Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class Inchoo_Facebook_Model_Session extends Varien_Object
- {
- private $_client;
- private $_valid_signature;
- public function __construct() {
- if ($this->getCookie()) {
- $data = array();
- $data = $this->getCookie();
- $this->setData($data);
- }
- }
- public function isConnected() {
- if (!$this->validate()) {
- return false;
- }
- return true;
- }
- public function validate() {
- return $this->_valid_signature;
- }
- public function getCookie() {
- return $this->get_new_facebook_cookie(Mage::getSingleton('facebook/config')->getApiKey(), Mage::getSingleton('facebook/config')->getSecret());
- }
- public function getClient() {
- if (is_null($this->_client)) {
- $this->_client = Mage::getModel('facebook/client', array(
- Mage::getSingleton('facebook/config')->getApiKey(),
- Mage::getSingleton('facebook/config')->getSecret(),
- $this
- ));
- }
- return $this->_client;
- }
- function parse_signed_request($signed_request, $secret) {
- list($encoded_sig, $payload) = explode('.', $signed_request, 2);
- // decode the data
- $sig = $this->base64_url_decode($encoded_sig);
- $data = json_decode($this->base64_url_decode($payload), true);
- $data['sig'] = $sig;
- if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
- //error_log('Unknown algorithm. Expected HMAC-SHA256');
- return null;
- }
- // check sig
- $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
- if ($sig !== $expected_sig) {
- $this->_valid_signature = false;
- //error_log('Bad Signed JSON signature!');
- return null;
- }
- $this->_valid_signature = true;
- return $data;
- }
- function base64_url_decode($input) {
- return base64_decode(strtr($input, '-_', '+/'));
- }
- function get_new_facebook_cookie($app_id, $app_secret) {
- $signed_request = $this->parse_signed_request(Mage::app()->getRequest()->getCookie('fbsr_' . $app_id), $app_secret);
- // $signed_request should now have most of the old elements
- $signed_request['uid'] = $signed_request['user_id']; // for compatibility
- if (!is_null($signed_request)) {
- // the cookie is valid/signed correctly
- // lets change “code” into an “access_token”
- $access_token_response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=$app_id&redirect_uri=&client_secret=$app_secret&code=" . $signed_request['code']);
- parse_str($access_token_response);
- $signed_request['access_token'] = $access_token;
- $signed_request['expires'] = time() + $expires;
- }
- return $signed_request;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement