New Login Infusion

[FrederickChan]

Requested by @JoakimFalk to secure the new Main site as it has a lot of commercial settings to it. The new development is decided to be published, and this issue is a follow up of that.

The new Login Infusion will be Implemented as an Infusion and User Field attached to it. See #1974 improvisation to enable this.

This will be an official supported infusion since it's a core thing.

What it does is that upon clicking login, the core authenticate class will specifically check into this infusion to execute subsequent functions. In our login infusion, it will be able to host drivers and handles things that will happen immediately after $_POST['login'] is used.

Development areas that can be grouped into this include authentication and login validation processing and will work with "host-driver" methods. As such we will have APIs that need to be documented later..

First implementation is to develop on the Google 2 Step Authentication. The Google Authenticator app is available on Google Play and Apple Store. NOTE: You need to have a smartphone to use this service. What it does is we ask a user to set up his mobile phone by scanning a QR code via mobile camera, and it will add the site information into the app itself, and display a set of 6 digit number on your app. This 6 digit number will change every few seconds. And you will need to ask your user to key in that 6 number into the text input to complete the login process.

Since $aidlink comes after login. We will not touch Admin login since first login is already very secured.

After that, we will look into social media logins drivers. What are the login methods people favor? We'll come up with top 3 choice.

1. Facebook. i.e.
2. Google
3. Linkedin.

I've thought for now, $_POST['login'] = facebook , look into facebook driver. But i'm not sure yet, I'll come back when I have a some what solution.

If you have other choices, please comment on this issue with links to the API documentation.

[JoakimFalk]

Now you are in full Hero Mode :)

[UnrealCatze]

hope it coming soon its so importing in this social media times ... facebook and google login we need so important ... i have say this since years!!!!!!

[FrederickChan]

A famous quote - "coming soon". haha

[FrederickChan]

I'll run test with nebula theme. Update: ok, it works as long the Google Auth Module is set up on a new category tab.

[UnrealCatze]

only google atm or Facebook too? Maybe you can contact NetriX or so from PHP Fusion US .. he have a login infusion too .... https://www.php-fusion.us/forum/viewthread.php?thread_id=613&rowstart=0

[FrederickChan]

No, this is not the Login with Button yet.

It is the Google Authenticator. For one to use it you must have a Google Authenticator App installed on mobile phone for you to login once you set it up.

For Android Devices: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en For Apple Devices: https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

This module is 2 factor login process login. You login as usual, and you will be redirected to a authentication page (If you have set it up on your user account).

I will be working on the buttons starting tomorrow. I'll start with Facebook.

[FrederickChan]

Guys, dont start translating anything yet. I will set up the initial English.php for this infusion to avoid confusion.

[RobiNN1]

Fatal error: Uncaught Error: Class 'PHPFusion\Infusions\Login\Login' not found in /mnt/c/ubuntu/htdocs/PHP-Fusion/login.php on line 98

[ovasclub]

The same mistake I have on hosting, but in OSPanel is OK Fatal error: Uncaught Error: Class 'PHPFusion\Infusions\Login\Login' not found in /home/ovasclub/public_html/includes/classes/PHPFusion/Authenticate.inc:87 Stack trace: #0

[FrederickChan]

Fixes: https://github.com/php-fusion/PHP-Fusion/commit/f0fc4ee7b5377a7b1e9c469bcc63e3466102dee3

[FrederickChan]

Reading and storing materials here:

https://stackoverflow.com/questions/8141037/get-application-id-from-user-access-token-or-verify-the-source-application-for#_=_

• Need to make sure that login connector authorises from our app ID, not some other application.

https://stackoverflow.com/questions/21294534/how-to-verify-user-login-when-using-facebook-javascript-sdk

• server side authentication of user account not being hijacked

[FrederickChan]

User fields for Facebook user fields: Connect current user account with your Facebook account. Disconnect current user account with your Facebook account. Import Facebook profile picture into your account. Import Facebook email, first name, last name, address (user_geo), phone, contact, birthdate (if exists checks)

Login button . Login flow = If connected with Facebook, login with Facebook - check if user email exist in dB - if no, pull Facebook, auto insert fields fields -( check PF user account activation settings ) - choose a random password - send email and redirect to message page to check email / activate and issue cookie token.

Recurring user - user logged in. how to ensure login is not compromised. Check dB users last visit more than time frame, (add settings to user fields) , force reauthentication, https://developers.facebook.com/docs/facebook-login/reauthentication

Todo :

• Remove old Facebook user field to avoid complications and confusion.

Did I miss something on this? Feel free to comment.

[RobiNN1]

C:\xampp\htdocs\PHP-Fusion\infusions\login\user_fields\google_auth\authentication.php /infusions/login/user_fields/google_auth/authentication.php Line: 59 Undefined index: auth_attempt

C:\xampp\htdocs\PHP-Fusion\infusions\login\user_fields\user_gauth_include_var.php /infusions/login/user_fields/google_auth/authentication.php Line: 23 Undefined index: uf_gauth

C:\xampp\htdocs\PHP-Fusion\infusions\login\user_fields\user_gauth_include_var.php /infusions/login/user_fields/google_auth/authentication.php Line: 24 Undefined index: uf_gauth_desc

[FrederickChan]

I think this will fix it - https://github.com/php-fusion/PHP-Fusion/commit/c6152d1ce8b0114ffc6ea40e8c9aae6c81d27459

[FrederickChan]

Solving Security concerns over Facebook Login: https://stackoverflow.com/questions/14186146/how-to-securely-authorize-a-user-via-facebooks-javascript-sdk

[FrederickChan]

Nebula Theme now can use Facebook Login https://github.com/php-fusion/PHP-Fusion/commit/b5979ee8ab27d0636e1524e1258f8c4ac6cd9710

[FrederickChan]

To implement the use the facebook login, you follow these steps:

1. Get a Facebook Developer Account - Create an App You will get an APP ID and App Secret (Click Show)

2. Your Site must run https:// (ask your host to give you a openSSL certificate to turn on the SSL)
3. Go to Login Infusion > Facebook Login. Install it. Then Click Facebook Login to configure.
4. Put in your APP ID and APP Secret.
5. Now go to User FIelds > Create a new category call "Social Logins"
6. Install Facebook Login Module into Social Logins. This will create user_fb_connect to your user database.

@karrak1 , You were right about the user_facebook_uid earlier. Please delete the field manually from phpmyadmin, and reinstall this one.

Development Progress now:

Pending: "Multiple user found" when Clicked at Login with Facebook. We are pairing facebook email vs user email. Since our user_email is not unique. We need to select 1 user account to bind it with.

Pending: Auto registration for new user. Generate password and send it to user (Settings for activation of account is still followed).

Pending: When a user with a different email account in Facebook tries to Pair it with his current user account. We need a secondary table to host these email accounts.

[ovasclub]

Connection error

[FrederickChan]

https:// ?

On Thu, Mar 29, 2018 at 2:38 AM, ovasclub notifications@github.com wrote:

Connection error

[image: -2] https://user-images.githubusercontent.com/16386011/38049189-5cfce060-32e9-11e8-91ca-64eb7b98ffdd.jpg

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/php-fusion/PHP-Fusion/issues/1975#issuecomment-376992052, or mute the thread https://github.com/notifications/unsubscribe-auth/AD452XT7EyWI1D8d7a3QiZdLHk6sN4ueks5ti9ivgaJpZM4S2iSv .

--

Regards, Frederick MC Chan Intl' Business Catessens Holdings Sdn Bhd

[JoakimFalk]

If you run it on your ovas.club , please see #2 ( Your Site must run https:// )

[FrederickChan]

@ovasclub , the field in edit profile is still Work in Progress. See my pending notes earlier before your post. I’m still working on it 👍

[RobiNN1]

Google Auth is complete?

[JoakimFalk]

@RobiNN1 I tested it a few Gits ago it, worked very nice but had issue on Maintain mode login. Idk if it was fixed. But normal open site it worked like a charm.

[FrederickChan]

Yep, it is completed on "normal login" .. but Facebook one don't try yet. I still am trying to wrap my head around a few things on our end.

On Thu, Mar 29, 2018 at 8:13 AM, Falk notifications@github.com wrote:

@RobiNN1 https://github.com/RobiNN1 I tested it a few Gits ago it, worked very nice but had issue on Maintain mode login. Idk if it was fixed. But normal open site it worked like a charm.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/php-fusion/PHP-Fusion/issues/1975#issuecomment-377079444, or mute the thread https://github.com/notifications/unsubscribe-auth/AD452bCmjhCYTijgLNpp5l_qXevV7PBlks5tjCcdgaJpZM4S2iSv .

--

Regards, Frederick MC Chan Intl' Business Catessens Holdings Sdn Bhd

[UnrealCatze]

[RobiNN1]

Primary table change to users and column user_id

[UnrealCatze]

what is my problem?

i have a FB developler ACCOUNT and put all data (2 keys) in FC connect in PHP Fuison i have create a new category in user fields i have install FB connect in this new cat Social Login

i have https:// site --> https://www.AlienCollectors.com/test and now?

ps: i have a fresh installation from today!!! (its only a test site)

[JoakimFalk]

2 posts above,

Yep, it is completed on "normal login" .. but Facebook one don't try yet. I still am trying to wrap my head around a few things on our end.

The one that should work now is the 2FA login. Facebook login is not yet completed, last git says WIP ( Work In Progress ). Please wait until the code is completed.

[FrederickChan]

@php-fusion/core-developers When this issue close, then you can test as beta.

For now it's only for developers use. This issue is out of sudden. (See my first post in this issue), and therefore as a rare exception, I had no choice decide to develop roadmap issue directly into Github here. We will not do this normally. 😄

Testers:

Please make sure your site is IS HTTPS to prevent Facebook blocking the Plugin. I can't stress this enough.

Make sure you get the last final git on maincore.php - There is a forced protocol redirection in place. It must be https also in your admin panel.

If you dont have ssl certificate, you can get them from openSSL from your host provider, and if you are working on localhost, xampp comes with a ssl cert maker. Just google how to do that.

[FrederickChan]

Issue update: I'll commit another fix on the login. And after this, you will be able to pair, connect and login to site with the facebook plugin.

Here is an update on the login flow:

at BASEDIR.login.php When click at FB button, There are 2 possible outcome:

1. Facebook ID (API json return) and "user_fb_connect" UF values matches, Action: Auth Success and redirect to index.php or if you have $_GET['rel'] to that page. $_GET['rel'] example value is --

   login.php?rel=/{site_path}/{file-name}

2. Facebook ID is not found in the whole of DB_USERS, we do a quick registration but follow Phpfusion's registration steps. The difference here is we fill up all the information automatically generated. -user_name, user_password is generated.

   • user_name value (I thought of this very very long time and come up with this) If your name is Albert Einstein in Facebook, then your username is AlbertEinstein33, where 33 is a random number of 1 to 99.

So, accordingly, after creating a table, If email verification activation settings is ON, send email. The registration goes to DB_NEW_USERS. Otherwise, we store to DB_USERS with subsequent value whether admin activation is required with user_status 2 or 0 for normal respectively.

at BASEDIR.'edit_profile.php'

Now, the steps differ from here because you are not a guest, but a login authenticated user trying to connect FB to your account. We are using Facebook EMAIL as value for comparison.

Here, if ANYONE has user_email matching your Facebook Email, it will never login nor sync. Everything shall be aborted. So this must remain FALSE at all times.

Here, If Facebook EMAIL address return matches your DB_USERS email, you get update on your facebook ID into your Account immediately. No verification needed. https://github.com/php-fusion/PHP-Fusion/blob/9.03/infusions/login/user_fields/facebook_connect/facebook_auth.php#L95-L119

If not, this will happen: https://github.com/php-fusion/PHP-Fusion/blob/9.03/infusions/login/user_fields/facebook_connect/facebook_auth.php#L129-L168

We will add that "extra" email account into DB_LOGIN_EMAILS so we can initiate a email verification if your site global $settings['email_verification'] has it turned on. We send an email to that Facebook Email account. If you are owner, you have access to your own email account. That verification to ensure genuine owner of that particular Facebook account. Upon activation, you get your uf_fb_connect value updated with your Facebook ID. Otherwise if your $settings['email_verificaiton'] is OFF, then you just update that uf_fb_connect value.

Now, the question is what about connecting 2 or more facebook account? This is where I was stuck. I talked to @JoakimFalk for more than an hour on Skype on this issue. We check and crunched out the following:

1. Our system allows only 1 valid email account per user. Which means, if you try to register a new account using the same email again, it will produce error (Email has been taken).

2. Facebook policy states that 1 user only can have 1 account. If you are caught with multiple account, they can delete your extra account. https://www.facebook.com/help/975828035803295?helpref=uf_permalink

So, the connector will connect and update your last facebook ID to user_fb_connect. We take it as an update. And DB_LOGIN_EMAILS will still have your old facebook email stored. (I will plan to update that to replace soon).

All the above has been programmed and written. It's basically tested one or two times. I can login to my system alright and code is functioning.

Now the next part is where I need to check whether LGA and 2FA stack. If you have gAuth turn on, upon FB login, you need to be redirected to the gAUTH page for our Google Authenticator before you are able to login. This is where it gets messy. The gAUTH is using PHP redirection. The Facebook is using JS redirection. I'll need some time to harmonize this.

[ovasclub]

Google Authenticator is working fine, and Facebook Login Connector displays the following text:

[RobiNN1]

When i visit other profile C:\xampp\htdocs\PHP-Fusion\includes\classes\PHPFusion\Locale.inc /profile.php?lookup=42&section=7 Line: 58 include(locale/English//user_fields/user_gauth.php): failed to open stream: No such file or directory include(): Failed opening 'locale/English//user_fields/user_gauth.php' for inclusion (include_path='C:\xampp\php\PEAR')

Need add visibility (Public, Members, Admins, Groups, Only for me....) option to User Fields categories

[FrederickChan]

Yes I agree. We are missing access controls on the category. I am working on the design on main now, give me about 2 days and I will work on an immediate upgrade on the new UFC

Regards, Frederick

On 30 Mar 2018, at 10:33 PM, RobiNN notifications@github.com wrote:

When i visit other profile C:\xampp\htdocs\PHP-Fusion\includes\classes\PHPFusion\Locale.inc /profile.php?lookup=42&section=7 Line: 58 include(locale/English//user_fields/user_gauth.php): failed to open stream: No such file or directory include(): Failed opening 'locale/English//user_fields/user_gauth.php' for inclusion (include_path='C:\xampp\php\PEAR')

Need add visibility (Public, Members, Admins, Groups, Only for me....) option to User Fields categories

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[UnrealCatze]

works the FB login now? my site runs in https and i have the files from yesterday (fresh install) i see this only of the register site not normal login!

[FrederickChan]

Can u check? Mine is working.

[FrederickChan]

go to login.php and login with facebook if your facebook email and your user_email account is same. then it's instant login. if not, you will automatically be registered a new user account. That is the default behaviour. Email must be the same.

However, if Email is not the same but you still want it under your user account, then you need to go pair with the user fields.

[UnrealCatze]

Frederick we need a tutorial or something step by step. at the moment i see nothing on my PHP Fusion site .. only this what im doing wrong i have create a app in FB Developler . so wahts wrong

[FrederickChan]

Ok there, hold on before I solve your issue, because there are other issues i need to solve here. I do it with you one round later after I finalized things.

[FrederickChan]

@UnrealCatze

Then make sure /themes/templates/ folder is in latest.

[UnrealCatze]

ok i try it but have no luck here my settings (newest core files .. not 1 hour old)

result

[FrederickChan]

Everything is sync include theme/templates/ folder?

On Sat, 7 Apr 2018 at 12:07 AM, UnrealCatze notifications@github.com wrote:

ok i try it bit have no luck here my settings (newest core files .. not 1 hpur old)

[image: grafik] https://user-images.githubusercontent.com/22166864/38431508-c43a422c-39c4-11e8-9d91-d0fc11926b2b.png [image: grafik] https://user-images.githubusercontent.com/22166864/38431565-ee492a24-39c4-11e8-95ba-5f0ca1c05e6e.png [image: grafik] https://user-images.githubusercontent.com/22166864/38431635-29676526-39c5-11e8-8e02-d58cbd61dba7.png

result [image: grafik] https://user-images.githubusercontent.com/22166864/38431672-42839700-39c5-11e8-9fe6-1f938cf6c151.png [image: grafik] https://user-images.githubusercontent.com/22166864/38431687-50b968ea-39c5-11e8-8c3f-0a5d34da07cf.png

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/php-fusion/PHP-Fusion/issues/1975#issuecomment-379300445, or mute the thread https://github.com/notifications/unsubscribe-auth/AD452ZCZEKSsDzUF_1clHJt7vakku81Sks5tl5KtgaJpZM4S2iSv .

--

Regards, Frederick MC Chan Intl' Business Catessens Holdings Sdn Bhd

[UnrealCatze]

yes all newest files. i have overwrite all for an hour again

is that ok

result again

can anyone wrongwith my developler account or seetings? is everywhere a step by step tutorial for FB Developler ... guess somthing is wrong ... test you local or online?

[FrederickChan]

Contact my Skype - hien.phpfusion - I will troubleshoot you. it's wierd.

My bootstrap theme has got it.

[ovasclub]

Send Message -The button does not react at all Line 58 -- 32 seconds ago include(locale/English/user_fields/user_facebook_uid.php): failed to open stream: No such file or directory

[UnrealCatze]

newest firfox version block FB here my Firefox

here MS Edge:

---

in edge the login froze in i refreh the site und see this: i push on the little FB gif and then comes a new window where i have put my passwort inside .. when "go forward" and then all is frozen again

[UnrealCatze]

Firefox problem found: but it doesnt work ... i see only a empty popup after i type my passwort inside

[FrederickChan]

Well it boils down to Browser and Server Issue. In this case, maybe you should see this: http://gs.statcounter.com/browser-market-share

[UnrealCatze]

no way dosent work .. i dont have skype frederik :(

[FrederickChan]

Facebook is meang.czac@outlook.com - add me and FB messenger.

Regards, Frederick