/**
* Handles a response from Facebook, including a CSRF check, and returns a
* FacebookSession.
*
* @return FacebookSession|null
*/
public function getSessionFromRedirect()
{
$this->loadState();
if ($this->isValidRedirect()) {
$params = array('client_id' => FacebookSession::_getTargetAppId($this->appId), 'redirect_uri' => $this->redirectUrl, 'client_secret' => FacebookSession::_getTargetAppSecret($this->appSecret), 'code' => $this->getCode());
$response = (new FacebookRequest(FacebookSession::newAppSession($this->appId, $this->appSecret), 'GET', '/oauth/access_token', $params))->execute()->getResponse();
if (isset($response['access_token'])) {
return new FacebookSession($response['access_token']);
}
}
return null;
}
/**
* Handles a response from Facebook, including a CSRF check, and returns a
* FacebookSession.
*
* @return FacebookSession|null
*/
public function getSessionFromRedirect()
{
if ($this->isValidRedirect()) {
$params = array('client_id' => FacebookSession::_getTargetAppId($this->appId), 'redirect_uri' => $this->redirectUrl, 'client_secret' => FacebookSession::_getTargetAppSecret($this->appSecret), 'code' => $this->getCode());
$response = (new FacebookRequest(FacebookSession::newAppSession($this->appId, $this->appSecret), 'GET', '/oauth/access_token', $params))->execute()->getResponse();
// Graph v2.3 and greater return objects on the /oauth/access_token endpoint
$accessToken = null;
if (is_object($response) && isset($response->access_token)) {
$accessToken = $response->access_token;
} elseif (is_array($response) && isset($response['access_token'])) {
$accessToken = $response['access_token'];
}
if (isset($accessToken)) {
return new FacebookSession($accessToken);
}
}
return null;
}
/**
* Parses a signed request.
*
* @param string $signedRequest
*
* @return array
*
* @throws FacebookSDKException
*/
private function parseSignedRequest($signedRequest)
{
if (strpos($signedRequest, '.') !== false) {
list($encodedSig, $encodedData) = explode('.', $signedRequest, 2);
$sig = FacebookSession::_base64UrlDecode($encodedSig);
$data = json_decode(FacebookSession::_base64UrlDecode($encodedData), true);
if (isset($data['algorithm']) && $data['algorithm'] === 'HMAC-SHA256') {
$expectedSig = hash_hmac('sha256', $encodedData, FacebookSession::_getTargetAppSecret(), true);
if (strlen($sig) !== strlen($expectedSig)) {
throw new FacebookSDKException('Invalid signature on signed request.', 602);
}
$validate = 0;
for ($i = 0; $i < strlen($sig); $i++) {
$validate |= ord($expectedSig[$i]) ^ ord($sig[$i]);
}
if ($validate !== 0) {
throw new FacebookSDKException('Invalid signature on signed request.', 602);
}
return $data;
} else {
throw new FacebookSDKException('Invalid signed request, using wrong algorithm.', 605);
}
} else {
throw new FacebookSDKException('Malformed signed request.', 606);
}
}
/**
* Generate and return the appsecret_proof value for an access_token
*
* @param string $token
*
* @return string
*/
public function getAppSecretProof($token)
{
return hash_hmac('sha256', $token, FacebookSession::_getTargetAppSecret());
}
/**
* Handles a response from Facebook, including a CSRF check, and returns a
* FacebookSession.
*
* @return FacebookSession|null
*/
public function getSessionFromRedirect()
{
$this->loadState();
if ($this->isValidRedirect()) {
$params = array('client_id' => FacebookSession::_getTargetAppId($this->appId), 'redirect_uri' => $this->redirectUrl, 'client_secret' => FacebookSession::_getTargetAppSecret($this->appSecret), 'code' => $this->getCode());
$fbRequest = new FacebookRequest(FacebookSession::newAppSession($this->appId, $this->appSecret), 'GET', '/oauth/access_token', $params);
$response = $fbRequest->execute()->getResponse();
// echo __METHOD__ . __LINE__ . " Facebook Authentication response <br><pre>";var_dump($response);echo "</pre><br>";
if (isset($response['access_token'])) {
return new FacebookSession($response['access_token']);
}
}
return null;
}
