Facebook to email

Facebook to email Git Source Tree

Root/facebook.php

1<?php
2/**
3 * Copyright 2011 Facebook, Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you may
6 * not use this file except in compliance with the License. You may obtain
7 * a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 * License for the specific language governing permissions and limitations
15 * under the License.
16 */
17
18require_once "base_facebook.php";
19
20/**
21 * Extends the BaseFacebook class with the intent of using
22 * PHP sessions to store user ids and access tokens.
23 */
24class Facebook extends BaseFacebook
25{
26 /**
27 * Cookie prefix
28 */
29 const FBSS_COOKIE_NAME = 'fbss';
30
31 /**
32 * We can set this to a high number because the main session
33 * expiration will trump this.
34 */
35 const FBSS_COOKIE_EXPIRE = 31556926; // 1 year
36
37 /**
38 * Stores the shared session ID if one is set.
39 *
40 * @var string
41 */
42 protected $sharedSessionID;
43
44 /**
45 * Identical to the parent constructor, except that
46 * we start a PHP session to store the user ID and
47 * access token if during the course of execution
48 * we discover them.
49 *
50 * @param array $config the application configuration. Additionally
51 * accepts "sharedSession" as a boolean to turn on a secondary
52 * cookie for environments with a shared session (that is, your app
53 * shares the domain with other apps).
54 *
55 * @see BaseFacebook::__construct
56 */
57 public function __construct($config) {
58 if ((function_exists('session_status')
59 && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) {
60 session_start();
61 }
62 parent::__construct($config);
63 if (!empty($config['sharedSession'])) {
64 $this->initSharedSession();
65
66 // re-load the persisted state, since parent
67 // attempted to read out of non-shared cookie
68 $state = $this->getPersistentData('state');
69 if (!empty($state)) {
70 $this->state = $state;
71 } else {
72 $this->state = null;
73 }
74
75 }
76 }
77
78 /**
79 * Supported keys for persistent data
80 *
81 * @var array
82 */
83 protected static $kSupportedKeys =
84 array('state', 'code', 'access_token', 'user_id');
85
86 /**
87 * Initiates Shared Session
88 */
89 protected function initSharedSession() {
90 $cookie_name = $this->getSharedSessionCookieName();
91 if (isset($_COOKIE[$cookie_name])) {
92 $data = $this->parseSignedRequest($_COOKIE[$cookie_name]);
93 if ($data && !empty($data['domain']) &&
94 self::isAllowedDomain($this->getHttpHost(), $data['domain'])) {
95 // good case
96 $this->sharedSessionID = $data['id'];
97 return;
98 }
99 // ignoring potentially unreachable data
100 }
101 // evil/corrupt/missing case
102 $base_domain = $this->getBaseDomain();
103 $this->sharedSessionID = md5(uniqid(mt_rand(), true));
104 $cookie_value = $this->makeSignedRequest(
105 array(
106 'domain' => $base_domain,
107 'id' => $this->sharedSessionID,
108 )
109 );
110 $_COOKIE[$cookie_name] = $cookie_value;
111 if (!headers_sent()) {
112 $expire = time() + self::FBSS_COOKIE_EXPIRE;
113 setcookie($cookie_name, $cookie_value, $expire, '/', '.'.$base_domain);
114 } else {
115 // @codeCoverageIgnoreStart
116 self::errorLog(
117 'Shared session ID cookie could not be set! You must ensure you '.
118 'create the Facebook instance before headers have been sent. This '.
119 'will cause authentication issues after the first request.'
120 );
121 // @codeCoverageIgnoreEnd
122 }
123 }
124
125 /**
126 * Provides the implementations of the inherited abstract
127 * methods. The implementation uses PHP sessions to maintain
128 * a store for authorization codes, user ids, CSRF states, and
129 * access tokens.
130 */
131
132 /**
133 * {@inheritdoc}
134 *
135 * @see BaseFacebook::setPersistentData()
136 */
137 protected function setPersistentData($key, $value) {
138 if (!in_array($key, self::$kSupportedKeys)) {
139 self::errorLog('Unsupported key passed to setPersistentData.');
140 return;
141 }
142
143 $session_var_name = $this->constructSessionVariableName($key);
144 $_SESSION[$session_var_name] = $value;
145 }
146
147 /**
148 * {@inheritdoc}
149 *
150 * @see BaseFacebook::getPersistentData()
151 */
152 protected function getPersistentData($key, $default = false) {
153 if (!in_array($key, self::$kSupportedKeys)) {
154 self::errorLog('Unsupported key passed to getPersistentData.');
155 return $default;
156 }
157
158 $session_var_name = $this->constructSessionVariableName($key);
159 return isset($_SESSION[$session_var_name]) ?
160 $_SESSION[$session_var_name] : $default;
161 }
162
163 /**
164 * {@inheritdoc}
165 *
166 * @see BaseFacebook::clearPersistentData()
167 */
168 protected function clearPersistentData($key) {
169 if (!in_array($key, self::$kSupportedKeys)) {
170 self::errorLog('Unsupported key passed to clearPersistentData.');
171 return;
172 }
173
174 $session_var_name = $this->constructSessionVariableName($key);
175 if (isset($_SESSION[$session_var_name])) {
176 unset($_SESSION[$session_var_name]);
177 }
178 }
179
180 /**
181 * {@inheritdoc}
182 *
183 * @see BaseFacebook::clearAllPersistentData()
184 */
185 protected function clearAllPersistentData() {
186 foreach (self::$kSupportedKeys as $key) {
187 $this->clearPersistentData($key);
188 }
189 if ($this->sharedSessionID) {
190 $this->deleteSharedSessionCookie();
191 }
192 }
193
194 /**
195 * Deletes Shared session cookie
196 */
197 protected function deleteSharedSessionCookie() {
198 $cookie_name = $this->getSharedSessionCookieName();
199 unset($_COOKIE[$cookie_name]);
200 $base_domain = $this->getBaseDomain();
201 setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
202 }
203
204 /**
205 * Returns the Shared session cookie name
206 *
207 * @return string The Shared session cookie name
208 */
209 protected function getSharedSessionCookieName() {
210 return self::FBSS_COOKIE_NAME . '_' . $this->getAppId();
211 }
212
213 /**
214 * Constructs and returns the name of the session key.
215 *
216 * @see setPersistentData()
217 * @param string $key The key for which the session variable name to construct.
218 *
219 * @return string The name of the session key.
220 */
221 protected function constructSessionVariableName($key) {
222 $parts = array('fb', $this->getAppId(), $key);
223 if ($this->sharedSessionID) {
224 array_unshift($parts, $this->sharedSessionID);
225 }
226 return implode('_', $parts);
227 }
228}

Archive Download this file

Branches