Facebook connect - facebook

If I plug in the facebook connect into my website, How can I prevent double signups?
Lets say I have a user that's already signed up to my site but he clicked the connect with facebook, is there a way to track it and redirect the login to his already existing account?

As long as the user doesn't long in explicitly to your side there's no way as FB won't give you the mail address which is the only thing you might probably use as an unique identifier (while people use different mail addresses for different services)
So your only way to do this is by detecting when you get a FB id while you have a valid session from your system.
Everything else depends on your environment.

You shall check against the facebook user id since as johannes said, facebook won't let you access the user's email by default.
Also, as the user can change his or her email account, you could get account duplicates. Facebook Id is the safe one.

Related

Facebook Registration versus Facebook Login, issue with username and saving user photo

I have a web app that has its own user registration, with a handful of users. The only mandatory fields are email, password and username, which must be unique. In the long run, I will still want to have our own registration system.
I would like to integrate Facebook, but I'm trying to figure out if I should integrate Facebook Registration or Facebook Login. I have these questions:
I've already started integrating Facebook Login and it works well. With this, not only can I enable Facebook users to login, but I can get all the information I need to register the user, if he is signing in for the first time via Facebook and has not registered via our site yet. I do not prompt the user for a password, to simplify the registration, however this means that if the user tries to sign in directly into our site, I tell the user that he must sign in via Facebook Login. Therefore, I question the need for Facebook Registration, which seems to be more complicated to integrate than Facebook Login. Can anyone tell me why I should integrate Facebook Registration instead?
The drawback I see with integrating Facebook Login or Facebook Registration into our existing user registration, is the username. I currently copy the user's Facebook username into our database. However, there is the possibility that the user's Facebook username is missing or is a duplicate of an username from one of our existing users, in which case I will have to prompt the user to change it. Then what happens if in the future, the user changes his username on Facebook? Should I change the user's username on our site when he logs in next via Facebook? What is best practices here? Am I correct to assume that if I don't bother changing the user's username on our site, it won't be an issue?
Then there is the possibility that the user's Facebook username is not valid by our requirements. Currently, we require the username to be alphanumeric and underscores only, using this reg expression: /^[\w]*$/ However, Facebook allows periods, but not consecutive special characters and possibly other criteria that I did not detect. This means that I should use the same validity check as Facebook uses. Does anyone know Facebook's reg expression for their usernames?
I am able to show the Facebook user's profile photo with an IMG tag and src= http://graph.facebook.com/facebook.id/picture. Does anyone know how to save the photo onto our server? We use Javascript and PHP.
Thanks for your help!
Hey I'll try to address your points 1 by 1
Facebook Login is merely a means to sign a user in to your site by them connecting via Facebook, as you state, they don't have a password as Facebook handles the auth. However you could redirect them to a specific page after using facebook login and get them to enter a password to use their account without being connected to facebook. The facebook registration plugin is more a tool to get users to register on your registration system (although it does support being your only registration system). It provides convenience by pre-populating a number of fields you might commonly ask for such as name etc. if a user is already logged in to Facebook. You can customise though to ask for additional info. It also means you can supply 1 registration form for your users whether or not they use facebook.
The facebook username should not be missing. Their 'name' field should be the users first and last name which I believe they have to supply. I don't think it can be empty. What I would actually suggest doing, is what I mentioned in point 1. Allow users to connect via facebook, but then prompt them to enter a username either as part of the login flow or after. You can then check this for uniqueness against your current database. To begin with you could assign them a username that is first_last_timestamp or something similar. This would more likely encourage them to change their username to something they want. If you used the registration plugin, you could easily enter your own "username" field into this. Then it doesn't matter if the user changes their name on facebook as they would still have a unique username to your site.
Facebook's usernames should just be a users first and last name (though obviously people do enter random things). The 'name' field is an combination of these so there will most likely be a space between them. You could always replace any invalid characters using your own regex, replace whitespace with underscores etc.
I'm not sure if there are any platform policies that would restrict you from saving the users picture to your own server/DB. What I would ask though is why you would want to? In my experience this is more likely to change then their name is. As such groups of friends using your site are probably more likely to recognise the profile pic that their friends use on facebook.
I would finally say, that the best bit about connecting their Facebook account either way means you can provide a smooth login experience so that a user doesn't have to sign in everytime. My own personal experience is that facebook login (with your own integration code on the success page) is better than the registration plugin. There are fewer steps for a user to connect to your app this way and they don't have to fill out a form. The success callback also means you can still perform the custom username code/flow I mentioned above and then prompt them to change their username if they desire. Just remember it is best to ask for as little info as possible at sign-up as users are more likely to join this way.
Hope this helps!

Having website and facebook login toghether

I'm creating a website that people can send sms from my website, I want to implement facebook login to my website and any one who logs in to my website using his facebook account and doesn't have an account in my website i want to create one for him. as he should later enter his phone number and verify the number and without having an account in my website its not possible. now the problem is if I use his facebook username to create the account it might cause duplicate name (as someone else might have got that username).
I will of course combine the information of the existing accounts when someone uses facebook login which have already account in my website. this is not a problem.
what would you suggest?
thanks in advance.
Dont use the Facebook user name as the userName column of your users database. You can get many other unique information from a Facebook user, like e-mail or facebook ID. Use them to "connect" between the information from your database details and the info you receive from Facebook.
For example:
When signing up to your website, one of the fields you can ask is the facebook login e-mail. Thats how a user would have the option to login to your website by Facebook, without any connection between his facebook user name and your user name.
In your user details table, just add a facebookEmail column, then, after you implement the Facebook Login API and a user login, check to see if his e-mail (from facebook) is in your table.
now the problem is if I use his facebook username to create the account it might cause duplicate name (as someone else might have got that username).
Well, then either build in a check if the user name is still free and if not prompt the user to enter a different one; or
automatically chose a different user name, f.e. by using a counter – if the user name from Facebook is foobar and this is already taken, then check if foobar1 is available, etc.
If creating it automatically, maybe you want to give the user the possibility to change it afterwards.

facebook register/login

I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.

Site Sign Up, Sign In with Twitter and Facebook

I'm developing a website where the user can either sign up creating his own profile or can sign in with FB or Twitter.
The thing is I don't really know how to manage it, for example: let's say my user signs up through the website and creates content, what happens if the user later decides to sign in with FB or Twitter? How can I keep it all unified?
I know I could just do the Twitter sign in, get the data from twitter and create a profile in my DB for the user with his Twitter handle, don't know how I'd deal with later if he wants to just log in through the site.
Anyone have any ideas?
So he later signs in with Twitter or Facebook. I think you have a couple of options in this case. Allow the ability to link accounts together once the user signs in with any one method. Say they sign in with your sites registration, let them hit a page where they can add in other linked accounts like Twitter and Facebook once they are in their logged in state on your site. See the friendfeed model for inspiration. Or, like we did with ucubd.com/index.aspx - let the user sign in with facebook and regsister an account on their behalf and ask for their email as the login credential. If it's found - great. If it's not ask for a password. This will allow the user to either login with your sites registration method or through facebook. You will have the information in your database to link both of them together.
Every account on your system will have an e-mail address. Every account with FB, Google, Twitter is also linked to an e-mail address. What you will need to do is link the accounts based on e-mail address. That way you will never get duplicate accounts.

How to use Facebook connect to login in to my database?

I have a mysql membership database run by a Perl script. Account creation or login requires an email address and password. The Perl script then sets cookies (password cookie has encrypted value) which allow users to create, own and modify records. A members table contains user information. I've gone through the FacebookConnect information as well as the forum. Maybe I cannot see the forest for the trees, or maybe this is not possible. In order to use FacebookConnect for logins/account creation, I need to be able to send the user email and password to the the Perl script so that the proper cookies are set. If it were an http it would look like this:
http://domain.com/cgi-bin/perlscript.pl?_cgifunction=login&email=ddd#somedomain.com&password=somepassword.
Any hints or advice would be greatly appreciated.
What you are trying to do isn't really possible in the way that you're describing it.
Facebook Connect basically provides you with a single piece of information: whether your visitor is logged in to their Facebook account or not. If they are, you can get their Facebook ID, if not, you can show them a button (or whatever) and ask them to log into Facebook.
Generally a good approach when using Facebook Connect as an authentication method for your site is to have an internal id for the user's member account, and store a user's Facebook ID alongside that. When a user comes to your site, and they are already logged in to Facebook, you just use their Facebook ID to retrieve the local account. Otherwise you show them your login form to log in locally, and/or a Facebook login button.
The problem you're running into here is that you cannot get someone's email address from Facebook, as it is purposely hidden to protect privacy. If your membership scripts provide only the email/password log-in method, then what you need to do is modify these scripts to create the authentication cookie when given a properly authenticated Facebook ID.
Essentially you'll have two login functions... one for a Facebook login, and one for a regular login. Either function should properly created the local authentication cookie.