/**
* Function to revoke the application access to Facebook account.
* @param array ['access_token'=> authorized user access token, 'user_id'=> user id, 'media_id'=> facebook media id, 'permissions'=> user permission to revoke]
* @return boolean true|false
* @throws FacebookSDKException if ((user id OR media id) AND access token) OR permission to revoke are missing
*
*/
public function RevokeAccess($params)
{
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
$FACEBOOK_MEDIA_ID = isset($params[self::MEDIA_ID]) ? $params[self::MEDIA_ID] : null;
$ACCESS_TOKEN = isset($params[self::AUTH_TOKEN]) ? $params[self::AUTH_TOKEN] : null;
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
$PERMISSION_TO_REVOKE = isset($params[self::PERMISSIONS]) ? $params[self::PERMISSIONS] : null;
// 0. Check if permission is set
// if(empty($PERMISSION_TO_REVOKE))
// throw new FacebookSDKException('Revoke permission is not set.');
// 1. If IS NOT set access token - get from DB by USER_ID
if (empty($ACCESS_TOKEN)) {
if (empty($USER_ID)) {
throw new FacebookSDKException('To get access token from DB you need to supply USER_ID');
}
if (empty($FACEBOOK_MEDIA_ID)) {
throw new FacebookSDKException('To get access token from DB you need to supply FACEBOOK_MEDIA_ID');
}
$params_social = array(\Av\MediaUserModel::MEDIA_ID => $FACEBOOK_MEDIA_ID, \Av\MediaUserModel::USER_ID => $USER_ID);
$oSocialUserMapper = new \Av\MediaUserModel();
$access_token_info = $oSocialUserMapper->GetCredentials($params_social);
$ACCESS_TOKEN = isset($access_token_info[\Av\MediaUserModel::ACCESS_TOKEN]) ? $access_token_info[\Av\MediaUserModel::ACCESS_TOKEN] : null;
if (empty($ACCESS_TOKEN)) {
throw new FacebookSDKException("No access token is saved for USER_ID {$USER_ID}");
}
}
$session = new FacebookSession($ACCESS_TOKEN);
$request = new FacebookRequest($session, 'DELETE', "/me/permissions/{$PERMISSION_TO_REVOKE}");
$graphObject = $request->execute()->getGraphObject();
$this->AddDebug(__METHOD__ . " #" . __LINE__ . "permission {$PERMISSION_TO_REVOKE} deleted with status " . print_r($graphObject, true));
}
public function SaveUser($params)
{
$MEDIA_ID = isset($params[\Av\MediaUserModel::MEDIA_ID]) ? $params[\Av\MediaUserModel::MEDIA_ID] : null;
$USER_ID = isset($params[\Av\MediaUserModel::USER_ID]) ? $params[\Av\MediaUserModel::USER_ID] : null;
$SOCIAL_USER_ID = isset($params[\Av\MediaUserModel::SOCIAL_USER_ID]) ? $params[\Av\MediaUserModel::SOCIAL_USER_ID] : null;
$STATUS = isset($params[\Av\MediaUserModel::STATUS]) ? $params[\Av\MediaUserModel::STATUS] : \Av\MediaUserModel::STATUS_ACTIVE;
$ACCESS_TOKEN = isset($params[\Av\MediaUserModel::ACCESS_TOKEN]) ? $params[\Av\MediaUserModel::ACCESS_TOKEN] : null;
$REFRESH_TOKEN = isset($params[\Av\MediaUserModel::REFRESH_TOKEN]) ? $params[\Av\MediaUserModel::REFRESH_TOKEN] : null;
$ROLE_ID = isset($params[\Av\UserModel::ROLE_ID]) ? $params[\Av\UserModel::ROLE_ID] : null;
$EMAIL = isset($params[\Av\UserModel::USER_EMAIL]) ? $params[\Av\UserModel::USER_EMAIL] : null;
$DISPLAY_NAME = isset($params[\Av\UserModel::DISPLAY_NAME]) ? $params[\Av\UserModel::DISPLAY_NAME] : null;
$oUserMapper = new \Av\UserModel();
$oMediaUserMapper = new \Av\MediaUserModel();
// 1. If USER_ID is not set - it is initial login or signup
if (empty($USER_ID)) {
//1.1 Check by EMAIL if user exists in "user" table
if (empty($EMAIL)) {
return false;
}
// $this->AddDebug(__METHOD__ . " #" . __LINE__ . " email:" . print_r($EMAIL, true));
$params_user = array(\Av\UserModel::USER_EMAIL => $EMAIL);
$user_info = $oUserMapper->GetUserInfo($params_user);
// $this->AddDebug(__METHOD__ . " #" . __LINE__ . " user_info:" . print_r($user_info, true));
if ($user_info === false) {
//1.2 User does not exist. Create new.
$params_user[\Av\UserModel::DISPLAY_NAME] = $DISPLAY_NAME;
$params_user[\Av\UserModel::ROLE_ID] = $ROLE_ID;
$params_user[\Av\UserModel::USER_STATUS] = $STATUS;
$USER_ID = $oUserMapper->SaveUserInfo($params_user);
// $this->AddDebug(__METHOD__ . " #" . __LINE__ . " saved user_id {} params:" . print_r($params_user, true));
if (empty($USER_ID) || $USER_ID === false) {
return false;
}
} else {
$ROLE_ID = isset($user_info[\Av\UserModel::ROLE_ID]) ? $user_info[\Av\UserModel::ROLE_ID] : null;
$USER_ID = isset($user_info[\Av\UserModel::USER_ID]) ? $user_info[\Av\UserModel::USER_ID] : null;
$DISPLAY_NAME = isset($user_info[\Av\UserModel::DISPLAY_NAME]) ? $user_info[\Av\UserModel::DISPLAY_NAME] : null;
}
}
$params_media_user = array(\Av\MediaUserModel::MEDIA_ID => (int) $MEDIA_ID, \Av\MediaUserModel::USER_ID => (int) $USER_ID, \Av\MediaUserModel::ACCESS_TOKEN => $ACCESS_TOKEN, \Av\MediaUserModel::SOCIAL_USER_ID => isset($SOCIAL_USER_ID) ? $SOCIAL_USER_ID : 'n/a', \Av\MediaUserModel::STATUS => $STATUS, \Av\MediaUserModel::REFRESH_TOKEN => isset($REFRESH_TOKEN) ? $REFRESH_TOKEN : null);
// 2. Save new social media user credentials
$bSaved = $oMediaUserMapper->SaveCredentials($params_media_user);
$this->AddDebug(__METHOD__ . " #" . __LINE__ . " is user saved with success {$bSaved}");
// 3. return authenticated user credentials
if ($bSaved !== false) {
// 3. Save to auth object and ssession
$params_login = array(\Av\AuthController::USER_ID => (int) $USER_ID, \Av\AuthController::USER_NAME => $DISPLAY_NAME, \Av\AuthController::USER_ROLE_ID => (int) $ROLE_ID);
\Av\AuthController::LogIn($params_login);
} else {
return false;
}
}
/**
* Function to revoke the application access to google account. Dumn revoke process - revokes all your account access.
* @param array ['user_id'=> user id, 'media_id'=> social media id]
* @return boolean true|false
* @throws \Google_Exception if user id or media id are missed
*/
public function RevokeAccess($params)
{
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
$GOOGLE_MEDIA_ID = isset($params[self::MEDIA_ID]) ? $params[self::MEDIA_ID] : null;
if (!isset($USER_ID) || !isset($GOOGLE_MEDIA_ID)) {
throw new \Google_Exception('User ID and / or Google Media ID are invalid');
}
$oMediaUserMapper = new \Av\MediaUserModel();
$params_user_credentials = array(\Av\MediaUserModel::MEDIA_ID => $GOOGLE_MEDIA_ID, \Av\MediaUserModel::USER_ID => $USER_ID);
$arrUserCredentials = $oMediaUserMapper->GetCredentials($params_user_credentials);
if (empty($arrUserCredentials[\Av\MediaUserModel::REFRESH_TOKEN])) {
throw new \Google_Exception("Refresh token is not set for user id {$USER_ID} media id {$GOOGLE_MEDIA_ID} ");
}
if (empty($arrUserCredentials[\Av\MediaUserModel::ACCESS_TOKEN])) {
throw new \Google_Exception("Access token is not set for user id {$USER_ID} media id {$GOOGLE_MEDIA_ID} ");
}
// 3. Extract access token
// $ACCESS_TOKEN = $arrUserCredentials[\Av\MediaUserModel::ACCESS_TOKEN];
$REFRESH_TOKEN = $arrUserCredentials[\Av\MediaUserModel::REFRESH_TOKEN];
$client = new \Google_Client();
return $client->revokeToken($REFRESH_TOKEN);
}
/**
* reads G+ basic user profile data as "Dispaly Name", "id", "Gender" if uathorized "emails"
*
* @param
*
* $params <b>array</b>
* array(<br>
* 'auth_token'=>access token, // (optional)<br>
* 'auth_refresh_token'=> refresh token,// (optional)<br>
* 'user_id'=> system user id, // (required)<br>
* )<br>
*
* @return void To access prifile propert use object getters:
* <p>
* 1. G+ account emails - $this->GetUserEmail()
* 2. G+ user display name - $this->GetName()
* 3. G+ user id - $this->GetMediaUserId()
* </p>
*/
public function MeAction($params)
{
$ACCESS_TOKEN = isset($params[self::AUTH_TOKEN]) ? $params[self::AUTH_TOKEN] : null;
$REFRESH_TOKEN = isset($params[self::AUTH_REFRESH_TOKEN]) ? $params[self::AUTH_REFRESH_TOKEN] : null;
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
// 1. If IS NOT set access token and refresh token - get fro DB by USER_ID
if (empty($ACCESS_TOKEN) && empty($REFRESH_TOKEN)) {
if (empty($USER_ID)) {
throw new \Google_Exception('To get access token and refresh token you need to supply USER_ID');
}
$params_social = array(\Av\MediaUserModel::MEDIA_ID => \Av\MediaModel::MEDIA_GOOGLE_PLUS, \Av\MediaUserModel::USER_ID => $USER_ID);
$oSocialUserMapper = new \Av\MediaUserModel();
$access_token_info = $oSocialUserMapper->GetCredentials($params_social);
if ($access_token_info === false) {
throw new \Google_Exception("No access token and refresh token are saved for USER_ID {$USER_ID}");
}
$ACCESS_TOKEN = isset($access_token_info[\Av\MediaUserModel::ACCESS_TOKEN]) ? $access_token_info[\Av\MediaUserModel::ACCESS_TOKEN] : null;
$REFRESH_TOKEN = isset($access_token_info[\Av\MediaUserModel::REFRESH_TOKEN]) ? $access_token_info[\Av\MediaUserModel::REFRESH_TOKEN] : null;
if (empty($ACCESS_TOKEN) || empty($REFRESH_TOKEN)) {
throw new \Google_Exception("access token OR refresh token is missing for USER_ID {$USER_ID}");
}
}
// 2. Get app credentials
$oMediaClients = new \Av\ClientCredentialsModel();
$params_credentials = array(\Av\ClientCredentialsModel::MEDIA_ID => \Av\MediaModel::MEDIA_GOOGLE_PLUS);
$credential = $oMediaClients->GetCredentials($params_credentials);
$CLIENT_ID = isset($credential[\Av\ClientCredentialsModel::CLIENT_ID]) ? $credential[\Av\ClientCredentialsModel::CLIENT_ID] : null;
$CLIENT_SECRET = isset($credential[\Av\ClientCredentialsModel::CLIENT_SECRET]) ? $credential[\Av\ClientCredentialsModel::CLIENT_SECRET] : null;
if (!isset($CLIENT_ID) || !isset($CLIENT_SECRET)) {
throw new \Google_Exception('You must fill out the CLIENT credentials');
}
// $this->AddDebug(__METHOD__ . " #" .__LINE__ . " acess " . print_r($ACCESS_TOKEN,true));
// $this->AddDebug(__METHOD__ . " #" .__LINE__ . " refresh " . print_r($REFRESH_TOKEN,true));
//
// return;
// 3. Check if access token is valid, if not, get new by refresh token
$oTokenValidator = new GoogleAuthResponseController();
$params_valid_access_token = array(self::AUTH_TOKEN => $ACCESS_TOKEN, self::AUTH_REFRESH_TOKEN => $REFRESH_TOKEN, self::USER_ID => $USER_ID, self::MEDIA_ID => \Av\MediaModel::MEDIA_GOOGLE_PLUS, self::CLIENT_ID => $CLIENT_ID, self::CLIENT_SECRET => $CLIENT_SECRET);
$ACCESS_TOKEN = $oTokenValidator->getValidAccessToken($params_valid_access_token);
// 4. Create plus_service
$client = new \Google_Client();
$client->setClientId($CLIENT_ID);
$client->setClientSecret($CLIENT_SECRET);
$client->setAccessToken($ACCESS_TOKEN);
//grant_type=refresh_token
$oMeDataService = new \Google_Service_Plus($client);
// 4. Get Me data
$oMe = $oMeDataService->people->get('me');
// $this->AddDebug(__METHOD__ . " #" . __LINE__ . " me:" . print_r($oMe, true));
$this->SetName($oMe->getDisplayName());
// $this->AddDebug(__METHOD__ . " #" . __LINE__ . " my emails are:" . print_r($arrEmails, true));
$this->SetUserEmail($oMe->getEmails());
$this->SetMediaUserId($oMe->getId());
$this->SetVerified($oMe->getVerified());
$this->SetUserImage($oMe->getImage());
$this->SetUserAboutMe($oMe->getAboutMe());
}
public function getValidAccessToken($params)
{
$CLIENT_ID = isset($params[self::CLIENT_ID]) ? $params[self::CLIENT_ID] : null;
$CLIENT_SECRET = isset($params[self::CLIENT_SECRET]) ? $params[self::CLIENT_SECRET] : null;
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
$MEDIA_ID = isset($params[self::MEDIA_ID]) ? $params[self::MEDIA_ID] : null;
$ACCESS_TOKEN = isset($params[self::AUTH_TOKEN]) ? $params[self::AUTH_TOKEN] : null;
$REFRESH_TOKEN = isset($params[self::AUTH_REFRESH_TOKEN]) ? $params[self::AUTH_REFRESH_TOKEN] : null;
if (!isset($CLIENT_ID) || !isset($CLIENT_SECRET)) {
$oMediaClients = new \Av\ClientCredentialsModel();
$params_credentials = array(\Av\ClientCredentialsModel::MEDIA_ID => $MEDIA_ID);
$credential = $oMediaClients->GetCredentials($params_credentials);
if ($credential === false) {
throw new \Google_Exception('You must fill out the CLIENT credentials');
}
$CLIENT_ID = isset($credential[\Av\ClientCredentialsModel::CLIENT_ID]) ? $credential[\Av\ClientCredentialsModel::CLIENT_ID] : null;
$CLIENT_SECRET = isset($credential[\Av\ClientCredentialsModel::CLIENT_SECRET]) ? $credential[\Av\ClientCredentialsModel::CLIENT_SECRET] : null;
}
// 2. Find authorization credentials for given user/media
$oMediaUserMapper = new \Av\MediaUserModel();
if (empty($ACCESS_TOKEN)) {
// 3. if access token is not set - this call is made by server, without user contenst
if (empty($USER_ID) || empty($MEDIA_ID)) {
throw new \Google_Exception('You must passt the USER ID and MEDIA ID parameter to get access and refresh tokens from DB');
}
$params_user_credentials = array(\Av\MediaUserModel::MEDIA_ID => $MEDIA_ID, \Av\MediaUserModel::USER_ID => $USER_ID);
$arrUserCredentials = $oMediaUserMapper->GetCredentials($params_user_credentials);
if (empty($arrUserCredentials[\Av\MediaUserModel::REFRESH_TOKEN])) {
throw new \Google_Exception("Refresh token is not set for user id {$USER_ID} ");
}
if (empty($arrUserCredentials[\Av\MediaUserModel::ACCESS_TOKEN])) {
throw new \Google_Exception("Access token is not set for user id {$USER_ID} ");
}
// 3. Extract access token
$ACCESS_TOKEN = $arrUserCredentials[\Av\MediaUserModel::ACCESS_TOKEN];
$REFRESH_TOKEN = $arrUserCredentials[\Av\MediaUserModel::REFRESH_TOKEN];
}
// 4. check if the access token valid
$client = new \Google_Client();
$client->setClientId($CLIENT_ID);
$client->setClientSecret($CLIENT_SECRET);
$client->setAccessToken($ACCESS_TOKEN);
if ($client->isAccessTokenExpired()) {
// 4.1 Old access token is not valid - get new access token
if (isset($REFRESH_TOKEN)) {
$client->refreshToken($REFRESH_TOKEN);
} else {
throw new \Google_Exception("Invalid refresh token.");
}
// 4.2 save new access token in DB
$ACCESS_TOKEN = $client->getAccessToken();
if (isset($ACCESS_TOKEN)) {
if (empty($USER_ID) || empty($MEDIA_ID)) {
throw new \Google_Exception('You must passt the USER ID and MEDIA ID parameter to get access and refresh tokens from DB');
}
$params_new_credentials = array(\Av\MediaUserModel::ACCESS_TOKEN => $ACCESS_TOKEN, \Av\MediaUserModel::MEDIA_ID => $MEDIA_ID, \Av\MediaUserModel::USER_ID => $USER_ID);
$oMediaUserMapper->SaveCredentials($params_new_credentials);
} else {
throw new \Google_Exception("Could not refresh access token.");
}
}
return $ACCESS_TOKEN;
}
/**
* Reads Facebook user oermissions
* @param array $params:
* $params['user_id'] => system user id
* OR
* $params['user_id'] => access token
* @return type void
* @throws FacebookSDKException
*/
public function PermissionsAction($params)
{
$ACCESS_TOKEN = isset($params[self::AUTH_TOKEN]) ? $params[self::AUTH_TOKEN] : null;
$USER_ID = isset($params[self::USER_ID]) ? $params[self::USER_ID] : null;
// 1. If IS NOT set access token - get from DB by USER_ID
if (empty($ACCESS_TOKEN)) {
if (empty($USER_ID)) {
throw new FacebookSDKException('To get access token you need to supply USER_ID');
}
$params_social = array(\Av\MediaUserModel::MEDIA_ID => \Av\MediaModel::MEDIA_FACEBOOK, \Av\MediaUserModel::USER_ID => $USER_ID);
$oSocialUserMapper = new \Av\MediaUserModel();
$access_token_info = $oSocialUserMapper->GetCredentials($params_social);
$ACCESS_TOKEN = isset($access_token_info[\Av\MediaUserModel::ACCESS_TOKEN]) ? $access_token_info[\Av\MediaUserModel::ACCESS_TOKEN] : null;
if (empty($ACCESS_TOKEN)) {
throw new FacebookSDKException("No access token is saved for USER_ID {$USER_ID}");
}
}
$session = new FacebookSession($ACCESS_TOKEN);
// get granted permissions
try {
$fbRequest = new FacebookRequest($session, 'GET', '/me/permissions');
$graphObject = $fbRequest->execute()->getGraphObject(GraphPermission::ClassName())->asArray();
$this->SetCurrentPermissions($graphObject);
} catch (FacebookSDKException $e) {
echo __METHOD__ . __LINE__ . " Facebook error during authentication <br><pre>";
var_dump($e);
echo "</pre>";
return;
}
}
