You are here

Home » API reference » Drupal for Facebook 6.3 » fb_user.module

function fb_user_fb in Drupal for Facebook 6.3

Same name and namespace in other branches
  1. 5.2 fb_user.module \fb_user_fb()
  2. 5 fb_user.module \fb_user_fb()
  3. 6.2 fb_user.module \fb_user_fb()
  4. 7.4 fb_user.module \fb_user_fb()
  5. 7.3 fb_user.module \fb_user_fb()

Implementation of hook_fb.

File

./fb_user.module, line 113
This module manages relations between local Drupal user accounts and their accounts on facebook.com.

Code

function fb_user_fb($op, $data, &$return) {
  $fb_app = isset($data['fb_app']) ? $data['fb_app'] : NULL;
  $fb = isset($data['fb']) ? $data['fb'] : NULL;
  global $user;
  if ($fb_app) {
    $fb_user_data = _fb_user_get_config($fb_app);
  }
  if ($op == FB_OP_POST_INIT && $fb) {

    // Drupal gives access denied on /user/login page, so we want to avoid redirecting there.
    if (arg(0) == 'user' && !isset($_REQUEST['destination'])) {
      fb_js_settings('reload_url', url('user', array(
        'absolute' => TRUE,
        'fb_canvas' => fb_is_canvas(),
      )));
    }
    $fbu = fb_facebook_user();
    if (isset($_SESSION['fb_user_fbu']) && $_SESSION['fb_user_fbu'] != $fbu && !(fb_settings(FB_SETTINGS_CB_SESSION) && !$fbu)) {

      // User has logged out of facebook, and drupal is only now learning
      // about it.  Check disabled when using FB_SETTINGS_CB_SESSION, because
      // we aren't always passed a signed_request in that case, which would
      // otherwise trigger this.
      _fb_logout();
      if (!fb_controls(FB_USER_CONTROL_NO_REDIRECT)) {
        drupal_goto($_GET['q']);

        // @TODO - need request params here?
      }
    }
    if (_fb_user_special_page() || variable_get('site_offline', FALSE) && !user_access('administer site configuration')) {

      // Prevent some behavior.
      fb_controls(FB_USER_CONTROL_NO_HONOR_MAP, TRUE);
      fb_controls(FB_USER_CONTROL_NO_CREATE_MAP, TRUE);
      fb_controls(FB_USER_CONTROL_NO_CREATE_ACCOUNT, TRUE);
    }
    if (isset($_REQUEST['_fb_user_fbu']) && $_REQUEST['_fb_user_fbu'] == $fbu) {

      // We've triggered a reload.  Don't redirect again, as that will
      // cause infinite loop if browser not accepting third-party cookies.
      fb_controls(FB_USER_CONTROL_NO_REDIRECT, TRUE);
    }
    if ($rid = $fb_user_data['connected_user_rid']) {
      if ($fbu) {

        // User is connected to facebook.
        if (!isset($user->roles[$rid])) {
          $user->roles[$rid] = $rid;

          // Should be role name, but that requires db query.
          // Reload user permissions.
          user_access(NULL, $user, TRUE);
        }
      }
      else {

        // User is not connected to facebook.
        if ($rid != DRUPAL_AUTHENTICATED_RID && isset($user->roles[$rid])) {

          // Out of paranoia, unset role.  This will be reached only if the

          //user was somehow saved while connected to facebook.
          unset($user->roles[$rid]);

          // Reload user permissions.
          user_access(NULL, $user, TRUE);
        }
      }
    }

    // During ajax, we need to check for a change in user.
  }
  elseif ($op == FB_OP_GET_FBU) {

    // This is a request to learn the user's FB id.
    $return = _fb_user_get_fbu($data['uid']);
  }
  elseif ($op == FB_OP_GET_UID) {

    // This is a request to learn the facebook user's local id.
    $return = _fb_user_get_uid($data['fbu'], $data['fb_app']);
  }
  elseif ($op == FB_OP_AJAX_EVENT) {

    // fb.js has notified us of an event via AJAX.  Not the same as facebook event callback above.
    extract($data);

    // $event_type, $event_data.
    if ($event_type == 'session_change' && isset($event_data['fbu'])) {

      // A user has logged in.
      // Don't trust fbu from $data['event_data'], too easy to spoof.
      // Instead call fb_facebook_user().  It will only work if the facebook php sdk is properly initialized.  Since this is an ajax event, probably the signed_request was passed to us.
      if (($fbu = fb_facebook_user($data['fb'])) && $fbu != fb_get_fbu($GLOBALS['user'])) {

        // In ajax callback, there's no reason to redirect even if user
        // changes. But we should honor session, as even ajax can set a new
        // cookie.
        fb_controls(FB_USER_CONTROL_NO_REDIRECT, TRUE);
        _fb_user_process_authorized_user();
      }
    }

    // fb.js no longer reloads after all session changes.  We need to explicitly reload when we know the user changed.
    if ($event_type == 'session_change') {
      if (isset($event_data['fbu']) && $event_data['fbu']) {
        $uid = _fb_user_get_uid($event_data['fbu'], $data['fb_app']);
      }
      else {
        $uid = 0;
        _fb_logout();
      }
      if ($uid || $event_data['is_anonymous'] != 'true') {

        // The Drupal user has changed, we should reload after ajax returns to fb.js.
        $return['fb_user'] = 'FB_JS.reload()';
      }
    }
  }
}