var appID = application.facebook.getAppConfig("facebook").appID; var appSecret = application.facebook.getAppConfig("facebook").appSecret; var ret = StructNew(); var i = 1; var cookieName= "Cookie.fbs_#appID#"; var theCookie = ""; var nameValuePairs = ArrayNew(1); var name = ""; var value = ""; var payload = ""; var done = false; //We set ourselves up for success ret.success = true; ret.errorMsg = ""; //look for the Cookie if (!isDefined(cookieName)) { //if we didn't find the Cookie then we're done here ret.success = false; ret.errorMsg = "Cookie not found"; } else { //if it's there, then we get it and clean it up theCookie = evaluate(cookieName); theCookie = replace(theCookie,'"',"","all"); //parse the cookie for (i=1; !done; i++) { //collect the Name-Value pairs in an array nameValuePairs[i] = getToken(theCookie,i,"&"); if (nameValuePairs[i] == "") { //if there are no more pairs, then we're done done = true; } else { //convert the nameValuePair string into Structure keys name = getToken(nameValuePairs[i],1,"="); value = getToken(nameValuePairs[i],2,"="); //and add it to our return struct structInsert(ret,name,value); } } //Now we check the MD5 signature to make sure this is a real Facebook Cookie //1) sort the array alphabetically arraySort(nameValuePairs,"textnocase","asc"); //2) append all pairs into a sigle "payload" string, except for the sig itself for(i=1; i <= arrayLen(nameValuePairs); i++) { if (getToken(nameValuePairs[i],1,"=") != "sig") payload &= nameValuePairs[i]; } //3) Get the MD5 signature and compare it to the sig in the cookie md5 = hash(payload & appSecret,"MD5"); if (md5 != ret.sig) { ret.success = false; ret.errorMsg = "#nameValuePairs[i]# -- Failed MD5 verification: #md5#"; } } //return our result struct return (ret); response = deserializeJSON(cfhttp.fileContent); if(structKeyExists(response,"id")) { success = true; } else { success = false; } return(success);