class Inchoo_Facebook_Model_Session extends Varien_Object{ private $_client;

1. class Inchoo_Facebook_Model_Session extends Varien_Object
2. {
3.     private $_client;
4.     private $_valid_signature;
5.    
6.     public function __construct() {
7.         if ($this->getCookie()) {
8.             $data = array();
9.             $data = $this->getCookie();
10.             $this->setData($data);
11.         }
12.     }
13.    
14.     public function isConnected() {
15.         if (!$this->validate()) {
16.             return false;
17.         }
18.         return true;
19.     }
20.    
21.     public function validate() {
22.         return $this->_valid_signature;
23.     }
24.    
25.     public function getCookie() {
26.         return $this->get_new_facebook_cookie(Mage::getSingleton('facebook/config')->getApiKey(), Mage::getSingleton('facebook/config')->getSecret());
27.     }
28.    
29.     public function getClient() {
30.         if (is_null($this->_client)) {
31.             $this->_client = Mage::getModel('facebook/client', array(
32.                 Mage::getSingleton('facebook/config')->getApiKey(),
33.                 Mage::getSingleton('facebook/config')->getSecret(),
34.                 $this
35.             ));
36.         }
37.         return $this->_client;
38.     }
39.    
40.     function parse_signed_request($signed_request, $secret) {
41.         list($encoded_sig, $payload) = explode('.', $signed_request, 2);
42.    
43.         // decode the data
44.         $sig = $this->base64_url_decode($encoded_sig);
45.         $data = json_decode($this->base64_url_decode($payload), true);
46.         $data['sig'] = $sig;
47.        
48.         if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
49.             //error_log('Unknown algorithm. Expected HMAC-SHA256');
50.             return null;
51.         }
52.    
53.         // check sig
54.         $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
55.         if ($sig !== $expected_sig) {
56.             $this->_valid_signature = false;
57.             //error_log('Bad Signed JSON signature!');
58.             return null;
59.         }
60.    
61.         $this->_valid_signature = true;
62.         return $data;
63.     }
64.    
65.     function base64_url_decode($input) {
66.         return base64_decode(strtr($input, '-_', '+/'));
67.     }
68.    
69.     function get_new_facebook_cookie($app_id, $app_secret) {
70.         $signed_request = $this->parse_signed_request(Mage::app()->getRequest()->getCookie('fbsr_' . $app_id), $app_secret);
71.         // $signed_request should now have most of the old elements
72.         $signed_request['uid'] = $signed_request['user_id']; // for compatibility
73.         if (!is_null($signed_request)) {
74.             // the cookie is valid/signed correctly
75.             // lets change “code” into an “access_token”
76.             $access_token_response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=$app_id&redirect_uri=&client_secret=$app_secret&code=" . $signed_request['code']);
77.             parse_str($access_token_response);
78.             $signed_request['access_token'] = $access_token;
79.             $signed_request['expires'] = time() + $expires;
80.         }
81.         return $signed_request;
82.     }
83.  
84. }