function sfc_register_handle_signed_request() { global $wpdb; $options = get_option('sfc_options'); if (!empty($_POST['signed_request'])) { list($encoded_sig, $payload) = explode('.', $_POST['signed_request'], 2); // decode the data $sig = sfc_base64_url_decode($encoded_sig); $data = json_decode(sfc_base64_url_decode($payload), true); if (!isset($data['algorithm']) || strtoupper($data['algorithm']) !== 'HMAC-SHA256') { return; } // check sig $expected_sig = hash_hmac('sha256', $payload, $options['app_secret'], true); if ($sig !== $expected_sig) { return; } if (isset($data['registration'])) { $info = $data['registration']; if (isset($info['username']) && isset($info['email'])) { // first check to see if this user already exists in the db $user_id = $wpdb->get_var($wpdb->prepare("SELECT ID FROM {$wpdb->users} WHERE user_email = %s", $info['email'])); if ($user_id) { $fbuser = $data['user']; $fbuid = $data['user_id']; // log the user in and connect the account $user = new WP_User($user_id); update_usermeta($user->ID, 'fbuid', $fbuid); // connect the account so we don't have to query this again // redirect to admin and exit wp_redirect(add_query_arg(array('updated' => 'true'), self_admin_url('profile.php'))); exit; } else { // new user, set the registration info $_POST['user_login'] = $info['username']; $_POST['user_email'] = $info['email']; } } } } }
function sfc_cookie_parse() { $options = get_option('sfc_options'); $args = array(); if (!empty($_COOKIE['fbsr_' . $options['appid']])) { if (list($encoded_sig, $payload) = explode('.', $_COOKIE['fbsr_' . $options['appid']], 2)) { $sig = sfc_base64_url_decode($encoded_sig); if (hash_hmac('sha256', $payload, $options['app_secret'], true) == $sig) { $args = json_decode(sfc_base64_url_decode($payload), true); } } } return $args; }