vb.org Archive - Integration with vBulletin - Facebook Connect

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)

- - Integration with vBulletin - Facebook Connect - Update for Facebook PHP SDK (v.3.0.0) (https://vborg.vbsupport.ru/showthread.php?t=270219)

Quote:

Originally Posted by blind-eddie (Post 2377199)

Anyone else having this issue?

Thanks to blind-eddie https://vborg.vbsupport.ru/images/cs...s/viewpost.gif for pointing this out and for PM me about this! Now I actually think this issue was the most shocking issues of all our online time! And I will try explain it exactly so you all know what you should be doing, and checking on this ADDON..

How could this happen??

My forum moderator called me and told me about this issue! I couldnt believe him, and even at one point I suspected him to be one of those people cursing in our forum, WHICH WAS A BIT NERV-Wracking..

Basicly our moderator logged into his account in the forum, and directly clicked on the "Facebook Connect" button for , , and he was now suddenly redirected and logged into another users account, which was assigned to the persons FACEBOOK account as well!

The button should not be be visible for Logged-in members.. and we did this 2-3 times again and again, still we were getting logged in as another USER! So hopefully this will be fixed! Else follow the steps I have provided below to hide the FACEBOOK CONNECT button from logged-in users..

This was all from me! Once again thanks to "blind-eddie https://vborg.vbsupport.ru/images/cs...s/viewpost.gif" for poiting this out!
_____________________________________________

HERE IS A SAFETY TRICK, for the button to not be visible for logged in users:

Follow my steps If you wanna use this addon, make sure to do the following thing, because this is not HIDDEN from the users as it should be! So after people login to the forum, the "FACEBOOK CONNECT" button is still visible in the forum, and this is what caused this issue!

So to hide it from Logged in members, there is a file called Install.html file inside the ZIP file..
Now on STEP 5, It tells you to add the following code in your footer:

It ask you to add this code in your navbar, below another code:

Code:

<!-- fbconnect -->

 $fbconnect_init 

 <!-- / fbconnect -->

Instead of that code, Add this code below the other in your footer template:

Add Code:

Code:

<if condition="$show['guest']">

<!-- fbconnect -->

 $fbconnect_init 

 <!-- / fbconnect -->

</if>

Thats it, This code makes the FACEBOOK CONNECT button only visible for GUESTS! Now no logged-in members can use it! Like what happend in our forum which caused that a member was logged into another persons facebook account and our forum!

So for your users safety and your forums safety use this instead. Untill this issue is fixed..

Regards ChiNa-Man

ChiNa-Man , in this post u said AFTER LOGGED OUT they clicked again and logged into another user ! but ur trick is not fixing that ! i dont get it ! u just hide the button for logged in users! whats the point if even after logged out they can login to another user???

i haven't installed this yet. my vb is 3.8.7 . i just wanted to make sure that with ur trick it is all safe to go for this FB Connect.

Quote:

Originally Posted by Mecho (Post 2378798)

Nope, They cannot login into another account by not being logged in! I dont know why that happens when people are logged int!

But its more safe that no one is logged in to use the button!

I just made it to make sure this doesnt happen to anyone else! You can visit our forum www.China-Cheats.com and I am using the same trick! Since we havnt had any problems again.

What I figured out was, that when people are logged in, then there will be some kinda bug that STILL is manipulating with the USERS TABLES assigned to other accounts, which is to let others login to others Facebook account.. So its more safe that they are not logged in!

Quote:

Originally Posted by ChiNa-Man (Post 2378857)

Nope, They cannot login into another account by not being logged in! I dont know why that happens when people are logged int!

ok Great , i just wanted to make sure that there is no issue after that button fix for you.

no its kind of safe to go for this for me :) thanks for confirm and your reply.

Edit : i have installed this on vb 3.8.6 . there are 2 problems so far so i had to stop :

1 - in navbar 3 buttons will be shows up ! (check the Screenshot)
2 - other problem is that the 2 up buttons are redirecting to the FACEBOOK PROFILE page and the third one leads to nowhere !!!

any idea?

p.s. i have uploaded all files . added the API and Secrect and not sure what i missed.

Quote:

Originally Posted by Mecho (Post 2378866)

Mecho I have bad news, IT HAPPEND AGAIN! Again our members was logged in to others account, and when I came to test it, It happend to me too! I am using a vB3.8.7.. But we used it also on 3.8.6 but had no problem!

I have simply REMOVED it this time, untill they fix it! We have to report this addon to get fixed, This is the only working FACEBOOK addon right now for vB3.8.! I did report it last week, and Ima have to do it again because we need this.. But this is to dangerouse to have it Installed on vB3.8.7! And we have done a clean install a few times now, Just done wanna take any chance again..

Now about your ISSUE: I think you are using a Custom theme, or a theme that the HEADER and NAVBAR is different to other vBulletin 3.8 Versions! If you have uploaded the images right, and I can see you have + if you have put the API and SECRET key in, then it should be it! Nothing else needed! So I do not understand why it looks like it does.. But please if you want further than this, you can always pm me with your board name, and I could maybe try fix it with an amdin LOGIN!

If you have put the NAVBAR code as I have told you, then its your theme the causing this.. Let me know if you still havnt fixed it! But I have removed it from our board, and I will try Install other versions of it!

sad to hear that ChiNa-Man , there is no need to fix my problem then as it is not really safe for users.

i'm gonna report this too. hope someone will fix the problems ASAP.

thanks for trying to help agian, please let us know if u find anything.

tbh i've looked at this mod in all files

1 thing i can say about it, is thats its not using a vBulletin cookies control its using Facebook cookie, in 1 of the files it does reference to changing the cookie variable
for integration purposes which i don't think the developer even looked over

I see this thread reported but we (forum staff) do not fix broken mods. I see the mod author was online as recently as last month, I suggest PMing him (1 person do it, he doesn't need 10 PMs) and explain the issue.

Otherwise if everyone is having this problem you should disable or remove it until it is fixed.

I Have PMed the coder and explained the issue . no reply :)

Quote:

Originally Posted by BirdOPrey5 (Post 2380006)

This mod should not be allowed to be downloaded until it is fixed, right?
With what others are saying about this addon, it poses a threat to member accounts either on their vbulletin site or their FB account.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01537 seconds Memory Usage 1,758KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: