function api_canvas_parameters_other($app_id, $user)
{
// Add the list of friends and the friends who've added the app
// to the POST we make
$app_info = application_get_info($app_id);
$api_friends = user_get_all_friends($user);
foreach ($api_friends as $k => $friend) {
if (!platform_can_see_app($app_id, $friend, $app_info)) {
unset($api_friends[$k]);
}
}
$csv_api_friends = implode(',', $api_friends);
return array('friends' => $csv_api_friends);
}
/**
* Checks if a session is still valid (ie has not timed out).
*
* @return API_EC_SUCCESS on success or another API_EC_* on error
*/
function api_session_check_valid($session_key, $app_id)
{
// make sure we are passed a well-formed session key before trying
// it. attempts to match v0.9 and v1 session keys.
if (preg_match('/^[0-9a-f]+-[.\\w-]+$/', $session_key)) {
$info = api_session_get_info($session_key, $app_id);
} else {
$info = null;
}
if ($info) {
$app_info = application_get_info($app_id);
if (!$app_info) {
error_log('api_session_check_valid: invalid app id?');
return API_EC_UNKNOWN;
}
if (!api_is_session_timed_out($session_key, $app_id)) {
if ($app_info['desktop']) {
// desktop apps have a timeout based on the time since the last
// request instead of time since session created.
$info['key_create_time'] = time();
// FBOPEN: NOTE - Here, you may wish to set this new session in
// memcache or some more temporary storage, as these turn over
// quite a bit.
}
return API_EC_SUCCESS;
} else {
return API_EC_PARAM_SESSION_KEY;
}
} else {
return API_EC_PARAM_SESSION_KEY;
}
}
private function check_throttle($method_underscore, $request)
{
$app_info = application_get_info($this->app_id);
if ($app_info['desktop']) {
if ($throttle && ($ec = api_desktop_check_call_limit($this->app_id, $this->session_key)) !== API_EC_SUCCESS) {
return $ec;
}
} else {
if ($app_info['ip_list'] && !iplist_contains_ip($app_info['ip_list'], $_SERVER['REMOTE_ADDR'])) {
return API_EC_BAD_IP;
}
// FBOPEN: NOTE - you may wish to throttle only certain methods here.
if (($ec = api_server_check_call_limit($this->app_id)) !== API_EC_SUCCESS) {
return $ec;
}
}
return API_EC_SUCCESS;
}
}
print_canvas_javascript_references();
if (!($user = $get_fb_user_id)) {
print 'No user id parameter';
error_log('No user id parameter');
exit;
}
$canvas_url = redirect_str($rel_canvas_url, 'www', $ssl = 0, $force_prod = false, $force_protocol = true);
print "Facebook Open Platform: Output of Canvas url: {$canvas_url}<hr>";
// no app_id found so assume bad link
if (!$app_id) {
print 'No app corresponding to app name or api key parameters';
error_log('No app corresponding to app name or api key parameters');
exit;
}
$app_info = application_get_info($app_id);
if (!$app_info) {
print 'No app corresponding to app name or api key parameters';
error_log('No app corresponding to app name or api key parameters');
exit;
}
if (!platform_can_see_app($app_id, $user)) {
print "User {$user} cannot see app id {$app_id}. FBOPEN:NOTE - this message should be invisible to the user.";
error_log("User {$user} cannot see app id {$app_id}. FBOPEN:NOTE - this message should be invisible to the user.");
exit;
}
$app_icon_url = application_get_icon_url($app_id);
$url = $app_info['callback_url'] . $url_suffix;
$fbml_env = array('user' => $user, 'app_id' => $app_id, 'canvas_url' => $canvas_url, 'source_url' => $url);
switch ($get_fb_force_mode) {
case 'fbml':
