diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index f4aa9f6b1..b2363298f 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -187,8 +187,7 @@ if ($w == 'c') // 댓글 입력 $facebook = new Facebook(array( 'appId' => $config['cf_facebook_appid'], - 'secret' => $config['cf_facebook_secret'], - 'cookie' => true + 'secret' => $config['cf_facebook_secret'] )); $user = $facebook->getUser(); @@ -200,7 +199,7 @@ if ($w == 'c') // 댓글 입력 'message' => stripslashes($wr_content), 'name' => $wr_subject, 'link' => $link, - 'description' => stripslashes($wr['wr_content']) + 'description' => stripslashes(strip_tags($wr['wr_content'])) ); $facebook->api('/me/feed/', 'post', $attachment); //$errors = error_get_last(); print_r2($errros); exit; diff --git a/plugin/sns/facebook/callback.php b/plugin/sns/facebook/callback.php index c5ce18e5c..e51b3cc6c 100644 --- a/plugin/sns/facebook/callback.php +++ b/plugin/sns/facebook/callback.php @@ -22,20 +22,44 @@ $g4['title'] = '페이스북 콜백'; include_once(G4_PATH.'/head.sub.php'); if ($user) { + + $access_token = $facebook->getAccessToken(); + + $appid = $config['cf_facebook_appid']; + + setcookie('fbs_'.$appid, 1, G4_SERVER_TIME + 86400 * 31, '/', G4_COOKIE_DOMAIN); + setcookie('fbs_'.$appid.'_code', $_SESSION['fb_'.$appid.'_code'], G4_SERVER_TIME + 86400 * 31, '/', G4_COOKIE_DOMAIN); + setcookie('fbs_'.$appid.'_access_token', $_SESSION['fb_'.$appid.'_access_token'], G4_SERVER_TIME + 86400 * 31, '/', G4_COOKIE_DOMAIN); + setcookie('fbs_'.$appid.'_user_id', $_SESSION['fb_'.$appid.'_user_id'], G4_SERVER_TIME + 86400 * 31, '/', G4_COOKIE_DOMAIN); + + sql_query(" update {$g4['member_table']} set mb_facebook_token = '{$access_token}' where mb_id = '{$member['mb_id']}' ", true); + $g4_sns_url = G4_SNS_URL; + echo << -$(function() { - var opener = window.opener; - opener.$("#facebook_icon").attr("src", "{$g4_sns_url}/icon/facebook_on.png"); - opener.$("#facebook_checked").attr("disabled", false); - opener.$("#facebook_checked").attr("checked", true); - //alert("페이스북 승인이 되었습니다."); - window.close(); -}); - + EOT; + } else { + + echo << + $(function() { + alert("페이스북 승인이 되지 않았습니다."); + window.close(); + }); + +EOT; + } include_once(G4_PATH.'/tail.sub.php'); diff --git a/plugin/sns/facebook/examples/example.php b/plugin/sns/facebook/examples/example.php index c71295082..a53b2f4f7 100644 --- a/plugin/sns/facebook/examples/example.php +++ b/plugin/sns/facebook/examples/example.php @@ -20,7 +20,7 @@ require '../src/facebook.php'; // Create our Application instance (replace this with your appId and secret). $facebook = new Facebook(array( 'appId' => '119146498278078', - 'secret' => '311e0d6ff8ff43cfe0e75fe82d71777c', + 'secret' => '6ffd7e325e2b4fbd83a2eebf9c6f33f9', )); // Get User ID @@ -82,6 +82,9 @@ $naitik = $facebook->api('/naitik'); +

PHP Cookie

+
+

PHP Session

diff --git a/plugin/sns/facebook/examples/with_js_sdk.php b/plugin/sns/facebook/examples/with_js_sdk.php index 4255a35c3..5d62b9beb 100644 --- a/plugin/sns/facebook/examples/with_js_sdk.php +++ b/plugin/sns/facebook/examples/with_js_sdk.php @@ -3,8 +3,8 @@ require '../src/facebook.php'; $facebook = new Facebook(array( - 'appId' => '344617158898614', - 'secret' => '6dc8ac871858b34798bc2488200e503d', + 'appId' => '119146498278078', + 'secret' => '6ffd7e325e2b4fbd83a2eebf9c6f33f9', )); // See if there is a user from a cookie @@ -24,6 +24,9 @@ if ($user) { +

PHP Cookie

+
+ Your user profile is 
diff --git a/skin/board/basic/sns_comment.skin.php b/skin/board/basic/sns_comment.skin.php
index 4657bec42..ea09105b0 100644
--- a/skin/board/basic/sns_comment.skin.php
+++ b/skin/board/basic/sns_comment.skin.php
@@ -3,44 +3,63 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 if (!$is_member) return;
 if (!$config['cf_facebook_use']) return;
-        
-include_once(G4_SNS_PATH."/facebook/src/facebook.php");
 
+include_once(G4_SNS_PATH."/facebook/src/facebook.php");
 $facebook = new Facebook(array(
     'appId'  => $config['cf_facebook_appid'],
     'secret' => $config['cf_facebook_secret']
 ));
 
 $user = $facebook->getUser();
-//echo $token = $facebook->getAccessToken();
-
-// CAABsXPS0wr4BAIasoXNLyI3Hg6Lqg8Qmze4vrLi2sBhenwe9Sx3qNu6hHRDGiKTVI6sDys3kmhP1B9kSoyfriZBMeTU5VEbJir8rc7QnWbyUZAZAijwd4UvPrJZCQTR4Y2fJTHVUCRILRir5Qqfs
-
-//$user = $facebook->getUser();
-//$facebook->setAccessToken("CAABsXPS0wr4BAIasoXNLyI3Hg6Lqg8Qmze4vrLi2sBhenwe9Sx3qNu6hHRDGiKTVI6sDys3kmhP1B9kSoyfriZBMeTU5VEbJir8rc7QnWbyUZAZAijwd4UvPrJZCQTR4Y2fJTHVUCRILRir5Qqfs");
 
 if ($user) {
     try {
         $user_profile = $facebook->api('/me');
-
-        $access_token = $facebook->getAccessToken();
-        sql_query(" update {$g4['member_table']} set mb_facebook_token = '{$access_token}' where mb_id = '{$member['mb_id']}' ", true);
-
     } catch (FacebookApiException $e) {
         error_log($e);
         $user = null;
     }
 } else {
-    if ($member['mb_facebook_token']) {
-        $facebook->setAccessToken($member['mb_facebook_token']);
-        try {
-            $user_profile = $facebook->api('/me');
-            //print_r2($user_profile);
-            $user = $facebook->getUser();
-        } catch (FacebookApiException $e) {
-            error_log($e);
-            $user = null;
+    $appid  = $config['cf_facebook_appid'];
+    $secret = $config['cf_facebook_secret'];
+    $access_token = $_COOKIE['fbs_'.$appid.'_access_token'];
+
+    $graph_url = "https://graph.facebook.com/oauth/access_token?client_id=$appid&client_secret=$secret&grant_type=client_credentials";
+    $access_token = file_get_contents($graph_url);
+
+    if($access_token){
+
+        $graph_url = "https://graph.facebook.com/oauth/access_token_info?client_id=$appid&" . $access_token;
+        $access_token_info = json_decode(file_get_contents($graph_url));
+        
+        function nonceHasBeenUsed($auth_nonce) {
+            // Here you would check your database to see if the nonce
+            // has been used before. For the sake of this example, we'll
+            // just assume the answer is "no".
+            return false;
         }
+
+        if (nonceHasBeenUsed($access_token_info->auth_nonce) != true) {
+            if ($result = @file_get_contents("https://graph.facebook.com/me/?".$access_token)) {
+                $result = json_decode($result, true);
+                print_r2($result);
+                $user = $result['id'];
+            }
+        }
+        /*
+        if ($result = @file_get_contents("https://graph.facebook.com/me/?access_token=".$access_token)) {
+            $result = json_decode($result, true);
+
+            print_r2($result);
+            //echo $_SESSION['uid'] = $result['id'];
+            //if ($result = @file_get_contents("https://graph.facebook.com/{$result['id']}/accounts/test-users?installed=true&name={$result['name']}&locale={$result['locale']}&permissions=read_stream&method=post&access_token=".$access_token)) {
+            if ($result = @file_get_contents("https://graph.facebook.com/{$result['id']}/accounts/test-users?access_token=".$access_token)) {
+                $result = json_decode($result, true);
+                print_r2($result);
+                $user = $result['id'];
+            }
+        }
+        */
     }
 }
 ?>
@@ -53,7 +72,7 @@ if ($user) {
             echo '';
             echo '';
         } else {
-            $facebook_url = $facebook->getLoginUrl(array("redirect_uri"=>G4_SNS_URL."/facebook/callback.php", "scope"=>"user_website,publish_stream,read_stream,offline_access", "display"=>"popup"));
+            $facebook_url = $facebook->getLoginUrl(array("redirect_uri"=>G4_SNS_URL."/facebook/callback.php", "scope"=>"publish_stream,read_stream,offline_access", "display"=>"popup"));
 
             echo '';
             echo '';