function jfb_process_login()
{
    //If this pageload isn't supposed to be handing a login, just stop here.
    global $jfb_nonce_name;
    if (!isset($_POST[$jfb_nonce_name])) {
        return;
    }
    //Start logging
    global $jfb_log, $jfb_version, $opt_jfb_app_id, $jfb_homepage;
    jfb_debug_checkpoint('start');
    $browser = jfb_get_browser();
    $jfb_log = "Starting login process (IP: " . $_SERVER['REMOTE_ADDR'] . ", User: "******", App: " . get_option($opt_jfb_app_id) . ", Version: {$jfb_version}, Browser: " . $browser['shortname'] . " " . $browser['version'] . " for " . $browser['platform'] . ")\n";
    //Run one hook before ANYTHING happens.
    $jfb_log .= "WP: Running action wpfb_prelogin\n";
    do_action('wpfb_prelogin');
    //Check the nonce to make sure this was a valid login attempt (unless the user has disabled nonce checking)
    global $opt_jfb_disablenonce, $jfb_nonce_name;
    if (!get_option($opt_jfb_disablenonce)) {
        if (wp_verify_nonce($_REQUEST[$jfb_nonce_name], $jfb_nonce_name) != 1) {
            //If there's already a user logged in, tell the user and give them a link back to where they were.
            $currUser = wp_get_current_user();
            if ($currUser->ID) {
                $msg = "User \"{$currUser->user_login}\" has already logged in via another browser session.\n";
                $jfb_log .= $msg;
                j_mail("FB Double-Login: "******" -> " . get_bloginfo('name'));
                die($msg . "<br /><br /><a href=\"" . $_POST['redirectTo'] . "\">Continue</a>");
            }
            j_die("Nonce check failed, login aborted.\nThis usually due to your browser's privacy settings or a server-side caching plugin.  If you get this error on multiple browsers, please contact the site administrator.\n");
        }
        $jfb_log .= "WP: nonce check passed\n";
    } else {
        $jfb_log .= "WP: nonce check DISABLED\n";
    }
    //Get the redirect URL
    global $redirectTo;
    if (!isset($_POST['redirectTo']) || !$_POST['redirectTo']) {
        j_die("Error: Missing POST Data (redirect)");
    }
    $redirectTo = $_POST['redirectTo'];
    $jfb_log .= "WP: Found redirect URL ({$redirectTo})\n";
    //Get the Facebook access token
    if (!isset($_POST['access_token']) || !$_POST['access_token']) {
        j_die("Error: Missing POST Data (access_token).\n\nIf you're receiving this notice via e-mail as a site administrator, it's nearly always safe to ignore (these errors are due to spambots automatically hitting your site).  If you're seeing this as a real person attempting to login, please report it to the plugin author at " . $jfb_homepage . ".");
    }
    $access_token = $_POST['access_token'];
    $jfb_log .= "FB: Found access token (" . substr($access_token, 0, 30) . "...)\n";
    //Get the basic user info and make sure the access_token is valid
    $jfb_log .= "FB: Initiating Facebook connection...\n";
    $fbuser = jfb_api_get("https://graph.facebook.com/me?access_token={$access_token}");
    if (isset($fbuser['error'])) {
        j_die("Error: Failed to get the Facebook user session (" . $fbuser['error']['message'] . ")");
    }
    $fb_uid = $fbuser['id'];
    do_action('wpfb_session_established', array('FB_ID' => $fb_uid, 'access_token' => $access_token));
    $jfb_log .= "FB: Connected to session (uid {$fb_uid})\n";
    //Get some extra stuff (TODO: I should combine these into one query with the above, for better efficiency)
    $fbuser['profile_url'] = $fbuser['link'];
    $pic = jfb_api_get("https://graph.facebook.com/fql?q=" . urlencode("SELECT pic_square,pic_big FROM user WHERE uid={$fb_uid}") . "&access_token={$access_token}");
    $fbuser['pic_square'] = $pic['data'][0]['pic_square'];
    $fbuser['pic_big'] = $pic['data'][0]['pic_big'];
    $jfb_log .= "FB: Got user info (" . $fbuser['name'] . ")\n";
    //See if we were given permission to access the user's email
    //This isn't required, and will only matter if it's a new user without an existing WP account
    //(since we'll auto-register an account for them, using the contact_email we get from Facebook - if we can...)
    $userRevealedEmail = false;
    if (strlen($fbuser['email']) != 0 && strpos($fbuser['email'], 'proxymail.facebook.com') === FALSE) {
        $jfb_log .= "FB: Email privilege granted (" . $fbuser['email'] . ")\n";
        $userRevealedEmail = true;
    } else {
        if (strlen($fbuser['email']) != 0) {
            $jfb_log .= "FB: Email privilege granted, but only for an anonymous proxy address (" . $fbuser['email'] . ")\n";
        } else {
            global $jfb_default_email;
            $jfb_log .= "FB: Email priviledge denied.\n";
            $fbuser['email'] = "FB_" . $fb_uid . $jfb_default_email;
        }
    }
    //Run a hook so users can`examine this Facebook user *before* letting them login.  You might use this
    //to limit logins based on friendship status - if someone isn't your friend, you could redirect them
    //to an error page (and terminate this script).
    $jfb_log .= "WP: Running action wpfb_connect\n";
    do_action('wpfb_connect', array('FB_ID' => $fb_uid, 'access_token' => $access_token));
    //Examine all existing WP users to see if any of them match this Facebook user.
    //The base query for getting the users comes from get_users_from_blog(), to which I add a subquery
    //that limits results only to users who also have the appropriate facebook usermeta.
    global $wp_users, $jfb_uid_meta_name;
    if (!isset($wp_users)) {
        global $wpdb, $blog_id;
        if (empty($id)) {
            $id = (int) $blog_id;
        }
        $blog_prefix = $wpdb->get_blog_prefix($id);
        $sql = "SELECT user_id, user_id AS ID, user_login, display_name, user_email, meta_value " . "FROM {$wpdb->users}, {$wpdb->usermeta} " . "WHERE {$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND meta_key = '{$blog_prefix}capabilities' " . "AND {$wpdb->users}.ID IN (SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = '{$jfb_uid_meta_name}' AND meta_value = '{$fb_uid}')";
        $wp_users = $wpdb->get_results($sql);
    }
    //Although $wp_users should only contain the one matching user (or be empty), this "loop" method of searching
    //for matching usermeta is retained for backwards compatibility with old 3rd party hooks which may've relied on it.
    //Originally, $wp_users contained the full list of users (not just those with matching usermeta).
    $jfb_log .= "WP: Searching " . count($wp_users) . " existing candidates by meta...\n";
    $user_login_id = false;
    foreach ($wp_users as $wp_user) {
        $meta_uid = get_user_meta($wp_user->ID, $jfb_uid_meta_name, true);
        if ($meta_uid && $meta_uid == $fb_uid) {
            $user_data = get_userdata($wp_user->ID);
            $user_login_id = $wp_user->ID;
            $user_login_name = $user_data->user_login;
            $jfb_log .= "WP: Found existing user by meta (" . $user_login_name . ")\n";
            break;
        }
    }
    //Next, try to lookup their email directly (via Wordpress).  Obviously this will only work if they've revealed
    //their "real" address (vs denying access, or changing it to a "proxy" in the popup)
    if (!$user_login_id && $userRevealedEmail) {
        $jfb_log .= "WP: Searching for user by email address...\n";
        if ($wp_user = get_user_by('email', $fbuser['email'])) {
            $user_login_id = $wp_user->ID;
            $user_data = get_userdata($wp_user->ID);
            $user_login_name = $user_data->user_login;
            $jfb_log .= "WP: Found existing user (" . $user_login_name . ") by email (" . $fbuser['email'] . ")\n";
        }
    }
    //If we found an existing user, check if they'd previously denied access to their email but have now allowed it.
    //If so, we'll want to update their WP account with their *real* email.
    global $jfb_default_email;
    if ($user_login_id) {
        //Check 1: It was previously denied, but is now allowed
        $updateEmail = false;
        if (strpos($user_data->user_email, $jfb_default_email) !== FALSE && strpos($fbuser['email'], $jfb_default_email) === FALSE) {
            $jfb_log .= "WP: Previously DENIED email has now been allowed; updating to (" . $fbuser['email'] . ")\n";
            $updateEmail = true;
        }
        //Check 2: It was previously allowed, but only as an anonymous proxy.  They've now revealed their "true" email.
        if (strpos($user_data->user_email, "@proxymail.facebook.com") !== FALSE && strpos($fbuser['email'], "@proxymail.facebook.com") === FALSE) {
            $jfb_log .= "WP: Previously PROXIED email has now been allowed; updating to (" . $fbuser['email'] . ")\n";
            $updateEmail = true;
        }
        if ($updateEmail) {
            $user_upd = array();
            $user_upd['ID'] = $user_login_id;
            $user_upd['user_email'] = $fbuser['email'];
            wp_update_user($user_upd);
        }
        //Run a hook when an existing user logs in
        $jfb_log .= "WP: Running action wpfb_existing_user\n";
        do_action('wpfb_existing_user', array('WP_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'WP_UserData' => $user_data, 'access_token' => $access_token));
    }
    //If we still don't have a user_login_id, the FB user who's logging in has never been to this blog.
    //We'll auto-register them a new account.  Note that if they haven't allowed email permissions, the
    //account we register will have a bogus email address (but that's OK, since we still know their Facebook ID)
    if (!$user_login_id) {
        $jfb_log .= "WP: No user found. Automatically registering (FB_" . $fb_uid . ")\n";
        $user_data = array();
        $user_data['user_login'] = "******" . $fb_uid;
        $user_data['user_pass'] = wp_generate_password();
        $user_data['user_nicename'] = sanitize_title($user_data['user_login']);
        $user_data['first_name'] = $fbuser['first_name'];
        $user_data['last_name'] = $fbuser['last_name'];
        $user_data['display_name'] = $fbuser['first_name'];
        $user_data['user_url'] = $fbuser["profile_url"];
        $user_data['user_email'] = $fbuser["email"];
        //Run a filter so the user can be modified to something different before registration
        //NOTE: If the user has selected "pretty names", this'll change FB_xxx to i.e. "John.Smith"
        $jfb_log .= "WP: Applying filters wpfb_insert_user/wpfb_inserting_user\n";
        $user_data = apply_filters('wpfb_insert_user', $user_data, $fbuser);
        $user_data = apply_filters('wpfb_inserting_user', $user_data, array('WP_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'FB_UserData' => $fbuser, 'access_token' => $access_token));
        //Insert a new user to our database and make sure it worked
        $user_login_id = wp_insert_user($user_data);
        if (is_wp_error($user_login_id)) {
            j_die("Error: wp_insert_user failed!<br/><br/>" . "If you get this error while running a Wordpress MultiSite installation, it means you'll need to purchase the <a href=\"{$jfb_homepage}#premium\">premium version</a> of this plugin to enable full MultiSite support.<br/><br/>" . "If you're <u><i>not</i></u> using MultiSite, please report this bug to the plugin author on the support page <a href=\"{$jfb_homepage}#feedback\">here</a>.<br /><br />" . "Error message: " . (method_exists($user_login_id, 'get_error_message') ? $user_login_id->get_error_message() : "Undefined") . "<br />" . "WP_ALLOW_MULTISITE: " . (defined('WP_ALLOW_MULTISITE') ? constant('WP_ALLOW_MULTISITE') : "Undefined") . "<br />" . "is_multisite: " . (function_exists('is_multisite') ? is_multisite() : "Undefined"));
        }
        //Success! Notify the site admin.
        $user_login_name = $user_data['user_login'];
        wp_new_user_notification($user_login_id);
        //Run an action so i.e. usermeta can be added to a user after registration
        $jfb_log .= "WP: Running action wpfb_inserted_user\n";
        do_action('wpfb_inserted_user', array('WP_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'WP_UserData' => $user_data, 'access_token' => $access_token));
    }
    //Tag the user with our meta so we can recognize them next time, without resorting to email hashes
    global $jfb_uid_meta_name;
    update_user_meta($user_login_id, $jfb_uid_meta_name, $fb_uid);
    $jfb_log .= "WP: Updated usermeta ({$jfb_uid_meta_name})\n";
    //Also store the user's facebook avatar(s), in case the user wants to use them later
    if ($fbuser['pic_square']) {
        if (isset($fbuser['pic_square']['data']['url'])) {
            $avatarThumb = $fbuser['pic_square']['data']['url'];
        } else {
            $avatarThumb = $fbuser['pic_square'];
        }
        if (isset($fbuser['pic_big']['data']['url'])) {
            $avatarFull = $fbuser['pic_big']['data']['url'];
        } else {
            $avatarFull = $fbuser['pic_big'];
        }
        update_user_meta($user_login_id, 'facebook_avatar_full', $avatarFull);
        update_user_meta($user_login_id, 'facebook_avatar_thumb', $avatarThumb);
        $jfb_log .= "WP: Updated small avatar ({$avatarThumb})\n";
        $jfb_log .= "WP: Updated large avatar ({$avatarFull})\n";
    } else {
        update_user_meta($user_login_id, 'facebook_avatar_thumb', '');
        update_user_meta($user_login_id, 'facebook_avatar_full', '');
        $jfb_log .= "FB: User does not have a profile picture; clearing cached avatar (if present).\n";
    }
    //Log them in
    $rememberme = apply_filters('wpfb_rememberme', isset($_POST['rememberme']) && $_POST['rememberme']);
    wp_set_auth_cookie($user_login_id, $rememberme);
    //Run a custom action.  You can use this to modify a logging-in user however you like,
    //i.e. add them to a "Recent FB Visitors" log, assign a role if they're friends with you on Facebook, etc.
    $jfb_log .= "WP: Running action wpfb_login\n";
    do_action('wpfb_login', array('WP_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'access_token' => $access_token));
    do_action('wp_login', $user_login_name, get_userdata($user_login_id));
    //Email logs if requested
    $jfb_log .= "Login complete (rememberme=" . ($rememberme ? "yes" : "no") . ")\n";
    $jfb_log .= "   WP User : {$user_login_name} (" . admin_url("user-edit.php?user_id={$user_login_id}") . ")\n";
    $jfb_log .= "   FB User : "******" (" . $fbuser["profile_url"] . ")\n";
    $jfb_log .= "   Redirect: " . $redirectTo . "\n";
    j_mail("FB Login: "******" -> " . get_bloginfo('name'));
    //Redirect the user back to where they were
    global $opt_jfb_delay_redir;
    $delay_redirect = get_option($opt_jfb_delay_redir);
    if (!isset($delay_redirect) || !$delay_redirect) {
        header("Location: " . $redirectTo);
        exit;
    }
    ?>
    <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
    <html>
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
            <title>Logging In...</title>
        </head>
        <body>
            <?php 
    $jfb_log .= "\n---REQUEST:---\n" . print_r($_REQUEST, true);
    ?>
 
            <?php 
    echo "<pre>" . $jfb_log . "</pre>";
    ?>
            <?php 
    echo '<a href="' . $redirectTo . '">Continue</a>';
    ?>
        </body>
    </html>
    <?php 
}
Example #2
0
function jfb_admin_page()
{
    global $jfb_name, $jfb_version, $opt_jfb_app_token;
    global $opt_jfb_app_id, $opt_jfb_api_key, $opt_jfb_api_sec, $opt_jfb_email_to, $opt_jfb_email_logs, $opt_jfb_delay_redir, $jfb_homepage;
    global $opt_jfb_ask_perms, $opt_jfb_mod_done, $opt_jfb_ask_stream, $opt_jfb_stream_content;
    global $opt_jfb_bp_avatars, $opt_jfb_wp_avatars, $opt_jfb_valid, $opt_jfb_fulllogerr, $opt_jfb_disablenonce, $opt_jfb_show_credit;
    global $opt_jfb_username_style, $opt_jfb_hidesponsor;
    ?>
    <div class="wrap">
     <h2><?php 
    echo $jfb_name;
    ?>
 Options</h2>
    <?php 
    //Show applicable warnings (only on this panel's page; global warnings are above)
    if (class_exists('Facebook')) {
        ?>
<div class="error"><p><strong>Warning:</strong> Another plugin has included the Facebook API throughout all of Wordpress.  I suggest you contact that plugin's author and ask them to include it only in pages where it's actually needed.<br /><br />Things may work fine as-is, but *if* the API version included by the other plugin is older than the one required by WP-FB AutoConnect, it's possible that the login process could fail.</p></div><?php 
    }
    if (version_compare('5', PHP_VERSION, ">")) {
        ?>
<div class="error"><p>Sorry, but as of v1.3.0, WP-FB AutoConnect requires PHP5.</p></div><?php 
        die;
    }
    if (function_exists('is_multisite') && is_multisite() && !jfb_premium()) {
        ?>
<div class="error"><p><strong>Warning:</strong> Wordpress MultiSite is only fully supported by the premium version of this plugin; please see <a href="<?php 
        echo $jfb_homepage;
        ?>
#premium"><b>here</b></a> for details.</p></div><?php 
    }
    if (file_exists(realpath(dirname(__FILE__)) . "/WP-FB-AutoConnect-Premium.php")) {
        ?>
<div class="error"><p><strong>Notice:</strong> You seem to've uploaded the premium addon to the wrong directory.<br/><br/>
            As per the <a target="instructs" href="<?php 
        echo $jfb_homepage;
        ?>
#premium"><b>setup instructions</b></a>, the "WP-FB-AutoConnect-Premium.php" file goes in your <i>plugins</i> directory (i.e. wp-content/plugins/WP-FB-AutoConnect-Premium.php), not the WP-FB-AutoConnect directory (i.e. wp-content/plugins/wp-fb-autoconnect/WP-FB-AutoConnect-Premium.php). This is to prevent it from getting overwritten when you auto-update the core plugin.</p></div>
        <?php 
    }
    do_action('wpfb_admin_messages');
    //Which tab to show by default
    $shownTab = get_option($opt_jfb_valid) ? 1 : 0;
    //Update options
    if (isset($_POST['fb_opts_updated'])) {
        //When saving the Facebook options, make sure the key and secret are valid...
        update_option($opt_jfb_valid, 0);
        $shownTab = 0;
        $result = jfb_api_get("https://graph.facebook.com/" . $_POST[$opt_jfb_api_key]);
        if (!$result) {
            ?>
<div class="error"><p>Error: Failed to validate your App ID and Secret.  Response: Empty Reply.<br />Are you sure you entered your App ID correctly?</p></div><?php 
        } elseif (isset($result['error'])) {
            ?>
<div class="error"><p>Error: Failed to validate your App ID and Secret.  Response: <?php 
            echo isset($result['error']['message']) ? $result['error']['message'] : "Unknown";
            ?>
.<br />Are you sure you entered your App ID correctly?</p></div><?php 
        } elseif ($result['id'] != $_POST[$opt_jfb_api_key]) {
            ?>
<div class="error"><p>Error: Failed to validate your App ID and Secret.  Response: ID Mismatch.</p></div><?php 
        } else {
            //If we got here, we know the App ID is correct.  Now try to get an app token and store it in the options table; if this works we know the secret is correct too.
            //Note: this plugin doesn't actually use the app-token; I simply cache it so it can be accessible to users wishing to further interact with Facebook via hooks & filters.
            //Note: App tokens never expire unless the app secret is refreshed.
            $response = wp_remote_get("https://graph.facebook.com/oauth/access_token?client_id=" . $_POST[$opt_jfb_api_key] . "&client_secret=" . $_POST[$opt_jfb_api_sec] . "&grant_type=client_credentials", array('sslverify' => false));
            if (is_array($response) && strpos($response['body'], 'access_token=') !== FALSE) {
                //We're valid!
                $shownTab = 1;
                update_option($opt_jfb_valid, 1);
                update_option($opt_jfb_app_token, substr($response['body'], 13));
                if (get_option($opt_jfb_api_key) != $_POST[$opt_jfb_api_key]) {
                    jfb_auth($jfb_name, $jfb_version, 2, "SET: " . $message);
                }
                ?>
<div class="updated"><p><strong>Successfully connected with "<?php 
                echo $result['name'];
                ?>
" (ID <?php 
                echo $result['id'];
                ?>
)</strong></p></div><?php 
            } else {
                ?>
<div class="error"><p>Error: Failed to validate your App ID and Secret.<br />Are you sure you entered your App Secret correctly?</p></div><?php 
            }
        }
        //We can save these either way, because if "valid" isn't set, a button won't be shown.
        update_option($opt_jfb_app_id, $result['id']);
        update_option($opt_jfb_api_key, $_POST[$opt_jfb_api_key]);
        update_option($opt_jfb_api_sec, $_POST[$opt_jfb_api_sec]);
    }
    if (isset($_POST['main_opts_updated'])) {
        $shownTab = 1;
        update_option($opt_jfb_ask_perms, $_POST[$opt_jfb_ask_perms]);
        update_option($opt_jfb_ask_stream, $_POST[$opt_jfb_ask_stream]);
        update_option($opt_jfb_wp_avatars, $_POST[$opt_jfb_wp_avatars]);
        update_option($opt_jfb_stream_content, $_POST[$opt_jfb_stream_content]);
        update_option($opt_jfb_show_credit, $_POST[$opt_jfb_show_credit]);
        update_option($opt_jfb_email_to, $_POST[$opt_jfb_email_to]);
        update_option($opt_jfb_email_logs, $_POST[$opt_jfb_email_logs]);
        update_option($opt_jfb_delay_redir, $_POST[$opt_jfb_delay_redir]);
        update_option($opt_jfb_fulllogerr, $_POST[$opt_jfb_fulllogerr]);
        update_option($opt_jfb_disablenonce, $_POST[$opt_jfb_disablenonce]);
        update_option($opt_jfb_username_style, $_POST[$opt_jfb_username_style]);
        ?>
<div class="updated"><p><strong>Options saved.</strong></p></div><?php 
    }
    if (isset($_POST['prem_opts_updated']) && function_exists('jfb_update_premium_opts')) {
        $shownTab = 2;
        jfb_update_premium_opts();
    }
    if (isset($_POST['remove_all_settings'])) {
        $shownTab = 0;
        delete_option($opt_jfb_api_key);
        delete_option($opt_jfb_api_sec);
        delete_option($opt_jfb_email_to);
        delete_option($opt_jfb_email_logs);
        delete_option($opt_jfb_delay_redir);
        delete_option($opt_jfb_ask_perms);
        delete_option($opt_jfb_ask_stream);
        delete_option($opt_jfb_stream_content);
        delete_option($opt_jfb_mod_done);
        delete_option($opt_jfb_valid);
        delete_option($opt_jfb_app_token);
        delete_option($opt_jfb_bp_avatars);
        delete_option($opt_jfb_wp_avatars);
        delete_option($opt_jfb_fulllogerr);
        delete_option($opt_jfb_disablenonce);
        delete_option($opt_jfb_show_credit);
        delete_option($opt_jfb_username_style);
        delete_option($opt_jfb_hidesponsor);
        if (function_exists('jfb_delete_premium_opts')) {
            jfb_delete_premium_opts();
        }
        ?>
<div class="updated"><p><strong><?php 
        _e('All plugin settings have been cleared.');
        ?>
</strong></p></div><?php 
    }
    ?>
    
    <?php 
    if (isset($_REQUEST[$opt_jfb_hidesponsor])) {
        update_option($opt_jfb_hidesponsor, $_REQUEST[$opt_jfb_hidesponsor]);
    }
    if (!get_option($opt_jfb_hidesponsor) && !defined('JFB_PREMIUM')) {
        ?>
      	<!-- Sponsorship message *was* here, until Automattic demanded they be removed from all plugins - see http://gregsplugins.com/lib/2011/11/26/automattic-bullies/ -->
     <?php 
    }
    ?>
     

    <!-- Tab Navigation -->
    <?php 
    //Define some variables that'll be used for our tab-switching
    $allTabsClass = "jfb_admin_tab";
    $allTabBtnsClass = "jfb_admin_tab_btn";
    $tabIds = array("jfb_admin_fbsetup", "jfb_admin_basicoptions", "jfb_admin_premiumoptions", "jfb_admin_uninstall", "jfb_admin_supportinfo");
    $tabNames = array("Facebook Setup", "Basic Options", "Premium Options", "Uninstall", "Support Info");
    ?>
    
    <script type="text/javascript">
        function jfb_swap_tabs(show_tab_num) 
        {
            //Find the ID of the tab we want to show
            var tabIds = <?php 
    echo json_encode($tabIds);
    ?>
;
            var show_tab_id = tabIds[show_tab_num];
            
            //Hide all the tabs, then show just the one specified
        	jQuery(".<?php 
    echo $allTabsClass;
    ?>
").hide();
        	jQuery("#" + show_tab_id).show();

        	//Unhighlight all the tab buttons, then highlight just the one specified
        	jQuery(".<?php 
    echo $allTabBtnsClass;
    ?>
").attr("class", "<?php 
    echo $allTabBtnsClass;
    ?>
");
        	jQuery("#" + show_tab_id + "_btn").addClass("jfb-admin_tab_selected");
		}
		
		//When the page is loaded, if there's a hash like "#1, #2, etc" in the URL, switch to that tab.
		//This handles restoring the previously-displayed tab after a page refresh.
		jQuery(document).ready(function() 
		{
    		if(window.location.hash)
    		{
    		    var num = parseInt(window.location.hash.substr(1));
    		    if( !isNaN(num) )
    		      jfb_swap_tabs(num);
    		}
        });
	</script>
	        
    <div>     
         <ul class="jfb-admin_tabs"><?php 
    for ($i = 0; $i < count($tabIds); $i++) {
        ?>
<li id="<?php 
        echo $tabIds[$i];
        ?>
_btn" class="<?php 
        echo $allTabBtnsClass;
        ?>
 <?php 
        echo $shownTab == $i ? "jfb-admin_tab_selected" : "";
        ?>
"><a href="#<?php 
        echo $i;
        ?>
" onclick="jfb_swap_tabs('<?php 
        echo $i;
        ?>
');"><?php 
        echo $tabNames[$i];
        ?>
</a></li><?php 
    }
    ?>
</ul>
     </div>
     
    <div class="jfb-admin_wrapper">
        <div class="<?php 
    echo $allTabsClass;
    ?>
" id="<?php 
    echo $tabIds[0];
    ?>
" style="display:<?php 
    echo $shownTab == 0 ? "block" : "none";
    ?>
">
        	<h3>Setup Instructions</h3>
            To allow your users to login with their Facebook accounts, you must first setup a Facebook Application for your website:<br /><br />
            <ol>
              <li>Visit <a href="http://developers.facebook.com/apps" target="_lnk">developers.facebook.com/apps</a> and click the "Create New App" button.</li>
              <li>Type in a name (i.e. the name of your website) and click "Continue."  This is the name your users will see on the Facebook login popup.</li>
              <li>Facebook may now require you to verify your account before continuing (see <a target="_fbInfo" href="https://developers.facebook.com/blog/post/386/">here</a> for more information).</li>
              <li>Once your app has been created, scroll down and fill in your "Site URL" under "Select how your app integrates with Facebook -&gt;"Website."  Note: http://example.com/ and http://www.example.com/ are <i>not</i> the same.</li>
              <li>Click "Save Changes."</li>
              <li>Copy the App ID and App Secret to the boxes below.</li>
              <li>Click "Save" below.</li>
            </ol>
            <br />That's it!  Now you can add this plugin's <a href="<?php 
    echo admin_url('widgets.php');
    ?>
">sidebar widget</a>, or if you're using BuddyPress, a Facebook button will be automatically added to its built-in login panel.<br /><br />
            For more complete documentation and help, visit the <a href="<?php 
    echo $jfb_homepage;
    ?>
">plugin homepage</a>.<br />
             
            <br />
            <hr />
            
            <h3>Facebook Connect</h3>
            <form name="formFacebook" method="post" action="">
                <input type="text" size="40" name="<?php 
    echo $opt_jfb_api_key;
    ?>
" value="<?php 
    echo get_option($opt_jfb_api_key);
    ?>
" /> App ID<br />
                <input type="text" size="40" name="<?php 
    echo $opt_jfb_api_sec;
    ?>
" value="<?php 
    echo get_option($opt_jfb_api_sec);
    ?>
" /> App Secret
                <input type="hidden" name="fb_opts_updated" value="1" />
                <div class="submit"><input type="submit" name="Submit" value="Connect" /></div>
            </form>
        </div> <!-- End Tab -->
        
        <div class="<?php 
    echo $allTabsClass;
    ?>
" id="<?php 
    echo $tabIds[1];
    ?>
" style="display:<?php 
    echo $shownTab == 1 ? "block" : "none";
    ?>
">
            <?php 
    if (!get_option($opt_jfb_valid)) {
        echo "<div class=\"jfb-admin_warning\"><i><b>You must enter a valid APP ID and Secret under the \"Facebook Setup\" tab before this plugin will function.</b></i></div>";
    }
    ?>
            <h3>Basic Options</h3>
            <form name="formMainOptions" method="post" action="">
                <b>Autoregistered Usernames:</b><br />
                <input type="radio" name="<?php 
    echo $opt_jfb_username_style;
    ?>
" value="0" <?php 
    echo get_option($opt_jfb_username_style) == 0 ? "checked='checked'" : "";
    ?>
 >Based on Facebook ID (i.e. FB_123456)<br />
                <input type="radio" name="<?php 
    echo $opt_jfb_username_style;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_username_style) == 1 ? "checked='checked'" : "";
    ?>
 >Based on real name with prefix (i.e. FB_John_Smith)<br />
                <input type="radio" name="<?php 
    echo $opt_jfb_username_style;
    ?>
" value="3" <?php 
    echo get_option($opt_jfb_username_style) == 3 ? "checked='checked'" : "";
    ?>
 >Based on real name without prefix (i.e. John_Smith) <i><b>(Recommended for BuddyPress)</b></i><br />
                <input type="radio" name="<?php 
    echo $opt_jfb_username_style;
    ?>
" value="2" <?php 
    echo get_option($opt_jfb_username_style) == 2 ? "checked='checked'" : "";
    ?>
 >Legacy Format (i.e. John.Smith) <i><b>(Not Recommended, <dfn title="Although the original 'BuddyPress-friendly' username format included a period, I later learned that this creates issues with author links in Wordpress.  I've left the option here for legacy support, but advise against using it (unless you have only one author on your blog, in which case Facebook-connected users won't have author links and so it doesn't matter).  If you do have multiple authors and are experiencing broken author links, changing this option will fix it for all NEW users, but you may want to consider fixing your existing users by replacing all of the '.'s with '_'s in the 'user_nicename' field of the 'wp_users' database table.">mouseover for why</dfn>)</b></i><br /><br />
            
                <b>E-Mail:</b><br />
                <input type="checkbox" name="<?php 
    echo $opt_jfb_ask_perms;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_ask_perms) ? 'checked="checked"' : '';
    ?>
 /> Request permission to get the connecting user's email address<br />
        
                <br /><b>Announcement:</b><br />
        		<?php 
    add_option($opt_jfb_stream_content, "has connected to " . get_option('blogname') . " with WP-FB AutoConnect.");
    ?>
        		<input type="checkbox" name="<?php 
    echo $opt_jfb_ask_stream;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_ask_stream) ? 'checked="checked"' : '';
    ?>
 /> Request permission to post the following announcement on users' Facebook walls when they connect for the first time:<br />
        		<input type="text" size="100" name="<?php 
    echo $opt_jfb_stream_content;
    ?>
" value="<?php 
    echo get_option($opt_jfb_stream_content);
    ?>
" /><br />
        
        		<br /><b>Avatars:</b><br />
                <input type="checkbox" name="<?php 
    echo $opt_jfb_wp_avatars;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_wp_avatars) ? 'checked="checked"' : '';
    ?>
 /> Use Facebook profile pictures as avatars<br />
        
                <br /><b>Credit:</b><br />
                <input type="checkbox" name="<?php 
    echo $opt_jfb_show_credit;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_show_credit) ? 'checked="checked"' : '';
    ?>
 /> Display a "Powered By" link in the blog footer (would be appreciated! :))<br />
        
        		<br /><b>Debug:</b><br />
        		<?php 
    add_option($opt_jfb_email_to, get_bloginfo('admin_email'));
    ?>
        		<input type="checkbox" name="<?php 
    echo $opt_jfb_email_logs;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_email_logs) ? 'checked="checked"' : '';
    ?>
 /> Send all event logs to <input type="text" size="40" name="<?php 
    echo $opt_jfb_email_to;
    ?>
" value="<?php 
    echo get_option($opt_jfb_email_to);
    ?>
" /><br />
        		<input type="checkbox" name="<?php 
    echo $opt_jfb_disablenonce;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_disablenonce) ? 'checked="checked"' : '';
    ?>
 /> Disable nonce security check (Not recommended)<br />
                <input type="checkbox" name="<?php 
    echo $opt_jfb_delay_redir;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_delay_redir) ? 'checked="checked"' : '';
    ?>
 /> Delay redirect after login (<i><u>Not for production sites!</u></i>)<br />
                <input type="checkbox" name="<?php 
    echo $opt_jfb_fulllogerr;
    ?>
" value="1" <?php 
    echo get_option($opt_jfb_fulllogerr) ? 'checked="checked"' : '';
    ?>
 /> Show full log on error (<i><u>Not for production sites!</u></i>)<br />
                <input type="hidden" name="main_opts_updated" value="1" />
                <div class="submit"><input type="submit" name="Submit" value="Save" /></div>
            </form>
    	</div><!-- End Tab -->
    
    	<div class="<?php 
    echo $allTabsClass;
    ?>
" id="<?php 
    echo $tabIds[2];
    ?>
" style="display:<?php 
    echo $shownTab == 2 ? "block" : "none";
    ?>
">
            <?php 
    if (!get_option($opt_jfb_valid)) {
        echo "<div class=\"jfb-admin_warning\"><i><b>You must enter a valid APP ID and Secret under the \"Facebook Setup\" tab before this plugin will function.</b></i></div>";
    }
    if (function_exists('jfb_output_premium_panel')) {
        jfb_output_premium_panel();
    } else {
        jfb_output_premium_panel_tease();
    }
    ?>
        </div> <!-- End Tab -->
        
        <div class="<?php 
    echo $allTabsClass;
    ?>
" id="<?php 
    echo $tabIds[3];
    ?>
" style="display:<?php 
    echo $shownTab == 3 ? "block" : "none";
    ?>
">
            <h3>Delete All Plugin Options</h3>
            The following button will <i>permanently</i> delete all of this plugin's options from your Wordpress database, as if it had never been installed.  Use with care!
            <form name="formDebugOptions" method="post" action="">
                <input type="hidden" name="remove_all_settings" value="1" />
                <div class="submit"><input type="submit" name="Submit" value="Delete" /></div>
            </form>
        </div> <!-- End Tab -->
        
        <div class="<?php 
    echo $allTabsClass;
    ?>
" id="<?php 
    echo $tabIds[4];
    ?>
" style="display:<?php 
    echo $shownTab == 4 ? "block" : "none";
    ?>
">
            <h3>Support Information</h3>
            <div style="width:600px;">
            Before submitting a support request, please make sure to carefully read all the documentation and FAQs on the <a href="<?php 
    echo $jfb_homepage;
    ?>
#faq" target="_support">plugin homepage</a>.  Every problem that's ever been reported has a solution posted there.<br /><br />                        
            If you do choose to submit a request, please do so via the <a href="<?php 
    echo $jfb_homepage;
    ?>
#feedback" target="_support">plugin homepage</a>, <i><b><u>not</u></b></i> on Wordpress.org (which I rarely check).  Also, please <i><u>specifically mention</u></i> that you've tried it with all other plugins disabled and the default theme (see <a href="<?php 
    echo $jfb_homepage;
    ?>
#faq100" target="_faq100">FAQ100</a>) and include the following information about your Wordpress environment:<br /><br />            
            </div>
            <div class="jfb-greybox">
                Host URL: <b><?php 
    echo $_SERVER["HTTP_HOST"];
    ?>
</b><br />
                Site URL: <b><?php 
    echo get_bloginfo('url');
    ?>
</b><br />
                Wordpress URL: <b><?php 
    echo get_bloginfo('wpurl');
    ?>
</b><br />
            	Wordpress Version: <b><?php 
    echo $GLOBALS['wp_version'];
    ?>
</b><br />
            	BuddyPress Version: <b><?php 
    echo defined('BP_VERSION') ? BP_VERSION : "Not Detected";
    ?>
</b><br />
            	MultiSite Status: <b> <?php 
    echo (defined('WP_ALLOW_MULTISITE') ? "Allowed" : "Off") . " / " . (function_exists('is_multisite') ? is_multisite() ? "Enabled" : "Disabled" : "Undefined");
    ?>
</b><br />
            	Browser Version: <b><?php 
    $browser = jfb_get_browser();
    echo $browser['shortname'] . " " . $browser['version'] . " for " . $browser['platform'];
    ?>
</b><br />
            	Plugin Version: <b><?php 
    echo $jfb_version;
    ?>
</b><br />
    			Addon Version: <b><?php 
    echo defined('JFB_PREMIUM_VER') ? JFB_PREMIUM_VER : "Not Detected";
    ?>
</b><br />
				Facebook API: <b><?php 
    echo class_exists('Facebook') ? "Already present!" : "OK";
    ?>
</b><br />
				Facebook App: <b><?php 
    echo get_option($opt_jfb_app_id) ? get_option($opt_jfb_app_id) : "&lt;Unset&gt;";
    ?>
</b><br/>
				Facebook Reachable: 
                <b><?php 
    $result = jfb_api_get("https://graph.facebook.com/platform");
    if (!$result) {
        echo "NO (Empty Reply)";
    } else {
        if (isset($result['error'])) {
            echo "NO (" . isset($result['error']['message']) ? $result['error']['message'] : "Unknown" . ")";
        } else {
            if (!$result['is_published']) {
                echo "NO (is_published=false)";
            } else {
                echo "OK";
            }
        }
    }
    ?>
</b><br/>
				Facebook Validated: <b><?php 
    echo get_option($opt_jfb_valid) ? "OK" : "NO";
    ?>
</b><br/>
                Theme: <b><?php 
    echo get_current_theme();
    ?>
</b><br />
                Server: <b><?php 
    echo substr($_SERVER['SERVER_SOFTWARE'], 0, 45) . (strlen($_SERVER['SERVER_SOFTWARE']) > 45 ? "..." : "");
    ?>
</b><br />
                Active Plugins: 
                <?php 
    $active_plugins = get_option('active_plugins');
    $plug_info = get_plugins();
    echo "<b>" . count($active_plugins) . "</b><small> (";
    foreach ($active_plugins as $name) {
        echo $plug_info[$name]['Title'] . " " . $plug_info[$name]['Version'] . "; ";
    }
    echo "</small>)<br />";
    ?>
<br />
            </div>
        </div> <!-- End Tab -->
    
    </div><!-- div jfb-admin_wrapper -->  
   </div> <!-- div wrap -->
<?php 
}
Example #3
0
    j_die("Error: Missing POST Data (access_token).\n\nIf you're receiving this notice via e-mail as a site administrator, it's nearly always safe to ignore (these errors are due to spambots automatically hitting your site).  If you're seeing this as a real person attempting to login, please report it to the plugin author at " . $jfb_homepage . ".");
}
$access_token = $_POST['access_token'];
$jfb_log .= "FB: Found access token (" . substr($access_token, 0, 30) . "...)\n";
//Get the basic user info and make sure the access_token is valid
$jfb_log .= "FB: Initiating Facebook connection...\n";
$fbuser = jfb_api_get("https://graph.facebook.com/me?access_token={$access_token}");
if (isset($fbuser['error'])) {
    j_die("Error: Failed to get the Facebook user session (" . $fbuser['error']['message'] . ")");
}
$fb_uid = $fbuser['id'];
do_action('wpfb_session_established', array('FB_ID' => $fb_uid, 'access_token' => $access_token));
$jfb_log .= "FB: Connected to session (uid {$fb_uid})\n";
//Get some extra stuff (TODO: I should combine these into one query with the above, for better efficiency)
$fbuser['profile_url'] = $fbuser['link'];
$pic = jfb_api_get("https://graph.facebook.com/fql?q=" . urlencode("SELECT pic_square,pic_big FROM user WHERE uid={$fb_uid}") . "&access_token={$access_token}");
$fbuser['pic_square'] = $pic['data'][0]['pic_square'];
$fbuser['pic_big'] = $pic['data'][0]['pic_big'];
$jfb_log .= "FB: Got user info (" . $fbuser['name'] . ")\n";
//See if we were given permission to access the user's email
//This isn't required, and will only matter if it's a new user without an existing WP account
//(since we'll auto-register an account for them, using the contact_email we get from Facebook - if we can...)
$userRevealedEmail = false;
if (strlen($fbuser['email']) != 0 && strpos($fbuser['email'], 'proxymail.facebook.com') === FALSE) {
    $jfb_log .= "FB: Email privilege granted (" . $fbuser['email'] . ")\n";
    $userRevealedEmail = true;
} else {
    if (strlen($fbuser['email']) != 0) {
        $jfb_log .= "FB: Email privilege granted, but only for an anonymous proxy address (" . $fbuser['email'] . ")\n";
    } else {
        $jfb_log .= "FB: Email priviledge denied.\n";