ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Static Public Attributes | Protected Member Functions | Static Protected Member Functions | Protected Attributes
BaseFacebook Class Reference

Provides access to the Facebook Platform. More...

+ Inheritance diagram for BaseFacebook:
+ Collaboration diagram for BaseFacebook:

Public Member Functions

 __construct ($config)
 Initialize a Facebook Application. More...
 
 setAppId ($appId)
 Set the Application ID. More...
 
 getAppId ()
 Get the Application ID. More...
 
 setApiSecret ($apiSecret)
 Set the App Secret. More...
 
 setAppSecret ($appSecret)
 Set the App Secret. More...
 
 getApiSecret ()
 Get the App Secret. More...
 
 getAppSecret ()
 Get the App Secret. More...
 
 setFileUploadSupport ($fileUploadSupport)
 Set the file upload support status. More...
 
 getFileUploadSupport ()
 Get the file upload support status. More...
 
 useFileUploadSupport ()
 DEPRECATED! Please use getFileUploadSupport instead. More...
 
 setAccessToken ($access_token)
 Sets the access token for api calls. More...
 
 setExtendedAccessToken ()
 Extend an access token, while removing the short-lived token that might have been generated via client-side flow. More...
 
 getAccessToken ()
 Determines the access token that should be used for API calls. More...
 
 getSignedRequest ()
 Retrieve the signed request, either from a request parameter or, if not present, from a cookie. More...
 
 getUser ()
 Get the UID of the connected user, or 0 if the Facebook user is not connected. More...
 
 getLoginUrl ($params=array())
 Get a Login URL for use with redirects. More...
 
 getLogoutUrl ($params=array())
 Get a Logout URL suitable for use with redirects. More...
 
 getLoginStatusUrl ($params=array())
 Get a login status URL to fetch the status from Facebook. More...
 
 api ()
 Make an API call. More...
 
 destroySession ()
 Destroy the current session. More...
 

Data Fields

const VERSION = '3.2.2'
 Version. More...
 
const SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'
 Signed Request Algorithm. More...
 

Static Public Attributes

static $CURL_OPTS
 Default options for curl. More...
 
static $DOMAIN_MAP
 Maps aliases to Facebook domains. More...
 

Protected Member Functions

 getUserAccessToken ()
 Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. More...
 
 getUserFromAvailableData ()
 Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user. More...
 
 getSignedRequestCookieName ()
 Constructs and returns the name of the cookie that potentially houses the signed request for the app user. More...
 
 getMetadataCookieName ()
 Constructs and returns the name of the coookie that potentially contain metadata. More...
 
 getCode ()
 Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable. More...
 
 getUserFromAccessToken ()
 Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. More...
 
 getApplicationAccessToken ()
 Returns the access token that should be used for logged out users when no authorization code is available. More...
 
 establishCSRFTokenState ()
 Lays down a CSRF state token for this process. More...
 
 getAccessTokenFromCode ($code, $redirect_uri=null)
 Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). More...
 
 _restserver ($params)
 Invoke the old restserver.php endpoint. More...
 
 isVideoPost ($path, $method='GET')
 Return true if this is video post. More...
 
 _graph ($path, $method='GET', $params=array())
 Invoke the Graph API. More...
 
 _oauthRequest ($url, $params)
 Make a OAuth Request. More...
 
 makeRequest ($url, $params, $ch=null)
 Makes an HTTP request. More...
 
 parseSignedRequest ($signed_request)
 Parses a signed_request and validates the signature. More...
 
 makeSignedRequest ($data)
 Makes a signed_request blob using the given data. More...
 
 getApiUrl ($method)
 Build the URL for api given parameters. More...
 
 getUrl ($name, $path='', $params=array())
 Build the URL for given domain alias, path and parameters. More...
 
 getHttpHost ()
 
 getHttpProtocol ()
 
 getBaseDomain ()
 Get the base domain used for the cookie. More...
 
 getCurrentUrl ()
 Returns the Current URL, stripping it of known FB parameters that should not persist. More...
 
 throwAPIException ($result)
 Analyzes the supplied result to see if it was thrown because the access token is no longer valid. More...
 
 getMetadataCookie ()
 Parses the metadata cookie that our Javascript API set. More...
 
 setPersistentData ($key, $value)
 Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class. More...
 
 getPersistentData ($key, $default=false)
 Get the data for $key, persisted by BaseFacebook::setPersistentData() More...
 
 clearPersistentData ($key)
 Clear the data with $key from the persistent storage. More...
 
 clearAllPersistentData ()
 Clear all data from the persistent storage. More...
 

Static Protected Member Functions

static errorLog ($msg)
 Prints to the error log if you aren't in command line mode. More...
 
static base64UrlDecode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static base64UrlEncode ($input)
 Base64 encoding that doesn't need to be urlencode()ed. More...
 
static isAllowedDomain ($big, $small)
 
static endsWith ($big, $small)
 

Protected Attributes

 $appId
 
 $appSecret
 
 $user
 
 $signedRequest
 The data from the signed_request token. More...
 
 $state
 A CSRF state variable to assist in the defense against CSRF attacks. More...
 
 $accessToken = null
 
 $fileUploadSupport = false
 
 $trustForwarded = false
 

Detailed Description

Provides access to the Facebook Platform.

This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.

Author
Naitik Shah naiti.nosp@m.k@fa.nosp@m.ceboo.nosp@m.k.co.nosp@m.m

Definition at line 118 of file base_facebook.php.

Constructor & Destructor Documentation

◆ __construct()

BaseFacebook::__construct (   $config)

Initialize a Facebook Application.

The configuration:

  • appId: the application ID
  • secret: the application secret
  • fileUpload: (optional) boolean indicating if file uploads are enabled
Parameters
array$configThe application configuration

Definition at line 215 of file base_facebook.php.

215 {
216 $this->setAppId($config['appId']);
217 $this->setAppSecret($config['secret']);
218 if (isset($config['fileUpload'])) {
219 $this->setFileUploadSupport($config['fileUpload']);
220 }
221 if (isset($config['trustForwarded']) && $config['trustForwarded']) {
222 $this->trustForwarded = true;
223 }
224 $state = $this->getPersistentData('state');
225 if (!empty($state)) {
226 $this->state = $state;
227 }
228 }
BaseFacebook\setAppId
setAppId($appId)
Set the Application ID.
Definition: base_facebook.php:236
BaseFacebook\$state
$state
A CSRF state variable to assist in the defense against CSRF attacks.
Definition: base_facebook.php:181
BaseFacebook\setFileUploadSupport
setFileUploadSupport($fileUploadSupport)
Set the file upload support status.
Definition: base_facebook.php:298
BaseFacebook\setAppSecret
setAppSecret($appSecret)
Set the App Secret.
Definition: base_facebook.php:268
BaseFacebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
$config
$config
Definition: bootstrap.php:15

References $config, $state, getPersistentData(), setAppId(), setAppSecret(), and setFileUploadSupport().

+ Here is the call graph for this function:

Member Function Documentation

◆ _graph()

BaseFacebook::_graph (   $path,
  $method = 'GET',
  $params = array() 
)
protected

Invoke the Graph API.

Parameters
string$pathThe path (required)
string$methodThe http method (default 'GET')
array$paramsThe query/post data
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 852 of file base_facebook.php.

852 {
853 if (is_array($method) && empty($params)) {
854 $params = $method;
855 $method = 'GET';
856 }
857 $params['method'] = $method; // method override as we always do a POST
858
859 if ($this->isVideoPost($path, $method)) {
860 $domainKey = 'graph_video';
861 } else {
862 $domainKey = 'graph';
863 }
864
865 $result = json_decode($this->_oauthRequest(
866 $this->getUrl($domainKey, $path),
867 $params
868 ), true);
869
870 // results are returned, errors are thrown
871 if (is_array($result) && isset($result['error'])) {
872 $this->throwAPIException($result);
873 // @codeCoverageIgnoreStart
874 }
875 // @codeCoverageIgnoreEnd
876
877 return $result;
878 }
$result
$result
Definition: CleanUpTest.php:463
$path
$path
Definition: aliased.php:25
BaseFacebook\getUrl
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
Definition: base_facebook.php:1119
BaseFacebook\throwAPIException
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid.
Definition: base_facebook.php:1206
BaseFacebook\_oauthRequest
_oauthRequest($url, $params)
Make a OAuth Request.
Definition: base_facebook.php:889
BaseFacebook\isVideoPost
isVideoPost($path, $method='GET')
Return true if this is video post.
Definition: base_facebook.php:835

References PHPMailer\PHPMailer\$params, $path, $result, _oauthRequest(), getUrl(), isVideoPost(), and throwAPIException().

+ Here is the call graph for this function:

◆ _oauthRequest()

BaseFacebook::_oauthRequest (   $url,
  $params 
)
protected

Make a OAuth Request.

Parameters
string$urlThe path (required)
array$paramsThe query/post data
Returns
string The decoded response object
Exceptions
FacebookApiException

Definition at line 889 of file base_facebook.php.

889 {
890 if (!isset($params['access_token'])) {
891 $params['access_token'] = $this->getAccessToken();
892 }
893
894 // json_encode all params values that are not strings
895 foreach ($params as $key => $value) {
896 if (!is_string($value)) {
897 $params[$key] = json_encode($value);
898 }
899 }
900
901 return $this->makeRequest($url, $params);
902 }
BaseFacebook\getAccessToken
getAccessToken()
Determines the access token that should be used for API calls.
Definition: base_facebook.php:388
BaseFacebook\makeRequest
makeRequest($url, $params, $ch=null)
Makes an HTTP request.
Definition: base_facebook.php:915
$key
$key
Definition: croninfo.php:18
$url
$url
Definition: proxy_ylocal.php:28

References $key, PHPMailer\PHPMailer\$params, $url, getAccessToken(), and makeRequest().

Referenced by _graph(), _restserver(), getAccessTokenFromCode(), and setExtendedAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _restserver()

BaseFacebook::_restserver (   $params)
protected

Invoke the old restserver.php endpoint.

Parameters
array$paramsMethod call object
Returns
mixed The decoded response object
Exceptions
FacebookApiException

Definition at line 801 of file base_facebook.php.

801 {
802 // generic application level parameters
803 $params['api_key'] = $this->getAppId();
804 $params['format'] = 'json-strings';
805
806 $result = json_decode($this->_oauthRequest(
807 $this->getApiUrl($params['method']),
808 $params
809 ), true);
810
811 // results are returned, errors are thrown
812 if (is_array($result) && isset($result['error_code'])) {
813 $this->throwAPIException($result);
814 // @codeCoverageIgnoreStart
815 }
816 // @codeCoverageIgnoreEnd
817
818 $method = strtolower($params['method']);
819 if ($method === 'auth.expiresession' ||
820 $method === 'auth.revokeauthorization') {
821 $this->destroySession();
822 }
823
824 return $result;
825 }
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:246
BaseFacebook\getApiUrl
getApiUrl($method)
Build the URL for api given parameters.
Definition: base_facebook.php:1039
BaseFacebook\destroySession
destroySession()
Destroy the current session.
Definition: base_facebook.php:1275

References PHPMailer\PHPMailer\$params, $result, _oauthRequest(), destroySession(), getApiUrl(), getAppId(), and throwAPIException().

Referenced by api().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ api()

BaseFacebook::api ( )

Make an API call.

Returns
mixed The decoded response

Definition at line 639 of file base_facebook.php.

639 {
640 $args = func_get_args();
641 if (is_array($args[0])) {
642 return $this->_restserver($args[0]);
643 } else {
644 return call_user_func_array(array($this, '_graph'), $args);
645 }
646 }
BaseFacebook\_restserver
_restserver($params)
Invoke the old restserver.php endpoint.
Definition: base_facebook.php:801

References _restserver().

Referenced by getUserFromAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ base64UrlDecode()

static BaseFacebook::base64UrlDecode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of / No padded =
Parameters
string$inputbase64UrlEncoded string
Returns
string

Definition at line 1253 of file base_facebook.php.

1253 {
1254 return base64_decode(strtr($input, '-_', '+/'));
1255 }
$input
$input
Definition: bench_manipulatevcard.php:18

References $input.

Referenced by parseSignedRequest().

+ Here is the caller graph for this function:

◆ base64UrlEncode()

static BaseFacebook::base64UrlEncode (   $input)
staticprotected

Base64 encoding that doesn't need to be urlencode()ed.

Exactly the same as base64_encode except it uses

  • instead of + _ instead of /
Parameters
string$inputstring
Returns
string base64Url encoded string

Definition at line 1266 of file base_facebook.php.

1266 {
1267 $str = strtr(base64_encode($input), '+/', '-_');
1268 $str = str_replace('=', '', $str);
1269 return $str;
1270 }

References $input.

Referenced by makeSignedRequest().

+ Here is the caller graph for this function:

◆ clearAllPersistentData()

BaseFacebook::clearAllPersistentData ( )
abstractprotected

Clear all data from the persistent storage.

Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by destroySession(), getUserAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ clearPersistentData()

BaseFacebook::clearPersistentData (   $key)
abstractprotected

Clear the data with $key from the persistent storage.

Parameters
string$key
Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by getCode().

+ Here is the caller graph for this function:

◆ destroySession()

BaseFacebook::destroySession ( )

Destroy the current session.

Definition at line 1275 of file base_facebook.php.

1275 {
1276 $this->accessToken = null;
1277 $this->signedRequest = null;
1278 $this->user = null;
1279 $this->clearAllPersistentData();
1280
1281 // Javascript sets a cookie that will be used in getSignedRequest that we
1282 // need to clear if we can
1283 $cookie_name = $this->getSignedRequestCookieName();
1284 if (array_key_exists($cookie_name, $_COOKIE)) {
1285 unset($_COOKIE[$cookie_name]);
1286 if (!headers_sent()) {
1287 $base_domain = $this->getBaseDomain();
1288 setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
1289 } else {
1290 // @codeCoverageIgnoreStart
1291 self::errorLog(
1292 'There exists a cookie that we wanted to clear that we couldn\'t '.
1293 'clear because headers was already sent. Make sure to do the first '.
1294 'API call before outputing anything.'
1295 );
1296 // @codeCoverageIgnoreEnd
1297 }
1298 }
1299 }
user
user()
Definition: user.php:4
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
BaseFacebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
BaseFacebook\getBaseDomain
getBaseDomain()
Get the base domain used for the cookie.
Definition: base_facebook.php:1164
BaseFacebook\getSignedRequestCookieName
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
Definition: base_facebook.php:657
BaseFacebook\errorLog
static errorLog($msg)
Prints to the error log if you aren't in command line mode.
Definition: base_facebook.php:1234

References $_COOKIE, clearAllPersistentData(), errorLog(), getBaseDomain(), getSignedRequestCookieName(), and user().

Referenced by _restserver(), setExtendedAccessToken(), and throwAPIException().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ endsWith()

static BaseFacebook::endsWith (   $big,
  $small 
)
staticprotected

Definition at line 1339 of file base_facebook.php.

1339 {
1340 $len = strlen($small);
1341 if ($len === 0) {
1342 return true;
1343 }
1344 return substr($big, -$len) === $small;
1345 }

Referenced by isAllowedDomain().

+ Here is the caller graph for this function:

◆ errorLog()

static BaseFacebook::errorLog (   $msg)
staticprotected

Prints to the error log if you aren't in command line mode.

Parameters
string$msgLog message

Definition at line 1234 of file base_facebook.php.

1234 {
1235 // disable error log if we are running in a CLI environment
1236 // @codeCoverageIgnoreStart
1237 if (php_sapi_name() != 'cli') {
1238 error_log($msg);
1239 }
1240 // @codeCoverageIgnoreEnd
1241 }

References Monolog\Handler\error_log().

Referenced by destroySession(), getAccessTokenFromCode(), getCode(), makeRequest(), and parseSignedRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ establishCSRFTokenState()

BaseFacebook::establishCSRFTokenState ( )
protected

Lays down a CSRF state token for this process.

Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Definition at line 734 of file base_facebook.php.

734 {
735 if ($this->state === null) {
736 $this->state = md5(uniqid(mt_rand(), true));
737 $this->setPersistentData('state', $this->state);
738 }
739 }
BaseFacebook\setPersistentData
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...

References setPersistentData().

Referenced by getLoginUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAccessToken()

BaseFacebook::getAccessToken ( )

Determines the access token that should be used for API calls.

The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.

Returns
string The access token

Definition at line 388 of file base_facebook.php.

388 {
389 if ($this->accessToken !== null) {
390 // we've done this already and cached it. Just return.
391 return $this->accessToken;
392 }
393
394 // first establish access token to be the application
395 // access token, in case we navigate to the /oauth/access_token
396 // endpoint, where SOME access token is required
397 $this->setAccessToken($this->getApplicationAccessToken());
398 $user_access_token = $this->getUserAccessToken();
399 if ($user_access_token) {
400 $this->setAccessToken($user_access_token);
401 }
402
403 return $this->accessToken;
404 }
BaseFacebook\getApplicationAccessToken
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
Definition: base_facebook.php:725
BaseFacebook\setAccessToken
setAccessToken($access_token)
Sets the access token for api calls.
Definition: base_facebook.php:331
BaseFacebook\getUserAccessToken
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present,...
Definition: base_facebook.php:416

References $accessToken, getApplicationAccessToken(), getUserAccessToken(), and setAccessToken().

Referenced by _oauthRequest(), getUserFromAvailableData(), and setExtendedAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAccessTokenFromCode()

BaseFacebook::getAccessTokenFromCode (   $code,
  $redirect_uri = null 
)
protected

Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user).

The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.

Parameters
string$codeAn authorization code.
Returns
mixed An access token exchanged for the authorization code, or false if an access token could not be generated.

Definition at line 753 of file base_facebook.php.

753 {
754 if (empty($code)) {
755 return false;
756 }
757
758 if ($redirect_uri === null) {
759 $redirect_uri = $this->getCurrentUrl();
760 }
761
762 try {
763 // need to circumvent json_decode by calling _oauthRequest
764 // directly, since response isn't JSON format
765 $access_token_response =
766 $this->_oauthRequest(
767 $this->getUrl('graph', '/oauth/access_token'),
768 $params = array('client_id' => $this->getAppId(),
769 'client_secret' => $this->getAppSecret(),
770 'redirect_uri' => $redirect_uri,
771 'code' => $code));
772 } catch (FacebookApiException $e) {
773 // most likely that user very recently revoked authorization.
774 // In any event, we don't have an access token, so say so.
775 self::errorLog($e->getMessage());
776 return false;
777 }
778
779 if (empty($access_token_response)) {
780 self::errorlog('No access token response');
781 return false;
782 }
783
784 $response_params = json_decode($access_token_response, true);
785 if (!isset($response_params['access_token'])) {
786 self::errorlog('No access token in response. ' . $access_token_response);
787 return false;
788 }
789
790 return $response_params['access_token'];
791 }
BaseFacebook\getCurrentUrl
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
Definition: base_facebook.php:1181
BaseFacebook\getAppSecret
getAppSecret()
Get the App Secret.
Definition: base_facebook.php:288
FacebookApiException
Copyright 2011 Facebook, Inc.
Definition: base_facebook.php:31
$code
$code
Definition: example_050.php:99

References $code, PHPMailer\PHPMailer\$params, _oauthRequest(), errorLog(), getAppId(), getAppSecret(), getCurrentUrl(), and getUrl().

Referenced by getUserAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getApiSecret()

BaseFacebook::getApiSecret ( )

Get the App Secret.

Returns
string the App Secret
Deprecated:

Definition at line 279 of file base_facebook.php.

279 {
280 return $this->getAppSecret();
281 }

References getAppSecret().

+ Here is the call graph for this function:

◆ getApiUrl()

BaseFacebook::getApiUrl (   $method)
protected

Build the URL for api given parameters.

Parameters
$methodString the method name.
Returns
string The URL for the given parameters

Definition at line 1039 of file base_facebook.php.

1039 {
1040 static $READ_ONLY_CALLS =
1041 array('admin.getallocation' => 1,
1042 'admin.getappproperties' => 1,
1043 'admin.getbannedusers' => 1,
1044 'admin.getlivestreamvialink' => 1,
1045 'admin.getmetrics' => 1,
1046 'admin.getrestrictioninfo' => 1,
1047 'application.getpublicinfo' => 1,
1048 'auth.getapppublickey' => 1,
1049 'auth.getsession' => 1,
1050 'auth.getsignedpublicsessiondata' => 1,
1051 'comments.get' => 1,
1052 'connect.getunconnectedfriendscount' => 1,
1053 'dashboard.getactivity' => 1,
1054 'dashboard.getcount' => 1,
1055 'dashboard.getglobalnews' => 1,
1056 'dashboard.getnews' => 1,
1057 'dashboard.multigetcount' => 1,
1058 'dashboard.multigetnews' => 1,
1059 'data.getcookies' => 1,
1060 'events.get' => 1,
1061 'events.getmembers' => 1,
1062 'fbml.getcustomtags' => 1,
1063 'feed.getappfriendstories' => 1,
1064 'feed.getregisteredtemplatebundlebyid' => 1,
1065 'feed.getregisteredtemplatebundles' => 1,
1066 'fql.multiquery' => 1,
1067 'fql.query' => 1,
1068 'friends.arefriends' => 1,
1069 'friends.get' => 1,
1070 'friends.getappusers' => 1,
1071 'friends.getlists' => 1,
1072 'friends.getmutualfriends' => 1,
1073 'gifts.get' => 1,
1074 'groups.get' => 1,
1075 'groups.getmembers' => 1,
1076 'intl.gettranslations' => 1,
1077 'links.get' => 1,
1078 'notes.get' => 1,
1079 'notifications.get' => 1,
1080 'pages.getinfo' => 1,
1081 'pages.isadmin' => 1,
1082 'pages.isappadded' => 1,
1083 'pages.isfan' => 1,
1084 'permissions.checkavailableapiaccess' => 1,
1085 'permissions.checkgrantedapiaccess' => 1,
1086 'photos.get' => 1,
1087 'photos.getalbums' => 1,
1088 'photos.gettags' => 1,
1089 'profile.getinfo' => 1,
1090 'profile.getinfooptions' => 1,
1091 'stream.get' => 1,
1092 'stream.getcomments' => 1,
1093 'stream.getfilters' => 1,
1094 'users.getinfo' => 1,
1095 'users.getloggedinuser' => 1,
1096 'users.getstandardinfo' => 1,
1097 'users.hasapppermission' => 1,
1098 'users.isappuser' => 1,
1099 'users.isverified' => 1,
1100 'video.getuploadlimits' => 1);
1101 $name = 'api';
1102 if (isset($READ_ONLY_CALLS[strtolower($method)])) {
1103 $name = 'api_read';
1104 } else if (strtolower($method) == 'video.upload') {
1105 $name = 'api_video';
1106 }
1107 return self::getUrl($name, 'restserver.php');
1108 }
$name
$name
Definition: client_example.php:35

References $name, and getUrl().

Referenced by _restserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAppId()

BaseFacebook::getAppId ( )

Get the Application ID.

Returns
string the Application ID

Definition at line 246 of file base_facebook.php.

246 {
247 return $this->appId;
248 }

References $appId.

Referenced by _restserver(), sspmod_authfacebook_Facebook\constructSessionVariableName(), getAccessTokenFromCode(), getLoginStatusUrl(), getLoginUrl(), sspmod_authfacebook_Facebook\getSharedSessionCookieName(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getApplicationAccessToken()

BaseFacebook::getApplicationAccessToken ( )
protected

Returns the access token that should be used for logged out users when no authorization code is available.

Returns
string The application access token, useful for gathering public information about users and applications.

Definition at line 725 of file base_facebook.php.

725 {
726 return $this->appId.'|'.$this->appSecret;
727 }

References $appSecret.

Referenced by getAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ getAppSecret()

BaseFacebook::getAppSecret ( )

Get the App Secret.

Returns
string the App Secret

Definition at line 288 of file base_facebook.php.

288 {
289 return $this->appSecret;
290 }

References $appSecret.

Referenced by getAccessTokenFromCode(), getApiSecret(), makeSignedRequest(), parseSignedRequest(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getBaseDomain()

BaseFacebook::getBaseDomain ( )
protected

Get the base domain used for the cookie.

Definition at line 1164 of file base_facebook.php.

1164 {
1165 // The base domain is stored in the metadata cookie if not we fallback
1166 // to the current hostname
1167 $metadata = $this->getMetadataCookie();
1168 if (array_key_exists('base_domain', $metadata) &&
1169 !empty($metadata['base_domain'])) {
1170 return trim($metadata['base_domain'], '.');
1171 }
1172 return $this->getHttpHost();
1173 }
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
BaseFacebook\getMetadataCookie
getMetadataCookie()
Parses the metadata cookie that our Javascript API set.
Definition: base_facebook.php:1306

References $metadata, getHttpHost(), and getMetadataCookie().

Referenced by sspmod_authfacebook_Facebook\deleteSharedSessionCookie(), destroySession(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCode()

BaseFacebook::getCode ( )
protected

Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.

Returns
mixed The authorization code, or false if the authorization code could not be determined.

Definition at line 680 of file base_facebook.php.

680 {
681 if (isset($_REQUEST['code'])) {
682 if ($this->state !== null &&
683 isset($_REQUEST['state']) &&
684 $this->state === $_REQUEST['state']) {
685
686 // CSRF state has done its job, so clear it
687 $this->state = null;
688 $this->clearPersistentData('state');
689 return $_REQUEST['code'];
690 } else {
691 self::errorLog('CSRF state token does not match one provided. ' . $this->state . '!=' . $_REQUEST['state']);
692 return false;
693 }
694 }
695
696 return false;
697 }
BaseFacebook\clearPersistentData
clearPersistentData($key)
Clear the data with $key from the persistent storage.

References clearPersistentData(), and errorLog().

Referenced by getUserAccessToken().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCurrentUrl()

BaseFacebook::getCurrentUrl ( )
protected

Returns the Current URL, stripping it of known FB parameters that should not persist.

Returns
string The current URL

Definition at line 1181 of file base_facebook.php.

1181 {
1182 $protocol = $this->getHttpProtocol() . '://';
1183 $host = $this->getHttpHost();
1184 $currentUrl = $protocol.$host.$_SERVER['REQUEST_URI'];
1185 $parts = parse_url($currentUrl);
1186
1187 // use port if non default
1188 $port =
1189 isset($parts['port']) &&
1190 (($protocol === 'http://' && $parts['port'] !== 80) ||
1191 ($protocol === 'https://' && $parts['port'] !== 443))
1192 ? ':' . $parts['port'] : '';
1193
1194 // rebuild
1195 return $protocol . $parts['host'] . $port . $parts['path'];
1196 }

References GuzzleHttp\Psr7\$protocol, getHttpHost(), and getHttpProtocol().

Referenced by getAccessTokenFromCode(), getLoginStatusUrl(), getLoginUrl(), and getLogoutUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getFileUploadSupport()

BaseFacebook::getFileUploadSupport ( )

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 308 of file base_facebook.php.

308 {
309 return $this->fileUploadSupport;
310 }

References $fileUploadSupport.

Referenced by makeRequest(), and useFileUploadSupport().

+ Here is the caller graph for this function:

◆ getHttpHost()

BaseFacebook::getHttpHost ( )
protected

Definition at line 1134 of file base_facebook.php.

1134 {
1135 if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
1136 return $_SERVER['HTTP_X_FORWARDED_HOST'];
1137 }
1138 return $_SERVER['HTTP_HOST'];
1139 }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_SERVER.

Referenced by getBaseDomain(), getCurrentUrl(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the caller graph for this function:

◆ getHttpProtocol()

BaseFacebook::getHttpProtocol ( )
protected

Definition at line 1141 of file base_facebook.php.

1141 {
1142 if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
1143 if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
1144 return 'https';
1145 }
1146 return 'http';
1147 }
1148 /*apache + variants specific way of checking for https*/
1149 if (isset($_SERVER['HTTPS']) &&
1150 ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) {
1151 return 'https';
1152 }
1153 /*nginx way of checking for https*/
1154 if (isset($_SERVER['SERVER_PORT']) &&
1155 ($_SERVER['SERVER_PORT'] === '443')) {
1156 return 'https';
1157 }
1158 return 'http';
1159 }

References $_SERVER.

Referenced by getCurrentUrl().

+ Here is the caller graph for this function:

◆ getLoginStatusUrl()

BaseFacebook::getLoginStatusUrl (   $params = array())

Get a login status URL to fetch the status from Facebook.

The parameters:

  • ok_session: the URL to go to if a session is found
  • no_session: the URL to go to if the user is not connected
  • no_user: the URL to go to if the user is not signed into facebook
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 620 of file base_facebook.php.

620 {
621 return $this->getUrl(
622 'www',
623 'extern/login_status.php',
624 array_merge(array(
625 'api_key' => $this->getAppId(),
626 'no_session' => $this->getCurrentUrl(),
627 'no_user' => $this->getCurrentUrl(),
628 'ok_session' => $this->getCurrentUrl(),
629 'session_version' => 3,
630 ), $params)
631 );
632 }

References PHPMailer\PHPMailer\$params, getAppId(), getCurrentUrl(), and getUrl().

+ Here is the call graph for this function:

◆ getLoginUrl()

BaseFacebook::getLoginUrl (   $params = array())

Get a Login URL for use with redirects.

By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.

The parameters:

  • redirect_uri: the URL to go to after a successful login
  • scope: comma separated list of requested extended perms
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the login flow

Definition at line 569 of file base_facebook.php.

569 {
570 $this->establishCSRFTokenState();
571 $currentUrl = $this->getCurrentUrl();
572
573 // if 'scope' is passed as an array, convert to comma separated list
574 $scopeParams = isset($params['scope']) ? $params['scope'] : null;
575 if ($scopeParams && is_array($scopeParams)) {
576 $params['scope'] = implode(',', $scopeParams);
577 }
578
579 return $this->getUrl(
580 'www',
581 'dialog/oauth',
582 array_merge(array(
583 'client_id' => $this->getAppId(),
584 'redirect_uri' => $currentUrl, // possibly overwritten
585 'state' => $this->state),
586 $params));
587 }
BaseFacebook\establishCSRFTokenState
establishCSRFTokenState()
Lays down a CSRF state token for this process.
Definition: base_facebook.php:734

References PHPMailer\PHPMailer\$params, establishCSRFTokenState(), getAppId(), getCurrentUrl(), and getUrl().

+ Here is the call graph for this function:

◆ getLogoutUrl()

BaseFacebook::getLogoutUrl (   $params = array())

Get a Logout URL suitable for use with redirects.

The parameters:

  • next: the URL to go to after a successful logout
Parameters
array$paramsProvide custom parameters
Returns
string The URL for the logout flow

Definition at line 598 of file base_facebook.php.

598 {
599 return $this->getUrl(
600 'www',
601 'logout.php',
602 array_merge(array(
603 'next' => $this->getCurrentUrl(),
604 'access_token' => $this->getUserAccessToken(),
605 ), $params)
606 );
607 }

References PHPMailer\PHPMailer\$params, getCurrentUrl(), getUrl(), and getUserAccessToken().

+ Here is the call graph for this function:

◆ getMetadataCookie()

BaseFacebook::getMetadataCookie ( )
protected

Parses the metadata cookie that our Javascript API set.

Returns
an array mapping key to value

Definition at line 1306 of file base_facebook.php.

1306 {
1307 $cookie_name = $this->getMetadataCookieName();
1308 if (!array_key_exists($cookie_name, $_COOKIE)) {
1309 return array();
1310 }
1311
1312 // The cookie value can be wrapped in "-characters so remove them
1313 $cookie_value = trim($_COOKIE[$cookie_name], '"');
1314
1315 if (empty($cookie_value)) {
1316 return array();
1317 }
1318
1319 $parts = explode('&', $cookie_value);
1320 $metadata = array();
1321 foreach ($parts as $part) {
1322 $pair = explode('=', $part, 2);
1323 if (!empty($pair[0])) {
1324 $metadata[urldecode($pair[0])] =
1325 (count($pair) > 1) ? urldecode($pair[1]) : '';
1326 }
1327 }
1328
1329 return $metadata;
1330 }
BaseFacebook\getMetadataCookieName
getMetadataCookieName()
Constructs and returns the name of the coookie that potentially contain metadata.
Definition: base_facebook.php:668

References $_COOKIE, $metadata, and getMetadataCookieName().

Referenced by getBaseDomain().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataCookieName()

BaseFacebook::getMetadataCookieName ( )
protected

Constructs and returns the name of the coookie that potentially contain metadata.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house metadata.

Definition at line 668 of file base_facebook.php.

668 {
669 return 'fbm_'.$this->getAppId();
670 }

Referenced by getMetadataCookie().

+ Here is the caller graph for this function:

◆ getPersistentData()

BaseFacebook::getPersistentData (   $key,
  $default = false 
)
abstractprotected

Get the data for $key, persisted by BaseFacebook::setPersistentData()

Parameters
string$keyThe key of the data to retrieve
boolean$defaultThe default value to return if $key is not found
Returns
mixed

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by __construct(), getUserAccessToken(), and getUserFromAvailableData().

+ Here is the caller graph for this function:

◆ getSignedRequest()

BaseFacebook::getSignedRequest ( )

Retrieve the signed request, either from a request parameter or, if not present, from a cookie.

Returns
string the signed request, if available, or null otherwise.

Definition at line 479 of file base_facebook.php.

479 {
480 if (!$this->signedRequest) {
481 if (!empty($_REQUEST['signed_request'])) {
482 $this->signedRequest = $this->parseSignedRequest(
483 $_REQUEST['signed_request']);
484 } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
485 $this->signedRequest = $this->parseSignedRequest(
486 $_COOKIE[$this->getSignedRequestCookieName()]);
487 }
488 }
489 return $this->signedRequest;
490 }
BaseFacebook\parseSignedRequest
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
Definition: base_facebook.php:989
BaseFacebook\$signedRequest
$signedRequest
The data from the signed_request token.
Definition: base_facebook.php:176

References $_COOKIE, $signedRequest, getSignedRequestCookieName(), and parseSignedRequest().

Referenced by getUserAccessToken(), and getUserFromAvailableData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSignedRequestCookieName()

BaseFacebook::getSignedRequestCookieName ( )
protected

Constructs and returns the name of the cookie that potentially houses the signed request for the app user.

The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.

Returns
string the name of the cookie that would house the signed request value.

Definition at line 657 of file base_facebook.php.

657 {
658 return 'fbsr_'.$this->getAppId();
659 }

Referenced by destroySession(), and getSignedRequest().

+ Here is the caller graph for this function:

◆ getUrl()

BaseFacebook::getUrl (   $name,
  $path = '',
  $params = array() 
)
protected

Build the URL for given domain alias, path and parameters.

Parameters
$namestring The name of the domain
$pathstring Optional path (without a leading slash)
$paramsarray Optional query parameters
Returns
string The URL for the given parameters

Definition at line 1119 of file base_facebook.php.

1119 {
1120 $url = self::$DOMAIN_MAP[$name];
1121 if ($path) {
1122 if ($path[0] === '/') {
1123 $path = substr($path, 1);
1124 }
1125 $url .= $path;
1126 }
1127 if ($params) {
1128 $url .= '?' . http_build_query($params, null, '&');
1129 }
1130
1131 return $url;
1132 }

References $name, PHPMailer\PHPMailer\$params, $path, and $url.

Referenced by _graph(), getAccessTokenFromCode(), getApiUrl(), getLoginStatusUrl(), getLoginUrl(), getLogoutUrl(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ getUser()

BaseFacebook::getUser ( )

Get the UID of the connected user, or 0 if the Facebook user is not connected.

Returns
string the UID if available.

Definition at line 498 of file base_facebook.php.

498 {
499 if ($this->user !== null) {
500 // we've already determined this and cached the value
501 return $this->user;
502 }
503
504 return $this->user = $this->getUserFromAvailableData();
505 }
BaseFacebook\getUserFromAvailableData
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorizati...
Definition: base_facebook.php:515

References $user, getUserFromAvailableData(), and user().

+ Here is the call graph for this function:

◆ getUserAccessToken()

BaseFacebook::getUserAccessToken ( )
protected

Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present.

The intent is to return a valid user access token, or false if one is determined to not be available.

Returns
string A valid user access token, or false if one could not be determined.

Definition at line 416 of file base_facebook.php.

416 {
417 // first, consider a signed request if it's supplied
418 // if there is a signed request, then it alone determines
419 // the access token
420 $signed_request = $this->getSignedRequest();
421 if ($signed_request) {
422 // apps.facebook.com hands the access_token in the signed_request
423 if (array_key_exists('oauth_token', $signed_request)) {
424 $access_token = $signed_request['oauth_token'];
425 $this->setPersistentData('access_token', $access_token);
426 return $access_token;
427 }
428
429 // the JS SDK puts a code in with the redirect_uri of ''
430 if (array_key_exists('code', $signed_request)) {
431 $code = $signed_request['code'];
432 if ($code && $code == $this->getPersistentData('code')) {
433 // short-circuit if the code we have is the same as the one presented
434 return $this->getPersistentData('access_token');
435 }
436
437 $access_token = $this->getAccessTokenFromCode($code, '');
438 if ($access_token) {
439 $this->setPersistentData('code', $code);
440 $this->setPersistentData('access_token', $access_token);
441 return $access_token;
442 }
443 }
444
445 // signed request states there's no access token, so anything
446 // stored should be cleared
447 $this->clearAllPersistentData();
448 return false; // respect the signed request's data, even
449 // if there's an authorization code or something else
450 }
451
452 $code = $this->getCode();
453 if ($code && $code != $this->getPersistentData('code')) {
454 $access_token = $this->getAccessTokenFromCode($code);
455 if ($access_token) {
456 $this->setPersistentData('code', $code);
457 $this->setPersistentData('access_token', $access_token);
458 return $access_token;
459 }
460
461 // code was bogus, so everything based on it should be invalidated
462 $this->clearAllPersistentData();
463 return false;
464 }
465
466 // as a fallback, just return whatever is in the persistent
467 // store, knowing nothing explicit (signed request, authorization
468 // code, etc.) was present to shadow it (or we saw a code in $_REQUEST,
469 // but it's the same as what's in the persistent store)
470 return $this->getPersistentData('access_token');
471 }
BaseFacebook\getAccessTokenFromCode
getAccessTokenFromCode($code, $redirect_uri=null)
Retrieves an access token for the given authorization code (previously generated from www....
Definition: base_facebook.php:753
BaseFacebook\getCode
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to sig...
Definition: base_facebook.php:680
BaseFacebook\getSignedRequest
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie.
Definition: base_facebook.php:479

References $code, clearAllPersistentData(), getAccessTokenFromCode(), getCode(), getPersistentData(), getSignedRequest(), and setPersistentData().

Referenced by getAccessToken(), and getLogoutUrl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserFromAccessToken()

BaseFacebook::getUserFromAccessToken ( )
protected

Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate.

It relies on Facebook's Graph API to retrieve user information and then extract the user ID.

Returns
integer Returns the UID of the Facebook user, or 0 if the Facebook user could not be determined.

Definition at line 709 of file base_facebook.php.

709 {
710 try {
711 $user_info = $this->api('/me');
712 return $user_info['id'];
713 } catch (FacebookApiException $e) {
714 return 0;
715 }
716 }
BaseFacebook\api
api()
Make an API call.
Definition: base_facebook.php:639

References api().

Referenced by getUserFromAvailableData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserFromAvailableData()

BaseFacebook::getUserFromAvailableData ( )
protected

Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.

Returns
integer The id of the connected Facebook user, or 0 if no such user exists.

Definition at line 515 of file base_facebook.php.

515 {
516 // if a signed request is supplied, then it solely determines
517 // who the user is
518 $signed_request = $this->getSignedRequest();
519 if ($signed_request) {
520 if (array_key_exists('user_id', $signed_request)) {
521 $user = $signed_request['user_id'];
522
523 if($user != $this->getPersistentData('user_id')){
524 $this->clearAllPersistentData();
525 }
526
527 $this->setPersistentData('user_id', $signed_request['user_id']);
528 return $user;
529 }
530
531 // if the signed request didn't present a user id, then invalidate
532 // all entries in any persistent store
533 $this->clearAllPersistentData();
534 return 0;
535 }
536
537 $user = $this->getPersistentData('user_id', $default = 0);
538 $persisted_access_token = $this->getPersistentData('access_token');
539
540 // use access_token to fetch user id if we have a user access_token, or if
541 // the cached access token has changed
542 $access_token = $this->getAccessToken();
543 if ($access_token &&
544 $access_token != $this->getApplicationAccessToken() &&
545 !($user && $persisted_access_token == $access_token)) {
546 $user = $this->getUserFromAccessToken();
547 if ($user) {
548 $this->setPersistentData('user_id', $user);
549 } else {
550 $this->clearAllPersistentData();
551 }
552 }
553
554 return $user;
555 }
$default
$default
Definition: build.php:20
BaseFacebook\getUserFromAccessToken
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingl...
Definition: base_facebook.php:709

References $default, $user, clearAllPersistentData(), getAccessToken(), getApplicationAccessToken(), getPersistentData(), getSignedRequest(), getUserFromAccessToken(), and setPersistentData().

Referenced by getUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAllowedDomain()

static BaseFacebook::isAllowedDomain (   $big,
  $small 
)
staticprotected

Definition at line 1332 of file base_facebook.php.

1332 {
1333 if ($big === $small) {
1334 return true;
1335 }
1336 return self::endsWith($big, '.'.$small);
1337 }
BaseFacebook\endsWith
static endsWith($big, $small)
Definition: base_facebook.php:1339

References endsWith().

+ Here is the call graph for this function:

◆ isVideoPost()

BaseFacebook::isVideoPost (   $path,
  $method = 'GET' 
)
protected

Return true if this is video post.

Parameters
string$pathThe path
string$methodThe http method (default 'GET')
Returns
boolean true if this is video post

Definition at line 835 of file base_facebook.php.

835 {
836 if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) {
837 return true;
838 }
839 return false;
840 }

References $path.

Referenced by _graph().

+ Here is the caller graph for this function:

◆ makeRequest()

BaseFacebook::makeRequest (   $url,
  $params,
  $ch = null 
)
protected

Makes an HTTP request.

This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.

Parameters
string$urlThe URL to make the request to
array$paramsThe parameters to use for the POST body
CurlHandler$chInitialized curl handle
Returns
string The response text

Definition at line 915 of file base_facebook.php.

915 {
916 if (!$ch) {
917 $ch = curl_init();
918 }
919
920 $opts = self::$CURL_OPTS;
921 if ($this->getFileUploadSupport()) {
922 $opts[CURLOPT_POSTFIELDS] = $params;
923 } else {
924 $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
925 }
926 $opts[CURLOPT_URL] = $url;
927
928 // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
929 // for 2 seconds if the server does not support this header
930 if (isset($opts[CURLOPT_HTTPHEADER])) {
931 $existing_headers = $opts[CURLOPT_HTTPHEADER];
932 $existing_headers[] = 'Expect:';
933 $opts[CURLOPT_HTTPHEADER] = $existing_headers;
934 } else {
935 $opts[CURLOPT_HTTPHEADER] = array('Expect:');
936 }
937
938 curl_setopt_array($ch, $opts);
939 $result = curl_exec($ch);
940
941 if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
942 self::errorLog('Invalid or no certificate authority found, '.
943 'using bundled information');
944 curl_setopt($ch, CURLOPT_CAINFO,
945 dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
946 $result = curl_exec($ch);
947 }
948
949 // With dual stacked DNS responses, it's possible for a server to
950 // have IPv6 enabled but not have IPv6 connectivity. If this is
951 // the case, curl will try IPv4 first and if that fails, then it will
952 // fall back to IPv6 and the error EHOSTUNREACH is returned by the
953 // operating system
954 if ($result === false && empty($opts[CURLOPT_IPRESOLVE])) {
955 $matches = array();
956 $regex = '/Failed to connect to ([^:].*): Network is unreachable/';
957 if (preg_match($regex, curl_error($ch), $matches)) {
958 if (strlen(@inet_pton($matches[1])) === 16) {
959 self::errorLog('Invalid IPv6 configuration on server, '.
960 'Please disable or get native IPv6 on your server.');
961 self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
962 curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
963 $result = curl_exec($ch);
964 }
965 }
966 }
967
968 if ($result === false) {
969 $e = new FacebookApiException(array(
970 'error_code' => curl_errno($ch),
971 'error' => array(
972 'message' => curl_error($ch),
973 'type' => 'CurlException',
974 ),
975 ));
976 curl_close($ch);
977 throw $e;
978 }
979 curl_close($ch);
980 return $result;
981 }
BaseFacebook\getFileUploadSupport
getFileUploadSupport()
Get the file upload support status.
Definition: base_facebook.php:308
BaseFacebook\$CURL_OPTS
static $CURL_OPTS
Default options for curl.
Definition: base_facebook.php:133

References $CURL_OPTS, PHPMailer\PHPMailer\$params, $result, $url, errorLog(), and getFileUploadSupport().

Referenced by _oauthRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ makeSignedRequest()

BaseFacebook::makeSignedRequest (   $data)
protected

Makes a signed_request blob using the given data.

Parameters
arrayThe data array.
Returns
string The signed request.

Definition at line 1019 of file base_facebook.php.

1019 {
1020 if (!is_array($data)) {
1021 throw new InvalidArgumentException(
1022 'makeSignedRequest expects an array. Got: ' . print_r($data, true));
1023 }
1024 $data['algorithm'] = self::SIGNED_REQUEST_ALGORITHM;
1025 $data['issued_at'] = time();
1026 $json = json_encode($data);
1027 $b64 = self::base64UrlEncode($json);
1028 $raw_sig = hash_hmac('sha256', $b64, $this->getAppSecret(), $raw = true);
1029 $sig = self::base64UrlEncode($raw_sig);
1030 return $sig.'.'.$b64;
1031 }
BaseFacebook\SIGNED_REQUEST_ALGORITHM
const SIGNED_REQUEST_ALGORITHM
Signed Request Algorithm.
Definition: base_facebook.php:128
BaseFacebook\base64UrlEncode
static base64UrlEncode($input)
Base64 encoding that doesn't need to be urlencode()ed.
Definition: base_facebook.php:1266
$data
$data
Definition: bench.php:6

References $data, base64UrlEncode(), getAppSecret(), and SIGNED_REQUEST_ALGORITHM.

Referenced by sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseSignedRequest()

BaseFacebook::parseSignedRequest (   $signed_request)
protected

Parses a signed_request and validates the signature.

Parameters
string$signed_requestA signed token
Returns
array The payload inside it or null if the sig is wrong

Definition at line 989 of file base_facebook.php.

989 {
990 list($encoded_sig, $payload) = explode('.', $signed_request, 2);
991
992 // decode the data
993 $sig = self::base64UrlDecode($encoded_sig);
994 $data = json_decode(self::base64UrlDecode($payload), true);
995
996 if (strtoupper($data['algorithm']) !== self::SIGNED_REQUEST_ALGORITHM) {
997 self::errorLog(
998 'Unknown algorithm. Expected ' . self::SIGNED_REQUEST_ALGORITHM);
999 return null;
1000 }
1001
1002 // check sig
1003 $expected_sig = hash_hmac('sha256', $payload,
1004 $this->getAppSecret(), $raw = true);
1005 if ($sig !== $expected_sig) {
1006 self::errorLog('Bad Signed JSON signature!');
1007 return null;
1008 }
1009
1010 return $data;
1011 }
BaseFacebook\base64UrlDecode
static base64UrlDecode($input)
Base64 encoding that doesn't need to be urlencode()ed.
Definition: base_facebook.php:1253

References $data, base64UrlDecode(), errorLog(), and getAppSecret().

Referenced by getSignedRequest(), and sspmod_authfacebook_Facebook\initSharedSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAccessToken()

BaseFacebook::setAccessToken (   $access_token)

Sets the access token for api calls.

Use this if you get your access token by other means and just want the SDK to use it.

Parameters
string$access_tokenan access token.
Returns
BaseFacebook

Definition at line 331 of file base_facebook.php.

331 {
332 $this->accessToken = $access_token;
333 return $this;
334 }

Referenced by getAccessToken().

+ Here is the caller graph for this function:

◆ setApiSecret()

BaseFacebook::setApiSecret (   $apiSecret)

Set the App Secret.

Parameters
string$apiSecretThe App Secret
Returns
BaseFacebook
Deprecated:

Definition at line 257 of file base_facebook.php.

257 {
258 $this->setAppSecret($apiSecret);
259 return $this;
260 }

References setAppSecret().

+ Here is the call graph for this function:

◆ setAppId()

BaseFacebook::setAppId (   $appId)

Set the Application ID.

Parameters
string$appIdThe Application ID
Returns
BaseFacebook

Definition at line 236 of file base_facebook.php.

236 {
237 $this->appId = $appId;
238 return $this;
239 }

References $appId.

Referenced by __construct().

+ Here is the caller graph for this function:

◆ setAppSecret()

BaseFacebook::setAppSecret (   $appSecret)

Set the App Secret.

Parameters
string$appSecretThe App Secret
Returns
BaseFacebook

Definition at line 268 of file base_facebook.php.

268 {
269 $this->appSecret = $appSecret;
270 return $this;
271 }

References $appSecret.

Referenced by __construct(), and setApiSecret().

+ Here is the caller graph for this function:

◆ setExtendedAccessToken()

BaseFacebook::setExtendedAccessToken ( )

Extend an access token, while removing the short-lived token that might have been generated via client-side flow.

Thanks to http://bit.ly/b0Pt0H for the workaround.

Definition at line 341 of file base_facebook.php.

341 {
342 try {
343 // need to circumvent json_decode by calling _oauthRequest
344 // directly, since response isn't JSON format
345 $access_token_response = $this->_oauthRequest(
346 $this->getUrl('graph', '/oauth/access_token'),
347 $params = array(
348 'client_id' => $this->getAppId(),
349 'client_secret' => $this->getAppSecret(),
350 'grant_type' => 'fb_exchange_token',
351 'fb_exchange_token' => $this->getAccessToken(),
352 )
353 );
354 }
355 catch (FacebookApiException $e) {
356 // most likely that user very recently revoked authorization
357 // In any event, we don't have an access token, so say so
358 return false;
359 }
360
361 if (empty($access_token_response)) {
362 return false;
363 }
364
365 $response_params = array();
366 parse_str($access_token_response, $response_params);
367
368 if (!isset($response_params['access_token'])) {
369 return false;
370 }
371
372 $this->destroySession();
373
374 $this->setPersistentData(
375 'access_token', $response_params['access_token']
376 );
377 }

References PHPMailer\PHPMailer\$params, _oauthRequest(), destroySession(), getAccessToken(), getAppId(), getAppSecret(), getUrl(), and setPersistentData().

+ Here is the call graph for this function:

◆ setFileUploadSupport()

BaseFacebook::setFileUploadSupport (   $fileUploadSupport)

Set the file upload support status.

Parameters
boolean$fileUploadSupportThe file upload support status.
Returns
BaseFacebook

Definition at line 298 of file base_facebook.php.

298 {
299 $this->fileUploadSupport = $fileUploadSupport;
300 return $this;
301 }

References $fileUploadSupport.

Referenced by __construct().

+ Here is the caller graph for this function:

◆ setPersistentData()

BaseFacebook::setPersistentData (   $key,
  $value 
)
abstractprotected

Each of the following four methods should be overridden in a concrete subclass, as they are in the provided Facebook class.

The Facebook class uses PHP sessions to provide a primitive persistent store, but another subclass–one that you implement– might use a database, memcache, or an in-memory cache.

See also
Facebook Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
Parameters
string$key
array$value
Returns
void

Reimplemented in sspmod_authfacebook_Facebook.

Referenced by establishCSRFTokenState(), getUserAccessToken(), getUserFromAvailableData(), and setExtendedAccessToken().

+ Here is the caller graph for this function:

◆ throwAPIException()

BaseFacebook::throwAPIException (   $result)
protected

Analyzes the supplied result to see if it was thrown because the access token is no longer valid.

If that is the case, then we destroy the session.

Parameters
$resultarray A record storing the error message returned by a failed API call.

Definition at line 1206 of file base_facebook.php.

1206 {
1207 $e = new FacebookApiException($result);
1208 switch ($e->getType()) {
1209 // OAuth 2.0 Draft 00 style
1210 case 'OAuthException':
1211 // OAuth 2.0 Draft 10 style
1212 case 'invalid_token':
1213 // REST server errors are just Exceptions
1214 case 'Exception':
1215 $message = $e->getMessage();
1216 if ((strpos($message, 'Error validating access token') !== false) ||
1217 (strpos($message, 'Invalid OAuth access token') !== false) ||
1218 (strpos($message, 'An active access token must be used') !== false)
1219 ) {
1220 $this->destroySession();
1221 }
1222 break;
1223 }
1224
1225 throw $e;
1226 }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34

References $message, $result, and destroySession().

Referenced by _graph(), and _restserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ useFileUploadSupport()

BaseFacebook::useFileUploadSupport ( )

DEPRECATED! Please use getFileUploadSupport instead.

Get the file upload support status.

Returns
boolean true if and only if the server supports file upload.

Definition at line 319 of file base_facebook.php.

319 {
320 return $this->getFileUploadSupport();
321 }

References getFileUploadSupport().

+ Here is the call graph for this function:

Field Documentation

◆ $accessToken

BaseFacebook::$accessToken = null
protected

Definition at line 189 of file base_facebook.php.

Referenced by getAccessToken().

◆ $appId

BaseFacebook::$appId
protected

Definition at line 157 of file base_facebook.php.

Referenced by getAppId(), and setAppId().

◆ $appSecret

BaseFacebook::$appSecret
protected

Definition at line 164 of file base_facebook.php.

Referenced by getApplicationAccessToken(), getAppSecret(), and setAppSecret().

◆ $CURL_OPTS

BaseFacebook::$CURL_OPTS
static
Initial value:
= array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
)

Default options for curl.

Definition at line 133 of file base_facebook.php.

Referenced by makeRequest().

◆ $DOMAIN_MAP

BaseFacebook::$DOMAIN_MAP
static
Initial value:
= array(
'api' => 'https://api.facebook.com/',
'api_video' => 'https://api-video.facebook.com/',
'api_read' => 'https://api-read.facebook.com/',
'graph' => 'https://graph.facebook.com/',
'graph_video' => 'https://graph-video.facebook.com/',
'www' => 'https://www.facebook.com/',
)

Maps aliases to Facebook domains.

Definition at line 143 of file base_facebook.php.

◆ $fileUploadSupport

BaseFacebook::$fileUploadSupport = false
protected

Definition at line 196 of file base_facebook.php.

Referenced by getFileUploadSupport(), and setFileUploadSupport().

◆ $signedRequest

BaseFacebook::$signedRequest
protected

The data from the signed_request token.

Definition at line 176 of file base_facebook.php.

Referenced by getSignedRequest().

◆ $state

BaseFacebook::$state
protected

A CSRF state variable to assist in the defense against CSRF attacks.

Definition at line 181 of file base_facebook.php.

Referenced by __construct().

◆ $trustForwarded

BaseFacebook::$trustForwarded = false
protected

Definition at line 203 of file base_facebook.php.

◆ $user

BaseFacebook::$user
protected

Definition at line 171 of file base_facebook.php.

Referenced by getUser(), and getUserFromAvailableData().

◆ SIGNED_REQUEST_ALGORITHM

const BaseFacebook::SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256'

Signed Request Algorithm.

Definition at line 128 of file base_facebook.php.

Referenced by makeSignedRequest().

◆ VERSION

const BaseFacebook::VERSION = '3.2.2'

Version.

Definition at line 123 of file base_facebook.php.

The documentation for this class was generated from the following file: