Logging out Facebook connect and my site

Alex500
Alex500 used Ask the Experts™
on
Hi I am attempting to build a log in system that allows users to either register a new account with my site or use Facebook connect to log in using their existing facebook data. So far so good I have all the login stuff working pukka! Only problem is the way I've integrated with my system doesn't make it the easiest to log the user back out. Basically when they connect through facebook my system checks to see if there facebook id exists in my users table and if it does pulls out the username and password for that user and runs them through my normal sites login script to log them in. So heres my prerogative, I can get the user to log out of their facebook account but not run my logout function or after facebook logout redirect to my log out page. I have post some code below to show you what I am trying to achieve. Please ignore random bits of commented out code, this is just me trying other stuff.


<?php
//Facebook Login this is the main part that logs users in
$cookie = Facebook::get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);

if ($cookie) { 
     
	$fb_id = $cookie['uid']; 
	
		
	
	$found_fb_user = User::check_fb_user($fb_id);
	
	if ($found_fb_user) {
	
	/*$user = json_decode(file_get_contents(
    'https://graph.facebook.com/me?access_token=' .
    $cookie['access_token']))->me;
	//register_user($user->id, $user->email, $user->name, $user->username, $user->birthday_date);*/
	
	
	

	$found_user = User::authenticate($found_fb_user->username, $found_fb_user->password);
		//Check database to see if username/password exist
		if ($found_user) {
			$session->login($found_user);
			//redirect_to("/index.php");
		} else {
			$message = "Error please contact the site administrator";
		}
		
	} else {
		/*$user = new User();
		$user->username = "Test";
		$user->password = "Test";
		$user->first_name = "Test";
		$user->last_name = "Test";
		$user->create();*/
	} 
 
}

?>





//My facebook login/logout button
 <fb:login-button autologoutlink="true" perms="email"></fb:login-button>



//ideally id like to run this php after the facebook logout has completed

<?php
$session->logout();
redirect_to("/"); 
?>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Top Expert 2016

Commented:
This cannot be the complete code, right?  I cannot find the definition for $session.

Couple of options... Authenticate test with FB on every page load or use the PHP session handler.  I think I might opt for the latter.

Author

Commented:
This is my session class where I identify if the user is logged in or not but how would I cancel the session if the user has logged out of facebook? using PHP authentication with FB on every page sounds wasteful.
<?php
/*------Final Major Project Session class dev by Alexander Vince 28/9/2010 ------*/


class Session {
	
	private $logged_in = false;
	public $user_id;
	public $message;
	//public $session_level;
	
	function __construct() {
		session_start();	
		$this->check_message();
		$this->check_login();
		if($this->logged_in) {
			//Actions to take right away if user is logged in.
		} else {
			//Actions to take right away if user is not logged in	
		}
	}
	
	public function is_logged_in() {
		return $this->logged_in;	
	}
	
	public function login($user) {
		//Database should find user based on username/password;
		if($user) {
			$this->user_id = $_SESSION['user_id'] = $user->id;
			$this->logged_in = true;	
		}
	}
	
	public function logout() {
		unset($_SESSION['user_id']);
		unset($this->user_id);
		$this->logged_in = false;	
	}
	
	public function message($msg="") {
		if(!empty($msg)) {
			$_SESSION['message'] = $msg;
		} else {
			return $this->message;
		}
	}
	
	private function check_login() {
		if(isset($_SESSION['user_id'])) {
			$this->user_id = $_SESSION['user_id'];
			//$this->session_level = $_SESSION['acc_level'];
			$this->logged_in = true;
			} else {
			unset($this->user_id);
			$this->logged_in = false;
		}
	}
	
	private function check_message() {
		if(isset($_SESSION['message'])) {
			$this->message = $_SESSION['message'];
			unset($_SESSION['message']);
		} else {
			$this->message = "";
		}
	}
	
	 
}

$session = new Session();
$message = $session->message();

?>

Open in new window

Author

Commented:
sorry meant to say using fb authentication on every page sounds wasteful. Id rather use the facebook connect stuff to initiate a log in but then use my sites session class to control everything.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
its just running log out i am having problems with. When they log out of Facebook i also need to log them out of my site.
Most Valuable Expert 2011
Top Expert 2016
Commented:
"When they log out of Facebook i also need to log them out of my site."  I understand that part.  I just don't think Facebook is going to give you a sync signal.  You have to ask Facebook for this information, and if you need it contemporaneously, you have to ask contemporaneously.  

If you're using the traditional PHP session handler, the session is gone at the end of the browser life.  From the look of the code above that appears to be the case.

Author

Commented:
Found a solution cheers

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial