function isAuthorized()
{
$params = array();
$params['xid'] = $_GET['xid'];
if (!empty($callbackurl)) {
$params['c_url'] = $_GET['callbackurl'];
}
if (!empty($returnurl)) {
$params['r_url'] = $_GET['returnurl'];
}
$params['aid'] = $_GET['aid'];
$params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey);
// print 'secret: ' . RingsideSocialConfig::$secretKey . '<br />';
// print_r( $params );
// print '<br />received sig: ' . $_GET['sig'] . '<br />';
// print 'generated sig: ' . $params['sig'] . '<br />';
return $params['sig'] == $_GET['sig'];
}
/**
* Re-routes an api request to another network. If trust.php is used as a rest server URL
* and a path info is provided such that the request looks like the one below:
*
* http://localhost/trust.php/facebook/footprints/restserver.php
* or
* http://localhost/trust.php/{network}/{canvas url}/{restserver path}
*
* Attempts to remap and resign the api call using the app's secret on the new network
* and then to change the uid to the equivelent uid on the forgin network.
*
* The api call is then re-signed and issued and the response is returned.
*
* @param unknown_type $params
*/
private static function proxy_app_request(&$params)
{
$matches = array();
// All these special cases are to ensure we aren't adding an additional "/" character to the URL.
preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches);
$network_key = $matches[1];
$canvas_url = $matches[2];
$rest = $matches[3];
if ($rest == '') {
$rest = '/';
}
if ($network_key != RingsideSocialConfig::$apiKey) {
$skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : '';
$apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : '';
$ringside_rest = self::createRestClient($params['fb_sig_session_key']);
$admin_rest = RingsideSocialUtils::getAdminClient();
$props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL);
$network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']);
$network_api_key = $props['api_key'];
$network_secret = $props['secret_key'];
self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret);
$network_session = new RingsideSocialSession($params['fb_sig_session_key']);
$idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']);
// Create openFB request. These are just overrides for the original request.
$has_fb_sig = isset($params['fb_sig']);
$cbReq = array();
// We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login
if ($has_fb_sig) {
if (isset($params['fb_sig_nuser'])) {
// Since we're proxying a request, do NOT forward the user mapping!
unset($params['fb_sig_nuser']);
}
$cbReq['fb_sig_flavor'] = 'canvas';
// $cbReq['fb_sig_in_iframe'] = 0;
$cbReq['fb_sig_nid'] = $network_key;
// The social session key needs to be for _this_ social session!
$cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey();
if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) {
$cbReq['fb_sig_nuser'] = $idmaps[0]['pid'];
}
}
// error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key");
// TODO: Set up social session key for trust-based proxy
// $cbReq['fb_sig_soc_session_key'] = ;
$req_params = array_merge($params, $cbReq);
error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true));
// Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params
if ($has_fb_sig) {
unset($req_params['fb_sig']);
$sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig');
$req_params['fb_sig'] = $sig;
}
// error_log("Logged in user is principal ".$pids[0]);
// error_log("Proxying to app callback URL ".$props['callback_url']);
$headers = array();
$callback_url = self::safe_append_url($props['callback_url'], $rest);
$result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers);
// error_log("Result: $result");
if (isset($headers['location'])) {
$proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']);
error_log("Proxying for redirect to {$proxy_redir_url}");
// Build the remote network's callback_url
// We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame
if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) {
// RingsideWebUtils::redirect($headers['location']);
$apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php';
if ($nid == 'facebook') {
$apps_url = 'http://apps.facebook.com/';
}
// $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
// echo "<script>top.location.href='".$real_location."';</script>";
RingsideWebUtils::redirect($proxy_redir_url);
} else {
// $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) {
echo "<fb:redirect url='{$proxy_redir_url}'/>";
} else {
RingsideWebUtils::redirect($proxy_redir_url);
}
}
return;
}
echo $result;
return;
}
// Map network user to principal
// Rewrite fb_sig
// Proxy to callback_url
echo '<ERROR>Unknown Callback_Url!</ERROR>';
}
/**
* Emits form and comments as divs.
*/
public function emitDivs($application, $parentHandler, $args)
{
$xid = $args['xid'];
$canpost = isset($args['canpost']) ? $args['canpost'] : "false";
$candelete = isset($args['candelete']) ? $args['candelete'] : "false";
$numposts = isset($args['numposts']) ? $args['numposts'] : 10;
$uid = $application->getCurrentUser();
$aid = isset($args['aid']) ? $args['aid'] : $application->getApplicationId();
$callbackurl = isset($args['callbackurl']) ? $args['callbackurl'] : '';
$returnurl = isset($args['returnurl']) ? $args['returnurl'] : '';
$showform = isset($args['showform']) ? $args['showform'] : 'false';
$client = $application->getClient();
$comments = $client->comments_get($xid, null, null, $aid);
$params = array();
$params['xid'] = $xid;
if (!empty($callbackurl)) {
$params['c_url'] = $callbackurl;
}
if (!empty($returnurl)) {
$params['r_url'] = $returnurl;
}
$params['aid'] = $aid;
$params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey);
//number of comments
$theString = "";
if (!isset($comments) || empty($comments)) {
$theString .= ' <div class="comments_numposts">There are no posts yet.</div>';
if ($canpost == 'true' && $showform == 'false') {
$theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$theString .= '&r_url=' . $callbackurl;
}
$theString .= '">Write Something</a>';
$theString .= '</div>';
}
} else {
if (sizeof($comments) === 1) {
$theString .= ' <div class="comments_numposts">Displaying the only post.</div>';
if ($canpost == 'true' && $showform == 'false') {
$theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$theString .= '&r_url=' . $callbackurl;
}
$theString .= '">Write Something</a>';
$theString .= '</div>';
}
} else {
if (sizeof($comments) > 0 && sizeof($comments) < $numposts) {
$theString .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>';
if ($canpost == 'true' && $showform == 'false') {
$theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$theString .= '&r_url=' . $callbackurl;
}
$theString .= '">Write Something</a>';
$theString .= '</div>';
}
} else {
$theString .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>';
$theString .= '<div class="comments_top_links">';
if ($canpost == 'true' && $showform == 'false') {
$theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$theString .= '&r_url=' . $callbackurl;
}
$theString .= '">Write Something</a> ';
}
$theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>';
$theString .= '</div>';
}
}
}
//showform
if ($showform == 'true') {
$theString .= ' <div class="comments_post_form">';
$theString .= ' <form name="form1" id="form1" method="get" action="' . RingsideSocialConfig::$webRoot . '/wall.php">';
$theString .= ' <input type="hidden" name="xid" value="' . $xid . '"/>';
$theString .= ' <input type="hidden" name="xid_action" value="post"/>';
$theString .= ' <input type="hidden" name="aid" value="' . $aid . '"/>';
$theString .= ' <input type="hidden" name="sig" value="' . $params['sig'] . '"/>';
if (!empty($callbackurl)) {
$theString .= ' <input type="hidden" name="callbackurl" value="' . $callbackurl . '"/>';
}
$theString .= ' <div class="comments_text_box"><textarea class="comments_text_area" name="text" cols="80"></textarea></div>';
$theString .= ' <br/>';
$theString .= ' <div class="comments_submit_button"><input type="submit" name="Submit" value="Post" /></div>';
$theString .= ' </form>';
$theString .= ' </div>';
}
//comments
$currentCount = 0;
if (isset($comments) && !empty($comments)) {
foreach ($comments as $comment) {
$params['xid_action'] = 'delete';
$params['cid'] = $comment['cid'];
$paramString = http_build_query($params, '', '&');
if ($currentCount < $numposts) {
$theString .= ' <div class="comment">';
$name = $client->users_getInfo($comment['uid'], "first_name,pic");
$theString .= ' <div class="comment_author_pic"><image src="' . $name[0]['pic'] . '" width="50"/></div>';
$theString .= ' <div class="comment_author">' . $name[0]['first_name'] . ' wrote</div>';
$time = $comment['created'];
$theString .= ' <div class="comment_time">at ' . $time . '</div>';
$theString .= ' <div class="comment_text">' . $comment['text'] . '</div>';
$theString .= ' <div class="comment_links"><a href="#">message</a>';
if (isset($candelete) && $candelete == 'true') {
$theString .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>';
}
$theString .= ' </div>';
$currentCount++;
}
}
}
$theString .= '</div>';
echo $theString;
}
/**
* Builds the expected results, emitting divs.
*
* @param $inputs Array containing fb:comments parameters.
* @param $comments Array of mock comments
* @return string Expected results
*/
public static function makeExpectedResultsDivs($inputs, $comments, $aid)
{
$xid = $inputs[0];
$canpost = $inputs[1];
$candelete = $inputs[2];
$numposts = $inputs[3];
$callbackurl = $inputs[4];
$returnurl = $inputs[5];
$showform = isset($inputs[6]) ? $inputs[6] : 'false';
$uid = $inputs[7];
$title = $inputs[8];
$params = array();
$params['xid'] = $xid;
if (!empty($callbackurl)) {
$params['c_url'] = $callbackurl;
}
if (!empty($returnurl)) {
$params['r_url'] = $returnurl;
}
$params['aid'] = $aid;
$params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey);
$expected = '<div class="comments">';
//title
if (!isset($title) || empty($title)) {
$expected .= ' <div class="comments_title">Comments</div>';
} else {
$expected .= ' <div class="comments_title">' . $title . '</div>';
}
//number of comments
if (!isset($comments) || empty($comments)) {
$expected .= ' <div class="comments_numposts">There are no posts yet.</div>';
if ($canpost == 'true' && $showform == 'false') {
$expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$expected .= '&r_url=' . $callbackurl;
}
$expected .= '">Write Something</a>';
$expected .= '</div>';
}
} else {
if (sizeof($comments) === 1) {
$expected .= ' <div class="comments_numposts">Displaying the only post.</div>';
if ($canpost == 'true' && $showform == 'false') {
$expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$expected .= '&r_url=' . $callbackurl;
}
$expected .= '">Write Something</a>';
$expected .= '</div>';
}
} else {
if (sizeof($comments) > 0 && sizeof($comments) < $numposts) {
$expected .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>';
if ($canpost == 'true' && $showform == 'false') {
$expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$expected .= '&r_url=' . $callbackurl;
}
$expected .= '">Write Something</a>';
$expected .= '</div>';
}
} else {
$expected .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>';
$expected .= '<div class="comments_top_links">';
if ($canpost == 'true' && $showform == 'false') {
$expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig'];
if (!empty($callbackurl) && isset($callbackurl)) {
$expected .= '&r_url=' . $callbackurl;
}
$expected .= '">Write Something</a> ';
}
$expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>';
$expected .= '</div>';
}
}
}
self::handleShowForm($showform, $expected, $xid, $aid, $callbackurl, $params['sig']);
//comments
$currentCount = 0;
if (isset($comments) && !empty($comments)) {
foreach ($comments as $comment) {
$params['xid_action'] = 'delete';
$params['cid'] = $comment['cid'];
$paramString = http_build_query($params, '', '&');
if ($currentCount < $numposts) {
$expected .= ' <div class="comment">';
$expected .= ' <div class="comment_author">' . $uid . ' wrote</div>';
$time = $comment['created'];
$expected .= ' <div class="comment_time">at ' . $time . '</div>';
$expected .= ' <div class="comment_text">' . $comment['text'] . '</div>';
$expected .= ' <div class="comment_links"><a href="#">message</a>';
if (isset($candelete) && $candelete == 'true') {
$expected .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>';
}
$expected .= ' </div>';
$currentCount++;
}
}
}
$expected .= '</div>';
return $expected;
}
