Current time: 04-24-2014, 11:00 AM Hello There, Guest! (LoginRegister)


Thread Closed 
 
Thread Rating:
  • 12 Votes - 3.58 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Plugin] Facebook Connect for MyBB
12-29-2011, 04:29 PM
Post: #151
RE: [Plugin] Facebook Connect for MyBB
Hello,

I like this plugin but I don't think it's quite safe for my board so I made a few changes. I disabled the user ability to use his own user and added a little verification code there to make sure the data isn't changed ! Because it can manually be changed...

The code I added is something like this (when the user has to click register):

Code:
$total = $fbuser->email.$fbuser->id.$fbuser->birthday.$fbuser->link.$fbuser->name;
$total2 = hash_hmac('sha256',$total,'SALT');

<input type=\"hidden\" name=\"code\" value=\"{$total2}\" />

and then in fbconnectregister.php first I verify this code:
Code:
$code = $_POST["code"];

$total = $_POST['email'].$_POST['fbuid'].$_POST["fbbirthday"].$_POST['fblink'].$_POST['username'];
$total2 = hash_hmac('sha256',$total,'SALT');
if ($code!=$total2) {
    echo '<script type="text/javascript">
    <!--
    alert("Error registering !");
    window.location = "http://www.AREDIRPAGE.com/"
    //-->
    </script>
    </body>';
exit();
};

The SALT should be changed to a random string, oh and $fbuser->link it's a variable that I added to get the facebook account link (i don't thinks it's in the original project).
Find all posts by this user
Thread Closed 


Messages In This Thread
[Plugin] Facebook Connect for MyBB - Nayar - 11-23-2010, 05:24 PM
RE: Facebook Connect for MyBB - alv4 - 11-30-2010, 05:50 PM
RE: Facebook Connect for MyBB - Nayar - 12-04-2010, 12:41 PM
RE: [Plugin] Facebook Connect for MyBB - _michael_ - 12-29-2011 04:29 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication