nebulaweb3: default/assets/vendors/theme-widgets/vendor/mute/facebook/example/server-side-re-auth.php annotate

annotate default/assets/vendors/theme-widgets/vendor/mute/facebook/example/server-side-re-auth.php @ 0:1d038bc9b3d2 default tip

Up:default

author	Liny <dev@neowd.com>
date	Sat, 31 May 2025 09:21:51 +0800
parents
children

rev	line source
0 1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	1 <?php
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	2
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	3 /**
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	4 * Re-authentication.
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	5 *
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	6 * @author Xavier Barbosa
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	7 * @since 13 February, 2013
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	8 * @link https://developers.facebook.com/docs/howtos/login/server-side-re-auth/
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	9 **/
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	10
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	11 use Mute\Facebook\App;
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	12
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	13 /**
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	14 * Default params
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	15 **/
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	16
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	17 $app_id = "YOUR_APP_ID";
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	18 $app_secret = "YOUR_APP_SECRET";
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	19 $my_url = "YOUR_URL";
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	20
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	21 session_start();
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	22
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	23 /**
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	24 * The process
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	25 **/
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	26
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	27 $app = new App($app_id, $app_secret);
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	28
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	29
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	30 $code = $_REQUEST["code"];
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	31
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	32 if (empty($code)) {
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	33 $_SESSION['state'] = md5(uniqid(rand(), true));
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	34 $_SESSION['nonce'] = md5(uniqid(rand(), TRUE)); // New code to generate auth_nonce
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	35
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	36 $dialog_url = $app->getOAuth()->getCodeURL($my_url, array('user_birthday', 'read_stream'), $_SESSION['state'], 'reauthenticate', $_SESSION['nonce']);
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	37
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	38 echo "<script> top.location.href=" . json_encode($dialog_url) . "</script>";
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	39 die;
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	40 }
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	41
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	42 if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	43 if($_REQUEST['auth_nonce'] && ($_REQUEST['auth_nonce'] === $_SESSION['nonce'])) {
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	44 $params = $app->getOAuth()->getAccessToken($code);
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	45 $_SESSION['access_token'] = $params['access_token'];
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	46
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	47 $user = $app->get('me', array(
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	48 'access_token' => $params['access_token'],
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	49 ));
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	50 echo("Hello " . $user->name);
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	51 }
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	52 else {
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	53 echo "The auth_nonce does not match. This may be caused by a replay attack.";
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	54 }
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	55 }
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	56 else {
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	57 echo("The state does not match. You may be a victim of CSRF.");
1d038bc9b3d2 Up:default Liny <dev@neowd.com> parents: diff changeset	58 }

Mercurial > nebulaweb3

annotate default/assets/vendors/theme-widgets/vendor/mute/facebook/example/server-side-re-auth.php @ 0:1d038bc9b3d2 default tip