function get_fb_validation_vars($user, $app_id, $others = array(), $logged_in_others = array(), $require_login = null) { global $DEMO_SESSION_KEY; $app_info = application_get_short_info($app_id); $secret = $app_info['secret']; $others['time'] = (string) microtime(true); if (is_array($user)) { $user = $user['user']; } if ($user) { $others['added'] = (int) is_platform_app_installed($app_id, $user); $session_key = $DEMO_SESSION_KEY; // FBOPEN:NOTE - stub: assume user session exists if ($session_key) { $others['user'] = $user; $others['session_key'] = $session_key; $session_info = api_session_get_info($session_key, $app_id); if ($app_info['desktop']) { // use the session secret instead of the normal one $secret = $session_info['session_secret']; } if ($session_info['session_timeout'] == 0) { $others['expires'] = 0; } else { $others['expires'] = $session_info['key_create_time'] + $session_info['session_timeout']; } $others += $logged_in_others; } elseif ($require_login) { $others['user'] = $user; } } $others['api_key'] = $app_info['apikey']; $vars = array(); foreach ($others as $n => $v) { $vars['fb_sig_' . $n] = $v; } $vars['fb_sig'] = api_generate_sig($others, $secret); return $vars; }
public function postrender() { if (!$this->used) { return ''; } // Go through all the inline scripts and sanitize $sanitized_scripts = array(); if ($this->script_infos) { foreach ($this->script_infos as $script_info) { if (isset($script_info['inline'])) { $sanitized_scripts[] = array('inline' => self::sanitize_code($script_info['inline'], $this->appid)); } else { if (isset($script_info['src'])) { // FBOPEN:NOTE - if js sources are fetched from outside, these will // have to be fetched, cached, sanitized, and stored. Requests then // would need to be directed to your cached version. The open source // code at this point does not support such caching. // $sanitized_scripts[] = array('src' => FBJSUrlRef::get_url($script_info['src'], $this->appid, 'js')); } } } } // If this is our first postrender build some bootstrapping code $bootstrap = false; if (!$this->postrendered) { $bootstrap = 'var app=new fbjs_sandbox(' . $this->appid . ');'; $profile = $this->fbml->get_env('profile', false, 0); $validation_vars = get_fb_validation_vars(array('user' => $this->user), $this->appid, $profile ? array('profile' => $profile) : array()); $bootstrap .= 'app.validation_vars=' . json_encode($validation_vars) . ';'; $context = $this->fbml->add_context(); $bootstrap .= 'app.context=\'' . escape_js_quotes($context) . '\';'; $bootstrap .= 'app.contextd=\'' . escape_js_quotes($this->fbml->_contexts[$context]) . '\';'; $bootstrap .= 'app.data=' . json_encode(array('user' => $this->user, 'installed' => $this->user ? is_platform_app_installed($this->appid, $this->user) : false, 'loggedin' => $this->user ? (bool) api_get_valid_session_key($this->user, $this->appid) : false)) . ';'; } // Render all inline scripts $html = ''; if ($this->fbml->_flavor->allows('script_onload')) { if (!$this->postrendered) { $bootstrap .= 'app.bootstrap();'; } foreach ($sanitized_scripts as $script) { if (isset($script['inline'])) { $html .= render_js_inline($script['inline']) . "\n"; } else { $script_include = '<script src="' . $script['src'] . '"></script>'; $html .= $script_include; } } } else { foreach ($sanitized_scripts as $script) { if (isset($script['inline'])) { $bootstrap .= 'app.pending_bootstraps.push(\'' . escape_js_quotes($script['inline']) . '\');'; } else { // We don't support script include for this flavor at this time. throw new FBMLJSParseError('Cannot allow external script'); } } } $this->used = false; $this->postrendered = true; return render_js_inline($bootstrap) . $html; }
public function users_isAppAdded() { if (!$id) { $id = $this->user_id; } $result = is_platform_app_installed($this->app_id, $id); // We check for null because that means there was a data retrieval error if ($result === null) { $this->throw_code(api10_FacebookApiErrorCode::API_EC_SERVICE); } return $result; }
public function evaluate($id) { return is_platform_app_installed($this->app_id, $id); }
/** * Returns whether or not an app has permissions to all available user data via tha api * * @param int $app_id * @param int $user_id * @return bool */ function platform_app_has_full_permission($app_id, $user_id) { // FBOPEN:NOTE - For simplicity, assume these functions are the same. return is_platform_app_installed($app_id, $user_id); }