trac750 Remove foreign link when Facebook user removes our app

darcs-hash:20081208005522-7b5ce-84325ed13fd5e59ac07640089806a507c7168170.gz

diff --git a/actions/facebookremove.php b/actions/facebookremove.php
new file mode 100644 (file)
index 0000000..2a7bdd0
--- /dev/null
+++ b/actions/facebookremove.php
@@ -0,0 +1,65 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.         See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.     If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+require_once(INSTALLDIR.'/lib/facebookaction.php');
+
+class FacebookremoveAction extends FacebookAction {
+
+       function handle($args) {
+               parent::handle($args);
+
+               $secret = common_config('facebook', 'secret');
+
+               $sig = '';
+
+               ksort($_POST);
+
+               foreach ($_POST as $key => $val) {
+                       if (substr($key, 0, 7) == 'fb_sig_') {
+                               $sig .= substr($key, 7) . '=' . $val;
+                       }
+                }
+
+               $sig .= $secret;
+               $verify = md5($sig);
+
+               if ($verify == $this->arg('fb_sig')) {
+
+                       $flink = Foreign_link::getByForeignID($this->arg('fb_sig_user'), 2);
+
+                       common_debug("Removing foreign link to Facebook - local user ID: $flink->user_id, Facebook ID: $flink->foreign_id");
+
+                       $result = $flink->delete();
+
+                       if (!$result) {
+                               common_log_db_error($flink, 'DELETE', __FILE__);
+                               common_server_error(_('Couldn\'t remove Facebook user.'));
+                               return;
+                       }
+
+               } else {
+                       # Someone bad tried to remove facebook link?
+                       common_log(LOG_ERR, "Someone from $_SERVER[REMOTE_ADDR] " .
+                               'unsuccessfully tried to remove a foreign link to Facebook!');
+               }
+       }
+
+}

diff --git a/htaccess.sample b/htaccess.sample
index b15ab664fc81ffcd8ecf9c2d16fbd6aacae8addb..bd29d318f52fa1e22768ab321e7a4abf3bbdf074 100644 (file)
--- a/htaccess.sample
+++ b/htaccess.sample
@@ -26,6 +26,7 @@ RewriteRule ^facebook/$ index.php?action=facebookhome [L,QSA]
 RewriteRule ^facebook/index.php$ index.php?action=facebookhome [L,QSA]
 RewriteRule ^facebook/settings.php$ index.php?action=facebooksettings [L,QSA]
 RewriteRule ^facebook/invite.php$ index.php?action=facebookinvite [L,QSA]
+RewriteRule ^facebook/remove$ index.php?action=facebookremove [L,QSA]
 
 RewriteRule ^main/login$ index.php?action=login [L,QSA]
 RewriteRule ^main/logout$ index.php?action=logout [L,QSA]