Verify facebook login message sent from client

We should not trust that the client has not manipulated the facebook login message to gain access to others accounts.  Need to verify the hash sent with the login message against our app secret.
