I have created the app secret and client/app id but on the website the buttons are being render halfly...not full button.
A part from that the button is failing to log in , after clicking the button(google or facebook), the username field is being populated with the email of user from facebook/google then stays on the log in screen without logging in the user.
I also don't know in which event exactly can I have access to the information provided by these platforms after successfull redirection.
after clicking the button(google or facebook), the username field is being populated with the email of user from facebook/google then stays on the log in screen without logging in the user.
Make sure that the email address from Facebook/Google are valid user names from the User Table. If not, you should convert data in your User Table first. Or you can do a mapping in the User_CustomValidate server event (e.g. <username>@gmail.com => <username>)
Thanks for response.
I thought that button was to sign in the user automatically without asking more information... with what you are saying it means after clicking the button and the username gets populated, the user will have to enter the password again of which he doesn't have.. Can you try to explain how this work more clearly, There is not clear documentation about it in the help file.
If not, you should convert data in your Uesr Table first: By converting do you mean saving the data in the db? and in which server event can I do that? and will I stil get the information using profile->get('xxx').
Or you can do a mapping in the User_CustomValidate server event (e.g. <username>@gmail.com => <username>) : This is not realy clear how will I access the information returned by these platforms(google/facebook) in this event, is it still using profile->get('xxx') ?
Advanced Security in PHPMaker makes use of a user table to store the user name and password so you need to map your login user (in this case the Google/Facebook email address) to the user name in the User Table in order for Advanced Security to work. Please read Project Setup -> Security Settings in the help file to understand how PHPMaker Security works first.
I understand how it works perfectly, my problem is not with mapping ( I have done it already and my registration is working well)... but understanding exactly what these buttons do (process).
1)I have set up the client id and secret
2)I have set up the redirection url : which is working well.
3) The user click log in with google/facebook
---From here I am lost--
4) In which server side event can have access to the information these platform has send: I know I have to use Profile()->get('xxx')
5)The username field gets populated with the email from google/facebook, which is correct according to advanced security login fields setup. But from there what is the user supposed to do to get logged in? (Provide Password?...)
There is no documentation in help file about them as in what is supposed to be done after the user has clicked them..... I just want to understand that.
Is there any solution for this?
What about this stage : The username field gets populated with the email from google/facebook, which is correct according to advanced security login fields setup. But from there what is the user supposed to do to get logged in? (Provide Password?...)
I was thinking by clicking the button the user will be directly logged in without needing to provide password again.
Is there anyway in phpmaker to make the click of the button to log the user automatically?
Does it means even if the user logins in using these social buttons, he has to have password already in the database because clicking these button only populate the username field of the login not the password? And if I deduce well that means these buttons are useless for a user who has not yet register (Provide, password, username,....).
I just want to really understand the purpose of these button, what do they do exactly a part from populating the username field.
After Google Sign-In or Facebook Login, the user is redirected back to your site, e.g. //mycompany.com/mysite/hybridauth/?hauth_done=Facebook, or .../?hauth_done=Google (see http://www.hkvforums.com/viewtopic.php?f=5&t=40728 for more info) and then the User_CustomValidate will be fired. As explained in the help file:
"Default validation will continue after this event is fired. If you return TRUE (which is default), the user will always pass the default validation and get the User ID and User Level, if any. If you return FALSE, the default validation proceeds as normal. If you use Advanced Security, you still need the user table to store user information such as User ID and User Level, although the password field value can be empty or any value if you return TRUE."
If the user has not yet registered or the user cannot be located by the username, the user has no User ID/Level and cannot access records and pages which are protected by User ID/Level Security.
Webmaster wrote:
Make sure that the email address from Facebook/Google are valid user names from the User Table. If not, you should convert data in your User Table first. Or you can do a mapping in the User_CustomValidate server event (e.g. <username>@gmail.com> => <username>)
Now it is clear. How does PHPMAKER ensure that the redirection is coming from facebook and not a link a person created?
Is it possible to know if the user logged in using facebook or google inside user_CustomValidate ? Not using $_GET['facebook'] which any person can pass.
After redirecting back, the user will be authenticated (with Facebook/Google) again, it can't pass if the user has not logged in Facebook/Google actually. If authenticated successful, you can get the user profile info by, e.g. Profile()->Get("email"), or use var_dump(Profile()->Profile) to see all info returned.
Here is what happens :
If user not register (email corresponding = username) :
The application is redirecting back on login page without anything
What I want to do is if there no record correponding(user not registered), I must register(save returned infos from profile) the user directly and consider the validation as successfull so that the user can get logged in but this only if he used Google or Facebook and has been authencated with these. The problem is I don't know in which event I can do that.
I was thinking it I must do it in User_CustomValidate, I tried to return true without saving first the record in
function User_CustomValidate(&$usr, &$pwd) {
// Enter your custom code to validate user, return TRUE if valid.
return TRUE;
}But it didn't log in the user who is not register. And another problem is how can I check that : the user used Google or Facebook and has been authencated successfully before saving is infos?
And when I did it with :
// User Custom Validate event
function User_CustomValidate(&$usr, &$pwd) {
if (ew_Execute("INSERT INTO user (email) values ('". Profile()->Get("email") . "')")){
// Enter your custom code to validate user, return TRUE if valid.
return TRUE;
}else{
return FALSE;
}
}I got this error :
The requested URL /useredit was not found on this server.
which I understand it is because this application was not generated, but according to my security logic too this page can't be accessed by someone not logged in.
So How can I achieve what I want?
If the user has not yet registered or the user cannot be located by the username, the user has no User ID/Level and cannot access records and pages which are protected by User ID/Level Security.
Just adding the user name into the user table without providing User Level ID does not allow the user to access any pages protected by User Level Security (e.g. useredit.php in your case).
If authenticated successful, you can get the user profile info by, e.g. Profile()->Get("email"), or use var_dump(Profile()->Profile) to see all info returned.
You can use Profile()->Get("xxx") to check if the user has logged in Google/Facebook successfully, also read:
https://hybridauth.github.io/developer- ... ofile.html
After Google Sign-In or Facebook Login, the user is redirected back to your site, e.g. //mycompany.com/mysite/hybridauth/?hauth_done=Facebook, or .../?hauth_done=Google (see viewtopic.php?f=5&t=40728 for more info) and then the User_CustomValidate will be fired.
When you setup your Google/Facebook account, make sure you set up the return URI correctly as above.
Webmaster wrote :
Just adding the user name into the user table without providing User Level ID does not allow the user to access any pages protected by User Level Security (e.g. useredit.php in your case).
From what you say above, I understand in my below code I have to get the User Level ID and userID from the DB after insertion , but how am I going to affect to the current user profile before returning true so that it can be used, because I know after affecting the User Level ID I will not get the useredit error. :
// User Custom Validate event
function User_CustomValidate(&$usr, &$pwd) {
if (ew_Execute("INSERT INTO user (email) values ('". Profile()->Get("email") . "')")){
// Enter your custom code to validate user, return TRUE if valid.
return TRUE;
}else{
return FALSE;
}
}
I got this error :
The requested URL /useredit was not found on this server.
I understand you say that a user who doesn't have a userlevel
You need to provide User ID/Level for the new user one way or another. If the user is not registered, the user belongs to the Anonymous User Level which should have been set up to have permissions to some public pages. If your design is to assign another user level to a new user and you prefer your way of inserting the user on the fly, you can consider inserting the User ID/Level at the same time.
If you are a registered user, you can send your project file, database and other required info to support and request for some suggestions:
http://www.hkvstore.com/phpmaker/support.asp
For me it worked perfectly, it follows the code:
function User_CustomValidate(&$usr, &$pwd)
{
$email = Profile()->Get("email");
$displayName = Profile()->Get("displayName");
if($email !== "")
{
$emailexist = ExecuteScalar("select eemail from cadumb where eemail ='".$email."'");
if($emailexist == "")
{
Execute("insert into cadumb (eemail, nomcom, senusu) values ('".$email."', '".$displayName."', NULL)");
}
}
}