I am running an app live at domain.com and wants to continue the development on localhost for which I setup local.domain.com to 127.0.0.1 in my hosts file. Everything works fine other than PHP is not able to pick up session when the login is handled by the JS SDK.
My JS code:
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
init();
} else {
// user is logged in, but did not grant any permissions, eh?
showMessage( "Error!", "You haven't grant proper permissions!" );
}
} else {
// user is not logged in
showMessage( "Error!", "You are not logged in" );
}
}, {perms:'email'});
After the login from JS, I do an AJAX call where PHP can't pick up session information.
My PHP code:
$session = $facebook->getSession(); // this is null somehow
The same code works fine, live on domain.com but on localhost, the $session on PHP side
is null. Any ideas?
Did you try using localhost as your application domain name?
You should probably create 2 apps, one for your local testing and another one for your live code.
Related
Reacntly, I have a project that login our website with facebook jsut like the stackoverflow!
limits:
I can't open a new window! so the function FB.loigin() was dropped!
FB.login(function(response)
{
if(response.status == 'connected'){
}
},{scope: 'email'});
So, I only can use the way of <<Manually Build a Login>> Flow to guild user to login in!
But,when I set redirect_uri like this one:
xxx&redirect_uri=https://www.facebook.com/connect/login_success.html
when user input the username and password! they redirect to
facebook.html/contact/login_success.html
can't redirect to my page!!!
SOS!!!
I' m having a difficulty in getting a clear view on Joomla (I'm using version 3.6.x) authentication and login.
I've seen many approaches and snippets on how to "Login" in a Joomla site from an external source (which is what i m interesting in).
But what i see after testing and testing (and more testing), is that at the end of the day, you re simply not logged in.
You may have the ability to verify that the user who's attempting to login is a valid registered user and also to be able to retrieve his name, email, phone and blah blah blah but in Joomla backend, this user is still not logged in.
I created a brand new user in Administrator Panel (it shows the user NEVER visited the site), I wrote the login script in external PHP, I "authenticated" the new user a dozen times and when i go back to the Backend, the user still NEVER been there. Not even once.
Which, i guess, it also means that i can't retrieve a list of "active" users, since Joomla can't see them as logged in users.
So what i want to achieve is users to be able to login from outside the Joomla site and to have the ability to know IF they're logged in or not. So I can get a list of them and assign tasks to them.
I guess it has something to do with tokens and cookies. But no matter how much i searched to that direction, i can't find any examples to enlighten me.
Any help (and specially "scripting" help) is much appreciated.
Thank you.
<?php
if (version_compare(PHP_VERSION, '5.3.1', '<')) {
die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
define('_JEXEC', 1);
if (file_exists(__DIR__ . '/defines.php')) {
include_once __DIR__ . '/defines.php';
}
if (!defined('_JDEFINES')) {
define('JPATH_BASE', __DIR__);
require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
$app = JFactory::getApplication('site');
$app->initialise();
require_once (JPATH_BASE .'/libraries/joomla/factory.php');
$credentials['username'] = $_GET["usrname"];
$credentials['password'] = $_GET["passwd"];
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('id, password')
->from('#__users')
->where('username=' . $db->quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
if ($match === true) {
$user = JUser::getInstance($result->id);
$session =& JFactory::getSession();
echo "<p>Your name is {$user->name}, your email is {$user->email}, and your username is {$user->username}</p>";
$session->set('userid', $user->id);
if ($user->guest) {
echo 'SORRY, NO LOGIN YET...';
} else {
echo 'user is LOGGED IN !';
}
} else {
die('Invalid password');
}
} else {
die('Cound not find user in the database');
}
?>
Joomla log in is handled in authentication plugins, by writing and enabling your own you can bypass the token verification and allow logging in by a simple get request.
Keep in mind that Joomla! keeps administrator and frontend sessions separate (you can be logged into the administrator, and browse the site as a guest). Additionally, a user needs a Manager, Administrator or Super User group membership to login to the backend.
Administrator
The common use case for admin login is to run a background script.
In order to bypass the Joomla Authentication in the backend, check out the /cli folder as it contains some examples.
Frontend
The use case for frontend login is much wider: server-to-server communication, app authentication, single sign on etc.
The best practice to perform frontend authentication is to build your own authentication plugin. The authentication will be implemented by the onUserAuthenticate() function. Check out the /plugins/authentication/joomla/ plugin for an example.
If you need extra data for the authentication plugin to perform its magic (e.g. the remote token/api key to authenticate using a remote service) you might want to check out the user plugin group, for example the /plugins/user/profile plugin.
Verify last login date/time
The frontend approach should automatically work, showing users as logged in in the administrator control panel.
However, if you use the CLI approach to login to the administrator, this may not work depending on how you perform login.
To be able to check if a user is logged in only authentication is not enough but you need a forced login. Only then you will be able to view them at the backend.
This is the code you can use to check if a user is logged in or not
<?php
if (version_compare(PHP_VERSION, '5.3.1', '<')) {
die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
if (!ini_get('display_errors')) {
ini_set('display_errors', '1');
}
echo ini_get('display_errors');
define('_JEXEC', 1);
define('JPATH_BASE', "C:\Vertrigo\www\joomla" );//Define the Base path as per your installation directory
if (!defined('_JDEFINES'))
{
require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
// Instantiate the application.
$app = JFactory::getApplication('site');
$app->initialise();
require_once (JPATH_BASE .'/libraries/joomla/factory.php');
//Check if a user exists else create one with forced login
$user = JFactory::getUser();
jimport('joomla.plugin.helper');
$credentials = array();
$credentials['username'] = JRequest::getVar('username', '');
$credentials['password'] = JRequest::getVar('passwd', '');
if (!$user->get('gid')){
$forcevars = array();
$forcevars['silent'] = true;
$forcevars['forecelogon'] = true;
$response = $app->login($credentials, $forcevars);
if($response){
echo "Login Successful";
}else{
echo "Login Unsuccessful. Check Username and Password. Give just Plain password.";
}
}
?>
I have modified the code as you neeeded to call username and password in url. better to use getVar in joomla rather than GET method. You url will be in the format http://www.yoursite.com/thisscript.php?username=yourusername&passwd=yourpassword
Currently i am using wso2 api manager 1.9 store , we have a login page before accessing anything in store . it is working fine for now .
Now , there's a requirement that we have a web application on some other domain having the webservice as well to authorize the users , in wso2 api manager store when we login using admin/admin ,, instead of calling its login.jag(for the authorization in wso2 store) , it must be calling that webservice for the authorization and we can use the same credentials as we already using in that web application.
So for this , in login.js (which is called after clicking the login button in store) , i have changed some code like :
ACTUAL CODE
loginbox.login = function (username, password, url,tenant) {
jagg.post("/site/blocks/user/login/ajax/login.jag", { action:"login", username:username, password:password,tenant:tenant },
function (result) {
if (result.error == false) {
if (redirectToHTTPS && redirectToHTTPS != "" && redirectToHTTPS != "{}" &&redirectToHTTPS != "null") {
window.location.href = redirectToHTTPS;
} else if(url){
window.location.href = url;
}else{
window.location.href='site/pages/list-apis.jag';
}
} else {
$('#loginErrorMsg').show();
$('#password').val('');
$('#loginErrorMsg div.theMsg').text(result.message).prepend('<strong>'+i18n.t("errorMsgs.login")+'</strong><br />');
}
}, "json");
CHANGED CODE
loginbox.login = function (username, password, url,tenant) {
$.post(authentication_url,function(result){
if(result.statusCode==200){
//will forward it to list-apis to display the apis
window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
}
});
With this changed code , i am getting the expected response from the webservice which i am calling ,, but not able to keep them in session cookies ,,because before it was calling site/blocks/user/login/ajax/login.jag which will authorize the user and then check for csrf tokens and lot of other things .
Can anyone please let me know where i am missing OR where i need to change so that users from webservice can be authorised .??
Thanks
You cannot pass username and password to /list-api . It does not handle those parameters and set them to session cookie.
window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
I think you might be able to implement something similar to SAML SSO implementation in the api manager. In SAML case, authentication response from the IDP is sent to api manager as a redirection. That request is handled by /store/jagg/jaggery_acs.jag file. Session is set in that location. You might be able to implement similar kind of thing to handle your redirection and set the session there. (I haven't try this)
I need to share a page from my php website to user's facebook wall. If user is not logged into facebook, my website redirects to the facebook login page using
$user = $facebook->getUser();
if($user) {
$result = $facebook->api(
'/me/feed/',
'POST',
array('access_token' => $this->access_token, 'link'=>'google.com', 'message' => 'Test link')
);
$this->Session->setFlash('Your link has been succesfully posted on your wall');
$this->redirect($this->referer());
}else {
$login_url_params = array(
'req_perms' => 'publish_stream',
'redirect_uri' => 'localhost/pictrail' //thts the same path I gave to my facebook app
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
So, when the user is not logged into facebook .. it redirects to facebook for the user to log in, afterwards it redirects to localhost/pictrail regardless of the url i put in there. I want to redirect it to say localhost/pictrail/images/param ... how can i achieve this? I tried 'localhost/pictrail/images/99' but it didn't work. Everything works fine when the user is logged into facebook.
You cannot redirect from Facebook to localhost as it's not a valid address.
The way that I got around this, for development, was to edit my hosts file and replace the domain with my local ip.
www.example.com 127.0.0.1
Then you can redirect to www.example.com from your Facebook app and it will render your local development version.
Be sure to add this domain to your local server's vhost or similar.
Sorry I misread your question. To change the Facebook redirect url you need to change it in your Facebook app. So you'd have to pass a custom field through to Facebook and then tack it back on afterwards.
Have a look through this, https://developers.facebook.com/docs/authentication/server-side/
i have this URL ..
https://graph.facebook.com/602414132/albums?access_token=123005381082600|2.FUPHmHF4kfDPly2GRPYDeg__.3600.1298228400-602414132|1JUKjvfo1Ri5s04x9v_vzf-sS8c&type=post&name=refacingme
when i using Chrome i get empty response :
{
"data": [
]
}
from where do you think the error is coming ??
It is true, I just fixed this bug a few days ago myself. The user must grant Extended Permissions for user_photos on your app. A few ways to do this:
1) Update your app info in FB Developer tab and add Extended permissions to your app. This will ask new users who register to give certain permissions before joining.
2) Alternatively, if the user has already added the app you can ask the user for permissions using the Javascript SDK call FB.login while they are in the app. (see code below)
FB.login(function(response) {
if (response.authResponse) {
// user is logged in and granted some permissions.
console.log("user is logged in and granted some permissions.")
} else {
// User cancelled login or did not fully authorize.
console.log("he failed to login or something")
}
}, {scope:'user_photos'});
This route requires you have set up the Facebook JavaScript SDK
I think you have not taken Extended Permission of user_photos. Take extended permission then you will not receive empty array