facebook_credits_api:sample_cakephp_controller
サンプル - cakephp - controller
<?php
class CreditsController extends AppController {
var $name = 'Credits';
var $helpers = array('Js');
var $components = array('RequestHandler');
// アイテム一覧作成のために、アイテム情報取得
public function get_items() {
$json = $this->Credit->get();
if($json === false) {
$this->renderErrorJson($this->Credits->validationErrors);
return;
}
$this->renderJson($json);
}
// callback
public function callback() {
// 処理の状態
$func = $_REQUEST['method'];
// facebookアプリのsecret key
$secret = Configure::read('mlbapi.facebook_secret');
// 暗号化情報をsecret_keyで解読
$request = $this->parse_signed_request($_REQUEST['signed_request'], $secret);
// 暗号解読失敗 = 不正アクセス
if ($request == null) {
$this->renderErrorJson(array('request' => 'Illegal request error. '));
return;
}
// 状態と、解読情報で実処理へ
$json = $this->Credit->creditOrder($func, $request);
if($json === false) {
$this->renderErrorJson($this->Credits->validationErrors);
return;
}
$this->renderJson($json);
}
// you can find the following functions and more details
// on http://developers.facebook.com/docs/authentication/canvas
protected function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = $this->base64_url_decode($encoded_sig);
$data = json_decode($this->base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
protected function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
}
facebook_credits_api/sample_cakephp_controller.txt · 最終更新: 2014/03/06 07:11 by clownclown