function sfc_register_handle_signed_request()
{
global $wpdb;
$options = get_option('sfc_options');
if (!empty($_POST['signed_request'])) {
list($encoded_sig, $payload) = explode('.', $_POST['signed_request'], 2);
// decode the data
$sig = sfc_base64_url_decode($encoded_sig);
$data = json_decode(sfc_base64_url_decode($payload), true);
if (!isset($data['algorithm']) || strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
return;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $options['app_secret'], true);
if ($sig !== $expected_sig) {
return;
}
if (isset($data['registration'])) {
$info = $data['registration'];
if (isset($info['username']) && isset($info['email'])) {
// first check to see if this user already exists in the db
$user_id = $wpdb->get_var($wpdb->prepare("SELECT ID FROM {$wpdb->users} WHERE user_email = %s", $info['email']));
if ($user_id) {
$fbuser = $data['user'];
$fbuid = $data['user_id'];
// log the user in and connect the account
$user = new WP_User($user_id);
update_usermeta($user->ID, 'fbuid', $fbuid);
// connect the account so we don't have to query this again
// redirect to admin and exit
wp_redirect(add_query_arg(array('updated' => 'true'), self_admin_url('profile.php')));
exit;
} else {
// new user, set the registration info
$_POST['user_login'] = $info['username'];
$_POST['user_email'] = $info['email'];
}
}
}
}
}
function sfc_cookie_parse()
{
$options = get_option('sfc_options');
$args = array();
if (!empty($_COOKIE['fbsr_' . $options['appid']])) {
if (list($encoded_sig, $payload) = explode('.', $_COOKIE['fbsr_' . $options['appid']], 2)) {
$sig = sfc_base64_url_decode($encoded_sig);
if (hash_hmac('sha256', $payload, $options['app_secret'], true) == $sig) {
$args = json_decode(sfc_base64_url_decode($payload), true);
}
}
}
return $args;
}
