) { |
| 101 |
return parent::verify_signature($fb_params, $expected_sig); |
| 102 |
} else { |
| 103 |
return true; |
| 104 |
} |
| 105 |
} |
| 106 |
} |
