18if (!function_exists(
'curl_init')) {
 
   19  throw new Exception(
'Facebook needs the CURL PHP extension.');
 
   21if (!function_exists(
'json_decode')) {
 
   22  throw new Exception(
'Facebook needs the JSON PHP extension.');
 
   47    if (isset(
$result[
'error_description'])) {
 
   49      $msg = 
$result[
'error_description'];
 
   50    } 
else if (isset(
$result[
'error']) && is_array(
$result[
'error'])) {
 
   52      $msg = 
$result[
'error'][
'message'];
 
   53    } 
else if (isset(
$result[
'error_msg'])) {
 
   57      $msg = 
'Unknown Error. Check getResult()';
 
   60    parent::__construct($msg, 
$code);
 
   79    if (isset($this->result[
'error'])) {
 
   80      $error = $this->result[
'error'];
 
   81      if (is_string($error)) {
 
   84      } 
else if (is_array($error)) {
 
   86        if (isset($error[
'type'])) {
 
   87          return $error[
'type'];
 
  101    $str = $this->
getType() . 
': ';
 
  102    if ($this->code != 0) {
 
  103      $str .= $this->code . 
': ';
 
  134    CURLOPT_CONNECTTIMEOUT => 10,
 
  135    CURLOPT_RETURNTRANSFER => 
true,
 
  136    CURLOPT_TIMEOUT        => 60,
 
  137    CURLOPT_USERAGENT      => 
'facebook-php-3.2',
 
  144    'api'         => 
'https://api.facebook.com/',
 
  145    'api_video'   => 
'https://api-video.facebook.com/',
 
  146    'api_read'    => 
'https://api-read.facebook.com/',
 
  147    'graph'       => 
'https://graph.facebook.com/',
 
  148    'graph_video' => 
'https://graph-video.facebook.com/',
 
  149    'www'         => 
'https://www.facebook.com/',
 
  218    if (isset(
$config[
'fileUpload'])) {
 
  221    if (isset(
$config[
'trustForwarded']) && 
$config[
'trustForwarded']) {
 
  222      $this->trustForwarded = 
true;
 
  332    $this->accessToken = $access_token;
 
  346        $this->
getUrl(
'graph', 
'/oauth/access_token'),
 
  350          'grant_type' => 
'fb_exchange_token',
 
  361    if (empty($access_token_response)) {
 
  365    $response_params = array();
 
  366    parse_str($access_token_response, $response_params);
 
  368    if (!isset($response_params[
'access_token'])) {
 
  375      'access_token', $response_params[
'access_token']
 
  389    if ($this->accessToken !== 
null) {
 
  399    if ($user_access_token) {
 
  421    if ($signed_request) {
 
  423      if (array_key_exists(
'oauth_token', $signed_request)) {
 
  424        $access_token = $signed_request[
'oauth_token'];
 
  426        return $access_token;
 
  430      if (array_key_exists(
'code', $signed_request)) {
 
  431        $code = $signed_request[
'code'];
 
  441          return $access_token;
 
  458        return $access_token;
 
  480    if (!$this->signedRequest) {
 
  481      if (!empty($_REQUEST[
'signed_request'])) {
 
  483          $_REQUEST[
'signed_request']);
 
  499    if ($this->
user !== 
null) {
 
  519    if ($signed_request) {
 
  520      if (array_key_exists(
'user_id', $signed_request)) {
 
  521        $user = $signed_request[
'user_id'];
 
  545        !(
$user && $persisted_access_token == $access_token)) {
 
  575    if ($scopeParams && is_array($scopeParams)) {
 
  576      $params[
'scope'] = implode(
',', $scopeParams);
 
  584                    'redirect_uri' => $currentUrl, 
 
  585                    'state' => $this->state),
 
  623      'extern/login_status.php',
 
  629        'session_version' => 3,
 
  640    $args = func_get_args();
 
  641    if (is_array($args[0])) {
 
  644      return call_user_func_array(array($this, 
'_graph'), $args);
 
  658    return 'fbsr_'.$this->getAppId();
 
  669    return 'fbm_'.$this->getAppId();
 
  681    if (isset($_REQUEST[
'code'])) {
 
  682      if ($this->state !== 
null &&
 
  683          isset($_REQUEST[
'state']) &&
 
  684          $this->state === $_REQUEST[
'state']) {
 
  689        return $_REQUEST[
'code'];
 
  691        self::errorLog(
'CSRF state token does not match one provided. ' . $this->state . 
'!=' . $_REQUEST[
'state']);
 
  711      $user_info = $this->
api(
'/me');
 
  712      return $user_info[
'id'];
 
  735    if ($this->state === 
null) {
 
  736      $this->state = md5(uniqid(mt_rand(), 
true));
 
  758    if ($redirect_uri === 
null) {
 
  765      $access_token_response =
 
  767          $this->
getUrl(
'graph', 
'/oauth/access_token'),
 
  770                          'redirect_uri' => $redirect_uri,
 
  779    if (empty($access_token_response)) {
 
  780      self::errorlog(
'No access token response');
 
  784    $response_params = json_decode($access_token_response, 
true);
 
  785    if (!isset($response_params[
'access_token'])) {
 
  786      self::errorlog(
'No access token in response. ' . $access_token_response);
 
  790    return $response_params[
'access_token'];
 
  804    $params[
'format'] = 
'json-strings';
 
  818    $method = strtolower(
$params[
'method']);
 
  819    if ($method === 
'auth.expiresession' ||
 
  820        $method === 
'auth.revokeauthorization') {
 
  836    if ($method == 
'POST' && preg_match(
"/^(\/)(.+)(\/)(videos)$/", 
$path)) {
 
  853    if (is_array($method) && empty(
$params)) {
 
  860      $domainKey = 
'graph_video';
 
  862      $domainKey = 
'graph';
 
  890    if (!isset(
$params[
'access_token'])) {
 
  896      if (!is_string($value)) {
 
  922      $opts[CURLOPT_POSTFIELDS] = 
$params;
 
  924      $opts[CURLOPT_POSTFIELDS] = http_build_query(
$params, 
null, 
'&');
 
  926    $opts[CURLOPT_URL] = 
$url;
 
  930    if (isset($opts[CURLOPT_HTTPHEADER])) {
 
  931      $existing_headers = $opts[CURLOPT_HTTPHEADER];
 
  932      $existing_headers[] = 
'Expect:';
 
  933      $opts[CURLOPT_HTTPHEADER] = $existing_headers;
 
  935      $opts[CURLOPT_HTTPHEADER] = array(
'Expect:');
 
  938    curl_setopt_array($ch, $opts);
 
  941    if (curl_errno($ch) == 60) { 
 
  943                     'using bundled information');
 
  944      curl_setopt($ch, CURLOPT_CAINFO,
 
  945                  dirname(__FILE__) . 
'/fb_ca_chain_bundle.crt');
 
  954    if (
$result === 
false && empty($opts[CURLOPT_IPRESOLVE])) {
 
  956        $regex = 
'/Failed to connect to ([^:].*): Network is unreachable/';
 
  957        if (preg_match($regex, curl_error($ch), $matches)) {
 
  958          if (strlen(@inet_pton($matches[1])) === 16) {
 
  960                           'Please disable or get native IPv6 on your server.');
 
  961            self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
 
  962            curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
 
  970        'error_code' => curl_errno($ch),
 
  972        'message' => curl_error($ch),
 
  973        'type' => 
'CurlException',
 
  990    list($encoded_sig, $payload) = explode(
'.', $signed_request, 2);
 
  994    $data = json_decode(self::base64UrlDecode($payload), 
true);
 
  996    if (strtoupper(
$data[
'algorithm']) !== self::SIGNED_REQUEST_ALGORITHM) {
 
  998        'Unknown algorithm. Expected ' . self::SIGNED_REQUEST_ALGORITHM);
 
 1003    $expected_sig = hash_hmac(
'sha256', $payload,
 
 1005    if ($sig !== $expected_sig) {
 
 1020    if (!is_array(
$data)) {
 
 1021      throw new InvalidArgumentException(
 
 1022        'makeSignedRequest expects an array. Got: ' . print_r(
$data, 
true));
 
 1025    $data[
'issued_at'] = time();
 
 1026    $json = json_encode(
$data);
 
 1028    $raw_sig = hash_hmac(
'sha256', $b64, $this->
getAppSecret(), $raw = 
true);
 
 1030    return $sig.
'.'.$b64;
 
 1040    static $READ_ONLY_CALLS =
 
 1041      array(
'admin.getallocation' => 1,
 
 1042            'admin.getappproperties' => 1,
 
 1043            'admin.getbannedusers' => 1,
 
 1044            'admin.getlivestreamvialink' => 1,
 
 1045            'admin.getmetrics' => 1,
 
 1046            'admin.getrestrictioninfo' => 1,
 
 1047            'application.getpublicinfo' => 1,
 
 1048            'auth.getapppublickey' => 1,
 
 1049            'auth.getsession' => 1,
 
 1050            'auth.getsignedpublicsessiondata' => 1,
 
 1051            'comments.get' => 1,
 
 1052            'connect.getunconnectedfriendscount' => 1,
 
 1053            'dashboard.getactivity' => 1,
 
 1054            'dashboard.getcount' => 1,
 
 1055            'dashboard.getglobalnews' => 1,
 
 1056            'dashboard.getnews' => 1,
 
 1057            'dashboard.multigetcount' => 1,
 
 1058            'dashboard.multigetnews' => 1,
 
 1059            'data.getcookies' => 1,
 
 1061            'events.getmembers' => 1,
 
 1062            'fbml.getcustomtags' => 1,
 
 1063            'feed.getappfriendstories' => 1,
 
 1064            'feed.getregisteredtemplatebundlebyid' => 1,
 
 1065            'feed.getregisteredtemplatebundles' => 1,
 
 1066            'fql.multiquery' => 1,
 
 1068            'friends.arefriends' => 1,
 
 1070            'friends.getappusers' => 1,
 
 1071            'friends.getlists' => 1,
 
 1072            'friends.getmutualfriends' => 1,
 
 1075            'groups.getmembers' => 1,
 
 1076            'intl.gettranslations' => 1,
 
 1079            'notifications.get' => 1,
 
 1080            'pages.getinfo' => 1,
 
 1081            'pages.isadmin' => 1,
 
 1082            'pages.isappadded' => 1,
 
 1084            'permissions.checkavailableapiaccess' => 1,
 
 1085            'permissions.checkgrantedapiaccess' => 1,
 
 1087            'photos.getalbums' => 1,
 
 1088            'photos.gettags' => 1,
 
 1089            'profile.getinfo' => 1,
 
 1090            'profile.getinfooptions' => 1,
 
 1092            'stream.getcomments' => 1,
 
 1093            'stream.getfilters' => 1,
 
 1094            'users.getinfo' => 1,
 
 1095            'users.getloggedinuser' => 1,
 
 1096            'users.getstandardinfo' => 1,
 
 1097            'users.hasapppermission' => 1,
 
 1098            'users.isappuser' => 1,
 
 1099            'users.isverified' => 1,
 
 1100            'video.getuploadlimits' => 1);
 
 1102    if (isset($READ_ONLY_CALLS[strtolower($method)])) {
 
 1104    } 
else if (strtolower($method) == 
'video.upload') {
 
 1105      $name = 
'api_video';
 
 1122      if (
$path[0] === 
'/') {
 
 1128      $url .= 
'?' . http_build_query(
$params, 
null, 
'&');
 
 1135    if ($this->trustForwarded && isset(
$_SERVER[
'HTTP_X_FORWARDED_HOST'])) {
 
 1136      return $_SERVER[
'HTTP_X_FORWARDED_HOST'];
 
 1142    if ($this->trustForwarded && isset(
$_SERVER[
'HTTP_X_FORWARDED_PROTO'])) {
 
 1143      if (
$_SERVER[
'HTTP_X_FORWARDED_PROTO'] === 
'https') {
 
 1154    if (isset(
$_SERVER[
'SERVER_PORT']) &&
 
 1155        (
$_SERVER[
'SERVER_PORT'] === 
'443')) {
 
 1168    if (array_key_exists(
'base_domain', 
$metadata) &&
 
 1170      return trim(
$metadata[
'base_domain'], 
'.');
 
 1184    $currentUrl = 
$protocol.$host.$_SERVER[
'REQUEST_URI'];
 
 1185    $parts = parse_url($currentUrl);
 
 1189      isset($parts[
'port']) &&
 
 1190      ((
$protocol === 
'http://' && $parts[
'port'] !== 80) ||
 
 1191       (
$protocol === 
'https://' && $parts[
'port'] !== 443))
 
 1192      ? 
':' . $parts[
'port'] : 
'';
 
 1195    return $protocol . $parts[
'host'] . $port . $parts[
'path'];
 
 1208    switch ($e->getType()) {
 
 1210      case 'OAuthException':
 
 1212      case 'invalid_token':
 
 1216        if ((strpos(
$message, 
'Error validating access token') !== 
false) ||
 
 1217            (strpos(
$message, 
'Invalid OAuth access token') !== 
false) ||
 
 1218            (strpos(
$message, 
'An active access token must be used') !== 
false)
 
 1237    if (php_sapi_name() != 
'cli') {
 
 1254    return base64_decode(strtr(
$input, 
'-_', 
'+/'));
 
 1267    $str = strtr(base64_encode(
$input), 
'+/', 
'-_');
 
 1268    $str = str_replace(
'=', 
'', $str);
 
 1276    $this->accessToken = 
null;
 
 1277    $this->signedRequest = 
null;
 
 1284    if (array_key_exists($cookie_name, 
$_COOKIE)) {
 
 1286      if (!headers_sent()) {
 
 1288        setcookie($cookie_name, 
'', 1, 
'/', 
'.'.$base_domain);
 
 1292          'There exists a cookie that we wanted to clear that we couldn\'t '.
 
 1293          'clear because headers was already sent. Make sure to do the first '.
 
 1294          'API call before outputing anything.' 
 1308    if (!array_key_exists($cookie_name, 
$_COOKIE)) {
 
 1313    $cookie_value = trim(
$_COOKIE[$cookie_name], 
'"');
 
 1315    if (empty($cookie_value)) {
 
 1319    $parts = explode(
'&', $cookie_value);
 
 1321    foreach ($parts as $part) {
 
 1322      $pair = explode(
'=', $part, 2);
 
 1323      if (!empty($pair[0])) {
 
 1325          (count($pair) > 1) ? urldecode($pair[1]) : 
'';
 
 1333    if ($big === $small) {
 
 1340    $len = strlen($small);
 
 1344    return substr($big, -$len) === $small;
 
$metadata['__DYNAMIC:1__']
Provides access to the Facebook Platform.
_graph($path, $method='GET', $params=array())
Invoke the Graph API.
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
static $DOMAIN_MAP
Maps aliases to Facebook domains.
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is avail...
getAppId()
Get the Application ID.
makeSignedRequest($data)
Makes a signed_request blob using the given data.
getAccessToken()
Determines the access token that should be used for API calls.
useFileUploadSupport()
DEPRECATED! Please use getFileUploadSupport instead.
setPersistentData($key, $value)
Each of the following four methods should be overridden in a concrete subclass, as they are in the pr...
clearAllPersistentData()
Clear all data from the persistent storage.
_restserver($params)
Invoke the old restserver.php endpoint.
getFileUploadSupport()
Get the file upload support status.
setAccessToken($access_token)
Sets the access token for api calls.
getApiUrl($method)
Build the URL for api given parameters.
getLoginStatusUrl($params=array())
Get a login status URL to fetch the status from Facebook.
clearPersistentData($key)
Clear the data with $key from the persistent storage.
static endsWith($big, $small)
getUrl($name, $path='', $params=array())
Build the URL for given domain alias, path and parameters.
destroySession()
Destroy the current session.
establishCSRFTokenState()
Lays down a CSRF state token for this process.
setAppId($appId)
Set the Application ID.
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
getAccessTokenFromCode($code, $redirect_uri=null)
Retrieves an access token for the given authorization code (previously generated from www....
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to sig...
getBaseDomain()
Get the base domain used for the cookie.
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app ...
getLogoutUrl($params=array())
Get a Logout URL suitable for use with redirects.
throwAPIException($result)
Analyzes the supplied result to see if it was thrown because the access token is no longer valid.
_oauthRequest($url, $params)
Make a OAuth Request.
getUser()
Get the UID of the connected user, or 0 if the Facebook user is not connected.
$state
A CSRF state variable to assist in the defense against CSRF attacks.
static base64UrlDecode($input)
Base64 encoding that doesn't need to be urlencode()ed.
static errorLog($msg)
Prints to the error log if you aren't in command line mode.
$signedRequest
The data from the signed_request token.
const SIGNED_REQUEST_ALGORITHM
Signed Request Algorithm.
getMetadataCookie()
Parses the metadata cookie that our Javascript API set.
isVideoPost($path, $method='GET')
Return true if this is video post.
setFileUploadSupport($fileUploadSupport)
Set the file upload support status.
static base64UrlEncode($input)
Base64 encoding that doesn't need to be urlencode()ed.
getApiSecret()
Get the App Secret.
setAppSecret($appSecret)
Set the App Secret.
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingl...
getMetadataCookieName()
Constructs and returns the name of the coookie that potentially contain metadata.
makeRequest($url, $params, $ch=null)
Makes an HTTP request.
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorizati...
static $CURL_OPTS
Default options for curl.
getLoginUrl($params=array())
Get a Login URL for use with redirects.
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie.
setExtendedAccessToken()
Extend an access token, while removing the short-lived token that might have been generated via clien...
getAppSecret()
Get the App Secret.
__construct($config)
Initialize a Facebook Application.
static isAllowedDomain($big, $small)
setApiSecret($apiSecret)
Set the App Secret.
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present,...
An exception for terminatinating execution or to throw for unit testing.
Copyright 2011 Facebook, Inc.
getType()
Returns the associated type for the error.
$result
The result from the API server that represents the exception information.
__toString()
To make debugging easier.
__construct($result)
Make a new API Exception with the given result.
getResult()
Return the associated result object returned by the API server.
catch(Exception $e) $message
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']