Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Validate Facebook Auth-Token. This helper function checks if the Facebook auth-token is valid, and belongs to the said facebook-id
<?php
// A helper function to validate Facebook Auth-Token.
// This checks if the Facebook auth-token is valid, and belongs to the said facebook-id
function is_facebook_auth_valid($facebook_token, $facebook_id)
{
$ch = curl_init();
$url="https://graph.facebook.com/me?access_token=".$facebook_token;
curl_setopt($ch, CURLOPT_URL,$url );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
// The following ensures SSL always works. A little detail:
// SSL does two things at once:
// 1. it encrypts communication
// 2. it ensures the target party is who it claims to be.
// In short, if the following code is allowed, CURL won't check if the
// certificate is known and valid, however, it still encrypts communication.
curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
$result = curl_exec($ch);
curl_close($ch);
$fb_profile = json_decode( $result, true);
if( isset($fb_profile['error'] ) )
{
return false;
}
elseif( isset($fb_profile['id']) && $fb_profile['id'] != $facebook_id )//Check if this auth token has the same ID sent.
{
return false;
}
return true;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.