$social_logins['facebook']['client_id'], 'app_secret' => $social_logins['facebook']['client_secret'], 'default_graph_version' => 'v2.10', ]); $helper = $fb->getRedirectLoginHelper(); try { $accessToken = $helper->getAccessToken(); } catch(Facebook\Exceptions\FacebookResponseException $e) { // When Graph returns an error echo 'Graph returned an error: ' . $e->getMessage(); exit; } catch(Facebook\Exceptions\FacebookSDKException $e) { // When validation fails or other local issues echo 'Facebook SDK returned an error: ' . $e->getMessage(); exit; } if (! isset($accessToken)) { if ($helper->getError()) { header('HTTP/1.0 401 Unauthorized'); echo "Error: " . $helper->getError() . "\n"; echo "Error Code: " . $helper->getErrorCode() . "\n"; echo "Error Reason: " . $helper->getErrorReason() . "\n"; echo "Error Description: " . $helper->getErrorDescription() . "\n"; } else { header('HTTP/1.0 400 Bad Request'); echo 'Bad request'; } exit; } // The OAuth 2.0 client handler helps us manage access tokens $oAuth2Client = $fb->getOAuth2Client(); // Get the access token metadata from /debug_token $tokenMetadata = $oAuth2Client->debugToken($accessToken); // Validation (these will throw FacebookSDKException's when they fail) $tokenMetadata->validateAppId($social_logins['facebook']['client_id']); $tokenMetadata->validateExpiration(); if (! $accessToken->isLongLived()) { // Exchanges a short-lived access token for a long-lived one try { $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken); } catch (Facebook\Exceptions\FacebookSDKException $e) { echo "

Error getting long-lived access token: " . $e->getMessage() . "

\n\n"; exit; } } $_SESSION['fb_access_token'] = (string) $accessToken; try { // Returns a `Facebook\FacebookResponse` object $response = $fb->get('/me?fields=id,name,email', $accessToken); } catch(Facebook\Exceptions\FacebookResponseException $e) { echo 'Graph returned an error: ' . $e->getMessage(); exit; } catch(Facebook\Exceptions\FacebookSDKException $e) { echo 'Facebook SDK returned an error: ' . $e->getMessage(); exit; } $user = $response->getGraphUser(); $pdoconn = db(); // Check if user exists in user_social_logins $stmt = $pdoconn->prepare("SELECT * FROM user_social_logins WHERE provider = 'facebook' AND provider_id = ?"); $stmt->execute([$user->getId()]); $social_login = $stmt->fetch(); if ($social_login) { // User exists, log them in $stmt = $pdoconn->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$social_login['user_id']]); $app_user = $stmt->fetch(); $_SESSION['user_id'] = $app_user['id']; $_SESSION['username'] = $app_user['username']; $_SESSION['role'] = $app_user['role']; header('Location: profile.php'); exit; } else { // New user, create account $email = $user->getEmail(); $username = $user->getName(); // Check if email is already in use $stmt = $pdoconn->prepare("SELECT * FROM users WHERE email = ?"); $stmt->execute([$email]); $existing_user = $stmt->fetch(); if ($existing_user) { // Email in use, link account $user_id = $existing_user['id']; } else { // Create new user $stmt = $pdoconn->prepare("INSERT INTO users (username, email, role) VALUES (?, ?, ?)"); $stmt->execute([$username, $email, 'customer']); $user_id = $pdoconn->lastInsertId(); } // Create social login entry $stmt = $pdoconn->prepare("INSERT INTO user_social_logins (user_id, provider, provider_id) VALUES (?, 'facebook', ?)"); $stmt->execute([$user_id, $user->getId()]); // Log in the new user $_SESSION['user_id'] = $user_id; $_SESSION['username'] = $username; $_SESSION['role'] = 'customer'; header('Location: profile.php'); exit; }