Jump to content
thejudge99

CONTRIBUTION Social Login with Facebook / Google 2.3.1/2

Recommended Posts

Ive just posted a small update.

 

After testing with SSL i discovered a javascript problem. Namely

 

The opening popup will not close when the parent page must be redirected to an SSL page from a non SSL page ( or vice versa )

 

in the following 2 files

catalog/googleloader.php

catalog/includes/login-facebook.php

 

find all occurences of

 

window.opener.document.location.href

 

replace with

 

window.opener.location.href

 

ps. This has nothing to do with the setting up of apps for both google and facebook - namey the redirect urls

 

@@crazy + sunrise you still need to correctly setup the apps - i just finished adding to another site with SSL ( hence how i found the javascript prob) and my setup instructions work flawlessley.

 

Jules

Share this post


Link to post
Share on other sites

Another small Help for setting up those redirect URLS.

 

 

Does my site use :

 

SSL: yes WWW : yes

 

google : Authorized Redirect URI: https://www.somedomain.com/googleloader.php

Facebook : Site URL : https://www.somedomain.com

 

SSL: yes WWW : no

 

google : Authorized Redirect UR: https://somedomain.com/googleloader.php

Facebook : Site URL : https://somedomain.com

 

SSL :no WWW : yes

 

google : Authorized Redirect UR: http://www.somedomain.com/googleloader.php

Facebook : Site URL : http://www.somedomain.com

 

SSL :no WWW : no

 

google : Authorized Redirect UR: http://somedomain.com/googleloader.php

Facebook : Site URL : http://somedomain.com

 

 

SSL :no WWW : no Subdomain: yes

 

google : Authorized Redirect UR: http://subdomain.somedomain.com/googleloader.php

Facebook : Site URL : http://subdomain.somedomain.com

 

SSL :yes WWW : no Subdomain: yes

 

google : Authorized Redirect UR: https://subdomain.somedomain.com/googleloader.php

Facebook : Site URL : https://subdomain.somedomain.com

 

 

 

where somedomain.com needs to be replaced with your own domain name

 

 

Hope that helps

 

Jules

Share this post


Link to post
Share on other sites

hmmm , when i type the address in the address bar of the browser it shows just a white page .

I have tried : http://www.crazycarz.pt/googleloader.php

 

This should call a page , am i right?

 

Gr, Rob

 

And when i try the link direct i get a Ooops , this page apears to be broken message...............

 

 

B.t.w. , thanks very much for your help!!!

Edited by CrazyCarzCustoms

Share this post


Link to post
Share on other sites

@@crazy ive sent you a reply

 

For information - google automatically makes the redirect url to be something like

 

 

http://www.somedomain.com/oauth2callback

 

which you have to manually change to

 

http://www.somedomain.com/googleloader.php

 

likewise

 

in

 

includes/google/src/config.php

 

should read

 

'oauth2_redirect_uri' => 'http://www.somedomain.com/googleloader.php',

 

When these 2 URLS are not identical - the mismatch error occurs.

 

 

ps. Opening googleloader directly in the browser WILL cause a just a white page - this page gets opened by google iteself with a token - this token then determines where it goes / what it does.

 

Jules

Edited by thejudge99

Share this post


Link to post
Share on other sites

it seems you are using www

 

try

 

http://www.ovizun.com as the Site URL

 

thanks for your help. Now it is okay.

 

But after I login using FB information.

 

I get new error from log file.

 

osc CSRF state token does not match one provided.

 

 

[New Problem] When I input user ID & password in facebook then it redirect me to: http://www.ovizun.com/login.php?oauth_provider=facebook&state=80e79fe161e02f036059802b31a8cd7f&code=AQDnRw_tXTJB_LIbnWSQa8a44ZKSY9LuZU4AP2Ixjpbu3kT7Cl1vl9b2__ZDPRvzah9wLzgSDb5dgV0wUF0U-Q7-ks1qawsNKrxnr7yrnlm1lffWxG_24GZDjkKTVg0eFBNNF6nx7KfBfm20Gxc4uRwn3dpDHJ1n-D3UbLRehP5vNv1S7QKsvxp8nNXkHeCGNHE#_=_

 

and showing a blank page.

Share this post


Link to post
Share on other sites

I set up the social login today. It works well...

I am using SSL.

The only problem is that the child window does not close and refresh the parent window.

 

I have made the updates as suggested

catalog/googleloader.php

catalog/includes/login-facebook.php

 

find all occurences of

window.opener.document.location.href

replace with

window.opener.location.href

 

These dont work. PLease suggest. Please check the URL here..

https://mallofstyle.com/shop/login.php

Share this post


Link to post
Share on other sites

@@sunrise is this an error that facebook gives or after you allow the app to get your details ?

 

 

@ahnshu javascript can only close the popup if javascript opened the popup - it seems on your site that your login window in opening in a new tab - ergo not opened with javascript.

 

check your page that you have this javascript

 

<script type="text/javascript"> jQuery(document).ready(function($) {	 jQuery('a.slogin').live('click', function(){		  newwindow=window.open($(this).attr('href'),'','height=500,width=850');	 if (window.focus) {newwindow.focus()}		   return false;		});	});</script>

 

if yes make sure you still use jquery.

 

The script will also work with javascript disabled - but this causes the main window to completely redirect to either google or facebook - which then uses the php header to redirect the page upon return. This isnt the case for you.

 

 

Jules

 

 

ps. im not a jquery or javascript wiz - this popup script if aquired from somewhere online and could probably be improved upon.

Edited by thejudge99

Share this post


Link to post
Share on other sites

@@sunrise this sounds similar to the problem i had when creating the google login and why i created googleloader.php.

 

I assume you are using Security Pro contribution and if yes try.

 

$security_pro->addExclusion('login.php');

 

with the line for googleloader.php. This will test if this contribution is interfering with your facebook tokens.

 

Jules

Share this post


Link to post
Share on other sites

I found an SQL error when trying to create an account using the standard create account form.

 

in catalog/create_account.php

 

8a in the of the original install i asked you

 

find

 

tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int)$customer_id . "', '0', now())");

 

replace instead with this:

 

// social login start
  tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('" . (int)$customer_id . "', '0', now(),1,1)");
// social login end

 

 

Jules

Share this post


Link to post
Share on other sites

@@sunrise is this an error that facebook gives or after you allow the app to get your details ?

 

 

well. I click on facebook login button in my website then it redirect me to facebook. after that, I input my user name & password in facebook then click on login button. after that, it should redirect me to www.ovizun.com. But, it redirect me to: http://www.ovizun.com/login.php?oauth_provider=facebook&state=7f0edde140b7811770dce7d3f7c4adf5&code=AQA3RvDdB2-UUeOAaTDiyjKXwom6YEpfWOsRFhI-jM8Ks5GWzwj5Cd9s_V_O4GCBlML1W7wo2HWA2D8Ep0-b9u39JXFhuuCl-R1vuYiLcQnOSqYyq9l57c7I6UtgoO6g3ZheqBmWEK2FyrhmJ6NSc1JrS5VvDu1rJ_fxqred9lPQYiYQQ_iZBtAHLpHvWiZH-Io#_=_

 

and showing a totally blank page.

Share this post


Link to post
Share on other sites

I tested your site and your login isnt opening in a popup although hovering over the bottons i see &js=1 which means the buttons get rewritten to prove javascript is not turned off. Not really sure why you dont get the login in a popup.

 

You have 2 choices - figure out why the script on your page -namely

 

<script type="text/javascript">
jQuery(document).ready(function($) {  
 jQuery('a.slogin').live('click', function(){
	 newwindow=window.open($(this).attr('href'),'','height=500,width=850');
  if (window.focus) {newwindow.focus()}	  
return false;  
});
});
</script>

 

isnt opening a popup . You have jquery still in your page right? or

 

If you dont want a popup then delete

 

<div class="jqt"></div>
<script>
$('#wojnf,#wojnt').remove();  
$(".jqt").append('<a class="slogin" href="login.php?login&oauth_provider=facebook&js=1" name="windowX"><img src="images/fb_login.png"></a> <a class="slogin" href="login.php?login&oauth_provider=google&js=1" name="windowX"><img src="images/g_login.png"></a>');
</script>

 

from login.php - this will then instead always redirect the main window with php header.

 

If you choose the later make sure you close your browser / logoff to kill all session data - or the javascript session will be still active and it will think theres a popup that needs closing

 

Jules

Edited by thejudge99

Share this post


Link to post
Share on other sites

I will post the reply i gave to crazy car as it will no doubt help others.

 

includes/google/src/config.php should look like this after inserting the keys.

 

// OAuth2 Settings, you can get these keys at https://code.google.com/apis/console   
'oauth2_client_id' => 'CLIENT_ID_GOES HERE',  
 'oauth2_client_secret' => 'CLIENT_SECRET_GOES HERE',  
  'oauth2_redirect_uri' => 'REDIRECT_URL_GOES HERE',   
// The developer key, you get this at https://code.google.com/apis/console   
'developer_key' => 'DEVELOPER_KEY_GOES HERE',

Edited by thejudge99

Share this post


Link to post
Share on other sites

I tested your site and your login isnt opening in a popup although hovering over the bottons i see &js=1 which means the buttons get rewritten to prove javascript is not turned off. Not really sure why you dont get the login in a popup.

 

You have 2 choices - figure out why the script on your page -namely

 

<script type="text/javascript">
jQuery(document).ready(function($) {  
 jQuery('a.slogin').live('click', function(){
	 newwindow=window.open($(this).attr('href'),'','height=500,width=850');
  if (window.focus) {newwindow.focus()}	  
return false;  
});
});
</script>

 

isnt opening a popup . You have jquery still in your page right? or

 

If you dont want a popup then delete

 

<div class="jqt"></div>
<script>
$('#wojnf,#wojnt').remove();  
$(".jqt").append('<a class="slogin" href="login.php?login&oauth_provider=facebook&js=1" name="windowX"><img src="images/fb_login.png"></a> <a class="slogin" href="login.php?login&oauth_provider=google&js=1" name="windowX"><img src="images/g_login.png"></a>');
</script>

 

from login.php - this will then instead always redirect the main window with php header.

 

If you choose the later make sure you close your browser / logoff to kill all session data - or the javascript session will be still active and it will think theres a popup that needs closing

 

Jules

 

Thanks!

I will update and check asap.

Share this post


Link to post
Share on other sites

if you are use osc231 version , you need change code:

 

includes/login-facebook.php

 

look for and comment out according to code reminder:

 

 

 

//2.3.2

tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int)$customer_id . "'");

 

//2.3.1 for 2.3.1 unhide the query below Hide the query above

//tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

$sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());

Edited by sunrise99

Share this post


Link to post
Share on other sites

I'm not sure what I'm missing here. I was able to login via facebook on your demo site, but I cannot do so on my client's site. (However, HE was able to.) We are also having problems with Google (I think largely the birthday formatting issue - his store does not require a DOB anyway, so where in the Google process can I comment out something to make it not check for that at all?) Does it affect anything if my store is not in the root but in /catalog? Thanks!

 

Edit: using 2.3.1, if that makes a difference, and I did do those comment changes as in the instructions.

Edited by maritrench

Share this post


Link to post
Share on other sites

Hi maritrench,

the social login follows the shops setup - ie if you setup Configuration / Customer Details and Date of Birth to be False then the login will also ignore it / wont check for it.

 

if (ACCOUNT_DOB == 'true') {
 $dob = tep_db_prepare_input($social_data["birthday"]);
 if ((is_numeric(tep_date_raw_social_logins($dob)) == false) || (@checkdate(substr(tep_date_raw_social_logins($dob), 4, 2), substr(tep_date_raw_social_logins($dob), 6, 2), substr(tep_date_raw_social_logins($dob), 0, 4)) == false)) {
  $error = true;

  //$messageStack->add('create_account', ENTRY_DATE_OF_BIRTH_ERROR);
  $error_stack["error"][]=ENTRY_DATE_OF_BIRTH_ERROR;
 }
}

 

and

if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw_social_logins($dob);

 

the same logic as with the standard form - if ACCOUNT_DOB = true then it checks for it - set it to false and it wont check DOB

 

If your friend can login with facebook but you cant then the script is working - whats probaby the cause is you having an account already ( setup with default create_account.php form) and the name (first and/or last name) is different to whats linked to the email address already stored. Ive got the script setup that all 3 must match - email - firstname - lastname.

 

Although unlikely it is possible for 2 people to signup with the same first and last names - however email addresses are unique so checking for all 3 is pretty sure to belong to 1 person.

 

Jules

Share this post


Link to post
Share on other sites

Hello,

 

Just installed you contrib and get following error message Parse error: syntax error, unexpected $end in /home/wihirt/public_html/catalog/login.php on line 170

 

I'm using v.1.2

 

Also when trying to create a new login I get following error 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,1' at line 1

 

insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('318', '0', now()),1,1

 

[TEP STOP]

 

Please advice

 

Cheers

Edited by pederb

-Peder Beckman-

Kool Kat Jazz Records

Share this post


Link to post
Share on other sites

version 1.3 contains the updated query - but that doesnt explain your parse error - looks like you made an editing error. Go back and double check your edits 14 a / b / c in the original install.

 

Jules

Share this post


Link to post
Share on other sites

version 1.3 contains the updated query - but that doesnt explain your parse error - looks like you made an editing error. Go back and double check your edits 14 a / b / c in the original install.

 

Jules

 

Found the error I think but it gets me errors when I click on facebook login "An error occurred. Please try again later." and from google "

Error: invalid_request

Invalid parameter value for redirect_uri: Missing scheme: REDIRECT_URL

Learn more

Request Details"

 

Cheers


-Peder Beckman-

Kool Kat Jazz Records

Share this post


Link to post
Share on other sites

looks like you didnt put your keys and / or redirect urls into the relevant config files or you did but didnt upload them. Seeing error text from google in the form REDIRECT_URL means this is empty. This should literally contain a URL.

 

Jules

Share this post


Link to post
Share on other sites

Nice work,

 

Can this be made admin compatible. That you only have to fill the API keys on the admin side. Not in de code. Same as URL?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×