Welcome to Geeklog, Anonymous Saturday, December 21 2024 @ 06:36 am EST
Geeklog Forums
How to set Facebook OAuth in Geeklog?
Page navigation
::Ben
First you must go to the Configuration Admin panel:
Configuration > Geeklog > Users and Submissions > Users > User Login Method[OAuth]
Set this option to "true". Just below this configuration option you will find the other OAuth settings. Currently Geeklog supports logging in via Facebook, LinkedIn and Twitter via OAuth. For each of these three login methods you will find an option to enable it and two text boxes for you to enter an Application Id and Application Secret Key (see below to find out how to get an Id and Secret Key). Each of these items needs to be filled out before the login button for it will be enabled. Once you have filled out the required information remember to then save the configuration changes.
Other requirements needed to enable Geeklogs OAuth Login process is you must have the PHP extension OpenSSL loaded on your web server.
When you log out, you will see one or more new login buttons in your site's User Functions block, below the normal login options
So everything is set: User Login Method[OAuth], Application Id and Application Secret Key, SSL support for PHP is enabled:
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.7a Feb 19 2003
but when I log out I do not see a new login button.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
Laugh
If you upgraded from a previous version of Geeklog you will also need to include some new pear libraries. These libraries are included with the 1.8.0b1 download.
You could also open up and check out the function SEC_collectRemoteOAuthModules in lib-security.php. That is where all the checks are done before the OAuth login buttons are displayed (every thing from OPENSSL to finding the required template files).
Tom
One of the Geeklog Core Developers.
::Ben
From lib-security.php line 1767
$thtml = $_CONF['path_layout'] . 'loginform_' . $mod . '.thtml';
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
::Ben
Allow users to change their username will be necessary because the account I created with login from facebook give a login name like 100001018010901
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
Roccivic
Ok I can see the image now and I can log in. I forgot to allow user registration
Allow users to change their username will be necessary because the account I created with login from facebook give a login name like 100001018010901
Ben
From an email from Tom some time ago:
That's the name of the Facebook account (LinkedIn are weird as well).
The user can change it after if they want (the option has to be turned on in the config though).
Rouslan:
Maybe it should be on by default? Is there any reason why this may be a bad idea?
Laugh
I would put a feature request in the bug tracker and if I have time I can take a look at it. You could also contact contact ivy at Geeklog.jp to see what she says since they did develop the original hack for Geeklog.
Tom
One of the Geeklog Core Developers.
::Ben
The full name for the account I created on my test site was nicely set by facebook with my facebook account name.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
I have OAuth enabled on my test 1.8.0b1 site fine so something must be missing in your install... If you upgraded from a previous version of Geeklog you will also need to include some new pear libraries. These libraries are included with the 1.8.0b1 download. You could also open up and check out the function SEC_collectRemoteOAuthModules in lib-security.php. That is where all the checks are done before the OAuth login buttons are displayed (every thing from OPENSSL to finding the required template files). Tom
nice_idea_but_I_cant_use_it
But why? I'd love to have the Facebook login but there's no way I can set the queue to false.... with all the latest captcha stuff working I still get an obvious spammer every day try to sign up. There's also a person (serial pest) I choose to block as well.
So disappointing, I was excitedly telling my fellow writers how we'll get more interaction from our readers with the facebook login.
Laugh
You can set the user submission queue to false in the Geeklog configuration.
Tom
One of the Geeklog Core Developers.
nice_idea_but_I_cant_use_it
Laugh
One of the Geeklog Core Developers.
worldfooty
I've got GL 1.8.2 and latest captcha with the slider. So not sure if they are bots getting through or just human spammers. Note they aren't using the facebook login, they've just pounced on not having to be queued (presumably one got through and passes the info on or does multiple accounts themselves). A lot are email addresses of the form AbSurname@yahoo.com (i.e. capital, lower case, Surname) but I've seen plenty of other domains over time.
You should add a feature request for this so we don't forget in the bug tracker: http://project.geeklog.net/
I had a look and my reading of it is that you've already requested this yourself (but no one assigned). At least, to send oauth requests to the queue, so presumably that means allowing the queue and oauth to coexist.
I'll trial this for a few more days but looks like it's just letting way too many spammers through. Or is there something else I should also employ against them?
Laugh
The regular Captcha doesn't work with Remote logins because the buttons are links to the providers who do the main authentication.
When using the oauth services (or any remote login service really) you are already saying that you trust accounts from this provider. Of course this is the ideal world and we all know that Facebook and Google+ is full of spammer profiles.
This feature will get added at some point but I know I do not have anytime until the fall to work on Geeklog.
One of the Geeklog Core Developers.
worldfooty
I'm getting about 1 fake email address sign up every hour. None of them are oauth/facebook. It's purely regular sign ups. Strangely no spam from them yet (i.e. nothing from them in submissions).
Unfortunately if I set them all banned rather than deleted I'm going to have a massive database of banned users.... at this rate 5000 in a month.
Meanwhile no one logging in using facebook as yet, so I guess I should just disable it and remove the issue.
Laugh
Even with the slider you are getting one spam user an hour? I found the slider captcha to be a real good deterrent.
You should upgrade to Geeklog 2.1.0 beta 1 if you can. The Spam-X plugin does a much better job at blocking spam posts and users. (I can't remember if Geeklog 1.8.2 uses the SFS module or not).
Tom
One of the Geeklog Core Developers.
::Ben
You could also give a try to the monitor plugin. A new tool is available in version 1.2 to auto ban IP of users trying to abuse the user creation, the contact form of user profile and the captcha plugin.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
Page navigation
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content