FEATURE: AppID/Secret can now be entered on the plugin's admin page. BUG: if a connected FB-App is deleted and a new FB-App is connected, the app_access_token of the former App remained in the config and made it impossible to activate Real-Time Updates with the new App. USABILITY: Now the user's connector settings page automatically recognizes if the connection is still valid and acts accordingly. SECURITY: XSRF-Protection.

This commit is contained in:
Tobias Hößl 2012-04-01 07:42:50 +00:00
parent 5c59002db4
commit 1b1237d97c

View file

@ -464,9 +464,21 @@ function facebook_content(&$a) {
info( t('Updating contacts') . EOL); info( t('Updating contacts') . EOL);
} }
$o = '';
$fb_installed = get_pconfig(local_user(),'facebook','post');
$fb_installed = false;
if (get_pconfig(local_user(),'facebook','post')) {
$access_token = get_pconfig(local_user(),'facebook','access_token');
if ($access_token) {
$private_wall = intval(get_pconfig($uid,'facebook','private_wall'));
$s = fetch_url('https://graph.facebook.com/me/feed?access_token=' . $access_token);
if($s) {
$j = json_decode($s);
if (isset($j->data)) $fb_installed = true;
}
}
}
$appid = get_config('facebook','appid'); $appid = get_config('facebook','appid');
if(! $appid) { if(! $appid) {
@ -629,17 +641,39 @@ function facebook_plugin_settings(&$a,&$b) {
function facebook_plugin_admin(&$a, &$o){ function facebook_plugin_admin(&$a, &$o){
$o = '<input type="hidden" name="form_security_token" value="' . get_form_security_token("fbsave") . '">';
$activated = facebook_check_realtime_active(); $o .= '<h4>' . t('Facebook API Key') . '</h4>';
if ($activated) {
$o = t('Real-Time Updates are activated.') . '<br><br>'; $appid = get_config('facebook', 'appid' );
$o .= '<input type="submit" name="real_time_deactivate" value="' . t('Deactivate Real-Time Updates') . '">'; $appsecret = get_config('facebook', 'appsecret' );
} else {
$o = t('Real-Time Updates not activated.') . '<br><input type="submit" name="real_time_activate" value="' . t('Activate Real-Time Updates') . '">'; $o .= '<label for="fb_appid">' . t('App-ID / API-Key') . '</label><input name="appid" type="text" value="' . escape_tags($appid ? $appid : "") . '"><br style="clear: both;">';
$o .= '<label for="fb_appsecret">' . t('Application secret') . '</label><input name="appsecret" type="text" value="' . escape_tags($appsecret ? $appsecret : "") . '"><br style="clear: both;">';
$o .= '<input type="submit" name="fb_save_keys" value="' . t('Save') . '">';
if ($appid && $appsecret) {
$o .= '<h4>' . t('Real-Time Updates') . '</h4>';
$activated = facebook_check_realtime_active();
if ($activated) {
$o .= t('Real-Time Updates are activated.') . '<br><br>';
$o .= '<input type="submit" name="real_time_deactivate" value="' . t('Deactivate Real-Time Updates') . '">';
} else {
$o .= t('Real-Time Updates not activated.') . '<br><input type="submit" name="real_time_activate" value="' . t('Activate Real-Time Updates') . '">';
}
} }
} }
function facebook_plugin_admin_post(&$a, &$o){ function facebook_plugin_admin_post(&$a, &$o){
check_form_security_token_redirectOnErr('/admin/plugins/facebook', 'fbsave');
if (x($_REQUEST,'fb_save_keys')) {
set_config('facebook', 'appid', $_REQUEST['appid']);
set_config('facebook', 'appsecret', $_REQUEST['appsecret']);
del_config('facebook', 'app_access_token');
info(t('The new values have been saved.'));
}
if (x($_REQUEST,'real_time_activate')) { if (x($_REQUEST,'real_time_activate')) {
facebook_subscription_add_users(); facebook_subscription_add_users();
} }
@ -1448,8 +1482,8 @@ function fb_get_app_access_token() {
logger('fb_get_app_access_token: appid and/or appsecret not set', LOGGER_DEBUG); logger('fb_get_app_access_token: appid and/or appsecret not set', LOGGER_DEBUG);
return false; return false;
} }
logger('https://graph.facebook.com/oauth/access_token?client_id=' . $appid . '&client_secret=' . $appsecret . '&grant_type=client_credentials', LOGGER_DATA);
$x = fetch_url('https://graph.facebook.com/oauth/access_token?client_id=' . $appid . '&client_secret=' . $appsecret . "&grant_type=client_credentials"); $x = fetch_url('https://graph.facebook.com/oauth/access_token?client_id=' . $appid . '&client_secret=' . $appsecret . '&grant_type=client_credentials');
if(strpos($x,'access_token=') !== false) { if(strpos($x,'access_token=') !== false) {
logger('fb_get_app_access_token: returned access token: ' . $x, LOGGER_DATA); logger('fb_get_app_access_token: returned access token: ' . $x, LOGGER_DATA);
@ -1480,8 +1514,7 @@ function facebook_subscription_del_users() {
del_config('facebook', 'realtime_active'); del_config('facebook', 'realtime_active');
} }
function facebook_subscription_add_users() { function facebook_subscription_add_users($second_try = false) {
$a = get_app(); $a = get_app();
$access_token = fb_get_app_access_token(); $access_token = fb_get_app_access_token();
@ -1502,9 +1535,18 @@ function facebook_subscription_add_users() {
del_config('facebook', 'cb_verify_token'); del_config('facebook', 'cb_verify_token');
if ($j) { if ($j) {
$x = json_decode($j);
logger("Facebook reponse: " . $j, LOGGER_DATA); logger("Facebook reponse: " . $j, LOGGER_DATA);
if (isset($x->error)) {
if (facebook_check_realtime_active()) set_config('facebook', 'realtime_active', 1); logger('facebook_subscription_add_users: got an error: ' . $j);
if ($x->error->type == "OAuthException" && $x->error->code == 190) {
del_config('facebook', 'app_access_token');
if ($second_try === false) facebook_subscription_add_users(true);
}
} else {
logger('facebook_subscription_add_users: sucessful');
if (facebook_check_realtime_active()) set_config('facebook', 'realtime_active', 1);
}
}; };
} }