forked from noahm/kontagent-php-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kt_post_authorize.php
88 lines (81 loc) · 2.84 KB
/
kt_post_authorize.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
require_once 'kt_config.php';
// Grab the fb session object and validate it manually to avoid dependence on facebook.php
function validateSessionObject($session) {
// make sure some essential fields exist
if (is_array($session) &&
isset($session['uid']) &&
isset($session['session_key']) &&
isset($session['secret']) &&
isset($session['access_token']) &&
isset($session['sig'])) {
// validate the signature
$session_without_sig = $session;
unset($session_without_sig['sig']);
$expected_sig = generateSignature( $session_without_sig,
FB_SECRET );
if ($session['sig'] != $expected_sig) {
// disable error log if we are running in a CLI environment
// @codeCoverageIgnoreStart
if (php_sapi_name() != 'cli') {
error_log('Got invalid session signature in cookie.');
}
// @codeCoverageIgnoreEnd
$session = null;
}
// check expiry time
} else {
$session = null;
}
return $session;
}
function generateSignature($params, $secret) {
// work with sorted data
ksort($params);
// generate the base string
$base_string = '';
foreach($params as $key => $value) {
$base_string .= $key . '=' . $value;
}
$base_string .= $secret;
return md5($base_string);
}
if (isset($_REQUEST['session'])) {
$session = json_decode(
get_magic_quotes_gpc()
? stripslashes($_REQUEST['session'])
: $_REQUEST['session'],
true);
$session = validateSessionObject($session);
}else{
// old permission, ie. need to convert fb_sig_* into a new session object
$ch = curl_init();
$data = array('type'=>'client_cred',
'client_id'=>FB_ID,
'client_secret' => FB_SECRET,
'sessions' => $_REQUEST['fb_sig_session_key']);
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/oauth/exchange_sessions');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$session = curl_exec($ch);
curl_exec($ch);
}
if($session)
{
//
// Set a facebook cookie to give the final destination url a
// hint that an authorization just occurred.
//
$ch = curl_init();
$data = array('access_token'=>$session['access_token'],
'name'=>'kt_just_installed',
'value' => '1',
'uid' => $_POST['fb_sig_user']);
curl_setopt($ch, CURLOPT_URL, 'https://api.facebook.com/method/data.setCookie');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$server_output = curl_exec($ch);
curl_close($ch);
}