Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require 'libs/facebook.php';
- function parse_signed_request($signed_request, $secret) {
- list($encoded_sig, $payload) = explode('.', $signed_request, 2);
- // decode the data
- $sig = base64_url_decode($encoded_sig);
- $data = json_decode(base64_url_decode($payload), true);
- if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
- error_log('Unknown algorithm. Expected HMAC-SHA256');
- return null;
- }
- // check sig
- $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
- if ($sig !== $expected_sig) {
- error_log('Bad Signed JSON signature!');
- return null;
- }
- return $data;
- }
- function base64_url_decode($input) {
- return base64_decode(strtr($input, '-_', '+/'));
- }
- $facebook = new Facebook(array(
- 'appId' => 'MY_APP_ID', // Anwendungs ID
- 'secret' => 'MY_APP_SECRET', // Anwendungs-Geheimcode
- 'cookie' => true, // enable optional cookie support
- ));
- $APPLICATION_ID = "MY_APP_ID";
- $APPLICATION_SECRET = "MY_APP_SECRET";
- $app_url = 'http://apps.facebook.com/maya_calendar/Source_trial/';
- $my_url = 'http://apps.facebook.com/maya_calendar/Source_trial/';
- $canvas_base_url = "http://apps.facebook.com/maya_calendar/Source_trial/";
- $to_id = $facebook->getUser();
- if ($session = $facebook->getSession()) { // Session vorhanden?
- try {
- $params = array('access_token' => $session['access_token']); // hollt das access_token des users für die session
- //$params2 = array('access_token' => $session['oder_info']); // hollt das access_token des users für die session
- $token=$facebook->getAccessToken(); // get user_access_token
- ////////////////////////////////////////////////////////////////////// USER & APP AUTHORIZATION
- session_start();
- $code = $_REQUEST["code"];
- if(empty($code)) {
- $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
- $dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
- . $APPLICATION_ID . "&redirect_uri=" . urlencode($my_url) . "&state="
- . $_SESSION['state']."&scope=email,read_stream,user_status,read_requests,offline_access,manage_pages,user_checkins,publish_stream,read_mailbox,publish_actions";
- echo("<script> top.location.href='" . $dialog_url . "'</script>");
- }
- if($_REQUEST['state'] == $_SESSION['state']) {
- $token_url = "https://graph.facebook.com/oauth/access_token?"
- . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
- . "&client_secret=" . $app_secret . "&code=" . $code;
- $response = @file_get_contents($token_url);
- $params = null;
- parse_str($response, $params);
- $graph_url = "https://graph.facebook.com/me?access_token="
- . $params['access_token'];
- $user = json_decode(file_get_contents($graph_url));
- //echo("Hallo " . $user->name);
- }
- else {
- echo("The state does not match. You may be a victim of CSRF.");
- }
- /////////////////////////////////////////////////////////////////////////////////
- $token_url = "https://graph.facebook.com/oauth/access_token?".
- "&client_id=".$APPLICATION_ID ."&client_secret=".$APPLICATION_SECRET.
- "&grant_type=client_credentials";
- $access_token = file_get_contents($token_url);
- $url = "https://graph.facebook.com/".$APPLICATION_ID."/payments?access_token=".$access_token;
- $ret = file_get_contents($url);
- //echo"<pre>"; print_r($access_token); echo"</pre>";
- echo"<pre>"; print_r($ret); echo"</pre>";
- } catch (FacebookApiException $e) {
- print $e;
- }
- } else { // Keine Session vorhanden.
- //Get Access zu personal data from user
- $loginUrl = $facebook->getLoginUrl(array('canvas' => 1,
- 'fbconnect' => 0,
- 'req_perms' => 'email,read_stream,user_status,read_requests,offline_access,manage_pages,publish_stream,publish_actions',
- 'next' => $canvas_base_url . 'index.html',
- 'cancel_url' => $canvas_base_url ));
- echo ('<script type="text/javascript">top.location.href=\''.$loginUrl.'\';</script>');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement