Skip to content
Browse files

Trying to add it again

  • Loading branch information...
1 parent a41869e commit 6ab2662ea7a97bb0e643d7b3ff2287c94bda3510 @baldwinlouie committed
Showing with 5,448 additions and 0 deletions.
  1. +28 −0 sites/all/libraries/facebook-php-sdk/changelog.md
  2. +22 −0 sites/all/libraries/facebook-php-sdk/composer.json
  3. +102 −0 sites/all/libraries/facebook-php-sdk/examples/example.php
  4. +59 −0 sites/all/libraries/facebook-php-sdk/examples/with_js_sdk.php
  5. +28 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/changelog.md
  6. +22 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/composer.json
  7. +102 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/examples/example.php
  8. +59 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/examples/with_js_sdk.php
  9. +85 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/readme.md
  10. +1,269 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/base_facebook.php
  11. +93 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/facebook.php
  12. +121 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/fb_ca_chain_bundle.crt
  13. +5 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/tests/bootstrap.php
  14. +940 −0 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/tests/tests.php
  15. +85 −0 sites/all/libraries/facebook-php-sdk/readme.md
  16. +1,269 −0 sites/all/libraries/facebook-php-sdk/src/base_facebook.php
  17. +93 −0 sites/all/libraries/facebook-php-sdk/src/facebook.php
  18. +121 −0 sites/all/libraries/facebook-php-sdk/src/fb_ca_chain_bundle.crt
  19. +5 −0 sites/all/libraries/facebook-php-sdk/tests/bootstrap.php
  20. +940 −0 sites/all/libraries/facebook-php-sdk/tests/tests.php
View
28 sites/all/libraries/facebook-php-sdk/changelog.md
@@ -0,0 +1,28 @@
+Facebook PHP SDK (v.3.0.0)
+==========================
+
+The new PHP SDK (v3.0.0) is a major upgrade to the older one (v2.2.x):
+
+- Uses OAuth authentication flows instead of our legacy authentication flow
+- Consists of two classes. The first (class BaseFacebook) maintains the core of the upgrade, and the second one (class Facebook) is a small subclass that uses PHP sessions to store the user id and access token.
+
+If you’re currently using the PHP SDK (v2.2.x) for authentication, you will recall that the login code looked like this:
+
+ $facebook = new Facebook(…);
+ $session = $facebook->getSession();
+ if ($session) {
+ // proceed knowing you have a valid user session
+ } else {
+ // proceed knowing you require user login and/or authentication
+ }
+
+The login code is now:
+
+ $facebook = new Facebook(…);
+ $user = $facebook->getUser();
+ if ($user) {
+ // proceed knowing you have a logged in user who's authenticated
+ } else {
+ // proceed knowing you require user login and/or authentication
+ }
+
View
22 sites/all/libraries/facebook-php-sdk/composer.json
@@ -0,0 +1,22 @@
+{
+ "name": "facebook/php-sdk",
+ "description": "Facebook PHP SDK",
+ "keywords": ["facebook", "sdk"],
+ "type": "library",
+ "homepage": "https://github.com/facebook/facebook-php-sdk",
+ "license": "Apache2",
+ "authors": [
+ {
+ "name": "Facebook",
+ "homepage": "https://github.com/facebook/facebook-php-sdk/contributors"
+ }
+ ],
+ "require": {
+ "php": ">=5.2.0",
+ "ext-curl": "*",
+ "ext-json": "*"
+ },
+ "autoload": {
+ "classmap": ["src"]
+ }
+}
View
102 sites/all/libraries/facebook-php-sdk/examples/example.php
@@ -0,0 +1,102 @@
+<?php
+/**
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+require '../src/facebook.php';
+
+// Create our Application instance (replace this with your appId and secret).
+$facebook = new Facebook(array(
+ 'appId' => '344617158898614',
+ 'secret' => '6dc8ac871858b34798bc2488200e503d',
+));
+
+// Get User ID
+$user = $facebook->getUser();
+
+// We may or may not have this data based on whether the user is logged in.
+//
+// If we have a $user id here, it means we know the user is logged into
+// Facebook, but we don't know if the access token is valid. An access
+// token is invalid if the user logged out of Facebook.
+
+if ($user) {
+ try {
+ // Proceed knowing you have a logged in user who's authenticated.
+ $user_profile = $facebook->api('/me');
+ } catch (FacebookApiException $e) {
+ error_log($e);
+ $user = null;
+ }
+}
+
+// Login or logout url will be needed depending on current user state.
+if ($user) {
+ $logoutUrl = $facebook->getLogoutUrl();
+} else {
+ $loginUrl = $facebook->getLoginUrl();
+}
+
+// This call will always work since we are fetching public data.
+$naitik = $facebook->api('/naitik');
+
+?>
+<!doctype html>
+<html xmlns:fb="http://www.facebook.com/2008/fbml">
+ <head>
+ <title>php-sdk</title>
+ <style>
+ body {
+ font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
+ }
+ h1 a {
+ text-decoration: none;
+ color: #3b5998;
+ }
+ h1 a:hover {
+ text-decoration: underline;
+ }
+ </style>
+ </head>
+ <body>
+ <h1>php-sdk</h1>
+
+ <?php if ($user): ?>
+ <a href="<?php echo $logoutUrl; ?>">Logout</a>
+ <?php else: ?>
+ <div>
+ Login using OAuth 2.0 handled by the PHP SDK:
+ <a href="<?php echo $loginUrl; ?>">Login with Facebook</a>
+ </div>
+ <?php endif ?>
+
+ <h3>PHP Session</h3>
+ <pre><?php print_r($_SESSION); ?></pre>
+
+ <?php if ($user): ?>
+ <h3>You</h3>
+ <img src="https://graph.facebook.com/<?php echo $user; ?>/picture">
+
+ <h3>Your User Object (/me)</h3>
+ <pre><?php print_r($user_profile); ?></pre>
+ <?php else: ?>
+ <strong><em>You are not Connected.</em></strong>
+ <?php endif ?>
+
+ <h3>Public profile of Naitik</h3>
+ <img src="https://graph.facebook.com/naitik/picture">
+ <?php echo $naitik['name']; ?>
+ </body>
+</html>
View
59 sites/all/libraries/facebook-php-sdk/examples/with_js_sdk.php
@@ -0,0 +1,59 @@
+<?php
+
+require '../src/facebook.php';
+
+$facebook = new Facebook(array(
+ 'appId' => '344617158898614',
+ 'secret' => '6dc8ac871858b34798bc2488200e503d',
+));
+
+// See if there is a user from a cookie
+$user = $facebook->getUser();
+
+if ($user) {
+ try {
+ // Proceed knowing you have a logged in user who's authenticated.
+ $user_profile = $facebook->api('/me');
+ } catch (FacebookApiException $e) {
+ echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
+ $user = null;
+ }
+}
+
+?>
+<!DOCTYPE html>
+<html xmlns:fb="http://www.facebook.com/2008/fbml">
+ <body>
+ <?php if ($user) { ?>
+ Your user profile is
+ <pre>
+ <?php print htmlspecialchars(print_r($user_profile, true)) ?>
+ </pre>
+ <?php } else { ?>
+ <fb:login-button></fb:login-button>
+ <?php } ?>
+ <div id="fb-root"></div>
+ <script>
+ window.fbAsyncInit = function() {
+ FB.init({
+ appId: '<?php echo $facebook->getAppID() ?>',
+ cookie: true,
+ xfbml: true,
+ oauth: true
+ });
+ FB.Event.subscribe('auth.login', function(response) {
+ window.location.reload();
+ });
+ FB.Event.subscribe('auth.logout', function(response) {
+ window.location.reload();
+ });
+ };
+ (function() {
+ var e = document.createElement('script'); e.async = true;
+ e.src = document.location.protocol +
+ '//connect.facebook.net/en_US/all.js';
+ document.getElementById('fb-root').appendChild(e);
+ }());
+ </script>
+ </body>
+</html>
View
28 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/changelog.md
@@ -0,0 +1,28 @@
+Facebook PHP SDK (v.3.0.0)
+==========================
+
+The new PHP SDK (v3.0.0) is a major upgrade to the older one (v2.2.x):
+
+- Uses OAuth authentication flows instead of our legacy authentication flow
+- Consists of two classes. The first (class BaseFacebook) maintains the core of the upgrade, and the second one (class Facebook) is a small subclass that uses PHP sessions to store the user id and access token.
+
+If you’re currently using the PHP SDK (v2.2.x) for authentication, you will recall that the login code looked like this:
+
+ $facebook = new Facebook(…);
+ $session = $facebook->getSession();
+ if ($session) {
+ // proceed knowing you have a valid user session
+ } else {
+ // proceed knowing you require user login and/or authentication
+ }
+
+The login code is now:
+
+ $facebook = new Facebook(…);
+ $user = $facebook->getUser();
+ if ($user) {
+ // proceed knowing you have a logged in user who's authenticated
+ } else {
+ // proceed knowing you require user login and/or authentication
+ }
+
View
22 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/composer.json
@@ -0,0 +1,22 @@
+{
+ "name": "facebook/php-sdk",
+ "description": "Facebook PHP SDK",
+ "keywords": ["facebook", "sdk"],
+ "type": "library",
+ "homepage": "https://github.com/facebook/facebook-php-sdk",
+ "license": "Apache2",
+ "authors": [
+ {
+ "name": "Facebook",
+ "homepage": "https://github.com/facebook/facebook-php-sdk/contributors"
+ }
+ ],
+ "require": {
+ "php": ">=5.2.0",
+ "ext-curl": "*",
+ "ext-json": "*"
+ },
+ "autoload": {
+ "classmap": ["src"]
+ }
+}
View
102 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/examples/example.php
@@ -0,0 +1,102 @@
+<?php
+/**
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+require '../src/facebook.php';
+
+// Create our Application instance (replace this with your appId and secret).
+$facebook = new Facebook(array(
+ 'appId' => '344617158898614',
+ 'secret' => '6dc8ac871858b34798bc2488200e503d',
+));
+
+// Get User ID
+$user = $facebook->getUser();
+
+// We may or may not have this data based on whether the user is logged in.
+//
+// If we have a $user id here, it means we know the user is logged into
+// Facebook, but we don't know if the access token is valid. An access
+// token is invalid if the user logged out of Facebook.
+
+if ($user) {
+ try {
+ // Proceed knowing you have a logged in user who's authenticated.
+ $user_profile = $facebook->api('/me');
+ } catch (FacebookApiException $e) {
+ error_log($e);
+ $user = null;
+ }
+}
+
+// Login or logout url will be needed depending on current user state.
+if ($user) {
+ $logoutUrl = $facebook->getLogoutUrl();
+} else {
+ $loginUrl = $facebook->getLoginUrl();
+}
+
+// This call will always work since we are fetching public data.
+$naitik = $facebook->api('/naitik');
+
+?>
+<!doctype html>
+<html xmlns:fb="http://www.facebook.com/2008/fbml">
+ <head>
+ <title>php-sdk</title>
+ <style>
+ body {
+ font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
+ }
+ h1 a {
+ text-decoration: none;
+ color: #3b5998;
+ }
+ h1 a:hover {
+ text-decoration: underline;
+ }
+ </style>
+ </head>
+ <body>
+ <h1>php-sdk</h1>
+
+ <?php if ($user): ?>
+ <a href="<?php echo $logoutUrl; ?>">Logout</a>
+ <?php else: ?>
+ <div>
+ Login using OAuth 2.0 handled by the PHP SDK:
+ <a href="<?php echo $loginUrl; ?>">Login with Facebook</a>
+ </div>
+ <?php endif ?>
+
+ <h3>PHP Session</h3>
+ <pre><?php print_r($_SESSION); ?></pre>
+
+ <?php if ($user): ?>
+ <h3>You</h3>
+ <img src="https://graph.facebook.com/<?php echo $user; ?>/picture">
+
+ <h3>Your User Object (/me)</h3>
+ <pre><?php print_r($user_profile); ?></pre>
+ <?php else: ?>
+ <strong><em>You are not Connected.</em></strong>
+ <?php endif ?>
+
+ <h3>Public profile of Naitik</h3>
+ <img src="https://graph.facebook.com/naitik/picture">
+ <?php echo $naitik['name']; ?>
+ </body>
+</html>
View
59 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/examples/with_js_sdk.php
@@ -0,0 +1,59 @@
+<?php
+
+require '../src/facebook.php';
+
+$facebook = new Facebook(array(
+ 'appId' => '344617158898614',
+ 'secret' => '6dc8ac871858b34798bc2488200e503d',
+));
+
+// See if there is a user from a cookie
+$user = $facebook->getUser();
+
+if ($user) {
+ try {
+ // Proceed knowing you have a logged in user who's authenticated.
+ $user_profile = $facebook->api('/me');
+ } catch (FacebookApiException $e) {
+ echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
+ $user = null;
+ }
+}
+
+?>
+<!DOCTYPE html>
+<html xmlns:fb="http://www.facebook.com/2008/fbml">
+ <body>
+ <?php if ($user) { ?>
+ Your user profile is
+ <pre>
+ <?php print htmlspecialchars(print_r($user_profile, true)) ?>
+ </pre>
+ <?php } else { ?>
+ <fb:login-button></fb:login-button>
+ <?php } ?>
+ <div id="fb-root"></div>
+ <script>
+ window.fbAsyncInit = function() {
+ FB.init({
+ appId: '<?php echo $facebook->getAppID() ?>',
+ cookie: true,
+ xfbml: true,
+ oauth: true
+ });
+ FB.Event.subscribe('auth.login', function(response) {
+ window.location.reload();
+ });
+ FB.Event.subscribe('auth.logout', function(response) {
+ window.location.reload();
+ });
+ };
+ (function() {
+ var e = document.createElement('script'); e.async = true;
+ e.src = document.location.protocol +
+ '//connect.facebook.net/en_US/all.js';
+ document.getElementById('fb-root').appendChild(e);
+ }());
+ </script>
+ </body>
+</html>
View
85 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/readme.md
@@ -0,0 +1,85 @@
+We have created a new repository for this project: https://github.com/facebook/facebook-php-sdk. Please update anything you have pointing at this repostory to this location before April 1, 2012.
+
+Facebook PHP SDK (v.3.1.1)
+==========================
+
+The [Facebook Platform](http://developers.facebook.com/) is
+a set of APIs that make your app more social
+
+This repository contains the open source PHP SDK that allows you to access Facebook Platform from your PHP app. Except as otherwise noted, the Facebook PHP SDK
+is licensed under the Apache Licence, Version 2.0
+(http://www.apache.org/licenses/LICENSE-2.0.html)
+
+
+Usage
+-----
+
+The [examples][examples] are a good place to start. The minimal you'll need to
+have is:
+
+ require 'facebook-php-sdk/src/facebook.php';
+
+ $facebook = new Facebook(array(
+ 'appId' => 'YOUR_APP_ID',
+ 'secret' => 'YOUR_APP_SECRET',
+ ));
+
+ // Get User ID
+ $user = $facebook->getUser();
+
+To make [API][API] calls:
+
+ if ($user) {
+ try {
+ // Proceed knowing you have a logged in user who's authenticated.
+ $user_profile = $facebook->api('/me');
+ } catch (FacebookApiException $e) {
+ error_log($e);
+ $user = null;
+ }
+ }
+
+Login or logout url will be needed depending on current user state.
+
+ if ($user) {
+ $logoutUrl = $facebook->getLogoutUrl();
+ } else {
+ $loginUrl = $facebook->getLoginUrl();
+ }
+
+[examples]: http://github.com/facebook/facebook-php-sdk/blob/master/examples/example.php
+[API]: http://developers.facebook.com/docs/api
+
+
+Tests
+-----
+
+In order to keep us nimble and allow us to bring you new functionality, without
+compromising on stability, we have ensured full test coverage of the SDK.
+We are including this in the open source repository to assure you of our
+commitment to quality, but also with the hopes that you will contribute back to
+help keep it stable. The easiest way to do so is to file bugs and include a
+test case.
+
+The tests can be executed by using this command from the base directory:
+
+ phpunit --stderr --bootstrap tests/bootstrap.php tests/tests.php
+
+
+Contributing
+===========
+For us to accept contributions you will have to first have signed the [Contributor License Agreement](https://developers.facebook.com/opensource/cla).
+
+When commiting, keep all lines to less than 80 characters, and try to follow the existing style.
+
+Before creating a pull request, squash your commits into a single commit.
+
+Add the comments where needed, and provide ample explanation in the commit message.
+
+
+Report Issues/Bugs
+===============
+[Bugs](https://developers.facebook.com/bugs)
+
+[Questions](http://facebook.stackoverflow.com)
+
View
1,269 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/base_facebook.php
@@ -0,0 +1,1269 @@
+<?php
+/**
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+if (!function_exists('curl_init')) {
+ throw new Exception('Facebook needs the CURL PHP extension.');
+}
+if (!function_exists('json_decode')) {
+ throw new Exception('Facebook needs the JSON PHP extension.');
+}
+
+/**
+ * Thrown when an API call returns an exception.
+ *
+ * @author Naitik Shah <naitik@facebook.com>
+ */
+class FacebookApiException extends Exception
+{
+ /**
+ * The result from the API server that represents the exception information.
+ */
+ protected $result;
+
+ /**
+ * Make a new API Exception with the given result.
+ *
+ * @param array $result The result from the API server
+ */
+ public function __construct($result) {
+ $this->result = $result;
+
+ $code = isset($result['error_code']) ? $result['error_code'] : 0;
+
+ if (isset($result['error_description'])) {
+ // OAuth 2.0 Draft 10 style
+ $msg = $result['error_description'];
+ } else if (isset($result['error']) && is_array($result['error'])) {
+ // OAuth 2.0 Draft 00 style
+ $msg = $result['error']['message'];
+ } else if (isset($result['error_msg'])) {
+ // Rest server style
+ $msg = $result['error_msg'];
+ } else {
+ $msg = 'Unknown Error. Check getResult()';
+ }
+
+ parent::__construct($msg, $code);
+ }
+
+ /**
+ * Return the associated result object returned by the API server.
+ *
+ * @return array The result from the API server
+ */
+ public function getResult() {
+ return $this->result;
+ }
+
+ /**
+ * Returns the associated type for the error. This will default to
+ * 'Exception' when a type is not available.
+ *
+ * @return string
+ */
+ public function getType() {
+ if (isset($this->result['error'])) {
+ $error = $this->result['error'];
+ if (is_string($error)) {
+ // OAuth 2.0 Draft 10 style
+ return $error;
+ } else if (is_array($error)) {
+ // OAuth 2.0 Draft 00 style
+ if (isset($error['type'])) {
+ return $error['type'];
+ }
+ }
+ }
+
+ return 'Exception';
+ }
+
+ /**
+ * To make debugging easier.
+ *
+ * @return string The string representation of the error
+ */
+ public function __toString() {
+ $str = $this->getType() . ': ';
+ if ($this->code != 0) {
+ $str .= $this->code . ': ';
+ }
+ return $str . $this->message;
+ }
+}
+
+/**
+ * Provides access to the Facebook Platform. This class provides
+ * a majority of the functionality needed, but the class is abstract
+ * because it is designed to be sub-classed. The subclass must
+ * implement the four abstract methods listed at the bottom of
+ * the file.
+ *
+ * @author Naitik Shah <naitik@facebook.com>
+ */
+abstract class BaseFacebook
+{
+ /**
+ * Version.
+ */
+ const VERSION = '3.1.1';
+
+ /**
+ * Default options for curl.
+ */
+ public static $CURL_OPTS = array(
+ CURLOPT_CONNECTTIMEOUT => 10,
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_TIMEOUT => 60,
+ CURLOPT_USERAGENT => 'facebook-php-3.1',
+ );
+
+ /**
+ * List of query parameters that get automatically dropped when rebuilding
+ * the current URL.
+ */
+ protected static $DROP_QUERY_PARAMS = array(
+ 'code',
+ 'state',
+ 'signed_request',
+ );
+
+ /**
+ * Maps aliases to Facebook domains.
+ */
+ public static $DOMAIN_MAP = array(
+ 'api' => 'https://api.facebook.com/',
+ 'api_video' => 'https://api-video.facebook.com/',
+ 'api_read' => 'https://api-read.facebook.com/',
+ 'graph' => 'https://graph.facebook.com/',
+ 'graph_video' => 'https://graph-video.facebook.com/',
+ 'www' => 'https://www.facebook.com/',
+ );
+
+ /**
+ * The Application ID.
+ *
+ * @var string
+ */
+ protected $appId;
+
+ /**
+ * The Application App Secret.
+ *
+ * @var string
+ */
+ protected $appSecret;
+
+ /**
+ * The ID of the Facebook user, or 0 if the user is logged out.
+ *
+ * @var integer
+ */
+ protected $user;
+
+ /**
+ * The data from the signed_request token.
+ */
+ protected $signedRequest;
+
+ /**
+ * A CSRF state variable to assist in the defense against CSRF attacks.
+ */
+ protected $state;
+
+ /**
+ * The OAuth access token received in exchange for a valid authorization
+ * code. null means the access token has yet to be determined.
+ *
+ * @var string
+ */
+ protected $accessToken = null;
+
+ /**
+ * Indicates if the CURL based @ syntax for file uploads is enabled.
+ *
+ * @var boolean
+ */
+ protected $fileUploadSupport = false;
+
+ /**
+ * Initialize a Facebook Application.
+ *
+ * The configuration:
+ * - appId: the application ID
+ * - secret: the application secret
+ * - fileUpload: (optional) boolean indicating if file uploads are enabled
+ *
+ * @param array $config The application configuration
+ */
+ public function __construct($config) {
+ $this->setAppId($config['appId']);
+ $this->setAppSecret($config['secret']);
+ if (isset($config['fileUpload'])) {
+ $this->setFileUploadSupport($config['fileUpload']);
+ }
+
+ $state = $this->getPersistentData('state');
+ if (!empty($state)) {
+ $this->state = $this->getPersistentData('state');
+ }
+ }
+
+ /**
+ * Set the Application ID.
+ *
+ * @param string $appId The Application ID
+ * @return BaseFacebook
+ */
+ public function setAppId($appId) {
+ $this->appId = $appId;
+ return $this;
+ }
+
+ /**
+ * Get the Application ID.
+ *
+ * @return string the Application ID
+ */
+ public function getAppId() {
+ return $this->appId;
+ }
+
+ /**
+ * Set the App Secret.
+ *
+ * @param string $apiSecret The App Secret
+ * @return BaseFacebook
+ * @deprecated
+ */
+ public function setApiSecret($apiSecret) {
+ $this->setAppSecret($apiSecret);
+ return $this;
+ }
+
+ /**
+ * Set the App Secret.
+ *
+ * @param string $appSecret The App Secret
+ * @return BaseFacebook
+ */
+ public function setAppSecret($appSecret) {
+ $this->appSecret = $appSecret;
+ return $this;
+ }
+
+ /**
+ * Get the App Secret.
+ *
+ * @return string the App Secret
+ * @deprecated
+ */
+ public function getApiSecret() {
+ return $this->getAppSecret();
+ }
+
+ /**
+ * Get the App Secret.
+ *
+ * @return string the App Secret
+ */
+ public function getAppSecret() {
+ return $this->appSecret;
+ }
+
+ /**
+ * Set the file upload support status.
+ *
+ * @param boolean $fileUploadSupport The file upload support status.
+ * @return BaseFacebook
+ */
+ public function setFileUploadSupport($fileUploadSupport) {
+ $this->fileUploadSupport = $fileUploadSupport;
+ return $this;
+ }
+
+ /**
+ * Get the file upload support status.
+ *
+ * @return boolean true if and only if the server supports file upload.
+ */
+ public function getFileUploadSupport() {
+ return $this->fileUploadSupport;
+ }
+
+ /**
+ * DEPRECATED! Please use getFileUploadSupport instead.
+ *
+ * Get the file upload support status.
+ *
+ * @return boolean true if and only if the server supports file upload.
+ */
+ public function useFileUploadSupport() {
+ return $this->getFileUploadSupport();
+ }
+
+ /**
+ * Sets the access token for api calls. Use this if you get
+ * your access token by other means and just want the SDK
+ * to use it.
+ *
+ * @param string $access_token an access token.
+ * @return BaseFacebook
+ */
+ public function setAccessToken($access_token) {
+ $this->accessToken = $access_token;
+ return $this;
+ }
+
+ /**
+ * Determines the access token that should be used for API calls.
+ * The first time this is called, $this->accessToken is set equal
+ * to either a valid user access token, or it's set to the application
+ * access token if a valid user access token wasn't available. Subsequent
+ * calls return whatever the first call returned.
+ *
+ * @return string The access token
+ */
+ public function getAccessToken() {
+ if ($this->accessToken !== null) {
+ // we've done this already and cached it. Just return.
+ return $this->accessToken;
+ }
+
+ // first establish access token to be the application
+ // access token, in case we navigate to the /oauth/access_token
+ // endpoint, where SOME access token is required.
+ $this->setAccessToken($this->getApplicationAccessToken());
+ $user_access_token = $this->getUserAccessToken();
+ if ($user_access_token) {
+ $this->setAccessToken($user_access_token);
+ }
+
+ return $this->accessToken;
+ }
+
+ /**
+ * Determines and returns the user access token, first using
+ * the signed request if present, and then falling back on
+ * the authorization code if present. The intent is to
+ * return a valid user access token, or false if one is determined
+ * to not be available.
+ *
+ * @return string A valid user access token, or false if one
+ * could not be determined.
+ */
+ protected function getUserAccessToken() {
+ // first, consider a signed request if it's supplied.
+ // if there is a signed request, then it alone determines
+ // the access token.
+ $signed_request = $this->getSignedRequest();
+ if ($signed_request) {
+ // apps.facebook.com hands the access_token in the signed_request
+ if (array_key_exists('oauth_token', $signed_request)) {
+ $access_token = $signed_request['oauth_token'];
+ $this->setPersistentData('access_token', $access_token);
+ return $access_token;
+ }
+
+ // the JS SDK puts a code in with the redirect_uri of ''
+ if (array_key_exists('code', $signed_request)) {
+ $code = $signed_request['code'];
+ $access_token = $this->getAccessTokenFromCode($code, '');
+ if ($access_token) {
+ $this->setPersistentData('code', $code);
+ $this->setPersistentData('access_token', $access_token);
+ return $access_token;
+ }
+ }
+
+ // signed request states there's no access token, so anything
+ // stored should be cleared.
+ $this->clearAllPersistentData();
+ return false; // respect the signed request's data, even
+ // if there's an authorization code or something else
+ }
+
+ $code = $this->getCode();
+ if ($code && $code != $this->getPersistentData('code')) {
+ $access_token = $this->getAccessTokenFromCode($code);
+ if ($access_token) {
+ $this->setPersistentData('code', $code);
+ $this->setPersistentData('access_token', $access_token);
+ return $access_token;
+ }
+
+ // code was bogus, so everything based on it should be invalidated.
+ $this->clearAllPersistentData();
+ return false;
+ }
+
+ // as a fallback, just return whatever is in the persistent
+ // store, knowing nothing explicit (signed request, authorization
+ // code, etc.) was present to shadow it (or we saw a code in $_REQUEST,
+ // but it's the same as what's in the persistent store)
+ return $this->getPersistentData('access_token');
+ }
+
+ /**
+ * Retrieve the signed request, either from a request parameter or,
+ * if not present, from a cookie.
+ *
+ * @return string the signed request, if available, or null otherwise.
+ */
+ public function getSignedRequest() {
+ if (!$this->signedRequest) {
+ if (isset($_REQUEST['signed_request'])) {
+ $this->signedRequest = $this->parseSignedRequest(
+ $_REQUEST['signed_request']);
+ } else if (isset($_COOKIE[$this->getSignedRequestCookieName()])) {
+ $this->signedRequest = $this->parseSignedRequest(
+ $_COOKIE[$this->getSignedRequestCookieName()]);
+ }
+ }
+ return $this->signedRequest;
+ }
+
+ /**
+ * Get the UID of the connected user, or 0
+ * if the Facebook user is not connected.
+ *
+ * @return string the UID if available.
+ */
+ public function getUser() {
+ if ($this->user !== null) {
+ // we've already determined this and cached the value.
+ return $this->user;
+ }
+
+ return $this->user = $this->getUserFromAvailableData();
+ }
+
+ /**
+ * Determines the connected user by first examining any signed
+ * requests, then considering an authorization code, and then
+ * falling back to any persistent store storing the user.
+ *
+ * @return integer The id of the connected Facebook user,
+ * or 0 if no such user exists.
+ */
+ protected function getUserFromAvailableData() {
+ // if a signed request is supplied, then it solely determines
+ // who the user is.
+ $signed_request = $this->getSignedRequest();
+ if ($signed_request) {
+ if (array_key_exists('user_id', $signed_request)) {
+ $user = $signed_request['user_id'];
+ $this->setPersistentData('user_id', $signed_request['user_id']);
+ return $user;
+ }
+
+ // if the signed request didn't present a user id, then invalidate
+ // all entries in any persistent store.
+ $this->clearAllPersistentData();
+ return 0;
+ }
+
+ $user = $this->getPersistentData('user_id', $default = 0);
+ $persisted_access_token = $this->getPersistentData('access_token');
+
+ // use access_token to fetch user id if we have a user access_token, or if
+ // the cached access token has changed.
+ $access_token = $this->getAccessToken();
+ if ($access_token &&
+ $access_token != $this->getApplicationAccessToken() &&
+ !($user && $persisted_access_token == $access_token)) {
+ $user = $this->getUserFromAccessToken();
+ if ($user) {
+ $this->setPersistentData('user_id', $user);
+ } else {
+ $this->clearAllPersistentData();
+ }
+ }
+
+ return $user;
+ }
+
+ /**
+ * Get a Login URL for use with redirects. By default, full page redirect is
+ * assumed. If you are using the generated URL with a window.open() call in
+ * JavaScript, you can pass in display=popup as part of the $params.
+ *
+ * The parameters:
+ * - redirect_uri: the url to go to after a successful login
+ * - scope: comma separated list of requested extended perms
+ *
+ * @param array $params Provide custom parameters
+ * @return string The URL for the login flow
+ */
+ public function getLoginUrl($params=array()) {
+ $this->establishCSRFTokenState();
+ $currentUrl = $this->getCurrentUrl();
+
+ // if 'scope' is passed as an array, convert to comma separated list
+ $scopeParams = isset($params['scope']) ? $params['scope'] : null;
+ if ($scopeParams && is_array($scopeParams)) {
+ $params['scope'] = implode(',', $scopeParams);
+ }
+
+ return $this->getUrl(
+ 'www',
+ 'dialog/oauth',
+ array_merge(array(
+ 'client_id' => $this->getAppId(),
+ 'redirect_uri' => $currentUrl, // possibly overwritten
+ 'state' => $this->state),
+ $params));
+ }
+
+ /**
+ * Get a Logout URL suitable for use with redirects.
+ *
+ * The parameters:
+ * - next: the url to go to after a successful logout
+ *
+ * @param array $params Provide custom parameters
+ * @return string The URL for the logout flow
+ */
+ public function getLogoutUrl($params=array()) {
+ return $this->getUrl(
+ 'www',
+ 'logout.php',
+ array_merge(array(
+ 'next' => $this->getCurrentUrl(),
+ 'access_token' => $this->getAccessToken(),
+ ), $params)
+ );
+ }
+
+ /**
+ * Get a login status URL to fetch the status from Facebook.
+ *
+ * The parameters:
+ * - ok_session: the URL to go to if a session is found
+ * - no_session: the URL to go to if the user is not connected
+ * - no_user: the URL to go to if the user is not signed into facebook
+ *
+ * @param array $params Provide custom parameters
+ * @return string The URL for the logout flow
+ */
+ public function getLoginStatusUrl($params=array()) {
+ return $this->getUrl(
+ 'www',
+ 'extern/login_status.php',
+ array_merge(array(
+ 'api_key' => $this->getAppId(),
+ 'no_session' => $this->getCurrentUrl(),
+ 'no_user' => $this->getCurrentUrl(),
+ 'ok_session' => $this->getCurrentUrl(),
+ 'session_version' => 3,
+ ), $params)
+ );
+ }
+
+ /**
+ * Make an API call.
+ *
+ * @return mixed The decoded response
+ */
+ public function api(/* polymorphic */) {
+ $args = func_get_args();
+ if (is_array($args[0])) {
+ return $this->_restserver($args[0]);
+ } else {
+ return call_user_func_array(array($this, '_graph'), $args);
+ }
+ }
+
+ /**
+ * Constructs and returns the name of the cookie that
+ * potentially houses the signed request for the app user.
+ * The cookie is not set by the BaseFacebook class, but
+ * it may be set by the JavaScript SDK.
+ *
+ * @return string the name of the cookie that would house
+ * the signed request value.
+ */
+ protected function getSignedRequestCookieName() {
+ return 'fbsr_'.$this->getAppId();
+ }
+
+ /**
+ * Constructs and returns the name of the coookie that potentially contain
+ * metadata. The cookie is not set by the BaseFacebook class, but it may be
+ * set by the JavaScript SDK.
+ *
+ * @return string the name of the cookie that would house metadata.
+ */
+ protected function getMetadataCookieName() {
+ return 'fbm_'.$this->getAppId();
+ }
+
+ /**
+ * Get the authorization code from the query parameters, if it exists,
+ * and otherwise return false to signal no authorization code was
+ * discoverable.
+ *
+ * @return mixed The authorization code, or false if the authorization
+ * code could not be determined.
+ */
+ protected function getCode() {
+ if (isset($_REQUEST['code'])) {
+ if ($this->state !== null &&
+ isset($_REQUEST['state']) &&
+ $this->state === $_REQUEST['state']) {
+
+ // CSRF state has done its job, so clear it
+ $this->state = null;
+ $this->clearPersistentData('state');
+ return $_REQUEST['code'];
+ } else {
+ self::errorLog('CSRF state token does not match one provided.');
+ return false;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Retrieves the UID with the understanding that
+ * $this->accessToken has already been set and is
+ * seemingly legitimate. It relies on Facebook's Graph API
+ * to retrieve user information and then extract
+ * the user ID.
+ *
+ * @return integer Returns the UID of the Facebook user, or 0
+ * if the Facebook user could not be determined.
+ */
+ protected function getUserFromAccessToken() {
+ try {
+ $user_info = $this->api('/me');
+ return $user_info['id'];
+ } catch (FacebookApiException $e) {
+ return 0;
+ }
+ }
+
+ /**
+ * Returns the access token that should be used for logged out
+ * users when no authorization code is available.
+ *
+ * @return string The application access token, useful for gathering
+ * public information about users and applications.
+ */
+ protected function getApplicationAccessToken() {
+ return $this->appId.'|'.$this->appSecret;
+ }
+
+ /**
+ * Lays down a CSRF state token for this process.
+ *
+ * @return void
+ */
+ protected function establishCSRFTokenState() {
+ if ($this->state === null) {
+ $this->state = md5(uniqid(mt_rand(), true));
+ $this->setPersistentData('state', $this->state);
+ }
+ }
+
+ /**
+ * Retrieves an access token for the given authorization code
+ * (previously generated from www.facebook.com on behalf of
+ * a specific user). The authorization code is sent to graph.facebook.com
+ * and a legitimate access token is generated provided the access token
+ * and the user for which it was generated all match, and the user is
+ * either logged in to Facebook or has granted an offline access permission.
+ *
+ * @param string $code An authorization code.
+ * @return mixed An access token exchanged for the authorization code, or
+ * false if an access token could not be generated.
+ */
+ protected function getAccessTokenFromCode($code, $redirect_uri = null) {
+ if (empty($code)) {
+ return false;
+ }
+
+ if ($redirect_uri === null) {
+ $redirect_uri = $this->getCurrentUrl();
+ }
+
+ try {
+ // need to circumvent json_decode by calling _oauthRequest
+ // directly, since response isn't JSON format.
+ $access_token_response =
+ $this->_oauthRequest(
+ $this->getUrl('graph', '/oauth/access_token'),
+ $params = array('client_id' => $this->getAppId(),
+ 'client_secret' => $this->getAppSecret(),
+ 'redirect_uri' => $redirect_uri,
+ 'code' => $code));
+ } catch (FacebookApiException $e) {
+ // most likely that user very recently revoked authorization.
+ // In any event, we don't have an access token, so say so.
+ return false;
+ }
+
+ if (empty($access_token_response)) {
+ return false;
+ }
+
+ $response_params = array();
+ parse_str($access_token_response, $response_params);
+ if (!isset($response_params['access_token'])) {
+ return false;
+ }
+
+ return $response_params['access_token'];
+ }
+
+ /**
+ * Invoke the old restserver.php endpoint.
+ *
+ * @param array $params Method call object
+ *
+ * @return mixed The decoded response object
+ * @throws FacebookApiException
+ */
+ protected function _restserver($params) {
+ // generic application level parameters
+ $params['api_key'] = $this->getAppId();
+ $params['format'] = 'json-strings';
+
+ $result = json_decode($this->_oauthRequest(
+ $this->getApiUrl($params['method']),
+ $params
+ ), true);
+
+ // results are returned, errors are thrown
+ if (is_array($result) && isset($result['error_code'])) {
+ $this->throwAPIException($result);
+ }
+
+ if ($params['method'] === 'auth.expireSession' ||
+ $params['method'] === 'auth.revokeAuthorization') {
+ $this->destroySession();
+ }
+
+ return $result;
+ }
+
+ /**
+ * Return true if this is video post.
+ *
+ * @param string $path The path
+ * @param string $method The http method (default 'GET')
+ *
+ * @return boolean true if this is video post
+ */
+ protected function isVideoPost($path, $method = 'GET') {
+ if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Invoke the Graph API.
+ *
+ * @param string $path The path (required)
+ * @param string $method The http method (default 'GET')
+ * @param array $params The query/post data
+ *
+ * @return mixed The decoded response object
+ * @throws FacebookApiException
+ */
+ protected function _graph($path, $method = 'GET', $params = array()) {
+ if (is_array($method) && empty($params)) {
+ $params = $method;
+ $method = 'GET';
+ }
+ $params['method'] = $method; // method override as we always do a POST
+
+ if ($this->isVideoPost($path, $method)) {
+ $domainKey = 'graph_video';
+ } else {
+ $domainKey = 'graph';
+ }
+
+ $result = json_decode($this->_oauthRequest(
+ $this->getUrl($domainKey, $path),
+ $params
+ ), true);
+
+ // results are returned, errors are thrown
+ if (is_array($result) && isset($result['error'])) {
+ $this->throwAPIException($result);
+ }
+
+ return $result;
+ }
+
+ /**
+ * Make a OAuth Request.
+ *
+ * @param string $url The path (required)
+ * @param array $params The query/post data
+ *
+ * @return string The decoded response object
+ * @throws FacebookApiException
+ */
+ protected function _oauthRequest($url, $params) {
+ if (!isset($params['access_token'])) {
+ $params['access_token'] = $this->getAccessToken();
+ }
+
+ // json_encode all params values that are not strings
+ foreach ($params as $key => $value) {
+ if (!is_string($value)) {
+ $params[$key] = json_encode($value);
+ }
+ }
+
+ return $this->makeRequest($url, $params);
+ }
+
+ /**
+ * Makes an HTTP request. This method can be overridden by subclasses if
+ * developers want to do fancier things or use something other than curl to
+ * make the request.
+ *
+ * @param string $url The URL to make the request to
+ * @param array $params The parameters to use for the POST body
+ * @param CurlHandler $ch Initialized curl handle
+ *
+ * @return string The response text
+ */
+ protected function makeRequest($url, $params, $ch=null) {
+ if (!$ch) {
+ $ch = curl_init();
+ }
+
+ $opts = self::$CURL_OPTS;
+ if ($this->getFileUploadSupport()) {
+ $opts[CURLOPT_POSTFIELDS] = $params;
+ } else {
+ $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
+ }
+ $opts[CURLOPT_URL] = $url;
+
+ // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
+ // for 2 seconds if the server does not support this header.
+ if (isset($opts[CURLOPT_HTTPHEADER])) {
+ $existing_headers = $opts[CURLOPT_HTTPHEADER];
+ $existing_headers[] = 'Expect:';
+ $opts[CURLOPT_HTTPHEADER] = $existing_headers;
+ } else {
+ $opts[CURLOPT_HTTPHEADER] = array('Expect:');
+ }
+
+ curl_setopt_array($ch, $opts);
+ $result = curl_exec($ch);
+
+ if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
+ self::errorLog('Invalid or no certificate authority found, '.
+ 'using bundled information');
+ curl_setopt($ch, CURLOPT_CAINFO,
+ dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
+ $result = curl_exec($ch);
+ }
+
+ if ($result === false) {
+ $e = new FacebookApiException(array(
+ 'error_code' => curl_errno($ch),
+ 'error' => array(
+ 'message' => curl_error($ch),
+ 'type' => 'CurlException',
+ ),
+ ));
+ curl_close($ch);
+ throw $e;
+ }
+ curl_close($ch);
+ return $result;
+ }
+
+ /**
+ * Parses a signed_request and validates the signature.
+ *
+ * @param string $signed_request A signed token
+ * @return array The payload inside it or null if the sig is wrong
+ */
+ protected function parseSignedRequest($signed_request) {
+ list($encoded_sig, $payload) = explode('.', $signed_request, 2);
+
+ // decode the data
+ $sig = self::base64UrlDecode($encoded_sig);
+ $data = json_decode(self::base64UrlDecode($payload), true);
+
+ if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
+ self::errorLog('Unknown algorithm. Expected HMAC-SHA256');
+ return null;
+ }
+
+ // check sig
+ $expected_sig = hash_hmac('sha256', $payload,
+ $this->getAppSecret(), $raw = true);
+ if ($sig !== $expected_sig) {
+ self::errorLog('Bad Signed JSON signature!');
+ return null;
+ }
+
+ return $data;
+ }
+
+ /**
+ * Build the URL for api given parameters.
+ *
+ * @param $method String the method name.
+ * @return string The URL for the given parameters
+ */
+ protected function getApiUrl($method) {
+ static $READ_ONLY_CALLS =
+ array('admin.getallocation' => 1,
+ 'admin.getappproperties' => 1,
+ 'admin.getbannedusers' => 1,
+ 'admin.getlivestreamvialink' => 1,
+ 'admin.getmetrics' => 1,
+ 'admin.getrestrictioninfo' => 1,
+ 'application.getpublicinfo' => 1,
+ 'auth.getapppublickey' => 1,
+ 'auth.getsession' => 1,
+ 'auth.getsignedpublicsessiondata' => 1,
+ 'comments.get' => 1,
+ 'connect.getunconnectedfriendscount' => 1,
+ 'dashboard.getactivity' => 1,
+ 'dashboard.getcount' => 1,
+ 'dashboard.getglobalnews' => 1,
+ 'dashboard.getnews' => 1,
+ 'dashboard.multigetcount' => 1,
+ 'dashboard.multigetnews' => 1,
+ 'data.getcookies' => 1,
+ 'events.get' => 1,
+ 'events.getmembers' => 1,
+ 'fbml.getcustomtags' => 1,
+ 'feed.getappfriendstories' => 1,
+ 'feed.getregisteredtemplatebundlebyid' => 1,
+ 'feed.getregisteredtemplatebundles' => 1,
+ 'fql.multiquery' => 1,
+ 'fql.query' => 1,
+ 'friends.arefriends' => 1,
+ 'friends.get' => 1,
+ 'friends.getappusers' => 1,
+ 'friends.getlists' => 1,
+ 'friends.getmutualfriends' => 1,
+ 'gifts.get' => 1,
+ 'groups.get' => 1,
+ 'groups.getmembers' => 1,
+ 'intl.gettranslations' => 1,
+ 'links.get' => 1,
+ 'notes.get' => 1,
+ 'notifications.get' => 1,
+ 'pages.getinfo' => 1,
+ 'pages.isadmin' => 1,
+ 'pages.isappadded' => 1,
+ 'pages.isfan' => 1,
+ 'permissions.checkavailableapiaccess' => 1,
+ 'permissions.checkgrantedapiaccess' => 1,
+ 'photos.get' => 1,
+ 'photos.getalbums' => 1,
+ 'photos.gettags' => 1,
+ 'profile.getinfo' => 1,
+ 'profile.getinfooptions' => 1,
+ 'stream.get' => 1,
+ 'stream.getcomments' => 1,
+ 'stream.getfilters' => 1,
+ 'users.getinfo' => 1,
+ 'users.getloggedinuser' => 1,
+ 'users.getstandardinfo' => 1,
+ 'users.hasapppermission' => 1,
+ 'users.isappuser' => 1,
+ 'users.isverified' => 1,
+ 'video.getuploadlimits' => 1);
+ $name = 'api';
+ if (isset($READ_ONLY_CALLS[strtolower($method)])) {
+ $name = 'api_read';
+ } else if (strtolower($method) == 'video.upload') {
+ $name = 'api_video';
+ }
+ return self::getUrl($name, 'restserver.php');
+ }
+
+ /**
+ * Build the URL for given domain alias, path and parameters.
+ *
+ * @param $name string The name of the domain
+ * @param $path string Optional path (without a leading slash)
+ * @param $params array Optional query parameters
+ *
+ * @return string The URL for the given parameters
+ */
+ protected function getUrl($name, $path='', $params=array()) {
+ $url = self::$DOMAIN_MAP[$name];
+ if ($path) {
+ if ($path[0] === '/') {
+ $path = substr($path, 1);
+ }
+ $url .= $path;
+ }
+ if ($params) {
+ $url .= '?' . http_build_query($params, null, '&');
+ }
+
+ return $url;
+ }
+
+ /**
+ * Returns the Current URL, stripping it of known FB parameters that should
+ * not persist.
+ *
+ * @return string The current URL
+ */
+ protected function getCurrentUrl() {
+ if (isset($_SERVER['HTTPS']) &&
+ ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ||
+ isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
+ $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+ $protocol = 'https://';
+ }
+ else {
+ $protocol = 'http://';
+ }
+ $currentUrl = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+ $parts = parse_url($currentUrl);
+
+ $query = '';
+ if (!empty($parts['query'])) {
+ // drop known fb params
+ $params = explode('&', $parts['query']);
+ $retained_params = array();
+ foreach ($params as $param) {
+ if ($this->shouldRetainParam($param)) {
+ $retained_params[] = $param;
+ }
+ }
+
+ if (!empty($retained_params)) {
+ $query = '?'.implode($retained_params, '&');
+ }
+ }
+
+ // use port if non default
+ $port =
+ isset($parts['port']) &&
+ (($protocol === 'http://' && $parts['port'] !== 80) ||
+ ($protocol === 'https://' && $parts['port'] !== 443))
+ ? ':' . $parts['port'] : '';
+
+ // rebuild
+ return $protocol . $parts['host'] . $port . $parts['path'] . $query;
+ }
+
+ /**
+ * Returns true if and only if the key or key/value pair should
+ * be retained as part of the query string. This amounts to
+ * a brute-force search of the very small list of Facebook-specific
+ * params that should be stripped out.
+ *
+ * @param string $param A key or key/value pair within a URL's query (e.g.
+ * 'foo=a', 'foo=', or 'foo'.
+ *
+ * @return boolean
+ */
+ protected function shouldRetainParam($param) {
+ foreach (self::$DROP_QUERY_PARAMS as $drop_query_param) {
+ if (strpos($param, $drop_query_param.'=') === 0) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Analyzes the supplied result to see if it was thrown
+ * because the access token is no longer valid. If that is
+ * the case, then we destroy the session.
+ *
+ * @param $result array A record storing the error message returned
+ * by a failed API call.
+ */
+ protected function throwAPIException($result) {
+ $e = new FacebookApiException($result);
+ switch ($e->getType()) {
+ // OAuth 2.0 Draft 00 style
+ case 'OAuthException':
+ // OAuth 2.0 Draft 10 style
+ case 'invalid_token':
+ // REST server errors are just Exceptions
+ case 'Exception':
+ $message = $e->getMessage();
+ if ((strpos($message, 'Error validating access token') !== false) ||
+ (strpos($message, 'Invalid OAuth access token') !== false) ||
+ (strpos($message, 'An active access token must be used') !== false)
+ ) {
+ $this->destroySession();
+ }
+ break;
+ }
+
+ throw $e;
+ }
+
+
+ /**
+ * Prints to the error log if you aren't in command line mode.
+ *
+ * @param string $msg Log message
+ */
+ protected static function errorLog($msg) {
+ // disable error log if we are running in a CLI environment
+ // @codeCoverageIgnoreStart
+ if (php_sapi_name() != 'cli') {
+ error_log($msg);
+ }
+ // uncomment this if you want to see the errors on the page
+ // print 'error_log: '.$msg."\n";
+ // @codeCoverageIgnoreEnd
+ }
+
+ /**
+ * Base64 encoding that doesn't need to be urlencode()ed.
+ * Exactly the same as base64_encode except it uses
+ * - instead of +
+ * _ instead of /
+ *
+ * @param string $input base64UrlEncoded string
+ * @return string
+ */
+ protected static function base64UrlDecode($input) {
+ return base64_decode(strtr($input, '-_', '+/'));
+ }
+
+ /**
+ * Destroy the current session
+ */
+ public function destroySession() {
+ $this->accessToken = null;
+ $this->signedRequest = null;
+ $this->user = null;
+ $this->clearAllPersistentData();
+
+ // Javascript sets a cookie that will be used in getSignedRequest that we
+ // need to clear if we can
+ $cookie_name = $this->getSignedRequestCookieName();
+ if (array_key_exists($cookie_name, $_COOKIE)) {
+ unset($_COOKIE[$cookie_name]);
+ if (!headers_sent()) {
+ // The base domain is stored in the metadata cookie if not we fallback
+ // to the current hostname
+ $base_domain = '.'. $_SERVER['HTTP_HOST'];
+
+ $metadata = $this->getMetadataCookie();
+ if (array_key_exists('base_domain', $metadata) &&
+ !empty($metadata['base_domain'])) {
+ $base_domain = $metadata['base_domain'];
+ }
+
+ setcookie($cookie_name, '', 0, '/', $base_domain);
+ } else {
+ self::errorLog(
+ 'There exists a cookie that we wanted to clear that we couldn\'t '.
+ 'clear because headers was already sent. Make sure to do the first '.
+ 'API call before outputing anything'
+ );
+ }
+ }
+ }
+
+ /**
+ * Parses the metadata cookie that our Javascript API set
+ *
+ * @return an array mapping key to value
+ */
+ protected function getMetadataCookie() {
+ $cookie_name = $this->getMetadataCookieName();
+ if (!array_key_exists($cookie_name, $_COOKIE)) {
+ return array();
+ }
+
+ // The cookie value can be wrapped in "-characters so remove them
+ $cookie_value = trim($_COOKIE[$cookie_name], '"');
+
+ if (empty($cookie_value)) {
+ return array();
+ }
+
+ $parts = explode('&', $cookie_value);
+ $metadata = array();
+ foreach ($parts as $part) {
+ $pair = explode('=', $part, 2);
+ if (!empty($pair[0])) {
+ $metadata[urldecode($pair[0])] =
+ (count($pair) > 1) ? urldecode($pair[1]) : '';
+ }
+ }
+
+ return $metadata;
+ }
+
+ /**
+ * Each of the following four methods should be overridden in
+ * a concrete subclass, as they are in the provided Facebook class.
+ * The Facebook class uses PHP sessions to provide a primitive
+ * persistent store, but another subclass--one that you implement--
+ * might use a database, memcache, or an in-memory cache.
+ *
+ * @see Facebook
+ */
+
+ /**
+ * Stores the given ($key, $value) pair, so that future calls to
+ * getPersistentData($key) return $value. This call may be in another request.
+ *
+ * @param string $key
+ * @param array $value
+ *
+ * @return void
+ */
+ abstract protected function setPersistentData($key, $value);
+
+ /**
+ * Get the data for $key, persisted by BaseFacebook::setPersistentData()
+ *
+ * @param string $key The key of the data to retrieve
+ * @param boolean $default The default value to return if $key is not found
+ *
+ * @return mixed
+ */
+ abstract protected function getPersistentData($key, $default = false);
+
+ /**
+ * Clear the data with $key from the persistent storage
+ *
+ * @param string $key
+ * @return void
+ */
+ abstract protected function clearPersistentData($key);
+
+ /**
+ * Clear all data from the persistent storage
+ *
+ * @return void
+ */
+ abstract protected function clearAllPersistentData();
+}
View
93 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/facebook.php
@@ -0,0 +1,93 @@
+<?php
+/**
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+require_once "base_facebook.php";
+
+/**
+ * Extends the BaseFacebook class with the intent of using
+ * PHP sessions to store user ids and access tokens.
+ */
+class Facebook extends BaseFacebook
+{
+ /**
+ * Identical to the parent constructor, except that
+ * we start a PHP session to store the user ID and
+ * access token if during the course of execution
+ * we discover them.
+ *
+ * @param Array $config the application configuration.
+ * @see BaseFacebook::__construct in facebook.php
+ */
+ public function __construct($config) {
+ if (!session_id()) {
+ session_start();
+ }
+ parent::__construct($config);
+ }
+
+ protected static $kSupportedKeys =
+ array('state', 'code', 'access_token', 'user_id');
+
+ /**
+ * Provides the implementations of the inherited abstract
+ * methods. The implementation uses PHP sessions to maintain
+ * a store for authorization codes, user ids, CSRF states, and
+ * access tokens.
+ */
+ protected function setPersistentData($key, $value) {
+ if (!in_array($key, self::$kSupportedKeys)) {
+ self::errorLog('Unsupported key passed to setPersistentData.');
+ return;
+ }
+
+ $session_var_name = $this->constructSessionVariableName($key);
+ $_SESSION[$session_var_name] = $value;
+ }
+
+ protected function getPersistentData($key, $default = false) {
+ if (!in_array($key, self::$kSupportedKeys)) {
+ self::errorLog('Unsupported key passed to getPersistentData.');
+ return $default;
+ }
+
+ $session_var_name = $this->constructSessionVariableName($key);
+ return isset($_SESSION[$session_var_name]) ?
+ $_SESSION[$session_var_name] : $default;
+ }
+
+ protected function clearPersistentData($key) {
+ if (!in_array($key, self::$kSupportedKeys)) {
+ self::errorLog('Unsupported key passed to clearPersistentData.');
+ return;
+ }
+
+ $session_var_name = $this->constructSessionVariableName($key);
+ unset($_SESSION[$session_var_name]);
+ }
+
+ protected function clearAllPersistentData() {
+ foreach (self::$kSupportedKeys as $key) {
+ $this->clearPersistentData($key);
+ }
+ }
+
+ protected function constructSessionVariableName($key) {
+ return implode('_', array('fb',
+ $this->getAppId(),
+ $key));
+ }
+}
View
121 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/src/fb_ca_chain_bundle.crt
@@ -0,0 +1,121 @@
+-----BEGIN CERTIFICATE-----
+MIIFgjCCBGqgAwIBAgIQDKKbZcnESGaLDuEaVk6fQjANBgkqhkiG9w0BAQUFADBm
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBDQS0zMB4XDTEwMDExMzAwMDAwMFoXDTEzMDQxMTIzNTk1OVowaDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEX
+MBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMUDiouZmFjZWJvb2suY29t
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9rzj7QIuLM3sdHu1HcI1VcR3g
+b5FExKNV646agxSle1aQ/sJev1mh/u91ynwqd2BQmM0brZ1Hc3QrfYyAaiGGgEkp
+xbhezyfeYhAyO0TKAYxPnm2cTjB5HICzk6xEIwFbA7SBJ2fSyW1CFhYZyo3tIBjj
+19VjKyBfpRaPkzLmRwIDAQABo4ICrDCCAqgwHwYDVR0jBBgwFoAUUOpzidsp+xCP
+nuUBINTeeZlIg/cwHQYDVR0OBBYEFPp+tsFBozkjrHlEnZ9J4cFj2eM0MA4GA1Ud
+DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMF8GA1UdHwRYMFYwKaAnoCWGI2h0dHA6
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9jYTMtZmIuY3JsMCmgJ6AlhiNodHRwOi8vY3Js
+NC5kaWdpY2VydC5jb20vY2EzLWZiLmNybDCCAcYGA1UdIASCAb0wggG5MIIBtQYL
+YIZIAYb9bAEDAAEwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0
+LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIB
+UgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkA
+YwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEA
+bgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMA
+UABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkA
+IABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwA
+aQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8A
+cgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMA
+ZQAuMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQUF
+AAOCAQEACOkTIdxMy11+CKrbGNLBSg5xHaTvu/v1wbyn3dO/mf68pPfJnX6ShPYy
+4XM4Vk0x4uaFaU4wAGke+nCKGi5dyg0Esg7nemLNKEJaFAJZ9enxZm334lSCeARy
+wlDtxULGOFRyGIZZPmbV2eNq5xdU/g3IuBEhL722mTpAye9FU/J8Wsnw54/gANyO
+Gzkewigua8ip8Lbs9Cht399yAfbfhUP1DrAm/xEcnHrzPr3cdCtOyJaM6SRPpRqH
+ITK5Nc06tat9lXVosSinT3KqydzxBYua9gCFFiR3x3DgZfvXkC6KDdUlDrNcJUub
+a1BHnLLP4mxTHL6faAXYd05IxNn/IA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGVTCCBT2gAwIBAgIQCFH5WYFBRcq94CTiEsnCDjANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA3MDQwMzAwMDAwMFoXDTIyMDQwMzAwMDAwMFowZjEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+Q0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17+NDdR
+CPge+yLtYb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcv
+KEZmBMcqeSZ6mdWOw21PoF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5
+BUTuJM56H+2MEb0SqPMV9Bx6MWkBG6fmXcCabH4JnudSREoQOiPkm7YDr6ictFuf
+1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5+gw6RlgWYw7If48hl66l7XaAs
+zPw82W3tzPpLQ4zJ1LilYRyyQLYoEt+5+F/+07LJ7z20Hkt8HEyZNp496+ynaF4d
+32duXvsCAwEAAaOCAvcwggLzMA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0w
+ggG5MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3
+LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUH
+AgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQBy
+AHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBj
+AGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAg
+AEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ
+AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBt
+AGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBj
+AG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBl
+AHIAZQBuAGMAZQAuMA8GA1UdEwEB/wQFMAMBAf8wNAYIKwYBBQUHAQEEKDAmMCQG
+CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCB
+hDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFz
+c3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAW
+gBSxPsNpA/i/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTe
+eZlIg/cwDQYJKoZIhvcNAQEFBQADggEBAF1PhPGoiNOjsrycbeUpSXfh59bcqdg1
+rslx3OXb3J0kIZCmz7cBHJvUV5eR13UWpRLXuT0uiT05aYrWNTf58SHEW0CtWakv
+XzoAKUMncQPkvTAyVab+hA4LmzgZLEN8rEO/dTHlIxxFVbdpCJG1z9fVsV7un5Tk
+1nq5GMO41lJjHBC6iy9tXcwFOPRWBW3vnuzoYTYMFEuFFFoMg08iXFnLjIpx2vrF
+EIRYzwfu45DC9fkpx1ojcflZtGQriLCnNseaIGHr+k61rmsb5OPs4tk8QUmoIKRU
+9ZKNu8BVIASm2LAXFszj0Mi0PeXZhMbT9m5teMl5Q+h6N/9cNUm/ocU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEQjCCA6ugAwIBAgIEQoclDjANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEy
+MjIxNTI3MjdaFw0xNDA3MjIxNTU3MjdaMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
+EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV
+BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGzOVz5vvUu+UtLTKm3+WBP8nNJUm2cSrD
+1ZQ0Z6IKHLBfaaZAscS3so/QmKSpQVk609yU1jzbdDikSsxNJYL3SqVTEjju80lt
+cZF+Y7arpl/DpIT4T2JRvvjF7Ns4kuMG5QiRDMQoQVX7y1qJFX5x6DW/TXIJPb46
+OFBbdzEbjbPHJEWap6xtABRaBLe6E+tRCphBQSJOZWGHgUFQpnlcid4ZSlfVLuZd
+HFMsfpjNGgYWpGhz0DQEE1yhcdNafFXbXmThN4cwVgTlEbQpgBLxeTmIogIRfCdm
+t4i3ePLKCqg4qwpkwr9mXZWEwaElHoddGlALIBLMQbtuC1E4uEvLAgMBAAGjggET
+MIIBDzASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdo
+dHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v
+Y3JsLmVudHJ1c3QubmV0L3NlcnZlcjEuY3JsMB0GA1UdDgQWBBSxPsNpA/i/RwHU
+mCYaCALvY2QrwzALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7
+UISX8+1i0BowGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEF
+BQADgYEAUuVY7HCc/9EvhaYzC1rAIo348LtGIiMduEl5Xa24G8tmJnDioD2GU06r
+1kjLX/ktCdpdBgXadbjtdrZXTP59uN0AXlsdaTiFufsqVLPvkp5yMnqnuI3E2o6p
+NpAkoQSbB6kUCNnXcW26valgOjDLZFOnr241QiwdBAJAAE/rRa8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
View
5 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/tests/bootstrap.php
@@ -0,0 +1,5 @@
+<?php
+
+$base = realpath(dirname(__FILE__) . '/..');
+require "$base/src/base_facebook.php";
+require "$base/src/facebook.php";
View
940 sites/all/libraries/facebook-php-sdk/facebook-php-sdk/tests/tests.php
@@ -0,0 +1,940 @@
+<?php
+/**
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+class PHPSDKTestCase extends PHPUnit_Framework_TestCase {
+ const APP_ID = '117743971608120';
+ const SECRET = '943716006e74d9b9283d4d5d8ab93204';
+
+ const MIGRATED_APP_ID = '174236045938435';
+ const MIGRATED_SECRET = '0073dce2d95c4a5c2922d1827ea0cca6';
+
+ private static $kExpiredAccessToken = '206492729383450|2.N4RKywNPuHAey7CK56_wmg__.3600.1304560800.1-214707|6Q14AfpYi_XJB26aRQumouzJiGA';
+ private static $kValidSignedRequest = '1sxR88U4SW9m6QnSxwCEw_CObqsllXhnpP5j2pxD97c.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyODEwNTI4MDAsIm9hdXRoX3Rva2VuIjoiMTE3NzQzOTcxNjA4MTIwfDIuVlNUUWpub3hYVVNYd1RzcDB1U2g5d19fLjg2NDAwLjEyODEwNTI4MDAtMTY3Nzg0NjM4NXx4NURORHBtcy1nMUM0dUJHQVYzSVdRX2pYV0kuIiwidXNlcl9pZCI6IjE2Nzc4NDYzODUifQ';
+ private static $kNonTosedSignedRequest = 'c0Ih6vYvauDwncv0n0pndr0hP0mvZaJPQDPt6Z43O0k.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiJ9';
+ private static $kSignedRequestWithBogusSignature = '1sxR32U4SW9m6QnSxwCEw_CObqsllXhnpP5j2pxD97c.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyODEwNTI4MDAsIm9hdXRoX3Rva2VuIjoiMTE3NzQzOTcxNjA4MTIwfDIuVlNUUWpub3hYVVNYd1RzcDB1U2g5d19fLjg2NDAwLjEyODEwNTI4MDAtMTY3Nzg0NjM4NXx4NURORHBtcy1nMUM0dUJHQVYzSVdRX2pYV0kuIiwidXNlcl9pZCI6IjE2Nzc4NDYzODUifQ';
+
+ public function testConstructor() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+ $this->assertEquals($facebook->getAppId(), self::APP_ID,
+ 'Expect the App ID to be set.');
+ $this->assertEquals($facebook->getAppSecret(), self::SECRET,
+ 'Expect the API secret to be set.');
+ }
+
+ public function testConstructorWithFileUpload() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ 'fileUpload' => true,
+ ));
+ $this->assertEquals($facebook->getAppId(), self::APP_ID,
+ 'Expect the App ID to be set.');
+ $this->assertEquals($facebook->getAppSecret(), self::SECRET,
+ 'Expect the API secret to be set.');
+ $this->assertTrue($facebook->getFileUploadSupport(),
+ 'Expect file upload support to be on.');
+ // alias (depricated) for getFileUploadSupport -- test until removed
+ $this->assertTrue($facebook->useFileUploadSupport(),
+ 'Expect file upload support to be on.');
+ }
+
+ public function testSetAppId() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+ $facebook->setAppId('dummy');
+ $this->assertEquals($facebook->getAppId(), 'dummy',
+ 'Expect the App ID to be dummy.');
+ }
+
+ public function testSetAPISecret() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+ $facebook->setApiSecret('dummy');
+ $this->assertEquals($facebook->getApiSecret(), 'dummy',
+ 'Expect the API secret to be dummy.');
+ }
+
+ public function testSetAPPSecret() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+ $facebook->setAppSecret('dummy');
+ $this->assertEquals($facebook->getAppSecret(), 'dummy',
+ 'Expect the API secret to be dummy.');
+ }
+
+ public function testSetAccessToken() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+
+ $facebook->setAccessToken('saltydog');
+ $this->assertEquals($facebook->getAccessToken(), 'saltydog',
+ 'Expect installed access token to remain \'saltydog\'');
+ }
+
+ public function testSetFileUploadSupport() {
+ $facebook = new TransientFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+ $this->assertFalse($facebook->getFileUploadSupport(),
+ 'Expect file upload support to be off.');
+ // alias for getFileUploadSupport (depricated), testing until removed
+ $this->assertFalse($facebook->useFileUploadSupport(),
+ 'Expect file upload support to be off.');
+ $facebook->setFileUploadSupport(true);
+ $this->assertTrue($facebook->getFileUploadSupport(),
+ 'Expect file upload support to be on.');
+ // alias for getFileUploadSupport (depricated), testing until removed
+ $this->assertTrue($facebook->useFileUploadSupport(),
+ 'Expect file upload support to be on.');
+ }
+
+ public function testGetCurrentURL() {
+ $facebook = new FBGetCurrentURLFacebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+
+ // fake the HPHP $_SERVER globals
+ $_SERVER['HTTP_HOST'] = 'www.test.com';
+ $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=one&two=two&three=three';
+ $current_url = $facebook->publicGetCurrentUrl();
+ $this->assertEquals(
+ 'http://www.test.com/unit-tests.php?one=one&two=two&three=three',
+ $current_url,
+ 'getCurrentUrl function is changing the current URL');
+
+ // ensure structure of valueless GET params is retained (sometimes
+ // an = sign was present, and sometimes it was not)
+ // first test when equal signs are present
+ $_SERVER['HTTP_HOST'] = 'www.test.com';
+ $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=&two=&three=';
+ $current_url = $facebook->publicGetCurrentUrl();
+ $this->assertEquals(
+ 'http://www.test.com/unit-tests.php?one=&two=&three=',
+ $current_url,
+ 'getCurrentUrl function is changing the current URL');
+
+ // now confirm that
+ $_SERVER['HTTP_HOST'] = 'www.test.com';
+ $_SERVER['REQUEST_URI'] = '/unit-tests.php?one&two&three';
+ $current_url = $facebook->publicGetCurrentUrl();
+ $this->assertEquals(
+ 'http://www.test.com/unit-tests.php?one&two&three',
+ $current_url,
+ 'getCurrentUrl function is changing the current URL');
+ }
+
+ public function testGetLoginURL() {
+ $facebook = new Facebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+
+ // fake the HPHP $_SERVER globals
+ $_SERVER['HTTP_HOST'] = 'www.test.com';
+ $_SERVER['REQUEST_URI'] = '/unit-tests.php';
+ $login_url = parse_url($facebook->getLoginUrl());
+ $this->assertEquals($login_url['scheme'], 'https');
+ $this->assertEquals($login_url['host'], 'www.facebook.com');
+ $this->assertEquals($login_url['path'], '/dialog/oauth');
+ $expected_login_params =
+ array('client_id' => self::APP_ID,
+ 'redirect_uri' => 'http://www.test.com/unit-tests.php');
+
+ $query_map = array();
+ parse_str($login_url['query'], $query_map);
+ $this->assertIsSubset($expected_login_params, $query_map);
+ // we don't know what the state is, but we know it's an md5 and should
+ // be 32 characters long.
+ $this->assertEquals(strlen($query_map['state']), $num_characters = 32);
+ }
+
+ public function testGetLoginURLWithExtraParams() {
+ $facebook = new Facebook(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET,
+ ));
+
+ // fake the HPHP $_SERVER globals
+ $_SERVER['HTTP_HOST'] = 'www.test.com';
+ $_SERVER['REQUEST_URI'] = '/unit-tests.php';
+ $extra_params = array('scope' => 'email, sms',
+ 'nonsense' => 'nonsense');
+ $login_url = parse_url($facebook->getLoginUrl($extra_params));
+ $this->assertEquals($login_url['scheme'], 'https');
+ $this->assertEquals($login_url['host'], 'www.facebook.com');
+ $this->assertEquals($login_url['path'], '/dialog/oauth');
+ $expected_login_params =
+ array_merge(
+ array('client_id' => self::APP_ID,