Facebook ACTUALLY working, gogo 2 cookie hack

@@ -16,11 +16,13 @@ use Tz\WordPress\Tools;
 use Tz\WordPress\Tools\Auth;
 
 use FB;
+use WP_User;
 
 use Exception, InvalidArgumentException;
 
 const VERSION = 0.2;
-
+const COOKIE_LOGOUT = 'wpfb_logout';
+const COOKIE_DENY   = 'wpfb_stay_logged_out';
 const OPTION_NAME   = 'tz_auth_fb';
 
     call_user_func(function() {
@@ -67,6 +69,21 @@ function getSDK() {
     return $instance;
 }
 
+/**
+ * Like WordPress' get_user_by() function but for FB
+ * @global $wpdb
+ */
+function get_user_by_fbuid($fbuid) {
+    global $wpdb;
+
+    $fbuid = mysql_real_escape_string($fbuid);
+    if (null === ($user  = $wpdb->get_row("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'fbuid' AND meta_value = '{$fbuid}'"))) {
+        return false;
+    }
+
+    return new WP_User($user->user_id);
+}
+
 function load() {
 ?>
 <div id="fb-root"></div>
@@ -87,44 +104,76 @@ function load() {
 }
 
 class Actions {
-    public static function set_current_user() {
+    public static function send_headers() {
+        // This SHOULD work, but FB is being stupid and not passing back, so I have to use 2 cookies instead
+        if (isset($_GET['nofb'])) {
+            return;
+        }
+
         $sdk = getSDK();
 
         // User is not logged in to Facebook
         if (null === ($sess = $sdk->getSession())) {
+            setcookie(COOKIE_LOGOUT, '', time() - 3600, '/');
+            setcookie(COOKIE_DENY, '', time() - 3600, '/');
+
+            return;
+        }
+
+        // Becaues FB redirect is dumb
+        if (!isset($_COOKIE[COOKIE_LOGOUT]) && isset($_COOKIE[COOKIE_DENY])) {
+            setcookie(COOKIE_DENY, '', time() - 3600, '/');
             return;
         }
 
         // User logged out of WordPress, log them out of Facebook
-        if (isset($_COOKIE['wpfb_logout'])) {
-            setcookie('wpfb_logout', '', time() - 3600, '/', Vars::$options['domain_name']);
-            $url = $sdk->getLogoutUrl();
+        if (isset($_COOKIE[COOKIE_LOGOUT])) {
+            $url = $sdk->getLogoutUrl(Array('nofb' => 1));
+
+            setcookie(COOKIE_LOGOUT, '', time() - 3600, '/');
             $sdk->setSession();
 
             header('Location: ' . $url);
+
+            die;
         }
 
-        // if user is not logged in do the following
-        // if user is logged in merge account? do checks?
 
+        $fb_user = get_user_by_fbuid($sess['uid']);
+
+        if (is_user_logged_in()) {
+            global $current_user;
+            get_currentuserinfo();
+
+            // User has already logged into WP with his FB acct
+            if ($fb_user->ID == $current_user->ID) {
+                return;
+            }
+
+            // User logged in with a native WP account then logged in with FB, merge
+            if (false === $fb_user) {
+                update_user_meta($current_user->ID, 'fbuid', $sess['uid']);
+                return;
+            }
+
+            // FB user exists, but the logged in user has different fbuid?
+            // user created 2 accounts?
+        }
+
+
+//        if (username_exists($username)) {
+        if (false !== $fb_user) {
+            $user = Auth\signin($fb_user->user_login);
+        } else {
             try {
                 $info = $sdk->api('/me');
-            $username = 'fbc' . $sess['uid'];
             } catch (FB\FacebookApiException $e) {
                 // Load up an error thingie
                 return;
             }
 
-        if (is_user_logged_in()) {
-            // was user already logged in from Facebook/other or were they logged in and then linked with facebook
-            // merge account
-            // return
-        }
-
             require_once(ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'registration.php');
-        if (username_exists($username)) {
-            $user = Auth\signin($username);
-        } else {
+            $username = 'fbc' . $sess['uid'];
             // User logged in via Facebook for the first time, register/activate a linked WordPress account
 
             // Email address is already registered...
@@ -156,8 +205,7 @@ class Actions {
     }
 
     public static function wp_enqueue_scripts() {
-        _enqueue_script('tz-facebook', Tools\url('tz-facebook.js', __FILE__), Array('addEvent'));
-
+        _enqueue_script('tz-facebook', Tools\url('tz-facebook.js', __FILE__), Array('addEvent','Cookie'));
         _localize_script('tz-facebook', 'TzFBData', Array('ext_perms' => implode(',', array_keys(Vars::$options['ext_perms']))));
     }
 
@@ -165,7 +213,9 @@ class Actions {
      * Set a cookie to tell this to logout of Facebook on next pass
      */
     public static function wp_logout() {
-        setcookie('wpfb_logout', 1, 0, '/', Vars::$options['domain_name']);
+        remove_action('send_headers', Array(__CLASS__, 'send_headers'));
+        setcookie(COOKIE_LOGOUT, 1, time() + 3600, '/');
+        setcookie(COOKIE_DENY, 1, time() + 3600, '/');
     }
 }
 
@@ -175,8 +225,11 @@ class ShortCodes {
         if ($sdk->getSession()) {
             ob_start();
             print_r($sdk->getSession());
-            print_r($_COOKIE);
+            try {
                 print_r($sdk->api('/me'));
+            } catch (Exception $e) {
+                print_r($e);
+            }
             $data = '<pre>' . ob_get_contents() . '</pre>';
             ob_end_clean();
 

@@ -2,6 +2,8 @@ addEvent(window, 'load', function() {
         var oBtn = document.getElementById('TzFB');
         if (oBtn) {
             addEvent(oBtn, 'click', function() {
+//                Cookie.create('wpfb_login', 1, 1);
+
                 FB.login(function() {}, {perms: TzFBData.ext_perms});
             });
         }

@@ -59,6 +59,15 @@ function tools_url() {
     call_user_func_array(__NAMESPACE__ . '\url', $args);
 }
 
+function buffer($callback) {
+    ob_start();
+    call_user_func($callback);
+    $b = ob_get_contents();
+    ob_end_clean();
+
+    return $b;
+}
+
 function add_actions($class) {
     if (!class_exists($class)) {
         throw new Exception("{$class} does not exist");