ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Static Public Attributes | Protected Member Functions | Static Protected Member Functions | Protected Attributes
BaseFacebook Class Reference

Provides access to the Facebook Platform. More...

+ Inheritance diagram for BaseFacebook:
+ Collaboration diagram for BaseFacebook:

Public Member Functions

 __construct ($config)
 Initialize a Facebook Application. More...
 
 setAppId ($appId)
 Set the Application ID. More...
 
 getAppId ()
 Get the Application ID. More...
 
 setApiSecret ($apiSecret)
 Set the App Secret. More...
 
 setAppSecret ($appSecret)
 Set the App Secret. More...
 
 getApiSecret ()
 Get the App Secret. More...
 
 getAppSecret ()
 Get the App Secret. More...
 
 setFileUploadSupport ($fileUploadSupport)
 Set the file upload support status. More...
 
 getFileUploadSupport ()
 Get the file upload support status. More...
 
 useFileUploadSupport ()
 DEPRECATED! Please use getFileUploadSupport instead. More...
 
 setAccessToken ($access_token)
 Sets the access token for api calls. More...
 
 setExtendedAccessToken ()
 Extend an access token, while removing the short-lived token that might have been generated via client-side flow. More...
 
 getAccessToken ()
 Determines the access token that should be used for API calls. More...
 
 getSignedRequest ()
 Retrieve the signed request, either from a request parameter or, if not present, from a cookie. More...
 
 getUser ()
 Get the UID of the connected user, or 0 if the Facebook user is not connected. More...
 
 getLoginUrl ($params=array())
 Get a Login URL for use with redirects. More...
 
 getLogoutUrl ($params=array())
 Get a Logout URL suitable for use with redirects. More...
 
 getLoginStatusUrl ($params=array())
 Get a login status URL to fetch the status from Facebook. More...
 
 api ()
 Make an API call. More...
 
 destroySession ()
 Destroy the current session. More...
 

Data Fields

const VERSION = '3.2.2'
 Version. More...
 
const SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'
 Signed Request Algorithm. More...
 

Static Public Attributes

static $CURL_OPTS
 Default options for curl. More...
 
static $DOMAIN_MAP
 Maps aliases to Facebook domains. More...
 

Protected Member Functions

 getUserAccessToken ()
 Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. More...
 
 getUserFromAvailableData ()
 Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user. More...
 
 getSignedRequestCookieName ()
 Constructs and returns the name of the cookie that potentially houses the signed request for the app user. More...
 
 getMetadataCookieName ()
 Constructs and returns the name of the coookie that potentially contain metadata. More...
 
 getCode ()
 Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable. More...
 
 getUserFromAccessToken ()
 Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. More...
 
 getApplicationAccessToken ()
 Returns the access token that should be used for logged out users when no authorization code is available. More...
 
 establishCSRFTokenState ()
 Lays down a CSRF state token for this process. More...
 
 getAccessTokenFromCode ($code, $redirect_uri=null)
 Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). More...
 
 _restserver ($params)
 Invoke the old restserver.php endpoint. More...
 
 isVideoPost ($path, $method='GET')
 Return true if this is video post. More...
 
 _graph ($path, $method='GET', $params=array())
 Invoke the Graph API. More...
 
 _oauthRequest ($url, $params)
 Make a OAuth Request. More...
 
 makeRequest ($url, $params, $ch=null)
 Makes an HTTP request. More...
 
 parseSignedRequest ($signed_request)
 Parses a signed_request and validates the signature. More...
 
 makeSignedRequest ($data)
 Makes a signed_request blob using the given data. More...
 
 getApiUrl ($method)
 Build the URL for api given parameters. More...
 
 getUrl ($name, $path='', $params=array())
 Build the URL for given domain alias, path and parameters. More...
 
 getHttpHost ()
 
 getHttpProtocol ()
 
 getBaseDomain ()
 Get the base domain used for the cookie. More...
 
 getCurrentUrl ()
 Returns the Current URL, stripping it of known FB parameters that should not persist. More...
 
 throwAPIException ($result)
 Analyzes the supplied result to see if it was thrown because the access token is no longer valid. More...
 
 getMetadataCookie ()
 Parses the metadata cookie that our Javascript API set. More...
 
 setPersistentData ($key, $value)
 Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class. More...
 
 getPersistentData ($key, $default=false)
 Get the data for $key, persisted by BaseFacebook::setPersistentData() More...
 
 clearPersistentData ($key)
 Clear the data with $key from the persistent storage. More...
 
 clearAllPersistentData ()
 Clear all data from the persistent storage. More...
 

Static Protected Member Functions

static errorLog ($msg)
 Prints to the error log if you aren't in command line mode. More...
 
static base64UrlDecode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static base64UrlEncode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static isAllowedDomain ($big, $small)
 
static endsWith ($big, $small)
 

Protected Attributes

 $appId
 
 $appSecret
 
 $user
 
 $signedRequest
 The data from the signed_request token. More...
 
 $state
 A CSRF state variable to assist in the defense against CSRF attacks. More...
 
 $accessToken = null
 
 $fileUploadSupport = false
 
 $trustForwarded = false
 

Detailed Description

Provides access to the Facebook Platform.

This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.

Author
Naitik Shah naiti.nosp@m.k@fa.nosp@m.ceboo.nosp@m.k.co.nosp@m.m

Definition at line 118 of file base_facebook.php.

Constructor & Destructor Documentation

◆ __construct()

BaseFacebook::__construct (   $config)

Initialize a Facebook Application.

The configuration:

  • appId: the application ID
  • secret: the application secret
  • fileUpload: (optional) boolean indicating if file uploads are enabled
Parameters
array$configThe application configuration

Definition at line 215 of file base_facebook.php.

References $config, and $state.

215  {
216  $this->setAppId($config['appId']);
217  $this->setAppSecret($config['secret']);
218  if (isset($config['fileUpload'])) {
219  $this->setFileUploadSupport($config['fileUpload']);
220  }
221  if (isset($config['trustForwarded']) && $config['trustForwarded']) {
222  $this->trustForwarded = true;
223  }
224  $state = $this->getPersistentData('state');
225  if (!empty($state)) {
226  $this->state = $state;
227  }
228  }
BaseFacebook\setAppId
setAppId($appId)
Set the Application ID.
Definition: base_facebook.php:236
$config
$config
Definition: bootstrap.php:15
BaseFacebook\setAppSecret
setAppSecret($appSecret)
Set the App Secret.
Definition: base_facebook.php:268
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
BaseFacebook\$state
$state
A CSRF state variable to assist in the defense against CSRF attacks.
Definition: base_facebook.php:181
BaseFacebook\setFileUploadSupport
setFileUploadSupport($fileUploadSupport)
Set the file upload support status.
Definition: base_facebook.php:298

Member Function Documentation

◆ _graph()

BaseFacebook::_graph (   $path,
  $method = 'GET',
  $params = array() 
)
protected

Invoke the Graph API.

Parameters
string$pathThe path (required)
string$methodThe http method (default 'GET')
array$paramsThe query/post data
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 852 of file base_facebook.php.

References PHPMailer\PHPMailer\$params, $path, and FacebookApiException\$result.

852  {
853  if (is_array($method) && empty($params)) {
854  $params = $method;
855  $method = 'GET';
856  }
857  $params['method'] = $method; // method override as we always do a POST
858 
859  if ($this->isVideoPost($path, $method)) {
860  $domainKey = 'graph_video';
861  } else {
862  $domainKey = 'graph';
863  }
864 
865  $result = json_decode($this->_oauthRequest(
866  $this->getUrl($domainKey, $path),
867  $params
868  ), true);
869 
870  // results are returned, errors are thrown
871  if (is_array($result) && isset($result['error'])) {
872  $this->throwAPIException($result);
873  // @codeCoverageIgnoreStart
874  }
875  // @codeCoverageIgnoreEnd
876 
877  return $result;
878  }
$path
$path
Definition: aliased.php:25
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\throwAPIException
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid...
Definition: base_facebook.php:1206
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:889
BaseFacebook\isVideoPost
isVideoPost($path, $method='GET')
Return true if this is video post.
Definition: base_facebook.php:835

◆ _oauthRequest()

BaseFacebook::_oauthRequest (   $url,
  $params 
)
protected

Make a OAuth Request.

Parameters
string$urlThe path (required)
array$paramsThe query/post data
Returns
string The decoded response object
Exceptions
FacebookApiException

Definition at line 889 of file base_facebook.php.

References $key, PHPMailer\PHPMailer\$params, and $url.

889  {
890  if (!isset($params['access_token'])) {
891  $params['access_token'] = $this->getAccessToken();
892  }
893 
894  // json_encode all params values that are not strings
895  foreach ($params as $key => $value) {
896  if (!is_string($value)) {
897  $params[$key] = json_encode($value);
898  }
899  }
900 
901  return $this->makeRequest($url, $params);
902  }
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:388
BaseFacebook\makeRequest
makeRequest($url, $params, $ch=null)
Makes an HTTP request.
Definition: base_facebook.php:915
$url
$url
Definition: proxy_ylocal.php:28
$key
$key
Definition: croninfo.php:18

◆ _restserver()

BaseFacebook::_restserver (   $params)
protected

Invoke the old restserver.php endpoint.

Parameters
array$paramsMethod call object
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 801 of file base_facebook.php.

References PHPMailer\PHPMailer\$params, and FacebookApiException\$result.

801  {
802  // generic application level parameters
803  $params['api_key'] = $this->getAppId();
804  $params['format'] = 'json-strings';
805 
806  $result = json_decode($this->_oauthRequest(
807  $this->getApiUrl($params['method']),
808  $params
809  ), true);
810 
811  // results are returned, errors are thrown
812  if (is_array($result) && isset($result['error_code'])) {
813  $this->throwAPIException($result);
814  // @codeCoverageIgnoreStart
815  }
816  // @codeCoverageIgnoreEnd
817 
818  $method = strtolower($params['method']);
819  if ($method === 'auth.expiresession' ||
820  $method === 'auth.revokeauthorization') {
821  $this->destroySession();
822  }
823 
824  return $result;
825  }
BaseFacebook\getApiUrl
getApiUrl($method)
Build the URL for api given parameters.
Definition: base_facebook.php:1039
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\throwAPIException
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid...
Definition: base_facebook.php:1206
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1275
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:889
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246

◆ api()

BaseFacebook::api ( )

Make an API call.

Returns
mixed The decoded response

Definition at line 639 of file base_facebook.php.

639  {
640  $args = func_get_args();
641  if (is_array($args[0])) {
642  return $this->_restserver($args[0]);
643  } else {
644  return call_user_func_array(array($this, '_graph'), $args);
645  }
646  }
BaseFacebook\_restserver
_restserver($params)
Invoke the old restserver.php endpoint.
Definition: base_facebook.php:801

◆ base64UrlDecode()

static BaseFacebook::base64UrlDecode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of / No padded =
Parameters
string$inputbase64UrlEncoded string
Returns
string

Definition at line 1253 of file base_facebook.php.

References $input.

1253  {
1254  return base64_decode(strtr($input, '-_', '+/'));
1255  }
$input
$input
Definition: bench_manipulatevcard.php:18

◆ base64UrlEncode()

static BaseFacebook::base64UrlEncode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of /
Parameters
string$inputstring
Returns
string base64Url encoded string

Definition at line 1266 of file base_facebook.php.

References $input.

1266  {
1267  $str = strtr(base64_encode($input), '+/', '-_');
1268  $str = str_replace('=', '', $str);
1269  return $str;
1270  }
$input
$input
Definition: bench_manipulatevcard.php:18

◆ clearAllPersistentData()

BaseFacebook::clearAllPersistentData ( )
abstractprotected

Clear all data from the persistent storage.

Returns
void

◆ clearPersistentData()

BaseFacebook::clearPersistentData (   $key)
abstractprotected

Clear the data with $key from the persistent storage.

Parameters
string$key
Returns
void

◆ destroySession()

BaseFacebook::destroySession ( )

Destroy the current session.

Definition at line 1275 of file base_facebook.php.

References $_COOKIE, and user().

1275  {
1276  $this->accessToken = null;
1277  $this->signedRequest = null;
1278  $this->user = null;
1279  $this->clearAllPersistentData();
1280 
1281  // Javascript sets a cookie that will be used in getSignedRequest that we
1282  // need to clear if we can
1283  $cookie_name = $this->getSignedRequestCookieName();
1284  if (array_key_exists($cookie_name, $_COOKIE)) {
1285  unset($_COOKIE[$cookie_name]);
1286  if (!headers_sent()) {
1287  $base_domain = $this->getBaseDomain();
1288  setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
1289  } else {
1290  // @codeCoverageIgnoreStart
1291  self::errorLog(
1292  'There exists a cookie that we wanted to clear that we couldn\'t '.
1293  'clear because headers was already sent. Make sure to do the first '.
1294  'API call before outputing anything.'
1295  );
1296  // @codeCoverageIgnoreEnd
1297  }
1298  }
1299  }
BaseFacebook\getBaseDomain
getBaseDomain()
Get the base domain used for the cookie.
Definition: base_facebook.php:1164
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
user
user()
Definition: user.php:4
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequestCookieName
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
Definition: base_facebook.php:657
+ Here is the call graph for this function:

◆ endsWith()

static BaseFacebook::endsWith (   $big,
  $small 
)
staticprotected

Definition at line 1339 of file base_facebook.php.

References $default, and $key.

1339  {
1340  $len = strlen($small);
1341  if ($len === 0) {
1342  return true;
1343  }
1344  return substr($big, -$len) === $small;
1345  }

◆ errorLog()

static BaseFacebook::errorLog (   $msg)
staticprotected

Prints to the error log if you aren't in command line mode.

Parameters
string$msgLog message

Definition at line 1234 of file base_facebook.php.

References Monolog\Handler\error_log().

1234  {
1235  // disable error log if we are running in a CLI environment
1236  // @codeCoverageIgnoreStart
1237  if (php_sapi_name() != 'cli') {
1238  error_log($msg);
1239  }
1240  // @codeCoverageIgnoreEnd
1241  }
+ Here is the call graph for this function:

◆ establishCSRFTokenState()

BaseFacebook::establishCSRFTokenState ( )
protected

Lays down a CSRF state token for this process.

Returns
void

Definition at line 734 of file base_facebook.php.

734  {
735  if ($this->state === null) {
736  $this->state = md5(uniqid(mt_rand(), true));
737  $this->setPersistentData('state', $this->state);
738  }
739  }
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ getAccessToken()

BaseFacebook::getAccessToken ( )

Determines the access token that should be used for API calls.

The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.

Returns
string The access token

Definition at line 388 of file base_facebook.php.

388  {
389  if ($this->accessToken !== null) {
390  // we've done this already and cached it. Just return.
391  return $this->accessToken;
392  }
393 
394  // first establish access token to be the application
395  // access token, in case we navigate to the /oauth/access_token
396  // endpoint, where SOME access token is required
397  $this->setAccessToken($this->getApplicationAccessToken());
398  $user_access_token = $this->getUserAccessToken();
399  if ($user_access_token) {
400  $this->setAccessToken($user_access_token);
401  }
402 
403  return $this->accessToken;
404  }
BaseFacebook\getApplicationAccessToken
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
Definition: base_facebook.php:725
BaseFacebook\getUserAccessToken
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.
Definition: base_facebook.php:416
BaseFacebook\setAccessToken
setAccessToken($access_token)
Sets the access token for api calls.
Definition: base_facebook.php:331

◆ getAccessTokenFromCode()

BaseFacebook::getAccessTokenFromCode (   $code,
  $redirect_uri = null 
)
protected

Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user).

The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.

Parameters
string$codeAn authorization code.
Returns
mixed An access token exchanged for the authorization code, or false if an access token could not be generated.

Definition at line 753 of file base_facebook.php.

References $code, and PHPMailer\PHPMailer\$params.

753  {
754  if (empty($code)) {
755  return false;
756  }
757 
758  if ($redirect_uri === null) {
759  $redirect_uri = $this->getCurrentUrl();
760  }
761 
762  try {
763  // need to circumvent json_decode by calling _oauthRequest
764  // directly, since response isn't JSON format
765  $access_token_response =
766  $this->_oauthRequest(
767  $this->getUrl('graph', '/oauth/access_token'),
768  $params = array('client_id' => $this->getAppId(),
769  'client_secret' => $this->getAppSecret(),
770  'redirect_uri' => $redirect_uri,
771  'code' => $code));
772  } catch (FacebookApiException $e) {
773  // most likely that user very recently revoked authorization.
774  // In any event, we don't have an access token, so say so.
775  self::errorLog($e->getMessage());
776  return false;
777  }
778 
779  if (empty($access_token_response)) {
780  self::errorlog('No access token response');
781  return false;
782  }
783 
784  $response_params = json_decode($access_token_response, true);
785  if (!isset($response_params['access_token'])) {
786  self::errorlog('No access token in response. ' . $access_token_response);
787  return false;
788  }
789 
790  return $response_params['access_token'];
791  }
$code
$code
Definition: example_050.php:99
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1181
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:889
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ getApiSecret()

BaseFacebook::getApiSecret ( )

Get the App Secret.

Returns
string the App Secret
Deprecated:

Definition at line 279 of file base_facebook.php.

279  {
280  return $this->getAppSecret();
281  }
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288

◆ getApiUrl()

BaseFacebook::getApiUrl (   $method)
protected

Build the URL for api given parameters.

Parameters
$methodString the method name.
Returns
string The URL for the given parameters

Definition at line 1039 of file base_facebook.php.

References $name.

1039  {
1040  static $READ_ONLY_CALLS =
1041  array('admin.getallocation' => 1,
1042  'admin.getappproperties' => 1,
1043  'admin.getbannedusers' => 1,
1044  'admin.getlivestreamvialink' => 1,
1045  'admin.getmetrics' => 1,
1046  'admin.getrestrictioninfo' => 1,
1047  'application.getpublicinfo' => 1,
1048  'auth.getapppublickey' => 1,
1049  'auth.getsession' => 1,
1050  'auth.getsignedpublicsessiondata' => 1,
1051  'comments.get' => 1,
1052  'connect.getunconnectedfriendscount' => 1,
1053  'dashboard.getactivity' => 1,
1054  'dashboard.getcount' => 1,
1055  'dashboard.getglobalnews' => 1,
1056  'dashboard.getnews' => 1,
1057  'dashboard.multigetcount' => 1,
1058  'dashboard.multigetnews' => 1,
1059  'data.getcookies' => 1,
1060  'events.get' => 1,
1061  'events.getmembers' => 1,
1062  'fbml.getcustomtags' => 1,
1063  'feed.getappfriendstories' => 1,
1064  'feed.getregisteredtemplatebundlebyid' => 1,
1065  'feed.getregisteredtemplatebundles' => 1,
1066  'fql.multiquery' => 1,
1067  'fql.query' => 1,
1068  'friends.arefriends' => 1,
1069  'friends.get' => 1,
1070  'friends.getappusers' => 1,
1071  'friends.getlists' => 1,
1072  'friends.getmutualfriends' => 1,
1073  'gifts.get' => 1,
1074  'groups.get' => 1,
1075  'groups.getmembers' => 1,
1076  'intl.gettranslations' => 1,
1077  'links.get' => 1,
1078  'notes.get' => 1,
1079  'notifications.get' => 1,
1080  'pages.getinfo' => 1,
1081  'pages.isadmin' => 1,
1082  'pages.isappadded' => 1,
1083  'pages.isfan' => 1,
1084  'permissions.checkavailableapiaccess' => 1,
1085  'permissions.checkgrantedapiaccess' => 1,
1086  'photos.get' => 1,
1087  'photos.getalbums' => 1,
1088  'photos.gettags' => 1,
1089  'profile.getinfo' => 1,
1090  'profile.getinfooptions' => 1,
1091  'stream.get' => 1,
1092  'stream.getcomments' => 1,
1093  'stream.getfilters' => 1,
1094  'users.getinfo' => 1,
1095  'users.getloggedinuser' => 1,
1096  'users.getstandardinfo' => 1,
1097  'users.hasapppermission' => 1,
1098  'users.isappuser' => 1,
1099  'users.isverified' => 1,
1100  'video.getuploadlimits' => 1);
1101  $name = 'api';
1102  if (isset($READ_ONLY_CALLS[strtolower($method)])) {
1103  $name = 'api_read';
1104  } else if (strtolower($method) == 'video.upload') {
1105  $name = 'api_video';
1106  }
1107  return self::getUrl($name, 'restserver.php');
1108  }
$name
$name
Definition: client_example.php:35

◆ getAppId()

BaseFacebook::getAppId ( )

Get the Application ID.

Returns
string the Application ID

Definition at line 246 of file base_facebook.php.

Referenced by sspmod_authfacebook_Facebook\constructSessionVariableName(), and sspmod_authfacebook_Facebook\getSharedSessionCookieName().

246  {
247  return $this->appId;
248  }
+ Here is the caller graph for this function:

◆ getApplicationAccessToken()

BaseFacebook::getApplicationAccessToken ( )
protected

Returns the access token that should be used for logged out users when no authorization code is available.

Returns
string The application access token, useful for gathering public information about users and applications.

Definition at line 725 of file base_facebook.php.

725  {
726  return $this->appId.'|'.$this->appSecret;
727  }

◆ getAppSecret()

BaseFacebook::getAppSecret ( )

Get the App Secret.

Returns
string the App Secret

Definition at line 288 of file base_facebook.php.

288  {
289  return $this->appSecret;
290  }

◆ getBaseDomain()

BaseFacebook::getBaseDomain ( )
protected

Get the base domain used for the cookie.

Definition at line 1164 of file base_facebook.php.

References $metadata.

Referenced by sspmod_authfacebook_Facebook\deleteSharedSessionCookie(), and sspmod_authfacebook_Facebook\initSharedSession().

1164  {
1165  // The base domain is stored in the metadata cookie if not we fallback
1166  // to the current hostname
1167  $metadata = $this->getMetadataCookie();
1168  if (array_key_exists('base_domain', $metadata) &&
1169  !empty($metadata['base_domain'])) {
1170  return trim($metadata['base_domain'], '.');
1171  }
1172  return $this->getHttpHost();
1173  }
BaseFacebook\getMetadataCookie
getMetadataCookie()
Parses the metadata cookie that our Javascript API set.
Definition: base_facebook.php:1306
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
+ Here is the caller graph for this function:

◆ getCode()

BaseFacebook::getCode ( )
protected

Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.

Returns
mixed The authorization code, or false if the authorization code could not be determined.

Definition at line 680 of file base_facebook.php.

680  {
681  if (isset($_REQUEST['code'])) {
682  if ($this->state !== null &&
683  isset($_REQUEST['state']) &&
684  $this->state === $_REQUEST['state']) {
685 
686  // CSRF state has done its job, so clear it
687  $this->state = null;
688  $this->clearPersistentData('state');
689  return $_REQUEST['code'];
690  } else {
691  self::errorLog('CSRF state token does not match one provided. ' . $this->state . '!=' . $_REQUEST['state']);
692  return false;
693  }
694  }
695 
696  return false;
697  }
BaseFacebook\clearPersistentData
clearPersistentData($key)
Clear the data with $key from the persistent storage.

◆ getCurrentUrl()

BaseFacebook::getCurrentUrl ( )
protected

Returns the Current URL, stripping it of known FB parameters that should not persist.

Returns
string The current URL

Definition at line 1181 of file base_facebook.php.

References GuzzleHttp\Psr7\$protocol.

1181  {
1182  $protocol = $this->getHttpProtocol() . '://';
1183  $host = $this->getHttpHost();
1184  $currentUrl = $protocol.$host.$_SERVER['REQUEST_URI'];
1185  $parts = parse_url($currentUrl);
1186 
1187  // use port if non default
1188  $port =
1189  isset($parts['port']) &&
1190  (($protocol === 'http://' && $parts['port'] !== 80) ||
1191  ($protocol === 'https://' && $parts['port'] !== 443))
1192  ? ':' . $parts['port'] : '';
1193 
1194  // rebuild
1195  return $protocol . $parts['host'] . $port . $parts['path'];
1196  }

◆ getFileUploadSupport()

BaseFacebook::getFileUploadSupport ( )

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 308 of file base_facebook.php.

308  {
309  return $this->fileUploadSupport;
310  }

◆ getHttpHost()

BaseFacebook::getHttpHost ( )
protected

Definition at line 1134 of file base_facebook.php.

References $_SERVER.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

1134  {
1135  if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
1136  return $_SERVER['HTTP_X_FORWARDED_HOST'];
1137  }
1138  return $_SERVER['HTTP_HOST'];
1139  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
+ Here is the caller graph for this function:

◆ getHttpProtocol()

BaseFacebook::getHttpProtocol ( )
protected

Definition at line 1141 of file base_facebook.php.

References $_SERVER.

1141  {
1142  if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
1143  if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
1144  return 'https';
1145  }
1146  return 'http';
1147  }
1148  /*apache + variants specific way of checking for https*/
1149  if (isset($_SERVER['HTTPS']) &&
1150  ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
1151  return 'https';
1152  }
1153  /*nginx way of checking for https*/
1154  if (isset($_SERVER['SERVER_PORT']) &&
1155  ($_SERVER['SERVER_PORT'] === '443')) {
1156  return 'https';
1157  }
1158  return 'http';
1159  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

◆ getLoginStatusUrl()

BaseFacebook::getLoginStatusUrl (   $params = array())

Get a login status URL to fetch the status from Facebook.

The parameters:

  • ok_session: the URL to go to if a session is found
  • no_session: the URL to go to if the user is not connected
  • no_user: the URL to go to if the user is not signed into facebook
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 620 of file base_facebook.php.

References PHPMailer\PHPMailer\$params.

620  {
621  return $this->getUrl(
622  'www',
623  'extern/login_status.php',
624  array_merge(array(
625  'api_key' => $this->getAppId(),
626  'no_session' => $this->getCurrentUrl(),
627  'no_user' => $this->getCurrentUrl(),
628  'ok_session' => $this->getCurrentUrl(),
629  'session_version' => 3,
630  ), $params)
631  );
632  }
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1181
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246

◆ getLoginUrl()

BaseFacebook::getLoginUrl (   $params = array())

Get a Login URL for use with redirects.

By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.

The parameters:

  • redirect_uri: the URL to go to after a successful login
  • scope: comma separated list of requested extended perms
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the login flow

Definition at line 569 of file base_facebook.php.

References PHPMailer\PHPMailer\$params.

569  {
570  $this->establishCSRFTokenState();
571  $currentUrl = $this->getCurrentUrl();
572 
573  // if 'scope' is passed as an array, convert to comma separated list
574  $scopeParams = isset($params['scope']) ? $params['scope'] : null;
575  if ($scopeParams && is_array($scopeParams)) {
576  $params['scope'] = implode(',', $scopeParams);
577  }
578 
579  return $this->getUrl(
580  'www',
581  'dialog/oauth',
582  array_merge(array(
583  'client_id' => $this->getAppId(),
584  'redirect_uri' => $currentUrl, // possibly overwritten
585  'state' => $this->state),
586  $params));
587  }
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1181
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246
BaseFacebook\establishCSRFTokenState
establishCSRFTokenState()
Lays down a CSRF state token for this process.
Definition: base_facebook.php:734

◆ getLogoutUrl()

BaseFacebook::getLogoutUrl (   $params = array())

Get a Logout URL suitable for use with redirects.

The parameters:

  • next: the URL to go to after a successful logout
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 598 of file base_facebook.php.

References PHPMailer\PHPMailer\$params.

598  {
599  return $this->getUrl(
600  'www',
601  'logout.php',
602  array_merge(array(
603  'next' => $this->getCurrentUrl(),
604  'access_token' => $this->getUserAccessToken(),
605  ), $params)
606  );
607  }
BaseFacebook\getUserAccessToken
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.
Definition: base_facebook.php:416
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1181
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119

◆ getMetadataCookie()

BaseFacebook::getMetadataCookie ( )
protected

Parses the metadata cookie that our Javascript API set.

Returns
an array mapping key to value

Definition at line 1306 of file base_facebook.php.

References $_COOKIE, and $metadata.

1306  {
1307  $cookie_name = $this->getMetadataCookieName();
1308  if (!array_key_exists($cookie_name, $_COOKIE)) {
1309  return array();
1310  }
1311 
1312  // The cookie value can be wrapped in "-characters so remove them
1313  $cookie_value = trim($_COOKIE[$cookie_name], '"');
1314 
1315  if (empty($cookie_value)) {
1316  return array();
1317  }
1318 
1319  $parts = explode('&', $cookie_value);
1320  $metadata = array();
1321  foreach ($parts as $part) {
1322  $pair = explode('=', $part, 2);
1323  if (!empty($pair[0])) {
1324  $metadata[urldecode($pair[0])] =
1325  (count($pair) > 1) ? urldecode($pair[1]) : '';
1326  }
1327  }
1328 
1329  return $metadata;
1330  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
BaseFacebook\getMetadataCookieName
getMetadataCookieName()
Constructs and returns the name of the coookie that potentially contain metadata. ...
Definition: base_facebook.php:668

◆ getMetadataCookieName()

BaseFacebook::getMetadataCookieName ( )
protected

Constructs and returns the name of the coookie that potentially contain metadata.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house metadata.

Definition at line 668 of file base_facebook.php.

668  {
669  return 'fbm_'.$this->getAppId();
670  }

◆ getPersistentData()

BaseFacebook::getPersistentData (   $key,
  $default = false 
)
abstractprotected

Get the data for $key, persisted by BaseFacebook::setPersistentData()

Parameters
string$keyThe key of the data to retrieve
boolean$defaultThe default value to return if $key is not found
Returns
mixed

◆ getSignedRequest()

BaseFacebook::getSignedRequest ( )

Retrieve the signed request, either from a request parameter or, if not present, from a cookie.

Returns
string the signed request, if available, or null otherwise.

Definition at line 479 of file base_facebook.php.

References $_COOKIE.

479  {
480  if (!$this->signedRequest) {
481  if (!empty($_REQUEST['signed_request'])) {
482  $this->signedRequest = $this->parseSignedRequest(
483  $_REQUEST['signed_request']);
484  } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
485  $this->signedRequest = $this->parseSignedRequest(
486  $_COOKIE[$this->getSignedRequestCookieName()]);
487  }
488  }
489  return $this->signedRequest;
490  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
BaseFacebook\$signedRequest
$signedRequest
The data from the signed_request token.
Definition: base_facebook.php:176
BaseFacebook\parseSignedRequest
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
Definition: base_facebook.php:989
BaseFacebook\getSignedRequestCookieName
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
Definition: base_facebook.php:657

◆ getSignedRequestCookieName()

BaseFacebook::getSignedRequestCookieName ( )
protected

Constructs and returns the name of the cookie that potentially houses the signed request for the app user.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house the signed request value.

Definition at line 657 of file base_facebook.php.

657  {
658  return 'fbsr_'.$this->getAppId();
659  }

◆ getUrl()

BaseFacebook::getUrl (   $name,
  $path = '',
  $params = array() 
)
protected

Build the URL for given domain alias, path and parameters.

Parameters
$namestring The name of the domain
$pathstring Optional path (without a leading slash)
$paramsarray Optional query parameters
Returns
string The URL for the given parameters

Definition at line 1119 of file base_facebook.php.

References $name, PHPMailer\PHPMailer\$params, $path, and $url.

1119  {
1120  $url = self::$DOMAIN_MAP[$name];
1121  if ($path) {
1122  if ($path[0] === '/') {
1123  $path = substr($path, 1);
1124  }
1125  $url .= $path;
1126  }
1127  if ($params) {
1128  $url .= '?' . http_build_query($params, null, '&');
1129  }
1130 
1131  return $url;
1132  }
$path
$path
Definition: aliased.php:25
$name
$name
Definition: client_example.php:35
$url
$url
Definition: proxy_ylocal.php:28

◆ getUser()

BaseFacebook::getUser ( )

Get the UID of the connected user, or 0 if the Facebook user is not connected.

Returns
string the UID if available.

Definition at line 498 of file base_facebook.php.

References $user, and user().

498  {
499  if ($this->user !== null) {
500  // we've already determined this and cached the value
501  return $this->user;
502  }
503 
504  return $this->user = $this->getUserFromAvailableData();
505  }
user
user()
Definition: user.php:4
BaseFacebook\getUserFromAvailableData
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorizati...
Definition: base_facebook.php:515
+ Here is the call graph for this function:

◆ getUserAccessToken()

BaseFacebook::getUserAccessToken ( )
protected

Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.

The intent is to return a valid user access token, or false if one is determined to not be available.

Returns
string A valid user access token, or false if one could not be determined.

Definition at line 416 of file base_facebook.php.

References $code.

416  {
417  // first, consider a signed request if it's supplied
418  // if there is a signed request, then it alone determines
419  // the access token
420  $signed_request = $this->getSignedRequest();
421  if ($signed_request) {
422  // apps.facebook.com hands the access_token in the signed_request
423  if (array_key_exists('oauth_token', $signed_request)) {
424  $access_token = $signed_request['oauth_token'];
425  $this->setPersistentData('access_token', $access_token);
426  return $access_token;
427  }
428 
429  // the JS SDK puts a code in with the redirect_uri of ''
430  if (array_key_exists('code', $signed_request)) {
431  $code = $signed_request['code'];
432  if ($code && $code == $this->getPersistentData('code')) {
433  // short-circuit if the code we have is the same as the one presented
434  return $this->getPersistentData('access_token');
435  }
436 
437  $access_token = $this->getAccessTokenFromCode($code, '');
438  if ($access_token) {
439  $this->setPersistentData('code', $code);
440  $this->setPersistentData('access_token', $access_token);
441  return $access_token;
442  }
443  }
444 
445  // signed request states there's no access token, so anything
446  // stored should be cleared
447  $this->clearAllPersistentData();
448  return false; // respect the signed request's data, even
449  // if there's an authorization code or something else
450  }
451 
452  $code = $this->getCode();
453  if ($code && $code != $this->getPersistentData('code')) {
454  $access_token = $this->getAccessTokenFromCode($code);
455  if ($access_token) {
456  $this->setPersistentData('code', $code);
457  $this->setPersistentData('access_token', $access_token);
458  return $access_token;
459  }
460 
461  // code was bogus, so everything based on it should be invalidated
462  $this->clearAllPersistentData();
463  return false;
464  }
465 
466  // as a fallback, just return whatever is in the persistent
467  // store, knowing nothing explicit (signed request, authorization
468  // code, etc.) was present to shadow it (or we saw a code in $_REQUEST,
469  // but it's the same as what's in the persistent store)
470  return $this->getPersistentData('access_token');
471  }
$code
$code
Definition: example_050.php:99
BaseFacebook\getAccessTokenFromCode
getAccessTokenFromCode($code, $redirect_uri=null)
Retrieves an access token for the given authorization code (previously generated from www...
Definition: base_facebook.php:753
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
BaseFacebook\getCode
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to sig...
Definition: base_facebook.php:680
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequest
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie...
Definition: base_facebook.php:479
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ getUserFromAccessToken()

BaseFacebook::getUserFromAccessToken ( )
protected

Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate.

It relies on Facebook's Graph API to retrieve user information and then extract the user ID.

Returns
integer Returns the UID of the Facebook user, or 0 if the Facebook user could not be determined.

Definition at line 709 of file base_facebook.php.

709  {
710  try {
711  $user_info = $this->api('/me');
712  return $user_info['id'];
713  } catch (FacebookApiException $e) {
714  return 0;
715  }
716  }
BaseFacebook\api
api()
Make an API call.
Definition: base_facebook.php:639
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ getUserFromAvailableData()

BaseFacebook::getUserFromAvailableData ( )
protected

Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.

Returns
integer The id of the connected Facebook user, or 0 if no such user exists.

Definition at line 515 of file base_facebook.php.

References $default, and $user.

515  {
516  // if a signed request is supplied, then it solely determines
517  // who the user is
518  $signed_request = $this->getSignedRequest();
519  if ($signed_request) {
520  if (array_key_exists('user_id', $signed_request)) {
521  $user = $signed_request['user_id'];
522 
523  if($user != $this->getPersistentData('user_id')){
524  $this->clearAllPersistentData();
525  }
526 
527  $this->setPersistentData('user_id', $signed_request['user_id']);
528  return $user;
529  }
530 
531  // if the signed request didn't present a user id, then invalidate
532  // all entries in any persistent store
533  $this->clearAllPersistentData();
534  return 0;
535  }
536 
537  $user = $this->getPersistentData('user_id', $default = 0);
538  $persisted_access_token = $this->getPersistentData('access_token');
539 
540  // use access_token to fetch user id if we have a user access_token, or if
541  // the cached access token has changed
542  $access_token = $this->getAccessToken();
543  if ($access_token &&
544  $access_token != $this->getApplicationAccessToken() &&
545  !($user && $persisted_access_token == $access_token)) {
546  $user = $this->getUserFromAccessToken();
547  if ($user) {
548  $this->setPersistentData('user_id', $user);
549  } else {
550  $this->clearAllPersistentData();
551  }
552  }
553 
554  return $user;
555  }
BaseFacebook\getApplicationAccessToken
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
Definition: base_facebook.php:725
BaseFacebook\getUserFromAccessToken
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingl...
Definition: base_facebook.php:709
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:388
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
$default
$default
Definition: build.php:20
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getSignedRequest
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie...
Definition: base_facebook.php:479
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

◆ isAllowedDomain()

static BaseFacebook::isAllowedDomain (   $big,
  $small 
)
staticprotected

Definition at line 1332 of file base_facebook.php.

1332  {
1333  if ($big === $small) {
1334  return true;
1335  }
1336  return self::endsWith($big, '.'.$small);
1337  }

◆ isVideoPost()

BaseFacebook::isVideoPost (   $path,
  $method = 'GET' 
)
protected

Return true if this is video post.

Parameters
string$pathThe path
string$methodThe http method (default 'GET')
Returns
boolean true if this is video post

Definition at line 835 of file base_facebook.php.

References $path.

835  {
836  if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) {
837  return true;
838  }
839  return false;
840  }
$path
$path
Definition: aliased.php:25

◆ makeRequest()

BaseFacebook::makeRequest (   $url,
  $params,
  $ch = null 
)
protected

Makes an HTTP request.

This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.

Parameters
string$urlThe URL to make the request to
array$paramsThe parameters to use for the POST body
CurlHandler$chInitialized curl handle
Returns
string The response text

Definition at line 915 of file base_facebook.php.

References PHPMailer\PHPMailer\$params, FacebookApiException\$result, and $url.

915  {
916  if (!$ch) {
917  $ch = curl_init();
918  }
919 
920  $opts = self::$CURL_OPTS;
921  if ($this->getFileUploadSupport()) {
922  $opts[CURLOPT_POSTFIELDS] = $params;
923  } else {
924  $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
925  }
926  $opts[CURLOPT_URL] = $url;
927 
928  // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
929  // for 2 seconds if the server does not support this header
930  if (isset($opts[CURLOPT_HTTPHEADER])) {
931  $existing_headers = $opts[CURLOPT_HTTPHEADER];
932  $existing_headers[] = 'Expect:';
933  $opts[CURLOPT_HTTPHEADER] = $existing_headers;
934  } else {
935  $opts[CURLOPT_HTTPHEADER] = array('Expect:');
936  }
937 
938  curl_setopt_array($ch, $opts);
939  $result = curl_exec($ch);
940 
941  if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
942  self::errorLog('Invalid or no certificate authority found, '.
943  'using bundled information');
944  curl_setopt($ch, CURLOPT_CAINFO,
945  dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
946  $result = curl_exec($ch);
947  }
948 
949  // With dual stacked DNS responses, it's possible for a server to
950  // have IPv6 enabled but not have IPv6 connectivity. If this is
951  // the case, curl will try IPv4 first and if that fails, then it will
952  // fall back to IPv6 and the error EHOSTUNREACH is returned by the
953  // operating system
954  if ($result === false && empty($opts[CURLOPT_IPRESOLVE])) {
955  $matches = array();
956  $regex = '/Failed to connect to ([^:].*): Network is unreachable/';
957  if (preg_match($regex, curl_error($ch), $matches)) {
958  if (strlen(@inet_pton($matches[1])) === 16) {
959  self::errorLog('Invalid IPv6 configuration on server, '.
960  'Please disable or get native IPv6 on your server.');
961  self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
962  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
963  $result = curl_exec($ch);
964  }
965  }
966  }
967 
968  if ($result === false) {
969  $e = new FacebookApiException(array(
970  'error_code' => curl_errno($ch),
971  'error' => array(
972  'message' => curl_error($ch),
973  'type' => 'CurlException',
974  ),
975  ));
976  curl_close($ch);
977  throw $e;
978  }
979  curl_close($ch);
980  return $result;
981  }
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\getFileUploadSupport
getFileUploadSupport()
Get the file upload support status.
Definition: base_facebook.php:308
$url
$url
Definition: proxy_ylocal.php:28
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ makeSignedRequest()

BaseFacebook::makeSignedRequest (   $data)
protected

Makes a signed_request blob using the given data.

Parameters
arrayThe data array.
Returns
string The signed request.

Definition at line 1019 of file base_facebook.php.

References $data.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

1019  {
1020  if (!is_array($data)) {
1021  throw new InvalidArgumentException(
1022  'makeSignedRequest expects an array. Got: ' . print_r($data, true));
1023  }
1024  $data['algorithm'] = self::SIGNED_REQUEST_ALGORITHM;
1025  $data['issued_at'] = time();
1026  $json = json_encode($data);
1027  $b64 = self::base64UrlEncode($json);
1028  $raw_sig = hash_hmac('sha256', $b64, $this->getAppSecret(), $raw = true);
1029  $sig = self::base64UrlEncode($raw_sig);
1030  return $sig.'.'.$b64;
1031  }
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ parseSignedRequest()

BaseFacebook::parseSignedRequest (   $signed_request)
protected

Parses a signed_request and validates the signature.

Parameters
string$signed_requestA signed token
Returns
array The payload inside it or null if the sig is wrong

Definition at line 989 of file base_facebook.php.

References $data.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

989  {
990  list($encoded_sig, $payload) = explode('.', $signed_request, 2);
991 
992  // decode the data
993  $sig = self::base64UrlDecode($encoded_sig);
994  $data = json_decode(self::base64UrlDecode($payload), true);
995 
996  if (strtoupper($data['algorithm']) !== self::SIGNED_REQUEST_ALGORITHM) {
997  self::errorLog(
998  'Unknown algorithm. Expected ' . self::SIGNED_REQUEST_ALGORITHM);
999  return null;
1000  }
1001 
1002  // check sig
1003  $expected_sig = hash_hmac('sha256', $payload,
1004  $this->getAppSecret(), $raw = true);
1005  if ($sig !== $expected_sig) {
1006  self::errorLog('Bad Signed JSON signature!');
1007  return null;
1008  }
1009 
1010  return $data;
1011  }
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ setAccessToken()

BaseFacebook::setAccessToken (   $access_token)

Sets the access token for api calls.

Use this if you get your access token by other means and just want the SDK to use it.

Parameters
string$access_tokenan access token.
Returns
BaseFacebook

Definition at line 331 of file base_facebook.php.

331  {
332  $this->accessToken = $access_token;
333  return $this;
334  }

◆ setApiSecret()

BaseFacebook::setApiSecret (   $apiSecret)

Set the App Secret.

Parameters
string$apiSecretThe App Secret
Returns
BaseFacebook
Deprecated:

Definition at line 257 of file base_facebook.php.

257  {
258  $this->setAppSecret($apiSecret);
259  return $this;
260  }
BaseFacebook\setAppSecret
setAppSecret($appSecret)
Set the App Secret.
Definition: base_facebook.php:268

◆ setAppId()

BaseFacebook::setAppId (   $appId)

Set the Application ID.

Parameters
string$appIdThe Application ID
Returns
BaseFacebook

Definition at line 236 of file base_facebook.php.

236  {
237  $this->appId = $appId;
238  return $this;
239  }

◆ setAppSecret()

BaseFacebook::setAppSecret (   $appSecret)

Set the App Secret.

Parameters
string$appSecretThe App Secret
Returns
BaseFacebook

Definition at line 268 of file base_facebook.php.

268  {
269  $this->appSecret = $appSecret;
270  return $this;
271  }

◆ setExtendedAccessToken()

BaseFacebook::setExtendedAccessToken ( )

Extend an access token, while removing the short-lived token that might have been generated via client-side flow.

Thanks to http://bit.ly/b0Pt0H for the workaround.

Definition at line 341 of file base_facebook.php.

References PHPMailer\PHPMailer\$params.

341  {
342  try {
343  // need to circumvent json_decode by calling _oauthRequest
344  // directly, since response isn't JSON format
345  $access_token_response = $this->_oauthRequest(
346  $this->getUrl('graph', '/oauth/access_token'),
347  $params = array(
348  'client_id' => $this->getAppId(),
349  'client_secret' => $this->getAppSecret(),
350  'grant_type' => 'fb_exchange_token',
351  'fb_exchange_token' => $this->getAccessToken(),
352  )
353  );
354  }
355  catch (FacebookApiException $e) {
356  // most likely that user very recently revoked authorization
357  // In any event, we don't have an access token, so say so
358  return false;
359  }
360 
361  if (empty($access_token_response)) {
362  return false;
363  }
364 
365  $response_params = array();
366  parse_str($access_token_response, $response_params);
367 
368  if (!isset($response_params['access_token'])) {
369  return false;
370  }
371 
372  $this->destroySession();
373 
374  $this->setPersistentData(
375  'access_token', $response_params['access_token']
376  );
377  }
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:388
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1275
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:889
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ setFileUploadSupport()

BaseFacebook::setFileUploadSupport (   $fileUploadSupport)

Set the file upload support status.

Parameters
boolean$fileUploadSupportThe file upload support status.
Returns
BaseFacebook

Definition at line 298 of file base_facebook.php.

298  {
299  $this->fileUploadSupport = $fileUploadSupport;
300  return $this;
301  }

◆ setPersistentData()

BaseFacebook::setPersistentData (   $key,
  $value 
)
abstractprotected

Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class.

The Facebook class uses PHP sessions to provide a primitive persistent store, but another subclass–one that you implement– might use a database, memcache, or an in-memory cache.

See also
Facebook Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
Parameters
string$key
array$value
Returns
void

◆ throwAPIException()

BaseFacebook::throwAPIException (   $result)
protected

Analyzes the supplied result to see if it was thrown because the access token is no longer valid.

If that is the case, then we destroy the session.

Parameters
$resultarray A record storing the error message returned by a failed API call.

Definition at line 1206 of file base_facebook.php.

References $message, and FacebookApiException\$result.

1206  {
1207  $e = new FacebookApiException($result);
1208  switch ($e->getType()) {
1209  // OAuth 2.0 Draft 00 style
1210  case 'OAuthException':
1211  // OAuth 2.0 Draft 10 style
1212  case 'invalid_token':
1213  // REST server errors are just Exceptions
1214  case 'Exception':
1215  $message = $e->getMessage();
1216  if ((strpos($message, 'Error validating access token') !== false) ||
1217  (strpos($message, 'Invalid OAuth access token') !== false) ||
1218  (strpos($message, 'An active access token must be used') !== false)
1219  ) {
1220  $this->destroySession();
1221  }
1222  break;
1223  }
1224 
1225  throw $e;
1226  }
$result
$result
Definition: CleanUpTest.php:463
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1275
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:30

◆ useFileUploadSupport()

BaseFacebook::useFileUploadSupport ( )

DEPRECATED! Please use getFileUploadSupport instead.

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 319 of file base_facebook.php.

319  {
320  return $this->getFileUploadSupport();
321  }
BaseFacebook\getFileUploadSupport
getFileUploadSupport()
Get the file upload support status.
Definition: base_facebook.php:308

Field Documentation

◆ $accessToken

BaseFacebook::$accessToken = null
protected

Definition at line 189 of file base_facebook.php.

◆ $appId

BaseFacebook::$appId
protected

Definition at line 157 of file base_facebook.php.

◆ $appSecret

BaseFacebook::$appSecret
protected

Definition at line 164 of file base_facebook.php.

◆ $CURL_OPTS

BaseFacebook::$CURL_OPTS
static
Initial value:
= array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
)

Default options for curl.

Definition at line 133 of file base_facebook.php.

◆ $DOMAIN_MAP

BaseFacebook::$DOMAIN_MAP
static
Initial value:
= array(
'api' => 'https://api.facebook.com/',
'api_video' => 'https://api-video.facebook.com/',
'api_read' => 'https://api-read.facebook.com/',
'graph' => 'https://graph.facebook.com/',
'graph_video' => 'https://graph-video.facebook.com/',
'www' => 'https://www.facebook.com/',
)

Maps aliases to Facebook domains.

Definition at line 143 of file base_facebook.php.

◆ $fileUploadSupport

BaseFacebook::$fileUploadSupport = false
protected

Definition at line 196 of file base_facebook.php.

◆ $signedRequest

BaseFacebook::$signedRequest
protected

The data from the signed_request token.

Definition at line 176 of file base_facebook.php.

◆ $state

BaseFacebook::$state
protected

A CSRF state variable to assist in the defense against CSRF attacks.

Definition at line 181 of file base_facebook.php.

◆ $trustForwarded

BaseFacebook::$trustForwarded = false
protected

Definition at line 203 of file base_facebook.php.

◆ $user

BaseFacebook::$user
protected

Definition at line 171 of file base_facebook.php.

◆ SIGNED_REQUEST_ALGORITHM

const BaseFacebook::SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'

Signed Request Algorithm.

Definition at line 128 of file base_facebook.php.

◆ VERSION

const BaseFacebook::VERSION = '3.2.2'

Version.

Definition at line 123 of file base_facebook.php.

The documentation for this class was generated from the following file: