Mercurial > nebulaweb3
comparison default/assets/vendors/theme-widgets/vendor/mute/facebook/example/canvas-authentification.php @ 0:1d038bc9b3d2 default tip
Up:default
| author | Liny <dev@neowd.com> |
|---|---|
| date | Sat, 31 May 2025 09:21:51 +0800 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1d038bc9b3d2 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 * Get the id for the connected user. | |
| 5 * | |
| 6 * It does not use the cookie of Javascript SDK | |
| 7 * | |
| 8 * @author Xavier Barbosa | |
| 9 * @since 13 February, 2013 | |
| 10 * @link https://developers.facebook.com/blog/post/616/ | |
| 11 **/ | |
| 12 | |
| 13 use Mute\Facebook\App; | |
| 14 use Mute\Facebook\Exception\GraphAPIException; | |
| 15 | |
| 16 /** | |
| 17 * Default params | |
| 18 **/ | |
| 19 | |
| 20 $app_id = "YOUR_APP_ID"; | |
| 21 $app_secret = "YOUR_APP_SECRET"; | |
| 22 | |
| 23 /** | |
| 24 * The process | |
| 25 **/ | |
| 26 | |
| 27 $app = new App($app_id, $app_secret); | |
| 28 | |
| 29 session_start(); | |
| 30 | |
| 31 $user_id = $_SESSION['user_id']; | |
| 32 $access_token = $_SESSION['access_token']; | |
| 33 | |
| 34 // ensure that we are still the current user | |
| 35 $signed_request = isset($_REQUEST['signed_request']) | |
| 36 ? $app->parseSignedRequest($_REQUEST['signed_request']) | |
| 37 : null; | |
| 38 | |
| 39 if ($signed_request && $signed_request['user_id'] != $user_id) { | |
| 40 // oups, we are another user, clear the session | |
| 41 $user_id = null; | |
| 42 } | |
| 43 | |
| 44 if (!$user_id) { | |
| 45 // if a signed request is supplied, then it solely determines who the user is. | |
| 46 if ($signed_request) { | |
| 47 if (array_key_exists('user_id', $signed_request)) { | |
| 48 $user_id = $signed_request['user_id']; | |
| 49 | |
| 50 if ($user_id != $_SESSION['user_id']) { | |
| 51 session_destroy(); | |
| 52 session_start(); | |
| 53 } | |
| 54 | |
| 55 $user_id = $_SESSION['user_id'] = $signed_request['user_id']; | |
| 56 $_SESSION['access_token'] = $signed_request['oauth_token']; | |
| 57 goto finishedAuthentification; | |
| 58 } | |
| 59 else { | |
| 60 session_destroy(); | |
| 61 session_start(); | |
| 62 goto finishedAuthentification; | |
| 63 } | |
| 64 } | |
| 65 else { | |
| 66 // use access_token to fetch user id if we have a user access_token, or if | |
| 67 // the cached access token has changed. | |
| 68 if ($code = $_REQUEST['code']) { | |
| 69 if ($_REQUEST['state'] == $_SESSION['state']) { | |
| 70 unset($_SESSION['state']); | |
| 71 $data = $app->getOAuth()->getAccessToken($code); | |
| 72 $access_token = $_SESSION['access_token'] = $data['access_token']; | |
| 73 } | |
| 74 else { | |
| 75 | |
| 76 die('CSRF state token does not match one provided'); | |
| 77 } | |
| 78 } | |
| 79 | |
| 80 if ($access_token) { | |
| 81 try { | |
| 82 $user_info = $app->get('/me', array( | |
| 83 'access_token' => $access_token, | |
| 84 )); | |
| 85 $user_id = $_SESSION['user_id'] = $user_info['user_id']; | |
| 86 } catch (GraphAPIException $e) { | |
| 87 session_destroy(); | |
| 88 session_start(); | |
| 89 } | |
| 90 } | |
| 91 else { | |
| 92 die('Cannot fetch user without access_token'); | |
| 93 } | |
| 94 } | |
| 95 } | |
| 96 | |
| 97 finishedAuthentification: | |
| 98 | |
| 99 echo 'user_id is: ' $user_id; |