ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Data Fields | Static Public Attributes | Protected Member Functions | Static Protected Member Functions | Protected Attributes | Static Protected Attributes
BaseFacebook Class Reference

Provides access to the Facebook Platform. More...

+ Inheritance diagram for BaseFacebook:
+ Collaboration diagram for BaseFacebook:

Public Member Functions

 __construct ($config)
 Initialize a Facebook Application. More...
 
 setAppId ($appId)
 Set the Application ID. More...
 
 getAppId ()
 Get the Application ID. More...
 
 setApiSecret ($apiSecret)
 Set the App Secret. More...
 
 setAppSecret ($appSecret)
 Set the App Secret. More...
 
 getApiSecret ()
 Get the App Secret. More...
 
 getAppSecret ()
 Get the App Secret. More...
 
 setFileUploadSupport ($fileUploadSupport)
 Set the file upload support status. More...
 
 getFileUploadSupport ()
 Get the file upload support status. More...
 
 useFileUploadSupport ()
 DEPRECATED! Please use getFileUploadSupport instead. More...
 
 setAccessToken ($access_token)
 Sets the access token for api calls. More...
 
 setExtendedAccessToken ()
 Extend an access token, while removing the short-lived token that might have been generated via client-side flow. More...
 
 getAccessToken ()
 Determines the access token that should be used for API calls. More...
 
 getSignedRequest ()
 Retrieve the signed request, either from a request parameter or, if not present, from a cookie. More...
 
 getUser ()
 Get the UID of the connected user, or 0 if the Facebook user is not connected. More...
 
 getLoginUrl ($params=array())
 Get a Login URL for use with redirects. More...
 
 getLogoutUrl ($params=array())
 Get a Logout URL suitable for use with redirects. More...
 
 getLoginStatusUrl ($params=array())
 Get a login status URL to fetch the status from Facebook. More...
 
 api ()
 Make an API call. More...
 
 destroySession ()
 Destroy the current session. More...
 

Data Fields

const VERSION = '3.2.2'
 Version. More...
 
const SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'
 Signed Request Algorithm. More...
 

Static Public Attributes

static $CURL_OPTS
 Default options for curl. More...
 
static $DOMAIN_MAP
 Maps aliases to Facebook domains. More...
 

Protected Member Functions

 getUserAccessToken ()
 Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. More...
 
 getUserFromAvailableData ()
 Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user. More...
 
 getSignedRequestCookieName ()
 Constructs and returns the name of the cookie that potentially houses the signed request for the app user. More...
 
 getMetadataCookieName ()
 Constructs and returns the name of the coookie that potentially contain metadata. More...
 
 getCode ()
 Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable. More...
 
 getUserFromAccessToken ()
 Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. More...
 
 getApplicationAccessToken ()
 Returns the access token that should be used for logged out users when no authorization code is available. More...
 
 establishCSRFTokenState ()
 Lays down a CSRF state token for this process. More...
 
 getAccessTokenFromCode ($code, $redirect_uri=null)
 Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). More...
 
 _restserver ($params)
 Invoke the old restserver.php endpoint. More...
 
 isVideoPost ($path, $method='GET')
 Return true if this is video post. More...
 
 _graph ($path, $method='GET', $params=array())
 Invoke the Graph API. More...
 
 _oauthRequest ($url, $params)
 Make a OAuth Request. More...
 
 makeRequest ($url, $params, $ch=null)
 Makes an HTTP request. More...
 
 parseSignedRequest ($signed_request)
 Parses a signed_request and validates the signature. More...
 
 makeSignedRequest ($data)
 Makes a signed_request blob using the given data. More...
 
 getApiUrl ($method)
 Build the URL for api given parameters. More...
 
 getUrl ($name, $path='', $params=array())
 Build the URL for given domain alias, path and parameters. More...
 
 getHttpHost ()
 
 getHttpProtocol ()
 
 getBaseDomain ()
 Get the base domain used for the cookie. More...
 
 getCurrentUrl ()
 Returns the Current URL, stripping it of known FB parameters that should not persist. More...
 
 shouldRetainParam ($param)
 Returns true if and only if the key or key/value pair should be retained as part of the query string. More...
 
 throwAPIException ($result)
 Analyzes the supplied result to see if it was thrown because the access token is no longer valid. More...
 
 getMetadataCookie ()
 Parses the metadata cookie that our Javascript API set. More...
 
 setPersistentData ($key, $value)
 Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class. More...
 
 getPersistentData ($key, $default=false)
 Get the data for $key, persisted by BaseFacebook::setPersistentData() More...
 
 clearPersistentData ($key)
 Clear the data with $key from the persistent storage. More...
 
 clearAllPersistentData ()
 Clear all data from the persistent storage. More...
 

Static Protected Member Functions

static errorLog ($msg)
 Prints to the error log if you aren't in command line mode. More...
 
static base64UrlDecode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static base64UrlEncode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static isAllowedDomain ($big, $small)
 
static endsWith ($big, $small)
 

Protected Attributes

 $appId
 
 $appSecret
 
 $user
 
 $signedRequest
 The data from the signed_request token. More...
 
 $state
 A CSRF state variable to assist in the defense against CSRF attacks. More...
 
 $accessToken = null
 
 $fileUploadSupport = false
 
 $trustForwarded = false
 

Static Protected Attributes

static $DROP_QUERY_PARAMS
 List of query parameters that get automatically dropped when rebuilding the current URL. More...
 

Detailed Description

Provides access to the Facebook Platform.

This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.

Author
Naitik Shah naiti.nosp@m.k@fa.nosp@m.ceboo.nosp@m.k.co.nosp@m.m

Definition at line 118 of file base_facebook.php.

Constructor & Destructor Documentation

◆ __construct()

BaseFacebook::__construct (   $config)

Initialize a Facebook Application.

The configuration:

  • appId: the application ID
  • secret: the application secret
  • fileUpload: (optional) boolean indicating if file uploads are enabled
Parameters
array$configThe application configuration

Definition at line 225 of file base_facebook.php.

References $config, and $state.

225  {
226  $this->setAppId($config['appId']);
227  $this->setAppSecret($config['secret']);
228  if (isset($config['fileUpload'])) {
229  $this->setFileUploadSupport($config['fileUpload']);
230  }
231  if (isset($config['trustForwarded']) && $config['trustForwarded']) {
232  $this->trustForwarded = true;
233  }
234  $state = $this->getPersistentData('state');
235  if (!empty($state)) {
236  $this->state = $state;
237  }
238  }
BaseFacebook\setAppId
setAppId($appId)
Set the Application ID.
Definition: base_facebook.php:246
BaseFacebook\setAppSecret
setAppSecret($appSecret)
Set the App Secret.
Definition: base_facebook.php:278
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
BaseFacebook\$state
$state
A CSRF state variable to assist in the defense against CSRF attacks.
Definition: base_facebook.php:191
BaseFacebook\setFileUploadSupport
setFileUploadSupport($fileUploadSupport)
Set the file upload support status.
Definition: base_facebook.php:308

Member Function Documentation

◆ _graph()

BaseFacebook::_graph (   $path,
  $method = 'GET',
  $params = array() 
)
protected

Invoke the Graph API.

Parameters
string$pathThe path (required)
string$methodThe http method (default 'GET')
array$paramsThe query/post data
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 859 of file base_facebook.php.

References $params, $path, and FacebookApiException\$result.

859  {
860  if (is_array($method) && empty($params)) {
861  $params = $method;
862  $method = 'GET';
863  }
864  $params['method'] = $method; // method override as we always do a POST
865 
866  if ($this->isVideoPost($path, $method)) {
867  $domainKey = 'graph_video';
868  } else {
869  $domainKey = 'graph';
870  }
871 
872  $result = json_decode($this->_oauthRequest(
873  $this->getUrl($domainKey, $path),
874  $params
875  ), true);
876 
877  // results are returned, errors are thrown
878  if (is_array($result) && isset($result['error'])) {
879  $this->throwAPIException($result);
880  // @codeCoverageIgnoreStart
881  }
882  // @codeCoverageIgnoreEnd
883 
884  return $result;
885  }
$params
$params
Definition: disable.php:11
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\throwAPIException
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid...
Definition: base_facebook.php:1250
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:896
BaseFacebook\isVideoPost
isVideoPost($path, $method='GET')
Return true if this is video post.
Definition: base_facebook.php:842

◆ _oauthRequest()

BaseFacebook::_oauthRequest (   $url,
  $params 
)
protected

Make a OAuth Request.

Parameters
string$urlThe path (required)
array$paramsThe query/post data
Returns
string The decoded response object
Exceptions
FacebookApiException

Definition at line 896 of file base_facebook.php.

References $key, $params, and $url.

896  {
897  if (!isset($params['access_token'])) {
898  $params['access_token'] = $this->getAccessToken();
899  }
900 
901  // json_encode all params values that are not strings
902  foreach ($params as $key => $value) {
903  if (!is_string($value)) {
904  $params[$key] = json_encode($value);
905  }
906  }
907 
908  return $this->makeRequest($url, $params);
909  }
$params
$params
Definition: disable.php:11
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:398
BaseFacebook\makeRequest
makeRequest($url, $params, $ch=null)
Makes an HTTP request.
Definition: base_facebook.php:922
$url
$url
Definition: proxy_ylocal.php:28
$key
$key
Definition: croninfo.php:18

◆ _restserver()

BaseFacebook::_restserver (   $params)
protected

Invoke the old restserver.php endpoint.

Parameters
array$paramsMethod call object
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 808 of file base_facebook.php.

References $params, and FacebookApiException\$result.

808  {
809  // generic application level parameters
810  $params['api_key'] = $this->getAppId();
811  $params['format'] = 'json-strings';
812 
813  $result = json_decode($this->_oauthRequest(
814  $this->getApiUrl($params['method']),
815  $params
816  ), true);
817 
818  // results are returned, errors are thrown
819  if (is_array($result) && isset($result['error_code'])) {
820  $this->throwAPIException($result);
821  // @codeCoverageIgnoreStart
822  }
823  // @codeCoverageIgnoreEnd
824 
825  $method = strtolower($params['method']);
826  if ($method === 'auth.expiresession' ||
827  $method === 'auth.revokeauthorization') {
828  $this->destroySession();
829  }
830 
831  return $result;
832  }
$params
$params
Definition: disable.php:11
BaseFacebook\getApiUrl
getApiUrl($method)
Build the URL for api given parameters.
Definition: base_facebook.php:1046
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\throwAPIException
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid...
Definition: base_facebook.php:1250
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1319
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:896
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256

◆ api()

BaseFacebook::api ( )

Make an API call.

Returns
mixed The decoded response

Definition at line 649 of file base_facebook.php.

References array.

649  {
650  $args = func_get_args();
651  if (is_array($args[0])) {
652  return $this->_restserver($args[0]);
653  } else {
654  return call_user_func_array(array($this, '_graph'), $args);
655  }
656  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
BaseFacebook\_restserver
_restserver($params)
Invoke the old restserver.php endpoint.
Definition: base_facebook.php:808

◆ base64UrlDecode()

static BaseFacebook::base64UrlDecode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of / No padded =
Parameters
string$inputbase64UrlEncoded string
Returns
string

Definition at line 1297 of file base_facebook.php.

1297  {
1298  return base64_decode(strtr($input, '-_', '+/'));
1299  }

◆ base64UrlEncode()

static BaseFacebook::base64UrlEncode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of /
Parameters
string$inputstring
Returns
string base64Url encoded string

Definition at line 1310 of file base_facebook.php.

1310  {
1311  $str = strtr(base64_encode($input), '+/', '-_');
1312  $str = str_replace('=', '', $str);
1313  return $str;
1314  }

◆ clearAllPersistentData()

BaseFacebook::clearAllPersistentData ( )
abstractprotected

Clear all data from the persistent storage.

Returns
void

◆ clearPersistentData()

BaseFacebook::clearPersistentData (   $key)
abstractprotected

Clear the data with $key from the persistent storage.

Parameters
string$key
Returns
void

◆ destroySession()

BaseFacebook::destroySession ( )

Destroy the current session.

Definition at line 1319 of file base_facebook.php.

References $_COOKIE, and user().

1319  {
1320  $this->accessToken = null;
1321  $this->signedRequest = null;
1322  $this->user = null;
1323  $this->clearAllPersistentData();
1324 
1325  // Javascript sets a cookie that will be used in getSignedRequest that we
1326  // need to clear if we can
1327  $cookie_name = $this->getSignedRequestCookieName();
1328  if (array_key_exists($cookie_name, $_COOKIE)) {
1329  unset($_COOKIE[$cookie_name]);
1330  if (!headers_sent()) {
1331  $base_domain = $this->getBaseDomain();
1332  setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
1333  } else {
1334  // @codeCoverageIgnoreStart
1335  self::errorLog(
1336  'There exists a cookie that we wanted to clear that we couldn\'t '.
1337  'clear because headers was already sent. Make sure to do the first '.
1338  'API call before outputing anything.'
1339  );
1340  // @codeCoverageIgnoreEnd
1341  }
1342  }
1343  }
BaseFacebook\getBaseDomain
getBaseDomain()
Get the base domain used for the cookie.
Definition: base_facebook.php:1171
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
user
user()
Definition: user.php:4
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequestCookieName
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
Definition: base_facebook.php:667
+ Here is the call graph for this function:

◆ endsWith()

static BaseFacebook::endsWith (   $big,
  $small 
)
staticprotected

Definition at line 1383 of file base_facebook.php.

References $key.

1383  {
1384  $len = strlen($small);
1385  if ($len === 0) {
1386  return true;
1387  }
1388  return substr($big, -$len) === $small;
1389  }

◆ errorLog()

static BaseFacebook::errorLog (   $msg)
staticprotected

Prints to the error log if you aren't in command line mode.

Parameters
string$msgLog message

Definition at line 1278 of file base_facebook.php.

References Monolog\Handler\error_log().

1278  {
1279  // disable error log if we are running in a CLI environment
1280  // @codeCoverageIgnoreStart
1281  if (php_sapi_name() != 'cli') {
1282  error_log($msg);
1283  }
1284  // @codeCoverageIgnoreEnd
1285  }
+ Here is the call graph for this function:

◆ establishCSRFTokenState()

BaseFacebook::establishCSRFTokenState ( )
protected

Lays down a CSRF state token for this process.

Returns
void

Definition at line 744 of file base_facebook.php.

744  {
745  if ($this->state === null) {
746  $this->state = md5(uniqid(mt_rand(), true));
747  $this->setPersistentData('state', $this->state);
748  }
749  }
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ getAccessToken()

BaseFacebook::getAccessToken ( )

Determines the access token that should be used for API calls.

The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.

Returns
string The access token

Definition at line 398 of file base_facebook.php.

References $accessToken.

398  {
399  if ($this->accessToken !== null) {
400  // we've done this already and cached it. Just return.
401  return $this->accessToken;
402  }
403 
404  // first establish access token to be the application
405  // access token, in case we navigate to the /oauth/access_token
406  // endpoint, where SOME access token is required
407  $this->setAccessToken($this->getApplicationAccessToken());
408  $user_access_token = $this->getUserAccessToken();
409  if ($user_access_token) {
410  $this->setAccessToken($user_access_token);
411  }
412 
413  return $this->accessToken;
414  }
BaseFacebook\getApplicationAccessToken
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
Definition: base_facebook.php:735
BaseFacebook\getUserAccessToken
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.
Definition: base_facebook.php:426
BaseFacebook\setAccessToken
setAccessToken($access_token)
Sets the access token for api calls.
Definition: base_facebook.php:341

◆ getAccessTokenFromCode()

BaseFacebook::getAccessTokenFromCode (   $code,
  $redirect_uri = null 
)
protected

Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user).

The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.

Parameters
string$codeAn authorization code.
Returns
mixed An access token exchanged for the authorization code, or false if an access token could not be generated.

Definition at line 763 of file base_facebook.php.

References $code, $params, and array.

763  {
764  if (empty($code)) {
765  return false;
766  }
767 
768  if ($redirect_uri === null) {
769  $redirect_uri = $this->getCurrentUrl();
770  }
771 
772  try {
773  // need to circumvent json_decode by calling _oauthRequest
774  // directly, since response isn't JSON format
775  $access_token_response =
776  $this->_oauthRequest(
777  $this->getUrl('graph', '/oauth/access_token'),
778  $params = array('client_id' => $this->getAppId(),
779  'client_secret' => $this->getAppSecret(),
780  'redirect_uri' => $redirect_uri,
781  'code' => $code));
782  } catch (FacebookApiException $e) {
783  // most likely that user very recently revoked authorization.
784  // In any event, we don't have an access token, so say so.
785  return false;
786  }
787 
788  if (empty($access_token_response)) {
789  return false;
790  }
791 
792  $response_params = json_decode($access_token_response, true);
793  if (!isset($response_params['access_token'])) {
794  return false;
795  }
796 
797  return $response_params['access_token'];
798  }
$params
$params
Definition: disable.php:11
$code
$code
Definition: example_050.php:99
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1188
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:896
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:298
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ getApiSecret()

BaseFacebook::getApiSecret ( )

Get the App Secret.

Returns
string the App Secret
Deprecated:

Definition at line 289 of file base_facebook.php.

289  {
290  return $this->getAppSecret();
291  }
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:298

◆ getApiUrl()

BaseFacebook::getApiUrl (   $method)
protected

Build the URL for api given parameters.

Parameters
$methodString the method name.
Returns
string The URL for the given parameters

Definition at line 1046 of file base_facebook.php.

References $name, and array.

1046  {
1047  static $READ_ONLY_CALLS =
1048  array('admin.getallocation' => 1,
1049  'admin.getappproperties' => 1,
1050  'admin.getbannedusers' => 1,
1051  'admin.getlivestreamvialink' => 1,
1052  'admin.getmetrics' => 1,
1053  'admin.getrestrictioninfo' => 1,
1054  'application.getpublicinfo' => 1,
1055  'auth.getapppublickey' => 1,
1056  'auth.getsession' => 1,
1057  'auth.getsignedpublicsessiondata' => 1,
1058  'comments.get' => 1,
1059  'connect.getunconnectedfriendscount' => 1,
1060  'dashboard.getactivity' => 1,
1061  'dashboard.getcount' => 1,
1062  'dashboard.getglobalnews' => 1,
1063  'dashboard.getnews' => 1,
1064  'dashboard.multigetcount' => 1,
1065  'dashboard.multigetnews' => 1,
1066  'data.getcookies' => 1,
1067  'events.get' => 1,
1068  'events.getmembers' => 1,
1069  'fbml.getcustomtags' => 1,
1070  'feed.getappfriendstories' => 1,
1071  'feed.getregisteredtemplatebundlebyid' => 1,
1072  'feed.getregisteredtemplatebundles' => 1,
1073  'fql.multiquery' => 1,
1074  'fql.query' => 1,
1075  'friends.arefriends' => 1,
1076  'friends.get' => 1,
1077  'friends.getappusers' => 1,
1078  'friends.getlists' => 1,
1079  'friends.getmutualfriends' => 1,
1080  'gifts.get' => 1,
1081  'groups.get' => 1,
1082  'groups.getmembers' => 1,
1083  'intl.gettranslations' => 1,
1084  'links.get' => 1,
1085  'notes.get' => 1,
1086  'notifications.get' => 1,
1087  'pages.getinfo' => 1,
1088  'pages.isadmin' => 1,
1089  'pages.isappadded' => 1,
1090  'pages.isfan' => 1,
1091  'permissions.checkavailableapiaccess' => 1,
1092  'permissions.checkgrantedapiaccess' => 1,
1093  'photos.get' => 1,
1094  'photos.getalbums' => 1,
1095  'photos.gettags' => 1,
1096  'profile.getinfo' => 1,
1097  'profile.getinfooptions' => 1,
1098  'stream.get' => 1,
1099  'stream.getcomments' => 1,
1100  'stream.getfilters' => 1,
1101  'users.getinfo' => 1,
1102  'users.getloggedinuser' => 1,
1103  'users.getstandardinfo' => 1,
1104  'users.hasapppermission' => 1,
1105  'users.isappuser' => 1,
1106  'users.isverified' => 1,
1107  'video.getuploadlimits' => 1);
1108  $name = 'api';
1109  if (isset($READ_ONLY_CALLS[strtolower($method)])) {
1110  $name = 'api_read';
1111  } else if (strtolower($method) == 'video.upload') {
1112  $name = 'api_video';
1113  }
1114  return self::getUrl($name, 'restserver.php');
1115  }
$name
if($format !==null) $name
Definition: metadata.php:146
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getAppId()

BaseFacebook::getAppId ( )

Get the Application ID.

Returns
string the Application ID

Definition at line 256 of file base_facebook.php.

Referenced by sspmod_authfacebook_Facebook\constructSessionVariableName(), and sspmod_authfacebook_Facebook\getSharedSessionCookieName().

256  {
257  return $this->appId;
258  }
+ Here is the caller graph for this function:

◆ getApplicationAccessToken()

BaseFacebook::getApplicationAccessToken ( )
protected

Returns the access token that should be used for logged out users when no authorization code is available.

Returns
string The application access token, useful for gathering public information about users and applications.

Definition at line 735 of file base_facebook.php.

735  {
736  return $this->appId.'|'.$this->appSecret;
737  }

◆ getAppSecret()

BaseFacebook::getAppSecret ( )

Get the App Secret.

Returns
string the App Secret

Definition at line 298 of file base_facebook.php.

298  {
299  return $this->appSecret;
300  }

◆ getBaseDomain()

BaseFacebook::getBaseDomain ( )
protected

Get the base domain used for the cookie.

Definition at line 1171 of file base_facebook.php.

References $metadata.

Referenced by sspmod_authfacebook_Facebook\deleteSharedSessionCookie(), and sspmod_authfacebook_Facebook\initSharedSession().

1171  {
1172  // The base domain is stored in the metadata cookie if not we fallback
1173  // to the current hostname
1174  $metadata = $this->getMetadataCookie();
1175  if (array_key_exists('base_domain', $metadata) &&
1176  !empty($metadata['base_domain'])) {
1177  return trim($metadata['base_domain'], '.');
1178  }
1179  return $this->getHttpHost();
1180  }
BaseFacebook\getMetadataCookie
getMetadataCookie()
Parses the metadata cookie that our Javascript API set.
Definition: base_facebook.php:1350
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
+ Here is the caller graph for this function:

◆ getCode()

BaseFacebook::getCode ( )
protected

Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.

Returns
mixed The authorization code, or false if the authorization code could not be determined.

Definition at line 690 of file base_facebook.php.

690  {
691  if (isset($_REQUEST['code'])) {
692  if ($this->state !== null &&
693  isset($_REQUEST['state']) &&
694  $this->state === $_REQUEST['state']) {
695 
696  // CSRF state has done its job, so clear it
697  $this->state = null;
698  $this->clearPersistentData('state');
699  return $_REQUEST['code'];
700  } else {
701  self::errorLog('CSRF state token does not match one provided. ' . $this->state . '!=' . $_REQUEST['state']);
702  return false;
703  }
704  }
705 
706  return false;
707  }
BaseFacebook\clearPersistentData
clearPersistentData($key)
Clear the data with $key from the persistent storage.

◆ getCurrentUrl()

BaseFacebook::getCurrentUrl ( )
protected

Returns the Current URL, stripping it of known FB parameters that should not persist.

Returns
string The current URL

Definition at line 1188 of file base_facebook.php.

References $params, GuzzleHttp\Psr7\$protocol, $query, and array.

1188  {
1189  $protocol = $this->getHttpProtocol() . '://';
1190  $host = $this->getHttpHost();
1191  $currentUrl = $protocol.$host.$_SERVER['REQUEST_URI'];
1192  $parts = parse_url($currentUrl);
1193 
1194  $query = '';
1195  if (!empty($parts['query'])) {
1196  // drop known fb params
1197  $params = explode('&', $parts['query']);
1198  $retained_params = array();
1199  foreach ($params as $param) {
1200  if ($this->shouldRetainParam($param)) {
1201  $retained_params[] = $param;
1202  }
1203  }
1204 
1205  if (!empty($retained_params)) {
1206  $query = '?'.implode($retained_params, '&');
1207  }
1208  }
1209 
1210  // use port if non default
1211  $port =
1212  isset($parts['port']) &&
1213  (($protocol === 'http://' && $parts['port'] !== 80) ||
1214  ($protocol === 'https://' && $parts['port'] !== 443))
1215  ? ':' . $parts['port'] : '';
1216 
1217  // rebuild
1218  return $protocol . $parts['host'] . $port . $parts['path'] . $query;
1219  }
$params
$params
Definition: disable.php:11
BaseFacebook\shouldRetainParam
shouldRetainParam($param)
Returns true if and only if the key or key/value pair should be retained as part of the query string...
Definition: base_facebook.php:1232
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getFileUploadSupport()

BaseFacebook::getFileUploadSupport ( )

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 318 of file base_facebook.php.

318  {
319  return $this->fileUploadSupport;
320  }

◆ getHttpHost()

BaseFacebook::getHttpHost ( )
protected

Definition at line 1141 of file base_facebook.php.

References $_SERVER.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

1141  {
1142  if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
1143  return $_SERVER['HTTP_X_FORWARDED_HOST'];
1144  }
1145  return $_SERVER['HTTP_HOST'];
1146  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
+ Here is the caller graph for this function:

◆ getHttpProtocol()

BaseFacebook::getHttpProtocol ( )
protected

Definition at line 1148 of file base_facebook.php.

References $_SERVER.

1148  {
1149  if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
1150  if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
1151  return 'https';
1152  }
1153  return 'http';
1154  }
1155  /*apache + variants specific way of checking for https*/
1156  if (isset($_SERVER['HTTPS']) &&
1157  ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
1158  return 'https';
1159  }
1160  /*nginx way of checking for https*/
1161  if (isset($_SERVER['SERVER_PORT']) &&
1162  ($_SERVER['SERVER_PORT'] === '443')) {
1163  return 'https';
1164  }
1165  return 'http';
1166  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

◆ getLoginStatusUrl()

BaseFacebook::getLoginStatusUrl (   $params = array())

Get a login status URL to fetch the status from Facebook.

The parameters:

  • ok_session: the URL to go to if a session is found
  • no_session: the URL to go to if the user is not connected
  • no_user: the URL to go to if the user is not signed into facebook
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 630 of file base_facebook.php.

References $params, and array.

630  {
631  return $this->getUrl(
632  'www',
633  'extern/login_status.php',
634  array_merge(array(
635  'api_key' => $this->getAppId(),
636  'no_session' => $this->getCurrentUrl(),
637  'no_user' => $this->getCurrentUrl(),
638  'ok_session' => $this->getCurrentUrl(),
639  'session_version' => 3,
640  ), $params)
641  );
642  }
$params
$params
Definition: disable.php:11
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1188
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256

◆ getLoginUrl()

BaseFacebook::getLoginUrl (   $params = array())

Get a Login URL for use with redirects.

By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.

The parameters:

  • redirect_uri: the URL to go to after a successful login
  • scope: comma separated list of requested extended perms
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the login flow

Definition at line 579 of file base_facebook.php.

References $params, and array.

579  {
580  $this->establishCSRFTokenState();
581  $currentUrl = $this->getCurrentUrl();
582 
583  // if 'scope' is passed as an array, convert to comma separated list
584  $scopeParams = isset($params['scope']) ? $params['scope'] : null;
585  if ($scopeParams && is_array($scopeParams)) {
586  $params['scope'] = implode(',', $scopeParams);
587  }
588 
589  return $this->getUrl(
590  'www',
591  'dialog/oauth',
592  array_merge(array(
593  'client_id' => $this->getAppId(),
594  'redirect_uri' => $currentUrl, // possibly overwritten
595  'state' => $this->state),
596  $params));
597  }
$params
$params
Definition: disable.php:11
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1188
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256
BaseFacebook\establishCSRFTokenState
establishCSRFTokenState()
Lays down a CSRF state token for this process.
Definition: base_facebook.php:744

◆ getLogoutUrl()

BaseFacebook::getLogoutUrl (   $params = array())

Get a Logout URL suitable for use with redirects.

The parameters:

  • next: the URL to go to after a successful logout
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 608 of file base_facebook.php.

References $params, and array.

608  {
609  return $this->getUrl(
610  'www',
611  'logout.php',
612  array_merge(array(
613  'next' => $this->getCurrentUrl(),
614  'access_token' => $this->getUserAccessToken(),
615  ), $params)
616  );
617  }
$params
$params
Definition: disable.php:11
BaseFacebook\getUserAccessToken
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.
Definition: base_facebook.php:426
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1188
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getMetadataCookie()

BaseFacebook::getMetadataCookie ( )
protected

Parses the metadata cookie that our Javascript API set.

Returns
an array mapping key to value

Definition at line 1350 of file base_facebook.php.

References $_COOKIE, $metadata, and array.

1350  {
1351  $cookie_name = $this->getMetadataCookieName();
1352  if (!array_key_exists($cookie_name, $_COOKIE)) {
1353  return array();
1354  }
1355 
1356  // The cookie value can be wrapped in "-characters so remove them
1357  $cookie_value = trim($_COOKIE[$cookie_name], '"');
1358 
1359  if (empty($cookie_value)) {
1360  return array();
1361  }
1362 
1363  $parts = explode('&', $cookie_value);
1364  $metadata = array();
1365  foreach ($parts as $part) {
1366  $pair = explode('=', $part, 2);
1367  if (!empty($pair[0])) {
1368  $metadata[urldecode($pair[0])] =
1369  (count($pair) > 1) ? urldecode($pair[1]) : '';
1370  }
1371  }
1372 
1373  return $metadata;
1374  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
BaseFacebook\getMetadataCookieName
getMetadataCookieName()
Constructs and returns the name of the coookie that potentially contain metadata. ...
Definition: base_facebook.php:678
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getMetadataCookieName()

BaseFacebook::getMetadataCookieName ( )
protected

Constructs and returns the name of the coookie that potentially contain metadata.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house metadata.

Definition at line 678 of file base_facebook.php.

678  {
679  return 'fbm_'.$this->getAppId();
680  }

◆ getPersistentData()

BaseFacebook::getPersistentData (   $key,
  $default = false 
)
abstractprotected

Get the data for $key, persisted by BaseFacebook::setPersistentData()

Parameters
string$keyThe key of the data to retrieve
boolean$defaultThe default value to return if $key is not found
Returns
mixed

◆ getSignedRequest()

BaseFacebook::getSignedRequest ( )

Retrieve the signed request, either from a request parameter or, if not present, from a cookie.

Returns
string the signed request, if available, or null otherwise.

Definition at line 489 of file base_facebook.php.

References $_COOKIE.

489  {
490  if (!$this->signedRequest) {
491  if (!empty($_REQUEST['signed_request'])) {
492  $this->signedRequest = $this->parseSignedRequest(
493  $_REQUEST['signed_request']);
494  } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
495  $this->signedRequest = $this->parseSignedRequest(
496  $_COOKIE[$this->getSignedRequestCookieName()]);
497  }
498  }
499  return $this->signedRequest;
500  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
BaseFacebook\$signedRequest
$signedRequest
The data from the signed_request token.
Definition: base_facebook.php:186
BaseFacebook\parseSignedRequest
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
Definition: base_facebook.php:996
BaseFacebook\getSignedRequestCookieName
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
Definition: base_facebook.php:667

◆ getSignedRequestCookieName()

BaseFacebook::getSignedRequestCookieName ( )
protected

Constructs and returns the name of the cookie that potentially houses the signed request for the app user.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house the signed request value.

Definition at line 667 of file base_facebook.php.

667  {
668  return 'fbsr_'.$this->getAppId();
669  }

◆ getUrl()

BaseFacebook::getUrl (   $name,
  $path = '',
  $params = array() 
)
protected

Build the URL for given domain alias, path and parameters.

Parameters
$namestring The name of the domain
$pathstring Optional path (without a leading slash)
$paramsarray Optional query parameters
Returns
string The URL for the given parameters

Definition at line 1126 of file base_facebook.php.

References $name, $params, $path, and $url.

1126  {
1127  $url = self::$DOMAIN_MAP[$name];
1128  if ($path) {
1129  if ($path[0] === '/') {
1130  $path = substr($path, 1);
1131  }
1132  $url .= $path;
1133  }
1134  if ($params) {
1135  $url .= '?' . http_build_query($params, null, '&');
1136  }
1137 
1138  return $url;
1139  }
$params
$params
Definition: disable.php:11
$name
if($format !==null) $name
Definition: metadata.php:146
$url
$url
Definition: proxy_ylocal.php:28

◆ getUser()

BaseFacebook::getUser ( )

Get the UID of the connected user, or 0 if the Facebook user is not connected.

Returns
string the UID if available.

Definition at line 508 of file base_facebook.php.

References user().

508  {
509  if ($this->user !== null) {
510  // we've already determined this and cached the value
511  return $this->user;
512  }
513 
514  return $this->user = $this->getUserFromAvailableData();
515  }
user
user()
Definition: user.php:4
BaseFacebook\getUserFromAvailableData
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorizati...
Definition: base_facebook.php:525
+ Here is the call graph for this function:

◆ getUserAccessToken()

BaseFacebook::getUserAccessToken ( )
protected

Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.

The intent is to return a valid user access token, or false if one is determined to not be available.

Returns
string A valid user access token, or false if one could not be determined.

Definition at line 426 of file base_facebook.php.

References $code.

426  {
427  // first, consider a signed request if it's supplied
428  // if there is a signed request, then it alone determines
429  // the access token
430  $signed_request = $this->getSignedRequest();
431  if ($signed_request) {
432  // apps.facebook.com hands the access_token in the signed_request
433  if (array_key_exists('oauth_token', $signed_request)) {
434  $access_token = $signed_request['oauth_token'];
435  $this->setPersistentData('access_token', $access_token);
436  return $access_token;
437  }
438 
439  // the JS SDK puts a code in with the redirect_uri of ''
440  if (array_key_exists('code', $signed_request)) {
441  $code = $signed_request['code'];
442  if ($code && $code == $this->getPersistentData('code')) {
443  // short-circuit if the code we have is the same as the one presented
444  return $this->getPersistentData('access_token');
445  }
446 
447  $access_token = $this->getAccessTokenFromCode($code, '');
448  if ($access_token) {
449  $this->setPersistentData('code', $code);
450  $this->setPersistentData('access_token', $access_token);
451  return $access_token;
452  }
453  }
454 
455  // signed request states there's no access token, so anything
456  // stored should be cleared
457  $this->clearAllPersistentData();
458  return false; // respect the signed request's data, even
459  // if there's an authorization code or something else
460  }
461 
462  $code = $this->getCode();
463  if ($code && $code != $this->getPersistentData('code')) {
464  $access_token = $this->getAccessTokenFromCode($code);
465  if ($access_token) {
466  $this->setPersistentData('code', $code);
467  $this->setPersistentData('access_token', $access_token);
468  return $access_token;
469  }
470 
471  // code was bogus, so everything based on it should be invalidated
472  $this->clearAllPersistentData();
473  return false;
474  }
475 
476  // as a fallback, just return whatever is in the persistent
477  // store, knowing nothing explicit (signed request, authorization
478  // code, etc.) was present to shadow it (or we saw a code in $_REQUEST,
479  // but it's the same as what's in the persistent store)
480  return $this->getPersistentData('access_token');
481  }
$code
$code
Definition: example_050.php:99
BaseFacebook\getAccessTokenFromCode
getAccessTokenFromCode($code, $redirect_uri=null)
Retrieves an access token for the given authorization code (previously generated from www...
Definition: base_facebook.php:763
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
BaseFacebook\getCode
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to sig...
Definition: base_facebook.php:690
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequest
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie...
Definition: base_facebook.php:489
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ getUserFromAccessToken()

BaseFacebook::getUserFromAccessToken ( )
protected

Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate.

It relies on Facebook's Graph API to retrieve user information and then extract the user ID.

Returns
integer Returns the UID of the Facebook user, or 0 if the Facebook user could not be determined.

Definition at line 719 of file base_facebook.php.

719  {
720  try {
721  $user_info = $this->api('/me');
722  return $user_info['id'];
723  } catch (FacebookApiException $e) {
724  return 0;
725  }
726  }
BaseFacebook\api
api()
Make an API call.
Definition: base_facebook.php:649
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ getUserFromAvailableData()

BaseFacebook::getUserFromAvailableData ( )
protected

Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.

Returns
integer The id of the connected Facebook user, or 0 if no such user exists.

Definition at line 525 of file base_facebook.php.

525  {
526  // if a signed request is supplied, then it solely determines
527  // who the user is
528  $signed_request = $this->getSignedRequest();
529  if ($signed_request) {
530  if (array_key_exists('user_id', $signed_request)) {
531  $user = $signed_request['user_id'];
532 
533  if($user != $this->getPersistentData('user_id')){
534  $this->clearAllPersistentData();
535  }
536 
537  $this->setPersistentData('user_id', $signed_request['user_id']);
538  return $user;
539  }
540 
541  // if the signed request didn't present a user id, then invalidate
542  // all entries in any persistent store
543  $this->clearAllPersistentData();
544  return 0;
545  }
546 
547  $user = $this->getPersistentData('user_id', $default = 0);
548  $persisted_access_token = $this->getPersistentData('access_token');
549 
550  // use access_token to fetch user id if we have a user access_token, or if
551  // the cached access token has changed
552  $access_token = $this->getAccessToken();
553  if ($access_token &&
554  $access_token != $this->getApplicationAccessToken() &&
555  !($user && $persisted_access_token == $access_token)) {
556  $user = $this->getUserFromAccessToken();
557  if ($user) {
558  $this->setPersistentData('user_id', $user);
559  } else {
560  $this->clearAllPersistentData();
561  }
562  }
563 
564  return $user;
565  }
BaseFacebook\getApplicationAccessToken
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
Definition: base_facebook.php:735
BaseFacebook\getUserFromAccessToken
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingl...
Definition: base_facebook.php:719
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:398
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequest
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie...
Definition: base_facebook.php:489
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ isAllowedDomain()

static BaseFacebook::isAllowedDomain (   $big,
  $small 
)
staticprotected

Definition at line 1376 of file base_facebook.php.

1376  {
1377  if ($big === $small) {
1378  return true;
1379  }
1380  return self::endsWith($big, '.'.$small);
1381  }

◆ isVideoPost()

BaseFacebook::isVideoPost (   $path,
  $method = 'GET' 
)
protected

Return true if this is video post.

Parameters
string$pathThe path
string$methodThe http method (default 'GET')
Returns
boolean true if this is video post

Definition at line 842 of file base_facebook.php.

References $path.

842  {
843  if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) {
844  return true;
845  }
846  return false;
847  }

◆ makeRequest()

BaseFacebook::makeRequest (   $url,
  $params,
  $ch = null 
)
protected

Makes an HTTP request.

This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.

Parameters
string$urlThe URL to make the request to
array$paramsThe parameters to use for the POST body
CurlHandler$chInitialized curl handle
Returns
string The response text

Definition at line 922 of file base_facebook.php.

References $params, FacebookApiException\$result, $url, and array.

922  {
923  if (!$ch) {
924  $ch = curl_init();
925  }
926 
927  $opts = self::$CURL_OPTS;
928  if ($this->getFileUploadSupport()) {
929  $opts[CURLOPT_POSTFIELDS] = $params;
930  } else {
931  $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
932  }
933  $opts[CURLOPT_URL] = $url;
934 
935  // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
936  // for 2 seconds if the server does not support this header
937  if (isset($opts[CURLOPT_HTTPHEADER])) {
938  $existing_headers = $opts[CURLOPT_HTTPHEADER];
939  $existing_headers[] = 'Expect:';
940  $opts[CURLOPT_HTTPHEADER] = $existing_headers;
941  } else {
942  $opts[CURLOPT_HTTPHEADER] = array('Expect:');
943  }
944 
945  curl_setopt_array($ch, $opts);
946  $result = curl_exec($ch);
947 
948  if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
949  self::errorLog('Invalid or no certificate authority found, '.
950  'using bundled information');
951  curl_setopt($ch, CURLOPT_CAINFO,
952  dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
953  $result = curl_exec($ch);
954  }
955 
956  // With dual stacked DNS responses, it's possible for a server to
957  // have IPv6 enabled but not have IPv6 connectivity. If this is
958  // the case, curl will try IPv4 first and if that fails, then it will
959  // fall back to IPv6 and the error EHOSTUNREACH is returned by the
960  // operating system
961  if ($result === false && empty($opts[CURLOPT_IPRESOLVE])) {
962  $matches = array();
963  $regex = '/Failed to connect to ([^:].*): Network is unreachable/';
964  if (preg_match($regex, curl_error($ch), $matches)) {
965  if (strlen(@inet_pton($matches[1])) === 16) {
966  self::errorLog('Invalid IPv6 configuration on server, '.
967  'Please disable or get native IPv6 on your server.');
968  self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
969  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
970  $result = curl_exec($ch);
971  }
972  }
973  }
974 
975  if ($result === false) {
976  $e = new FacebookApiException(array(
977  'error_code' => curl_errno($ch),
978  'error' => array(
979  'message' => curl_error($ch),
980  'type' => 'CurlException',
981  ),
982  ));
983  curl_close($ch);
984  throw $e;
985  }
986  curl_close($ch);
987  return $result;
988  }
$params
$params
Definition: disable.php:11
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\getFileUploadSupport
getFileUploadSupport()
Get the file upload support status.
Definition: base_facebook.php:318
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ makeSignedRequest()

BaseFacebook::makeSignedRequest (   $data)
protected

Makes a signed_request blob using the given data.

Parameters
arrayThe data array.
Returns
string The signed request.

Definition at line 1026 of file base_facebook.php.

References $data, and time.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

1026  {
1027  if (!is_array($data)) {
1028  throw new InvalidArgumentException(
1029  'makeSignedRequest expects an array. Got: ' . print_r($data, true));
1030  }
1031  $data['algorithm'] = self::SIGNED_REQUEST_ALGORITHM;
1032  $data['issued_at'] = time();
1033  $json = json_encode($data);
1034  $b64 = self::base64UrlEncode($json);
1035  $raw_sig = hash_hmac('sha256', $b64, $this->getAppSecret(), $raw = true);
1036  $sig = self::base64UrlEncode($raw_sig);
1037  return $sig.'.'.$b64;
1038  }
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:298
+ Here is the caller graph for this function:

◆ parseSignedRequest()

BaseFacebook::parseSignedRequest (   $signed_request)
protected

Parses a signed_request and validates the signature.

Parameters
string$signed_requestA signed token
Returns
array The payload inside it or null if the sig is wrong

Definition at line 996 of file base_facebook.php.

References $data.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

996  {
997  list($encoded_sig, $payload) = explode('.', $signed_request, 2);
998 
999  // decode the data
1000  $sig = self::base64UrlDecode($encoded_sig);
1001  $data = json_decode(self::base64UrlDecode($payload), true);
1002 
1003  if (strtoupper($data['algorithm']) !== self::SIGNED_REQUEST_ALGORITHM) {
1004  self::errorLog(
1005  'Unknown algorithm. Expected ' . self::SIGNED_REQUEST_ALGORITHM);
1006  return null;
1007  }
1008 
1009  // check sig
1010  $expected_sig = hash_hmac('sha256', $payload,
1011  $this->getAppSecret(), $raw = true);
1012  if ($sig !== $expected_sig) {
1013  self::errorLog('Bad Signed JSON signature!');
1014  return null;
1015  }
1016 
1017  return $data;
1018  }
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:298
+ Here is the caller graph for this function:

◆ setAccessToken()

BaseFacebook::setAccessToken (   $access_token)

Sets the access token for api calls.

Use this if you get your access token by other means and just want the SDK to use it.

Parameters
string$access_tokenan access token.
Returns
BaseFacebook

Definition at line 341 of file base_facebook.php.

341  {
342  $this->accessToken = $access_token;
343  return $this;
344  }

◆ setApiSecret()

BaseFacebook::setApiSecret (   $apiSecret)

Set the App Secret.

Parameters
string$apiSecretThe App Secret
Returns
BaseFacebook
Deprecated:

Definition at line 267 of file base_facebook.php.

267  {
268  $this->setAppSecret($apiSecret);
269  return $this;
270  }
BaseFacebook\setAppSecret
setAppSecret($appSecret)
Set the App Secret.
Definition: base_facebook.php:278

◆ setAppId()

BaseFacebook::setAppId (   $appId)

Set the Application ID.

Parameters
string$appIdThe Application ID
Returns
BaseFacebook

Definition at line 246 of file base_facebook.php.

246  {
247  $this->appId = $appId;
248  return $this;
249  }

◆ setAppSecret()

BaseFacebook::setAppSecret (   $appSecret)

Set the App Secret.

Parameters
string$appSecretThe App Secret
Returns
BaseFacebook

Definition at line 278 of file base_facebook.php.

278  {
279  $this->appSecret = $appSecret;
280  return $this;
281  }

◆ setExtendedAccessToken()

BaseFacebook::setExtendedAccessToken ( )

Extend an access token, while removing the short-lived token that might have been generated via client-side flow.

Thanks to http://bit.ly/b0Pt0H for the workaround.

Definition at line 351 of file base_facebook.php.

References $params, and array.

351  {
352  try {
353  // need to circumvent json_decode by calling _oauthRequest
354  // directly, since response isn't JSON format
355  $access_token_response = $this->_oauthRequest(
356  $this->getUrl('graph', '/oauth/access_token'),
357  $params = array(
358  'client_id' => $this->getAppId(),
359  'client_secret' => $this->getAppSecret(),
360  'grant_type' => 'fb_exchange_token',
361  'fb_exchange_token' => $this->getAccessToken(),
362  )
363  );
364  }
365  catch (FacebookApiException $e) {
366  // most likely that user very recently revoked authorization
367  // In any event, we don't have an access token, so say so
368  return false;
369  }
370 
371  if (empty($access_token_response)) {
372  return false;
373  }
374 
375  $response_params = array();
376  parse_str($access_token_response, $response_params);
377 
378  if (!isset($response_params['access_token'])) {
379  return false;
380  }
381 
382  $this->destroySession();
383 
384  $this->setPersistentData(
385  'access_token', $response_params['access_token']
386  );
387  }
$params
$params
Definition: disable.php:11
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:398
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1319
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1126
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:896
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:298
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ setFileUploadSupport()

BaseFacebook::setFileUploadSupport (   $fileUploadSupport)

Set the file upload support status.

Parameters
boolean$fileUploadSupportThe file upload support status.
Returns
BaseFacebook

Definition at line 308 of file base_facebook.php.

308  {
309  $this->fileUploadSupport = $fileUploadSupport;
310  return $this;
311  }

◆ setPersistentData()

BaseFacebook::setPersistentData (   $key,
  $value 
)
abstractprotected

Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class.

The Facebook class uses PHP sessions to provide a primitive persistent store, but another subclass–one that you implement– might use a database, memcache, or an in-memory cache.

See also
Facebook Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
Parameters
string$key
array$value
Returns
void

◆ shouldRetainParam()

BaseFacebook::shouldRetainParam (   $param)
protected

Returns true if and only if the key or key/value pair should be retained as part of the query string.

This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.

Parameters
string$paramA key or key/value pair within a URL's query (e.g. 'foo=a', 'foo=', or 'foo'.
Returns
boolean

Definition at line 1232 of file base_facebook.php.

1232  {
1233  foreach (self::$DROP_QUERY_PARAMS as $drop_query_param) {
1234  if (strpos($param, $drop_query_param.'=') === 0) {
1235  return false;
1236  }
1237  }
1238 
1239  return true;
1240  }

◆ throwAPIException()

BaseFacebook::throwAPIException (   $result)
protected

Analyzes the supplied result to see if it was thrown because the access token is no longer valid.

If that is the case, then we destroy the session.

Parameters
$resultarray A record storing the error message returned by a failed API call.

Definition at line 1250 of file base_facebook.php.

References $message, and FacebookApiException\$result.

1250  {
1251  $e = new FacebookApiException($result);
1252  switch ($e->getType()) {
1253  // OAuth 2.0 Draft 00 style
1254  case 'OAuthException':
1255  // OAuth 2.0 Draft 10 style
1256  case 'invalid_token':
1257  // REST server errors are just Exceptions
1258  case 'Exception':
1259  $message = $e->getMessage();
1260  if ((strpos($message, 'Error validating access token') !== false) ||
1261  (strpos($message, 'Invalid OAuth access token') !== false) ||
1262  (strpos($message, 'An active access token must be used') !== false)
1263  ) {
1264  $this->destroySession();
1265  }
1266  break;
1267  }
1268 
1269  throw $e;
1270  }
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1319
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ useFileUploadSupport()

BaseFacebook::useFileUploadSupport ( )

DEPRECATED! Please use getFileUploadSupport instead.

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 329 of file base_facebook.php.

329  {
330  return $this->getFileUploadSupport();
331  }
BaseFacebook\getFileUploadSupport
getFileUploadSupport()
Get the file upload support status.
Definition: base_facebook.php:318

Field Documentation

◆ $accessToken

BaseFacebook::$accessToken = null
protected

Definition at line 199 of file base_facebook.php.

◆ $appId

BaseFacebook::$appId
protected

Definition at line 167 of file base_facebook.php.

◆ $appSecret

BaseFacebook::$appSecret
protected

Definition at line 174 of file base_facebook.php.

◆ $CURL_OPTS

BaseFacebook::$CURL_OPTS
static
Initial value:
= array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
)

Default options for curl.

Definition at line 133 of file base_facebook.php.

◆ $DOMAIN_MAP

BaseFacebook::$DOMAIN_MAP
static
Initial value:
= array(
'api' => 'https://api.facebook.com/',
'api_video' => 'https://api-video.facebook.com/',
'api_read' => 'https://api-read.facebook.com/',
'graph' => 'https://graph.facebook.com/',
'graph_video' => 'https://graph-video.facebook.com/',
'www' => 'https://www.facebook.com/',
)

Maps aliases to Facebook domains.

Definition at line 153 of file base_facebook.php.

◆ $DROP_QUERY_PARAMS

BaseFacebook::$DROP_QUERY_PARAMS
staticprotected
Initial value:
= array(
'code',
'state',
'signed_request',
)

List of query parameters that get automatically dropped when rebuilding the current URL.

Definition at line 144 of file base_facebook.php.

◆ $fileUploadSupport

BaseFacebook::$fileUploadSupport = false
protected

Definition at line 206 of file base_facebook.php.

◆ $signedRequest

BaseFacebook::$signedRequest
protected

The data from the signed_request token.

Definition at line 186 of file base_facebook.php.

◆ $state

BaseFacebook::$state
protected

A CSRF state variable to assist in the defense against CSRF attacks.

Definition at line 191 of file base_facebook.php.

◆ $trustForwarded

BaseFacebook::$trustForwarded = false
protected

Definition at line 213 of file base_facebook.php.

◆ $user

BaseFacebook::$user
protected

Definition at line 181 of file base_facebook.php.

◆ SIGNED_REQUEST_ALGORITHM

const BaseFacebook::SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'

Signed Request Algorithm.

Definition at line 128 of file base_facebook.php.

◆ VERSION

const BaseFacebook::VERSION = '3.2.2'

Version.

Definition at line 123 of file base_facebook.php.

The documentation for this class was generated from the following file: