I am building a website in PHP that has a log in section. For this I have a table in a MySQL database that stores 64bit hashed passwords and the users details. When a user enters their email and password the site hashes the password and compares it with the stored hash. To set up an account the user must register.
I want to integrate Facebook log in so users don't have to go through registration and can just log in to the password protected section of my site using their Facebook account. Which incidentally is exactly how I logged into stackoverflow just now. I have been researching this but can't find any up to date tutorials on how to do this.
Can some one please enlighten me as to how I can integrate Facebook log in to authenticate users to the protected part of my website?
Does my database need to provide a table for Facebook registered users? Do I enter facebook users details into my database at all?
I'd recommend looking into JanRain if you don't want to write something from scratch. http://janrain.com/products/engage/social-login/
They provide free (for less than 2500 users) single signon that integrates with all major services like Twitter, FB, Google, Yahoo, etc. very straightforward to implement as well.
You can start through the developer page of Facebook itself. See the Facebook Login
Check this link.
Login to website using Facebook account
We can handle this from server side as well as client side. in the above mentioned link you will find the solution to do this using javascript.
Some steps
Browse this link https://developers.facebook.com
Click on apps tab. >> It will promt you for login.
Once you are logged in >>
you can create an new app in your account.
Click on settings
tab(from left pannel) >> then click on "advanced" tab on the right
window.
Under "Valid OAuth redirect URIs" >> enter proper url
(for testing you can enter your -localhost url also, something
like localhost.com:98 etc) if you are using iis you can configure the
port number there. -if required you will have to put this url in
your host file as well.
From the dashboard tab you can get the app id and secrect key for the newly created app.(we will need this in
later stage).
Related
Thank you very much for visiting this topic. Currently I'm working on a smaller application that can be installed on facebook pages (not accounts, but separately created pages, like company or fan pages on facebook). I managed to fire up the php SDK for it, even made successful user authentications and played around with access tokens (only user access tokens though).
However my problems arose when I've tried to determine if the current user is an administrator for that facebook page (where the application is installed).
I've done numerous google searches and research into this topic, but sadly I've realised that most tutorials, questions or related topics are all outdated, or they have obsolete solutions.
I kept running into the 'manage-pages' permission when people advised me to go for page access tokens. However in my opinion asking facebook to grant me manage-pages permission, then prompting users to allow me access to everything on their pages during authentication seems a bit far fetched.
I do not want to modify or read their page contents in any way. I simply want a mini admin page for the application that can be opened by only users that are admins of that certain page.
I've seen an edit url that can be added in the settings of the application. However I could not find out what it does, or how can I access it if I add an url there. The related documentation on facebook seems to be out of date.
I would be very grateful if someone can point me in the right direction with this. Basically I'm looking for a method, that does not require me to use the 'manage_pages' permission, but I can still check out if the current user viewing the installed application on the page is an admin or not. (I wonder if facebook supports an other method for this)
Thank you very much for any kind of tips or aid in this matter!
Facebook never gives of fan pages or other pages access.
You have to communicate with facebook page admin and its give a token.
Suppose if you have a permission than it generated token will be you use in your application
how do you do?
1 communicate with admin.
2 Admin generat token from https://developers.facebook.com/tools/explorer
3 go to tools and support than it generated token you use in your application.
Note: "Page of admin can it do to generate token"
I'm still new to CI and PyroCMS, and am trying to implement a Facebook login using the Social module in a custom module, which looks like it does everything I want, but I'm clearly missing some basics (I can't find any documentation other than the brief readme)!
So far, I've watched the intro video, and have enabled Facebook successfully. I can connect via FB and see FB listed in /social/linked, but some confusion exists in my mind between the two user groups I've got: admin and user.
The flow I'm trying to construct is:
user arrives at the site and is presented with a survey
user fills in the survey, then is asked to signup (I understand that this is unconventional)
/signup has a facebook connect button, supplied by the social module
user clicks the connect button, and grants permission in facebook's popup window
user should be directed back to /signup, (or maybe redirected to /user/registration) with some details filled in from facebook (eg. email, name)
on submit, user should be added to the users table, as a member of the 'users' group (not admin) with no email activation required
an email is sent, thanks page is displayed
on returning to the site, the user should access their on-site profile using facebook connect.
I've read a bunch of threads on the subject, which have shaped these expectations...
Here's where I'm at:
user arrives, fills in survey, clicks the connect button
user is redirected to the homepage, which displays a standard page (not handled by my module). I need to return to /signup!
Based on this, I've tried setting:
$this->session->set_userdata('redirect_to', '/signup');
in what I believe is the correct controller method (checks to see if the user is logged in before sending the email, then calls template build to display the social buttons), to no avail.
(edit: I now see that the code above relates to the user module, not the social module.. maybe i can transplant some changes...)
My questions:
am i on the right track, or going about this the wrong way?!
am i right in thinking that the FB account will be matched with an existing user if the email addresss exists in the system?
I have only one FB account, which I is authorised for the app, and I'm using to connect with as a user - will this work, or do I need a separate FB account to test as user?
Other notes:
I am testing the site in Chrome, logged in as admin in Firefox.
Facebook is my testcase, I'm looking at supporting FB, LinkedIn, google and Twitter eventually.
Phew! Grateful for any feedback, Tim
I will try to answer some of your questions since i'm currently experimenting with the exact same social module as well and with some addons to it.
am i right in thinking that the FB account will be matched with an
existing user if the email addresss exists in the system?
Yes you are. I checked it myself while troubleshooting the fact that my google (gmail address) could'nt connect while my hotmail (registered email) could. You will have to sync your emails in all your social sites, change the loginsystem (allowing username login for example) or manually connect multiple emails in your account settings..
I have only one FB account, which I is authorised for the app, and I'm using to connect with as a user - will this work, or do I need a separate FB account to test as user?
I suggest u let someone with another FB account test the system (better save then sorry) but in my case I didn't have any troubles using other (normal) accounts to log in.
am i on the right track, or going about this the wrong way?!
This was your first question, but I'll answer this as the last on since I didn't test is myself:
The Facebook App has a setting called "Site URL". This is the url to which will be redirected. Simply change it to the page you wish it to be. You can also try to change the following lines in social/controllers/social.php:
Line 245 (redirect: user is logged in after FB connect)
redirect($this->input->get('success_url') ? $this->input->get('success_url') : 'social/linked');
Line 283 (redirect: user has to fill in some additional fields to complete registration)
redirect('users/register');
Good luck!
The intro video shows off the entire extent of the social module. Frontend registrations, frontend user account linking, and backend account linking for the entire system.
If you wish to integrate custom functionality, custom user flows and other stuff as listed in your question then you will need to do a little custom work with the module. Hack it, extend it, send in some pull requests, whatever, but sadly it cannot do "everything to integrate with everywhere ever" out of the box. :-/
I know that facebook allow me to specify multiple domains for my app.
But in the "Website with Facebook Login" i can only specify one url.
Is it possible for me, to authenticate users on domain.se, domain.dk and domain.net with the same App ? Or should i still create one app, for each domain ?
It is technically possible to use Facebook Connect on multiple domains, there are some limits (5 domains max).
So the key to doing this is adding all domains in the App Domain field under your app settings.
The PROBLEM, however, is that Facebook only lets you add domains that are derived from your Canvas URL or Site or Page tag URLs, so if you try to enter anything else you get an error that looks like this:
The SOLUTION is to create App on Facebook, Website, and Facebook Tab using the ADD PLATFORM button and then put in URLs that point to your other domains. Here is an example of what I mean:
If you use a unique domain for each field you can max out with 5 different domains. I have tested this technique with up to 3 domains, but i think it should work for all 5.
Note: Facebook admin features change from time to time, so all of this is subject to change
As long as you listed all the desired App Domains in application settings you should be able to authenticate users on any of them.
"Website with Facebook Login" is really only intended to be used as link to your site/application.
Update 2 (July 2016):
App domains must match the domain of the Secure Canvas URL, Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Update (December 2013):
At the time of writing original answer it was possible to list any domains in application settings but from that time the UI of Application Settings (as well as way of handling Application Domains) changed at least couple of times, at some point you could only list domains that derive from one of application's canvas pages.
As of December 2013 it is possible (again) to list domains that do not derive from application canvas URL.
Assuming your domains are being served by the same web server and you have access to that web server, you can use the manual login procedure: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow to login from as many domains as you wish.
Assume your domains are site1.com,site2.com.... Instead of using the Facebook javascript API, you will simply place a plain old Log In with Facebook button on each site which will redirect the browser to the facebook login page as described in the above article. In the state variable you can specify a code which indicates which of your sites is requesting a login. In the redirect you will use a single service domain which you assign to your web server (e.g. fb.mywebserver.com) and which you specify as the verified redirect url in the facebook login settings page. All the sites will redirect to this same url, avoiding the problem of supporting multiple domains.
Once the user has logged in, the browser will redirect to fb.mywebserver.com and pass it the state, which tells you which site is requesting login and a code which you can use on the back end to retrieve the user's info using the Facebook graph apis. You store this info with a uid in your data store then using the info in state, you redirect to to the appropriate site including a parameter that indicates a Facebook login (e.g. site1.com?fbc={some uid}). The browser will obediently then call site1.com?fbc... Your web server will receive this request and detect the fbc parameter which tells it to associate the corresponding Facebook logged in user with this site. It can then retrieve the logged in users info using the uid and, for example, return a session cookie for this user along with the page. If you generate the page on the server you can, of course, also include a welcome "user" or alternatively, your client code can do an ajax call to retrieve that information.
From the user's standpoint they press the Login with Facebook button, are redirected to a Facebook login page where they login and then are redirected back to your site in a logged in state. Not quite as nice as having the login popup but likely acceptable.
A similar process can be used for google logins as well
Best thing I've found to do in the development/production scenario is add a "Test App", then add a platform for your development web site - as you have to provide where the "page tab url" lives if you use that as a platform.
Facebook requires your "page url" to be live / accessible if you need to apply for status or permission review.
This got me around the "login in development" / "login in production" scenario.
I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)
I want to implement a "remember me" feature on me website using the facebook connect.
On my website, i have the possibility to do the login by two distinct ways:
Normal login
Facebook Connect
When an user performs the login with facebook connect, even if he logs out on his facebook account, i want to keep him logged in on my website. He will only log out if he clicks on the logout button on the website.
Is there a way to do this?
Thanks in advance
Here is a tutorial using PHP that demostrates how to use Facebook connect. If you read the section about the login page, you'll see that Facebook does some funky javascripting that creates session cookies on your domain based on the login status on Facebook. You might be able to manipulate the API to give yourself the persistance that you're looking for.
Good luck, and hope this helps some in your project.