Created
May 10, 2013 06:51
-
-
Save Technowise/5552808 to your computer and use it in GitHub Desktop.
Validate Facebook Auth-Token. This helper function checks if the Facebook auth-token is valid, and belongs to the said facebook-id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // A helper function to validate Facebook Auth-Token. | |
| // This checks if the Facebook auth-token is valid, and belongs to the said facebook-id | |
| function is_facebook_auth_valid($facebook_token, $facebook_id) | |
| { | |
| $ch = curl_init(); | |
| $url="https://graph.facebook.com/me?access_token=".$facebook_token; | |
| curl_setopt($ch, CURLOPT_URL,$url ); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
| curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); | |
| // The following ensures SSL always works. A little detail: | |
| // SSL does two things at once: | |
| // 1. it encrypts communication | |
| // 2. it ensures the target party is who it claims to be. | |
| // In short, if the following code is allowed, CURL won't check if the | |
| // certificate is known and valid, however, it still encrypts communication. | |
| curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY); | |
| curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false); | |
| $result = curl_exec($ch); | |
| curl_close($ch); | |
| $fb_profile = json_decode( $result, true); | |
| if( isset($fb_profile['error'] ) ) | |
| { | |
| return false; | |
| } | |
| elseif( isset($fb_profile['id']) && $fb_profile['id'] != $facebook_id )//Check if this auth token has the same ID sent. | |
| { | |
| return false; | |
| } | |
| return true; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment