Tank Auth with Facebook Connect Authentication

[eluser]RJ[/eluser]
Make sure you verify user obj before saving fb prof, something like if($user) ( //update fb method and process login );

[eluser]federico_jacobi[/eluser]
Did the existing user today for Facebook and works great. Dacus's code is absolutely correct, but there are a few nuances:

- In the fb login button you need to add "email" to the perms, otherwise you cannot get the user email "directly". You can always get it via auth_other/fill_user_info but I find it complicated and defeats the purpose of the easy FB login.

- As far as i could tell, oAuth (twitter) doesn't return user email ... you HAVE to go through auth_other/fill_user_info ... don't know about google.

To do it modify auth_other/fb_signin and look for (this tells you if the users is ISN'T the db with a Facebook id, else fake tankauthlogin):

Code:

if( sizeof($user) == 0 )
            {
                redirect('auth_other/fill_user_info', 'refresh');
            }

replace with

Code:

if( sizeof($user) == 0 )
            {
                $user = $this->user_model->get_user_by_email($fb_user['email']);  //Notice the need for email perms

                if (isset($user[0])) { // IF USER EXISTS UPDATE DB
                $this->user_model->update_facebook_user_profile($user_id, $fb_user['id']);

                // Now fake a tank_auth login
                $this->session->set_userdata(array(
                          'user_id' => $user[0]->id,
                          'username' => $user[0]->username,
                          'status' => ($user[0]->activated == 1) ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED));
                $this->users->update_login_info(
                          $user[0]->id,
                          $this->config->item('login_record_ip', 'tank_auth'),
                          $this->config->item('login_record_time', 'tank_auth'));
                redirect('auth', 'refresh');
                }
                else {
                // if it doesn't exist create a new user maybe redirect ... up to you
                }
} else {
// Original code here ... means the FB user exists so fake tankauth login and enjoy life
// any new users the register after you install the fblogin should be ok
}

Notice that this works for facebook ... for twitter and google other minor modifications need to happend ... but the idea is the same.

[eluser]codeignite_noob[/eluser]
Thanks a bunch guys.

federico code is very close to where I was on my localhost, but just didn't get enough time to test and deploy, but looks like it is the right track.

Hopefully will do so this weekend and report back.

[eluser]dUspan[/eluser]
hi

how can i get the pagination on facebook graph?
using getJSON.im having undefined value.

help me guys. thanks.

[eluser]RJ[/eluser]
Oh hellz yeah! Millionaire in 30 days right? Would you like my friends and family members phone bills too?

[eluser]Ted S[/eluser]
[quote author="federico_jacobi" date="1306653604"]Did the existing user today for Facebook and works great. Dacus's code is absolutely correct, but there are a few nuances:

- In the fb login button you need to add "email" to the perms, otherwise you cannot get the user email "directly". You can always get it via auth_other/fill_user_info but I find it complicated and defeats the purpose of the easy FB login.
[/quote]

Very helpful, thanks so much!

If I understand this correctly, you are using the facebook email to compare against the user database and match on that. I'm working on this myself but have you given any thought to simply letting the user authenticate a facebook account if they are already logged in?

From my thinking, if an existing user comes to the site it's ideal to show them a "connect" button up front and check email for a match, like you do now, but also allow someone who is already in the system to connect as well, without having to worry about a match since we already know who they are.

[eluser]Ted S[/eluser]
[quote author="federico_jacobi" date="1306653604"]

Code:

$this->user_model->update_facebook_user_profile($user_id, $fb_user['id']);

[/quote]

Shouldn't this be:

Code:

$this->user_model->update_facebook_user_profile($user[0]->id, $fb_user['id']);

Since the user is not logged in to have $user_id set?

[eluser]Ted S[/eluser]
Following in federico_jacobi's footsteps, here's a quick function for auth_other.php that will allow existing users who are logged in to sync up their account.

Code:

// merges an existing account with facebook
function fb_merge()
{
    
    $this->load->library('tank_auth');
    $user_id = $this->tank_auth->get_user_id();
    if(!$user_id){
        redirect('');
    }
    
    $fb_user = $this->facebook_model->getUser();        
    if( isset($fb_user) ){
        
        // $user = $this->user_model->get_user($user_id); // just in case you want to do more with their profile...
                    
        if(!$user['facebook_id']){
            $this->user_model->update_facebook_user_profile($user_id, $fb_user['id']); // update main user record to be linked with facebook
            // you could update their profile with other facebook info here
            echo "all set";            
        } else {
            // you could show them a sharing page here
            echo "already set";
        }
                    
    } else {        
        echo 'We were unable to find your facebook account. Please try refreshing the page...'; // no facebook cookie after the javascript, hack or error
    }
    
}

I do a lot more with this than just syncing the ID and bring in profile data to show friends, temporary info, etc so the structure can easily be extended to use more of $fb_user's variables.

To call this you can use the same javascript, just change the function name to fb_merge.

[eluser]federico_jacobi[/eluser]
[quote author="Ted S" date="1307683547"][quote author="federico_jacobi" date="1306653604"]

Code:

$this->user_model->update_facebook_user_profile($user_id, $fb_user['id']);

[/quote]

Shouldn't this be:

Code:

$this->user_model->update_facebook_user_profile($user[0]->id, $fb_user['id']);

Since the user is not logged in to have $user_id set?[/quote]

YOU ARE CORRECT! probably bad cut+paste =)

[eluser]federico_jacobi[/eluser]
[quote author="Ted S" date="1307667896"][quote author="federico_jacobi" date="1306653604"]Did the existing user today for Facebook and works great. Dacus's code is absolutely correct, but there are a few nuances:

- In the fb login button you need to add "email" to the perms, otherwise you cannot get the user email "directly". You can always get it via auth_other/fill_user_info but I find it complicated and defeats the purpose of the easy FB login.
[/quote]

Very helpful, thanks so much!

If I understand this correctly, you are using the facebook email to compare against the user database and match on that. I'm working on this myself but have you given any thought to simply letting the user authenticate a facebook account if they are already logged in?

From my thinking, if an existing user comes to the site it's ideal to show them a "connect" button up front and check email for a match, like you do now, but also allow someone who is already in the system to connect as well, without having to worry about a match since we already know who they are.[/quote]

Mmmmm ... Your thinking is absolutely correct, from my perspective though I see someone coming in, they see their FB connect and go with that ... there's a pretty good chance they use the same email for both and there you go. If that is NOT the case, then create a new account ... but that's where your thinking comes in ... I guess you could create a "profile" page where you add the FB login. (notice that merge function before, good stuff, but haven't tried it yet)

Notice when you do an FB login, auth_other really checks for the FBid not the tankauth username/email ...