diff options
author | Zach Copley <zach@controlyourself.ca> | 2008-12-07 19:55:22 -0500 |
---|---|---|
committer | Zach Copley <zach@controlyourself.ca> | 2008-12-07 19:55:22 -0500 |
commit | ff766572e7f4940d66137f7dd0d8f09df1fbaf1c (patch) | |
tree | d4eb8ce26b7a842045aae833197e981b97855b78 | |
parent | bdb27cfce8337e96ccafc52721e3d41de9b02e0e (diff) |
trac750 Remove foreign link when Facebook user removes our app
darcs-hash:20081208005522-7b5ce-84325ed13fd5e59ac07640089806a507c7168170.gz
-rw-r--r-- | actions/facebookremove.php | 65 | ||||
-rw-r--r-- | htaccess.sample | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/actions/facebookremove.php b/actions/facebookremove.php new file mode 100644 index 000000000..2a7bdd03e --- /dev/null +++ b/actions/facebookremove.php @@ -0,0 +1,65 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/facebookaction.php'); + +class FacebookremoveAction extends FacebookAction { + + function handle($args) { + parent::handle($args); + + $secret = common_config('facebook', 'secret'); + + $sig = ''; + + ksort($_POST); + + foreach ($_POST as $key => $val) { + if (substr($key, 0, 7) == 'fb_sig_') { + $sig .= substr($key, 7) . '=' . $val; + } + } + + $sig .= $secret; + $verify = md5($sig); + + if ($verify == $this->arg('fb_sig')) { + + $flink = Foreign_link::getByForeignID($this->arg('fb_sig_user'), 2); + + common_debug("Removing foreign link to Facebook - local user ID: $flink->user_id, Facebook ID: $flink->foreign_id"); + + $result = $flink->delete(); + + if (!$result) { + common_log_db_error($flink, 'DELETE', __FILE__); + common_server_error(_('Couldn\'t remove Facebook user.')); + return; + } + + } else { + # Someone bad tried to remove facebook link? + common_log(LOG_ERR, "Someone from $_SERVER[REMOTE_ADDR] " . + 'unsuccessfully tried to remove a foreign link to Facebook!'); + } + } + +} diff --git a/htaccess.sample b/htaccess.sample index b15ab664f..bd29d318f 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -26,6 +26,7 @@ RewriteRule ^facebook/$ index.php?action=facebookhome [L,QSA] RewriteRule ^facebook/index.php$ index.php?action=facebookhome [L,QSA] RewriteRule ^facebook/settings.php$ index.php?action=facebooksettings [L,QSA] RewriteRule ^facebook/invite.php$ index.php?action=facebookinvite [L,QSA] +RewriteRule ^facebook/remove$ index.php?action=facebookremove [L,QSA] RewriteRule ^main/login$ index.php?action=login [L,QSA] RewriteRule ^main/logout$ index.php?action=logout [L,QSA] |