[Plugin] Facebook Connect for MyBB

[_michael_]

Hello,

I like this plugin but I don't think it's quite safe for my board so I made a few changes. I disabled the user ability to use his own user and added a little verification code there to make sure the data isn't changed ! Because it can manually be changed...

The code I added is something like this (when the user has to click register):

Code:

$total = $fbuser->email.$fbuser->id.$fbuser->birthday.$fbuser->link.$fbuser->name;
$total2 = hash_hmac('sha256',$total,'SALT');

<input type=\"hidden\" name=\"code\" value=\"{$total2}\" />

and then in fbconnectregister.php first I verify this code:

Code:

$code = $_POST["code"];

$total = $_POST['email'].$_POST['fbuid'].$_POST["fbbirthday"].$_POST['fblink'].$_POST['username'];
$total2 = hash_hmac('sha256',$total,'SALT');
if ($code!=$total2) {
    echo '<script type="text/javascript">
    <!--
    alert("Error registering !");
    window.location = "http://www.AREDIRPAGE.com/"
    //-->
    </script>
    </body>';
exit();
};

The SALT should be changed to a random string, oh and $fbuser->link it's a variable that I added to get the facebook account link (i don't thinks it's in the original project).