|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 * Get the id for the connected user.
|
|
|
5 *
|
|
|
6 * It does not use the cookie of Javascript SDK
|
|
|
7 *
|
|
|
8 * @author Xavier Barbosa
|
|
|
9 * @since 13 February, 2013
|
|
|
10 * @link https://developers.facebook.com/blog/post/616/
|
|
|
11 **/
|
|
|
12
|
|
|
13 use Mute\Facebook\App;
|
|
|
14 use Mute\Facebook\Exception\GraphAPIException;
|
|
|
15
|
|
|
16 /**
|
|
|
17 * Default params
|
|
|
18 **/
|
|
|
19
|
|
|
20 $app_id = "YOUR_APP_ID";
|
|
|
21 $app_secret = "YOUR_APP_SECRET";
|
|
|
22
|
|
|
23 /**
|
|
|
24 * The process
|
|
|
25 **/
|
|
|
26
|
|
|
27 $app = new App($app_id, $app_secret);
|
|
|
28
|
|
|
29 session_start();
|
|
|
30
|
|
|
31 $user_id = $_SESSION['user_id'];
|
|
|
32 $access_token = $_SESSION['access_token'];
|
|
|
33
|
|
|
34 // ensure that we are still the current user
|
|
|
35 $signed_request = isset($_REQUEST['signed_request'])
|
|
|
36 ? $app->parseSignedRequest($_REQUEST['signed_request'])
|
|
|
37 : null;
|
|
|
38
|
|
|
39 if ($signed_request && $signed_request['user_id'] != $user_id) {
|
|
|
40 // oups, we are another user, clear the session
|
|
|
41 $user_id = null;
|
|
|
42 }
|
|
|
43
|
|
|
44 if (!$user_id) {
|
|
|
45 // if a signed request is supplied, then it solely determines who the user is.
|
|
|
46 if ($signed_request) {
|
|
|
47 if (array_key_exists('user_id', $signed_request)) {
|
|
|
48 $user_id = $signed_request['user_id'];
|
|
|
49
|
|
|
50 if ($user_id != $_SESSION['user_id']) {
|
|
|
51 session_destroy();
|
|
|
52 session_start();
|
|
|
53 }
|
|
|
54
|
|
|
55 $user_id = $_SESSION['user_id'] = $signed_request['user_id'];
|
|
|
56 $_SESSION['access_token'] = $signed_request['oauth_token'];
|
|
|
57 goto finishedAuthentification;
|
|
|
58 }
|
|
|
59 else {
|
|
|
60 session_destroy();
|
|
|
61 session_start();
|
|
|
62 goto finishedAuthentification;
|
|
|
63 }
|
|
|
64 }
|
|
|
65 else {
|
|
|
66 // use access_token to fetch user id if we have a user access_token, or if
|
|
|
67 // the cached access token has changed.
|
|
|
68 if ($code = $_REQUEST['code']) {
|
|
|
69 if ($_REQUEST['state'] == $_SESSION['state']) {
|
|
|
70 unset($_SESSION['state']);
|
|
|
71 $data = $app->getOAuth()->getAccessToken($code);
|
|
|
72 $access_token = $_SESSION['access_token'] = $data['access_token'];
|
|
|
73 }
|
|
|
74 else {
|
|
|
75
|
|
|
76 die('CSRF state token does not match one provided');
|
|
|
77 }
|
|
|
78 }
|
|
|
79
|
|
|
80 if ($access_token) {
|
|
|
81 try {
|
|
|
82 $user_info = $app->get('/me', array(
|
|
|
83 'access_token' => $access_token,
|
|
|
84 ));
|
|
|
85 $user_id = $_SESSION['user_id'] = $user_info['user_id'];
|
|
|
86 } catch (GraphAPIException $e) {
|
|
|
87 session_destroy();
|
|
|
88 session_start();
|
|
|
89 }
|
|
|
90 }
|
|
|
91 else {
|
|
|
92 die('Cannot fetch user without access_token');
|
|
|
93 }
|
|
|
94 }
|
|
|
95 }
|
|
|
96
|
|
|
97 finishedAuthentification:
|
|
|
98
|
|
|
99 echo 'user_id is: ' $user_id;
|
