facebook_credits_api:official_sample_callback_php
公式サンプル - callback.php
<?php
// Copyright 2004-2011 Facebook. All Rights Reserved.
/**
* You should reference http://developers.facebook.com/docs/creditsapi as you
* familiarize yourself with callback.php. In particular, read all the steps
* under "Callback Flow in Detail".
*
* Your application needs the following inputs and outputs
*
* @param int order_id
* @param string status
* @param string method
* @param array order_details (JSON-encoded)
*
* @return array A JSON-encoded array with order_id, next_state (optional: error code, comments)
*/
// Enter your app information below
$api_key = '<api key>';
$secret = '<secret>';
include_once 'facebook.php';
// prepare the return data array
$data = array('content' => array());
// parse signed data
$request = parse_signed_request($_REQUEST['signed_request'], $secret);
if ($request == null) {
// handle an unauthenticated request here
}
$payload = $request['credits'];
// retrieve all params passed in
$func = $_REQUEST['method'];
$order_id = $payload['order_id'];
if ($func == 'payments_status_update') {
$status = $payload['status'];
// write your logic here, determine the state you wanna move to
if ($status == 'placed') {
$next_state = 'settled';
$data['content']['status'] = $next_state;
}
// compose returning data array_change_key_case
$data['content']['order_id'] = $order_id;
} else if ($func == 'payments_get_items') {
// remove escape characters
$order_info = stripcslashes($payload['order_info']);
if (is_string($order_info)) {
// Per the credits api documentation, you should pass in an item reference
// and then query your internal DB for the proper information. Then set
// the item information here to be returned to facebook then shown to the
// user for confirmation.
$item['title'] = 'BFF Locket';
$item['price'] = 1;
$item['description'] = 'This is a BFF Locket...';
$item['image_url'] = 'http://www.facebook.com/images/gifts/21.png';
$item['product_url'] = 'http://www.facebook.com/images/gifts/21.png';
} else {
// In the sample credits application we allow the developer to enter the
// information for easy testing. Please note that this information can be
// modified by the user if not verified by your callback. When using
// credits in a production environment be sure to pass an order ID and
// contruct item information in the callback, rather than passing it
// from the parent call in order_info.
$item = json_decode($order_info, true);
$item['price'] = (int)$item['price'];
// for url fields, if not prefixed by http://, prefix them
$url_key = array('product_url', 'image_url');
foreach ($url_key as $key) {
if (substr($item[$key], 0, 7) != 'http://') {
$item[$key] = 'http://'.$item[$key];
}
}
// prefix test-mode
if (isset($payload['test_mode'])) {
$update_keys = array('title', 'description');
foreach ($update_keys as $key) {
$item[$key] = '[Test Mode] '.$item[$key];
}
}
}
// Put the associate array of item details in an array, and return in the
// 'content' portion of the callback payload.
$data['content'] = array($item);
}
// required by api_fetch_response()
$data['method'] = $func;
// send data back
echo json_encode($data);
// you can find the following functions and more details
// on http://developers.facebook.com/docs/authentication/canvas
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
facebook_credits_api/official_sample_callback_php.txt · 最終更新: 2016/05/20 15:21 by clownclown