Posts tagged Programming

response.session

Verifying Facebook’s Website Login javascript response.

0

Using the Facebook Login button for Website sign-in is nice and dandy with the current Facebook Javascript SDK. However scouring Facebook’s documentation failed to shed any light on how to do a verification check on FB’s response.

The Login button itself triggers 3 types of responses: “connected”, “notConnected” and “unknown”. More about their meaning can be found in Facebook’s documentation.

What I’m interested in is the response.session object, which looks like this:

To match the sig value, I need to do an md5 over all fields with values ordered alphabetically by field name and concatenate my Facebook APP Secret at the end.

So for instance by passing the response to PHP, I’d verify it with:

1
2
3
4
5
6
7
8
9
10
11
12
...
$compSig = md5(
                "access_token={$_POST['access_token']}".
                "expires={$_POST['expires']}".
                "secret={$_POST['secret']}".
                "session_key={$_POST['session_key']}".
                "uid={$_POST['uid']}".
                FB_APP_SECRET
                );
if($compSig != $_POST['sig']) {
    // Handle sig mismatch
}
Neko

PHP Benchmark: Calculate loop length in advance

0

As shown and tested on www.phpbench.com, calculating the size of your loop in advance can be a huge performance boost. Makes sense of course, still the nature of PHP could lead you to believe that there’s an optimization in place, even if there’s little sound logic supporting it.

1
2
3
4
// Faster
for ($i=0; $i < $size; $i++)
// Slower
for ($i=0; $i < sizeOf($x); $i++)
Count Benchmark

Count Benchmark

Go to Top