function isAuthorized() { $params = array(); $params['xid'] = $_GET['xid']; if (!empty($callbackurl)) { $params['c_url'] = $_GET['callbackurl']; } if (!empty($returnurl)) { $params['r_url'] = $_GET['returnurl']; } $params['aid'] = $_GET['aid']; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); // print 'secret: ' . RingsideSocialConfig::$secretKey . '<br />'; // print_r( $params ); // print '<br />received sig: ' . $_GET['sig'] . '<br />'; // print 'generated sig: ' . $params['sig'] . '<br />'; return $params['sig'] == $_GET['sig']; }
/** * Re-routes an api request to another network. If trust.php is used as a rest server URL * and a path info is provided such that the request looks like the one below: * * http://localhost/trust.php/facebook/footprints/restserver.php * or * http://localhost/trust.php/{network}/{canvas url}/{restserver path} * * Attempts to remap and resign the api call using the app's secret on the new network * and then to change the uid to the equivelent uid on the forgin network. * * The api call is then re-signed and issued and the response is returned. * * @param unknown_type $params */ private static function proxy_app_request(&$params) { $matches = array(); // All these special cases are to ensure we aren't adding an additional "/" character to the URL. preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches); $network_key = $matches[1]; $canvas_url = $matches[2]; $rest = $matches[3]; if ($rest == '') { $rest = '/'; } if ($network_key != RingsideSocialConfig::$apiKey) { $skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : ''; $apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : ''; $ringside_rest = self::createRestClient($params['fb_sig_session_key']); $admin_rest = RingsideSocialUtils::getAdminClient(); $props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL); $network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']); $network_api_key = $props['api_key']; $network_secret = $props['secret_key']; self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret); $network_session = new RingsideSocialSession($params['fb_sig_session_key']); $idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']); // Create openFB request. These are just overrides for the original request. $has_fb_sig = isset($params['fb_sig']); $cbReq = array(); // We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login if ($has_fb_sig) { if (isset($params['fb_sig_nuser'])) { // Since we're proxying a request, do NOT forward the user mapping! unset($params['fb_sig_nuser']); } $cbReq['fb_sig_flavor'] = 'canvas'; // $cbReq['fb_sig_in_iframe'] = 0; $cbReq['fb_sig_nid'] = $network_key; // The social session key needs to be for _this_ social session! $cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey(); if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) { $cbReq['fb_sig_nuser'] = $idmaps[0]['pid']; } } // error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key"); // TODO: Set up social session key for trust-based proxy // $cbReq['fb_sig_soc_session_key'] = ; $req_params = array_merge($params, $cbReq); error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true)); // Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params if ($has_fb_sig) { unset($req_params['fb_sig']); $sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig'); $req_params['fb_sig'] = $sig; } // error_log("Logged in user is principal ".$pids[0]); // error_log("Proxying to app callback URL ".$props['callback_url']); $headers = array(); $callback_url = self::safe_append_url($props['callback_url'], $rest); $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers); // error_log("Result: $result"); if (isset($headers['location'])) { $proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']); error_log("Proxying for redirect to {$proxy_redir_url}"); // Build the remote network's callback_url // We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) { // RingsideWebUtils::redirect($headers['location']); $apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php'; if ($nid == 'facebook') { $apps_url = 'http://apps.facebook.com/'; } // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); // echo "<script>top.location.href='".$real_location."';</script>"; RingsideWebUtils::redirect($proxy_redir_url); } else { // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) { echo "<fb:redirect url='{$proxy_redir_url}'/>"; } else { RingsideWebUtils::redirect($proxy_redir_url); } } return; } echo $result; return; } // Map network user to principal // Rewrite fb_sig // Proxy to callback_url echo '<ERROR>Unknown Callback_Url!</ERROR>'; }
/** * Emits form and comments as divs. */ public function emitDivs($application, $parentHandler, $args) { $xid = $args['xid']; $canpost = isset($args['canpost']) ? $args['canpost'] : "false"; $candelete = isset($args['candelete']) ? $args['candelete'] : "false"; $numposts = isset($args['numposts']) ? $args['numposts'] : 10; $uid = $application->getCurrentUser(); $aid = isset($args['aid']) ? $args['aid'] : $application->getApplicationId(); $callbackurl = isset($args['callbackurl']) ? $args['callbackurl'] : ''; $returnurl = isset($args['returnurl']) ? $args['returnurl'] : ''; $showform = isset($args['showform']) ? $args['showform'] : 'false'; $client = $application->getClient(); $comments = $client->comments_get($xid, null, null, $aid); $params = array(); $params['xid'] = $xid; if (!empty($callbackurl)) { $params['c_url'] = $callbackurl; } if (!empty($returnurl)) { $params['r_url'] = $returnurl; } $params['aid'] = $aid; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); //number of comments $theString = ""; if (!isset($comments) || empty($comments)) { $theString .= ' <div class="comments_numposts">There are no posts yet.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { if (sizeof($comments) === 1) { $theString .= ' <div class="comments_numposts">Displaying the only post.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { if (sizeof($comments) > 0 && sizeof($comments) < $numposts) { $theString .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { $theString .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>'; $theString .= '<div class="comments_top_links">'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a> '; } $theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>'; $theString .= '</div>'; } } } //showform if ($showform == 'true') { $theString .= ' <div class="comments_post_form">'; $theString .= ' <form name="form1" id="form1" method="get" action="' . RingsideSocialConfig::$webRoot . '/wall.php">'; $theString .= ' <input type="hidden" name="xid" value="' . $xid . '"/>'; $theString .= ' <input type="hidden" name="xid_action" value="post"/>'; $theString .= ' <input type="hidden" name="aid" value="' . $aid . '"/>'; $theString .= ' <input type="hidden" name="sig" value="' . $params['sig'] . '"/>'; if (!empty($callbackurl)) { $theString .= ' <input type="hidden" name="callbackurl" value="' . $callbackurl . '"/>'; } $theString .= ' <div class="comments_text_box"><textarea class="comments_text_area" name="text" cols="80"></textarea></div>'; $theString .= ' <br/>'; $theString .= ' <div class="comments_submit_button"><input type="submit" name="Submit" value="Post" /></div>'; $theString .= ' </form>'; $theString .= ' </div>'; } //comments $currentCount = 0; if (isset($comments) && !empty($comments)) { foreach ($comments as $comment) { $params['xid_action'] = 'delete'; $params['cid'] = $comment['cid']; $paramString = http_build_query($params, '', '&'); if ($currentCount < $numposts) { $theString .= ' <div class="comment">'; $name = $client->users_getInfo($comment['uid'], "first_name,pic"); $theString .= ' <div class="comment_author_pic"><image src="' . $name[0]['pic'] . '" width="50"/></div>'; $theString .= ' <div class="comment_author">' . $name[0]['first_name'] . ' wrote</div>'; $time = $comment['created']; $theString .= ' <div class="comment_time">at ' . $time . '</div>'; $theString .= ' <div class="comment_text">' . $comment['text'] . '</div>'; $theString .= ' <div class="comment_links"><a href="#">message</a>'; if (isset($candelete) && $candelete == 'true') { $theString .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>'; } $theString .= ' </div>'; $currentCount++; } } } $theString .= '</div>'; echo $theString; }
/** * Builds the expected results, emitting divs. * * @param $inputs Array containing fb:comments parameters. * @param $comments Array of mock comments * @return string Expected results */ public static function makeExpectedResultsDivs($inputs, $comments, $aid) { $xid = $inputs[0]; $canpost = $inputs[1]; $candelete = $inputs[2]; $numposts = $inputs[3]; $callbackurl = $inputs[4]; $returnurl = $inputs[5]; $showform = isset($inputs[6]) ? $inputs[6] : 'false'; $uid = $inputs[7]; $title = $inputs[8]; $params = array(); $params['xid'] = $xid; if (!empty($callbackurl)) { $params['c_url'] = $callbackurl; } if (!empty($returnurl)) { $params['r_url'] = $returnurl; } $params['aid'] = $aid; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); $expected = '<div class="comments">'; //title if (!isset($title) || empty($title)) { $expected .= ' <div class="comments_title">Comments</div>'; } else { $expected .= ' <div class="comments_title">' . $title . '</div>'; } //number of comments if (!isset($comments) || empty($comments)) { $expected .= ' <div class="comments_numposts">There are no posts yet.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { if (sizeof($comments) === 1) { $expected .= ' <div class="comments_numposts">Displaying the only post.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { if (sizeof($comments) > 0 && sizeof($comments) < $numposts) { $expected .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { $expected .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>'; $expected .= '<div class="comments_top_links">'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a> '; } $expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>'; $expected .= '</div>'; } } } self::handleShowForm($showform, $expected, $xid, $aid, $callbackurl, $params['sig']); //comments $currentCount = 0; if (isset($comments) && !empty($comments)) { foreach ($comments as $comment) { $params['xid_action'] = 'delete'; $params['cid'] = $comment['cid']; $paramString = http_build_query($params, '', '&'); if ($currentCount < $numposts) { $expected .= ' <div class="comment">'; $expected .= ' <div class="comment_author">' . $uid . ' wrote</div>'; $time = $comment['created']; $expected .= ' <div class="comment_time">at ' . $time . '</div>'; $expected .= ' <div class="comment_text">' . $comment['text'] . '</div>'; $expected .= ' <div class="comment_links"><a href="#">message</a>'; if (isset($candelete) && $candelete == 'true') { $expected .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>'; } $expected .= ' </div>'; $currentCount++; } } } $expected .= '</div>'; return $expected; }