Extension:Facebook

The FBConnect extension for MediaWiki lets users log in with a Facebook Connect account instead of a username and password. MediaWiki is a highly-used software, but because you can edit most wikis without logging in, not as many people sign up. If you’re running a wiki, FBConnect helps fill in that gap by this extension makes it very easy for your users to log in and start making edits. In addition, you can use XFBML tags in wiki text, as well as several other inventive features.

This extension is in alpha status, despite the release status listed to the right. This is because it links to (and depends on) the brand-spanking-new Facebook Connect JavaScript SDK, which is in alpha status and "might need to break compatibility between releases if the need arises." For more info, see the SDK's FAQ.

Github
This extension is now on github! I hope this makes it more accessible for developers looking to try out new things. Of course, the old SourceForge page still exists. I'll try to keep the github project up-to-date, but SourceForge is where I'll be pushing my changes primarily.

Connect account with Facebook
 This wiki is enabled with Facebook Connect, the next evolution of Facebook Platform. This means that when you are Connected, in addition to the normal benefits you see when logging in, you will be able to take advantage of some extra features...

Features

 * "Single Sign On" experience via Facebook Connect
 * On a successful Connect, allows the user to choose a nickname and creates a new account for that user on the wiki
 * Updates the wiki user's information from Facebook upon login (opt-out soon to come)
 * Logging out of Facebook logs you out of the wiki and vice versa
 * And more...

User Rights from Facebook Group
Instead of using the built-in special pages to manage user rights, this extension enables users to manage rights using a Facebook group. By simply creating a group and providing the group ID, Connected users will automatically be promoted to any of three implicit groups:
 * Group member: This right will be attached to people belonging to the Facebook group or "awaiting reply."
 * Group officer: Making someone an officer of the group will automatically give them Bureaucrat rights.
 * Group admin: Likewise, admins of the Facebook group will inherit Sysop rights on the wiki.

A fourth group is also provided: Facebook Connect user. All accounts created by Facebook Connect belong to this group.

On my personal wiki, I set $fbConnectOnly to true and $fbUserRightsFromGroup to a secret Facebook group. In LocalSettings.php, I put the following user rights code after including FBConnect.php. This allows only members of the secret Facebook group to read or edit the wiki.
 * Example

XFBML
XFBML in wiki text is enabled by default. Non-secure tags and attributes are excluded from the final page output. Due to a bug in MediaWiki, the facebook-logo attribute of  is also dropped from the final page output. Applying the patch posted to this bug report resolves this error. Hopefully the patch will be included in MediaWiki's code in the future.

If XFBML is enabled, then  maybe be used as an alternative for $wgAllowExternalImages with the added benefit that all photos are screened against Facebook's Code of Conduct and subject to dynamic privacy.

No more annoying xd_receiver.php!
The new alpha-status JavaScript SDK doesn't require a xd_receiver.php file for cross-domain (xd) communication. For those wondering how it accomplishes this magic, read on...

The new library circumvents the need for a xd_receiver.php file via a dynamically-constructed Flash object or the PostMessage feature of HTML5. Unfortunately, these two features are not available in every environment. In this case, a page is still required to implement Facebook's xd communication functions (like xd_receiver.php used to do). Their fall-back solution: they use the current page in an iframe (which, of course, links to the Connect functions), but with an extra hash (#) and special token. The technique is known as fragment.

The same Connect code on the reused page falls back into "xd_receiver" mode upon seeing the token in the fragment. It skips the initialization of the beefy Connect library and part of the document-rendering process (document.body.style.display = 'none';). Viola! The result: a perfectly functional xd_receiver.php, fabricated out of the current page by reusing the URL, trashing the DOM and only loading the necessary JS. Ingenious! ref1, ref2.

Wanted Features
OK, so the propaganda at the start of the article isn't all true (yet). Someday, the following events may be implemented:
 * Publish Feed story dialog when saving a wiki page (opt in or a PHP setting)
 * This might could get implemented, but I would feel a lot more assured if Facebook's development slows down. A month after I published this extension, Facebook killed off the "News Feed" itself and replaced it with the "Open Stream" (blog announcement), and then deprecated every single one of their feed story api calls. If someone can point me to an existing MW extension that does something similar, I might implement this, but otherwise I'll have to leave it to a more talented PHP programmer who wants to take on the risk. Gbruin 22:34, 28 March 2010 (UTC)
 * Proxied Email instead of requiring users to enter an email
 * This feature just got cooler and more complicated to code: (January 2010 blog announcement, opens up the possibility of getting a non-proxied email address from the user).
 * Entire preferences tab overhaul (This may suck to code).
 * Bugfix checked in to the MediaWiki SVN. Progress can now be made on adding FBConnect preferences.

Configuration parameters
This extension's configuration parameters are defined in config.sample.php. In production, this file should be renamed to config.php. The following configuration variables can be set in config.php:

$fbApiKey
To use Facebook Connect you will first need to get a Facebook API Key:
 * 1) Visit the Facebook application creation page: http://www.facebook.com/developers/createapp.php
 * 2) Enter a descriptive name for your wiki in the Application Name field. This will be seen by users when they sign up for your site.
 * 3) Accept the Facebook Terms of Service.
 * 4) Upload icon and logo images. The icon appears in News Feed stories and the logo appears in the Connect dialog when the user connects with your application.
 * 5) Click Submit.
 * 6) Copy the displayed API key and application secret into the config file.
 * Default value:  - Change this!

$fbApiSecret

 * Default value:  - Change this!

$fbConnectOnly
Disables the creation of new accounts and prevents old accounts from being used to log in if they aren't associated with a Facebook Connect account.
 * Default value:

$fbUserName
The prefix to be used for the auto-generated username suggestion when the user connects for the first time. A number will be appended onto this prefix to prevent duplicate usernames.
 * Default value:

$fbUseMarkup
Allows the use of XFBML in wiki text.
 * Default value:

$fbAllowFacebookImages
If XFBML is enabled, then &lt;fb:photo> maybe be used as a replacement for $wgAllowExternalImages with the added benefit that all photos are screened against Facebook's Code of Conduct and subject to dynamic privacy. To disable just &lt;fb:photo> tags, set this to false.
 * Default value:

Disabled until the alpha JS SDK supports &lt;fb:photo> tags.

$fbUserRightsFromGroup
For easier wiki rights management, create a group on Facebook and place the group ID here. Three new implicit groups will be created: fb-groupie, fb-officer, and fb-admin. By default, they map to User, Bureaucrat and Sysop privileges, respectively. Users will automatically be promoted or demoted when their membership, title or admin status is modified from the group page within Facebook. See. Of course, this feature carries with it security issues with authorization extensions and has not been fully tested.


 * Default value:  - Can also be set to a Group ID (like 2250482938).

$fbPersonalUrls
Options regarding the personal toolbar (in the upper right). == Key ==             == Effect == hide_connect_button   Hides the "Log in with Facebook Connect" button. hide_convert_button   Hides "Connect this account with Facebook" for non- Connected users. link_back_to_facebook Shows a handy "Back to facebook.com" link for Connected users. This helps enforce the idea that this wiki is                       "in front" of Facebook. remove_user_talk_link Remove link to user's talk page use_real_name_from_fb $fbUserName to show the real name for auto-usernames, true to show the real name for all Connected users

Additionally, use $wgShowIPinHeader to hide the IP and its talk link.


 * Default value:

$fbLogo
Location of the 16x16 Facebook logo. You can copy this to your server if you want, or set to false to disable entirely.
 * Default value:  - Can also be set to

$fbScript
URL of the Facebook Connect JavaScript SDK. Because this library is currently an alpha release, changes to the APIs may be made on a regular basis. If you use FBConnect on your production website, you may wish to insulate yourself from these changes to the alpha library by downloading and hosting your own copy of the library.
 * Default value:

Installation

 * 1) Per usual, to install this extension add the following to LocalSettings.php:
 * 2) Run the code in fbconnect_table.sql against your (master) database to create the required table.  If you use a shared database for user authentication across multiple wikis, make sure to run this script against the wgSharedDB database.
 * 1) Run the code in fbconnect_table.sql</tt> against your (master) database to create the required table.  If you use a shared database for user authentication across multiple wikis, make sure to run this script against the wgSharedDB database.

Upgrading
Take care upgrading from older versions of this extension (from r91, pre-March 2010). Unfortunately, due to the new database layout, backwards compatibility was unable to be retained and considerable user renaming might have to be done. Sorry about that! If anyone has a PHP script to simplify the process, please let me know.

Updating from r100+ is safe (and highly recommended). When updating from an older version, consider bumping $wgStyleVersion.