function api_canvas_parameters_other($app_id, $user) { // Add the list of friends and the friends who've added the app // to the POST we make $app_info = application_get_info($app_id); $api_friends = user_get_all_friends($user); foreach ($api_friends as $k => $friend) { if (!platform_can_see_app($app_id, $friend, $app_info)) { unset($api_friends[$k]); } } $csv_api_friends = implode(',', $api_friends); return array('friends' => $csv_api_friends); }
/** * Checks if a session is still valid (ie has not timed out). * * @return API_EC_SUCCESS on success or another API_EC_* on error */ function api_session_check_valid($session_key, $app_id) { // make sure we are passed a well-formed session key before trying // it. attempts to match v0.9 and v1 session keys. if (preg_match('/^[0-9a-f]+-[.\\w-]+$/', $session_key)) { $info = api_session_get_info($session_key, $app_id); } else { $info = null; } if ($info) { $app_info = application_get_info($app_id); if (!$app_info) { error_log('api_session_check_valid: invalid app id?'); return API_EC_UNKNOWN; } if (!api_is_session_timed_out($session_key, $app_id)) { if ($app_info['desktop']) { // desktop apps have a timeout based on the time since the last // request instead of time since session created. $info['key_create_time'] = time(); // FBOPEN: NOTE - Here, you may wish to set this new session in // memcache or some more temporary storage, as these turn over // quite a bit. } return API_EC_SUCCESS; } else { return API_EC_PARAM_SESSION_KEY; } } else { return API_EC_PARAM_SESSION_KEY; } }
private function check_throttle($method_underscore, $request) { $app_info = application_get_info($this->app_id); if ($app_info['desktop']) { if ($throttle && ($ec = api_desktop_check_call_limit($this->app_id, $this->session_key)) !== API_EC_SUCCESS) { return $ec; } } else { if ($app_info['ip_list'] && !iplist_contains_ip($app_info['ip_list'], $_SERVER['REMOTE_ADDR'])) { return API_EC_BAD_IP; } // FBOPEN: NOTE - you may wish to throttle only certain methods here. if (($ec = api_server_check_call_limit($this->app_id)) !== API_EC_SUCCESS) { return $ec; } } return API_EC_SUCCESS; }
} print_canvas_javascript_references(); if (!($user = $get_fb_user_id)) { print 'No user id parameter'; error_log('No user id parameter'); exit; } $canvas_url = redirect_str($rel_canvas_url, 'www', $ssl = 0, $force_prod = false, $force_protocol = true); print "Facebook Open Platform: Output of Canvas url: {$canvas_url}<hr>"; // no app_id found so assume bad link if (!$app_id) { print 'No app corresponding to app name or api key parameters'; error_log('No app corresponding to app name or api key parameters'); exit; } $app_info = application_get_info($app_id); if (!$app_info) { print 'No app corresponding to app name or api key parameters'; error_log('No app corresponding to app name or api key parameters'); exit; } if (!platform_can_see_app($app_id, $user)) { print "User {$user} cannot see app id {$app_id}. FBOPEN:NOTE - this message should be invisible to the user."; error_log("User {$user} cannot see app id {$app_id}. FBOPEN:NOTE - this message should be invisible to the user."); exit; } $app_icon_url = application_get_icon_url($app_id); $url = $app_info['callback_url'] . $url_suffix; $fbml_env = array('user' => $user, 'app_id' => $app_id, 'canvas_url' => $canvas_url, 'source_url' => $url); switch ($get_fb_force_mode) { case 'fbml':