views:

75

answers:

1

Im trying to convert the code below to a php version, if anyone can help thanks.

private bool IsValidFacebookSignature()
    {
        //keys must remain in alphabetical order
        string[] keyArray = { "expires", "session_key", "ss", "user" };
        string signature = "";

        foreach (string key in keyArray)
            signature += string.Format("{0}={1}", key, GetFacebookCookie(key));

        signature += SecretKey; //your secret key issued by FB

        MD5 md5 = MD5.Create();
        byte[] hash = md5.ComputeHash(Encoding.UTF8.GetBytes(signature.Trim()));

        StringBuilder sb = new StringBuilder();
        foreach (byte hashByte in hash)
            sb.Append(hashByte.ToString("x2", CultureInfo.InvariantCulture));

        return (GetFacebookCookie("") == sb.ToString());
    }

    private string GetFacebookCookie(string cookieName)
    {
        //APIKey issued by FB
        string fullCookie = string.IsNullOrEmpty(cookieName) ? ApiKey : ApiKey + "_" + cookieName;

        return Request.Cookies[fullCookie].Value;
    }
A: 

It's untested, but try this:

function IsValidFacebookSignature() {
    $keyArray = array( 'expires', 'session_key', 'ss', 'user' );
    $signature = '';

    foreach( $key in $keyArray ) {
        $signature .= "$key=".GetFacebookCookie($key);
    }

    $signature .= $SecretKey;
    $hash = md5(trim($signature));

    return GetFacebookCookie('') == $hash;
}

function GetFacebookCookie($cookieName) {
    $fullCookie = empty($cookie) ? $APIKey : $APIKey . '_' . $cookieName;
    return $_COOKIES[$fullCookie];
}

I'm not sure where you wish to declare $SecretKey and $APIKey, but that's the basic idea.

Sundeep
Cool, thanks. unfortunately its not working - Ive given up on this method and going with something completely different but thanks for the effort.
Derrick