Facebook Login On Website

Question

I am trying to implement Facebook Login on my website. And I have some questions. I am stacked on when user gives me permission I create A new account in my DB (So I can use my function to check if user is logged in and for more staff).

My question is When the user (is already registered on my website with Facebook) how do I login him? Using Only his Facebook ID? But if yes is anybody else knows my Facebook ID he can login?

Some code snippet HTML:

<a href="#facebook" id="f_in" class="log">Log In With Facebook</a>

JS

window.fbAsyncInit = function() {
   FB.init({
     appId      : 'APPID', // App ID
     channelURL : '', // Channel File, not required so leave empty
     status     : true, // check login status
     cookie     : true, // enable cookies to allow the server to access the session
     oauth      : true, // enable OAuth 2.0
     xfbml      : false  // parse XFBML
   });
};
(function() {
   var e = document.createElement('script'); e.async = true;
   e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';                
   document.getElementById('fb-root').appendChild(e);
}());
//login Function
function login(){
    FB.getLoginStatus(function(response){
        if(response.status === 'connected'){
                getCurrentUserInfo(response);
        }else{
            FB.login(function(response) {
                if(response.authResponse) {
                  //if (response.perms)
                      getCurrentUserInfo(response);
                } else {
                  console.log('Auth cancelled.')
                }
            },{scope:'email, user_birthday'}); // which data to access from user profile
        }
    });
}
function getCurrentUserInfo() {
      FB.api('/me', function(userInfo) {
        do_reg(userInfo);
    });
} 
function do_reg(userInfo){
    var dataString = "username="+userInfo.first_name+"&id="+userInfo.userID"&email="+userInfo.email;
     $.ajax({
    type:"POST",
    url: "do_reg.php",
    data: dataString,
           success:function(data){
         console.log(data);     
       },
    error:function(){

    }
    });
}

And some PHP:

    $username = $_POST['username'];
    $email = $_POST['email'];
    $id = $_POST['id'];
    $pass = pass_gen(10);

    $userData['uName']  = $username;
    $userData['uEmail'] = $email;
    $userData['uFid']   =   $id; //facebook ID
    $userData['uPassword'] = $pass;
    $userData['uPasswordConfirm'] = $pass;

    $create_user_row = UserInfo::register($userData); //create user in my DB
    if (is_object($create_user_row)) {
                  $u = new User; 
                  $u->loginByUserID($create_user_row->getUserID()); //login to my website system using created user object if success.
}
    //password generator
    function pass_gen($length)
        {
            $random= "";

            srand((double)microtime()*1000000);

            $data = "AbcDE123IJKLMN67QRSTUVWXYZ";
            $data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
            $data .= "0FGH45OP89";

            for($i = 0; $i < $length; $i++)
            {
                $random .= substr($data, (rand()%(strlen($data))), 1);
            }

            return $random;
        } 

Flow: 1.User click Facebook Login 1.1 Check is user is logged in to Facebook 2.2 Check Permission Asked 1. Get User data and send via ajax to do_reg.php 2. Creates new user in DB based on POST data 3. Logins user to Website system using created object.

So the question is If the user is not logged in to My website but He created already account via Facebook on the website How do I login in Him when he click login with Facebook using existing account?

By Facebook ID? I think I am loosing some sort of flow.

Answer 1

Actually, you don't have to manually take care of the Login status for a user. The Facebook SDK for JavaScript automatically handles access token storage and tracking of login status, so apps using it do not need to create their own mechanisms for doing so and this is the whole point of using the Facebook SDK for JavaScript. The login documentation will help you understand how actually this should be done.

However, you can store some user information in your database for your own reference.

Answer 2

My question is When the user (is already registred on my website with Facebook) how do I login him? Using Only his Facebook ID? But if yes is anybody else knows my facebook ID he can login?

As Rahil mentioned, Since you are using FBLogin you don't need to rebuild Login mechanism in your end. Once the user click on the FB Login button in your application, the JS code will check the status of the user and FB will return a status value as follows,

**connected**. The person is logged into Facebook, and has logged into your app.
**not_authorized**. The person is logged into Facebook, but has not logged into your app.
**unknown**. The person is not logged into Facebook, so you don't know if they've logged into your app

The user flow will be like this,

1) First time User visit your site and click on FB Button

2) Now FB checks the user is logged into facebook or not

  If the user is already logged in then FB check user already authorised or not

  If not then FB shows the auth dialog 

     User accepts your permissions then Fb direct to your website

     Now FB will return "connected" status. During this time add on entry in your table about the new user

3) Second time when the user visit your website and click on FB login,

 Now you will get the connected response from FB, then check your db table, If the user is a new user or already a member by checking into your table for an entry.