EasyBlogBaseFacebook
in package
Provides access to the Facebook Platform. This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.
Tags
Table of Contents
Constants
- VERSION = '3.1.1'
- Version.
Properties
- $CURL_OPTS : mixed
- Default options for curl.
- $DOMAIN_MAP : mixed
- Maps aliases to Facebook domains.
- $accessToken : string
- The OAuth access token received in exchange for a valid authorization code. null means the access token has yet to be determined.
- $appId : string
- The Application ID.
- $appSecret : string
- The Application App Secret.
- $DROP_QUERY_PARAMS : mixed
- List of query parameters that get automatically dropped when rebuilding the current URL.
- $fileUploadSupport : bool
- Indicates if the CURL based @ syntax for file uploads is enabled.
- $signedRequest : mixed
- The data from the signed_request token.
- $state : mixed
- A CSRF state variable to assist in the defense against CSRF attacks.
- $user : int
- The ID of the Facebook user, or 0 if the user is logged out.
Methods
- __construct() : mixed
- Initialize a Facebook Application.
- api() : mixed
- Make an API call.
- destroySession() : mixed
- Destroy the current session
- getAccessToken() : string
- Determines the access token that should be used for API calls.
- getApiSecret() : string
- Get the App Secret.
- getAppId() : string
- Get the Application ID.
- getAppSecret() : string
- Get the App Secret.
- getFileUploadSupport() : bool
- Get the file upload support status.
- getLoginStatusUrl() : string
- Get a login status URL to fetch the status from Facebook.
- getLoginUrl() : string
- Get a Login URL for use with redirects. By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.
- getLogoutUrl() : string
- Get a Logout URL suitable for use with redirects.
- getSignedRequest() : string
- Retrieve the signed request, either from a request parameter or, if not present, from a cookie.
- getUser() : string
- Get the UID of the connected user, or 0 if the Facebook user is not connected.
- setAccessToken() : BaseFacebook
- Sets the access token for api calls. Use this if you get your access token by other means and just want the SDK to use it.
- setApiSecret() : BaseFacebook
- Set the App Secret.
- setAppId() : BaseFacebook
- Set the Application ID.
- setAppSecret() : BaseFacebook
- Set the App Secret.
- setFileUploadSupport() : BaseFacebook
- Set the file upload support status.
- useFileUploadSupport() : bool
- DEPRECATED! Please use getFileUploadSupport instead.
- _graph() : mixed
- Invoke the Graph API.
- _oauthRequest() : string
- Make a OAuth Request.
- _restserver() : mixed
- Invoke the old restserver.php endpoint.
- base64UrlDecode() : string
- Base64 encoding that doesn't need to be urlencode()ed.
- clearAllPersistentData() : void
- Clear all data from the persistent storage
- clearPersistentData() : void
- Clear the data with $key from the persistent storage
- errorLog() : mixed
- Prints to the error log if you aren't in command line mode.
- establishCSRFTokenState() : void
- Lays down a CSRF state token for this process.
- getAccessTokenFromCode() : mixed
- Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.
- getApiUrl() : string
- Build the URL for api given parameters.
- getApplicationAccessToken() : string
- Returns the access token that should be used for logged out users when no authorization code is available.
- getCode() : mixed
- Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.
- getCurrentUrl() : string
- Returns the Current URL, stripping it of known FB parameters that should not persist.
- getPersistentData() : mixed
- Get the data for $key, persisted by BaseFacebook::setPersistentData()
- getSignedRequestCookieName() : string
- Constructs and returns the name of the cookie that potentially houses the signed request for the app user.
- getUrl() : string
- Build the URL for given domain alias, path and parameters.
- getUserAccessToken() : string
- Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. The intent is to return a valid user access token, or false if one is determined to not be available.
- getUserFromAccessToken() : int
- Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. It relies on Facebook's Graph API to retrieve user information and then extract the user ID.
- getUserFromAvailableData() : int
- Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.
- makeRequest() : string
- Makes an HTTP request. This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.
- parseSignedRequest() : array<string|int, mixed>
- Parses a signed_request and validates the signature.
- setPersistentData() : void
- Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
- shouldRetainParam() : bool
- Returns true if and only if the key or key/value pair should be retained as part of the query string. This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.
- throwAPIException() : mixed
- Analyzes the supplied result to see if it was thrown because the access token is no longer valid. If that is the case, then the persistent store is cleared.
Constants
VERSION
Version.
public
mixed
VERSION
= '3.1.1'
Properties
$CURL_OPTS
Default options for curl.
public
static mixed
$CURL_OPTS
= array(\CURLOPT_CONNECTTIMEOUT => 10, \CURLOPT_RETURNTRANSFER => \true, \CURLOPT_TIMEOUT => 60, \CURLOPT_USERAGENT => 'facebook-php-3.1')
$DOMAIN_MAP
Maps aliases to Facebook domains.
public
static mixed
$DOMAIN_MAP
= array('api' => 'https://api.facebook.com/', 'api_video' => 'https://api-video.facebook.com/', 'api_read' => 'https://api-read.facebook.com/', 'graph' => 'https://graph.facebook.com/', 'www' => 'https://www.facebook.com/')
$accessToken
The OAuth access token received in exchange for a valid authorization code. null means the access token has yet to be determined.
protected
string
$accessToken
= \null
$appId
The Application ID.
protected
string
$appId
$appSecret
The Application App Secret.
protected
string
$appSecret
$DROP_QUERY_PARAMS
List of query parameters that get automatically dropped when rebuilding the current URL.
protected
static mixed
$DROP_QUERY_PARAMS
= array('code', 'state', 'signed_request')
$fileUploadSupport
Indicates if the CURL based @ syntax for file uploads is enabled.
protected
bool
$fileUploadSupport
= \false
$signedRequest
The data from the signed_request token.
protected
mixed
$signedRequest
$state
A CSRF state variable to assist in the defense against CSRF attacks.
protected
mixed
$state
$user
The ID of the Facebook user, or 0 if the user is logged out.
protected
int
$user
Methods
__construct()
Initialize a Facebook Application.
public
__construct(array<string|int, mixed> $config) : mixed
The configuration:
- appId: the application ID
- secret: the application secret
- fileUpload: (optional) boolean indicating if file uploads are enabled
Parameters
- $config : array<string|int, mixed>
-
The application configuration
api()
Make an API call.
public
api() : mixed
Return values
mixed —The decoded response
destroySession()
Destroy the current session
public
destroySession() : mixed
getAccessToken()
Determines the access token that should be used for API calls.
public
getAccessToken() : string
The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.
Return values
string —The access token
getApiSecret()
Get the App Secret.
public
getApiSecret() : string
Return values
string —the App Secret
getAppId()
Get the Application ID.
public
getAppId() : string
Return values
string —the Application ID
getAppSecret()
Get the App Secret.
public
getAppSecret() : string
Return values
string —the App Secret
getFileUploadSupport()
Get the file upload support status.
public
getFileUploadSupport() : bool
Return values
bool —true if and only if the server supports file upload.
getLoginStatusUrl()
Get a login status URL to fetch the status from Facebook.
public
getLoginStatusUrl([array<string|int, mixed> $params = array() ]) : string
The parameters:
- ok_session: the URL to go to if a session is found
- no_session: the URL to go to if the user is not connected
- no_user: the URL to go to if the user is not signed into facebook
Parameters
- $params : array<string|int, mixed> = array()
-
Provide custom parameters
Return values
string —The URL for the logout flow
getLoginUrl()
Get a Login URL for use with redirects. By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.
public
getLoginUrl([array<string|int, mixed> $params = array() ]) : string
The parameters:
- redirect_uri: the url to go to after a successful login
- scope: comma separated list of requested extended perms
Parameters
- $params : array<string|int, mixed> = array()
-
Provide custom parameters
Return values
string —The URL for the login flow
getLogoutUrl()
Get a Logout URL suitable for use with redirects.
public
getLogoutUrl([array<string|int, mixed> $params = array() ]) : string
The parameters:
- next: the url to go to after a successful logout
Parameters
- $params : array<string|int, mixed> = array()
-
Provide custom parameters
Return values
string —The URL for the logout flow
getSignedRequest()
Retrieve the signed request, either from a request parameter or, if not present, from a cookie.
public
getSignedRequest() : string
Return values
string —the signed request, if available, or null otherwise.
getUser()
Get the UID of the connected user, or 0 if the Facebook user is not connected.
public
getUser() : string
Return values
string —the UID if available.
setAccessToken()
Sets the access token for api calls. Use this if you get your access token by other means and just want the SDK to use it.
public
setAccessToken(string $access_token) : BaseFacebook
Parameters
- $access_token : string
-
an access token.
Return values
BaseFacebooksetApiSecret()
Set the App Secret.
public
setApiSecret(string $apiSecret) : BaseFacebook
Parameters
- $apiSecret : string
-
The App Secret
Return values
BaseFacebooksetAppId()
Set the Application ID.
public
setAppId(string $appId) : BaseFacebook
Parameters
- $appId : string
-
The Application ID
Return values
BaseFacebooksetAppSecret()
Set the App Secret.
public
setAppSecret(string $appSecret) : BaseFacebook
Parameters
- $appSecret : string
-
The App Secret
Return values
BaseFacebooksetFileUploadSupport()
Set the file upload support status.
public
setFileUploadSupport(bool $fileUploadSupport) : BaseFacebook
Parameters
- $fileUploadSupport : bool
-
The file upload support status.
Return values
BaseFacebookuseFileUploadSupport()
DEPRECATED! Please use getFileUploadSupport instead.
public
useFileUploadSupport() : bool
Get the file upload support status.
Return values
bool —true if and only if the server supports file upload.
_graph()
Invoke the Graph API.
protected
_graph(string $path[, string $method = 'GET' ][, array<string|int, mixed> $params = array() ]) : mixed
Parameters
- $path : string
-
The path (required)
- $method : string = 'GET'
-
The http method (default 'GET')
- $params : array<string|int, mixed> = array()
-
The query/post data
Tags
Return values
mixed —The decoded response object
_oauthRequest()
Make a OAuth Request.
protected
_oauthRequest(string $url, array<string|int, mixed> $params) : string
Parameters
- $url : string
-
The path (required)
- $params : array<string|int, mixed>
-
The query/post data
Tags
Return values
string —The decoded response object
_restserver()
Invoke the old restserver.php endpoint.
protected
_restserver(array<string|int, mixed> $params) : mixed
Parameters
- $params : array<string|int, mixed>
-
Method call object
Tags
Return values
mixed —The decoded response object
base64UrlDecode()
Base64 encoding that doesn't need to be urlencode()ed.
protected
static base64UrlDecode(string $input) : string
Exactly the same as base64_encode except it uses
- instead of + _ instead of /
Parameters
- $input : string
-
base64UrlEncoded string
Return values
stringclearAllPersistentData()
Clear all data from the persistent storage
protected
abstract clearAllPersistentData() : void
clearPersistentData()
Clear the data with $key from the persistent storage
protected
abstract clearPersistentData(string $key) : void
Parameters
- $key : string
errorLog()
Prints to the error log if you aren't in command line mode.
protected
static errorLog(string $msg) : mixed
Parameters
- $msg : string
-
Log message
establishCSRFTokenState()
Lays down a CSRF state token for this process.
protected
establishCSRFTokenState() : void
getAccessTokenFromCode()
Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.
protected
getAccessTokenFromCode(string $code[, mixed $redirect_uri = null ]) : mixed
Parameters
- $code : string
-
An authorization code.
- $redirect_uri : mixed = null
Return values
mixed —An access token exchanged for the authorization code, or false if an access token could not be generated.
getApiUrl()
Build the URL for api given parameters.
protected
getApiUrl(mixed $method) : string
Parameters
- $method : mixed
-
String the method name.
Return values
string —The URL for the given parameters
getApplicationAccessToken()
Returns the access token that should be used for logged out users when no authorization code is available.
protected
getApplicationAccessToken() : string
Return values
string —The application access token, useful for gathering public information about users and applications.
getCode()
Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.
protected
getCode() : mixed
Return values
mixed —The authorization code, or false if the authorization code could not be determined.
getCurrentUrl()
Returns the Current URL, stripping it of known FB parameters that should not persist.
protected
getCurrentUrl() : string
Return values
string —The current URL
getPersistentData()
Get the data for $key, persisted by BaseFacebook::setPersistentData()
protected
abstract getPersistentData(string $key[, bool $default = false ]) : mixed
Parameters
- $key : string
-
The key of the data to retrieve
- $default : bool = false
-
The default value to return if $key is not found
getSignedRequestCookieName()
Constructs and returns the name of the cookie that potentially houses the signed request for the app user.
protected
getSignedRequestCookieName() : string
The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.
Return values
string —the name of the cookie that would house the signed request value.
getUrl()
Build the URL for given domain alias, path and parameters.
protected
getUrl(mixed $name[, mixed $path = '' ][, mixed $params = array() ]) : string
Parameters
- $name : mixed
-
string The name of the domain
- $path : mixed = ''
-
string Optional path (without a leading slash)
- $params : mixed = array()
-
array Optional query parameters
Return values
string —The URL for the given parameters
getUserAccessToken()
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. The intent is to return a valid user access token, or false if one is determined to not be available.
protected
getUserAccessToken() : string
Return values
string —A valid user access token, or false if one could not be determined.
getUserFromAccessToken()
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. It relies on Facebook's Graph API to retrieve user information and then extract the user ID.
protected
getUserFromAccessToken() : int
Return values
int —Returns the UID of the Facebook user, or 0 if the Facebook user could not be determined.
getUserFromAvailableData()
Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.
protected
getUserFromAvailableData() : int
Return values
int —The id of the connected Facebook user, or 0 if no such user exists.
makeRequest()
Makes an HTTP request. This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.
protected
makeRequest(string $url, array<string|int, mixed> $params[, CurlHandler $ch = null ]) : string
Parameters
- $url : string
-
The URL to make the request to
- $params : array<string|int, mixed>
-
The parameters to use for the POST body
- $ch : CurlHandler = null
-
Initialized curl handle
Return values
string —The response text
parseSignedRequest()
Parses a signed_request and validates the signature.
protected
parseSignedRequest(string $signed_request) : array<string|int, mixed>
Parameters
- $signed_request : string
-
A signed token
Return values
array<string|int, mixed> —The payload inside it or null if the sig is wrong
setPersistentData()
Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
protected
abstract setPersistentData(string $key, array<string|int, mixed> $value) : void
Parameters
- $key : string
- $value : array<string|int, mixed>
shouldRetainParam()
Returns true if and only if the key or key/value pair should be retained as part of the query string. This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.
protected
shouldRetainParam(string $param) : bool
Parameters
- $param : string
-
A key or key/value pair within a URL's query (e.g. 'foo=a', 'foo=', or 'foo'.
Return values
boolthrowAPIException()
Analyzes the supplied result to see if it was thrown because the access token is no longer valid. If that is the case, then the persistent store is cleared.
protected
throwAPIException(mixed $result) : mixed
Parameters
- $result : mixed
-
array A record storing the error message returned by a failed API call.