ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
BaseFacebook Class Reference

Provides access to the Facebook Platform. More...

+ Inheritance diagram for BaseFacebook:
+ Collaboration diagram for BaseFacebook:

Public Member Functions

 __construct ($config)
 Initialize a Facebook Application. More...
 
 setAppId ($appId)
 Set the Application ID. More...
 
 getAppId ()
 Get the Application ID. More...
 
 setApiSecret ($apiSecret)
 Set the App Secret. More...
 
 setAppSecret ($appSecret)
 Set the App Secret. More...
 
 getApiSecret ()
 Get the App Secret. More...
 
 getAppSecret ()
 Get the App Secret. More...
 
 setFileUploadSupport ($fileUploadSupport)
 Set the file upload support status. More...
 
 getFileUploadSupport ()
 Get the file upload support status. More...
 
 useFileUploadSupport ()
 DEPRECATED! Please use getFileUploadSupport instead. More...
 
 setAccessToken ($access_token)
 Sets the access token for api calls. More...
 
 setExtendedAccessToken ()
 Extend an access token, while removing the short-lived token that might have been generated via client-side flow. More...
 
 getAccessToken ()
 Determines the access token that should be used for API calls. More...
 
 getSignedRequest ()
 Retrieve the signed request, either from a request parameter or, if not present, from a cookie. More...
 
 getUser ()
 Get the UID of the connected user, or 0 if the Facebook user is not connected. More...
 
 getLoginUrl ($params=array())
 Get a Login URL for use with redirects. More...
 
 getLogoutUrl ($params=array())
 Get a Logout URL suitable for use with redirects. More...
 
 getLoginStatusUrl ($params=array())
 Get a login status URL to fetch the status from Facebook. More...
 
 api ()
 Make an API call. More...
 
 destroySession ()
 Destroy the current session. More...
 

Data Fields

const VERSION = '3.2.2'
 Version. More...
 
const SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'
 Signed Request Algorithm. More...
 

Static Public Attributes

static $CURL_OPTS
 Default options for curl. More...
 
static $DOMAIN_MAP
 Maps aliases to Facebook domains. More...
 

Protected Member Functions

 getUserAccessToken ()
 Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. More...
 
 getUserFromAvailableData ()
 Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user. More...
 
 getSignedRequestCookieName ()
 Constructs and returns the name of the cookie that potentially houses the signed request for the app user. More...
 
 getMetadataCookieName ()
 Constructs and returns the name of the coookie that potentially contain metadata. More...
 
 getCode ()
 Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable. More...
 
 getUserFromAccessToken ()
 Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. More...
 
 getApplicationAccessToken ()
 Returns the access token that should be used for logged out users when no authorization code is available. More...
 
 establishCSRFTokenState ()
 Lays down a CSRF state token for this process. More...
 
 getAccessTokenFromCode ($code, $redirect_uri=null)
 Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). More...
 
 _restserver ($params)
 Invoke the old restserver.php endpoint. More...
 
 isVideoPost ($path, $method='GET')
 Return true if this is video post. More...
 
 _graph ($path, $method='GET', $params=array())
 Invoke the Graph API. More...
 
 _oauthRequest ($url, $params)
 Make a OAuth Request. More...
 
 makeRequest ($url, $params, $ch=null)
 Makes an HTTP request. More...
 
 parseSignedRequest ($signed_request)
 Parses a signed_request and validates the signature. More...
 
 makeSignedRequest ($data)
 Makes a signed_request blob using the given data. More...
 
 getApiUrl ($method)
 Build the URL for api given parameters. More...
 
 getUrl ($name, $path='', $params=array())
 Build the URL for given domain alias, path and parameters. More...
 
 getHttpHost ()
 
 getHttpProtocol ()
 
 getBaseDomain ()
 Get the base domain used for the cookie. More...
 
 getCurrentUrl ()
 Returns the Current URL, stripping it of known FB parameters that should not persist. More...
 
 shouldRetainParam ($param)
 Returns true if and only if the key or key/value pair should be retained as part of the query string. More...
 
 throwAPIException ($result)
 Analyzes the supplied result to see if it was thrown because the access token is no longer valid. More...
 
 getMetadataCookie ()
 Parses the metadata cookie that our Javascript API set. More...
 
 setPersistentData ($key, $value)
 Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class. More...
 
 getPersistentData ($key, $default=false)
 Get the data for $key, persisted by BaseFacebook::setPersistentData() More...
 
 clearPersistentData ($key)
 Clear the data with $key from the persistent storage. More...
 
 clearAllPersistentData ()
 Clear all data from the persistent storage. More...
 

Static Protected Member Functions

static errorLog ($msg)
 Prints to the error log if you aren't in command line mode. More...
 
static base64UrlDecode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static base64UrlEncode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static isAllowedDomain ($big, $small)
 
static endsWith ($big, $small)
 

Protected Attributes

 $appId
 
 $appSecret
 
 $user
 
 $signedRequest
 The data from the signed_request token. More...
 
 $state
 A CSRF state variable to assist in the defense against CSRF attacks. More...
 
 $accessToken = null
 
 $fileUploadSupport = false
 
 $trustForwarded = false
 

Static Protected Attributes

static $DROP_QUERY_PARAMS
 List of query parameters that get automatically dropped when rebuilding the current URL. More...
 

Detailed Description

Provides access to the Facebook Platform.

This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.

Author
Naitik Shah naiti.nosp@m.k@fa.nosp@m.ceboo.nosp@m.k.co.nosp@m.m

Definition at line 118 of file base_facebook.php.

Constructor & Destructor Documentation

◆ __construct()

BaseFacebook::__construct (   $config)

Initialize a Facebook Application.

The configuration:

  • appId: the application ID
  • secret: the application secret
  • fileUpload: (optional) boolean indicating if file uploads are enabled
Parameters
array$configThe application configuration

Definition at line 225 of file base_facebook.php.

225 {
226 $this->setAppId($config['appId']);
227 $this->setAppSecret($config['secret']);
228 if (isset($config['fileUpload'])) {
229 $this->setFileUploadSupport($config['fileUpload']);
230 }
231 if (isset($config['trustForwarded']) && $config['trustForwarded']) {
232 $this->trustForwarded = true;
233 }
234 $state = $this->getPersistentData('state');
235 if (!empty($state)) {
236 $this->state = $state;
237 }
238 }
setAppId($appId)
Set the Application ID.
$state
A CSRF state variable to assist in the defense against CSRF attacks.
setFileUploadSupport($fileUploadSupport)
Set the file upload support status.
setAppSecret($appSecret)
Set the App Secret.
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()

References $config, $state, getPersistentData(), setAppId(), setAppSecret(), and setFileUploadSupport().

+ Here is the call graph for this function:

Member Function Documentation

◆ _graph()

BaseFacebook::_graph (   $path,
  $method = 'GET',
  $params = array() 
)
protected

Invoke the Graph API.

Parameters
string$pathThe path (required)
string$methodThe http method (default 'GET')
array$paramsThe query/post data
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 859 of file base_facebook.php.

859 {
860 if (is_array($method) && empty($params)) {
861 $params = $method;
862 $method = 'GET';
863 }
864 $params['method'] = $method; // method override as we always do a POST
865
866 if ($this->isVideoPost($path, $method)) {
867 $domainKey = 'graph_video';
868 } else {
869 $domainKey = 'graph';
870 }
871
872 $result = json_decode($this->_oauthRequest(
873 $this->getUrl($domainKey, $path),
874 $params
875 ), true);
876
877 // results are returned, errors are thrown
878 if (is_array($result) && isset($result['error'])) {
880 // @codeCoverageIgnoreStart
881 }
882 // @codeCoverageIgnoreEnd
883
884 return $result;
885 }
$result
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid.
_oauthRequest($url, $params)
Make a OAuth Request.
isVideoPost($path, $method='GET')
Return true if this is video post.
$params
Definition: disable.php:11

References $params, $path, $result, _oauthRequest(), getUrl(), isVideoPost(), and throwAPIException().

+ Here is the call graph for this function:

◆ _oauthRequest()

BaseFacebook::_oauthRequest (   $url,
  $params 
)
protected

Make a OAuth Request.

Parameters
string$urlThe path (required)
array$paramsThe query/post data
Returns
string The decoded response object
Exceptions
FacebookApiException

Definition at line 896 of file base_facebook.php.

896 {
897 if (!isset($params['access_token'])) {
898 $params['access_token'] = $this->getAccessToken();
899 }
900
901 // json_encode all params values that are not strings
902 foreach ($params as $key => $value) {
903 if (!is_string($value)) {
904 $params[$key] = json_encode($value);
905 }
906 }
907
908 return $this->makeRequest($url, $params);
909 }
getAccessToken()
Determines the access token that should be used for API calls.
makeRequest($url, $params, $ch=null)
Makes an HTTP request.
$key
Definition: croninfo.php:18
$url

References $key, $params, $url, getAccessToken(), and makeRequest().

Referenced by _graph(), _restserver(), getAccessTokenFromCode(), and setExtendedAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _restserver()

BaseFacebook::_restserver (   $params)
protected

Invoke the old restserver.php endpoint.

Parameters
array$paramsMethod call object
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 808 of file base_facebook.php.

808 {
809 // generic application level parameters
810 $params['api_key'] = $this->getAppId();
811 $params['format'] = 'json-strings';
812
813 $result = json_decode($this->_oauthRequest(
814 $this->getApiUrl($params['method']),
815 $params
816 ), true);
817
818 // results are returned, errors are thrown
819 if (is_array($result) && isset($result['error_code'])) {
821 // @codeCoverageIgnoreStart
822 }
823 // @codeCoverageIgnoreEnd
824
825 $method = strtolower($params['method']);
826 if ($method === 'auth.expiresession' ||
827 $method === 'auth.revokeauthorization') {
828 $this->destroySession();
829 }
830
831 return $result;
832 }
getAppId()
Get the Application ID.
getApiUrl($method)
Build the URL for api given parameters.
destroySession()
Destroy the current session.

References $params, $result, _oauthRequest(), destroySession(), getApiUrl(), getAppId(), and throwAPIException().

Referenced by api().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ api()

BaseFacebook::api ( )

Make an API call.

Returns
mixed The decoded response

Definition at line 649 of file base_facebook.php.

649 {
650 $args = func_get_args();
651 if (is_array($args[0])) {
652 return $this->_restserver($args[0]);
653 } else {
654 return call_user_func_array(array($this, '_graph'), $args);
655 }
656 }
_restserver($params)
Invoke the old restserver.php endpoint.

References _restserver().

Referenced by getUserFromAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ base64UrlDecode()

static BaseFacebook::base64UrlDecode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of / No padded =
Parameters
string$inputbase64UrlEncoded string
Returns
string

Definition at line 1297 of file base_facebook.php.

1297 {
1298 return base64_decode(strtr($input, '-_', '+/'));
1299 }

Referenced by parseSignedRequest().

+ Here is the caller graph for this function:

◆ base64UrlEncode()

static BaseFacebook::base64UrlEncode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of /
Parameters
string$inputstring
Returns
string base64Url encoded string

Definition at line 1310 of file base_facebook.php.

1310 {
1311 $str = strtr(base64_encode($input), '+/', '-_');
1312 $str = str_replace('=', '', $str);
1313 return $str;
1314 }

Referenced by makeSignedRequest().

+ Here is the caller graph for this function:

◆ clearAllPersistentData()

BaseFacebook::clearAllPersistentData ( )
abstractprotected

Clear all data from the persistent storage.

Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by destroySession(), getUserAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ clearPersistentData()

BaseFacebook::clearPersistentData (   $key)
abstractprotected

Clear the data with $key from the persistent storage.

Parameters
string$key
Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by getCode().

+ Here is the caller graph for this function:

◆ destroySession()

BaseFacebook::destroySession ( )

Destroy the current session.

Definition at line 1319 of file base_facebook.php.

1319 {
1320 $this->accessToken = null;
1321 $this->signedRequest = null;
1322 $this->user = null;
1323 $this->clearAllPersistentData();
1324
1325 // Javascript sets a cookie that will be used in getSignedRequest that we
1326 // need to clear if we can
1327 $cookie_name = $this->getSignedRequestCookieName();
1328 if (array_key_exists($cookie_name, $_COOKIE)) {
1329 unset($_COOKIE[$cookie_name]);
1330 if (!headers_sent()) {
1331 $base_domain = $this->getBaseDomain();
1332 setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
1333 } else {
1334 // @codeCoverageIgnoreStart
1336 'There exists a cookie that we wanted to clear that we couldn\'t '.
1337 'clear because headers was already sent. Make sure to do the first '.
1338 'API call before outputing anything.'
1339 );
1340 // @codeCoverageIgnoreEnd
1341 }
1342 }
1343 }
user()
Definition: user.php:4
$_COOKIE['client_id']
Definition: server.php:9
clearAllPersistentData()
Clear all data from the persistent storage.
getBaseDomain()
Get the base domain used for the cookie.
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
static errorLog($msg)
Prints to the error log if you aren't in command line mode.

References $_COOKIE, clearAllPersistentData(), errorLog(), getBaseDomain(), getSignedRequestCookieName(), and user().

Referenced by _restserver(), setExtendedAccessToken(), and throwAPIException().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ endsWith()

static BaseFacebook::endsWith (   $big,
  $small 
)
staticprotected

Definition at line 1383 of file base_facebook.php.

1383 {
1384 $len = strlen($small);
1385 if ($len === 0) {
1386 return true;
1387 }
1388 return substr($big, -$len) === $small;
1389 }

Referenced by isAllowedDomain().

+ Here is the caller graph for this function:

◆ errorLog()

static BaseFacebook::errorLog (   $msg)
staticprotected

Prints to the error log if you aren't in command line mode.

Parameters
string$msgLog message

Definition at line 1278 of file base_facebook.php.

1278 {
1279 // disable error log if we are running in a CLI environment
1280 // @codeCoverageIgnoreStart
1281 if (php_sapi_name() != 'cli') {
1282 error_log($msg);
1283 }
1284 // @codeCoverageIgnoreEnd
1285 }

References Monolog\Handler\error_log().

Referenced by destroySession(), getCode(), makeRequest(), and parseSignedRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ establishCSRFTokenState()

BaseFacebook::establishCSRFTokenState ( )
protected

Lays down a CSRF state token for this process.

Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Definition at line 744 of file base_facebook.php.

744 {
745 if ($this->state === null) {
746 $this->state = md5(uniqid(mt_rand(), true));
747 $this->setPersistentData('state', $this->state);
748 }
749 }
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

References setPersistentData().

Referenced by getLoginUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAccessToken()

BaseFacebook::getAccessToken ( )

Determines the access token that should be used for API calls.

The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.

Returns
string The access token

Definition at line 398 of file base_facebook.php.

398 {
399 if ($this->accessToken !== null) {
400 // we've done this already and cached it. Just return.
401 return $this->accessToken;
402 }
403
404 // first establish access token to be the application
405 // access token, in case we navigate to the /oauth/access_token
406 // endpoint, where SOME access token is required
408 $user_access_token = $this->getUserAccessToken();
409 if ($user_access_token) {
410 $this->setAccessToken($user_access_token);
411 }
412
413 return $this->accessToken;
414 }
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
setAccessToken($access_token)
Sets the access token for api calls.
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present,...

References $accessToken, getApplicationAccessToken(), getUserAccessToken(), and setAccessToken().

Referenced by _oauthRequest(), getUserFromAvailableData(), and setExtendedAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAccessTokenFromCode()

BaseFacebook::getAccessTokenFromCode (   $code,
  $redirect_uri = null 
)
protected

Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user).

The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.

Parameters
string$codeAn authorization code.
Returns
mixed An access token exchanged for the authorization code, or false if an access token could not be generated.

Definition at line 763 of file base_facebook.php.

763 {
764 if (empty($code)) {
765 return false;
766 }
767
768 if ($redirect_uri === null) {
769 $redirect_uri = $this->getCurrentUrl();
770 }
771
772 try {
773 // need to circumvent json_decode by calling _oauthRequest
774 // directly, since response isn't JSON format
775 $access_token_response =
776 $this->_oauthRequest(
777 $this->getUrl('graph', '/oauth/access_token'),
778 $params = array('client_id' => $this->getAppId(),
779 'client_secret' => $this->getAppSecret(),
780 'redirect_uri' => $redirect_uri,
781 'code' => $code));
782 } catch (FacebookApiException $e) {
783 // most likely that user very recently revoked authorization.
784 // In any event, we don't have an access token, so say so.
785 return false;
786 }
787
788 if (empty($access_token_response)) {
789 return false;
790 }
791
792 $response_params = json_decode($access_token_response, true);
793 if (!isset($response_params['access_token'])) {
794 return false;
795 }
796
797 return $response_params['access_token'];
798 }
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
getAppSecret()
Get the App Secret.
Copyright 2011 Facebook, Inc.
$code
Definition: example_050.php:99

References $code, $params, _oauthRequest(), getAppId(), getAppSecret(), getCurrentUrl(), and getUrl().

Referenced by getUserAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getApiSecret()

BaseFacebook::getApiSecret ( )

Get the App Secret.

Returns
string the App Secret
Deprecated:

Definition at line 289 of file base_facebook.php.

289 {
290 return $this->getAppSecret();
291 }

References getAppSecret().

+ Here is the call graph for this function:

◆ getApiUrl()

BaseFacebook::getApiUrl (   $method)
protected

Build the URL for api given parameters.

Parameters
$methodString the method name.
Returns
string The URL for the given parameters

Definition at line 1046 of file base_facebook.php.

1046 {
1047 static $READ_ONLY_CALLS =
1048 array('admin.getallocation' => 1,
1049 'admin.getappproperties' => 1,
1050 'admin.getbannedusers' => 1,
1051 'admin.getlivestreamvialink' => 1,
1052 'admin.getmetrics' => 1,
1053 'admin.getrestrictioninfo' => 1,
1054 'application.getpublicinfo' => 1,
1055 'auth.getapppublickey' => 1,
1056 'auth.getsession' => 1,
1057 'auth.getsignedpublicsessiondata' => 1,
1058 'comments.get' => 1,
1059 'connect.getunconnectedfriendscount' => 1,
1060 'dashboard.getactivity' => 1,
1061 'dashboard.getcount' => 1,
1062 'dashboard.getglobalnews' => 1,
1063 'dashboard.getnews' => 1,
1064 'dashboard.multigetcount' => 1,
1065 'dashboard.multigetnews' => 1,
1066 'data.getcookies' => 1,
1067 'events.get' => 1,
1068 'events.getmembers' => 1,
1069 'fbml.getcustomtags' => 1,
1070 'feed.getappfriendstories' => 1,
1071 'feed.getregisteredtemplatebundlebyid' => 1,
1072 'feed.getregisteredtemplatebundles' => 1,
1073 'fql.multiquery' => 1,
1074 'fql.query' => 1,
1075 'friends.arefriends' => 1,
1076 'friends.get' => 1,
1077 'friends.getappusers' => 1,
1078 'friends.getlists' => 1,
1079 'friends.getmutualfriends' => 1,
1080 'gifts.get' => 1,
1081 'groups.get' => 1,
1082 'groups.getmembers' => 1,
1083 'intl.gettranslations' => 1,
1084 'links.get' => 1,
1085 'notes.get' => 1,
1086 'notifications.get' => 1,
1087 'pages.getinfo' => 1,
1088 'pages.isadmin' => 1,
1089 'pages.isappadded' => 1,
1090 'pages.isfan' => 1,
1091 'permissions.checkavailableapiaccess' => 1,
1092 'permissions.checkgrantedapiaccess' => 1,
1093 'photos.get' => 1,
1094 'photos.getalbums' => 1,
1095 'photos.gettags' => 1,
1096 'profile.getinfo' => 1,
1097 'profile.getinfooptions' => 1,
1098 'stream.get' => 1,
1099 'stream.getcomments' => 1,
1100 'stream.getfilters' => 1,
1101 'users.getinfo' => 1,
1102 'users.getloggedinuser' => 1,
1103 'users.getstandardinfo' => 1,
1104 'users.hasapppermission' => 1,
1105 'users.isappuser' => 1,
1106 'users.isverified' => 1,
1107 'video.getuploadlimits' => 1);
1108 $name = 'api';
1109 if (isset($READ_ONLY_CALLS[strtolower($method)])) {
1110 $name = 'api_read';
1111 } else if (strtolower($method) == 'video.upload') {
1112 $name = 'api_video';
1113 }
1114 return self::getUrl($name, 'restserver.php');
1115 }
if($format !==null) $name
Definition: metadata.php:146

References $name, and getUrl().

Referenced by _restserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAppId()

BaseFacebook::getAppId ( )

Get the Application ID.

Returns
string the Application ID

Definition at line 256 of file base_facebook.php.

256 {
257 return $this->appId;
258 }

References $appId.

Referenced by _restserver(), sspmod_authfacebook_Facebook\constructSessionVariableName(), getAccessTokenFromCode(), getLoginStatusUrl(), getLoginUrl(), sspmod_authfacebook_Facebook\getSharedSessionCookieName(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getApplicationAccessToken()

BaseFacebook::getApplicationAccessToken ( )
protected

Returns the access token that should be used for logged out users when no authorization code is available.

Returns
string The application access token, useful for gathering public information about users and applications.

Definition at line 735 of file base_facebook.php.

735 {
736 return $this->appId.'|'.$this->appSecret;
737 }

References $appSecret.

Referenced by getAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ getAppSecret()

BaseFacebook::getAppSecret ( )

Get the App Secret.

Returns
string the App Secret

Definition at line 298 of file base_facebook.php.

298 {
299 return $this->appSecret;
300 }

References $appSecret.

Referenced by getAccessTokenFromCode(), getApiSecret(), makeSignedRequest(), parseSignedRequest(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getBaseDomain()

BaseFacebook::getBaseDomain ( )
protected

Get the base domain used for the cookie.

Definition at line 1171 of file base_facebook.php.

1171 {
1172 // The base domain is stored in the metadata cookie if not we fallback
1173 // to the current hostname
1174 $metadata = $this->getMetadataCookie();
1175 if (array_key_exists('base_domain', $metadata) &&
1176 !empty($metadata['base_domain'])) {
1177 return trim($metadata['base_domain'], '.');
1178 }
1179 return $this->getHttpHost();
1180 }
$metadata['__DYNAMIC:1__']
getMetadataCookie()
Parses the metadata cookie that our Javascript API set.

References $metadata, getHttpHost(), and getMetadataCookie().

Referenced by sspmod_authfacebook_Facebook\deleteSharedSessionCookie(), destroySession(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCode()

BaseFacebook::getCode ( )
protected

Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.

Returns
mixed The authorization code, or false if the authorization code could not be determined.

Definition at line 690 of file base_facebook.php.

690 {
691 if (isset($_REQUEST['code'])) {
692 if ($this->state !== null &&
693 isset($_REQUEST['state']) &&
694 $this->state === $_REQUEST['state']) {
695
696 // CSRF state has done its job, so clear it
697 $this->state = null;
698 $this->clearPersistentData('state');
699 return $_REQUEST['code'];
700 } else {
701 self::errorLog('CSRF state token does not match one provided. ' . $this->state . '!=' . $_REQUEST['state']);
702 return false;
703 }
704 }
705
706 return false;
707 }
clearPersistentData($key)
Clear the data with $key from the persistent storage.

References clearPersistentData(), and errorLog().

Referenced by getUserAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCurrentUrl()

BaseFacebook::getCurrentUrl ( )
protected

Returns the Current URL, stripping it of known FB parameters that should not persist.

Returns
string The current URL

Definition at line 1188 of file base_facebook.php.

1188 {
1189 $protocol = $this->getHttpProtocol() . '://';
1190 $host = $this->getHttpHost();
1191 $currentUrl = $protocol.$host.$_SERVER['REQUEST_URI'];
1192 $parts = parse_url($currentUrl);
1193
1194 $query = '';
1195 if (!empty($parts['query'])) {
1196 // drop known fb params
1197 $params = explode('&', $parts['query']);
1198 $retained_params = array();
1199 foreach ($params as $param) {
1200 if ($this->shouldRetainParam($param)) {
1201 $retained_params[] = $param;
1202 }
1203 }
1204
1205 if (!empty($retained_params)) {
1206 $query = '?'.implode($retained_params, '&');
1207 }
1208 }
1209
1210 // use port if non default
1211 $port =
1212 isset($parts['port']) &&
1213 (($protocol === 'http://' && $parts['port'] !== 80) ||
1214 ($protocol === 'https://' && $parts['port'] !== 443))
1215 ? ':' . $parts['port'] : '';
1216
1217 // rebuild
1218 return $protocol . $parts['host'] . $port . $parts['path'] . $query;
1219 }
shouldRetainParam($param)
Returns true if and only if the key or key/value pair should be retained as part of the query string.
$query

References $params, GuzzleHttp\Psr7\$protocol, $query, getHttpHost(), getHttpProtocol(), and shouldRetainParam().

Referenced by getAccessTokenFromCode(), getLoginStatusUrl(), getLoginUrl(), and getLogoutUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getFileUploadSupport()

BaseFacebook::getFileUploadSupport ( )

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 318 of file base_facebook.php.

318 {
320 }

References $fileUploadSupport.

Referenced by makeRequest(), and useFileUploadSupport().

+ Here is the caller graph for this function:

◆ getHttpHost()

BaseFacebook::getHttpHost ( )
protected

Definition at line 1141 of file base_facebook.php.

1141 {
1142 if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
1143 return $_SERVER['HTTP_X_FORWARDED_HOST'];
1144 }
1145 return $_SERVER['HTTP_HOST'];
1146 }
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']

References $_SERVER.

Referenced by getBaseDomain(), getCurrentUrl(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the caller graph for this function:

◆ getHttpProtocol()

BaseFacebook::getHttpProtocol ( )
protected

Definition at line 1148 of file base_facebook.php.

1148 {
1149 if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
1150 if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
1151 return 'https';
1152 }
1153 return 'http';
1154 }
1155 /*apache + variants specific way of checking for https*/
1156 if (isset($_SERVER['HTTPS']) &&
1157 ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
1158 return 'https';
1159 }
1160 /*nginx way of checking for https*/
1161 if (isset($_SERVER['SERVER_PORT']) &&
1162 ($_SERVER['SERVER_PORT'] === '443')) {
1163 return 'https';
1164 }
1165 return 'http';
1166 }

References $_SERVER.

Referenced by getCurrentUrl().

+ Here is the caller graph for this function:

◆ getLoginStatusUrl()

BaseFacebook::getLoginStatusUrl (   $params = array())

Get a login status URL to fetch the status from Facebook.

The parameters:

  • ok_session: the URL to go to if a session is found
  • no_session: the URL to go to if the user is not connected
  • no_user: the URL to go to if the user is not signed into facebook
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 630 of file base_facebook.php.

630 {
631 return $this->getUrl(
632 'www',
633 'extern/login_status.php',
634 array_merge(array(
635 'api_key' => $this->getAppId(),
636 'no_session' => $this->getCurrentUrl(),
637 'no_user' => $this->getCurrentUrl(),
638 'ok_session' => $this->getCurrentUrl(),
639 'session_version' => 3,
640 ), $params)
641 );
642 }

References $params, getAppId(), getCurrentUrl(), and getUrl().

+ Here is the call graph for this function:

◆ getLoginUrl()

BaseFacebook::getLoginUrl (   $params = array())

Get a Login URL for use with redirects.

By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.

The parameters:

  • redirect_uri: the URL to go to after a successful login
  • scope: comma separated list of requested extended perms
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the login flow

Definition at line 579 of file base_facebook.php.

579 {
581 $currentUrl = $this->getCurrentUrl();
582
583 // if 'scope' is passed as an array, convert to comma separated list
584 $scopeParams = isset($params['scope']) ? $params['scope'] : null;
585 if ($scopeParams && is_array($scopeParams)) {
586 $params['scope'] = implode(',', $scopeParams);
587 }
588
589 return $this->getUrl(
590 'www',
591 'dialog/oauth',
592 array_merge(array(
593 'client_id' => $this->getAppId(),
594 'redirect_uri' => $currentUrl, // possibly overwritten
595 'state' => $this->state),
596 $params));
597 }
establishCSRFTokenState()
Lays down a CSRF state token for this process.

References $params, establishCSRFTokenState(), getAppId(), getCurrentUrl(), and getUrl().

+ Here is the call graph for this function:

◆ getLogoutUrl()

BaseFacebook::getLogoutUrl (   $params = array())

Get a Logout URL suitable for use with redirects.

The parameters:

  • next: the URL to go to after a successful logout
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 608 of file base_facebook.php.

608 {
609 return $this->getUrl(
610 'www',
611 'logout.php',
612 array_merge(array(
613 'next' => $this->getCurrentUrl(),
614 'access_token' => $this->getUserAccessToken(),
615 ), $params)
616 );
617 }

References $params, getCurrentUrl(), getUrl(), and getUserAccessToken().

+ Here is the call graph for this function:

◆ getMetadataCookie()

BaseFacebook::getMetadataCookie ( )
protected

Parses the metadata cookie that our Javascript API set.

Returns
an array mapping key to value

Definition at line 1350 of file base_facebook.php.

1350 {
1351 $cookie_name = $this->getMetadataCookieName();
1352 if (!array_key_exists($cookie_name, $_COOKIE)) {
1353 return array();
1354 }
1355
1356 // The cookie value can be wrapped in "-characters so remove them
1357 $cookie_value = trim($_COOKIE[$cookie_name], '"');
1358
1359 if (empty($cookie_value)) {
1360 return array();
1361 }
1362
1363 $parts = explode('&', $cookie_value);
1364 $metadata = array();
1365 foreach ($parts as $part) {
1366 $pair = explode('=', $part, 2);
1367 if (!empty($pair[0])) {
1368 $metadata[urldecode($pair[0])] =
1369 (count($pair) > 1) ? urldecode($pair[1]) : '';
1370 }
1371 }
1372
1373 return $metadata;
1374 }
getMetadataCookieName()
Constructs and returns the name of the coookie that potentially contain metadata.

References $_COOKIE, $metadata, and getMetadataCookieName().

Referenced by getBaseDomain().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataCookieName()

BaseFacebook::getMetadataCookieName ( )
protected

Constructs and returns the name of the coookie that potentially contain metadata.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house metadata.

Definition at line 678 of file base_facebook.php.

678 {
679 return 'fbm_'.$this->getAppId();
680 }

Referenced by getMetadataCookie().

+ Here is the caller graph for this function:

◆ getPersistentData()

BaseFacebook::getPersistentData (   $key,
  $default = false 
)
abstractprotected

Get the data for $key, persisted by BaseFacebook::setPersistentData()

Parameters
string$keyThe key of the data to retrieve
boolean$defaultThe default value to return if $key is not found
Returns
mixed

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by __construct(), getUserAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ getSignedRequest()

BaseFacebook::getSignedRequest ( )

Retrieve the signed request, either from a request parameter or, if not present, from a cookie.

Returns
string the signed request, if available, or null otherwise.

Definition at line 489 of file base_facebook.php.

489 {
490 if (!$this->signedRequest) {
491 if (!empty($_REQUEST['signed_request'])) {
492 $this->signedRequest = $this->parseSignedRequest(
493 $_REQUEST['signed_request']);
494 } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
495 $this->signedRequest = $this->parseSignedRequest(
497 }
498 }
500 }
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
$signedRequest
The data from the signed_request token.

References $_COOKIE, $signedRequest, getSignedRequestCookieName(), and parseSignedRequest().

Referenced by getUserAccessToken(), and getUserFromAvailableData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSignedRequestCookieName()

BaseFacebook::getSignedRequestCookieName ( )
protected

Constructs and returns the name of the cookie that potentially houses the signed request for the app user.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house the signed request value.

Definition at line 667 of file base_facebook.php.

667 {
668 return 'fbsr_'.$this->getAppId();
669 }

Referenced by destroySession(), and getSignedRequest().

+ Here is the caller graph for this function:

◆ getUrl()

BaseFacebook::getUrl (   $name,
  $path = '',
  $params = array() 
)
protected

Build the URL for given domain alias, path and parameters.

Parameters
$namestring The name of the domain
$pathstring Optional path (without a leading slash)
$paramsarray Optional query parameters
Returns
string The URL for the given parameters

Definition at line 1126 of file base_facebook.php.

1126 {
1127 $url = self::$DOMAIN_MAP[$name];
1128 if ($path) {
1129 if ($path[0] === '/') {
1130 $path = substr($path, 1);
1131 }
1132 $url .= $path;
1133 }
1134 if ($params) {
1135 $url .= '?' . http_build_query($params, null, '&');
1136 }
1137
1138 return $url;
1139 }

References $name, $params, $path, and $url.

Referenced by _graph(), getAccessTokenFromCode(), getApiUrl(), getLoginStatusUrl(), getLoginUrl(), getLogoutUrl(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getUser()

BaseFacebook::getUser ( )

Get the UID of the connected user, or 0 if the Facebook user is not connected.

Returns
string the UID if available.

Definition at line 508 of file base_facebook.php.

508 {
509 if ($this->user !== null) {
510 // we've already determined this and cached the value
511 return $this->user;
512 }
513
514 return $this->user = $this->getUserFromAvailableData();
515 }
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorizati...

References $user, getUserFromAvailableData(), and user().

+ Here is the call graph for this function:

◆ getUserAccessToken()

BaseFacebook::getUserAccessToken ( )
protected

Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.

The intent is to return a valid user access token, or false if one is determined to not be available.

Returns
string A valid user access token, or false if one could not be determined.

Definition at line 426 of file base_facebook.php.

426 {
427 // first, consider a signed request if it's supplied
428 // if there is a signed request, then it alone determines
429 // the access token
430 $signed_request = $this->getSignedRequest();
431 if ($signed_request) {
432 // apps.facebook.com hands the access_token in the signed_request
433 if (array_key_exists('oauth_token', $signed_request)) {
434 $access_token = $signed_request['oauth_token'];
435 $this->setPersistentData('access_token', $access_token);
436 return $access_token;
437 }
438
439 // the JS SDK puts a code in with the redirect_uri of ''
440 if (array_key_exists('code', $signed_request)) {
441 $code = $signed_request['code'];
442 if ($code && $code == $this->getPersistentData('code')) {
443 // short-circuit if the code we have is the same as the one presented
444 return $this->getPersistentData('access_token');
445 }
446
447 $access_token = $this->getAccessTokenFromCode($code, '');
448 if ($access_token) {
449 $this->setPersistentData('code', $code);
450 $this->setPersistentData('access_token', $access_token);
451 return $access_token;
452 }
453 }
454
455 // signed request states there's no access token, so anything
456 // stored should be cleared
457 $this->clearAllPersistentData();
458 return false; // respect the signed request's data, even
459 // if there's an authorization code or something else
460 }
461
462 $code = $this->getCode();
463 if ($code && $code != $this->getPersistentData('code')) {
464 $access_token = $this->getAccessTokenFromCode($code);
465 if ($access_token) {
466 $this->setPersistentData('code', $code);
467 $this->setPersistentData('access_token', $access_token);
468 return $access_token;
469 }
470
471 // code was bogus, so everything based on it should be invalidated
472 $this->clearAllPersistentData();
473 return false;
474 }
475
476 // as a fallback, just return whatever is in the persistent
477 // store, knowing nothing explicit (signed request, authorization
478 // code, etc.) was present to shadow it (or we saw a code in $_REQUEST,
479 // but it's the same as what's in the persistent store)
480 return $this->getPersistentData('access_token');
481 }
getAccessTokenFromCode($code, $redirect_uri=null)
Retrieves an access token for the given authorization code (previously generated from www....
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to sig...
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie.

References $code, clearAllPersistentData(), getAccessTokenFromCode(), getCode(), getPersistentData(), getSignedRequest(), and setPersistentData().

Referenced by getAccessToken(), and getLogoutUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserFromAccessToken()

BaseFacebook::getUserFromAccessToken ( )
protected

Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate.

It relies on Facebook's Graph API to retrieve user information and then extract the user ID.

Returns
integer Returns the UID of the Facebook user, or 0 if the Facebook user could not be determined.

Definition at line 719 of file base_facebook.php.

719 {
720 try {
721 $user_info = $this->api('/me');
722 return $user_info['id'];
723 } catch (FacebookApiException $e) {
724 return 0;
725 }
726 }
api()
Make an API call.

References api().

Referenced by getUserFromAvailableData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserFromAvailableData()

BaseFacebook::getUserFromAvailableData ( )
protected

Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.

Returns
integer The id of the connected Facebook user, or 0 if no such user exists.

Definition at line 525 of file base_facebook.php.

525 {
526 // if a signed request is supplied, then it solely determines
527 // who the user is
528 $signed_request = $this->getSignedRequest();
529 if ($signed_request) {
530 if (array_key_exists('user_id', $signed_request)) {
531 $user = $signed_request['user_id'];
532
533 if($user != $this->getPersistentData('user_id')){
534 $this->clearAllPersistentData();
535 }
536
537 $this->setPersistentData('user_id', $signed_request['user_id']);
538 return $user;
539 }
540
541 // if the signed request didn't present a user id, then invalidate
542 // all entries in any persistent store
543 $this->clearAllPersistentData();
544 return 0;
545 }
546
547 $user = $this->getPersistentData('user_id', $default = 0);
548 $persisted_access_token = $this->getPersistentData('access_token');
549
550 // use access_token to fetch user id if we have a user access_token, or if
551 // the cached access token has changed
552 $access_token = $this->getAccessToken();
553 if ($access_token &&
554 $access_token != $this->getApplicationAccessToken() &&
555 !($user && $persisted_access_token == $access_token)) {
556 $user = $this->getUserFromAccessToken();
557 if ($user) {
558 $this->setPersistentData('user_id', $user);
559 } else {
560 $this->clearAllPersistentData();
561 }
562 }
563
564 return $user;
565 }
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingl...

References $user, clearAllPersistentData(), getAccessToken(), getApplicationAccessToken(), getPersistentData(), getSignedRequest(), getUserFromAccessToken(), and setPersistentData().

Referenced by getUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAllowedDomain()

static BaseFacebook::isAllowedDomain (   $big,
  $small 
)
staticprotected

Definition at line 1376 of file base_facebook.php.

1376 {
1377 if ($big === $small) {
1378 return true;
1379 }
1380 return self::endsWith($big, '.'.$small);
1381 }
static endsWith($big, $small)

References endsWith().

+ Here is the call graph for this function:

◆ isVideoPost()

BaseFacebook::isVideoPost (   $path,
  $method = 'GET' 
)
protected

Return true if this is video post.

Parameters
string$pathThe path
string$methodThe http method (default 'GET')
Returns
boolean true if this is video post

Definition at line 842 of file base_facebook.php.

842 {
843 if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) {
844 return true;
845 }
846 return false;
847 }

References $path.

Referenced by _graph().

+ Here is the caller graph for this function:

◆ makeRequest()

BaseFacebook::makeRequest (   $url,
  $params,
  $ch = null 
)
protected

Makes an HTTP request.

This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.

Parameters
string$urlThe URL to make the request to
array$paramsThe parameters to use for the POST body
CurlHandler$chInitialized curl handle
Returns
string The response text

Definition at line 922 of file base_facebook.php.

922 {
923 if (!$ch) {
924 $ch = curl_init();
925 }
926
927 $opts = self::$CURL_OPTS;
928 if ($this->getFileUploadSupport()) {
929 $opts[CURLOPT_POSTFIELDS] = $params;
930 } else {
931 $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
932 }
933 $opts[CURLOPT_URL] = $url;
934
935 // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
936 // for 2 seconds if the server does not support this header
937 if (isset($opts[CURLOPT_HTTPHEADER])) {
938 $existing_headers = $opts[CURLOPT_HTTPHEADER];
939 $existing_headers[] = 'Expect:';
940 $opts[CURLOPT_HTTPHEADER] = $existing_headers;
941 } else {
942 $opts[CURLOPT_HTTPHEADER] = array('Expect:');
943 }
944
945 curl_setopt_array($ch, $opts);
946 $result = curl_exec($ch);
947
948 if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
949 self::errorLog('Invalid or no certificate authority found, '.
950 'using bundled information');
951 curl_setopt($ch, CURLOPT_CAINFO,
952 dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
953 $result = curl_exec($ch);
954 }
955
956 // With dual stacked DNS responses, it's possible for a server to
957 // have IPv6 enabled but not have IPv6 connectivity. If this is
958 // the case, curl will try IPv4 first and if that fails, then it will
959 // fall back to IPv6 and the error EHOSTUNREACH is returned by the
960 // operating system
961 if ($result === false && empty($opts[CURLOPT_IPRESOLVE])) {
962 $matches = array();
963 $regex = '/Failed to connect to ([^:].*): Network is unreachable/';
964 if (preg_match($regex, curl_error($ch), $matches)) {
965 if (strlen(@inet_pton($matches[1])) === 16) {
966 self::errorLog('Invalid IPv6 configuration on server, '.
967 'Please disable or get native IPv6 on your server.');
968 self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
969 curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
970 $result = curl_exec($ch);
971 }
972 }
973 }
974
975 if ($result === false) {
976 $e = new FacebookApiException(array(
977 'error_code' => curl_errno($ch),
978 'error' => array(
979 'message' => curl_error($ch),
980 'type' => 'CurlException',
981 ),
982 ));
983 curl_close($ch);
984 throw $e;
985 }
986 curl_close($ch);
987 return $result;
988 }
getFileUploadSupport()
Get the file upload support status.
static $CURL_OPTS
Default options for curl.

References $CURL_OPTS, $params, $result, $url, errorLog(), and getFileUploadSupport().

Referenced by _oauthRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ makeSignedRequest()

BaseFacebook::makeSignedRequest (   $data)
protected

Makes a signed_request blob using the given data.

Parameters
arrayThe data array.
Returns
string The signed request.

Definition at line 1026 of file base_facebook.php.

1026 {
1027 if (!is_array($data)) {
1028 throw new InvalidArgumentException(
1029 'makeSignedRequest expects an array. Got: ' . print_r($data, true));
1030 }
1032 $data['issued_at'] = time();
1033 $json = json_encode($data);
1034 $b64 = self::base64UrlEncode($json);
1035 $raw_sig = hash_hmac('sha256', $b64, $this->getAppSecret(), $raw = true);
1036 $sig = self::base64UrlEncode($raw_sig);
1037 return $sig.'.'.$b64;
1038 }
const SIGNED_REQUEST_ALGORITHM
Signed Request Algorithm.
static base64UrlEncode($input)
Base64 encoding that doesn't need to be urlencode()ed.

References $data, base64UrlEncode(), getAppSecret(), and SIGNED_REQUEST_ALGORITHM.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseSignedRequest()

BaseFacebook::parseSignedRequest (   $signed_request)
protected

Parses a signed_request and validates the signature.

Parameters
string$signed_requestA signed token
Returns
array The payload inside it or null if the sig is wrong

Definition at line 996 of file base_facebook.php.

996 {
997 list($encoded_sig, $payload) = explode('.', $signed_request, 2);
998
999 // decode the data
1000 $sig = self::base64UrlDecode($encoded_sig);
1001 $data = json_decode(self::base64UrlDecode($payload), true);
1002
1003 if (strtoupper($data['algorithm']) !== self::SIGNED_REQUEST_ALGORITHM) {
1005 'Unknown algorithm. Expected ' . self::SIGNED_REQUEST_ALGORITHM);
1006 return null;
1007 }
1008
1009 // check sig
1010 $expected_sig = hash_hmac('sha256', $payload,
1011 $this->getAppSecret(), $raw = true);
1012 if ($sig !== $expected_sig) {
1013 self::errorLog('Bad Signed JSON signature!');
1014 return null;
1015 }
1016
1017 return $data;
1018 }
static base64UrlDecode($input)
Base64 encoding that doesn't need to be urlencode()ed.

References $data, base64UrlDecode(), errorLog(), and getAppSecret().

Referenced by getSignedRequest(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAccessToken()

BaseFacebook::setAccessToken (   $access_token)

Sets the access token for api calls.

Use this if you get your access token by other means and just want the SDK to use it.

Parameters
string$access_tokenan access token.
Returns
BaseFacebook

Definition at line 341 of file base_facebook.php.

341 {
342 $this->accessToken = $access_token;
343 return $this;
344 }

Referenced by getAccessToken().

+ Here is the caller graph for this function:

◆ setApiSecret()

BaseFacebook::setApiSecret (   $apiSecret)

Set the App Secret.

Parameters
string$apiSecretThe App Secret
Returns
BaseFacebook
Deprecated:

Definition at line 267 of file base_facebook.php.

267 {
268 $this->setAppSecret($apiSecret);
269 return $this;
270 }

References setAppSecret().

+ Here is the call graph for this function:

◆ setAppId()

BaseFacebook::setAppId (   $appId)

Set the Application ID.

Parameters
string$appIdThe Application ID
Returns
BaseFacebook

Definition at line 246 of file base_facebook.php.

246 {
247 $this->appId = $appId;
248 return $this;
249 }

References $appId.

Referenced by __construct().

+ Here is the caller graph for this function:

◆ setAppSecret()

BaseFacebook::setAppSecret (   $appSecret)

Set the App Secret.

Parameters
string$appSecretThe App Secret
Returns
BaseFacebook

Definition at line 278 of file base_facebook.php.

278 {
279 $this->appSecret = $appSecret;
280 return $this;
281 }

References $appSecret.

Referenced by __construct(), and setApiSecret().

+ Here is the caller graph for this function:

◆ setExtendedAccessToken()

BaseFacebook::setExtendedAccessToken ( )

Extend an access token, while removing the short-lived token that might have been generated via client-side flow.

Thanks to http://bit.ly/b0Pt0H for the workaround.

Definition at line 351 of file base_facebook.php.

351 {
352 try {
353 // need to circumvent json_decode by calling _oauthRequest
354 // directly, since response isn't JSON format
355 $access_token_response = $this->_oauthRequest(
356 $this->getUrl('graph', '/oauth/access_token'),
357 $params = array(
358 'client_id' => $this->getAppId(),
359 'client_secret' => $this->getAppSecret(),
360 'grant_type' => 'fb_exchange_token',
361 'fb_exchange_token' => $this->getAccessToken(),
362 )
363 );
364 }
365 catch (FacebookApiException $e) {
366 // most likely that user very recently revoked authorization
367 // In any event, we don't have an access token, so say so
368 return false;
369 }
370
371 if (empty($access_token_response)) {
372 return false;
373 }
374
375 $response_params = array();
376 parse_str($access_token_response, $response_params);
377
378 if (!isset($response_params['access_token'])) {
379 return false;
380 }
381
382 $this->destroySession();
383
384 $this->setPersistentData(
385 'access_token', $response_params['access_token']
386 );
387 }

References $params, _oauthRequest(), destroySession(), getAccessToken(), getAppId(), getAppSecret(), getUrl(), and setPersistentData().

+ Here is the call graph for this function:

◆ setFileUploadSupport()

BaseFacebook::setFileUploadSupport (   $fileUploadSupport)

Set the file upload support status.

Parameters
boolean$fileUploadSupportThe file upload support status.
Returns
BaseFacebook

Definition at line 308 of file base_facebook.php.

308 {
309 $this->fileUploadSupport = $fileUploadSupport;
310 return $this;
311 }

References $fileUploadSupport.

Referenced by __construct().

+ Here is the caller graph for this function:

◆ setPersistentData()

BaseFacebook::setPersistentData (   $key,
  $value 
)
abstractprotected

Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class.

The Facebook class uses PHP sessions to provide a primitive persistent store, but another subclass–one that you implement– might use a database, memcache, or an in-memory cache.

See also
Facebook Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
Parameters
string$key
array$value
Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by establishCSRFTokenState(), getUserAccessToken(), getUserFromAvailableData(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ shouldRetainParam()

BaseFacebook::shouldRetainParam (   $param)
protected

Returns true if and only if the key or key/value pair should be retained as part of the query string.

This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.

Parameters
string$paramA key or key/value pair within a URL's query (e.g. 'foo=a', 'foo=', or 'foo'.
Returns
boolean

Definition at line 1232 of file base_facebook.php.

1232 {
1233 foreach (self::$DROP_QUERY_PARAMS as $drop_query_param) {
1234 if (strpos($param, $drop_query_param.'=') === 0) {
1235 return false;
1236 }
1237 }
1238
1239 return true;
1240 }

Referenced by getCurrentUrl().

+ Here is the caller graph for this function:

◆ throwAPIException()

BaseFacebook::throwAPIException (   $result)
protected

Analyzes the supplied result to see if it was thrown because the access token is no longer valid.

If that is the case, then we destroy the session.

Parameters
$resultarray A record storing the error message returned by a failed API call.

Definition at line 1250 of file base_facebook.php.

1250 {
1251 $e = new FacebookApiException($result);
1252 switch ($e->getType()) {
1253 // OAuth 2.0 Draft 00 style
1254 case 'OAuthException':
1255 // OAuth 2.0 Draft 10 style
1256 case 'invalid_token':
1257 // REST server errors are just Exceptions
1258 case 'Exception':
1259 $message = $e->getMessage();
1260 if ((strpos($message, 'Error validating access token') !== false) ||
1261 (strpos($message, 'Invalid OAuth access token') !== false) ||
1262 (strpos($message, 'An active access token must be used') !== false)
1263 ) {
1264 $this->destroySession();
1265 }
1266 break;
1267 }
1268
1269 throw $e;
1270 }
catch(Exception $e) $message

References $message, $result, and destroySession().

Referenced by _graph(), and _restserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ useFileUploadSupport()

BaseFacebook::useFileUploadSupport ( )

DEPRECATED! Please use getFileUploadSupport instead.

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 329 of file base_facebook.php.

329 {
330 return $this->getFileUploadSupport();
331 }

References getFileUploadSupport().

+ Here is the call graph for this function:

Field Documentation

◆ $accessToken

BaseFacebook::$accessToken = null
protected

Definition at line 199 of file base_facebook.php.

Referenced by getAccessToken().

◆ $appId

BaseFacebook::$appId
protected

Definition at line 167 of file base_facebook.php.

Referenced by getAppId(), and setAppId().

◆ $appSecret

BaseFacebook::$appSecret
protected

Definition at line 174 of file base_facebook.php.

Referenced by getApplicationAccessToken(), getAppSecret(), and setAppSecret().

◆ $CURL_OPTS

BaseFacebook::$CURL_OPTS
static
Initial value:
= array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
)

Default options for curl.

Definition at line 133 of file base_facebook.php.

Referenced by makeRequest().

◆ $DOMAIN_MAP

BaseFacebook::$DOMAIN_MAP
static
Initial value:
= array(
'api' => 'https://api.facebook.com/',
'api_video' => 'https://api-video.facebook.com/',
'api_read' => 'https://api-read.facebook.com/',
'graph' => 'https://graph.facebook.com/',
'graph_video' => 'https://graph-video.facebook.com/',
'www' => 'https://www.facebook.com/',
)

Maps aliases to Facebook domains.

Definition at line 153 of file base_facebook.php.

◆ $DROP_QUERY_PARAMS

BaseFacebook::$DROP_QUERY_PARAMS
staticprotected
Initial value:
= array(
'code',
'state',
'signed_request',
)

List of query parameters that get automatically dropped when rebuilding the current URL.

Definition at line 144 of file base_facebook.php.

◆ $fileUploadSupport

BaseFacebook::$fileUploadSupport = false
protected

Definition at line 206 of file base_facebook.php.

Referenced by getFileUploadSupport(), and setFileUploadSupport().

◆ $signedRequest

BaseFacebook::$signedRequest
protected

The data from the signed_request token.

Definition at line 186 of file base_facebook.php.

Referenced by getSignedRequest().

◆ $state

BaseFacebook::$state
protected

A CSRF state variable to assist in the defense against CSRF attacks.

Definition at line 191 of file base_facebook.php.

Referenced by __construct().

◆ $trustForwarded

BaseFacebook::$trustForwarded = false
protected

Definition at line 213 of file base_facebook.php.

◆ $user

BaseFacebook::$user
protected

Definition at line 181 of file base_facebook.php.

Referenced by getUser(), and getUserFromAvailableData().

◆ SIGNED_REQUEST_ALGORITHM

const BaseFacebook::SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'

Signed Request Algorithm.

Definition at line 128 of file base_facebook.php.

Referenced by makeSignedRequest().

◆ VERSION

const BaseFacebook::VERSION = '3.2.2'

Version.

Definition at line 123 of file base_facebook.php.


The documentation for this class was generated from the following file: