» PHP Forum Archive » 3rd party script modifications
To allow users to enter my site with Facebook connect where do I start?
Do I just retrieve their username and password from Facebook and enter it into the database as a user and enter that they are approved so that it doesn't do the email verification?
Then after registration, how do I get Facebook's login procedure to start a session within accessuser class?
Thanks
Hi,
this is an interesting feature, but is not done with a few rows of code :)
If you have mature skills in PHP and FB connect, just start and I will help if you have problems.
If you don't have the skills please understand that I'm not able invest hours to write that code for you.
Here is what I have so far, and I'm very close.I've almost got the FaceBook Connect working with Access User Class but can't get access User class to authorize the user
I'm having trouble cracking that. I am very close ... I can comment/uncomment one line and see the two side's ids (Facebook and Access user) ready to shake hands. Trying to get Access user class to authorize the user causes FaceBook to stop (seems to lose ability to set or read a session)
The line I end up commenting in and out is around line 63 in bold. It is basically a call to a remake of the login_user function
<?php
// ##FaceBook Code ###################################################################
if($_GET['session']){
require_once'../src/facebook.php';
// ##Create our Application instance.
$facebook = new Facebook(array(
'appId' => '5555555555555',
'secret' => '55555555555555555',
'cookie' => true,
));
// ##If we get a session here, it means we found a correctly signed session using
// ##the Application Secret only Facebook and the Application know. We dont know
// ##if it is still valid until we make an API call using the session. A session
// ##can become invalid if it has already expired (should not be getting the
// ##session back in this case) or if the user logged out of Facebook.
$session = $facebook->getSession();
// ##var_dump($session);
$me = null;
// ##Session based API call.
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
}
// ## this query pulls from a new bridge table that contains the Facebook Id and the corresponding Access user class id from users table
// ## $uid delevivered by FaceBook above
$query = 'SELECT <code>my_user_id</code> FROM <code>users_fb</code> WHERE <code>fb_uid</code>="'.mysql_escape_string($uid).'"';
$result = @mysql_query($query, $connect) or die("Couldn't execute 'Account' query");
$row = mysql_fetch_array($result);
$BB_user_id = $row['BB_user_id'];
// ## I am querying the users table now with the Access users id to get the users Access user password
// ## Shouldn't really need it, if I trust faceBook authorization and could skip this
//if i could simply get Access user class to authorize this user here
$sql_info = "SELECT real_name, extra_info, pw, email, id, access_level FROM <code>users</code> WHERE <code>id</code>=".$BB_user_id;
$result = @mysql_query($sql_info, $connect);
$row = mysql_fetch_array($result);
$real_name = $row['real_name'];
$pw1 = $row['pw'];
$extra_info = $row['extra_info'];
$email = $row['email'];
$access_level = $row['access_level'];
//}
require_once($_SERVER['DOCUMENT_ROOT']."/bungee_jumpers/access_user_class.php");
$my_access = new Access_user(false);
// ## $my_access->save_login = (isset($_POST['remember'])) ? $_POST['remember'] : "no"; // use a cookie to remember the login
// ## $my_access->count_visit = false; // if this is true then the last visitdate is saved in the database (field extra info)
// ## the next line will cause most all the FaceBook code to stop working. The button to connect using
// ## faceBook will still appear. it will have the proper api id info in the GET array
// ## but when "submitted" nothing above here will pick up any values in the GET array.
// ## What ends up displaying is just the original form, with the same 'Login Using faceBook' button
// ### alternatively if you comment out the next line, all the GET array can be retrieved from the upper part of this form
// ### the $uid can be retieved from FaceBook, the corresponding user id can be retireved from the users table
// ### but cannot get Access User Class to authorize the user
<strong>$my_access->login_user_fb($BB_user_id, $pw1); // call the fb login method</strong>
}
// ## END FaceBook Code ###################################################################
// ## start the typical access user login form
require_once($_SERVER['DOCUMENT_ROOT']."/bungee_jumpers/access_user_class.php");
$my_access = new Access_user(false);
if (isset($_GET['activate']) && isset($_GET['ident'])) { // this two variables are required for activating/updating the account/password
$my_access->auto_activation = true; // use this (true/false) to stop the automatic activation
$my_access->activate_account($_GET['activate'], $_GET['ident']); // the activation method
}
if (isset($_GET['validate']) && isset($_GET['id'])) { // this two variables are required for activating/updating the new e-mail address
$my_access->validate_email($_GET['validate'], $_GET['id']); // the validation method
}
if (isset($_POST['Submit'])) {
$my_access->save_login = (isset($_POST['remember'])) ? $_POST['remember'] : "no"; // use a cookie to remember the login
$my_access->count_visit = false; // if this is true then the last visitdate is saved in the database (field extra info)
$my_access->login_user($_POST['login'], $_POST['password']); // call the login method
}
$error = $my_access->the_msg;
include($_SERVER['DOCUMENT_ROOT']."/template_top_fb.php");
?>
<iframe src="http://www.facebook.com/widgets/like.php?rel="nofollow" href=http://mysite.com"
scrolling="no" frameborder="0"
style="border:none; width:450px; height:80px"></iframe> <div id="doc2">
<div style="text-align: center; id:hd">
<div id="bd">
<div id="custom-doc">
<h2>Login:</h2>
<?
//this line imports the FaceBook button
include($_SERVER['DOCUMENT_ROOT']."fb_index.php");
?>
<p>Please enter your login and password.</p>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label for="login" id="login">Login:</label>
<input type="text" name="login" size="20" value="<?php echo (isset($_POST['login'])) ? $_POST['login'] : $my_access->user; ?>" /><br />
<label for="password" id="password">Password:</label>
<input type="password" name="password" size="8" value="<?php if (isset($_POST['password'])) echo $_POST['password']; ?>" /><br />
<label for="remember" id="remember">Automatic login?</label>
<input type="checkbox" name="remember" value="yes"<?php echo ($my_access->is_cookie == true) ? " checked" : ""; ?> />
<br />
<input type="submit" name="Submit" value="Login" />
</form>
<p><b><?php echo (isset($error)) ? $error : " "; ?></b></p>
</div> </div> </div> </div>
<?
include($_SERVER['DOCUMENT_ROOT']."/template_bottom.php");
?>
// #################### 1 New Function ################################
// ## In this new one I attempt to replace the function of the more elaborate Access Usser Class function similrly named login_user
// ## i'm not sure if malfunction is caused by ommission of neccessary lines from that one or not
// ## but this is the hub of the problem. If I could get this function to authorize this user by their
// ## "my_user_id" I'd pretty much have it
function login_user_fb($my_user_id, $pw) {
$this->set_user($pw);
}
// #################### 1 Changed Function ################################
// ## added if $goto_page == 'true' (original Access user value) else ... condition
function set_user($goto_page) {
$_SESSION['user'] = $this->user;
if($goto_page == 'true'){
$_SESSION['pw'] = $this->user_pw;
}
else
{
$_SESSION['pw'] = $goto_page;
}
$_SESSION['logged_in'] = time(); // to offer a time limited access (later)
if (!empty($_SESSION['referer'])) {
$next_page = $_SESSION['referer'];
unset($_SESSION['referer']);
} else {
$next_page = $this->main_page;
}
if ($goto_page) {
header("Location: ".$next_page);
exit;
}
}K, I got the above to work with just a few modifications.
I still have to get a FaceBook user registered into Accessuser. that code will hopefully follow soon.
1) I added the login to the list to retrieve from the users table
$sql_info = "SELECT real_name, login, extra_info, pw, email, id, access_level FROMusersWHEREid`=".$BB_user_id;
$result = @mysql_query($sql_info, $connect);
$row = mysql_fetch_array($result);`
$login= $row['login'];
2) I returned to using the original login_user function (instead of my login_user_fb function) but I added an extra parameter to it in Access_user_class.php (see mod item 3 below) and to the two function calls on the login page like this
## login page function call 1 (if FB session is detected)
$is_fb = true;
$my_access->login_user($login, $pw1,$is_fb);// call the fb login method
//the var $is_fb is redundant and could just as well be entered as true in function call
//## login page function call 2 if no FB session detected and submit is detected
if (isset($_POST['Submit'])) {
$my_access->save_login = (isset($_POST['remember'])) ? $_POST['remember'] : "no"; // use a cookie to remember the login
$my_access->count_visit = false; // if this is true then the last visit date is saved in the database (field extra info)
$my_access->login_user($_POST['login'], $_POST['password'], false); // call the login method
}
3) Lastly, at the login_user function in access_user.php
a) added the new $is_fb parameter
b) used it to put a conditional to hash the password or not
function login_user($user, $password, $is_fb`) {
if ($user != "" && $password != "") {
$this->user = $user;`
if($is_fb==true){
$this->user_pw = $password;
}
else
{
$this->user_pw = md5($password);
}
`if ($this->check_user()) {
$this->login_saver();
if ($this->count_visit) {
$this->reg_visit($user, $this->user_pw);
}
$this->set_user(true);
} else {
$this->the_msg = $this->messages(10);
}
} else {
$this->the_msg = $this->messages(11);
}
}`
Thanks minuteman for sharing this code!