From 673742d6ffbbf9e990ccccc3eeef3d8cacbe38dd Mon Sep 17 00:00:00 2001
From: arzynik <github@arzynik.com>
Date: Mon, 12 Aug 2013 20:00:31 -0700
Subject: [PATCH] add transfer of auth tokens via request rather than cookie
 for native app

---
 .../default/crunchbutton/api/user/index.php   | 98 ++++++++++++-------
 1 file changed, 60 insertions(+), 38 deletions(-)

diff --git a/include/controllers/default/crunchbutton/api/user/index.php b/include/controllers/default/crunchbutton/api/user/index.php
index 3cbb4f991..8d633f7df 100644
--- a/include/controllers/default/crunchbutton/api/user/index.php
+++ b/include/controllers/default/crunchbutton/api/user/index.php
@@ -232,48 +232,70 @@ class Controller_api_user extends Crunchbutton_Controller_Rest {
 						break;
 				}
 				break;
-			// Force register the facebook
+
 			case 'facebook':
-				foreach ( $_COOKIE as $key => $value ) {
-						if ( preg_match('/^fbsr_.*$/', $key ) ) {
-							$fb = new Crunchbutton_Auth_Facebook;
-							$user = c::user();
-							if ( $fb->user()->id ) {
-								// It seems the facebook user is already related with other user
-								$fb_user = User::facebook( $fb->user()->id );	
-								if ( $fb_user->id_user && $user->id_user ) {
-									if( $fb_user->id_user != $user->id_user ){
-										echo json_encode(['error' => 'facebook id already in use']);
-										exit;
-									}
-								}
-								if ( !$fb_user->id_user ) {
-									$user->active = 1;
-									$user->name = $fb->user()->name;
-									$user->email = $fb->user()->email;
-									$user->save();
-
-									$userAuth = new User_Auth;
-									$userAuth->active = 1;
-									$userAuth->id_user = $user->id_user;
-									$userAuth->type = 'facebook';
-									$userAuth->auth = $fb->user()->id;
-									$userAuth->save();
-
-									// This line will create a phone user auth just if the user already has an facebook auth
-									if( $user->phone ){
-										User_Auth::createPhoneAuthFromFacebook( $user->id_user, $user->phone );	
-									}
-									
-								} 
-							} else {
-								// we dont have a facebook user
-							}
-							break;
+				if ($_REQUEST['fbtoken']) {
+					// log in from the app
+					
+					$fb = c::facebook();
+					$fb->setAccessToken($_REQUEST['fbtoken']);
+					$user = $fb->getUser();
+			
+					if ($user) {
+						try {
+							$userObject = $fb->api('/'.$user);
+						} catch (Cana_Facebook_Exception $e) {
+							// debug for now
+							print_r($e);
+							$userObject = null;
 						}
 					}
-					echo c::user()->json();
+					echo json_encode($userObject);
+					break;
+				}
+
+				// Force register the facebook
+				foreach ( $_COOKIE as $key => $value ) {
+					if ( preg_match('/^fbsr_.*$/', $key ) ) {
+						$fb = new Crunchbutton_Auth_Facebook;
+						$user = c::user();
+						if ( $fb->user()->id ) {
+							// It seems the facebook user is already related with other user
+							$fb_user = User::facebook( $fb->user()->id );	
+							if ( $fb_user->id_user && $user->id_user ) {
+								if( $fb_user->id_user != $user->id_user ){
+									echo json_encode(['error' => 'facebook id already in use']);
+									exit;
+								}
+							}
+							if ( !$fb_user->id_user ) {
+								$user->active = 1;
+								$user->name = $fb->user()->name;
+								$user->email = $fb->user()->email;
+								$user->save();
+
+								$userAuth = new User_Auth;
+								$userAuth->active = 1;
+								$userAuth->id_user = $user->id_user;
+								$userAuth->type = 'facebook';
+								$userAuth->auth = $fb->user()->id;
+								$userAuth->save();
+
+								// This line will create a phone user auth just if the user already has an facebook auth
+								if( $user->phone ){
+									User_Auth::createPhoneAuthFromFacebook( $user->id_user, $user->phone );	
+								}
+								
+							} 
+						} else {
+							// we dont have a facebook user
+						}
+						break;
+					}
+				}
+				echo c::user()->json();
 				break;
+
 			// Return the user's credit
 			case 'credit':
 				if( c::getPagePiece(3) != '' ){