Extension talk:Facebook

How do i make this run around appear under the news feed sort of like a viral feed

MediaWiki 1.12
Hi everybody,

Is there a way to use this extension with v1.12 ? I really like this plugin and it would be great to be able to use it on previous versions of MediaWiki =)

--Marineam 16:37, 20 April 2009 (UTC)

Special:UserLogin Vulnerability
First off, thanks for starting this extension.

I am not sure if this is isolated to my wiki. But once $fbAllowOldAccounts = true; in config.php, on Special:UserLogin if you enter any registered member's user name without entering a password and press login, this automatically logs you into the users account without any validation.

Could some one try this on there installation and let me know if its just my setup or its a bug withing this extension.

I'm running MediaWiki 	1.14.0

--69.41.102.224 19:42, 9 May 2009 (UTC)
 * Thanks for mentioning this. I'm running the same MediaWiki version 1.14.0 and you're absolutely right about the bug. This is a huge security issue. I've disabled FBConnect on my wiki for now until the developer gets active again. Fredd-E 10:43, 21 May 2009 (UTC)

--96.20.202.45 01:37, 2 June 2009 (UTC)
 * The script is producing the same security issue for me.

I was able to fix this bug by adding another "=" to the comparison in the FBConnectAuthPlugin::authenticate method. The problem is that "FBConnect::$api->idFromName( $username )" returns "0" for registered wiki member's and "FBConnect::$api->user" returns "null". Comparing these with the loose comparison "==" produces a match. Changing the "==" to a strong comparison "===" seems to do the trick.

See the following lines in FBConnectAuthPlugin.php: 56:	public function authenticate( $username, $password = '' ) { 57:		return FBConnect::$api->idFromName( $username ) === FBConnect::$api->user; 58:	} Mreall 22:30, 24 June 2009 (UTC)

Signatures
Would it be possible in the next version to have the real name (or nick name) be used for the signatures? Because, right now, when you are facebook connected and use the ~ to place a signature, you get the random 9 facebook id digits. This is not really meaningful. Fredd-E 10:50, 21 May 2009 (UTC)

LDAP Extension
We are running MediaWiki with the LDAP extension. Would enabling FBConnect break the use of the LDAP Authentication, or augment? 130.20.226.121 23:58, 21 May 2009 (UTC)

SSO Not Working
Using Mediawiki 1.14, the extension loads fine, and on the Special:Connect page, I can log in and out of Facebook. However, upon clicking "Connect with Facebook" on, say, the Main Page. The pop-up appears, and I log in to Facebook. The Main Page is then reloaded, but I am not logged in, and no account was created. The "Log in" and "Connect With Facebook" links are still present. Additionally, there are no PHP errors, so I am at a loss to troubleshoot this extension. Any tips on troubleshooting this would be greatly appreciated. --John Thomson 03:06, 13 June 2009 (UTC)

- Something similar happens to me. If I try to "facebook connect" in the main page as a logged off user, it just reloads the main page. --86.24.193.46 11:35, 21 June 2009 (UTC)

Paths don't match
Please don't hard-code your paths into the code. You base paths off the MW variables. For example, in fbconnect.js, line 54 the "/w" directory is hard-coded and should be replaced with the "wgScriptPath" variable:

52: function facebook_init { 53:    FB_RequireFeatures(["XFBML"], function { 54:         FB.init(fbApiKey, wgScriptPath + "/extensions/FBConnect/xd_receiver.php"); 55:     }); 56: }