function onAuthenticate($credentials, $options, &$response) { # authentication via facebook for Joomla always uses the FB API and secret keys # When this is present, the user's FB uid is used to look up their Joomla uid and log that user in jimport('joomla.filesystem.file'); $configFile = JPATH_ROOT . DS . 'administrator' . DS . 'components' . DS . 'com_jfbconnect' . DS . 'models' . DS . 'config.php'; if (JFile::exists($configFile)) { include_once JPATH_ROOT . DS . 'administrator' . DS . 'components' . DS . 'com_jfbconnect' . DS . 'models' . DS . 'config.php'; $configModel = new JFBConnectModelConfig(); # always check the secret username and password to indicate this is a JFBConnect login #echo "Entering JFBConnectAuth<br>"; if ($credentials['username'] != $configModel->getSetting('facebook_api_key') || $credentials['password'] != $configModel->getSetting('facebook_secret_key')) { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Facebook authentication failed'; return false; } #echo "Passed API/Secret key check, this is a FB login<br>"; include_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_jfbconnect' . DS . 'models' . DS . 'usermap.php'; $userMapModel = new JFBConnectModelUserMap(); include_once JPATH_ROOT . DS . 'components' . DS . 'com_jfbconnect' . DS . 'libraries' . DS . 'facebook.php'; $fbClient = JFBConnectFacebookLibrary::getInstance(); $fbUserId = $fbClient->getUserId(FALSE); $app =& JFactory::getApplication(); #echo "Facebook user = "******"User is logged into FB<br>"; # Test if user has a Joomla mapping $jUserId = $userMapModel->getJoomlaUserId($fbUserId); if ($jUserId) { #echo "User has joomla mapping<br>"; $jUser = JUser::getInstance($jUserId); if ($jUser->id == null) { #echo "user NOT loaded, deleting"; $userMapModel->deleteMapping($fbUserId); return false; } $isAllowed = true; # Trigger the jfbcProfile onAuthenticate to see if the user is allowed to login if ($jUser->block) { $isAllowed = false; $app->enqueueMessage(JText::_('E_NOLOGIN_BLOCKED'), 'error'); } else { JPluginHelper::importPlugin('jfbcprofiles'); $args = array($jUserId, $fbUserId); $responses = $app->triggerEvent('jfbcProfilesOnAuthenticate', $args); $return = base64_decode(JRequest::getVar('return')); $isAllowed = true; foreach ($responses as $response) { if (is_object($response) && !$response->status) { $isAllowed = false; $app->enqueueMessage($response->message, 'error'); } } } if ($isAllowed) { $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->username = $jUser->username; if (!$configModel->getSetting('create_new_users')) { // Update the J user's email to what it is in Facebook $fbProfileFields = $fbClient->getUserProfile($fbUserId, array('email')); if ($fbProfileFields != null && $fbProfileFields['email']) { $jUser->email = $fbProfileFields['email']; $jUser->save(); } } $response->email = $jUser->email; $response->fullname = $jUser->name; $response->error_message = ''; return true; } } else { if (!$configModel->getSetting('create_new_users')) { # User is not in system, should create their account automatically #echo "Creating a pseudo-user<br>"; $fbUser = $fbClient->_getUserName($fbUserId); if ($fbUser == null) { # no information returned from FB return false; } // Get the email to use from Facebook $fbProfileFields = $fbClient->getUserProfile($fbUserId, array('email')); if ($fbProfileFields == null || !$fbProfileFields['email']) { $newEmail = $fbUser['first_name'] . "_" . $fbUserId . "@unknown.com"; } else { $newEmail = $fbProfileFields['email']; } $fullname = $fbUser['name']; $username = "******" . $fbUserId; #Use the Joomla User plugin to create the User row in the database JPluginHelper::importPlugin('user'); $user['fullname'] = $fullname; $user['username'] = $username; $user['password_clear'] = ""; $user['email'] = $newEmail; $jUser = $app->triggerEvent('_getUser', array($user)); $jUser = $jUser[0]; #Map the new user include_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_jfbconnect' . DS . 'models' . DS . 'usermap.php'; $userMapModel = new JFBConnectModelUserMap(); if ($userMapModel->mapUser($fbUserId, $jUser->get('id'))) { $app->enqueueMessage(JText::_('MAP USER SUCCESS')); } else { $app->enqueueMessage(JText::_('MAP USER FAIL')); } $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->email = $newEmail; $response->fullname = $fullname; $response->username = $username; $response->error_message = ''; return true; } } } } # catch everything else as an authentication failure #echo "Authentication Failure<br>"; $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Facebook authentication failed'; return false; }
/** * Makes an HTTP request. This method can be overriden by subclasses if * developers want to do fancier things or use something other than curl to * make the request. * * @param String $url the URL to make the request to * @param Array $params the parameters to use for the POST body * @param CurlHandler $ch optional initialized curl handle * @return String the response text */ protected function makeRequest($url, $params, $ch = null) { if (!$ch) { $ch = curl_init(); } $opts = self::$CURL_OPTS; // SourceCoast - JFBConnect - Allow overriding the SSL validation for servers that don't have updated certs $jfbcConfigModel = new JFBConnectModelConfig(); if ($jfbcConfigModel->getSetting('facebook_curl_disable_ssl', false)) { $opts[CURLOPT_SSL_VERIFYPEER] = false; } // End SourceCoast if ($this->useFileUploadSupport()) { $opts[CURLOPT_POSTFIELDS] = $params; } else { $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&'); } $opts[CURLOPT_URL] = $url; // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait // for 2 seconds if the server does not support this header. if (isset($opts[CURLOPT_HTTPHEADER])) { $existing_headers = $opts[CURLOPT_HTTPHEADER]; $existing_headers[] = 'Expect:'; $opts[CURLOPT_HTTPHEADER] = $existing_headers; } else { $opts[CURLOPT_HTTPHEADER] = array('Expect:'); } curl_setopt_array($ch, $opts); $result = curl_exec($ch); if ($result === false) { $e = new JFBCFacebookApiException(array('error_code' => curl_errno($ch), 'error' => array('message' => curl_error($ch), 'type' => 'CurlException'))); curl_close($ch); throw $e; } curl_close($ch); return $result; }