parse_signed_request PHP Code Examples

Example #1

0

Show file

File: login_facebook.php Project: bestwishforyou95/congnghemoitruong

function get_facebook_cookie($app_id, $app_secret)
{
    $signed_request = parse_signed_request(@$_COOKIE['fbsr_' . $app_id], $app_secret);
    // $signed_request should now have most of the old elements
    $signed_request['uid'] = $signed_request['user_id'];
    // for compatibility
    if (!is_null($signed_request)) {
        // the cookie is valid/signed correctly
        // lets change "code" into an "access_token"
        // openssl must enable on your server inorder to access HTTPS
        $access_token_response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id={$app_id}&redirect_uri=&client_secret={$app_secret}&code={$signed_request['code']}");
        parse_str($access_token_response);
        $signed_request['access_token'] = $access_token;
        $signed_request['expires'] = time() + $expires;
    }
    return $signed_request;
}

Example #2

0

Show file

File: register.php Project: robertholf/Empire-Playground

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
#DEBUG !
if ($_REQUEST) {
    echo '<p>signed_request contents:</p>';
    $response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);
    print_r($_REQUEST);
    echo '<pre>';
    print_r($response);
    echo '</pre>';
}
/*
 */
/* If user registered, input info. */
if ('POST' == $_SERVER['REQUEST_METHOD'] && !empty($_POST['action']) && $_POST['action'] == 'adduser') {
    $user_login = $_POST['profile_user_name'];
    $first_name = $_POST['profile_first_name'];
    $last_name = $_POST['profile_last_name'];
    $user_email = $_POST['profile_email'];
    $user_pass = NULL;
    if ($rb_login_option_registerconfirm == 1) {

Example #3

0

Show file

File: fbCreditCallback.php Project: nubert/esg-worldhack

<?php

require_once '../lib/config.php';
$request = parse_signed_request($_POST['signed_request'], $appSecret);
$request_type = $_POST['method'];
$response = '';
if ($request_type == 'payments_get_items') {
    $order_info = json_decode($request['credits']['order_info'], true);
    $item_id = $order_info['item_id'];
    $item = array('title' => '100 some game cash', 'description' => 'Spend cash in some game.', 'price' => 1, 'image_url' => 'http://some_image_url/coin.jpg');
    $response = array('content' => array(0 => $item), 'method' => $request_type);
    $response = json_encode($response);
} else {
    if ($request_type == "payments_status_update") {
        $order_details = json_decode($request['credits']['order_details'], true);
        $item_data = json_decode($order_details['items'][0]['data'], true);
        $earned_currency_order = isset($item_data['modified']) ? $item_data['modified'] : null;
        $current_order_status = $order_details['status'];
        if ($current_order_status == 'placed') {
            if ($earned_currency_order) {
                $product = $earned_currency_order['product'];
                $product_title = $earned_currency_order['product_title'];
                $product_amount = $earned_currency_order['product_amount'];
                $credits_amount = $earned_currency_order['credits_amount'];
            }
            $response = array('content' => array('status' => 'settled', 'order_id' => $order_details['order_id']), 'method' => $request_type);
            $response = json_encode($response);
        } else {
            if ($current_order_status == 'disputed') {
            } else {
                if ($current_order_status == 'refunded') {

Example #4

0

Show file

File: index.php Project: rsery/falling-flower-7627

<?php

//local
//putenv("FACEBOOK_APP_ID=303645853062039");
//putenv("FACEBOOK_SECRET=ecff0039038ebcaf7bfbc3760c2f90ea");
require_once 'AppInfo.php';
require_once 'utils.php';
require_once 'sdk/src/facebook.php';
$facebook = new Facebook(array('appId' => AppInfo::appID(), 'secret' => AppInfo::appSecret()));
$user_id = $facebook->getUser();
$likes_page = false;
$data = parse_signed_request($_REQUEST['signed_request'], AppInfo::appSecret());
if ($data != null && is_array($data)) {
    $likes_page = $data['page']['liked'];
}
// Fetch the basic info of the app that they are using
$app_info = $facebook->api('/' . AppInfo::appID());
$app_name = idx($app_info, 'name', '');
?>
<!DOCTYPE html>
<html xmlns:fb="http://ogp.me/ns/fb#" lang="en">
  <head>
    <meta charset="utf-8" />
	    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes" />

	    <title><?php 
echo he($app_name);
?>
</title>
	    <link rel="stylesheet" href="stylesheets/screen.css" media="Screen" type="text/css" />
	    <link href="stylesheets/lightbox.css" rel="stylesheet" />

Example #5

0

Show file

File: index.php Project: Baagii9922/fb-diagnostics

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
include __DIR__ . '/../includes/__init__.php';
echo output_header($config['RootUrl']);
$signed_request = parse_signed_request($_REQUEST['signed_request'], $config['AppSecret']);
$page_name = json_decode(curl_call('https://graph.facebook.com/' . $signed_request['page']['id']), true);
// Does the viewing user like the page?
if ($signed_request['page']['liked']) {
    $like_status = '<span class="label label-success">Yes</span>';
} else {
    $like_status = '<span class="label label-important">No</span>';
}
// is the viewing user an admin?
if ($signed_request['page']['admin']) {
    $admin_status = '<span class="label label-success">Yes</span>';
} else {
    $admin_status = '<span class="label label-important">No</span>';
}
// what age is the viewing user
if ($signed_request['user']['age']['min'] >= 21) {

Example #6

0

Show file

File: register-mu.php Project: google-code-backups/pumpmyvote

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
$url = get_bloginfo('wpurl') . '/wp-signup.php';
if ($_REQUEST) {
    $options = get_option('fbregister_options');
    $response = parse_signed_request($_REQUEST['signed_request'], $options['app_secret']);
    $user_login = $response['registration']['username'];
    $user_email = $response['registration']['email'];
    $signup_for = isset($response['registration']['signup_for']) ? $response['registration']['signup_for'] : 'user';
} else {
    header("location: {$url}");
}
?>
<html>
<head>
<title>Processing your request...</title>
</head>
<body OnLoad="OnLoadEvent();">
<form name="redirectForm" action="<?php 
echo $url;
?>

Example #7

0

Show file

File: payments.php Project: tmgames-nl/GameOver-PHP-Payments

<?php

$shared_secret = '#_YOUR_SHARED_SECRET_#';
$request = parse_signed_request($_GET['signed_request'], $shared_secret);
$request_type = $request['method'];
$response = '';
if ($request_type == 'payments_get_items') {
    // Supply the correct information for the package
    // Expected parameters: title, description, price, image_url
    $item = array('title' => 'Title of the package', 'description' => 'Use these coins to milk faster...', 'price' => '199', 'image_url' => 'http://www.iconshock.com/img_jpg/CLEAN/accounting/jpg/256/coins_icon.jpg');
    // Construct response.
    $response = array('content' => array(0 => $item), 'method' => $request_type);
    // Response must be JSON encoded.
    $response = json_encode($response);
    // Send response.
    echo $response;
    // kthxbye
    exit;
} elseif ($request_type == 'payments_status_update') {
    // Get the specific details for this order
    $order_details_status = $request['status'];
    $order_details_id = $request['order_id'];
    if ($order_details_status == 'placed') {
        // The payment has been succesfully handled on our side
        $new_status = 'settled';
    } elseif ($order_details_status == 'failed') {
        // The payment has been unsuccesfully handled on our side
        $new_status = 'failed';
    }
    // Construct response.
    $response = array('content' => array('status' => $new_status, 'order_id' => $order_details_id), 'method' => $request_type);

Example #8

0

Show file

File: deauthorize.php Project: Jessicasoon/ProjectKentRidgeV2

<?php

// Deauthorize Callback
require 'variables.php';
require 'member.php';
// We set the users's isActive flag to 0
// here you'll get the user id who is removing or deauthorize your application
if (isset($_REQUEST['signed_request'])) {
    $data = parse_signed_request($_REQUEST['signed_request'], $FB_SECRET);
    $member_id = $data['user_id'];
    $member = new Member($member_id);
    $member->deauthorize();
} else {
    echo "Nothing to do";
}
/* These methods are provided by facebook
 
http://developers.facebook.com/docs/authentication/canvas
 
*/
function parse_signed_request($signed_request, $secret)
{
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);
    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }
    // check sig

Example #9

0

Show file

File: sample.php Project: jorgeavilacardenosa/signed-request

#!/usr/bin/env php
<?php 
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
function parse_signed_request($input, $secret, $max_age = 3600)
{
    list($encoded_sig, $encoded_envelope) = explode('.', $input, 2);
    $envelope = json_decode(base64_url_decode($encoded_envelope), true);
    $algorithm = $envelope['algorithm'];
    if ($algorithm != 'HMAC-SHA256') {
        throw new Exception('Invalid request. (Unsupported algorithm.)');
    }
    if ($envelope['issued_at'] < time() - $max_age) {
        throw new Exception('Invalid request. (Too old.)');
    }
    if (base64_url_decode($encoded_sig) != hash_hmac('sha256', $encoded_envelope, $secret, $raw = true)) {
        throw new Exception('Invalid request. (Invalid signature.)');
    }
    return $envelope;
}
// process from stdin
$input = fgets(fopen('php://stdin', 'r'));
$secret = '13750c9911fec5865d01f3bd00bdf4db';
try {
    echo json_encode(parse_signed_request($input, $secret));
} catch (Exception $e) {
    fwrite(fopen('php://stderr', 'w'), $e);
}

Example #10

0

Show file

File: index.php Project: nathanjordan/fbMongo

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);
    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
$json = parse_signed_request($signed_request, $secret);
$userid = $json["user_id"];
if ($userid . length == 0) {
    echo "<h3>Looks like you're not authenticated :(</h3>";
} else {
    $con = mysql_connect("localhost", "root", "Fuc5de3@wr");
    mysql_select_db("wordpress", $con);
    $query = sprintf("REPLACE INTO fbmongousers ( id ) VALUES ( '%s' )", mysql_real_escape_string($userid));
    //print $query;
    mysql_query($query);
}
echo "<h3>I have access to your likes and your friends likes, theres nothing else for you to do! have a nice day!</h3>";

Example #11

0

Show file

File: main.php Project: naval777/Websites

function register()
{
    // fb register
    define('FACEBOOK_APP_ID', '930557470312181');
    define('FACEBOOK_SECRET', '06eb27939ef83a8f3f58434ca5a328bd');
    // No need to change function body
    function parse_signed_request($signed_request, $secret)
    {
        list($encoded_sig, $payload) = explode('.', $signed_request, 2);
        // decode the data
        $sig = base64_url_decode($encoded_sig);
        $data = json_decode(base64_url_decode($payload), true);
        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            error_log('Unknown algorithm. Expected HMAC-SHA256');
            return null;
        }
        // check sig
        $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
        if ($sig !== $expected_sig) {
            error_log('Bad Signed JSON signature!');
            return null;
        }
        return $data;
    }
    function base64_url_decode($input)
    {
        return base64_decode(strtr($input, '-_', '+/'));
    }
    if ($_REQUEST) {
        $response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);
        /*
        echo "<pre>";
        print_r($response);
        echo "</pre>"; // Uncomment this for printing the response Array
        */
    }
    $results = array();
    $results['pageTitle'] = "Register | Name of the website";
    $user = new User($response["registration"]);
    $birthDate = $user->birthday;
    $birthDate = explode("/", $birthDate);
    $user->age = date("md", date("U", mktime(0, 0, 0, $birthDate[0], $birthDate[1], $birthDate[2]))) > date("md") ? date("Y") - $birthDate[2] - 1 : date("Y") - $birthDate[2];
    $user->icon_link = DEFAULT_USER_IMAGE;
    $user->verification = "notVerified";
    if ($user->insert()) {
        $results['successMessage'] = "Registration successful. Please login.";
        header("Location: ../search.php");
    } else {
        //echo User::errorInfo();
        if (User::errorCode() == 23000) {
            $results['errorMessage'] = "Registration unsuccessful, user already exists. <a href=\"#\">Forgot Password?</a>";
        } else {
            if (User::errorCode() == "ERR_INV_EMAIL") {
                $results['errorMessage'] = "Registration unsuccessful, invalid email address provided.";
            } else {
                if (User::errorCode() == "ERR_INV_NAME") {
                    $results['errorMessage'] = "Registration unsuccessful, invalid name provided.";
                } else {
                    if (User::errorCode() == "ERR_INV_PHONE") {
                        $results['errorMessage'] = "Registration unsuccessful, invalid phone number provided.";
                    } else {
                        $results['errorMessage'] = "Registration unsuccessful. Please try again.";
                    }
                }
            }
        }
        header("Location: ../index.php");
    }
}

Example #12

0

Show file

File: index.php Project: raulmangolin/Simple-Facebook-Canvas-Connect

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
//Set facebook session
$facebook_session = parse_signed_request($_POST['signed_request'], $facebook_app_secret);
//Set facebook permissions (more: http://developers.facebook.com/docs/authentication/permissions)
$facebook_permissions = 'user_about_me,publish_stream';
//Set login URL
$facebook_login_url = $facebook->getLoginUrl(array('req_perms' => $facebook_permissions), $facebook_canvas_page);
//Checks if the user is authenticated. If not, go to the login.
if (!isset($facebook_session['oauth_token'])) {
    header("Location: " . $facebook_login_url);
} else {
    //User data
    $me = $facebook->api("/me");
    //Print
    print_r($me);
}

Example #13

0

Show file

File: index.php Project: kbrabrand/sdk-php

    list($encoded_sig, $payload) = $arr;
    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = base64_url_decode($payload);
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, true);
    if ($sig !== $expected_sig) {
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
$parsed = parse_signed_request($post, $SPID_CREDENTIALS[VGS_Client::CLIENT_SIGN_SECRET]);
$logger("Parsed : {$parsed}");
$data = $parsed ? json_decode($parsed, true) : false;
// END OF VERBOSE EXAMPLE
/**************************************/
// OR
/**************************************/
// START OF SDK EXAMPLE
//$data = $client->parseSignedRequest($post);
// END OF SDK EXAMPLE
/**************************************/
if (!$data) {
    $logger(" BAD SIGNATURE!");
    // for testing negative response, use a different response code
    header('HTTP/1.0 401 Unauthorized', true, 401);
    return;

Example #14

0

Show file

File: index.php Project: shawmjustin/Contest

    }
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
$secret = 'e6ea32cfe8d954562bf42353d03c5de6';
$signed_request = $_REQUEST['signed_request'];
$response = parse_signed_request($signed_request, $secret);
$req = $facebook->getSignedRequest();
/*
print_r($response);
*/
?>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#">
<head>
<style>
*{
	border:none;
	float:left;
	margin: none;
	padding: none;
}

Example #15

0

Show file

File: endpoint.php Project: flyeven/Meet-Univ

    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }
    return $data;
}
// Helper function for parsing signed request
function base64_url_decode($input)
{
    return base64_decode(strtr($input, '-_', '+/'));
}
// Variable to hold success result
$success_result = 'false';
// Parse the signed request
$parsed_data = parse_signed_request($_REQUEST['signed_request'], $app_secret);
if ($parsed_data != null) {
    // Get the access token
    $access_token = $parsed_data['oauth_token'];
    // Get the object URL
    $product = $parsed_data['objects'][0]['url'];
    // The Graph API endpoint for publishing a save action
    $graph_url_publish = "https://graph.facebook.com/me/meetuniversities:view?access_token=" . $access_token;
    $postdata = http_build_query(array('website' => $product));
    $opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
    $context = stream_context_create($opts);
    // Publish the save action
    $result = json_decode(file_get_contents($graph_url_publish, false, $context));
    if ($result != null && isset($result->id)) {
        // Set the result flag to true
        $success_result = 'true';

Example #16

0

Show file

File: mgm_facebook_functions.php Project: jervy-ez/magic-members-test

function mgm_pre_process_facebook_registration()
{
    // system
    $system_obj = mgm_get_class('system');
    $user_login = $user_email = '';
    if (isset($_GET['connect']) && $_GET['connect'] == 'facebook_registration') {
        if (isset($_REQUEST['signed_request'])) {
            $response = parse_signed_request($_REQUEST['signed_request'], $system_obj->setting['facebook_key']);
            if (isset($response['registration']['user_login'])) {
                $user_login = $response['registration']['user_login'];
            }
            if (isset($response['registration']['email'])) {
                $user_email = $response['registration']['email'];
            }
            if (isset($response['registration']['email'])) {
                $_POST['mgm_subscription'] = $response['registration']['mgm_subscription'];
            }
            // get error
            $errors = mgm_register_new_user($user_login, $user_email, null);
            // no error
            if (!is_wp_error($errors)) {
                // get redirect
                $redirect = mgm_get_custom_url('login', $use_default_links, array('checkemail' => 'registered'));
                // check default
                $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : $redirect;
                // redirect
                wp_safe_redirect($redirect_to);
                // exit
                exit;
            }
            // errors
            $error_html = mgm_set_errors($errors, true);
        }
    }
}

PHP parse_signed_request Examples