\BaseFacebook
Provides access to the Facebook Platform. This class provides a majority of the functionality needed, but the class is abstract because it is designed to be sub-classed. The subclass must implement the four abstract methods listed at the bottom of the file.
- Author: Naitik Shah <naitik@facebook.com>
Synopsis
class BaseFacebook
{
- // constants
- const VERSION = '3.2.2';
- const SIGNED_REQUEST_ALGORITHM = 'HMAC-SHA256';
- // members
- public static array $CURL_OPTS = ;
- protected static array $DROP_QUERY_PARAMS = ;
- public static array $DOMAIN_MAP = ;
- protected $appId;
- protected $appSecret;
- protected $user;
- protected $signedRequest;
- protected $state;
- protected $accessToken = NULL;
- protected boolean $fileUploadSupport = false;
- protected boolean $trustForwarded = false;
- // methods
- public void __construct()
- public BaseFacebook setAppId()
- public string getAppId()
- public BaseFacebook setApiSecret()
- public BaseFacebook setAppSecret()
- public string getApiSecret()
- public string getAppSecret()
- public BaseFacebook setFileUploadSupport()
- public boolean getFileUploadSupport()
- public boolean useFileUploadSupport()
- public BaseFacebook setAccessToken()
- public void setExtendedAccessToken()
- public string getAccessToken()
- protected string getUserAccessToken()
- public string getSignedRequest()
- public string getUser()
- protected integer getUserFromAvailableData()
- public string getLoginUrl()
- public string getLogoutUrl()
- public string getLoginStatusUrl()
- public mixed api()
- protected string getSignedRequestCookieName()
- protected string getMetadataCookieName()
- protected mixed getCode()
- protected integer getUserFromAccessToken()
- protected string getApplicationAccessToken()
- protected void establishCSRFTokenState()
- protected mixed getAccessTokenFromCode()
- protected mixed _restserver()
- protected boolean isVideoPost()
- protected mixed _graph()
- protected string _oauthRequest()
- protected string getAppSecretProof()
- protected string makeRequest()
- protected array parseSignedRequest()
- protected string makeSignedRequest()
- protected string getApiUrl()
- protected string getUrl()
- protected void getHttpHost()
- protected void getHttpProtocol()
- protected void getBaseDomain()
- protected string getCurrentUrl()
- protected boolean shouldRetainParam()
- protected void throwAPIException()
- protected static void errorLog()
- protected static string base64UrlDecode()
- protected static string base64UrlEncode()
- public void destroySession()
- protected an getMetadataCookie()
- protected static void isAllowedDomain()
- protected static void endsWith()
- protected abstract void setPersistentData()
- protected abstract mixed getPersistentData()
- protected abstract void clearPersistentData()
- protected abstract void clearAllPersistentData()
Constants
Name | Value |
---|---|
VERSION | '3.2.2' |
SIGNED_REQUEST_ALGORITHM | 'HMAC-SHA256' |
Members
protected
-
$DROP_QUERY_PARAMS
List of query parameters that get automatically dropped when rebuilding the current URL. - $accessToken
—
string
The OAuth access token received in exchange for a valid authorization code. null means the access token has yet to be determined. - $appId
—
string
The Application ID. - $appSecret
—
string
The Application App Secret. - $fileUploadSupport
—
boolean
Indicates if the CURL based @ syntax for file uploads is enabled. -
$signedRequest
The data from the signed_request token. -
$state
A CSRF state variable to assist in the defense against CSRF attacks. - $trustForwarded
—
boolean
Indicates if we trust HTTP_X_FORWARDED_* headers. - $user
—
integer
The ID of the Facebook user, or 0 if the user is logged out.
public
-
$CURL_OPTS
Default options for curl. -
$DOMAIN_MAP
Maps aliases to Facebook domains.
Methods
protected
- _graph() — Invoke the Graph API.
- _oauthRequest() — Make a OAuth Request.
- _restserver() — Invoke the old restserver.php endpoint.
- base64UrlDecode() — Base64 encoding that doesn't need to be urlencode()ed.
- base64UrlEncode() — Base64 encoding that doesn't need to be urlencode()ed.
- clearAllPersistentData() — Clear all data from the persistent storage
- clearPersistentData() — Clear the data with $key from the persistent storage
- endsWith()
- errorLog() — Prints to the error log if you aren't in command line mode.
- establishCSRFTokenState() — Lays down a CSRF state token for this process.
- getAccessTokenFromCode() — Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.
- getApiUrl() — Build the URL for api given parameters.
- getAppSecretProof() — Generate a proof of App Secret This is required for all API calls originating from a server It is a sha256 hash of the access_token made using the app secret
- getApplicationAccessToken() — Returns the access token that should be used for logged out users when no authorization code is available.
- getBaseDomain() — Get the base domain used for the cookie.
- getCode() — Get the authorization code from the query parameters, if it exists, and otherwise return false to signal no authorization code was discoverable.
- getCurrentUrl() — Returns the Current URL, stripping it of known FB parameters that should not persist.
- getHttpHost()
- getHttpProtocol()
- getMetadataCookie() — Parses the metadata cookie that our Javascript API set
- getMetadataCookieName() — Constructs and returns the name of the coookie that potentially contain metadata. The cookie is not set by the BaseFacebook class, but it may be set by the JavaScript SDK.
- getPersistentData() — Get the data for $key, persisted by BaseFacebook::setPersistentData()
- getSignedRequestCookieName() — Constructs and returns the name of the cookie that potentially houses the signed request for the app user.
- getUrl() — Build the URL for given domain alias, path and parameters.
- getUserAccessToken() — Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. The intent is to return a valid user access token, or false if one is determined to not be available.
- getUserFromAccessToken() — Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. It relies on Facebook's Graph API to retrieve user information and then extract the user ID.
- getUserFromAvailableData() — Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.
- isAllowedDomain()
- isVideoPost() — Return true if this is video post.
- makeRequest() — Makes an HTTP request. This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.
- makeSignedRequest() — Makes a signed_request blob using the given data.
- parseSignedRequest() — Parses a signed_request and validates the signature.
- setPersistentData() — Stores the given ($key, $value) pair, so that future calls to getPersistentData($key) return $value. This call may be in another request.
- shouldRetainParam() — Returns true if and only if the key or key/value pair should be retained as part of the query string. This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.
- throwAPIException() — Analyzes the supplied result to see if it was thrown because the access token is no longer valid. If that is the case, then we destroy the session.
public
- __construct() — Initialize a Facebook Application.
- api() — Make an API call.
- destroySession() — Destroy the current session
- getAccessToken() — Determines the access token that should be used for API calls.
- getApiSecret() — Get the App Secret.
- getAppId() — Get the Application ID.
- getAppSecret() — Get the App Secret.
- getFileUploadSupport() — Get the file upload support status.
- getLoginStatusUrl() — Get a login status URL to fetch the status from Facebook.
- getLoginUrl() — Get a Login URL for use with redirects. By default, full page redirect is assumed. If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.
- getLogoutUrl() — Get a Logout URL suitable for use with redirects.
- getSignedRequest() — Retrieve the signed request, either from a request parameter or, if not present, from a cookie.
- getUser() — Get the UID of the connected user, or 0 if the Facebook user is not connected.
- setAccessToken() — Sets the access token for api calls. Use this if you get your access token by other means and just want the SDK to use it.
- setApiSecret() — Set the App Secret.
- setAppId() — Set the Application ID.
- setAppSecret() — Set the App Secret.
- setExtendedAccessToken() — Extend an access token, while removing the short-lived token that might have been generated via client-side flow. Thanks to http://bit.ly/b0Pt0H for the workaround.
- setFileUploadSupport() — Set the file upload support status.
- useFileUploadSupport() — DEPRECATED! Please use getFileUploadSupport instead.