l(t('Drupal for Facebook'), 'http://drupal.org/project/fb'), // This link should work with clean URLs // disabled. '!readme' => 'README.txt')), 'error'); } // Theme sanity check if (isset($theme) && user_access('access administration pages')) { drupal_set_message(t('!drupal_for_facebook is unable to override the theme settings. This is usually because some module causes theme_init() to be invoked before fb_init(). See the !readme.', array('!drupal_for_facebook' => l(t('Drupal for Facebook'), 'http://drupal.org/project/fb'), // This link should work with clean URLs // disabled. '!readme' => 'README.txt')), 'error'); } // Ask other modules for app detail $fb_app = _fb_invoke(NULL, FB_OP_GET_APP); if ($fb_app) { // dpm($fb_app, "fb_initialize()"); // debug // dpm($_REQUEST, 'request'); // dpm(session_id(), 'session_id'); // dpm($_SERVER, "server"); //global $db_prefix; //dpm($db_prefix, 'db_prefix'); // we are in a callback // For canvas pages, use current user, never infinite session. $fb = fb_api_init($fb_app, FB_FBU_CURRENT); // drupal_set_message("fb object:" . dpr($fb, 1)); if ($fb) { // Output FBML $custom_theme = variable_get('fb_theme', 'fb_fbml'); // this is a test of whether sessions are working. global $user; //drupal_set_message("Before fb_op_initialize, user->uid is $user->uid, $\user->fbu is $user->fbu."); //drupal_set_message("After fb_op_initialize, user->uid is $user->uid, $\user->fbu is $user->fbu."); // make sure global user is correct /** XXX deprecated in favor of FB_OP_INITIALIZE above. if (!$user->fbu || ($user->fbu != fb_facebook_user())) $user = fb_user_load(fb_facebook_user()); **/ if ($fb->in_fb_canvas()) fb_init_path($fb_app); // Give other modules a chance to initialize, require login, etc... _fb_invoke($fb_app, FB_OP_INITIALIZE); } else watchdog('fb', "URL indicates a facebook app, but could not initialize Facebook"); // debug global $user; //drupal_set_message("after initializing, local user is $user->uid " . theme('username', $user) . dpr($user, 1)); } _fb_invoke($fb_app, FB_OP_POST_INIT); } /** * Include the necessary facebook-platform code and initialize the API object. * * @param fbu To log into facebook as a particular user, pass the facebook id. * This is useful during cron jobs, for example, but rarely if ever needed on * a canvas page. If no valid session key is known for the user, this call * will still return a facebook reference. * * If FB_FBU_INFINITE_SESSION is passed, we attempt to log into an infinite * session we've configured. * * If FB_FBU_ANY is passed in, we will log in as the canvas page user if * already logged in. Otherwise we try the infinite session, if configured. * * Future calls into the the facebook api could fail for various reasons. For * one, we may fail to log in as the specified user. This call does not * actually contact facebook to test the connection, it just sets things up so * that when the connection is needed, it might work. Even if the connection * is established, the user may not have sufficient permission to whatever you * are asking facebook to do. * */ function fb_api_init($fb_app, $fbu) { static $cache = array(); if (!count($cache)) { // Include FB API code. if (substr(phpversion(), 0, 1) == '4' || FB_USE_PHP4_API) { require_once('facebook-platform/php4client/facebook.php'); } else { require_once('facebook-platform/client/facebook.php'); // Ideally, we'd check that drupal has not already specified an exception handler. set_exception_handler('fb_report_exception'); } } global $facebook_config; $facebook_config['debug'] = FALSE; // set TRUE for debug output from FB API if (!$cache[$fb_app->apikey]) { $cache[$fb_app->apikey] = array(); } if (!$cache[$fb_app->apikey][$fbu]) { $fb = new Facebook($fb_app->apikey, $fb_app->secret); if (($fbu == FB_FBU_CURRENT || $fbu == FB_FBU_ANY) && $fb->get_loggedin_user()) { // We're on a canvas page and we're already logged in. // For future iframe request, save some info if ($fb->in_frame()) { $_SESSION['fb_frame_params'] = $fb->fb_params; // dangerous to use fb's internal data structure } } else if (($fbu == FB_FBU_CURRENT || $fbu == FB_FBU_ANY) && isset($_SESSION['fb_frame_params'])) { $params = $_SESSION['fb_frame_params']; $fb->set_user($params['user'], $params['session_key']); } else if ($fbu == FB_FBU_CURRENT) { // No current user to use, probably anonymous canvas page. } else if ($fbu == FB_FBU_INFINITE_SESSION || $fbu == FB_FBU_ANY) { // Learn the infinite session id and key $data = _fb_invoke($fb_app, FB_OP_GET_INFINITE_SESSION, array()); if (count($data) && $data[0] && $data[1]) { $fb->set_user($data[0], $data[1]); } } else { // FB user id passed in. If we happen to have session info for them, we // can log in as them. $data = _fb_invoke($fb_app, FB_OP_GET_USER_SESSION, array(), array('fbu' => $fbu)); if (count($data) && $data[0] && $data[1]) { $fb->set_user($data[0], $data[1]); } } $cache[$fb_app->apikey][$fbu] = $fb; // Note that facebook api has not actually logged into facebook yet. // We won't really know if our session is valid until later. // get_loggedin_user does not really test it. if ($fbu != FB_FBU_CURRENT && !$fb->get_loggedin_user()) { // An FBU other than CURRENT was specified, but we failed to log in. watchdog('fb', t('Failed to log into facebook app %app as user %user', array('%app' => $fb_app->title, '%user' => $fbu)), WATCHDOG_ERROR); } } $fb = $cache[$fb_app->apikey][$fbu]; return $fb; } function fb_init_path($fb_app, $restore = FALSE) { // Here's one of the uglier parts... // Fool url() function into linking back to facebook // Note that elsewhere we get forms to submit directly to us by tweaking their action parameter. global $base_path, $base_url; // The old paths will actually be used to modify form actions. That's why these are global as opposed to static. global $fb_old_base_url, $fb_old_base_path; // But we also support a stack of paths, in case we need to log into more than one app in a single request. static $stack = array(); if (!$restore) { if (!$fb_old_base_path) { $fb_old_base_url = $base_url; $fb_old_base_path = $base_path; } $original = array('base_url' => $base_url, 'base_path' => $base_path); /** $base_path = "/$fb_app->canvas/"; // TODO: make the "apps.facebook.com" part configurable. $base_url = "http://apps.facebook.com/$fb_app->canvas"; // New way: $base_path = $fb_old_base_url . '/'; $base_url = ''; **/ if (!variable_get('clean_url', FALSE)) { $original['clean_url'] = FALSE; // Force clean URLs because links between canvas pages will work this way. // In settings.inc we do this more cleanly. However, for cron jobs this is necessary. variable_set('clean_url', TRUE); } // Save settings so they may be restored array_push($stack, $original); } else { // restore original settings. $original = array_pop($stack); $base_url = $original['base_url']; $base_path = $original['base_path']; if (isset($original['clean_url'])) variable_set('clean_url', $old_clean_url); } } /** * Returns the facebook user id currently visiting a canvas page, or if set_user has been called. * Unlike fb_get_fbu(), works only on canvas pages or when infinite session has been initialized. */ function fb_facebook_user($fb = NULL) { if (!isset($fb)) $fb = $GLOBALS['fb']; if (!$fb) return; $fbu = $fb->get_loggedin_user(); if ($fb->api_client->error_code) { watchdog('fb', 'Failed to get Facebook user id.', 'error'); } return $fbu; } /** * Given a local user id, find the facebook id. */ function fb_get_fbu($uid, $fb_app = NULL) { // default to current app (only set if we're in a FB callback) if (!$fb_app) $fb_app = $GLOBALS['fb_app']; // Accept either a user object or uid passed in. if (is_object($uid) && $uid->fbu) return $uid->fbu; else if (is_object($uid)) $uid = $uid->uid; // User management is handled by another module. Use our hook to ask for mapping. $fbu = _fb_invoke($fb_app, FB_OP_GET_FBU, NULL, array('uid' => $uid)); return $fbu; } /** * Convenience method to get app info based on apikey or nid. */ function fb_get_app($search_data) { // $search_data can be an apikey, or an array of other search params. if (!is_array($search_data)) $search_data = array('apikey' => $search_data); $fb_app = _fb_invoke(NULL, FB_OP_GET_APP, NULL, $search_data); return $fb_app; } /** * Convenience method to return a list of all known apps, suitable for form * elements. */ function fb_get_app_options($include_current) { $apps = fb_get_all_apps(); $options = array(); if ($include_current) $options[FB_APP_CURRENT] = t(''); foreach ($apps as $app) { $options[$app->nid] = $app->title; } return $options; } /** * Convenience method to return array of all know fb_apps. */ function fb_get_all_apps() { $apps = _fb_invoke(NULL, FB_OP_GET_ALL_APPS, array()); return $apps; } // return array of facebook uids function fb_get_friends($fbu) { static $cache = array(); global $fb; if (!$fb || !$fbu) return; if (!isset($cache[$fbu])) { if ($fbu == fb_facebook_user()) $items = $fb->api_client->friends_get(); // friends_get does not work in cron call, so we double check. if (!$items || !count($items)) { $result = $fb->api_client->fql_query("SELECT uid2 FROM friend WHERE uid1=$fbu"); $items = array(); if (count($result)) foreach ($result as $data) { $items[] = $data['uid2']; } } // Facebook's API has the annoying habit of returning an item even if user // has no friends. We need to clean that up. if (!$items[0]) unset($items[0]); $cache[$fbu] = $items; } return $cache[$fbu]; } // Return array of facebook gids function fb_get_groups($fbu) { $items = array(); $groups = fb_get_groups_data($fbu); if ($groups && count($groups)) foreach ($groups as $data) { $items[] = $data['gid']; } return $items; } function fb_get_groups_data($fbu) { static $cache = array(); global $fb; if (!$fb || !$fbu) return; if (!isset($cache[$fbu])) { $cache[$fbu] = $fb->api_client->groups_get($fbu, NULL); } return $cache[$fbu]; } // deprecated since creation of fb_user module, but cron hook still uses this. function fb_user_load($fbu = NULL) { global $user; if (!$fbu) // default to current logged in user $fbu = fb_facebook_user(); if ($fbu && $user->fbu == $fbu) { return $user; } if ($fbu) { $account = user_external_load("$fbu-$fb_app->apikey@facebook.com"); if (!$account) $account = user_external_load("$fbu@facebook.com"); if (!$account) $account = user_load(array('uid' => variable_get('fb_facebook_user', 2))); if (!$account) watchdog('fb', t('Failed to load user from facebook fbu=%fbu', array('%fbu' => $fbu)), 'error'); $account->fbu = $fbu; return $account; } } function fb_form_alter($form_id, &$form) { // Because facebook users don't have email, it can't be required on user form if ($form_id == 'user_register') { if (user_access('administer users')) { $form['mail']['#required'] = FALSE; } } if ($form_id == 'user_edit') { if (user_access('administer users')) { $form['account']['mail']['#required'] = FALSE; } } } function fb_menu($may_cache) { $items = array(); if (!$may_cache) { // Initialization moved to fb_init(), nothing to do here. } else { // When forms are submitted directly to us, we cache the results, // and show them later via this callback $items[] = array('path' => 'fb/form_cache', 'callback' => '_fb_form_cache_cb', 'type' => MENU_CALLBACK, 'access' => TRUE); // A page to help determine infinite session keys $items[] = array('path' => 'fb/session', 'callback' => '_fb_session_cb', 'type' => MENU_CALLBACK, 'access' => TRUE); // TODO: restrict access? } return $items; } /** * When exiting we need to do some special stuff for forms */ function fb_exit($destination = NULL) { global $fb_app, $fb; _fb_invoke($fb_app, FB_OP_EXIT, $destination); } function _fb_form_cache_cb($cid) { // Facebook started appending a '?', we need to get rid of it. if ($pos = strpos($cid, '?')) $cid = substr($cid, 0, $pos); watchdog('fb', "Returning cached form page $cid"); $cache = cache_get($cid, 'cache_page'); // Don't clear, as user may refresh browser. Cache will expire eventually. // cache_clear_all($cid, 'cache_page'); print $cache->data; exit(); } function _fb_session_cb() { global $fb, $fb_app; global $user; drupal_set_message("_fb_session_cb" . dpr($_REQUEST, 1)); $output = '

'.t('You are logged in as local user !username, with Facebook user id %fbu.', array('!username' => theme('username', $user), '%fbu' => fb_get_fbu($user))).'

'; $output .= '

'.l(t('Request an infinite session key.'), 'http://www.facebook.com/code_gen.php?v=1.0&api_key='.$fb_app->apikey).'

'; $output .= drupal_get_form('fb_session_key_form'); $output .= '

'.t('Current session key: %key', array('%key' => htmlentities($fb->api_client->session_key)))."

\n"; return $output; } function fb_session_key_form() { global $fb_app; $form = array('auth_token' => array('#type' => 'textfield', '#title' => t('One-time code'), '#description' => t('If you do not have a one-time code, you can get one !here.', array('!here' => l(t('here'), 'http://www.facebook.com/code_gen.php?v=1.0&api_key='.$fb_app->apikey))), ), 'submit' => array('#type' => 'submit', '#value' => t('Submit')), '#redirect' => FALSE, // necessary when submitting via facebook ); return $form; } function _fb_invoke($fb_app, $op, $return = NULL, $data = NULL) { global $fb; foreach (module_implements(FB_HOOK) as $name) { $function = $name . '_' . FB_HOOK; $function($fb, $fb_app, $op, $return, $data); } return $return; } /** * Implementation of hook_node_grants. * * We put this here so all facebook modules have a standard way to implement * hook_node_access_records. They use that hook to insert records into the * node access table. We use this hook to allow access when the grants are * there. */ function fb_node_grants($account, $op) { $grants = array(); $fbu = fb_get_fbu($account); if ($fbu) { // If not anonymous (facebook user not logged in to this app) $friends = fb_get_friends($fbu); // For access purposes, consider a users to be a friend of themself $friends[] = $fbu; if (count($friends)) $grants[FB_GRANT_REALM_FRIEND] = $friends; $groups = fb_get_groups($fbu); if (count($groups)) $grants[FB_GRANT_REALM_GROUP] = $groups; } return $grants; } /** * Convenience method for displaying facebook api errors. */ function fb_report_errors($fb = FB_APP_CURRENT) { if ($fb == FB_APP_CURRENT) { $fb = $GLOBALS['fb']; } if ($fb) { if ($fb->api_client->error_code) { $message = t('Facebook API error %code (see !link).', array('%code' => $fb->api_client->error_code, '!link' => l(t('error codes'), "http://wiki.developers.facebook.com/index.php/Error_codes"), )); watchdog('fb', $message, WATCHDOG_ERROR); drupal_set_message($message, 'error'); } } } /** * Exception handler for PHP5 exceptions. */ function fb_report_exception($exception) { $message = t('Facebook API exception %message. !trace', array('%message' => $exception->getMessage(), '!trace' => '

'.$exception->getTraceAsString().'

', )); watchdog('fb', $message, WATCHDOG_ERROR); drupal_set_message($message, 'error'); print $message; } ?>