I'm using the hoauth extension for user authentication and I want to make an optional account merge, where if a user logs in with a facebook account and a google+ account that have the same email they get asked to optionally merge those two accounts.
Currently when I try and login with a google+ account with an email that is already bound to a facebook account I get the following message:
This E-mail address is taken by another user. If this is your account, enter password in field below or change E-mail address and leave password blank.
I want to remove this and add the optional merge and after merge they should be logged in, or if they chose not to merge the accounts I want to still allow them to login with that provider instead of showing this message.
I fount the piece of code that handles this, but what would be an effective way to achieve my goal.
/extensions/hoauth/models/HUserInfoForm.php is the location of validateUser() which handles the check.
I'm open to any and all suggestions, thank you.
Related
Does anyone know how to set the "Email Address" as mandatory when a user logins in via Facebook using Socialite (if it is possible)?
At the moment my integration allows the user to remove the Email Address from the data that will be shared by Facebook on the Facebook side.
While we don't currently use the email address to contact the user, we do use it for matching accounts together if they login via different methods. This makes the site easier for the user overall.
If this is not possible then in the long run I may need to revoke the users access if they don't share the email address in order to avoid data issues. However I will hopefully be able to avoid this.
Any help is appreciated.
Thanks,
Cs1h
You can't explicitly require it, it's up to the user to share it or not when authorizing so you need to build your application to support this.
In my opinion if they don't choose to share the email then you should detect this and have a page that asks them to enter it manually and send them an activation link to confirm their account before linking.
Currently I am creating website that allow user login by their facebook. and the website require their email.
the problem is how to facebook authorization with require their email.
but when the user doesn't give their email permission, how to cancel the authorization process.
I know facebook docs tell me, that facebook was not guarantee we grab the user email. but how to cancel when the user does not allow their email in permission list
https://developers.facebook.com/docs/facebook-login/permissions/v2.3
email
Provides access to the person's primary email address via the email
property on the user object.
Do not spam users. Your use of email must comply with both Facebook
policies and with the CAN-SPAM Act.
Note, even if you request the email permission it is not guaranteed
you will get an email address. For example, if someone signed up for
Facebook with a phone number instead of an email address, the email
field may be empty.
Review Your app may use this permission without review from Facebook.
when user disable their email permissions picture :
[SOLVED]
I can using user revoking permissions.
see here :
Using Laravel Socialite to Manage User socials setting (like pinterest at user settings page)
I've implemented Google OAuth 2.0 login on a site that I'm working on. It works fine, except in situations when the user is logged with two or more different accounts on the same browser. It's asking him to choose which one he want's to use. But it's asking the user every time to choose the account. Is there a way to remember this, so the user can choose the account only the first time and later automatically to log him with that account?
You can put hd=domain.com parameter in the request to Google, but that only helps if the two logged accounts are from different domains and it can than log the user in with #domain.com account.
I read somewhere that you can send user_id account as a parameter to Google (I guess that would be the email address), but in this case I don't know the users email address before he logs in.
I think this behavior is the same if you use OpenID.
I'm using Google's PHP OAuth library.
Thanks,
Andrej
Google should have a cookie set that enables OAuth applications to tell what account to currently use.
If you know the email address you want to log in with, you can use the login_hint parameter and they won't see the account chooser. See https://developers.google.com/accounts/docs/OAuth2Login#sendauthrequest
How would I go about protecting admin or user accounts on my site(s) from brute-force password cracking attempts, using 2-step (a.k.a. 2-factor) authentication? I really want to use SMS 2-Step authentication for my site(s), but I can't find a free provider that is willing to let me send SMS text messages to my [or my customers] cellphones to authenticate access nor an API to do so automatically.
So now I just want to make sure nobody can get into the admin section of my site by sending me an email with a temporary (active for only about 5-10 minutes) code to my private Yahoo or Google email address (hidden in a PHP file), that both already implement SMS two-step authentication, every time I get my username and password correct at the admin login page.
Email identity verification at user login for normal users would be too cumbersome and annoying to implement for every member of my site. SMS would be too, if there were no way to disable it. However I don't mind going to my email to get the code at every admin login attempt if it means extra security for my site(s).
I'm looking [specifically] for some type of PHP session-based code that I can put at the top of my admin pages, and a random code generator to create and send the code to my email for the admin login. Any help would be greatly appreciated!
Twitter and Facebook invite new users to send an invitation to everyone in their Gmail, Hotmail, or Yahoo Mail accounts.
Is it easy to add this functionality to a website?
Thanks,
John
Last I checked you basically have to pretend to be a web browser then programatically log in to the site, scrape the contacts, then compose/send the message. It isn't difficult, but it is time consuming as each of these services works differently.
I does, however, look like people have written script for some of this though: example.
Yes!
What they generally do is to send in the email a special URL that contain a code, for example:
www.mysite.com?UserCode=ABC
That code (ABC) is associated to the email of the user so the application undestand which user is trying to subscribe. You must keep in a database the pair: email, code.
HTH
All of the above answers are correct, here is a summary and some more explanation:
You first need to get the user's login for each service you want to get contacts from (I personally don't understand why people would do that - I would never give my GMail password to Facebook, let along some little known web site).
Then you can simulate a login to the said website and grab their contact list as an export (all serious email services allow you to export the contact list as CSV or something). You can implement this yourself or use some external library such as contactgrabber mentioned by Haim.
You then go over their list of contacts and for each contact you generate a key (you want to generate a unique key for each email you send so you'd know who responded to you). Generating the keys is easy - take some info like the current user's email plus the target email address, add the current time and pass everything to a hashing function like SHA1 - should do the trick.
Now store in a database table for each contact you got: the inviting user's ID, the email address being invited and the key you generated.
Lastly send a nice email to each contact with a URL to your website's "invitation activation page" with the correct key applied - like so: http://www.somesite.com/invited?key=123456780abcdefgh
when that page is accessed, get the key from the URL and find it in the table - that would give you the email address that activated the invite and the user that invited them. From here you can take it to where ever you want.