-
Notifications
You must be signed in to change notification settings - Fork 0
/
2.10-signedrequest.php
57 lines (48 loc) · 1.62 KB
/
2.10-signedrequest.php
1
<?// Facebook Programmierung - Galileo Verlag, Michael Kamleitner// Weitere Informationen sowie Aktualisierungen zu diesem Code-Beispiel finden Sie unter http://book.socialisten.atinclude_once('tools.php');define('APP_ID', '214728715257742');define('APP_SECRET', '********************************'); define('SITE_URL', 'http://apps.mycompany.com');?><!DOCTYPE html><html lang="de-de" xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta charset="utf-8"> <title>Hello Facebook!</title></head><body> <h1>Hello Facebook!</h1> <p>Willkommen bei meiner ersten Facebook-Anwendung!</p> <pre><? print_r($_REQUEST); ?></pre> <pre><? print_r( parse_signed_request($_REQUEST["signed_request"], APP_SECRET)); ?> </body></html><?if ( !function_exists('parse_signed_request')) { function parse_signed_request($signed_request, $secret) { list($encoded_sig, $payload) = explode('.', $signed_request, 2); // Decodieren der Daten $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { error_log('Unknown algorithm. Expected HMAC-SHA256'); return null; } // Prüfen der Signatur anhand des App-Secrets $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); return null; } return $data; }}if ( !function_exists('base64_url_decode')) { function base64_url_decode($input) { return base64_decode(strtr($input, '-_', '+/')); } }?>