Newer
Older
// hook_fb
define('FB_HOOK', 'fb');
// Ops for hook_fb.
define('FB_OP_INITIALIZE', 'init'); // Start a FB callback
define('FB_OP_POST_INIT', 'post init'); // Another chance to start FB callback
define('FB_OP_EXIT', 'exit'); // End an FB callback
define('FB_OP_GET_FBU', 'get_fbu'); // Query the local user's FB account
define('FB_OP_GET_APP', 'get_app'); // Query which app a FB callback addresses
define('FB_OP_GET_INFINITE_SESSION', 'get_inf_sess'); // Query infinite session data
define('FB_OP_PRE_USER', 'pre_user'); // Before account creation, fb_user.module
define('FB_OP_POST_USER', 'post_user'); // After account creation, fb_user.module
// node_access realms (belongs here?)
define('FB_GRANT_REALM_FRIEND', 'fb_friend');
define('FB_GRANT_REALM_GROUP', 'fb_group');
// When initializing Facebook API, which user to log in as:
Dave Cohen
committed
define('FB_FBU_INFINITE_SESSION', 'fbu_infinite');
define('FB_FBU_CURRENT', 'fbu_current'); // Canvas pages only
Dave Cohen
committed
define('FB_FBU_ANY', 'fbu_any'); // Use current user on canvas page, fall back to infinite session otherwise.
Dave Cohen
committed
//// Constants for internal use
Dave Cohen
committed
define('FB_APP_CURRENT', '000_app_current'); // Canvas pages only. 000 makes it appear first in options list
Dave Cohen
committed
define('FB_USE_PHP4_API', variable_get('fb_use_php4_api', TRUE)); // Force the use of facebook's php4 api until we decide to require php5. The php5 api throws exceptions, and there's no clean way to handle them in code that will also run in php4.
/**
* Implementation of hook_init
*
* Determines whether we are servicing a Facebook App request.
*
* We invoke our hook, first to determine which application is being invoked.
* (Because we support more than one in the same Drupal instance.) Then, we
* notify interested modules in various events.
*
*/
function fb_init() {
global $fb, $fb_app, $fb_app_node; // Set by this function.
// Perform sanity check, help users who skip the README.
if (!variable_get('fb_settings_check', FALSE) && user_access('access administration pages')) {
drupal_set_message(t('!drupal_for_facebook has been enabled, but not properly installed. Please read the !readme.',
array('!drupal_for_facebook' => l(t('Drupal for Facebook'), 'http://drupal.org/project/fb'),
// This link should work with clean URLs
// disabled.
'!readme' => '<a href='.base_path() . '/' . drupal_get_path('module', 'fb') . '/README.txt>README.txt</a>')), 'error');
}
// Ask other modules for app detail
$fb_app = _fb_invoke(NULL, FB_OP_GET_APP);
if ($fb_app) {
// we are in a callback
// For canvas pages, use current user, never infinite session.
$fb = fb_api_init($fb_app, FB_FBU_CURRENT);
if ($fb) {
if ($fb->in_fb_canvas() && FALSE) // XXX deprecated
fb_init_path($fb_app);
// Give other modules a chance to initialize, require login, etc...
_fb_invoke($fb_app, FB_OP_INITIALIZE);
}
else
watchdog('fb', "URL indicates a facebook app, but could not initialize Facebook");
}
_fb_invoke($fb_app, FB_OP_POST_INIT);
}
* Include the necessary facebook-platform code and initialize the API object.
*
Dave Cohen
committed
* @param fbu To log into facebook as a particular user, pass the facebook id.
* This is useful during cron jobs, for example, but rarely if ever needed on
* a canvas page. If no valid session key is known for the user, this call
Dave Cohen
committed
* will still return a facebook reference.
*
* If FB_FBU_INFINITE_SESSION is passed, we attempt to log into an infinite
* session we've configured.
*
* If FB_FBU_ANY is passed in, we will log in as the canvas page user if
* already logged in. Otherwise we try the infinite session, if configured.
*
* Future calls into the the facebook api could fail for various reasons. For
* one, we may fail to log in as the specified user. This call does not
* actually contact facebook to test the connection, it just sets things up so
* that when the connection is needed, it might work. Even if the connection
* is established, the user may not have sufficient permission to whatever you
* are asking facebook to do.
*
Dave Cohen
committed
function fb_api_init($fb_app, $fbu) {
static $cache = array();
if (!count($cache)) {
// Include FB API code.
Dave Cohen
committed
if (substr(phpversion(), 0, 1) == '4' || FB_USE_PHP4_API) {
require_once('facebook-platform/php4client/facebook.php');
}
else {
require_once('facebook-platform/client/facebook.php');
Dave Cohen
committed
// Ideally, we'd check that drupal has not already specified an exception handler.
set_exception_handler('fb_report_exception');
}
Dave Cohen
committed
global $facebook_config;
$facebook_config['debug'] = FALSE; // set TRUE for debug output from FB API
Dave Cohen
committed
if (!$cache[$fb_app->apikey]) {
Dave Cohen
committed
$cache[$fb_app->apikey] = array();
}
if (!$cache[$fb_app->apikey][$fbu]) {
$fb = new Facebook($fb_app->apikey, $fb_app->secret);
Dave Cohen
committed
// Iframes may link or redirect within the iframe, in which case facebook
// will not provide all its normal variables. To prepare for such a case,
// we cache the facebook parameters in the session.
// We update the cache whenever possible, to keep it current.
if ($fb->in_frame() && $fb->fb_params) {
$_SESSION['fb_frame_params'] = $fb->fb_params; // dangerous to use fb's internal data structure
}
if (($fbu == FB_FBU_CURRENT || $fbu == FB_FBU_ANY)
&& $fb->get_loggedin_user()) {
Dave Cohen
committed
// We're on a canvas page and we're already logged in.
}
else if (($fbu == FB_FBU_CURRENT || $fbu == FB_FBU_ANY)
&& isset($_SESSION['fb_frame_params'])) {
$params = $_SESSION['fb_frame_params'];
$fb->set_user($params['user'], $params['session_key']);
}
else if ($fbu == FB_FBU_CURRENT) {
// No current user to use, probably anonymous canvas page.
Dave Cohen
committed
}
else if ($fbu == FB_FBU_INFINITE_SESSION || $fbu == FB_FBU_ANY) {
// Learn the infinite session id and key
Dave Cohen
committed
$data = _fb_invoke($fb_app, FB_OP_GET_INFINITE_SESSION, array());
if (count($data) && $data[0] && $data[1]) {
$fb->set_user($data[0], $data[1]);
}
}
Dave Cohen
committed
else {
// FB user id passed in. If we happen to have session info for them, we
// can log in as them.
$data = _fb_invoke($fb_app, FB_OP_GET_USER_SESSION, array(), array('fbu' => $fbu));
if (count($data) && $data[0] && $data[1]) {
$fb->set_user($data[0], $data[1]);
}
}
$cache[$fb_app->apikey][$fbu] = $fb;
Dave Cohen
committed
// Note that facebook api has not actually logged into facebook yet.
// We won't really know if our session is valid until later.
// get_loggedin_user does not really test it.
if ($fbu != FB_FBU_CURRENT && !$fb->get_loggedin_user()) {
// An FBU other than CURRENT was specified, but we failed to log in.
watchdog('fb', t('Failed to log into facebook app %app as user %user',
array('%app' => $fb_app->title,
'%user' => $fbu)), WATCHDOG_ERROR);
Dave Cohen
committed
}
Dave Cohen
committed
$fb = $cache[$fb_app->apikey][$fbu];
return $fb;
// deprecated
function fb_init_pathXXX($fb_app, $restore = FALSE) {
// Here's one of the uglier parts...
// Fool url() function into linking back to facebook
// Note that elsewhere we get forms to submit directly to us by tweaking their action parameter.
global $base_path, $base_url;
// The old paths will actually be used to modify form actions. That's why these are global as opposed to static.
global $fb_old_base_url, $fb_old_base_path;
Dave Cohen
committed
// But we also support a stack of paths, in case we need to log into more than one app in a single request.
static $stack = array();
Dave Cohen
committed
if (!$fb_old_base_path) {
$fb_old_base_url = $base_url;
$fb_old_base_path = $base_path;
}
$original = array('base_url' => $base_url,
'base_path' => $base_path);
/**
$base_path = "/$fb_app->canvas/";
// TODO: make the "apps.facebook.com" part configurable.
$base_url = "http://apps.facebook.com/$fb_app->canvas";
// New way:
$base_path = $fb_old_base_url . '/';
$base_url = '';
**/
if (!variable_get('clean_url', FALSE)) {
Dave Cohen
committed
$original['clean_url'] = FALSE;
// Force clean URLs because links between canvas pages will work this way.
// In settings.inc we do this more cleanly. However, for cron jobs this is necessary.
variable_set('clean_url', TRUE);
}
Dave Cohen
committed
// Save settings so they may be restored
array_push($stack, $original);
}
else {
// restore original settings.
Dave Cohen
committed
$original = array_pop($stack);
$base_url = $original['base_url'];
$base_path = $original['base_path'];
if (isset($original['clean_url']))
variable_set('clean_url', $old_clean_url);
}
}
* Returns the facebook user id currently visiting a canvas page, or if set_user has been called.
* Unlike fb_get_fbu(), works only on canvas pages or when infinite session has been initialized.
function fb_facebook_user($fb = NULL) {
if (!isset($fb))
$fb = $GLOBALS['fb'];
if (!$fb)
return;
$fbu = $fb->get_loggedin_user();
if ($fb->api_client->error_code) {
watchdog('fb', 'Failed to get Facebook user id.', 'error');
}
return $fbu;
}
/**
* Given a local user id, find the facebook id.
*/
function fb_get_fbu($uid, $fb_app = NULL) {
// default to current app (only set if we're in a FB callback)
if (!$fb_app)
$fb_app = $GLOBALS['fb_app'];
// Accept either a user object or uid passed in.
if (is_object($uid) && $uid->fbu)
return $uid->fbu;
else if (is_object($uid))
$uid = $uid->uid;
// User management is handled by another module. Use our hook to ask for mapping.
$fbu = _fb_invoke($fb_app, FB_OP_GET_FBU, NULL, array('uid' => $uid));
Dave Cohen
committed
/**
* Convenience method to get app info based on apikey or nid.
Dave Cohen
committed
*/
function fb_get_app($search_data) {
// $search_data can be an apikey, or an array of other search params.
if (!is_array($search_data))
$search_data = array('apikey' => $search_data);
$fb_app = _fb_invoke(NULL, FB_OP_GET_APP, NULL, $search_data);
Dave Cohen
committed
return $fb_app;
}
/**
* Convenience method to return a list of all known apps, suitable for form
* elements.
*/
function fb_get_app_options($include_current) {
$apps = fb_get_all_apps();
Dave Cohen
committed
$options = array();
if ($include_current)
$options[FB_APP_CURRENT] = t('<current>');
foreach ($apps as $app) {
$options[$app->nid] = $app->title;
Dave Cohen
committed
}
return $options;
}
/**
* Convenience method to return array of all know fb_apps.
*/
function fb_get_all_apps() {
$apps = _fb_invoke(NULL, FB_OP_GET_ALL_APPS, array());
return $apps;
}
// return array of facebook uids
function fb_get_friends($fbu) {
static $cache = array();
global $fb;
if (!$fb || !$fbu)
return;
if (!isset($cache[$fbu])) {
if ($fbu == fb_facebook_user())
$items = $fb->api_client->friends_get();
// friends_get does not work in cron call, so we double check.
if (!$items || !count($items)) {
$result = $fb->api_client->fql_query("SELECT uid2 FROM friend WHERE uid1=$fbu");
$items = array();
foreach ($result as $data) {
$items[] = $data['uid2'];
}
}
// Facebook's API has the annoying habit of returning an item even if user
// has no friends. We need to clean that up.
if (!$items[0])
unset($items[0]);
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
$cache[$fbu] = $items;
}
return $cache[$fbu];
}
// Return array of facebook gids
function fb_get_groups($fbu) {
$items = array();
$groups = fb_get_groups_data($fbu);
if ($groups && count($groups))
foreach ($groups as $data) {
$items[] = $data['gid'];
}
return $items;
}
function fb_get_groups_data($fbu) {
static $cache = array();
global $fb;
if (!$fb || !$fbu)
return;
if (!isset($cache[$fbu])) {
$cache[$fbu] = $fb->api_client->groups_get($fbu, NULL);
}
return $cache[$fbu];
}
// deprecated since creation of fb_user module, but cron hook still uses this.
function fb_user_load($fbu = NULL) {
global $user;
if (!$fbu)
// default to current logged in user
$fbu = fb_facebook_user();
if ($fbu && $user->fbu == $fbu) {
return $user;
}
if ($fbu) {
$account = user_external_load("$fbu-$fb_app->apikey@facebook.com");
if (!$account)
$account = user_external_load("$fbu@facebook.com");
if (!$account)
$account = user_load(array('uid' => variable_get('fb_facebook_user', 2)));
if (!$account)
watchdog('fb', t('Failed to load user from facebook fbu=%fbu',
array('%fbu' => $fbu)), 'error');
$account->fbu = $fbu;
return $account;
}
}
function fb_form_alter($form_id, &$form) {
// Because facebook users don't have email, it can't be required on user form
if ($form_id == 'user_register') {
if (user_access('administer users')) {
$form['mail']['#required'] = FALSE;
}
}
if ($form_id == 'user_edit') {
if (user_access('administer users')) {
$form['account']['mail']['#required'] = FALSE;
}
}
}
function fb_menu($may_cache) {
$items = array();
if (!$may_cache) {
// Initialization moved to fb_init(), nothing to do here.
}
else {
// When forms are submitted directly to us, we cache the results,
// and show them later via this callback
$items[] = array('path' => 'fb/form_cache',
'callback' => '_fb_form_cache_cb',
'type' => MENU_CALLBACK,
'access' => TRUE);
// A page to help determine infinite session keys
$items[] = array('path' => 'fb/session',
'callback' => '_fb_session_cb',
'type' => MENU_CALLBACK,
'access' => TRUE); // TODO: restrict access?
}
return $items;
}
/**
* When exiting we need to do some special stuff for forms
*/
function fb_exit($destination = NULL) {
global $fb_app, $fb;
_fb_invoke($fb_app, FB_OP_EXIT, $destination);
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
}
function _fb_form_cache_cb($cid) {
// Facebook started appending a '?', we need to get rid of it.
if ($pos = strpos($cid, '?'))
$cid = substr($cid, 0, $pos);
watchdog('fb', "Returning cached form page $cid");
$cache = cache_get($cid, 'cache_page');
// Don't clear, as user may refresh browser. Cache will expire eventually.
// cache_clear_all($cid, 'cache_page');
print $cache->data;
exit();
}
function _fb_session_cb() {
global $fb, $fb_app;
global $user;
drupal_set_message("_fb_session_cb" . dpr($_REQUEST, 1));
$output = '<p>'.t('You are logged in as local user !username, with Facebook user id %fbu.',
array('!username' => theme('username', $user),
'%fbu' => fb_get_fbu($user))).'</p>';
$output .= '<p>'.l(t('Request an infinite session key.'),
'http://www.facebook.com/code_gen.php?v=1.0&api_key='.$fb_app->apikey).'</p>';
$output .= drupal_get_form('fb_session_key_form');
$output .= '<p>'.t('Current session key: %key',
array('%key' => htmlentities($fb->api_client->session_key)))."</p>\n";
return $output;
}
function fb_session_key_form() {
global $fb_app;
$form = array('auth_token' => array('#type' => 'textfield',
'#title' => t('One-time code'),
'#description' => t('If you do not have a one-time code, you can get one !here.',
array('!here' => l(t('here'), 'http://www.facebook.com/code_gen.php?v=1.0&api_key='.$fb_app->apikey))),
),
'submit' => array('#type' => 'submit',
'#value' => t('Submit')),
'#redirect' => FALSE, // necessary when submitting via facebook
);
return $form;
}
function _fb_invoke($fb_app, $op, $return = NULL, $data = NULL) {
global $fb;
foreach (module_implements(FB_HOOK) as $name) {
$function = $name . '_' . FB_HOOK;
$function($fb, $fb_app, $op, $return, $data);
return $return;
/**
* This method will clean up URLs. When serving canvas pages, extra
* information is included in URLs (see fb_settings.inc). This will remove
* the extra information.
*/
function fb_scrub_urls($content) {
foreach (array(FB_SETTINGS_APP_NID, FB_SETTINGS_PAGE_TYPE) as $key) {
$patterns[] = "|$key/[^/]*/|";
$replacements[] = "";
}
$content = preg_replace($patterns, $replacements, $content);
return $content;
}
/**
* Implementation of hook_node_grants.
*
* We put this here so all facebook modules have a standard way to implement
* hook_node_access_records. They use that hook to insert records into the
* node access table. We use this hook to allow access when the grants are
* there.
*
* DEPRECATED. Not sure where, if anywhere, this belongs.
function fb_node_grantsXXX($account, $op) {
$grants = array();
$fbu = fb_get_fbu($account);
if ($fbu) { // If not anonymous (facebook user not logged in to this app)
$friends = fb_get_friends($fbu);
// For access purposes, consider a users to be a friend of themself
$friends[] = $fbu;
if (count($friends))
$grants[FB_GRANT_REALM_FRIEND] = $friends;
$groups = fb_get_groups($fbu);
if (count($groups))
$grants[FB_GRANT_REALM_GROUP] = $groups;
}
return $grants;
}
Dave Cohen
committed
/**
* Convenience method for displaying facebook api errors.
*/
function fb_report_errors($fb = FB_APP_CURRENT) {
if ($fb == FB_APP_CURRENT) {
$fb = $GLOBALS['fb'];
Dave Cohen
committed
}
if ($fb) {
if ($fb->api_client->error_code) {
$message = t('Facebook API error %code (see !link).',
array('%code' => $fb->api_client->error_code,
'!link' => l(t('error codes'), "http://wiki.developers.facebook.com/index.php/Error_codes"),
));
Dave Cohen
committed
watchdog('fb', $message, WATCHDOG_ERROR);
Dave Cohen
committed
drupal_set_message($message, 'error');
}
}
}
Dave Cohen
committed
/**
* Exception handler for PHP5 exceptions.
*/
function fb_report_exception($exception) {
$message = t('Facebook API exception %message. !trace',
array('%message' => $exception->getMessage(),
'!trace' => '<pre>'.$exception->getTraceAsString().'</pre>',
));
watchdog('fb', $message, WATCHDOG_ERROR);
Dave Cohen
committed
print $message;
print "<pre>\$_REQUEST:\n";
print_r($_REQUEST);
print "\n\nREQUEST_URI:\n" . $_SERVER['REQUEST_URI'];
print "</pre>";
Dave Cohen
committed
}