/** * Request current application permissions for an authenticated Facebook user * * @since 1.1 * @return array user permissions as flat array */ public function get_current_user_permissions($current_user = '') { if (!$current_user) { // load user functions if (!class_exists('Facebook_User')) { require_once dirname(dirname(dirname(__FILE__))) . '/facebook-user.php'; } // simply verify a connection between user and app $current_user = Facebook_User::get_current_user(array('id')); if (!$current_user) { return array(); } } try { $response = $this->api('/me/permissions', 'GET', array('ref' => 'fbwpp')); } catch (WP_FacebookApiException $e) { $error_result = $e->getResult(); if ($error_result && isset($error_result['error_code'])) { // try to extend access token if request failed if ($error_result['error_code'] === 2500) { $this->setExtendedAccessToken(); } } return array(); } if (is_array($response) && isset($response['data'][0])) { $permissions = array(); foreach ($response['data'][0] as $permission => $exists) { $permissions[$permission] = true; } return $permissions; } return array(); }
/** * Check if the current user has associated his or her Facebook profile with his or her WordPress account * If the current user can edit posts and has not authorized Facebook then show a prompt encouraging action. * * @since 1.1 */ public static function connect_facebook_account($verify_permissions = null) { global $facebook; $profile_prompt = false; // check for permission to publish Open Graph action (publish article) // check for the superset permission: publish_stream if (!is_array($verify_permissions)) { $profile_prompt = true; $verify_permissions = array('publish_actions', 'publish_stream'); } $current_user = wp_get_current_user(); // no need to alert if he cannot create a post if (!user_can($current_user, 'edit_posts')) { return; } if (!class_exists('Facebook_User')) { require_once dirname(__FILE__) . '/facebook-user.php'; } $facebook_user_data_exists = false; $facebook_user_data = Facebook_User::get_user_meta($current_user->ID, 'fb_data', true); if (is_array($facebook_user_data) && isset($facebook_user_data['fb_uid'])) { if (empty($verify_permissions)) { return; } $facebook_user_data_exists = true; } // Facebook information not found $facebook_user = Facebook_User::get_current_user(array('id', 'username')); if ($facebook_user) { $permissions = $facebook->get_current_user_permissions($facebook_user); $all_permissions_exist = true; foreach ($verify_permissions as $permission_to_verify) { if (!isset($permissions[$permission_to_verify])) { $all_permissions_exist = false; break; } } if ($all_permissions_exist) { if (!$facebook_user_data_exists || $facebook_user_data['fb_uid'] != $facebook_user['id']) { $facebook_user_data = array('fb_uid' => $facebook_user['id'], 'activation_time' => time()); if (!empty($facebook_user['username'])) { $facebook_user_data['username'] = $facebook_user['username']; } Facebook_User::update_user_meta($current_user->ID, 'fb_data', $facebook_user_data); } return; } } // priority before js sdk registration needed to add JS inside FbAsyncInit add_action('admin_enqueue_scripts', array('Facebook_Admin_Login', 'add_async_load_javascript_filter'), -1, 0); // add all others at P11 after scripts registered add_action('admin_enqueue_scripts', array('Facebook_Admin_Login', 'enqueue_scripts'), 11); if ($profile_prompt) { add_action('admin_notices', array('Facebook_Admin_Login', 'admin_notice'), 1, 0); } // up top }
/** * Save submitted post after create / update * * @since 1.1 * @param int $post_id post identifier */ public static function save($post_id) { // verify if this is an auto save routine. // If it is our form has not been submitted, so we dont want to do anything if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } if (!class_exists('Facebook_User')) { require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/facebook-user.php'; } $facebook_user = Facebook_User::get_current_user(); if (!$facebook_user) { return; } // verify this came from the our screen and with proper authorization, // because save_post can be triggered at other times if (!isset($_POST[self::FIELD_AUTOCOMPLETE]) || empty($_POST[self::NONCE_NAME]) || !wp_verify_nonce($_POST[self::NONCE_NAME], plugin_basename(__FILE__))) { return; } // Check permissions $post_type = get_post_type($post_id); if (!($post_type && post_type_supports($post_type, 'author'))) { return; } if (!class_exists('Facebook_Social_Publisher')) { require_once dirname(dirname(__FILE__)) . '/social_publisher.php'; } $capability_singular_base = Facebook_Social_Publisher::post_type_capability_base($post_type); if (!current_user_can('edit_' . $capability_singular_base, $post_id)) { return; } // process data then save it preg_match_all('/\\[(\\d*?)\\|(.*?)\\]/su', $_POST[self::FIELD_AUTOCOMPLETE], $friend_details, PREG_SET_ORDER); $friends_details_meta = array(); foreach ($friend_details as $friend_detail) { $friends_details_meta[] = array('id' => $friend_detail[1], 'name' => sanitize_text_field($friend_detail[2])); } if (!empty($friends_details_meta)) { update_post_meta($post_id, self::POST_META_KEY_MENTIONS, $friends_details_meta); } $message = trim(sanitize_text_field($_POST[self::FIELD_MESSAGE])); if ($message) { update_post_meta($post_id, self::POST_META_KEY_MESSAGE, $message); } }