Extension talk:Facebook

How do i make this run around appear under the news feed sort of like a viral feed

MediaWiki 1.12
Hi everybody,

Is there a way to use this extension with v1.12 ? I really like this plugin and it would be great to be able to use it on previous versions of MediaWiki =)

--Marineam 16:37, 20 April 2009 (UTC)

Special:UserLogin Vulnerability
First off, thanks for starting this extension.

I am not sure if this is isolated to my wiki. But once $fbAllowOldAccounts = true; in config.php, on Special:UserLogin if you enter any registered member's user name without entering a password and press login, this automatically logs you into the users account without any validation.

Could some one try this on there installation and let me know if its just my setup or its a bug withing this extension.

I'm running MediaWiki 	1.14.0

--69.41.102.224 19:42, 9 May 2009 (UTC)
 * Thanks for mentioning this. I'm running the same MediaWiki version 1.14.0 and you're absolutely right about the bug. This is a huge security issue. I've disabled FBConnect on my wiki for now until the developer gets active again. Fredd-E 10:43, 21 May 2009 (UTC)

--96.20.202.45 01:37, 2 June 2009 (UTC)
 * The script is producing the same security issue for me.


 * The problem is that "FBConnect::$api->idFromName( $username )" returns "0" for registered wiki member's and "FBConnect::$api->user" returns "null" when using local (wiki) authentication. First we should verify that we have a FB ID (see sample below):

FBConnectAuthPlugin.php: 56: public function authenticate( $username, $password = '' ) { 57:   $id = FBConnect::$api->idFromName( $username ); 58:   $user = FBConnect::$api->user; 59:   return $id > 0 && $id == $user; 60: } Mreall 22:30, 24 June 2009 (UTC)

Signatures
Would it be possible in the next version to have the real name (or nick name) be used for the signatures? Because, right now, when you are facebook connected and use the ~ to place a signature, you get the random 9 facebook id digits. This is not really meaningful. Fredd-E 10:50, 21 May 2009 (UTC)

LDAP Extension
We are running MediaWiki with the LDAP extension. Would enabling FBConnect break the use of the LDAP Authentication, or augment? 130.20.226.121 23:58, 21 May 2009 (UTC)

SSO Not Working
Using Mediawiki 1.14, the extension loads fine, and on the Special:Connect page, I can log in and out of Facebook. However, upon clicking "Connect with Facebook" on, say, the Main Page. The pop-up appears, and I log in to Facebook. The Main Page is then reloaded, but I am not logged in, and no account was created. The "Log in" and "Connect With Facebook" links are still present. Additionally, there are no PHP errors, so I am at a loss to troubleshoot this extension. Any tips on troubleshooting this would be greatly appreciated. --John Thomson 03:06, 13 June 2009 (UTC)

- Something similar happens to me. If I try to "facebook connect" in the main page as a logged off user, it just reloads the main page. --86.24.193.46 11:35, 21 June 2009 (UTC)

Paths don't match
Please don't hard-code your paths into the code. You base paths off the MW variables. For example, in fbconnect.js, line 54 the "/w" directory is hard-coded and should be replaced with the "wgScriptPath" variable:

52: function facebook_init { 53:    FB_RequireFeatures(["XFBML"], function { 54:         FB.init(fbApiKey, wgScriptPath + "/extensions/FBConnect/xd_receiver.php"); 55:     }); 56: }

Well found thanks. That solves the directory problem.--86.24.193.46 12:14, 26 June 2009 (UTC)

Problems setting up: does not create new user
I am not sure what I am doing wrong. It all seems to work but when I log into facebook through the pop up window it doesnt create a new user and nothing changes. Then when I go to the Special Pages: Connect there is the option of logging out from facebook connect but I am still not logged into the mediawiki. --86.24.193.46 12:16, 26 June 2009 (UTC)

Problems with using an account prefix
I found a couple bugs when using an account prefix. My accounts weren't being created or when they were I wasn't being automatically signed in to them. The problem lies in a couple methods that should call FBConnectAPI::idFromName on the the ID before passing it to Facebook:

In FBConnectAPI.php, I commented out the original code and added in the fix: public function getRealName( $user ) { // HACK //$name = $this->getFields( $user->getName, array( 'name' )); $name = $this->getFields( $this->idFromName($user->getName), array( 'name' )); return $name[0]['name']; }	public function isConnected { global $wgUser; // Hack //return $wgUser->isLoggedIn && $this->isIdValid( $wgUser->getName ); return $wgUser->isLoggedIn && $this->isIdValid( $this->idFromName($wgUser->getName) ); } Mreall 13:38, 30 June 2009 (UTC)

Don't FB authenticate if you're already signed in
When you are already signed in to the wiki under a local wiki account and don't want the system to automatically sign you out of the local account and into your FB account, add the following code:

In FBConnectHooks.php, UserLoadFromSession method (just the HACK section): static function UserLoadFromSession( $user, &$result ) { global $wgAuth, $wgUser; // HACK: don't do anything if the user is already signed in from the session. global $wgCookiePrefix; if ($user->mFrom == 'session' && isset($_COOKIE["{$wgCookiePrefix}UserID"])) { return true; }		// END HACK // Check to see if we have a connection with Facebook if ( !FBConnect::$api->user ) {

and in fbconnect.js addOnloadHook(facebook_onload_addFBConnectButtons); addOnloadHook(facebook_add_user_tooltips); addOnloadHook(facebook_init);

// HACK if (!wgUserName) { addOnloadHook(facebook_onload); } //END HACK Mreall 13:41, 30 June 2009 (UTC)

Conflicts with other extensions
I noticed a conflict with the FCKeditor extension. Apparently the FCKeditor also uses the UserLoadFromSession hook. However, since the FBConnect extension registers with the hooks only after all the setup for the other extensions has been complete, the other extensions may have already loaded the user object by the time this extension registers its UserLoadFromSession handler. This results in the FBConnectHooks::UserLoadFromSession method never being run and the FB user from not getting authenticated.

I'm not sure if this is the best work-around, but it seems to do the trick. One potential risk is that the other extensions may initially load a different user as the FB user would not have been set up yet. If possible, this extension should load the user earlier in the setup process.

Here's my hack, in FBConnect.php: public static function init { global $wgXhtmlNamespaces, $wgAuth, $wgHooks;

...		// Install all public static functions in class FBConnectHooks as MediaWiki hooks $hooks = self::enumMethods('FBConnectHooks'); foreach( $hooks as $hookName ) { $wgHooks[$hookName][] = "FBConnectHooks::$hookName"; }		// HACK // Other extensions may have already loaded the user. Start the process over. global $wgUser; if ($wgUser->mDataLoaded) { $wgUser->clearInstanceCache ('session'); }		// END HACK // ParserFirstCallInit was introduced in modern (1.12+) MW versions so as to		// avoid unstubbing $wgParser on setHook too early, as per r35980 if (!defined( 'MW_SUPPORTS_PARSERFIRSTCALLINIT' )) { Mreall 23:08, 30 June 2009 (UTC)