Look up access_token for users not currently logged in
[project/fb.git] / fb_session.inc
CommitLineData
549aa675 1<?php
72dcacc7 2/**
456be90c 3 * @file
626faa71
DC
4 * This file is a replacement for Drupal's session.inc. Although not
5 * truly a replacement, as we include the default session.inc to do the heavy
6 * lifting.
7 *
8 * In this file we handle some special cases for iframe canvas pages by faking
9 * cookies in cases where browsers do not accept them. We do this here
10 * because we must set session_id early in the bootstrap process, and Drupal
11 * gives us no way to easily do that.
72dcacc7 12 */
549aa675 13
f54b3a2b
DC
14// Default session handler functions.
15require('includes/session.inc');
72dcacc7 16
626faa71
DC
17// When Drupal's bootstrap includes this file, we have a chance to spoof a
18// session cookie.
68c6fdc9 19if (isset($_COOKIE[session_name()])) {
626faa71
DC
20 // Forget anything we thought we knew about session.
21 fb_settings(FB_SETTINGS_CB_SESSION, FALSE);
22}
23elseif (fb_settings(FB_SETTINGS_TYPE) &&
24 fb_settings(FB_SETTINGS_TYPE) != 'connect') {
25 $session_id = NULL;
26 if ($token = fb_settings(FB_SETTINGS_TOKEN)) {
27 // Learned token from signed_request or session.
28 $session_id = md5($token);
875843a4 29 fb_settings(FB_SETTINGS_CB_SESSION, FALSE);
626faa71
DC
30 }
31 elseif (isset($_REQUEST['signed_request']) || isset($_REQUEST['session'])) {
32 // Signed request, but no token means not logged in.
626faa71 33
875843a4
DC
34 // Parse session from URL.
35 if ($session_id === NULL && function_exists('_fb_settings_parse')) {
36 $session_id = _fb_settings_parse(FB_SETTINGS_CB_SESSION);
37 }
38
39 if (!$session_id) {
40 // Generating an id and embedding in the URL will make a session where there would otherwise be none.
41 $session_id = uniqid(mt_rand(), TRUE);
42 // Embed session in URL.
43 fb_settings(FB_SETTINGS_CB_SESSION, $session_id);
44 }
626faa71
DC
45 }
46
875843a4 47
626faa71
DC
48 // Spoof a cookie so Drupal's session.inc works as expected.
49 if ($session_id) {
50 session_id($session_id);
626faa71
DC
51 $_COOKIE[session_name()] = session_id();
52 $_COOKIE['_fb_session_cookie_fake'] = TRUE;
875843a4 53 $GLOBALS['_fb_session_id'] = $session_id;
626faa71 54 }
f54b3a2b 55}
72dcacc7 56
f54b3a2b 57/**
626faa71
DC
58 * When spoofing cookies, sess_regenerate causes problems when it changes the
59 * session id. Here we undo that change. Called from fb_user.module.
f54b3a2b 60 */
626faa71 61function fb_sess_regenerate_hack() {
875843a4
DC
62 if (isset($GLOBALS['_fb_session_id'])) {
63 $session_id = $GLOBALS['_fb_session_id'];
626faa71
DC
64 db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", $session_id, session_id());
65 session_id($session_id);
66 }
a24a1868 67}