Extension:Facebook

The FBConnect extension for MediaWiki replaces the login functionality with Facebook Connect. This extension was developed on MediaWiki 1.14alpha. Backwards compatibility with MW-1.13.3 is unverified/untested, but might still work. For now, this extension should be used for experimental and testing purposes. Speaking of which...

I need help testing and developing! I have set up a SourceForge repository for this extension. If you can contribute anything (code, patches, ideas, error messages & circumstances surrounding those errors) then let me know.

Oh wait, this is a wiki... just hit that little [edit] button up in the corner and scribe it here!

Features

 * "Single Sign On" experience via Facebook Connect
 * On a successful Connect, creates a new wiki user and fills in Real Name from Facebook
 * The form of the created user name can be defined by $fbUserName
 * Logging out of Facebook logs you out of the wiki and vice versa
 * Links to Facebook Connect user pages are distinguished by a Facebook icon
 * Account merging functionality (soon to come)
 * And more...

Special:Connect
This special page gives the user the choice of using Facebook Connect or logging in with a wiki account. If the user logs in with an account on the wiki, they will have the option to Connect their account with Facebook. When this feature is finished, it will allow existing wiki users to merge their account with Facebook Connect. Until then, see Extension:Renameuser or Extension:User Merge and Delete. When Connected, the special page looks like this:

Connect account with Facebook
 This wiki is enabled with Facebook Connect, the next evolution of Facebook Platform. This means that when you are Connected, in addition to the normal benefits you see when logging in, you will be able to take advantage of some extra features...

User Rights from Facebook Group
Instead of using the built-in special pages to manage user rights, this extension enables users to manage rights using a Facebook group. By simply creating a group and providing the group ID, Connected users will automatically be promoted to any of three implicit groups:
 * Group member: This right will be attached to people belonging to the Facebook group or "awaiting reply."
 * Group officer: Making someone an officer of the group will automatically give them Bureaucrat rights.
 * Group admin: Likewise, admins of the Facebook group will inherit Sysop rights on the wiki.

A fourth group is also provided: Facebook Connect user. As is evident from the Mouseover ToolTips picture below, all accounts created by Facebook Connect belong to this group.

Mouseover Tooltips for Connected Users
Seven random numbers were way too fugly and it was impossible to keep track of who was who. Using the Tooltips with JavaScript library, Facebook-styled DHTML tooltips display info about the user you are mousing-over. Currently, profile pics and the real name are displayed for Connected users. Eventually, these tooltips will be modified to contain additional information (perhaps nickname, Facebook networks, other info or group membership).

XFBML
XFBML in wiki text is enabled by default. Non-secure tags and attributes are excluded from the final page output. Due to a bug in MediaWiki, the facebook-logo attribute of  is also dropped from the final page output. Applying the patch posted to this bug report resolves this error. Hopefully the patch will be included in MediaWiki's code in the future.

If XFBML is enabled, then  maybe be used as a replacement for $wgAllowExternalImages with the added benefit that all photos are screened against Facebook's Code of Conduct and subject to dynamic privacy


 * ''Note: previously a security vulnerability was present in this feature due to onclick attributes. As such, this feature was originally intended for internal wikis only. This was not actually a security hole in XFBML. XFBML markup is on the page of the MediaWiki site, not on Facebook's page as was the case for FBML. The worst that could have happened is that a malicious user could have imitated another user on the wiki. In no way can the other user's Facebook account be compromised. This issue is now confirmed to be fixed.

Coming Soon (probably in this order...)

 * Proxied Email instead of requiring users to enter an email
 * Entire preferences tab overhaul (This may suck to code)
 * Publish Feed story dialog when saving a wiki page (opt in or a PHP setting)

Configuration parameters
This extension's configuration parameters are defined in config.sample.php. In production, this file should be renamed to config.php. The following configuration variables can be set in config.php:

$fbApiKey
To use Facebook Connect you will first need to get a Facebook API Key:
 * 1) Visit the Facebook application creation page: http://www.facebook.com/developers/createapp.php
 * 2) Enter a descriptive name for your wiki in the Application Name field. This will be seen by users when they sign up for your site.
 * 3) Accept the Facebook Terms of Service.
 * 4) Upload icon and logo images. The icon appears in News Feed stories and the logo appears in the Connect dialog when the user connects with your application.
 * 5) Click Submit.
 * 6) Copy the displayed API key and application secret into the config file.
 * Default value:  - Change this!

$fbApiSecret

 * Default value:  - Change this!

$fbCallbackURL
This is the application's callback URL (the location where index.php resides). Make sure it's your exact root - facebook.com and www.facebook.com are different.

Set the callback URL in your developer app to match the one you specify in the config file. This is important so that the Javascript cross-domain library works correctly.

Note that each callback URL needs its own app id.
 * Default value:  - Change this!

$fbBaseURL
This is the root of the facebook site you'll be hitting. In production this will be facebook.com. However, Facebook Connect has now been released and changing this value seems to invalidate the code. Maybe in the future?
 * Default value:

$fbFeedBundleId
This is currently unused! Hopefully, someday it will be implemented. The feed story template needs to be registered with your app_key, and then just passed at run time. To register the feed bundle for your app, visit http://www.yourwiki.com/path_to_extensions/FBConnect/register_feed_forms.php
 * Default value:  - Change this if you're brave enough to register a form feed, I definitely am not.

$fbLogo
Location of the 16x16 Facebook logo. You can copy this to your server if you want. It replaces the user icon that appears near the Facebook ID usernames.
 * Default value:  - Can also be set to

$fbUserName
This will be the form of Facebook Connect user name when the user Connects and an account is automatically created. The first letter will of course be capitalized. The user's Facebook ID takes place of the #. If no # is used, then the Facebook ID will be appended onto this string to form the username. (I suggest changing this to 'FB_#' or '#_fb', for example.)
 * Default value:

$fbUserNameOK
Currently unused. Coming soon!
 * Default value:

$fbAllowOldAccounts
Allows non-Connected user accounts to login. Set this to true to allow users to continue logging into your site with old-style user names.
 * Default value:  (  is currently untested)

$fbConnectOnly
Disables new account creation. If this is set, then accounts can only be created by a successful Connection.
 * Default value:  (  is currently untested)

$fbUseMarkup
Allows the use of XFBML in wiki text.
 * Default value:

$fbAllowFacebookImages
If XFBML is enabled, then &lt;fb:photo> maybe be used as a replacement for $wgAllowExternalImages with the added benefit that all photos are screened against Facebook's Code of Conduct and subject to dynamic privacy. To disable just &lt;fb:photo> tags, set this to false.
 * Default value:

$fbUserRightsFromGroup
For easier wiki rights management, create a group on Facebook and place the group ID here. Three new implicit groups will be created: fb-groupie, fb-officer, and fb-admin. By default, they map to User, Bureaucrat and Sysop privileges, respectively. Users will automatically be promoted or demoted when their membership, title or admin status is modified from the group page within Facebook. See.
 * Default value:

$fbRemoveUserTalkLink
Set this to true to remove the link to a user's talk page in the personal toolbar (the menu in the upper right).
 * Default value:

$wgShowIPinHeader
This value will automatically be set to  in config.sample.php. It removes the link to the user's IP address when they are not logged in, so that only the Facebook Connect logo will be displayed. See Manual:$wgShowIPinHeader.
 * Default value:

Installation
Per usual, to install this extension add the following to LocalSettings.php: