function get_fb_validation_vars($user, $app_id, $others = array(), $logged_in_others = array(), $require_login = null)
{
global $DEMO_SESSION_KEY;
$app_info = application_get_short_info($app_id);
$secret = $app_info['secret'];
$others['time'] = (string) microtime(true);
if (is_array($user)) {
$user = $user['user'];
}
if ($user) {
$others['added'] = (int) is_platform_app_installed($app_id, $user);
$session_key = $DEMO_SESSION_KEY;
// FBOPEN:NOTE - stub: assume user session exists
if ($session_key) {
$others['user'] = $user;
$others['session_key'] = $session_key;
$session_info = api_session_get_info($session_key, $app_id);
if ($app_info['desktop']) {
// use the session secret instead of the normal one
$secret = $session_info['session_secret'];
}
if ($session_info['session_timeout'] == 0) {
$others['expires'] = 0;
} else {
$others['expires'] = $session_info['key_create_time'] + $session_info['session_timeout'];
}
$others += $logged_in_others;
} elseif ($require_login) {
$others['user'] = $user;
}
}
$others['api_key'] = $app_info['apikey'];
$vars = array();
foreach ($others as $n => $v) {
$vars['fb_sig_' . $n] = $v;
}
$vars['fb_sig'] = api_generate_sig($others, $secret);
return $vars;
}
public function postrender()
{
if (!$this->used) {
return '';
}
// Go through all the inline scripts and sanitize
$sanitized_scripts = array();
if ($this->script_infos) {
foreach ($this->script_infos as $script_info) {
if (isset($script_info['inline'])) {
$sanitized_scripts[] = array('inline' => self::sanitize_code($script_info['inline'], $this->appid));
} else {
if (isset($script_info['src'])) {
// FBOPEN:NOTE - if js sources are fetched from outside, these will
// have to be fetched, cached, sanitized, and stored. Requests then
// would need to be directed to your cached version. The open source
// code at this point does not support such caching.
// $sanitized_scripts[] = array('src' => FBJSUrlRef::get_url($script_info['src'], $this->appid, 'js'));
}
}
}
}
// If this is our first postrender build some bootstrapping code
$bootstrap = false;
if (!$this->postrendered) {
$bootstrap = 'var app=new fbjs_sandbox(' . $this->appid . ');';
$profile = $this->fbml->get_env('profile', false, 0);
$validation_vars = get_fb_validation_vars(array('user' => $this->user), $this->appid, $profile ? array('profile' => $profile) : array());
$bootstrap .= 'app.validation_vars=' . json_encode($validation_vars) . ';';
$context = $this->fbml->add_context();
$bootstrap .= 'app.context=\'' . escape_js_quotes($context) . '\';';
$bootstrap .= 'app.contextd=\'' . escape_js_quotes($this->fbml->_contexts[$context]) . '\';';
$bootstrap .= 'app.data=' . json_encode(array('user' => $this->user, 'installed' => $this->user ? is_platform_app_installed($this->appid, $this->user) : false, 'loggedin' => $this->user ? (bool) api_get_valid_session_key($this->user, $this->appid) : false)) . ';';
}
// Render all inline scripts
$html = '';
if ($this->fbml->_flavor->allows('script_onload')) {
if (!$this->postrendered) {
$bootstrap .= 'app.bootstrap();';
}
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$html .= render_js_inline($script['inline']) . "\n";
} else {
$script_include = '<script src="' . $script['src'] . '"></script>';
$html .= $script_include;
}
}
} else {
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$bootstrap .= 'app.pending_bootstraps.push(\'' . escape_js_quotes($script['inline']) . '\');';
} else {
// We don't support script include for this flavor at this time.
throw new FBMLJSParseError('Cannot allow external script');
}
}
}
$this->used = false;
$this->postrendered = true;
return render_js_inline($bootstrap) . $html;
}
public function users_isAppAdded()
{
if (!$id) {
$id = $this->user_id;
}
$result = is_platform_app_installed($this->app_id, $id);
// We check for null because that means there was a data retrieval error
if ($result === null) {
$this->throw_code(api10_FacebookApiErrorCode::API_EC_SERVICE);
}
return $result;
}
public function evaluate($id)
{
return is_platform_app_installed($this->app_id, $id);
}
/**
* Returns whether or not an app has permissions to all available user data via tha api
*
* @param int $app_id
* @param int $user_id
* @return bool
*/
function platform_app_has_full_permission($app_id, $user_id)
{
// FBOPEN:NOTE - For simplicity, assume these functions are the same.
return is_platform_app_installed($app_id, $user_id);
}
