protected function finalize_params($method, $params) { list($get, $post) = $this->add_standard_params($method, $params); // we need to do this before signing the params $this->convert_array_values_to_json($post); $post['sig'] = Facebook::generate_sig(array_merge($get, $post), $this->secret); return array($get, $post); }
private function create_post_string($method, $params) { $params['method'] = $method; $params['session_key'] = $this->session_key; $params['api_key'] = $this->api_key; $params['call_id'] = microtime(true); if ($params['call_id'] <= $this->last_call_id) { $params['call_id'] = $this->last_call_id + 0.001; } $this->last_call_id = $params['call_id']; if (!isset($params['v'])) { $params['v'] = '1.0'; } $post_params = array(); foreach ($params as $key => &$val) { if (is_array($val)) { $val = implode(',', $val); } $post_params[] = $key . '=' . urlencode($val); } $secret = $this->secret; $post_params[] = 'sig=' . Facebook::generate_sig($params, $secret); return implode('&', $post_params); }
public function post_request($method, $params) { $params['method'] = $method; $params['session_key'] = $this->session_key; $params['api_key'] = $this->api_key; $params['call_id'] = microtime(true); if ($params['call_id'] <= $this->last_call_id) { $params['call_id'] = $this->last_call_id + 0.001; } $this->last_call_id = $params['call_id']; if (!isset($params['v'])) { $params['v'] = '1.0'; } foreach ($params as $key => $val) { if (is_array($val)) { $params[$key] = implode(',', $val); } } $secret = $this->secret; $params['sig'] = Facebook::generate_sig($params, $secret); $boundary = md5(time()); $content = array(); $content[] = '--' . $boundary; foreach ($params as $key => $val) { $content[] = 'Content-Disposition: form-data; name="' . $key . '"' . "\r\n\r\n" . $val . "\r\n--" . $boundary; } if ($params['filename']) { $filename = $params['filename']; preg_match('/.*?\\.([a-zA-Z]+)/', $filename, $match); $type = strtolower($match[1]); if ($type == 'jpg') { $type = 'jpeg'; } $content[] = 'Content-Disposition: form-data; filename="' . $filename . '"' . "\r\n" . 'Content-Type: image/' . $type . "\r\n\r\n" . file_get_contents($filename) . "\r\n--" . $boundary; } $content[] = array_pop($content) . '--'; $content = implode("\r\n", $content); if (function_exists('curl_init')) { $url = parse_url($this->server_addr); $header = array('User-Agent: Facebook Photo API PHP5 Client 1.0 ' . phpversion(), 'Content-Type: multipart/form-data; boundary=' . $boundary, 'MIME-version: 1.0', 'Content-Length: ' . strlen($content)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->server_addr); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $content); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $result = curl_exec($ch); curl_close($ch); } else { $header = 'User-Agent: Facebook Photo API PHP5 Client 1.0 ' . phpversion() . "\r\n" . 'Content-Type: multipart/form-data; boundary=' . $boundary . "\r\n" . 'MIME-version: 1.0' . "\r\n" . 'Content-length: ' . strlen($content) . "\r\n" . 'Keep-Alive: 300' . "\r\n" . 'Connection: keep-alive'; if (function_exists('fsockopen')) { $url = parse_url($this->server_addr); $sock = @fsockopen($url['host'], 80, $errno, $errstr, 5); $header = 'POST ' . $url['path'] . ' HTTP/1.1' . "\r\n" . 'Host: ' . $url['host'] . "\r\n" . $header; fwrite($sock, $header . "\r\n\r\n" . $content); } else { $context = array('http' => array('method' => 'POST', 'header' => $header, 'content' => $content)); $contextid = stream_context_create($context); $sock = fopen($this->server_addr, 'r', false, $contextid); } if ($sock) { $result = ''; while (!feof($sock)) { $temp = fgets($sock, 4096); $result .= $temp; if (!$temp) { break; } //wtf facebook? return feof already... } fclose($sock); } } preg_match('/<.*>/s', $result, $match); return $match[0]; }
private function finalize_params($method, &$params) { $this->add_standard_params($method, $params); // we need to do this before signing the params $this->convert_array_values_to_json($params); $params['sig'] = Facebook::generate_sig($params, $this->secret); }
public function post_request($method, $params) { $params['method'] = $method; $params['session_key'] = $this->session_key; $params['api_key'] = $this->api_key; $params['call_id'] = microtime(true); // error_log("Using API key for request: ".$this->api_key); // error_log("Using session key for request: ".$this->session_key); // $paramcallid = intval($params['call_id']); // $thiscallid = intval($this->last_call_id); // $paramcallid *= 10; // $thiscallid *= 10; // $paramcallid *= 10; // $thiscallid *= 10; // if (intval($params['call_id'])*100 <= intval($this->last_call_id)*100) { // $params['call_id'] = $this->last_call_id + 1; // } $this->last_call_id = $params['call_id']; if (!isset($params['v'])) { $params['v'] = '1.0'; } $post_params = array(); foreach ($params as $key => &$val) { if (is_array($val)) { $val = implode(',', $val); } $post_params[] = $key . '=' . urlencode($val); } $secret = $this->secret; if (isset($GLOBALS['facebook_config']) && isset($GLOBALS['facebook_config']['server_debug'])) { error_log(var_export($params, true)); } $post_params[] = 'sig=' . Facebook::generate_sig($params, $secret); $post_string = implode('&', $post_params); if (function_exists('curl_init')) { // Use CURL if installed... $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->server_addr); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Facebook API PHP5 Client 1.1 (curl) ' . phpversion()); if ($this->session_key) { curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/../cookie_" . $this->session_key . ".txt"); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/../cookie_" . $this->session_key . ".txt"); } else { curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/../cookie_" . $this->api_key . ".txt"); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/../cookie_" . $this->api_key . ".txt"); } $http_proxy = ""; if (isset($GLOBALS['facebook_config']) && isset($GLOBALS['facebook_config']['http_proxy'])) { $http_host = parse_url($this->server_addr, PHP_URL_HOST); // Never proxy to localhost $is_remote = !($http_host === 'localhost' || $http_host === '127.0.0.1'); if (isset($GLOBALS['facebook_config']) && isset($GLOBALS['facebook_config']['non_proxy_hosts'])) { foreach ($GLOBALS['facebook_config']['non_proxy_hosts'] as $non_proxy_host) { // The host is still remote (if it is already) iff the host is not listed as a non-proxy host $is_remote = $is_remote && !$http_host === $non_proxy_host; } } if ($is_remote) { $http_proxy = $GLOBALS['facebook_config']['http_proxy']; curl_setopt($ch, CURLOPT_PROXY, $http_proxy); curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); } else { error_log("Skipping proxy because of local URL"); } } $result = curl_exec($ch); if (!$result) { $ce = curl_error($ch); // Throw an exception if there is a communication failure throw new FacebookRestClientException("Exception during communication: {$ce} ({$this->server_addr})" . ($http_proxy ? " (via {$http_proxy})" : ""), FacebookAPIErrorCodes::API_EC_UNKNOWN); } curl_close($ch); } else { // Non-CURL based version... $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded' . "\r\n" . 'User-Agent: Facebook API PHP5 Client 1.1 (non-curl) ' . phpversion() . "\r\n" . 'Content-length: ' . strlen($post_string), 'content' => $post_string)); $contextid = stream_context_create($context); $sock = fopen($this->server_addr, 'r', false, $contextid); if ($sock) { $result = ''; while (!feof($sock)) { $result .= fgets($sock, 4096); } fclose($sock); } } return $result; }
public function post_request($method, $params) { $params['method'] = $method; $params['session_key'] = $this->session_key; $params['api_key'] = $this->api_key; $params['call_id'] = microtime(true); if ($params['call_id'] <= $this->last_call_id) { $params['call_id'] = $this->last_call_id + 0.001; } $this->last_call_id = $params['call_id']; if (!isset($params['v'])) { $params['v'] = '1.0'; } $post_params = array(); foreach ($params as $key => &$val) { if (is_array($val)) { $val = implode(',', $val); } $post_params[] = $key . '=' . urlencode($val); } $secret = $this->secret; $post_params[] = 'sig=' . Facebook::generate_sig($params, $secret); $post_string = implode('&', $post_params); if (function_exists('curl_init')) { // Use CURL if installed... $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->server_addr); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Facebook API PHP5 Client 1.1 (curl) ' . phpversion()); $result = curl_exec($ch); curl_close($ch); } else { // Non-CURL based version... $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded' . "\r\n" . 'User-Agent: Facebook API PHP5 Client 1.1 (non-curl) ' . phpversion() . "\r\n" . 'Content-length: ' . strlen($post_string), 'content' => $post_string)); $contextid = stream_context_create($context); $sock = fopen($this->server_addr, 'r', false, $contextid); if ($sock) { $result = ''; while (!feof($sock)) { $result .= fgets($sock, 4096); } fclose($sock); } } return $result; }
/** * @dataProvider provideForSigning */ public function testSigning($params, $secret, $msg) { $s = new NetworkFacebookSigner(); $sig = $s->sign($params, $secret); $this->assertEquals(Facebook::generate_sig($params, $secret), $sig, $msg . ' test case'); }
if (isset($_REQUEST['social_session_key'])) { $client = RingsideSocialUtils::getAdminClient(); $domain_info = $client->admin_getDomainProperties(array('secret_key'), null, $_REQUEST['network_key']); error_log("For network " . $_REQUEST['network_key'] . ", the values are: " . var_export($domain_info, true)); $secret = $domain_info['secret_key']; $params = array('social_session_key' => $_GET['social_session_key'], 'next' => $_GET['next']); error_log("Verifying signature with params: " . var_export($params, true) . " and secret '{$secret}'"); $check_sig = Facebook::generate_sig($params, $secret); if ($check_sig == $_REQUEST['sig']) { $social_session_key = $_GET['social_session_key']; error_log("Site connect signature verified. Setting cookie."); setcookie('PHPSESSID', $social_session_key); $next = $_REQUEST['next']; // TODO: Think about restricting this redirect to the registered site's domain, like app login redirection if (strpos($next, '?') !== false) { $next .= "&"; } else { $next .= "?"; } $params = array('sc_social_session_key' => $social_session_key, 'sc_sig' => Facebook::generate_sig(array('social_session_key' => $social_session_key), $domain_info['secret'])); $next .= http_build_query($params); header('Location: ' . $next, null, 302); exit; } else { error_log("WARNING: Site Connect signature verification failed ({$check_sig} expected, " . $_REQUEST['sig'] . " found)"); } } else { error_log("Invalid Site Connect session request"); } ?> Invalid request
public function testNetworkRedirect() { $_SERVER['HTTP_HOST'] = 'localhost'; $_SERVER['REQUEST_URI'] = '/web/url'; $params = array('soc_session_key' => '', 'session_key' => 'session-key', 'user' => '10000', 'in_iframe' => 0, 'in_canvas' => 1, 'time' => time(), 'added' => 1, 'api_key' => 'api-key'); $_GET =& $params; $_GET['fb_sig'] = Facebook::generate_sig($_GET, 'secret'); foreach ($_GET as $key => $value) { if (strncmp($key, 'fb_sig', 6) === 0) { continue; } $_GET['fb_sig_' . $key] = $value; unset($_GET[$key]); } $ringside = new RedirectingClient('api-key', 'secret', 'http://localhost/web/url', 'http://localhost/server/url', 'http://localhost/social/url'); $this->assertEquals('10000', $ringside->get_loggedin_user()); $this->assertNull($ringside->get_network_id()); $this->assertNull($ringside->get_network_user()); $ringside->require_network_login(); // Confirm that the client forced a redirect; we don't care what PHP thinks the current URL is $this->assertEquals('http://localhost/social/url/map.php?v=1.0&method=map&api_key=api-key&snid=&sid=10000&social_session_key=&session_key=session-key&next=' . urlencode(Facebook::current_url()) . '&canvas', $ringside->redirect); }
public function __construct($platform_params = null) { parent::__construct(); if (!isset($_POST['fb_sig_session_key'])) { $facebook_params = array(); foreach ($platform_params as $name => $value) { $facebook_params[self::$prefix . $name] = $value; } $facebook_params[self::$prefix . 'sig'] = Facebook::generate_sig($facebook_params, $this->sig_secret); foreach ($facebook_params as $name => $value) { $_POST[$name] = $value; } } $this->platform_handler = new Facebook($this->sig_api_key, $this->sig_secret); $this->sig_user = $this->platform_handler->user; }
include_once '../lib/client/facebook.php'; include_once '../lib/AppConfig.class.php'; // Create a new Facebook client object $facebook = new Facebook(AppConfig::$api_key, AppConfig::$secret); // Prevent this page from being viewed outside the context of http://app.facebook.com/appname/ $facebook->require_frame(); // Prevent this page from being viewed without a valid logged in user // -- NOTE: This does not mean that the logged in user has added the application $user = $facebook->require_login(); // Require the viewing user to have added the application. $facebook->require_add(); // Use the get_valid_fb_params to return an array of the fb_sig_* parameters $app_params = $facebook->get_valid_fb_params($_POST, 48 * 3600, 'fb_sig'); // Use the generate_sig method to create a signature from the application parameters and the secret $request_sig = $facebook->generate_sig($app_params, AppConfig::$secret); $sig_match = $facebook->verify_signature($app_params, $request_sig); ?> <div style="padding: 10px;"> <h2>Hello <fb:name firstnameonly="true" uid="<?php echo $user; ?> " useyou="false"/>!</h2> <?php if ($sig_match) { ?> <p>The signature "<?php echo $request_sig; ?> " does match the request parameters.</p> <?php