jamesdaniels/facebook_session.rb

## facebook_session.rb
def facebook_postback
  if params[:session] && params[:session] != 'loggedout' && eval("params[:session] = #{params[:session].gsub(/\\"/, '"').gsub(/:/, ' => ')}")
    access_denied unless verifed_facebook_autheticity(params[:session][:sig], {'expires' => params[:session][:expires], 'session_key' => params[:session][:session_key], 'ss' => params[:session][:secret], 'user' => params[:session][:uid]})
    session = Facebooker::Session.create(APP_CONFIG[:facebook_api_key], APP_CONFIG[:facebook_api_secret])
    facebook_user = Facebooker::User.new(params[:session][:uid], session)
    begin
      if logged_in?
        link_facebook_account(facebook_user)
      else
        create_facebook_user(facebook_user)
      end
    end
  end
  if params[:session] && params[:session] == 'loggedout'
    logout_killing_session!
  end
  render :layout => false
end

def link_facebook_account(facebook_user)
  @linked_account = true
  if current_user.facebook_id != facebook_user.uid.to_i
    current_user.facebook_id = facebook_user.uid.to_i
    current_user.name = facebook_user.first_name
    current_user.family_name = facebook_user.last_name
    current_user.save
    @user = current_user
  end
end

def create_facebook_user(facebook_user)
  @user = User.find_by_facebook_id(facebook_user.uid.to_i)
  unless @user
    @user = User.new(:name => facebook_user.first_name, :family_name => facebook_user.last_name)
    @user.facebook_id = facebook_user.uid.to_i
    @user.state = 'active'
    @user = nil unless @user.save
  end
  if @user
    self.current_user = @user
  end
end

def verifed_facebook_autheticity(signature, params)
  Digest::MD5.hexdigest((params.keys.sort.collect {|key| "#{key}=#{params[key]}"} << APP_CONFIG[:facebook_api_secret]).to_s).strip == signature
end
	def facebook_postback
	if params[:session] && params[:session] != 'loggedout' && eval("params[:session] = #{params[:session].gsub(/\\"/, '"').gsub(/:/, ' => ')}")
	access_denied unless verifed_facebook_autheticity(params[:session][:sig], {'expires' => params[:session][:expires], 'session_key' => params[:session][:session_key], 'ss' => params[:session][:secret], 'user' => params[:session][:uid]})
	session = Facebooker::Session.create(APP_CONFIG[:facebook_api_key], APP_CONFIG[:facebook_api_secret])
	facebook_user = Facebooker::User.new(params[:session][:uid], session)
	begin
	if logged_in?
	link_facebook_account(facebook_user)
	else
	create_facebook_user(facebook_user)
	end
	end
	end
	if params[:session] && params[:session] == 'loggedout'
	logout_killing_session!
	end
	render :layout => false
	end

	def link_facebook_account(facebook_user)
	@linked_account = true
	if current_user.facebook_id != facebook_user.uid.to_i
	current_user.facebook_id = facebook_user.uid.to_i
	current_user.name = facebook_user.first_name
	current_user.family_name = facebook_user.last_name
	current_user.save
	@user = current_user
	end
	end

	def create_facebook_user(facebook_user)
	@user = User.find_by_facebook_id(facebook_user.uid.to_i)
	unless @user
	@user = User.new(:name => facebook_user.first_name, :family_name => facebook_user.last_name)
	@user.facebook_id = facebook_user.uid.to_i
	@user.state = 'active'
	@user = nil unless @user.save
	end
	if @user
	self.current_user = @user
	end
	end

	def verifed_facebook_autheticity(signature, params)
	Digest::MD5.hexdigest((params.keys.sort.collect {\|key\| "#{key}=#{params[key]}"} << APP_CONFIG[:facebook_api_secret]).to_s).strip == signature
	end