Same Name Game
| Project: | Facebook - Auth |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Currently Facebook Auth inserts the $username variable as
$username = $info[0]['first_name'] .' '. $info[0]['last_name'];This is a big problem for scalability considering the amount of users on Facebook with the same first and last names. A problem because this concatenation is inserted in the name field in the users table. This field is set to unique in MySQL thus every time a new Jim Smith tries to add your Facebook account it will give you a duplicate entry error. I just tried dropping that index
ALTER TABLE `users` DROP INDEX `name` and when I try to login with my facebook account with the same name as my other, I now get the following error message.
user warning: Duplicate entry '630192112@facebook' for key 2 query: INSERT INTO authmap (authname, uid, module) VALUES ('630192112@facebook', 40, 'facebook_auth') in /home/onlinewo/public_html/includes/database.mysql.inc on line 172.For those that are wondering what this is, I am receiving this message because of my previous attempt with the UNIQUE MySQL property set. After clearing the table of all previous entries the authorization works fine.
My gripe here is that the UNIQUE property has to be dropped in order for this to work in MySQL and the user has to create (and remember!) a new password in order to be uniquely identified. The latter puts apps based on Drupal at a big disadvantage over other apps that do not require another password.
My proposal
1. When a user lands in Drupal from the Facebook canvas the Facebook Auth module creates the new user, probably in the same fashion but the password is generated randomly. This random password is then stored in the users table password field and in a new table (possibly facebook_auth) alongside the Facebook user id.
2. Now when the Facebook user navigates back to the Facebook canvas where Drupal will serve the Facebook app pages, the Facebook Auth module will use the Facebook API to check the Facebook user id, use this id to retrieve the password from this new table (facebook_auth) and set the drupal authentication.
3. When users come directly to the drupal site they can then login using Facebook aunthentication and then change their password so they can use a regular login. This change would also have to be reflected in the facebook_auth table for canvas access to still work.
That's my idea :-) Any thoughts? Great work so far by the way.
#1
On a side note, for those never planning to have a login page on their drupal site, there doesn't seem to be any problem with using the Facebook user id as the password field considering that there wouldn't be an access point for someone looking to hijack the account in a situation where someone has obtained a user id and name.
#2
I have a beta fix available if you want to try it.
http://groups.drupal.org/node/6683 for more details.
I've added a way to pick another name the orignal was already taken.
#3
fixed in latest version.
#4
Automatically closed -- issue fixed for two weeks with no activity.