Jump to content
thejudge99

CONTRIBUTION Social Login with Facebook / Google 2.3.1/2

Recommended Posts

Need urgent help to login with Facebook:

 

I am using 2.3.1, I have integrate this contibution as instructed.

 

But once I logged in with username and password in the login popup, its authenticated, but does not return to store, finaly throw too many redirections error.

 

Error log also showing "CSRF state token does not match one provided."

 

Please refer the attached screenshots for my App settings and permissions settings (I tried with default permissions settings too).

 

I really need you guys help on this.

 

Thanks

Sankar

post-321384-0-76651100-1368246976_thumb.png

post-321384-0-62603300-1368246986_thumb.png

Share this post


Link to post
Share on other sites

your page seems to work fine for me - although im not allowing your app to post to my friends on my behalf - so i dont come further - but no redirects

Share this post


Link to post
Share on other sites

Hello:

 

Great contribution! I was tackling this facebook connect issue for a while using an sdk2 contribution that was ripping my hair out. This worked pretty much out the box and I integrated twitter in as well. Although i am noticing 2 problems:

 

(1) Double pop-up : Seems when user clicks that browser pop-up two logins one on top of another. They both disappear once user logs in but it's a bit disconcerting. Anyone having this issue?

 

(2) Google Login goes through the motions when user clicks. The pop-up login opens asking for permission. But when user continues it simply turns into a white screen (in the pop-up) as if frozen. It doesn't update the store with the user info. Any ideas on how to debug this?

 

Thanks in advance for a great contribution! I will share my twitter function once complete to be part of the contr.

Share this post


Link to post
Share on other sites

Hi jimmy

 

The double popup sounds like it could be from the query slide which is used in the last update ( if memory serves its called sexy popup) which isnt actually done by me so i cant say.

 

The google login sounds like a setup / config error ( mismatch with the redirect URL ).

 

As for Twitter ive already coded a login function but i didnt supply it as its not really adequate for a shop. Twitter does not supply Email address as a means of proving credentials only first and last name.

As its possible ( although unlikely ) that more than one shop customer can have the same first and last name , it could create some problems.

However as Email addresses are unique - testing credentials against first / last name AND Email ( which my contribution does) proves 100% that the customer is who he/she says he is.

Share this post


Link to post
Share on other sites

The double popup sounds like it could be from the query slide which is used in the last update ( if memory serves its called sexy popup) which isnt actually done by me so i cant say.

 

I only installed the first version package, didn't see the updates as relevant for beta testing, yet as none addressed the double pop up, so unfortunately it cant be as easy as the sexy popup version. Hmmm...wonder what is going on. Jquery is active but for other things, wonder how to debug this.

 

The google login sounds like a setup / config error ( mismatch with the redirect URL )..

 

I'll double check the instructions on this but just to double check this is what I have, x is the ID I got which I also put in developer key because I was thinking those are the same things (couldn't find anything that actually said developer key on the google side):

 

// OAuth2 Settings, you can get these keys at [url="https://code.google.com/apis/console"]https://code.google.com/apis/console[/url]
'oauth2_client_id' => 'xxxxxxxxxxxx.apps.googleusercontent.com',
'oauth2_client_secret' => 'yyyyyyyyyyyyyyyyyyyyyyyyyyy',
'oauth2_redirect_uri' => 'http://www.sitename.com/sandbox/catalog/googleloader.php'

// The developer key, you get this at [url="https://code.google.com/apis/console"]https://code.google.com/apis/console[/url]
'developer_key' => 'xxxxxxxxxxxx',

 

As for Twitter ive already coded a login function but i didnt supply it as its not really adequate for a shop. Twitter does not supply Email address as a means of proving credentials only first and last name.

As its possible ( although unlikely ) that more than one shop customer can have the same first and last name , it could create some problems.

However as Email addresses are unique - testing credentials against first / last name AND Email ( which my contribution does) proves 100% that the customer is who he/she says he is.

I've already coded a work around to this by forcing a user who just logged in without email data or address data (in the case of facebook and twitter) to be shown the update fields page. There only option if logged in with an account without email address or address is this page. I will try to zip it up and make it a contriibution to the package.

Edited by jimmylaz

Share this post


Link to post
Share on other sites

Hi Everyone:

 

I added to this contribution concerning the twitter issue @@thejudge99 mentioned and I also experienced. This also applies to fb accounts and google accounts. Basically it runs a check to make sure address is a valid one and if it is not returns the Update Address page with an alert saying "You have logged in using a social media account that does not give us required information. Please fill in the required fields to create an account or continue to browse" The user can at this point add their address or be sent to a browsing mode.

 

So as thanks for contribution in the first place, here is as promised my "force address" mod for it:

 

 

1) Please add the below function to includes/functions/general.php
##############################################

function tep_check_valid_address()
{
global $messageStack;


if( !isset($_SESSION['customer_id'])) return;


if(!strstr($_SERVER['PHP_SELF'],CONTENT_ADDRESS_BOOK_PROCESS.'.php') &&
!strstr($_SERVER['PHP_SELF'],CONTENT_LOGOFF.'.php') &&
!strstr($_SERVER['PHP_SELF'],CONTENT_ACCOUNT_EDIT.'.php') 
) {
/* first make sure the user does have a valid email address */
$valid_email_query = tep_db_query(" SELECT customers_email_address FROM ".TABLE_CUSTOMERS." WHERE customers_id = " .(int)$_SESSION['customer_id']);
$valid_email_result = tep_db_fetch_array($valid_email_query);
if( $valid_email_result['customers_email_address'] == '' ) {

$messageStack->add_session('account_edit', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'NONSSL', false));
}

$addresses_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'");
$addresses = tep_db_fetch_array($addresses_query);

if($addresses['total'] == 1) { 
$single_address_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$_SESSION['customer_id'] . "'");
$single_address_res = tep_db_fetch_array($single_address_query);
if( $single_address_res['entry_street_address'] == '' ||
$single_address_res['entry_street_address'] == 'default' ||
$single_address_res['entry_postcode'] == '' ||
$single_address_res['entry_postcode'] == 'default' ||
$single_address_res['entry_city'] == '' ||
$single_address_res['entry_city'] == 'default'
) {

$messageStack->add_session('addressbook', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit='.$single_address_res['address_book_id'], 'NONSSL', false));
}
} elseif($addresses['total'] == 0) {

$messageStack->add_session('addressbook', sprintf(IS_VALID_ACCOUNT, tep_href_link(FILENAME_LOGOFF, 'to=home', 'NONSSL', false) ), 'error');
tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'NONSSL', false));
}
}
}

2) Add the below function to the includes/application_top.php file at last
############################################

tep_check_valid_address();

3) Add the following code to includes/english/core.php
###########################################

define('IS_VALID_ACCOUNT','You have logged in using a social media account that does not give us required information. Please fill in the required fields to create an account or <a href="%s">browse without account.</a>');

Edited by jimmylaz

Share this post


Link to post
Share on other sites

Hi, I try the add-on and it works with the google and Facebook login.

 

However, if the customer already has an account on the site, the google or Facebook login will not work.

 

The other problem is when they first time logging with Google or Facebook, the system doesn't ask them to create a password even they update their profile.

 

So is that what is supposed to be?

Share this post


Link to post
Share on other sites

hi ken0306

 

As ive already posted , if someone already has an account in the shop - the 3 fields First / Last name and Email address will already exist.

 

Then if someone tries to login with facebook or google and those same 3 fields are not identical - login will fail.

 

IF email is found - but the first and last names are something different - that could be concieved as Fraud , and without email address we could mistakenly log someone into the shop to someone elses login.

 

This is the reason why TWITTER SHOULD NOT BE USED - without Email this is not suitable .

 

As for Password - if someone creates a new account by using facebook or google - we dont need a password - the authentication will always be performed by FB or G.

 

If however someone creates an account with FB or G and then needs to login through the shops internal login then the customer will have to use the password recovery to generate a real shop password.

 

Jules

Edited by thejudge99

Share this post


Link to post
Share on other sites

That makes sense, thank you for your reply.

 

So here is my ideal of process not sure if that help or not.

 

If customer email doesn't in the database, account create will be processed as what the current add-on does.

 

If customer email already in database, login panel will display an error message and let them know they need to login and link under the account section FB or G account link can be done under the account section (something like Facebook link to Twitter).

 

ken

Share this post


Link to post
Share on other sites

hi

i am trying to install this module, but cannot locate the accounnt_edit.php file in my copy.

pls help.

 

Regards

 

sam

Share this post


Link to post
Share on other sites

I installed at www.aawisdom.com/store. It didn't work. I got this installed

Consolidated Login with Guest Checkout for 2.3.1 v1.0.

 

If yours really supposed to work, I can only think of three reasons why it didn't work.

 

1. Because Guest Checkout required me to erase create_account.php.

2. My facebook App was in "Sand Box" mode."

3. My store has Configuration->Session-> Force Cookie Use to be false.

 

However, the google login also didn't work.

 

Now I will test at aawisdom.com/store2 and try again. Guest Checkout isn't installed there.

 

Lastly, not only it didn't work, it messed up all sign up and caused errors. All new sign up will get this message if I kept it installed:

 

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,1' at line 1

 

insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('25', '0', now()),1,1

 

Any sugesstion or clarification?

Share this post


Link to post
Share on other sites

I installed at www.aawisdom.com/store. It didn't work. I got this installed

Consolidated Login with Guest Checkout for 2.3.1 v1.0.

 

If yours really supposed to work, I can only think of three reasons why it didn't work.

 

1. Because Guest Checkout required me to erase create_account.php.

2. My facebook App was in "Sand Box" mode."

3. My store has Configuration->Session-> Force Cookie Use to be false.

 

However, the google login also didn't work.

 

Now I will test at aawisdom.com/store2 and try again. Guest Checkout isn't installed there.

 

Lastly, not only it didn't work, it messed up all sign up and caused errors. All new sign up will get this message if I kept it installed:

 

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,1' at line 1

 

insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created, valid_address, personal_details_valid) values ('25', '0', now()),1,1

 

Any sugesstion or clarification?

Share this post


Link to post
Share on other sites

I got back to the development of my site after a long time, and I now see that the facebook login does not work. I get a redirect loop.

Google login works fine. The strange thing is that when I first installed the addon sometime ago, both worked. I tried clearing my cookies but did not work. Any ideas?

Share this post


Link to post
Share on other sites

any ideas? :/

 

I'm using security pro, but that doesn't seem to be causing the problem. I've tried disabling it, and still the same happens.

 

What is confusing is, that when I first installed it, it worked fine and I've tested it. I can't remember what else I've installed since then, but I don't think that there can by anything that interferes.

Share this post


Link to post
Share on other sites

Now it works again, without me doing anything. I think it has something to do with some problems I was having with persistent osCsid

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×