Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CONTRIBUTION Social Login with Facebook / Google 2.3.1/2


thejudge99

Recommended Posts

  • 2 weeks later...

Need urgent help to login with Facebook:

 

I am using 2.3.1, I have integrate this contibution as instructed.

 

But once I logged in with username and password in the login popup, its authenticated, but does not return to store, finaly throw too many redirections error.

 

Error log also showing "CSRF state token does not match one provided."

 

Please refer the attached screenshots for my App settings and permissions settings (I tried with default permissions settings too).

 

I really need you guys help on this.

 

Thanks

Sankar

post-321384-0-76651100-1368246976_thumb.png

post-321384-0-62603300-1368246986_thumb.png

Link to comment
Share on other sites

  • 1 month later...

Hello:

 

Great contribution! I was tackling this facebook connect issue for a while using an sdk2 contribution that was ripping my hair out. This worked pretty much out the box and I integrated twitter in as well. Although i am noticing 2 problems:

 

(1) Double pop-up : Seems when user clicks that browser pop-up two logins one on top of another. They both disappear once user logs in but it's a bit disconcerting. Anyone having this issue?

 

(2) Google Login goes through the motions when user clicks. The pop-up login opens asking for permission. But when user continues it simply turns into a white screen (in the pop-up) as if frozen. It doesn't update the store with the user info. Any ideas on how to debug this?

 

Thanks in advance for a great contribution! I will share my twitter function once complete to be part of the contr.

Link to comment
Share on other sites

Hi jimmy

 

The double popup sounds like it could be from the query slide which is used in the last update ( if memory serves its called sexy popup) which isnt actually done by me so i cant say.

 

The google login sounds like a setup / config error ( mismatch with the redirect URL ).

 

As for Twitter ive already coded a login function but i didnt supply it as its not really adequate for a shop. Twitter does not supply Email address as a means of proving credentials only first and last name.

As its possible ( although unlikely ) that more than one shop customer can have the same first and last name , it could create some problems.

However as Email addresses are unique - testing credentials against first / last name AND Email ( which my contribution does) proves 100% that the customer is who he/she says he is.

Link to comment
Share on other sites

The double popup sounds like it could be from the query slide which is used in the last update ( if memory serves its called sexy popup) which isnt actually done by me so i cant say.

 

I only installed the first version package, didn't see the updates as relevant for beta testing, yet as none addressed the double pop up, so unfortunately it cant be as easy as the sexy popup version. Hmmm...wonder what is going on. Jquery is active but for other things, wonder how to debug this.

 

The google login sounds like a setup / config error ( mismatch with the redirect URL )..

 

I'll double check the instructions on this but just to double check this is what I have, x is the ID I got which I also put in developer key because I was thinking those are the same things (couldn't find anything that actually said developer key on the google side):

 

// OAuth2 Settings, you can get these keys at [url="https://code.google.com/apis/console"]https://code.google.com/apis/console[/url]
'oauth2_client_id' => 'xxxxxxxxxxxx.apps.googleusercontent.com',
'oauth2_client_secret' => 'yyyyyyyyyyyyyyyyyyyyyyyyyyy',
'oauth2_redirect_uri' => 'http://www.sitename.com/sandbox/catalog/googleloader.php'

// The developer key, you get this at [url="https://code.google.com/apis/console"]https://code.google.com/apis/console[/url]
'developer_key' => 'xxxxxxxxxxxx',

 

As for Twitter ive already coded a login function but i didnt supply it as its not really adequate for a shop. Twitter does not supply Email address as a means of proving credentials only first and last name.

As its possible ( although unlikely ) that more than one shop customer can have the same first and last name , it could create some problems.

However as Email addresses are unique - testing credentials against first / last name AND Email ( which my contribution does) proves 100% that the customer is who he/she says he is.

I've already coded a work around to this by forcing a user who just logged in without email data or address data (in the case of facebook and twitter) to be shown the update fields page. There only option if logged in with an account without email address or address is this page. I will try to zip it up and make it a contriibution to the package.

Edited by jimmylaz
Link to comment
Share on other sites

Hi Everyone:

 

I added to this contribution concerning the twitter issue @@thejudge99 mentioned and I also experienced. This also applies to fb accounts and google accounts. Basically it runs a check to make sure address is a valid one and if it is not returns the Update Address page with an alert saying "You have logged in using a social media account that does not give us required information. Please fill in the required fields to create an account or continue to browse" The user can at this point add their address or be sent to a browsing mode.

 

So as thanks for contribution in the first place, here is as promised my "force address" mod for it:

 

 

1) Please add the below function to includes/functions/general.php
##############################################

function tep_check_valid_address()
{
global $messageStack;


if( !isset($_SESSION['customer_id'])) return;


if(!strstr($_SERVER['PHP_SELF'],CONTENT_ADDRESS_BOOK_PROCESS.'.php') &&
!strstr($_SERVER['PHP_SELF'],CONTENT_LOGOFF.'.php') &&
!strstr($_SERVER['PHP_SELF'],CONTENT_ACCOUNT_EDIT.'.php') 
) {
/* first make sure the user does have a valid email address */
$valid_email_query = tep_db_query(" SELECT customers_email_address FROM ".TABLE_CUSTOMERS." WHERE customers_id = " .(int)$_SESSION['customer_id']);
$valid_email_result = tep_db_fetch_array($valid_email_query);
if( $valid_email_result['customers_email_address'] == '' ) {

$messageStack->add_session('account_edit', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'NONSSL', false));
}

$addresses_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'");
$addresses = tep_db_fetch_array($addresses_query);

if($addresses['total'] == 1) { 
$single_address_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'");
$single_address_res = tep_db_fetch_array($single_address_query);
if( $single_address_res['entry_street_address'] == '' ||
$single_address_res['entry_street_address'] == 'default' ||
$single_address_res['entry_postcode'] == '' ||
$single_address_res['entry_postcode'] == 'default' ||
$single_address_res['entry_city'] == '' ||
$single_address_res['entry_city'] == 'default'
) {

$messageStack->add_session('addressbook', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit='.$single_address_res['address_book_id'], 'NONSSL', false));
}
} elseif($addresses['total'] == 0) {

$messageStack->add_session('addressbook', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'NONSSL', false));
}
}
}

2) Add the below function to the includes/application_top.php file at last
############################################

tep_check_valid_address();

3) Add the following code to includes/english/core.php
###########################################

define('IS_VALID_ACCOUNT','You have logged in using a social media account that does not give us required information. Please fill in the required fields to create an account or <a href="%s">browse without account.</a>');

Edited by jimmylaz
Link to comment
Share on other sites

Hi, I try the add-on and it works with the google and Facebook login.

 

However, if the customer already has an account on the site, the google or Facebook login will not work.

 

The other problem is when they first time logging with Google or Facebook, the system doesn't ask them to create a password even they update their profile.

 

So is that what is supposed to be?

Link to comment
Share on other sites

hi ken0306

 

As ive already posted , if someone already has an account in the shop - the 3 fields First / Last name and Email address will already exist.

 

Then if someone tries to login with facebook or google and those same 3 fields are not identical - login will fail.

 

IF email is found - but the first and last names are something different - that could be concieved as Fraud , and without email address we could mistakenly log someone into the shop to someone elses login.

 

This is the reason why TWITTER SHOULD NOT BE USED - without Email this is not suitable .

 

As for Password - if someone creates a new account by using facebook or google - we dont need a password - the authentication will always be performed by FB or G.

 

If however someone creates an account with FB or G and then needs to login through the shops internal login then the customer will have to use the password recovery to generate a real shop password.

 

Jules

Edited by thejudge99
Link to comment
Share on other sites

That makes sense, thank you for your reply.

 

So here is my ideal of process not sure if that help or not.

 

If customer email doesn't in the database, account create will be processed as what the current add-on does.

 

If customer email already in database, login panel will display an error message and let them know they need to login and link under the account section FB or G account link can be done under the account section (something like Facebook link to Twitter).

 

ken

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

I installed at www.aawisdom.com/store. It didn't work. I got this installed

Consolidated Login with Guest Checkout for 2.3.1 v1.0.

 

If yours really supposed to work, I can only think of three reasons why it didn't work.

 

1. Because Guest Checkout required me to erase create_account.php.

2. My facebook App was in "Sand Box" mode."

3. My store has Configuration->Session-> Force Cookie Use to be false.

 

However, the google login also didn't work.

 

Now I will test at aawisdom.com/store2 and try again. Guest Checkout isn't installed there.

 

Lastly, not only it didn't work, it messed up all sign up and caused errors. All new sign up will get this message if I kept it installed:

 

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,1' at line 1

 

insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('25', '0', now()),1,1

 

Any sugesstion or clarification?

Link to comment
Share on other sites

I installed at www.aawisdom.com/store. It didn't work. I got this installed

Consolidated Login with Guest Checkout for 2.3.1 v1.0.

 

If yours really supposed to work, I can only think of three reasons why it didn't work.

 

1. Because Guest Checkout required me to erase create_account.php.

2. My facebook App was in "Sand Box" mode."

3. My store has Configuration->Session-> Force Cookie Use to be false.

 

However, the google login also didn't work.

 

Now I will test at aawisdom.com/store2 and try again. Guest Checkout isn't installed there.

 

Lastly, not only it didn't work, it messed up all sign up and caused errors. All new sign up will get this message if I kept it installed:

 

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,1' at line 1

 

insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('25', '0', now()),1,1

 

Any sugesstion or clarification?

Link to comment
Share on other sites

  • 3 weeks later...

I got back to the development of my site after a long time, and I now see that the facebook login does not work. I get a redirect loop.

Google login works fine. The strange thing is that when I first installed the addon sometime ago, both worked. I tried clearing my cookies but did not work. Any ideas?

Link to comment
Share on other sites

any ideas? :/

 

I'm using security pro, but that doesn't seem to be causing the problem. I've tried disabling it, and still the same happens.

 

What is confusing is, that when I first installed it, it worked fine and I've tested it. I can't remember what else I've installed since then, but I don't think that there can by anything that interferes.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...