non-dev user always has ID 0 - php

I have ran into a serious problem that must be resolved before continuing with the development.
My boss created the app, for him it works exactly as expected - the user is logged in, the data is accessible, everything works. BUT for every other user, $facebook->getUser() ALWAYS returns 0, no matter what. Obviously, I'm logged into facebook, there is also a login link in the app, but clicking it doesn't work, nothing changes.
This problem only occurs for users that are not in any way connected to the app!
I confirmed my developer request to that app a few days ago and it now works for my account, before that it did not work, not for me, not for any other user we tried, no matter if the app was public or in dev mode, which technically shouldn't matter for authentication.
We tried many things, eventually existing code shared on the internet, like the code from the bottom of this article: http://www.thegeekstuff.com/2014/03/develop-facebook-app/
(with our own app ID and secret, of course)
Not that it changed anything, but just to give you a ready code example.
Even if I deleted everything below "$user = $facebook->getUser();" and just put echo $user; die(); after that, it always showed the user ID as 0.
Another thing I've noticed that might help in solving this problem is the following: with the same code from the article, my boss' session contains several variables at all times, but when I open the app with a non-dev user, at first there is only the "fb_app-id_state" variable, and when I refresh the page, it gets deleted and session is empty. If I refresh the page again, the variable is created again with a different value, another refresh and it's gone again, and so on.
After a day of trying to get this shit to work with PHP, I switched to the JS SDK. Apparently it also doesn't work, however, I have yet to receive specifics from my boss since I don't have a fake account to test it myself.
The obvious question is: what is going on and why isn't the authentication working as expected?
Edit: my code - http://pastebin.com/qCPtfTHs

You need looking for app settings. Only owner, app admin, dev, can use your aplication on sandbox mode. All other users this app dont work or work buggy. Remove test mode, and put out app in live mode.

Related

iPhone problems with PHP sessions

This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.

Problems logging into Magento Admin

Occasionally I run into a problem logging into the Magento admin panel. The username and password I enter is correct and the url in the browser window tells me that I have logged in correctly (ie: I see domain.com/index.php/admin/areallylongstring), however the login window is displayed again. No error message telling me that the log in details are incorrect is displayed, I am just routed back to the log in window. Has anyone come across this before and can anyone please suggest a solution?
Thanks!
Try start a private browser session and see if you can login, if so clear your cookies for the website and you should be able to login.
I occasionally get this problem, next time I get it I will dig into the code with my debugger to see what is actually going on.
This problem arises due to multiple reasons and the cheapest solution for this will be comment out the following lines in one of core files of magento.
FILE :- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php.
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()//,
//dependes which versin of mage you are using, you may comment these as well
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
Find out above code in that file and then comment out those three cookies as shown above.
But as I said it is the cheapest and easiest solution that you can go with. For more information, checkout this link

During PayPal redirect to pay, Customer loses session on return - on tablet/android

THe problem only occures on tablets (perhaps phones too) - tested on nexus 7 and ipad2. It works fine on my desktop computer & laptop and everyone elses computers.
I have a homemade shop made with PHP. User gets redirected to paypal to pay, and upon return all of a sudden his session is gone (or empty?), as he is no longer logged in (thus can't see the order summary, as i require the user to be logged in).
It does this on both Chrome & Firefox browsers (android tablet - nexus 7) and on ipads' safari. It appears it also clears the "local cookie".
As i said, it works fine on regular desktop computers - so yes... i did restart the session and stuff on the users return (and every other page involved).
Whats the best way of dealing with this?
Am i doing something wrong or is everything working as intended for tablets?
My solution atm would be to simply reset the required session variables on the return (i would identify the user with the token_id), without doing a proper login/password check - seems risky, or no?
**edit ->
I just wanted to add that the session (and its variables) are retained IF the users clicks on "cancel" on the paypal site during the payment process. ** eidt2 -> which is odd, because both return links run the same script
WHAT IS GOING ON :-(
I think i found "a" solution after a day full of head scratching.
If i add die(); right after the header redirect in my paypal processing file, it works on tablets.
Not sure why it worked fine before on desktop, but this "fix" seems to solve my lost session problem for tablets.

Loggin a user out of a database on browser close PHP/MySQL

I have seen MANY questions on this before online in many places, however, out of about 30 forums and whatnot, NONE of them have had the solution I need, and that includes stackoverflow. If anyone could help me find a reliable solution, it would be greatly appreciated, so thanks in advance!
I'm going to explain my site and situation with as much detail as possible in order to help any who want to help answer my questions. Here is my situation:
I have a website and I use PHP and MySQL. My website is a "private" organization site. In order to allow people access to the site, I send new members of our organization and invite code. The user then visits the website, and the index.php file simply contains a form for logging in as well as a link to the registration pages. New members click the "Register Here" link to begin registration. The first registration page asks for the user's last name and invite code which are checked against a database to make sure that person is on the list and has not yet registered. If they pass the check, they are taken to the next page in which they enter required information (username & password, email address, etc.) as well as some optional information (phone, bio, etc.). If the user creates a valid username and password and has all required fields filled out, their information is stored in a database. Passwords are all salted and hashed properly and securely, so there is no problem there, and the whole registration process works as it should. After registering, the user is taken back to index.php where they can now log into using the username and password they just created. This works as well; when the user logs in, their username and password are checked against the database, and if successful, the user is logged in. When the user is logged in, an ONLINE value in the database is set from False to True. The user is now logged in and can use the site as it is intended. On my site, there is a column that lists users that are currently online (based on the ONLINE value from the database). When the user clicks the "Log Out" button which is located on every page of the site, the logout.php script is run, ending the session and setting the ONLINE value back to False. This all works fine and dandy, however, the problem comes when the user closes the browser without logging out first. This is where I have seen many different "solutions" various places on the internet. I am going to explain why they won't work and why I need a better solution.
The answers I see most often involve some sort of session timeout or destroying sessions, which is irrelevant because of the fact that the session already does, in fact, end when the user closes the browser, but that has no effect on telling other users whether or not that person is currently online. When the session ends, the database won't be updated, which causes a problem due to the fact that a user can only be logged in from a single instance. If a user attempts to log in while their ONLINE value is already set to TRUE, they aren't allowed to log in.
I have also seen suggestions of using a "Last Seen" value instead of an online value, and if a user hasn't had any activity within the past x amount of minutes, log the user out. This won't work, however, for two reasons. 1) That script still has to be running somewhere in order for that to work, meaning another user must be logged in for that to work. That basically means that, if using this method, if a user closes their browser or if they loose connection, they won't be able to log back in until another user logs in. With my organization being a small, locally based organization as it is, there are likely to be many times in which there are no users online. Also, even if another user is logged in, the user whose connection was lost still won't be able to log back in until after x amount of minutes has passed, so if the user accidentally closed their browser and wanted to log back in immediately, they simply wouldn't be able to.
A less frequent solution I came across involved using the onBeforeUnload JavaScript function, but those most definitely will not work due to the fact that those would trigger any time a user clicked on a link or on the "Back" and "Forward" buttons. Also, if the user has JavaScript disabled in their browser, this will not work at all.
The last thing I have seen involves while loops and the connection_aborted function, and this is the only one that seems like it could work, yet I have not seen a very clear description of how this should work, and after spending months experimenting with it, I still have not come up with a reliable solution.
In many forums, I have seen people say that "it's not possible," but that can't be the case considering there are sites that do it somehow. I have tested and experimented with this on several sites. On a site that has users such as Facebook or any forum website, there is a list of "online" users, and in the case that a user closed their browser, their name would no longer appear on the list, so it is possible, even if it can only be achieved through some obscure method. So, if anyone knows of a solution, I would greatly appreciate if you could share some of your wisdom on this subject!
Try creating a Heartbeat mechanism in javascript.
this method would start sending an ajax call to your webmethod on timely basis use.
setInterval(function(){
sendPulse();
},30000);
sendPulse(){
var varUserID = userID;//any unique user identifier that can be found on server side
$.ajax({
url: "Default.php/updateUserStatus",
UserID: varUserID,
type: "POST",
dataType: "json",
contentType: "application/json; charset=utf-8",
success: function (mydata) {
//alert("pulse sent");
}
});
}
On server side, you must have a method with same name and case sensitive parameter. the should be static and marked as webmethod. in this method save the current time for the user. you should have a mechanism to know what users have very old pulse, do this check when a user tries to do something or performs any operation. I have implemented this approach and works very well.
That's the answer: persistent connection between client and server. For this, you will need a TCP connection, like websockets nowadays, or a flash old duplex connection. From here on, TCP takes care of noticing you when someone connects or disconnects. What you got to do is a websocket server (for example) who just traks connections (push and pop from an array), and also a way to respond to a "get_users_online" message. You can access your user's session (read only) via the websocket server, and then see if the user is logged-in (and in this way, you can store his nickname in session, access further from websocket server), see if he is admin (session->is_admin).
Pretty simple, I would say.
Here is the library I've been using: http://socketo.me/ . It uses a library for decoding symfony2 sessions, but for simple applications, you don't need decoding (symfony2 applications encodes sessions, so the websocket server has to decode them).
Big note: Sessions has to be stored externally (not in file system /tmp) like a ORM or NoSql.
Either way, escuse me, but I have to say that that the "Last time" seen is super okey. Most of the sites rely on this. You understood something wrong, you don't need to have a living server for checking "Last time" always, when you request /admin.php?users_online=1 , you make a query where "Last seen > NOW() - 5 minutes" (won't work written like that), so you can even get rid of the "ONLINE" "OFFLINE" field.
I suggest using a websocket approach, it's fun. :)
Good luck!

reset all logged in users after they shutdown their consoled

i have list of student who have Nintendo DSs, and they should log in my website to solve some sheets (by using DS Opera browser), when they logged in , (status filed at my DB will change from 0 to 1),also the status change to 0 if they log out, what i need is when the student didn't log out and Shut down their DS's , the status should be 0,,
i don't have an idea to it,
any suggestion would be helpful for me ..
FYI ,DS opera browser limitation here
Due to the stateless nature of the web, there is no way to get notified what a user shuts down her browser.
The usual solution to this problem is to have some kind of an "I'm still connected" notification using ajax calls, and a timeout on the server side when a user hasn't checked in after a while.
As far as I can tell, there should be a problem doing that on the DS opera browser.
While itsadok is correct, you could tell who connected recently by using sessions for all your pages. Life would be a lot simpler if you implement your own session handler using a database for storage - and keep (a copy of) the authenticated username in a separate field from the session data.
C.

Categories