Mercurial > nebulaweb3

comparison default/assets/vendors/theme-widgets/vendor/mute/facebook/example/server-side-re-auth.php @ 0:1d038bc9b3d2 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Up:default
author Liny <dev@neowd.com>
date Sat, 31 May 2025 09:21:51 +0800
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1d038bc9b3d2
1 <?php
2
3 /**
4 * Re-authentication.
5 *
6 * @author Xavier Barbosa
7 * @since 13 February, 2013
8 * @link https://developers.facebook.com/docs/howtos/login/server-side-re-auth/
9 **/
10
11 use Mute\Facebook\App;
12
13 /**
14 * Default params
15 **/
16
17 $app_id = "YOUR_APP_ID";
18 $app_secret = "YOUR_APP_SECRET";
19 $my_url = "YOUR_URL";
20
21 session_start();
22
23 /**
24 * The process
25 **/
26
27 $app = new App($app_id, $app_secret);
28
29
30 $code = $_REQUEST["code"];
31
32 if (empty($code)) {
33 $_SESSION['state'] = md5(uniqid(rand(), true));
34 $_SESSION['nonce'] = md5(uniqid(rand(), TRUE)); // New code to generate auth_nonce
35
36 $dialog_url = $app->getOAuth()->getCodeURL($my_url, array('user_birthday', 'read_stream'), $_SESSION['state'], 'reauthenticate', $_SESSION['nonce']);
37
38 echo "<script> top.location.href=" . json_encode($dialog_url) . "</script>";
39 die;
40 }
41
42 if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
43 if($_REQUEST['auth_nonce'] && ($_REQUEST['auth_nonce'] === $_SESSION['nonce'])) {
44 $params = $app->getOAuth()->getAccessToken($code);
45 $_SESSION['access_token'] = $params['access_token'];
46
47 $user = $app->get('me', array(
48 'access_token' => $params['access_token'],
49 ));
50 echo("Hello " . $user->name);
51 }
52 else {
53 echo "The auth_nonce does not match. This may be caused by a replay attack.";
54 }
55 }
56 else {
57 echo("The state does not match. You may be a victim of CSRF.");
58 }