Thread Rating:
  • 12 Vote(s) - 3.58 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Plugin] Facebook Connect for MyBB

I like this plugin but I don't think it's quite safe for my board so I made a few changes. I disabled the user ability to use his own user and added a little verification code there to make sure the data isn't changed ! Because it can manually be changed...

The code I added is something like this (when the user has to click register):

$total = $fbuser->email.$fbuser->id.$fbuser->birthday.$fbuser->link.$fbuser->name;
$total2 = hash_hmac('sha256',$total,'SALT');

<input type=\"hidden\" name=\"code\" value=\"{$total2}\" />

and then in fbconnectregister.php first I verify this code:
$code = $_POST["code"];

$total = $_POST['email'].$_POST['fbuid'].$_POST["fbbirthday"].$_POST['fblink'].$_POST['username'];
$total2 = hash_hmac('sha256',$total,'SALT');
if ($code!=$total2) {
    echo '<script type="text/javascript">
    alert("Error registering !");
    window.location = ""

The SALT should be changed to a random string, oh and $fbuser->link it's a variable that I added to get the facebook account link (i don't thinks it's in the original project).
“Live as if you were to die tomorrow. Learn as if you were to live forever.”

Messages In This Thread
[Plugin] Facebook Connect for MyBB - Nayar - 11-23-2010, 05:24 PM
RE: Facebook Connect for MyBB - alv4 - 11-30-2010, 05:50 PM
RE: Facebook Connect for MyBB - Nayar - 12-04-2010, 12:41 PM
RE: [Plugin] Facebook Connect for MyBB - _michael_ - 12-29-2011, 04:29 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)