I'd want the user to re input password before they can login to my app. The facebook documentation only shows it using the Javascript SDK. Can someone please guide me or give me some references on how to do it using php?
here's what it looks like in js:
FB.login(function(response) {
// Original FB.login code
}, { auth_type: 'reauthenticate' })
Follow the official documentation but use getReAuthenticationUrl method instead of getLoginUrl.
The parameters are exactly same as getLoginUrl.
Related
I'm developing a web where you can 'add friend' another user, like facebook does. For now, I put a link, and when you click on it, an AJAX call is done.
Before persist the new friendship, I check if request is Ajax, but I want to go further and add more security. A page can have more than 10 links (posible requests), so... I don't know if I need only one token, or a token per link.
Another doubt is.... How to generate a token and check if is valid using Symfony? Focused on how generate the token on the initial controller, and then, how to validate on the addFriend controller (that receive the ajax call).
I tried to use this to generate a token:
http://api.symfony.com/3.1/Symfony/Component/Security/Csrf/TokenGenerator/TokenGeneratorInterface.html
And then this to check the token:
https://symfony.com/doc/current/controller/csrf_token_validation.html
But always return that the token is not valid.
Finally I find a workaround for my problem.
As #yceruto commented, is possible to generate a csrf token without any form, see this: http://symfony.com/doc/current/reference/twig_reference.html#csrf-token
With this, I can create my links on TWIG on the following way:
<a data-id="{{ user.id }}" class="card-link clickable sendFriendRequest" data-token="{{ csrf_token(user.id) }}">ADD_FRIEND</a>
Then, I do an AJAX call like this:
$('.elementsList').on('click','.sendFriendRequest', function () {
var userId = $(this).data('id');
var token = $(this).data('token');
$.post('/users/sendFriendRequest/'+userId, {token: token}
).done(function (response) {
//Some code here
}).fail(function (response) {
});
});
Finally, you check if the token is valid on your contoller using the following code:
$token = $request->request->get('token');
$isValidToken = $this->isCsrfTokenValid($townId, $token);
Thanks!
I am using checkout.com payment gateway. I want to integrate it to my website but in their developer area I am not able to find any suitable solution to integrate it with codeigniter. Below is the developer area of checkout.com
http://developers.checkout.com/
Any help in this regard will be very helpful. Thank you.
They are providing this code for implementation :
window.CKOConfig = {
debugMode: true,
publicKey: 'Your public key',
customerEmail: 'user#email.com',
ready: function (event) {
console.log("CheckoutKit.js is ready");
CheckoutKit.monitorForm('.card-form', CheckoutKit.CardFormModes.CARD_TOKENISATION);
},
apiError: function (event) {
// ...
}
But I am not able to understand that how I will call it with dynamic data and with my some conditions?
They won't give you a codeigniter integration, you can do it yourself with plain PHP though:
https://github.com/CKOTech/checkout-php-library
Did you even read their documentation?
(repost from https://groups.google.com/forum/?hl=en&fromgroups=#!topic/hybridauth/CWo2R9suYts)
Starting with Facebook, I'm trying to use the provider Javascript SDKs to login and have HybridAuth "know" about it. Any help would be appreciated.
I started by including the configuration IDs in the data I pass to the View so I can use them when calling Javascript login functions. So in the middle of the GetProviders function of the Hybrid_Auth class, I added:
if(array_key_exists('keys', $params) && array_key_exists('id', $params['keys']))
$idps[$idpid]['id'] = $params['keys']['id'];
My Javascript includes something like this:
FB.init({
appId:'<?php echo $providers['Facebook']['id']; ?>',
cookie:true,
status : true,
xfbml:true
});
So far so good.
But after logging in (i.e., FB.login()) of course HybridAuth doesn't know and doesn't have the user information.
Then to "force" it, I tried calling the ".../hauth/login/Facebook" method via Ajax:
$.ajax({
type: "POST",
url: ".../hauth/login/Facebook",
cache: false,
...
Unfortunately, it seems like a number of 'redirects' in HybridAuth make this not work. I even added "data: {ajax:true}," to the Ajax call and tried to modify HyrbidAuth to not redirect if it $_POST['ajax'] existed. That didn't seem to do it either. (I even removed the "die();" at the end of the redirect() function to no avail.)
I'm thinking I'm either on the right track or I need to add a new HybridAuth method to detect and store data for all or specific connections that already exist.
Any ideas?
Thanks.
I attempted several ways to login to a Provider using a Javascript SDK and integrate that with HyrbidAuth. No solution was very pretty, and each required that I alter HybridAuth which would be difficult to maintain. I finally determined that the best solution was to follow the "widget" example included with HybridAuth.
I didn't use the widget, but the code shows a method for opening and closing a separate smaller window using Javascript. That window's URL contains information for the server to call HybridAuth's 'authenticate' method which redirects to the Provider's login/approval page.
The effect is essentially the same: the user stays on the same page while authenticating with a Provider in a separate "window."
I am trying to add loing with facebook feature to my website, I used javascript to connect to facebook API, As you know facebook sends object named "response", I want to pass this object to my index.php page to read its content their.
could you please tell me how to pass and read this opject
If you need to work with facebook from your server, you can't use just js auth.
You need to implement "server login", described at Login for Server-side Apps
You need not implement all that complicated things, just find any library from internet, FB have its own library for php as I know, and use it to make server login. You can find many examples how to do it.
You can done with it by using jQuery.ajax() or jQuery.post() function. but it is not secured. Because js is open for all browser. Bad guys can send unexpected data and take chances to harm your app / web. Anyway it is your choice.
You can add a function here i have used replace_login() in FB.getLoginStatus() as following:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// connected
replace_login();
} else if (response.status === 'not_authorized') {
// not_authorized
} else {
// not_logged_in
}
});
Now write replace_login() in same file and after FB.getLoginStatus() as below:
function replace_login(){
FB.api('/me', function(response) {
$.post("http://yourdomain.com/ajax_post_login",{ username: response.username, name: response.name, fb_res: response }, function(data) {
alert(data);
})
});
}
Check facebook server-side-login, it will help you more.
Is it possible that i can post and retrieve a group's documents with the facebook group api? i have went through the documentation and couldn't find anything that explain how this can be achieved, if anyone know where i can get this please give the link url so that i can go and read it myself. In short i want to retrieve and be able to post documents to a facebook group through a facebook api, either javascript or PHP. basically i'm just looking for a place where i can go and read for myself how this can be done not to be fed with code but if there is any code working out there then don't hesitate to post it.
Thanks
Donald
The only page in the Facebook API docs I found that mentions group documents is this:
https://developers.facebook.com/docs/reference/api/group/
You can retrieve the documents of a group with the docs connection of the group.
Use a URL of this form:
https://graph.facebook.com/group_id/docs?access_token=...
With the ID of a doc, you can request it directly:
https://graph.facebook.com/doc_id?access_token=...
Using the JavaScript SDK:
FB.api('/doc_id', function(doc) {
alert(document.body.innerHTML = doc.message);
});
Posting a doc
(requires permissions publish_stream and manage_groups)
var doc = {
subject: 'Test',
message: 'This is a test doc.'
};
FB.api(group_id + '/docs', 'post', doc, function(response) {
if (!response || response.error) {
alert('Error occured');
} else {
alert('Doc ID: ' + response.id);
}
});