PHP-Fusion Facebook Integration 1.02
For version 7.x
Coded By: Arda Kilicdagi (SoulSmasher)
Web: www.soulsmasher.net , www.phpfusionturkiye.com
This modification is based on the beautiful tutorial of barattalo.it

This program is released as free software under the
Affero GPL license. You can redistribute it and/or
modify it under the terms of this license which you
can read by viewing the included agpl.txt or online
at www.gnu.org/licenses/agpl.html. Removal of this
copyright header is strictly prohibited without
written permission from the original author(s).

FEATURES
--------------
This mod allows Facebook Connect to allow facebook users to login to your site.
After conencting, the system generates a new user binded with the user's Facebook account, snatches his/hers profile picture and email for its profile. (Note: for the privacy, if you hid your email from public, Facebook "proxifies" it with a loong facebook mail redirected to you for email column, that is normal)

INCLUDED LOCALES
---------------
-English
-Turkish

INSTALLATION
--------------
-Upload everything under files folder to your root
-Go to Admin panel->System Administration->Panels and add and activate facebook_login_panel
-Now go to http://developers.facebook.com/setup.php and generate your own application, set your website URL exactly. After that it'll give you a file names xd_receiver.htm. Upload that to your PHP-Fusion Root, and validate your website.
-After validating, you'll be redirected to Facebook Developers page showing your API and SECRET KEY. Open facebook_system.php, and fill these two lines:
define("FB_API_KEY","facebookapikeyhere");
define("FB_SECRET","facebooksecretkeyhere");

-And Run this once in custom pages:
<?php
$soul=dbquery("ALTER TABLE ".DB_USERS." ADD user_fb_userid BIGINT(16) UNSIGNED NOT NULL DEFAULT '0'");
$soul=dbquery("ALTER TABLE ".DB_USERS." ADD user_fb_hash VARCHAR(32) NOT NULL DEFAULT ''");
$soul=dbquery("ALTER TABLE ".DB_SETTINGS." ADD facebook_salt VARCHAR(32) NOT NULL DEFAULT ''");
$soul=dbquery("UPDATE ".DB_SETTINGS." SET facebook_salt='".md5(rand(0,9999999))."'");
?>

After this, either use modified files or mod manually.

-Now open maincore.php and find:
$user_pass = md5($_POST['user_pass']);
Change as:
if (isset($_POST['user_fb_hash'])) { $user_pass = $_POST['user_fb_hash']; } else if (isset($_POST['user_pass'])) { $user_pass = md5($_POST['user_pass']); }

-Find:
$cookie_value = $data['user_id'].".".$user_pass;
Add Above:
		//update facebook hash if not done yet
		if ($data['user_fb_hash']=="") { $result2=dbquery("UPDATE ".DB_USERS." SET user_fb_hash='".md5($data['user_password'])."' WHERE user_id='".$data['user_id']."'"); }	
		//update facebook hash

-Find:
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
Change As:
if (isset($_POST['login']) && isset($_POST['user_name']) && (isset($_POST['user_pass']) || isset($_POST['user_fb_hash']))) {

-Find:
	$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");
Change As:
if (isset($_POST['user_fb_hash'])) {
		$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_fb_hash='".facebook_crypt($_POST['user_fb_hash'])."' LIMIT 1");
	} else {
		$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");	
	}

-Find:
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' LIMIT 1");
Change As:
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND (user_password='".md5($cookie_2)."' OR user_fb_hash='".facebook_crypt($cookie_2)."') LIMIT 1");

-Find:
// Initialise the $locale array
$locale = array();
Add Above:
//this function is to improve security of user_fb_hash column.
function facebook_crypt($string) {
global $settings;
	return md5($string.$settings['facebook_salt']);
}
//function end

-Open includes/update_profile_include.php and find:
$new_pass = " user_password='".md5(md5($user_new_password))."', "; 
Change as:
$new_pass = " user_password='".md5(md5($user_new_password))."', user_fb_hash='".facebook_crypt(md5(md5($user_new_password)))."', ";

-Open administration/updateuser.php, find:
if ($user_new_password) { $new_pass = " user_password='".md5(md5($user_new_password))."', "; } else { $new_pass = " "; }
Change as:
if ($user_new_password) { $new_pass = " user_password='".md5(md5($user_new_password))."', user_fb_hash='".facebook_crypt(md5(md5($user_new_password)))."', "; } else { $new_pass = " "; }

-Open setuser.php and find:
if (!dbcount("(user_id)", DB_USERS, "user_name='".$user_name."' AND user_password='".md5($user_pass)."'")) {
Change as:
if (!dbcount("(user_id)", DB_USERS, "user_name='".$user_name."' AND (user_password='".md5($user_pass)."' OR user_fb_hash='".facebook_crypt($user_pass)."')")) {

I know, it's a big long, but it's needed.

KNOWN ISSUES
--------------
-Sometimes the page may show some issues like this:
Fatal error: Uncaught exception 'FacebookRestClientException' with message 'Session key invalid or no longer valid' in..
That is because of Facebook API, session timeout. If this happens, to fix this, logout from Facebook and try again, Or clean cookies.

TIPS
-------------
Instead of opening a facebook popup for login you can redirect people to facebook.com to force login.
To do this, uncomment this line:
//$fb->require_login();//uncomment this if you want to want to redirect to facebook.com to login the user.

VERSION HISTORY
-------------
1.02 - Fixed changed files includes/update_profile_include.php, administration/updateuser.php
	manual modding and changed file is added for setuser.php, so if a person from facebook logs in, setuser.php will output "Hello user" instead of "wrong password" even though the user logs in.
	username salting for the names which all characters are non-alphanumeric.
	PM issue is fixed (at least for me)
1.01 - Added changed files for 7.00.07
	Updated a minor issue about editing which prevented logging in.
	block image linked.
1.0 - Initial Release