MyBB Community Forums

Full Version: MyFacebook Connect 3.6
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
(2014-05-04, 10:18 AM)bazcb Wrote: [ -> ]hi i still dont see the intregate with facebook option or the option to remove facebook link ...

How did you fix it?

I installed a fresh MyBB and that happened too, I don't see the fb icon to log in, neither the FB Integration on user panel, and the plugin is enabled :/

But using this link mysite.com/mybb/myfbconnect.php?action=login
still worked...

any clue?

(2014-05-06, 03:26 PM)Shade Wrote: [ -> ]That's a shame because you won't help those who encounter the same error.
Any help is really appreaciated Smile
Since he did not give me a temporary FTP account to access his files, I ask this to you. I need to debug.
(2014-05-19, 03:17 PM)Shade Wrote: [ -> ]Since he did not give me a temporary FTP account to access his files, I ask this to you. I need to debug.

Check your PM, I hope something can be done =)
Facebook's just updated their API to 4.0, but since it requires PHP 5.4 or higher which is far from being installed on most people's servers (you should, though), I won't update MyFacebook Connect for a while.
Donated! Thanks for all the help Shade.
Mmmm Shade i hope that wasnt directed to me ..

FYI - All i did was removed all files, reinstalled My theme and then connect hen refreshed my theme cache a couple of times and it worked, No edited filed...
MyFacebook Connect 2.0.2 is out
What's new?
This is a maintenance release. It fixes 2 reported issues, one of which is critical for the plugin's workflow in the latest MyBB releases.
Changelog
  • Users with MyBB 1.6.12 or above might be unable to use MyFacebook Connect due to the $settings variable not being defined anymore, and thus failing to load all the necessary hooks in the plugin system. MyFacebook Connect is now fully compatible with the latest release of MyBB.
  • If users deny authorizations for your application, they won't be stuck in a redirect loop anymore
Where to download?
Download the new files from GitHub. A Mods Site package will be submitted in the next couple of days.
How to upgrade from any older version?
The migration from any older version of the plugin is easy thanks to the dedicated updater included in the package. Just upload the new files to your FTP and run the upgrade script as described in the official documentation.

This release, however, does not affect any template nor setting while updating. Only the version will be updated.
To anyone being redirected to an error page with the following message after authentication:

Quote:You are already logged into the board.

To solve: change the login link from "myfbconnect.php?action=fblogin" to "myfbconnect.php?action=login". That extra "fb" thing was removed in the 2.0 update but you might not have updated it and the plugin won't recognize it when redirecting to the page the user came from.
A certain person is stating that if your plugin is installed on a forum that Facebook will steal every non-member of Facebooks information from the forum.. By using your plugin Facebook will give all member of the forum tracking cookies.

A statement from a member.

Quote:Facebook cannot give cookies to a member of this forum unless the member goes to Facebook.

Here is his reply with a link which I didn't give out unless you want it..

Quote:Also false:

This is one mans question to him about how will Facebook steal this info.

Quote: Ok then how is facebook going to get our phone numbers, address, friends contacts and other associated stuff from our posts to our peers here? As you already pointed out

This is his answer on how they will do it.

Quote: Okay, say admin installs a facebook widget, by using what is known as an 'image beacon', an image that is a 1x1 pixel in size (which forces your PC to load it), they extract the browser OS, screen size, IP, and general location (from an IP based trace route of the hops associated). If they add in a cookie - which facebook widgets are known to have - the cookie stores a unique ID of the user, and assuming the cookie isn't erased by the next time they log-in at facebook (or if it is but facebook still have their IP, browser, OS etc infomation), facebook associates the cookie to the user and ergo the site the widget was originally on.

With that information, they pull up that users peer list, which includes any non-users (shadow profiles), phone numbers etc - including any contacts you have on say, a smart phone (facebook by default is granted access because it's given unfettered access to the entire smartphone). This allows them to pull the entire smartphone's contact list, associate it to your profile, and then attempt to match it to any non-users' shadow profiles.

Another way is via redirection in HTTP: it's common practice for a HTTP request to contain the page it's directed from (if you need proof of that I'd be glad to oblige) where-in the sending page attaches itself as a link (this is the more 'direct' approach). Facebook merely grab the page you came from (IE CTC) and then associate it with your account in the 'shadow profile'.

It will do this for all users either redirected via the 'connect' button or via any cookie stored (if so stored) or any image beacon used and subsequent OS/Browser/IP/Screen resolution match (which is basically how GLP knows to ban someone even when you get a new IP).

This isn't restricted to an association between CTC and facebook though: the unique cookie or 'footprint'/'fingerprint' of your machine is tracked on whatever site maintains a facebook widget. Which means eventually facebook get a good idea of what pages you visit, and why (they probably have a good idea of what porn sites, too).

Another way is say if a family member uses your IP/machine, then they 'log out' (facebook is reported by hackers to keep tracking even after you've logged out, although facebook deny this - but they also denied passing data to the NSA), if you then visit CTC with facebook connect, that IP between that family member and that site becomes associated - to you.

Whatever you post on facebook is parsed. Say I posted an image of myself on CTC, and you opted to post that (to facebook) and tag it as 'Joshua Flynn', your shadow profile would be associated with my non-user profile on facebook: this allows the formulation of association even if you didn't explicitly add me. You wouldn't add a photograph of an enemy (and if you did, you'd express contempt), so facebook assumes it's an associate or a friend.

And if you got a smart phone, and labelled a contact as 'Joshua Flynn', and it had facebook built in (which is de facto: all smart phones generally do), it will then associate that phone number as a possible number under my shadow profile.

Bear in mind facebook will be able to figure your CTC account to your real name, and from there what threads you post and like. And the problem isn't so much with facebook, as the government: let's say you posted an article on CTC that the government weren't exactly too happy about (and let's face it, people have been stranded by the NDAA, harassed by the FBI, etc for minor 'offences') and they needed an address?

This might be a-okay for you, but it might not be okay for other family members.

The only reason I'm so vehement about this is because I'm genuinely concerned about safety and security. Facebook are extremely sophisticated, and I'm not sure if you read the post, but they intended to 'activate microphones' in order to 'identify songs in the background' - which is, as you're guessing, a bullshit excuse.
MFC does not add any widget that might inject a cookie (which can eventually be used by Facebook to obtain just your forum's URL), so it's perfectly safe to use.

Also, note that Facebook can't set a cookie on a forum member's browser as long as he doesn't visit Facebook. A cookie is domain-dependent and can be accessed just by the domain that set it, so it can't "gather" information from another domain. It can be set by an "image beacon" as he said but it is used to track the user's interests (it can "send" to Facebook just the URL it has been set), and nothing else.