function fb_user_app_track in Drupal for Facebook 7.3
Keep track of when the user has visited the app.
Historically we could learn a user's ID even if they hadn't authorized ("added") the app. No longer the case, so all entries in fb_user_app should be for authorized users.
A "signed request" should be fully-formed (have an oauth_token) on canvas pages, and on post authorize events (for as long as facebook continues to support them). So this tracking will work best for canvas page apps and less reliably for connect.
1 call to fb_user_app_track()
- fb_user_app_fb in contrib/
fb_user_app.module - Implementation of hook_fb()
File
- contrib/
fb_user_app.module, line 137 - This module manages relations between local Drupal user accounts and their accounts on facebook.com by application.
Code
function fb_user_app_track($fb, $fb_app) {
// Coming from a user adding the app or a page adding the app?
$fb_user_type = "user";
$fbu = fb_facebook_user($fb);
if (array_key_exists('fb_sig_page_added', $_REQUEST)) {
// It's a post-authorize event for app added to page.
$fb_user_type = "page";
$fbu = $_REQUEST['fb_sig_page_id'];
}
$sr = $fb
->getSignedRequest();
//watchdog('fb_user_app', __FUNCTION__ . " signed request is <pre>" . print_r($sr,1) . "</pre>"); // debug
if (isset($sr['oauth_token'])) {
$access_token = $sr['oauth_token'];
$expires = $sr['expires'];
$fbu = $sr['user_id'];
}
else {
// @TODO: with new SDK, is there any useful tracking info?
return;
}
// when 'expires' == 0 app has been granted offline access
if ($fb_user_type == 'user' && $expires != 0 && variable_get(FB_USER_APP_VAR_USERS_THAT_GRANT_OFFLINE, FALSE)) {
// Note, with new SDK, facebook provides 'expires' date even when user HAS GRANTED offline_access!
// @TODO: find some way to tell whether an access token will actually expire!
return;
}
// Track this event only if allowed to and only for users, not pages
if (variable_get(FB_USER_APP_VAR_TRACK_USERS, TRUE) && ($fb_user_type = "user") || variable_get(FB_USER_APP_VAR_TRACK_PAGES, TRUE) && ($fb_user_type = "page")) {
$result1 = db_query("UPDATE {fb_user_app} SET time_access=:time, session_key=:token, session_key_expires=:expires, user_type=:type WHERE apikey=:apikey AND fbu=:fbu", array(
':time' => REQUEST_TIME,
':token' => $access_token,
':expires' => $expires,
':type' => $fb_user_type,
':apikey' => $fb_app->id,
':fbu' => fb_facebook_user($fb),
));
if ($result1 && $result1
->rowCount() == 0) {
// The row for this user was never inserted, or it was deleted, or the times were the same.
$fbu = fb_facebook_user($fb);
if ($fbu) {
// First make sure it was not just the same time
$result = db_query("SELECT * FROM {fb_user_app} WHERE apikey=:apikey AND fbu=:fbu", array(
':apikey' => $fb_app->apikey,
':fbu' => $fbu,
));
if (!$result
->fetchObject()) {
//This row does not exist, even with the same time. Insert now
list($data) = fb_fql_query($fb, "SELECT name, is_app_user, email, proxied_email FROM user WHERE uid={$fbu}", array(
'access_Token' => $fb_session_key,
));
//watchdog('fb_user_app', "fb user data <pre>" . print_r($data, 1) . '</pre>');
$fb_user_type = "user";
$result = db_query("INSERT INTO {fb_user_app} (apikey, fbu, added, user_type, session_key, session_key_expires, time_access, proxied_email, time_cron) VALUES (:apikey, :fbu, :added, :user_type, :session_key, :session_key_expires, :time_access, :proxied_email, :time_cron)", array(
':apikey' => $fb_app->apikey,
':fbu' => $fbu,
':added' => $data['is_app_user'],
':user_type' => $fb_user_type,
':session_key' => $access_token,
':session_key_expires' => $expires,
':time_access' => REQUEST_TIME,
':proxied_email' => $data['email'] ? $data['email'] : ($data['proxied_email'] ? $data['proxied_email'] : ''),
// test accounts will not have
':time_cron' => 0,
));
}
}
}
if (FALSE && $result === FALSE) {
// XXX upgrade to D7???
watchdog('fb_user_app', "Failed to update fb_user_app table.", array(), WATCHDOG_ERROR);
}
}
}