/** * @see FrontController::initContent() */ public function initContent() { parent::initContent(); if ($this->context->customer->isLogged()) { Tools::redirect('index.php?controller=my-account'); } $fb_connect_appid = Configuration::get('FB_CONNECT_APPID'); $fb_connect_appkey = Configuration::get('FB_CONNECT_APPKEY'); $this->redirect_uri = $this->context->link->getModuleLink('fbconnect_psb', 'registration', array('done' => 1), TRUE, $this->context->language->id); require_once _PS_ROOT_DIR_ . '/modules/fbconnect_psb/fb_sdk/facebook.php'; $facebook = new Facebook(array('appId' => $fb_connect_appid, 'secret' => $fb_connect_appkey)); // Get User ID $user = $facebook->getUser(); // We may or may not have this data based on whether the user is logged in. // // If we have a $user id here, it means we know the user is logged into // Facebook, but we don't know if the access token is valid. An access // token is invalid if the user logged out of Facebook. if ($user) { try { // Proceed knowing you have a logged in user who's authenticated. $fb_user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { //die('Error: '.$e); error_log($e); $user = null; } } else { // Get new Access tokens Tools::redirect($facebook->getLoginUrl(array('scope' => 'email'))); } // if user's FB account is linked than log the user in if (isset($fb_user_profile['id'])) { $sql = 'SELECT `id_customer` FROM `' . _DB_PREFIX_ . 'customer_profile_connect` WHERE `facebook_id` = \'' . (int) $fb_user_profile['id'] . '\'' . Shop::addSqlRestriction(Shop::SHARE_CUSTOMER); if (Db::getInstance()->getValue($sql)) { Tools::redirect($this->context->link->getModuleLink('fbconnect_psb', 'login', array(), TRUE, $this->context->language->id)); } } if (Tools::getValue('done')) { $response = $facebook->getSignedRequest($_REQUEST['signed_request']); $reg_metadata_fields = '[{"name":"name"},{"name":"first_name"},{"name":"last_name"},{"name":"email"},{"name":"password"},{"name":"birthday"},{"name":"gender"}]'; $reg_metadata_fields_clean = preg_replace('/\\s+/', '', $reg_metadata_fields); $response_metadata_fields_clean = preg_replace('/\\s+/', '', $response['registration_metadata']['fields']); if (strcmp($reg_metadata_fields_clean, $response_metadata_fields_clean) != 0) { $this->errors[] = Tools::displayError('registration metadata fields not valid'); } $response_email = trim($response['registration']['email']); if (empty($response_email)) { $this->errors[] = Tools::displayError('An email address required.'); } else { if (!Validate::isEmail($response_email)) { $this->errors[] = Tools::displayError('Invalid email address.'); } else { if (Customer::customerExists($response_email)) { // Need to clean up the code here most of it is from // IDFBCon_v.0.2 (Chandra R. Atmaja <*****@*****.**>) // Someone has already registered with this e-mail address // This will link the 1st existing email/account on site with Facebook // and log the user in to the account. Is this safe? $customer = new Customer(); $authentication = $customer->getByEmail($response['registration']['email']); // This is done to see if a existing users try's to re-registrar $sql = 'SELECT `facebook_id` FROM `' . _DB_PREFIX_ . 'customer_profile_connect` WHERE `id_customer` = \'' . (int) $customer->id . '\' ' . Shop::addSqlRestriction(Shop::SHARE_CUSTOMER); $customer_fb_id = Db::getInstance()->getValue($sql); if ($customer_fb_id) { if ($customer_fb_id == (int) $response['user_id']) { Tools::redirect($this->context->link->getModuleLink('fbconnect_psb', 'login', array(), false, $this->context->language->id)); } else { $this->errors[] = Tools::displayError('An error occurred while linking your Facebook account.'); } } else { if (Db::getInstance()->insert('customer_profile_connect', array('id_customer' => (int) $customer->id, 'facebook_id' => (int) $response['user_id']))) { $this->errors[] = Tools::displayError('an error occurred while linking your Facebook account.'); } $customer->active = 1; $customer->deleted = 0; $this->context->cookie->id_customer = intval($customer->id); $this->context->cookie->customer_lastname = $customer->lastname; $this->context->cookie->customer_firstname = $customer->firstname; $this->context->cookie->logged = 1; $this->context->cookie->passwd = $customer->passwd; $this->context->cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty($this->context->cookie->id_cart) or Cart::getNbProducts($this->context->cookie->id_cart) == 0)) { $this->context->cookie->id_cart = intval(Cart::lastNoneOrderedCart(intval($customer->id))); } Module::hookExec('authentication'); if ($back = Tools::getValue('back')) { Tools::redirect($back); } Tools::redirect('index.php?controller=my-account'); } } } } if (!sizeof($this->errors)) { // TODO: use this->context for customer instead of new object? // Need to clean up the code here most of it is from // IDFBCon_v.0.2 (Chandra R. Atmaja <*****@*****.**>) $customer = new Customer(); $customer_birthday = explode('/', $response['registration']['birthday']); $customer->birthday = intval($customer_birthday[2]) . '-' . intval($customer_birthday[0]) . '-' . intval($customer_birthday[1]); if ($response['registration']['last_name'] == "male") { $_POST['id_gender'] = 1; } else { if ($response['registration']['last_name'] == "female") { $_POST['id_gender'] = 2; } else { $_POST['id_gender'] = 0; } } $_POST['lastname'] = $response['registration']['last_name']; $_POST['firstname'] = $response['registration']['first_name']; $_POST['passwd'] = $response['registration']['password']; $_POST['email'] = $response['registration']['email']; $this->errors = $customer->validateControler(); if (!sizeof($this->errors)) { $customer->active = 1; if (!$customer->add()) { $this->errors[] = Tools::displayError('an error occurred while creating your account'); } else { if (Db::getInstance()->insert('customer_profile_connect', array('id_customer' => (int) $customer->id, 'facebook_id' => (int) $response['user_id']))) { $this->errors[] = Tools::displayError('an error occurred while linking your Facebook account.'); } $email_var = array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => $response['registration']['password']); if (!Mail::Send(intval($this->context->cookie->id_lang), 'account', 'Welcome!', $email_var, $customer->email, $customer->firstname . ' ' . $customer->lastname)) { $this->errors[] = Tools::displayError('cannot send email'); } $this->context->smarty->assign('confirmation', 1); $this->context->cookie->id_customer = intval($customer->id); $this->context->cookie->customer_lastname = $customer->lastname; $this->context->cookie->customer_firstname = $customer->firstname; $this->context->cookie->passwd = $customer->passwd; $this->context->cookie->logged = 1; $this->context->cookie->email = $customer->email; Module::hookExec('createAccount', array('_POST' => $_POST, 'newCustomer' => $customer)); if ($back) { Tools::redirect($back); } Tools::redirect('index.php?controller=my-account'); } } } } $useSSL = isset($this->ssl) && $this->ssl && Configuration::get('PS_SSL_ENABLED') || Tools::usingSecureMode() ? true : false; $this->context->smarty->assign(array('redirect_uri' => $this->redirect_uri, 'protocol_content' => $useSSL ? 'https://' : 'http://', 'fb_connect_appid' => $fb_connect_appid)); $this->setTemplate('registration_fb.tpl'); }
function fb() { $this->load->config('facebook'); include_once APPPATH . 'third_party/facebook.php'; $facebook = new Facebook(array('appId' => $this->config->item('facebook_app_id'), 'secret' => $this->config->item('facebook_api_secret'), 'cookie' => true)); $signed = $facebook->getSignedRequest(); if (isset($signed['registration'])) { $username = $signed['registration']['name']; $password = $signed['registration']['password']; $email = $signed['registration']['email']; $additional_data = array('fullname' => $username, 'fb_id' => $signed['user_id'], 'fb_oauth_token' => $signed['oauth_token'], 'avatar' => 'http://graph.facebook.com/' . $signed['user_id'] . '/picture'); $registration = $this->ion_auth->register($username, $password, $email, $additional_data); if ($registration) { //langsung auto login lah if ($this->ion_auth->login($email, $password)) { redirect('/member/'); return; } else { echo 'successfully registered but no login'; return; } } else { $this->tpl['error'] = $this->ion_auth->errors(); } } $this->tpl['content'] = $this->load->view('registration_fb', $this->tpl, true); $this->load->view('member/body', $this->tpl); }
function initialize(&$controller, $settings = array()) { global $signed_request; $facebook = new Facebook(array('appId' => Configure::read('fbconfig.id'), 'secret' => Configure::read('fbconfig.secret'), 'cookie' => true)); $access_token = $facebook->getAccessToken(); if (isset($_REQUEST['signed_request'])) { // faster $signed_request = $_REQUEST['signed_request']; } else { // backup via API $signed_request = $facebook->getSignedRequest(); } $this->facebook = $facebook; }
/** * The main method called by Laravel before routes are executed * * If * * @return mixed */ public function filter() { // If the URL was shared, i.e. has the shared=true querystring param, e.g. (mydomain.com/path/to/page?shared=true) // then delete the session var done_facebook_redirect if it's set (it may have been set before if the user has clicked // on a link to the app before) so that we can check whether we should redirect to facebook properly. if ($this->wasUrlShared()) { Session::forget('done_facebook_redirect'); } $this->signedRequest = Facebook::getSignedRequest(); // Redirect to facebook, with the original uri encoded in app_data, if not on mobile, not the facebook bot and // we haven't already redirected to facebook. if ($this->shouldRedirectToFacebook()) { return $this->doFacebookRedirect(); } // If there is a valid uri in app_data and we haven't already done the redirect for this uri, we are in the // iFrame, so do the app_data uri redirect to show the page in the app that the user originally wanted $appDataUri = $this->newAppDataUri(); if ($appDataUri) { return $this->doAppDataUriRedirect($appDataUri); } $this->sendP3PHeaders(); }
<?php $facebook = new Facebook(); $user = $facebook->getUser(); //$this->load->model('users'); if ($user) { //$logoutUrl2 = $this->tank_auth->logout(); try { // Proceed knowing you have a logged in user who's authenticated. $user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); $user = null; } } $signed_request = $facebook->getSignedRequest(); // Return you the Page like status $like_status = $signed_request["page"]["liked"]; if ($like_status) { $this->session->set_flashdata('like', 'yes'); } ?> <html> <head> <link href="http://www.webdigi.co.uk/css/fb.css" rel="stylesheet" type="text/css" /> <style> html,body{padding:0px;margin:0px} .input-xlarge{width:150px;border-radius: 5px;border: 1px solid white;} .control{margin-bottom:12px;} .data_label{float:left;width:65px;color:white;font-family:arial;font-weight:bold;}
/** * Returns, whether the user is inside of facebook, but not on the page, but in the app directly * * @return bool */ public function isInFacebookButNotInPage() { $signedRequest = $this->facebook->getSignedRequest(); return !empty($signedRequest) && !isset($signedRequest['page']); }
/** * Set Signed Request */ protected function setSignedRequest() { $this->signedRequest = $this->sdk->getSignedRequest(); }
function CheckIfSigned() { require 'server/facebook.php'; $facebook = new Facebook(array('appId' => $this->config->item('fb_appkey'), 'secret' => $this->config->item('fb_appsecret'))); $signed_request_data = $facebook->getSignedRequest(); //die(print_r( $signedrequest )); //$data['signed_data'] = $signed_request_data; $fbid = ''; if (@array_key_exists('user_id', $signed_request_data)) { $fbid = $signed_request_data['user_id']; $token = $signed_request_data['oauth_token']; setcookie("hardcover_fbid", $fbid, time() + 86400, '/'); setcookie("hardcover_token", $token, time() + 86400, '/'); //expires in 2hrs return $signed_request_data; } else { //let clear the cookie everytime the user visit the dashboard setcookie("hardcover_fbid", "", time() - 3600); setcookie("hardcover_token", "", time() - 3600); return false; } }
function validatePlayer() { // Figure out who's playing global $passToClient; // A simple auth system built to be replaced: if (!$GLOBALS['on']['auth']) { if (isset($_COOKIE['uid'])) { $uid = explode('.', $_COOKIE['uid']); if (count($uid) == 2) { $hashedID = md5($uid[0] . $GLOBALS['uidsalt']); if ($hashedID == $uid[1]) { // good - extend and return setcookie('uid', $_COOKIE['uid'], time() + 2592000, '/'); return $uid[0]; } } } // if we're here, we need to set a new UID $uid[0] = mt_rand(); $uid[1] = md5($uid[0] . $GLOBALS['uidsalt']); $uidCookie = implode('.', $uid); setcookie('uid', $uidCookie, time() + 2592000, '/'); return $uid[0]; } //TAG:AUTH // If $on['auth'], instead use Facebook's server auth flow global $facebook; if ($GLOBALS['on']['auth']) { require_once './fb/facebook.php'; // Initialize the Facebook PHP SDK $facebook = new Facebook(array('appId' => $GLOBALS['appID'], 'secret' => $GLOBALS['appSecret'])); $sr = $facebook->getSignedRequest(); // Turn these on to get a dribble of the browser state/security interaction: // error_log('function [' . getparam('f') . ', sr: ]' . var_export($sr, true)); // error_log(var_export($_REQUEST, true)); // error_log(var_export($_COOKIE, true)); if (isset($sr['user_id'])) { $GLOBALS['fbid'] = $facebook->getUser(); $GLOBALS['userToken'] = $facebook->getAccessToken(); // error_log("using browser state for auth, user $GLOBALS[fbid], " . // "token $GLOBALS[userToken]"); // work around Safari 3p cookie weirdness $rawRequest = getParam('signed_request'); if ($rawRequest) { $passToClient['sr'] = "signed_request={$rawRequest}"; } } else { // Send the user to the auth dialog authRedirect(); } try { $fbProfile = $facebook->api('/me?fields=first_name,gender,id,currency,locale', 'GET'); $passToClient['profile'] = $fbProfile; //TAG:REQUESTS if ($GLOBALS['on']['requests']) { $passToClient['appRequests'] = getRequests(); } } catch (FacebookApiException $e) { // TODO deal with it throw $e; } return $GLOBALS['fbid']; } }
function fb_check() { // check fb start /* signed_request: Array ( [algorithm] => HMAC-SHA256 [expires] => 1344492000 [issued_at] => 1344485848 [oauth_token] => AAAFBxR81IbUBACMTXSZBtudFAmNoffCxNi3fVpPIZBLolSSxvX3dGObQSVObnYx8l1fjWglPfr6ZAQfHNpaVslNioGJ3W4bObMZBww7LZCdXCGkZBS72wr [user] => Array ( [country] => id [locale] => en_US [age] => Array ( [min] => 21 ) ) [user_id] => 100004158610028 ) jika user belum authorize app ini, maka variable $user_id dan $oauth_token tidak ada */ $config = array(); $config['appId'] = '353789864649141'; $config['secret'] = '9e066419bed7d9ff07f4475f26318aa8'; $config['fileUpload'] = false; // optional $facebook = new Facebook($config); $signed_request = $facebook->getSignedRequest(); // die("<pre>" . print_r($signed_request, true) . "</pre>"); write_log(array('log_text' => time() . ": signed_request: " . print_r($signed_request, true))); if (isset($signed_request)) { // print("<pre>" . print_r($signed_request, true) . "</pre>");exit; // cek jika $signed_request ini utk registrasi if (isset($signed_request['registration'])) { // print("<pre>" . print_r($signed_request['registration'], true) . "</pre>");exit; // masukkan ke db $me = $facebook->api('/me'); require_once 'modules/001_user_management/guest.php'; // fullname, username, password, email, avatarname, handphone, twitter, sex, birthday, location $reg_data = array('fullname' => $signed_request['registration']['name'], 'username' => $signed_request['registration']['email'], 'password' => $me['id'], 'email' => $signed_request['registration']['email'], 'avatarname' => $signed_request['registration']['name'] . time(), 'handphone' => $signed_request['registration']['handphone'], 'twitter' => $signed_request['registration']['twitter'], 'sex' => $signed_request['registration']['gender'], 'birthday' => $signed_request['registration']['birthday'], 'location' => $signed_request['registration']['location']['name'], 'via_fb' => 1, 'fb_id' => $me['id'], '$automate_login' => 1); $registered = user_guest_add_user($reg_data); // die("Registered: $registered"); if ($registered == 'OK') { user_user_loginfb($me[id]); unset($_SESSION['signed_request']); unset($signed_request); header("Location: " . $basepath); exit; } else { if ($registered == 'ERROR - Email already used. Use another email.') { user_user_loginfb($me[id]); unset($_SESSION['signed_request']); unset($signed_request); //$html = "<script> // alert('".$registered."'); // window.top.location = '".$basepath."'; //</script>"; //print($html); exit; header("Location: " . $basepath); exit; } } } write_log(array('log_text' => time() . ": 146 - signed_request: " . print_r($signed_request, true))); if (isset($signed_request['oauth_token'])) { $_SESSION['signed_request'] = $signed_request; } $app_authorized = isset($signed_request['user_id']) && isset($signed_request['oauth_token']); write_log(array('log_text' => time() . ": app_authorized: " . print_r($app_authorized, true))); if (!isset($signed_request['user_id']) && !isset($signed_request['oauth_token']) && !isset($_SESSION['fb_id'])) { // Redirect the user to the OAuth Dialog // die("YOu are here..."); $html = "<script>\r\n\t\t\t\tvar oauth_url = 'https://www.facebook.com/dialog/oauth/';\r\n\t\t\t\toauth_url += '?client_id=' + " . $config['appId'] . ";\r\n\t\t\t\toauth_url += '&redirect_uri=' + encodeURIComponent('https://apps.facebook.com/popbloop/');\r\n\t\t\t\toauth_url += '&scope=email,user_birthday,status_update,publish_stream,read_friendlists';\t// user_photos,user_videos,\r\n\t\t\t\t// document.write(oauth_url);\r\n\t\t\t\twindow.top.location = oauth_url;\r\n\t\t\t\t\r\n\t\t\t</script>"; print $html; exit; } /*unset($_SESSION['just_logout']);*/ } // operasi2 yg dilakukan bila user akses via FB // BELUM SELESAI if (isset($_SESSION['signed_request'])) { write_log(array('log_text' => time() . ": akses via FB: " . print_r($_SESSION['signed_request'], true))); $session = $facebook->getUser(); $me = null; if ($session) { try { $me = $facebook->api('/me'); } catch (Exception $e) { } } // die("<pre>" . print_r($me, true) . "</pre>"); // cek apakah user ini sudah terdaftar sbg player popbloop // jika belum, redirect ke facebook registration plugin } // operasi2 yg dilakukan bila user akses via WEB // belum selesai if (!isset($_SESSION['signed_request'])) { write_log(array('log_text' => time() . ": akses via WEB: " . print_r($_SESSION['signed_request'], true))); $user = $facebook->getUser(); // die("user: <pre>" . print_r($user, true) . "</pre>"); $me = null; if ($user) { try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); // die("<pre>" . print_r($me, true) . "</pre>"); // cek apakah sudah terdaftar di popbloop. terdaftar: $me ada di Users.account (id, email => fb_id, fb_email) // jika belum: redirect ke halaman signup // jika sudah: langsung panggil fungsi user_user_login (buat baru khusus utk user FB) require_once 'modules/001_user_management/user.php'; $fb_pb_connected = user_user_fb_pb_connected($me[id]); if ($fb_pb_connected) { // langsung login... // SAMPE SENEE... $logged = user_user_loginfb($me[id]); // ternyata $me tidak selalu punya email. solusi: pake $me[id] ? write_log(array('log_text' => time() . ": FB PB Connected: " . print_r($logged, true))); // die("logged: $logged"); } else { write_log(array('log_text' => time() . ": FB PB NOT Connected: " . print_r($fb_pb_connected, true))); header('Location: ' . $basepath . 'fb.signup.php'); exit; } } catch (FacebookApiException $e) { error_log($e); $me = null; } } $params = array('next' => $basepath); $logoutUrl = $facebook->getLogoutUrl($params); $loginUrl = $facebook->getLoginUrl(); // die("logout: $logoutUrl, login: $loginUrl"); // $_SESSION['fb_me'] = $me; $_SESSION['fb_loginUrl'] = $loginUrl; $_SESSION['fb_logoutUrl'] = $logoutUrl; } // check fb end }
// check sig $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); return null; } return $data; } function base64_url_decode($input) { return base64_decode(strtr($input, '-_', '+/')); } $secret = 'e6ea32cfe8d954562bf42353d03c5de6'; $signed_request = $_REQUEST['signed_request']; $response = parse_signed_request($signed_request, $secret); $req = $facebook->getSignedRequest(); /* print_r($response); */ ?> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"> <head> <style> *{ border:none; float:left; margin: none; padding: none; }