Facebook authentication plugin for Coppermine. This is not a bridge, it will not affect existing Coppermine users in any way - standard login and user registration is still available.
Requirements- Coppermine 1.5.x (tested with 1.5.12)
- FirePHPCore 0.3.2 [1]
- Http server with url rewriting enabled
- Facebook account [2]
Installation1. First you need to register your gallery as a facebook application [3]. Continue this steps when you've got Application ID and App secret.
2. Install FirePHPCore 0.3.2 [1]. This is a logging library which makes PHP development a little less annoying. You can put it in the root of your page (in /FirePHPCore).
3. Create an url rewrite rule from facebookauth.php to index.php?file=facebookauth/facebookauth.php, e.g. if your gallery is available at
http://yourdomin/gallery/, create
http://yourdomin/gallery/.htaccess file with following contents:
RewriteEngine On
RewriteRule ^facebookauth.php$ /gallery/index.php?file=facebookauth/facebookauth&%{QUERY_STRING} [PT,L]
If you're having problems with this step, consult Apache documentation and/or your hosting service provider.
4. Install the plugin
5. Use phpMyAdmin to set plugin_facebookauth_* configuration parameters:
- Set plugin_facebookauth_application_id with the Application ID you got in step 1
- Set plugin_facebookauth_application_secret with the App secret you got in step 1
- Set plugin_facebookauth_firephp_path with relative path to Fire PHP, e.g. if your gallery is available at http://yourdomin/gallery/ and Fire PHP is available at http://yourdomain/FirePHPCore, then the default value "../FirePHPCore" is correct.
6. Open the login.php page and click the link above the login form: "Login via facebook"
7. Login to facebook, if not already logged in. Then you will need authorize the gallery to access some personal information (see facebook authentication documentation [4] for details).
8. New user account is created in Coppermine; you should now be logged in.
Why the url rewrite rule?For some reason, facebook api doesn't like this url: index.php?file=facebookauth/facebookauth.php, even when it's properly escaped. Url rewrite rule is a way to make it work while complying with Coppermine url conventions.
Javascript Overlay Features- You can add links like <a href='facebook'>your text here</a> to your theme, they will be converted into facebook login links (only the href='facebook' part matters). After login the user will be redirected back to the page where the link is.
- Usernames rendered on page will be replaced with names got from facebook. There are 3 modes, defined with plugin_facebookauth_show_names configuration parameter: 0 - no username replacing, the displayed names will be something like fb12345678; 1 (default) - replace with only first name; 2 - replace with both first and last name.
- Add a login link on login.php page. This is defined by plugin_facebookauth_show_login property - 0 don't add the link; 1 (default) - add the link.
SecurityThis modification should be as safe as Coppermine and facebook authentication api.
Privacy- Following user information is stored in the database: facebook id, first and last name, email.
- Due to how username replacing feature is designed, one can find names of all users who logged in to Coppermine using facebook authentication by examining the source of the page. Keep this in mind when setting plugin_facebookauth_show_names (1 will expose only first names - no big deal, 2 also last names).
- Coppermine allows users to delete their accounts, but that does not affect information stored in plugin_facebookauth_users table (first and last name). This is because there is no hook for user deletion.
Known Issues- Editing comments doesn't work when plugin_facebookauth_show_names > 0. Root cause of this problem is that Coppermine doesn't differentiate between username/login and displayed name. Workaround: uncheck 'Allow users to edit their comments'.
DemoIf you want to try it out, go to
http://www.marek-paterczyk.waw.pl/gallery/, open any picture, then click on "Login via facebook" link below comment section. You can delete your account afterwards if you want.
[1]
http://www.firephp.org/[2]
http://www.facebook.com/[3]
https://www.facebook.com/developers/[4]
http://developers.facebook.com/docs/authentication/