OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/19/2025 10:07:15 AM	rwxr-xr-x
📄 accessTest copy.php	601 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 accessTest.php	601 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 credential.json	556 bytes	03/03/2025 08:20:43 AM	rw-r--r--
📄 db_connect.php	341 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 function.php	11.11 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 index.php	366 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 postTest.php	1.24 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 share_facebook.php	1.66 KB	05/19/2025 10:07:15 AM	rw-r--r--

Editing: function.php

<?
function facebook_login_consent($credentials)
{
    // Ensure 'app_id', 'scope', and 'redirect_uri' are provided in $credentials
    if (!isset($credentials['app_id'], $credentials['scope'])) {
        throw new InvalidArgumentException('Missing required credentials.');
    }

// Build the login URL
    $loginUrl = 'https://www.facebook.com/v20.0/dialog/oauth?' . http_build_query([
        'client_id' => $credentials['app_id'],
        'redirect_uri' => 'https://knoblycream.com/testing/cream/share_facebook.php',
        'scope' => $credentials['scope'],
        'response_type' => 'code'
    ]);

return $loginUrl;
}

function facebook_generate_short_live_code($db, $credentials)
{
    $redirectUri = 'https://knoblycream.com/testing/share_facebook.php';

// Validate credentials
    if (!isset($credentials['app_id'], $credentials['appSecret'])) {
        throw new InvalidArgumentException('Missing required credentials: app_id and appSecret must be provided.');
    }

// Check for 'code' in the query parameters
    if (empty($_GET['code'])) {
        throw new InvalidArgumentException('Authorization code is missing.');
    }

// Prepare the token exchange URL
    $tokenUrl = 'https://graph.facebook.com/v20.0/oauth/access_token?' . http_build_query([
        'client_id' => $credentials['app_id'],
        'redirect_uri' => $redirectUri,
        'client_secret' => $credentials['appSecret'],
        'code' => $_GET['code']
    ]);

// Initialize cURL
    $ch = curl_init($tokenUrl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
    // Execute the cURL request and handle errors
    $response = curl_exec($ch);
    if (curl_errno($ch)) {
        $errorMessage = curl_error($ch);
        curl_close($ch);
        throw new RuntimeException("cURL error: $errorMessage");
    }
    
    curl_close($ch);
    $responseData = json_decode($response, true);

echo "<pre>";
    print_r($responseData);
    echo "</pre>";

// Check for access token in the response
    if (isset($responseData['access_token'])) {
        return save_short_live_code($db, $responseData['access_token']);
    } else {
        $errorDetail = isset($responseData['error']['message']) ? $responseData['error']['message'] : 'Unknown error';
        throw new RuntimeException("Error obtaining short-lived token: $errorDetail");
    }
}

function save_short_live_code($db, $accessToken)
{
    $sql = "INSERT INTO fb_short_code (userID, access_token) VALUES (?, ?)";
    $stmt = mysqli_prepare($db, $sql);
    
    if (!$stmt) {
        throw new RuntimeException('Error preparing statement: ' . mysqli_error($db));
    }

global $gUserId;
    mysqli_stmt_bind_param($stmt, "is", $gUserId, $accessToken);

if (mysqli_stmt_execute($stmt)) {
        return $accessToken; // Return the saved access token
    } else {
        throw new RuntimeException('Error inserting record: ' . mysqli_stmt_error($stmt));
    }
}

function facebook_generate_page_tokens($shortLivedToken, $db)
{
    // Get Page Access Token Using User Access Token
    $pageTokenUrl = 'https://graph.facebook.com/v20.0/me/accounts?' . http_build_query([
        'access_token' => $shortLivedToken
    ]);

$ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $pageTokenUrl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);

if (curl_errno($ch)) {
        curl_close($ch);
        throw new RuntimeException('cURL error: ' . curl_error($ch));
    }

curl_close($ch);

$data = json_decode($response, true);

echo "<pre>";
    print_r($data);
    echo "</pre>";

// Check for errors in the response
    if (isset($data['error'])) {
        throw new RuntimeException('Error: ' . $data['error']['message']);
    }

// Save the page tokens to the database
    save_page_tokens($db, $data['data']); // Pass the database connection and page tokens

return $data['data']; // Returns an array of pages and their respective access tokens
}

function save_page_tokens($db, $pageTokens)
{
    global $gUserId; // Ensure $gUserId is available in the context

// Fetch existing page tokens from the database
    $sql = "SELECT access_token FROM fb_short_code WHERE userID = ?";
    $stmt = mysqli_prepare($db, $sql);

if (!$stmt) {
        throw new RuntimeException('Error preparing statement: ' . mysqli_error($db));
    }

mysqli_stmt_bind_param($stmt, "i", $gUserId);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

// Store existing tokens in an array for quick lookup
    $existingTokens = [];
    while ($row = mysqli_fetch_assoc($result)) {
        $existingTokens[] = $row['access_token'];
    }

// Check and save new page tokens
    foreach ($pageTokens as $pageToken) {
        if (!in_array($pageToken['access_token'], $existingTokens)) {
            insertPageToken($db, $gUserId, $pageToken['access_token']);
        }
    }
}

function insertPageToken($db, $userId, $accessToken)
{
    $sql = "INSERT INTO fb_short_code (userID, access_token) VALUES (?, ?)";
    $stmt = mysqli_prepare($db, $sql);

if (!$stmt) {
        throw new RuntimeException('Error preparing statement: ' . mysqli_error($db));
    }

mysqli_stmt_bind_param($stmt, "is", $userId, $accessToken);

if (!mysqli_stmt_execute($stmt)) {
        throw new RuntimeException('Error inserting record: ' . mysqli_stmt_error($stmt));
    }
}

function facebook_generate_long_live_token($db, $pageToken)
{
    // Load credentials from the JSON file
    $credentials = json_decode(file_get_contents('credential.json'), true);

if (!$credentials || !isset($credentials['app_id'], $credentials['appSecret'])) {
        throw new RuntimeException('Invalid or missing credentials in credential.json');
    }

// Exchange the short-lived page token for a long-lived token
    $longLivedTokenUrl = 'https://graph.facebook.com/v20.0/oauth/access_token?' . http_build_query([
        'grant_type' => 'fb_exchange_token',
        'client_id' => $credentials['app_id'],
        'client_secret' => $credentials['appSecret'],
        'fb_exchange_token' => $pageToken,
    ]);

$ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $longLivedTokenUrl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);

if (curl_errno($ch)) {
        curl_close($ch);
        throw new RuntimeException('cURL error: ' . curl_error($ch));
    }

curl_close($ch);
    $longLivedResponseData = json_decode($response, true);

echo "<pre>";
    print_r($longLivedResponseData);
    echo "</pre>";

if (isset($longLivedResponseData['access_token'])) {
        $longLivedToken = $longLivedResponseData['access_token'];
        echo 'Long-Lived Access Token: ' . $longLivedToken . '<br>';

// Check if the long-lived token already exists in the database
        if (!facebook_check_long_live_token($db, $longLivedToken)) {
            facebook_save_long_live_token($db, $pageToken, $longLivedToken);
        }

return $longLivedToken;
    } else {
        throw new RuntimeException('Error exchanging short-lived token for long-lived token: ' . (isset($longLivedResponseData['error']['message']) ? $longLivedResponseData['error']['message'] : 'Unknown error'));
    }
}

function facebook_check_long_live_token($db, $longLivedToken)
{
    $sql = "SELECT * FROM fb_long_lived_token WHERE token = ?";
    $stmt = mysqli_prepare($db, $sql);
    
    if (!$stmt) {
        throw new RuntimeException('Error preparing statement: ' . mysqli_error($db));
    }

mysqli_stmt_bind_param($stmt, "s", $longLivedToken);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

// Check if the token exists in the database
    return mysqli_num_rows($result) > 0;
}

function facebook_save_long_live_token($db, $pageId, $longLivedToken)
{
    global $gUserId; // Ensure $gUserId is available in the context

$sql = "INSERT INTO fb_long_lived_token (userId, pageId, token) VALUES (?, ?, ?)";
    $stmt = mysqli_prepare($db, $sql);

if (!$stmt) {
        throw new RuntimeException('Error preparing statement: ' . mysqli_error($db));
    }

mysqli_stmt_bind_param($stmt, "iis", $gUserId, $pageId, $longLivedToken);

if (!mysqli_stmt_execute($stmt)) {
        throw new RuntimeException('Error inserting record: ' . mysqli_stmt_error($stmt));
    }
}

function facebook_access_test($accessToken)
{
    $url = 'https://graph.facebook.com/v20.0/me?fields=id,name&access_token=' . urlencode($accessToken);

// Initialize cURL
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// Execute the request
    $response = curl_exec($ch);

// Check if there was an error with cURL
    if (curl_errno($ch)) {
        curl_close($ch);
        throw new RuntimeException('cURL error: ' . curl_error($ch));
    }

curl_close($ch);

// Decode the response
    $user = json_decode($response, true);

echo "<pre>";
    print_r($user);
    echo "</pre>";

// Check if there was an error in the API response
    if (isset($user['error'])) {
        throw new RuntimeException('Error: ' . $user['error']['message']);
    }

// Return the user data as an array
    return [
        'id' => $user['id'],
        'name' => $user['name']
    ];
}

function facebook_post_to_page($message, $link)
{
    // Load credentials from the JSON file
    $credentials = json_decode(file_get_contents('credential.json'), true);

if (!$credentials || !isset($credentials['longLivedToken'])) {
        throw new RuntimeException('Invalid or missing credentials in credential.json');
    }

$pageAccessToken = $credentials['longLivedToken']; // This should be the page access token
    $postUrl = 'https://graph.facebook.com/v20.0/me/feed';

// Data to send
    $postData = [
        'link' => $link,
        'message' => $message,
        'access_token' => $pageAccessToken,
    ];

// Initialize cURL
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $postUrl);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postData));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// Execute request
    $response = curl_exec($ch);

// Check if there was an error with cURL
    if (curl_errno($ch)) {
        curl_close($ch);
        throw new RuntimeException('cURL error: ' . curl_error($ch));
    }

curl_close($ch);

// Decode the response
    $responseData = json_decode($response, true);

echo "<pre>";
    print_r($responseData);
    echo "</pre>";

// Check if there was an error in the API response
    if (isset($responseData['error'])) {
        throw new RuntimeException('Error: ' . $responseData['error']['message']);
    }

// Return success response
    return [
        'success' => true,
        'message' => 'Message posted successfully!',
        'response' => $responseData
    ];
}