Example #1
0
 /**
  * Authenticates the current viewer of the app, prompting them to login and
  * grant permissions if necessary.  For more information, check the
  * 'https://developers.facebook.com/docs/authentication/'
  *
  * @return app access token if login is successful
  */
 public static function login($redirect)
 {
     $app_id = AppInfo::appID();
     $app_secret = AppInfo::appSecret();
     $home = AppInfo::getHome();
     // Scope defines what permissions that we are asking the user to grant.
     // In this example, we are asking for the ability to publish stories
     // about using the app, access to what the user likes, and to be able
     // to use their pictures.  You should rewrite this scope with whatever
     // permissions your app needs.
     // See https://developers.facebook.com/docs/reference/api/permissions/
     // for a full list of permissions
     $scope = 'user_likes,user_photos,user_photo_video_tags';
     session_start();
     $code = $_REQUEST["code"];
     // If we don't have a code returned from Facebook, the first step is to get
     // that code
     if (empty($code)) {
         // CSRF protection - for more information, look at 'Security Considerations'
         // at 'https://developers.facebook.com/docs/authentication/'
         $state = md5(uniqid(rand(), TRUE));
         setcookie(AppInfo::appID() . '-fb-app', $state, $expires = 0, $path = "", $domain = "", $secure = "", $httponly = true);
         // Now form the login URL that you will use to authorize your app
         $authorize_url = "https://www.facebook.com/dialog/oauth?client_id={$app_id}" . "&redirect_uri={$home}&state=" . $state . "&scope={$scope}";
         // Now we redirect the user to the login page
         echo "<script> top.location.href='" . $authorize_url . "'</script>";
         return false;
         // Once we have that code, we can now request an access-token.  We check to
         // ensure that the state has remained the same.
     } else {
         if ($_REQUEST['state'] === $_COOKIE[AppInfo::appID() . '-fb-app']) {
             $ch = curl_init("https://graph.facebook.com/oauth/access_token");
             curl_setopt($ch, CURLOPT_POSTFIELDS, "client_id={$app_id}&redirect_uri={$home}&client_secret={$app_secret}" . "&code={$code}&scope={$scope}");
             curl_setopt($ch, CURLOPT_POST, 1);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
             $response = curl_exec($ch);
             // Once we get a response, we then parse it to extract the access token
             parse_str($response, $params);
             $token = $params['access_token'];
             return $token;
             // In the event that the two states do not match, we return false to signify
             // that something has gone wrong during authentication
         } else {
             echo "States do not match.  CSRF?";
             return false;
         }
     }
 }
Example #2
0
    // Fetch the basic info of the app that they are using
    $app_id = AppInfo::appID();
    $app_info = FBUtils::fetchFromFBGraph("{$app_id}?access_token={$token}");
    // This fetches some things that you like . 'limit=*" only returns * values.
    // To see the format of the data you are retrieving, use the "Graph API
    // Explorer" which is at https://developers.facebook.com/tools/explorer/
    $likes = array_values(idx(FBUtils::fetchFromFBGraph("me/likes?access_token={$token}&limit=4"), 'data'));
    // This fetches 4 of your friends.
    $friends = array_values(idx(FBUtils::fetchFromFBGraph("me/friends?access_token={$token}&limit=4"), 'data'));
    // And this returns 16 of your photos.
    $photos = array_values(idx($raw = FBUtils::fetchFromFBGraph("me/photos?access_token={$token}&limit=16"), 'data'));
    // Here is an example of a FQL call that fetches all of your friends that are
    // using this app
    $app_using_friends = FBUtils::fql("SELECT uid, name, is_app_user, pic_square FROM user WHERE uid in (SELECT uid2 FROM friend WHERE uid1 = me()) AND is_app_user = 1", $token);
    // This formats our home URL so that we can pass it as a web request
    $encoded_home = urlencode(AppInfo::getHome());
    $redirect_url = $encoded_home . 'close.php';
    // These two URL's are links to dialogs that you will be able to use to share
    // your app with others.  Look under the documentation for dialogs at
    // developers.facebook.com for more information
    $send_url = "https://www.facebook.com/dialog/send?redirect_uri={$redirect_url}&display=popup&app_id={$app_id}&link={$encoded_home}";
    $post_to_wall_url = "https://www.facebook.com/dialog/feed?redirect_uri={$redirect_url}&display=popup&app_id={$app_id}";
} else {
    // Stop running if we did not get a valid response from logging in
    exit("Invalid credentials");
}
?>

<!-- This following code is responsible for rendering the HTML   -->
<!-- content on the page.  Here we use the information generated -->
<!-- in the above requests to display content that is personal   -->