Extension:Facebook

What can this extension do?
This extension (currently in beta) aims to integrate the newly released Facebook Connect platform into the MediaWiki software. The most bleeding-edge SVN version of MediaWiki is REQUIRED.

2008-12-18: XFBML use in wiki text (and the security concerns it comes with) is now enabled.

2008-12-20: Mouseover tooltips of profile pics and info for Connected users added.

Status
Currently, this extension is in beta. I haven't messed with login/create account rights yet or the FBConnect-only option, so it is not yet secure. But what it DOES do is creates a user account using the Facebook ID as the username and retrieves the the Real Name from Facebook.

Features

 * "Single Sign On" experience via Facebook Connect
 * On a successful Connect, creates a new wiki user from their Facebook ID, fills in Real Name from Facebook
 * Logging out of Facebook logs you out of the wiki and vice versa (though this feature currently has problems)
 * Wiki text can include XFBML tags (unsafe, see this note)
 * Mouseover tooltips of profile pics and info for Connected users (currently dummy names and pics... but the tooltips work!)

Coming Soon! (aka my TODO list)

 * Expand on the current features
 * Security vulnerability fixes for FBXML in wiki text
 * Put useful info into tooltips
 * Configuration options
 * Facebook Connect Only
 * Allow/Disallow XFBML
 * Error message for non-connected accounts (if "Facebook Connect Only" is specified)
 * Proxied Email instead of requiring users to enter an email
 * Entire preferences tab (This may suck to code)
 * Publish feed story dialog when saving a wiki page (opt in or a php setting)
 * Link to Facebook photos like wiki photos (probably already works with )
 * Incorporate account merging functionality

Usage

 * This extension is currently in beta. For now, it should be used for experimental and testing purposes. The most bleeding-edge SVN version of MediaWiki is MANDATORY.
 * To merge existing users into Facebook IDs, see Extension:Renameuser and Extension:User Merge and Delete.
 * For information on Facebook Markup tags, see the Facebook Dev Wiki.
 * If you need custom FBML-handling rules, the entire code for these tags is a switch statement in FBConnectXFBML::parserHook. To disable a tag, simply return an empty string.

XFBML
XBFML is currently vulnerable to XSS attacks:  Disable XFBML until this is fixed by adding this to config.php or LocalSettings.php: $fbConnectMarkup = false; The FBConnect code does not yet do the necessary checks for safe tag attributes. Additionally, the core MediaWiki software may have a problem with dashed attributes like . Further investigation into this matter is needed.

Download Instructions
This extension is currently hosted at SourceForge. The SourceForge page should have a current download link on it. Alternatively, download the individual files through ViewVC or through SVN:

Installation
To install this extension, add the following to LocalSettings.php: Configuration parameters can also be set in LocalSettings.php.

Configuration parameters
This extension's configuration parameters are defined in FBConnectConfig.sample.php. In production, this file should be renamed to FBConnectConfig.php. The following configuration variables can either be set in FBConnectConfig.php by modifying their default values, or overridden by defining them in LocalSettings.php.

$callback_url
Enter your callback URL here. That's the location where index.php resides. Make sure it's your exact root - facebook.com and www.facebook.com are different.
 * Default value:  - Change this!

$api_key
Get the API key and secret from http://facebook.com/developers. Note that each callback URL needs its own app id. Set the callback URL in your developer app to match the one you chose above. This is important so that the Javascript cross-domain library works correctly.
 * Default value:  - Change this!

$api_secret

 * Default value:  - Change this!

$base_fb_url
This is the root of the facebook site you'll be hitting. In production this will be facebook.com. However, Facebook Connect has now been released and changing this value seems to invalidate the code. Maybe in the future?
 * Default value:

$feed_bundle_id
The feed story template needs to be registered with your app_key, and then just passed at run time. To register the feed bundle for your app, visit http://www.yourwiki.com/path/to/extensions/FBConnect/register_feed_forms.php
 * Default value:  - Change this if you're brave enough to register a form feed, I definitely am not.

$wgFBConnectOnly
Set this to false to allow users to continue logging into your site with old-style user names.
 * Default value:

$wgRemoveUserTalkLink
Set this to true to remove the link to a user's talk page in the personal toolbar (the menu in the upper right).
 * Default value:  (for now)

$wgFBConnectLogoUrl
Location of the 16x16 Facebook logo. You can copy this to your server if you want. It replaces the user icon that currently appears in front of our user name.
 * Default value:  - Can also be set to

$wgShowIPinHeader
This value will automatically be set to  in FBConnectConfig.sample.php. It removes the link to the user's IP address when they are not logged in, so that only the Facebook Connect logo will be displayed. See Manual:$wgShowIPinHeader.

User rights
Coming eventually...

SVN Access
This extension is currently hosted at SourceForge. Download the individual files through ViewVC or through SVN:

Alternatively, you can download the individual files from here, though they may be somewhat out-of-date.

List of files

 * 1) FBConnect/FBConnect.php
 * 2) FBConnect/config.sample.php
 * 3) FBConnect/FBConnect.alias.php
 * 4) FBConnect/FBConnect.i18n.php
 * 5) FBConnect/fbconnect.js
 * 6) FBConnect/fbconnect.css
 * 7) FBConnect/FBConnectAuthPlugin.php
 * 8) FBConnect/FBConnectHooks.php
 * 9) FBConnect/FBConnectXFBML.php
 * 10) FBConnect/xd_receiver.php

wz-tooltip library

 * FBConnect/wz_tooltip/wz_tooltip.js
 * FBConnect/wz_tooltip/wz_tooltip.js

Facebook PHP client library
Download from http://svn.facebook.com/svnroot/platform/clients/packages/facebook-platform.tar.gz and copy the facebook-client folder to extensions/FBConnect/facebook-client, or copy/paste the code from the following files into the correct directories.


 * FBConnect/facebook-client/facebook.php
 * FBConnect/facebook-client/facebook_desktop.php
 * FBConnect/facebook-client/facebookapi_php5_restlib.php
 * FBConnect/facebook-client/jsonwrapper/jsonwrapper.php
 * FBConnect/facebook-client/jsonwrapper/jsonwrapper_inner.php
 * FBConnect/facebook-client/jsonwrapper/JSON/JSON.php
 * FBConnect/facebook-client/jsonwrapper/JSON/LICENSE
 * FBConnect/facebook-client/jsonwrapper/JSON/JSON.php
 * FBConnect/facebook-client/jsonwrapper/JSON/LICENSE
 * FBConnect/facebook-client/jsonwrapper/JSON/LICENSE

Files I have deleted / renamed

 * 1) FBConnect/FBConnect_body.php
 * 2) FBConnect/FBConnectAutoAuthenticate.php
 * 3) FBConnect/FBConnectClient.php
 * 4) FBConnect/FBConnectConfig.sample.php
 * 5) FBConnect/FBConnectCore.php
 * 6) FBConnect/FBConnectInit.php
 * 7) FBConnect/FBConnectPersonalUrls.php
 * 8) FBConnect/FBConnectSetup.php
 * 9) FBConnect/SpecialConnect.php
 * 10) FBConnect/register_feed_forms.php