dfunk006

Social Sign In Module/Plugin using Hybridauth

48 posts in this topic

Hello,

Would anyone be interested in creating a social sign in module using Hybridauth?

Hybridauth (Link - http://hybridauth.sourceforge.net/) supports social sign in from Google, Facebook, Twitter and many more. Hybridauth plugins are available for Wordpress, Drupal, Joomla, Modx and many more. (Link - http://hybridauth.sourceforge.net/plugins.html)

Let me know if anyone would be interested in developing this for Processwire.

Thanks

Share this post


Link to post
Share on other sites

Very interesting Plugin, though, what do you expect from a plugin in processwire? It seems like its almost ready to use as it is?

1 person likes this

Share this post


Link to post
Share on other sites

Wow. Perfect Timing: Today I was searching for something exactly like this as we are building a social media campaign microsite for a client (let's see maybe the Login part will become a module). Thanks a lot for the link! :)

2 people like this

Share this post


Link to post
Share on other sites

@Harmster: Yes, Hybridauth should handle most it. The processwire module should add social login / register functionality to a website or application (login using multiple providers such as Facebook, Google, Twitter and more). The module should have a configuration screen in the admin which allows admins to select the providers and enter their App ID and App Secret from the respective social network.

apeisa has created a similar module only for Facebook login (Link - http://modules.processwire.com/modules/facebook-login/) I would like to develop a module that allows multiple social networks.

@felix: glad you found the link helpful!  :) Hopefully this module will be helpful to a lot of others as well!

2 people like this

Share this post


Link to post
Share on other sites

@Harmster: Yes, Hybridauth should handle most it. The processwire module should add social login / register functionality to a website or application (login using multiple providers such as Facebook, Google, Twitter and more). The module should have a configuration screen in the admin which allows admins to select the providers and enter their App ID and App Secret from the respective social network.

apeisa has created a similar module only for Facebook login (Link - http://modules.processwire.com/modules/facebook-login/) I would like to develop a module that allows multiple social networks.

@felix: glad you found the link helpful!  :) Hopefully this module will be helpful to a lot of others as well!

Alright, sounds really good, I'll take a look today I have a few days spare and I think the everyone here could find this enjoyable. I'll let you know ;)

2 people like this

Share this post


Link to post
Share on other sites

Okay (Sorry for double posting, but I think this is worthy of having its own post)

https://github.com/hawiak/hybridauthforprocesswire

I've started witht he devleopment, I haven't tested anything because I am running this on a local machine, as for now the module has a bunch of inputfields and generates an object hybridauth, this is then bound to a fuel in the init() method and hoepfully you will be able to use it in your project as $hybridauth.

Are there people that could help me with this? Or atleast test it?

EDIT:

It does work for facebook:

Ive put this on my index(It throws a redirect loop but thats because its on my index_

if (isset($_REQUEST['hauth_start'])){
  Hybrid_Endpoint::process();
}
$adapter = $hybridauth->authenticate("Facebook");
$user_profile = $adapter->getUserProfile();
print_r($user_profile);
1 person likes this

Share this post


Link to post
Share on other sites

@Harmster: Great Stuff!  :)

I downloaded and installed the module and i'm getting the following error: "You cannot access this page directly"

In fact, I tried integrating Hybridauth with my processwire site earlier (without making it a module) and I got a 403 Forbidden error. I realised that as per processwire's security settings, you cannot run external php scripts from within the templates folder. So, I created a login.php template and moved the Hybridauth library to the site folder. But when I tried to access the login.php template, i got the same error: "You cannot access this page directly"

So, I decided to move the entire authentication externally - I placed all the files (Hybridauth library and login.php file) in the site directory and when i tried to access the login.php, it worked!

I wanted to access the $user variable externally, so I bootstrapped processwire to access its APIs. As soon as I included the processwire index.php file, i got the same error again: "You cannot access this page directly" 

Not sure what's exactly happening there but seems to me that there is some conflict between processwire session and hybridauth session.

Have you encountered this issue? 

Share this post


Link to post
Share on other sites

No, never seen that issue to be honest.

I just placed all the files in /site/modules/ and I installed it

since the module will include the Auth and then create the object in the module itself. I did use it on a template though.

Share this post


Link to post
Share on other sites

That's strange. The processwire .htaccess file doesn't allow you to run php files placed within templates or modules via an HTTP request. It throws a 403 Forbidden error if you try.

Few questions:

- Are you running this on localhost or on a web server?

- Which version of processwire are you running?

- What is your endpoint?

Thanks a lot for your help!

Share this post


Link to post
Share on other sites

Oh, never knew that. Ive developed a few modules that always let me include PHP files, I am not sure whether or not that is a HTTP call, since I only include it.

- Localhost

- 2.3

- http://localhost/index

Ive registered http://localhost:80 on facebook both as app and as website. As for now I dont have a webhost available (....) but it shouldn't make any difference..

What are you trying to do? I've got it working by having the module folder (called ProcessHybridAuth) in the /site/modules/ folder

then install it via the processwire admin and the put the code I wrote down earlier on a template called index (The home page / ) and then accesing it by localhost/project/

Share this post


Link to post
Share on other sites
Oh, never knew that. Ive developed a few modules that always let me include PHP files, I am not sure whether or not that is a HTTP call, since I only include it.

Check the following lines in processwire's .htaccess file:

# Block access to any PHP files in /site/modules/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ [OR]

Processwire blocks access to site modules and templates for security reasons. More information can be found here: http://processwire.com/talk/topic/1794-how-to-change-permissions-inside-processwire/

- Localhost

- 2.3

http://localhost/index

 

I'm using processwire 2.4 on a web server.

What are you trying to do? I've got it working by having the module folder (called ProcessHybridAuth) in the /site/modules/ folder

then install it via the processwire admin and the put the code I wrote down earlier on a template called index (The home page / ) and then accesing it by localhost/project/

I uploaded the module folder (ProcessHybridAuth) in the /sites/modules/ folder and then installed it via the processwire admin. I put the endpoint as the URL to the hybridauth folder that contains the hybridauth config.php file (http://hostname/site/modules/ProcessHybridAuth/hybridauth/), enabled Facebook, entered the Facebook app id and secret and put the code you wrote down earlier in a template called login. When i tried to access this login page, i get a 403 Forbidden error.

So, i move the hybridauth library from the modules folder to the site folder and change the endpoint URL accordingly. Accessing the login page then gives me the following error:

You cannot access this page directly.

I found these hybridauth FAQs which indicate that this error could be most likely a session issue. (Link - http://hybridauth.sourceforge.net/wsl/faq.html)

Any help would be much appreciated

Share this post


Link to post
Share on other sites

But thats for HTTP requests, I dont think PHP even uses that if you include a file? Since its called UrlRewrite. I'll try it this afternoon or tomorrow with the 2.4 on a webserver (If i can get one in time) I doubt that its inpossible top include files since if you just include a php file on a template it works too. 
 

EDIT:

Did you make a page for Login? 

ill try and upload a complete 2.4 version with the module installed so that you can see what we did different. Give me half an hour :)

EDIT2: 
 

I am a bit confused about the behavior of the HybridAuth... It takes me a bit longer

EDIT3:

I've encountered the same problem. I think I need to find a fodler that doesnt have that restriction but I cant seem to find one... 

1 person likes this

Share this post


Link to post
Share on other sites
Did you make a page for Login? 

Yup, I did, and associated it with the template that had the code you had written earlier.

I've encountered the same problem. I think I need to find a fodler that doesnt have that restriction but I cant seem to find one... 

There you go! We're on the same page now. Which problem did you encounter though? The 403 Forbidden one or the "You cannot access this page directly". The latter is an error that is coming from the Endpoint.php file in Hybridauth i believe. Also, i think the problem is with hybridauth's session within processwire. Independently it works fine.

Have you managed to find any solution to this yet? I've thought of a workaround solution. Will try and implement it and let you know if I was successful. 

Share this post


Link to post
Share on other sites

I've encountered the same problem. I think I need to find a fodler that doesnt have that restriction but I cant seem to find one... 

I haven't read your code of the project. Just want point out that:

If you have to call PHP scripts directly (not include them), with it's URL, you cannot store them into the sites/... folder. If it is only one script, you may place it into the root besides the index.php of pw. Also if you want / have to collect some output from that script within pw, you can bootstrap PW within that script, store a result into a $session->var and also use $session->redirect according to that output, if you need that.

5 people like this

Share this post


Link to post
Share on other sites
If you have to call PHP scripts directly (not include them), with it's URL, you cannot store them into the sites/... folder. If it is only one script, you may place it into the root besides the index.php of pw. Also if you want / have to collect some output from that script within pw, you can bootstrap PW within that script, store a result into a $session->var and also use $session->redirect according to that output, if you need that.

I have tried bootstrapping processwire within the script and it does not work. There seems to be some conflict between the Hybridauth session and PW session. Without bootstrapping, the script works absolutely fine.

Has anyone encountered a session conflict before between $_SESSION and $session?

Share this post


Link to post
Share on other sites

Normaly there should be no conflict:
https://github.com/ryancramerdesign/ProcessWire/blob/master/wire/core/Session.php#L9
 
 
But how have you done it?
 
Included PW at the first line, - or somewhere in between?
 
Have you logged a var_dump of $_SESSION and wire('session') or have you tried to use the global var $session what is not available in bootstraped scripts?
 
Have you logged it before and after bootstrapping PW, if you do not include it at first?
 
It depends on the code of the hybridauth-script where to look for potential conflicts.
 
 
Have you turned debug on? Any errors? Have you outputted / logged errors from the hybridauth script? What does not work, what is different running it without pw? A few details surely could help people to help you ;-)
 
---------------------------------------------------------------------------------------------------------------------------------------

EDIT:

After reading a bit of that stuff it seams to me that the way to go should be:

Additional to the above basics you have to build a layer where you list the providers you want to use for authentication. The user first need to select one.
 
Maybe you need to hook into Session::login instead of Session::authenticate, but you will find out if you start testing :)

Edited by horst
1 person likes this

Share this post


Link to post
Share on other sites

But how have you done it?

 

Included PW at the first line, - or somewhere in between?

I have included it in the first line.

Everything works fine independently, but when I include PW and try to access the page, I get the following error: You cannot access this page directly

So, I'm pretty sure that the error is caused because PHP's SESSION have been renamed. When the session name is default (PHPSESSID), hybridauth works fine. But when PW is included, the session name changes to 'wire' which throws the above error.

Have you logged a var_dump of $_SESSION and wire('session') or have you tried to use the global var $session what is not available in bootstraped scripts?

I have not used $session.

It depends on the code of the hybridauth-script where to look for potential conflicts.

I think most of the session storage happens in Storage.php file of hybridauth. Maybe, rather than bootstrapping, if I put the hybridauth library in the templates folder and change all reference of $_SESSION in Storage.php to $session, do you think it might work?

Have you turned debug on? Any errors? Have you outputted / logged errors from the hybridauth script? What does not work, what is different running it without pw? A few details surely could help people to help you ;-)

Yes. I'm getting the following error:

PHP session.name diff from default PHPSESSID. http://php.net/manual/en/session.configuration.php#ini.session.name.

I hope that helps! Let me know if you require any other details. Thanks a lot for your help!  :)

Share this post


Link to post
Share on other sites

 but when I include PW and try to access the page, I get the following error: You cannot access this page directly

what page do you try to access? where is it (url)? which part generate the error? do you have additional code for pw running not only the include? if yes, comment it out - you need to go step by step for trouble shooting.

BTW: I have edited my post above, I think bootstrapping isn't the way you have to go here.

Share this post


Link to post
Share on other sites
what page do you try to access? where is it (url)? which part generate the error? do you have additional code for pw running not only the include? if yes, comment it out - you need to go step by step for trouble shooting.

I have created a page which uses the Hybridauth API to authenticate through a provider. The part that generates the error is the following:

$adapter = $hybridauth->authenticate( $provider_name );

 

After reading a bit of that stuff it seams to me that the way to go should be:

  • I have no prior experience in developing modules for PW. I was hoping someone in this forum could help me develop that.
Additional to the above basics you have to build a layer where you list the providers you want to use for authentication. The user first need to select one.

 

 

 

This should not be an issue. :)

Share this post


Link to post
Share on other sites

Sorry, I cannot really follow what you have done :)

There are good explanation in the API with the Hello World module and many related posts here in the forums. If you want to search for something you should not use the forums search. Instead you should use google with queries like: site:processwire.com/talk write my own module (the 'site:processwire.com' part is important). If you only want to search in the forums you add a /talk to the domain, etc.

You also may ask Felix what he want do with hybridAuth and if he plan / is able to share his work.

Share this post


Link to post
Share on other sites
I have already integrated hybriauth, I solved the problem by commenting



session_name($config->sessionName);



inside /index.php. 

Otherwise the sessions are not recognized as equal.

Unfortunately I have not developed a module, neither integrated ProcessWire's users but only session based auth.

1 person likes this

Share this post


Link to post
Share on other sites

Yes, I discovered that 2 days ago myself! :) 

Hybridauth requires the session name to be PHPSESSID to work properly. So, i changed the session name in config.php from 'wire' to 'PHPSESSID' and it started working!

I'm working on integrating it with PW's users now. Will post when I have a working module ready. 

1 person likes this

Share this post


Link to post
Share on other sites
Hey guys,

I have the same issue with pw and hybridauth. I placed the hybridauth directory in site/. Because I'm dealing with the Xing API I'm using another Provider - but this isn't the issue here.

I placed a simple xing.php file into site/ and hooked it up with all the necessary stuff. If I now call the php file in the browser everything is working as aspected - I get my data from the Xing API.

But here comes the problem: As soon as I want to put all my code from xing.php into a template in the templates directory the known message "You cannot access this page directly." appears. I suppose it's kind of the same problem as dfunk006 described and I tried the proposed fix with session names but nothing really help me by fixing this problem ($config->sessionName = 'PHPSESSID'; -> doesn't worked for me).

Now I'm kind of stuck in this situation and have no idea how to fix this.

Any further ideas or explanation how others fixed that?

Share this post


Link to post
Share on other sites

Try commenting all the session's configuration in index.php

	// session_name($config->sessionName); 
	// ini_set('session.use_cookies', true); 
	// ini_set('session.use_only_cookies', 1);
	// ini_set("session.gc_maxlifetime", $config->sessionExpireSeconds); 
	// ini_set("session.save_path", rtrim($config->paths->sessions, '/')); 

It worked for me.

1 person likes this

Share this post


Link to post
Share on other sites
Hey guys,
 
I have the same issue with pw and hybridauth. I placed the hybridauth directory in site/. Because I'm dealing with the Xing API I'm using another Provider - but this isn't the issue here.
 
I placed a simple xing.php file into site/ and hooked it up with all the necessary stuff. If I now call the php file in the browser everything is working as aspected - I get my data from the Xing API.
 
But here comes the problem: As soon as I want to put all my code from xing.php into a template in the templates directory the known message "You cannot access this page directly." appears. I suppose it's kind of the same problem as dfunk006 described and I tried the proposed fix with session names but nothing really help me by fixing this problem ($config->sessionName = 'PHPSESSID'; -> doesn't worked for me).
 
Now I'm kind of stuck in this situation and have no idea how to fix this.
 
Any further ideas or explanation how others fixed that?

If you put Hybridauth in the site/ directory, it will use the default PHP session.save_path. Your template in Processwire uses pw's session path (assets/sessions). You need to ensure that both the session paths are same for it to work.

You can do this by commenting the following line in index.php

//if(ini_get('session.save_handler') == 'files') ini_set("session.save_path", rtrim($config->paths->sessions, '/')); 

This will make pw's session.save_path as the default PHP session.save_path. Now session variables can easily be passes between PW and Hybridauth templates.

2 people like this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.