<?php
require 'libs/facebook.php';
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$facebook = new Facebook(array(
'appId' => 'MY_APP_ID', // Anwendungs ID
'secret' => 'MY_APP_SECRET', // Anwendungs-Geheimcode
'cookie' => true, // enable optional cookie support
));
$APPLICATION_ID = "MY_APP_ID";
$APPLICATION_SECRET = "MY_APP_SECRET";
$app_url = 'http://apps.facebook.com/maya_calendar/Source_trial/';
$my_url = 'http://apps.facebook.com/maya_calendar/Source_trial/';
$canvas_base_url = "http://apps.facebook.com/maya_calendar/Source_trial/";
$to_id = $facebook->getUser();
if ($session = $facebook->getSession()) { // Session vorhanden?
try {
$params = array('access_token' => $session['access_token']); // hollt das access_token des users für die session
//$params2 = array('access_token' => $session['oder_info']); // hollt das access_token des users für die session
$token=$facebook->getAccessToken(); // get user_access_token
////////////////////////////////////////////////////////////////////// USER & APP AUTHORIZATION
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $APPLICATION_ID . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']."&scope=email,read_stream,user_status,read_requests,offline_access,manage_pages,user_checkins,publish_stream,read_mailbox,publish_actions";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = @file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
//echo("Hallo " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
/////////////////////////////////////////////////////////////////////////////////
$token_url = "https://graph.facebook.com/oauth/access_token?".
"&client_id=".$APPLICATION_ID ."&client_secret=".$APPLICATION_SECRET.
"&grant_type=client_credentials";
$access_token = file_get_contents($token_url);
$url = "https://graph.facebook.com/".$APPLICATION_ID."/payments?access_token=".$access_token;
$ret = file_get_contents($url);
//echo"<pre>"; print_r($access_token); echo"</pre>";
echo"<pre>"; print_r($ret); echo"</pre>";
} catch (FacebookApiException $e) {
print $e;
}
} else { // Keine Session vorhanden.
//Get Access zu personal data from user
$loginUrl = $facebook->getLoginUrl(array('canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,read_stream,user_status,read_requests,offline_access,manage_pages,publish_stream,publish_actions',
'next' => $canvas_base_url . 'index.html',
'cancel_url' => $canvas_base_url ));
echo ('<script type="text/javascript">top.location.href=\''.$loginUrl.'\';</script>');
}
?>