Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $signedRequest = common::getSignedRequest(FB_SECRET_KEY);
- $isUser = false; // Default: non-user
- // FB permissions granted, we have "user_id"
- if ($signedRequest['user_id']) {
- // Create psuedo user via reference to FB ID
- $reponse = RESTClient::post(API_BASE . 'logins', "{\"fb_id\":\"{$signedRequest['user_id']}\"}");
- if ($reponse['code'] === 200) {
- $reponse = json_decode($reponse['body']);
- // Make request to customer records with response user ID, allows us to retrieve stored FB ID
- $fbUserCheck = RESTClient::get(API_BASE . 'customers/' . $reponse->id);
- if ($fbUserCheck['code'] === 200) {
- $fbUserCheck = json_decode($fbUserCheck['body']);
- // Check the parity between stored ID and signed request ID
- if ($fbUserCheck->fb_id != $signedRequest['user_id']) {
- unset($_SESSION['user']); // Destroy session key if there's a conflict
- }
- // FB ID's are fine, current user is the same user as stored backend
- else {
- $isUser = true; // Flag
- $_SESSION['user']['id'] = $reponse->id; // Set user
- // If cart exists, make user the owner of existing cart
- if (isset($_SESSION['cart']['id'])) {
- RESTClient::put(API_BASE . 'carts/' . $_SESSION['cart']['id'], json_encode(array('customer_id' => $_SESSION['user']['id'])));
- }
- }
- }
- }
- else unset($_SESSION['user']);
- }
- // No signed request "user_id", destroy SESSION if exists
- elseif (isset($_SESSION['user']['id'])) {
- unset($_SESSION['user']);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
