PageRenderTime 27ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/include/social/facebook/facebook_sdk/src/facebook.php

https://bitbucket.org/allexblacker/suitecrm
PHP | 227 lines | 106 code | 20 blank | 101 comment | 15 complexity | dc3f0f826fbbbd1b337470b3d7919e52 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright 2011 Facebook, Inc.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License"); you may
    6. 

  6.  * not use this file except in compliance with the License. You may obtain
    7. 

  7.  * a copy of the License at
    8. 

  8.  *
    9. 

  9.  *     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  * Unless required by applicable law or agreed to in writing, software
    12. 

  12.  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    13. 

  13.  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
    14. 

  14.  * License for the specific language governing permissions and limitations
    15. 

  15.  * under the License.
    16. 

  16.  */
    17. 

  17. 

  18. require_once "base_facebook.php";
    19. 

  19. 

  20. /**
    21. 

  21.  * Extends the BaseFacebook class with the intent of using
    22. 

  22.  * PHP sessions to store user ids and access tokens.
    23. 

  23.  */
    24. 

  24. class Facebook extends BaseFacebook
    25. 

  25. {
    26. 

  26.   /**
    27. 

  27.    * Cookie prefix
    28. 

  28.    */
    29. 

  29.   const FBSS_COOKIE_NAME = 'fbss';
    30. 

  30. 

  31.   /**
    32. 

  32.    * We can set this to a high number because the main session
    33. 

  33.    * expiration will trump this.
    34. 

  34.    */
    35. 

  35.   const FBSS_COOKIE_EXPIRE = 31556926; // 1 year
    36. 

  36. 

  37.   /**
    38. 

  38.    * Stores the shared session ID if one is set.
    39. 

  39.    *
    40. 

  40.    * @var string
    41. 

  41.    */
    42. 

  42.   protected $sharedSessionID;
    43. 

  43. 

  44.   /**
    45. 

  45.    * Identical to the parent constructor, except that
    46. 

  46.    * we start a PHP session to store the user ID and
    47. 

  47.    * access token if during the course of execution
    48. 

  48.    * we discover them.
    49. 

  49.    *
    50. 

  50.    * @param array $config the application configuration. Additionally
    51. 

  51.    * accepts "sharedSession" as a boolean to turn on a secondary
    52. 

  52.    * cookie for environments with a shared session (that is, your app
    53. 

  53.    * shares the domain with other apps).
    54. 

  54.    *
    55. 

  55.    * @see BaseFacebook::__construct
    56. 

  56.    */
    57. 

  57.   public function __construct($config) {
    58. 

  58.     if (!session_id()) {
    59. 

  59.       session_start();
    60. 

  60.     }
    61. 

  61.     parent::__construct($config);
    62. 

  62.     if (!empty($config['sharedSession'])) {
    63. 

  63.       $this->initSharedSession();
    64. 

  64. 

  65.       // re-load the persisted state, since parent
    66. 

  66.       // attempted to read out of non-shared cookie
    67. 

  67.       $state = $this->getPersistentData('state');
    68. 

  68.       if (!empty($state)) {
    69. 

  69.         $this->state = $state;
    70. 

  70.       } else {
    71. 

  71.         $this->state = null;
    72. 

  72.       }
    73. 

  73. 

  74.     }
    75. 

  75.   }
    76. 

  76. 

  77.   /**
    78. 

  78.    * Supported keys for persistent data
    79. 

  79.    *
    80. 

  80.    * @var array
    81. 

  81.    */
    82. 

  82.   protected static $kSupportedKeys =
    83. 

  83.     array('state', 'code', 'access_token', 'user_id');
    84. 

  84. 

  85.   /**
    86. 

  86.    * Initiates Shared Session
    87. 

  87.    */
    88. 

  88.   protected function initSharedSession() {
    89. 

  89.     $cookie_name = $this->getSharedSessionCookieName();
    90. 

  90.     if (isset($_COOKIE[$cookie_name])) {
    91. 

  91.       $data = $this->parseSignedRequest($_COOKIE[$cookie_name]);
    92. 

  92.       if ($data && !empty($data['domain']) &&
    93. 

  93.           self::isAllowedDomain($this->getHttpHost(), $data['domain'])) {
    94. 

  94.         // good case
    95. 

  95.         $this->sharedSessionID = $data['id'];
    96. 

  96.         return;
    97. 

  97.       }
    98. 

  98.       // ignoring potentially unreachable data
    99. 

  99.     }
    100. 

  100.     // evil/corrupt/missing case
    101. 

  101.     $base_domain = $this->getBaseDomain();
    102. 

  102.     $this->sharedSessionID = md5(uniqid(mt_rand(), true));
    103. 

  103.     $cookie_value = $this->makeSignedRequest(
    104. 

  104.       array(
    105. 

  105.         'domain' => $base_domain,
    106. 

  106.         'id' => $this->sharedSessionID,
    107. 

  107.       )
    108. 

  108.     );
    109. 

  109.     $_COOKIE[$cookie_name] = $cookie_value;
    110. 

  110.     if (!headers_sent()) {
    111. 

  111.       $expire = time() + self::FBSS_COOKIE_EXPIRE;
    112. 

  112.         SugarApplication::setCookie($cookie_name, $cookie_value, $expire, '/', '.'.$base_domain, false, true);
    113. 

  113.     } else {
    114. 

  114.       // @codeCoverageIgnoreStart
    115. 

  115.       self::errorLog(
    116. 

  116.         'Shared session ID cookie could not be set! You must ensure you '.
    117. 

  117.         'create the Facebook instance before headers have been sent. This '.
    118. 

  118.         'will cause authentication issues after the first request.'
    119. 

  119.       );
    120. 

  120.       // @codeCoverageIgnoreEnd
    121. 

  121.     }
    122. 

  122.   }
    123. 

  123. 

  124.   /**
    125. 

  125.    * Provides the implementations of the inherited abstract
    126. 

  126.    * methods. The implementation uses PHP sessions to maintain
    127. 

  127.    * a store for authorization codes, user ids, CSRF states, and
    128. 

  128.    * access tokens.
    129. 

  129.    */
    130. 

  130. 

  131.   /**
    132. 

  132.    * {@inheritdoc}
    133. 

  133.    *
    134. 

  134.    * @see BaseFacebook::setPersistentData()
    135. 

  135.    */
    136. 

  136.   protected function setPersistentData($key, $value) {
    137. 

  137.     if (!in_array($key, self::$kSupportedKeys)) {
    138. 

  138.       self::errorLog('Unsupported key passed to setPersistentData.');
    139. 

  139.       return;
    140. 

  140.     }
    141. 

  141. 

  142.     $session_var_name = $this->constructSessionVariableName($key);
    143. 

  143.     $_SESSION[$session_var_name] = $value;
    144. 

  144.   }
    145. 

  145. 

  146.   /**
    147. 

  147.    * {@inheritdoc}
    148. 

  148.    *
    149. 

  149.    * @see BaseFacebook::getPersistentData()
    150. 

  150.    */
    151. 

  151.   protected function getPersistentData($key, $default = false) {
    152. 

  152.     if (!in_array($key, self::$kSupportedKeys)) {
    153. 

  153.       self::errorLog('Unsupported key passed to getPersistentData.');
    154. 

  154.       return $default;
    155. 

  155.     }
    156. 

  156. 

  157.     $session_var_name = $this->constructSessionVariableName($key);
    158. 

  158.     return isset($_SESSION[$session_var_name]) ?
    159. 

  159.       $_SESSION[$session_var_name] : $default;
    160. 

  160.   }
    161. 

  161. 

  162.   /**
    163. 

  163.    * {@inheritdoc}
    164. 

  164.    *
    165. 

  165.    * @see BaseFacebook::clearPersistentData()
    166. 

  166.    */
    167. 

  167.   protected function clearPersistentData($key) {
    168. 

  168.     if (!in_array($key, self::$kSupportedKeys)) {
    169. 

  169.       self::errorLog('Unsupported key passed to clearPersistentData.');
    170. 

  170.       return;
    171. 

  171.     }
    172. 

  172. 

  173.     $session_var_name = $this->constructSessionVariableName($key);
    174. 

  174.     if (isset($_SESSION[$session_var_name])) {
    175. 

  175.       unset($_SESSION[$session_var_name]);
    176. 

  176.     }
    177. 

  177.   }
    178. 

  178. 

  179.   /**
    180. 

  180.    * {@inheritdoc}
    181. 

  181.    *
    182. 

  182.    * @see BaseFacebook::clearAllPersistentData()
    183. 

  183.    */
    184. 

  184.   protected function clearAllPersistentData() {
    185. 

  185.     foreach (self::$kSupportedKeys as $key) {
    186. 

  186.       $this->clearPersistentData($key);
    187. 

  187.     }
    188. 

  188.     if ($this->sharedSessionID) {
    189. 

  189.       $this->deleteSharedSessionCookie();
    190. 

  190.     }
    191. 

  191.   }
    192. 

  192. 

  193.   /**
    194. 

  194.    * Deletes Shared session cookie
    195. 

  195.    */
    196. 

  196.   protected function deleteSharedSessionCookie() {
    197. 

  197.     $cookie_name = $this->getSharedSessionCookieName();
    198. 

  198.     unset($_COOKIE[$cookie_name]);
    199. 

  199.     $base_domain = $this->getBaseDomain();
    200. 

  200.     setcookie($cookie_name, '', 1, '/', '.'.$base_domain, false, true);
    201. 

  201.   }
    202. 

  202. 

  203.   /**
    204. 

  204.    * Returns the Shared session cookie name
    205. 

  205.    *
    206. 

  206.    * @return string The Shared session cookie name
    207. 

  207.    */
    208. 

  208.   protected function getSharedSessionCookieName() {
    209. 

  209.     return self::FBSS_COOKIE_NAME . '_' . $this->getAppId();
    210. 

  210.   }
    211. 

  211. 

  212.   /**
    213. 

  213.    * Constructs and returns the name of the session key.
    214. 

  214.    *
    215. 

  215.    * @see setPersistentData()
    216. 

  216.    * @param string $key The key for which the session variable name to construct.
    217. 

  217.    *
    218. 

  218.    * @return string The name of the session key.
    219. 

  219.    */
    220. 

  220.   protected function constructSessionVariableName($key) {
    221. 

  221.     $parts = array('fb', $this->getAppId(), $key);
    222. 

  222.     if ($this->sharedSessionID) {
    223. 

  223.       array_unshift($parts, $this->sharedSessionID);
    224. 

  224.     }
    225. 

  225.     return implode('_', $parts);
    226. 

  226.   }
    227. 

  227. }
    228. 

  228.