A LoginLogout widget with Facebook Connect button, offering hassle-free login for your readers. Clean and extensible. Supports BuddyPress.
|Author:||Justin Klein (profile at wordpress.org)|
|WordPress version required:||2.5|
|WordPress version tested:||3.9.1|
|Added to WordPress repository:||16-03-2010|
|Total downloads:||265 463|
Click to start download
The simple concept behind WP-FB AutoConnect is to offer an easy-to-use widget that lets readers login to your blog with either their Facebook account or local WordPress credentials. Although many "Facebook Connect" plugins do exist, most of them are either overly complex and difficult to customize, or fail to provide a seamless experience for new visitors. I wrote this plugin to provide what the others didn't:
- Full support for both WordPress and Buddypress.
- No user interaction is required - the login process is transparent to new and returning users alike.
- Existing users who connect with FB retain the same local user accounts as before (matched via e-mail).
- New visitors will be given new user accounts, which can be retained even if you remove the plugin.
- Facebook profile pictures can be used as avatars.
- User registration announcements can be pushed to Facebook walls.
- No contact with the Facebook API after the login completes - so no slow pageloads.
- Won't bloat your database with duplicate user accounts, extra fields, or unnecessary complications.
- Custom logging options can notify you whenever someone connects with Facebook.
- A powerful set of hooks and filters allow developers to easily tailor the login process to their personal needs: redirect to a custom page, fill xProfile data with information from Facebook, setup permissions based on social connections, and more.
- Fully HTML/CSS valid.
In addition to the free features listed above, I also offer a Premium addon to provide some more advanced functionality. The following is an abbreviated list of Premium features; a more complete list, along with details on each item, is available on the plugin homepage:
- Multisite Support
- Shortcode Support
- Image-based login buttons
- Cache Facebook avatars to your local server
- Allow users to manually associate/disassociate their existing accounts with Facebook
- Automatically populate BuddyPress X-Profiles with information from Facebook
- Announce Facebook logins to the BuddyPress Activity Stream
- Show an AJAX spinner to indicate login-in-progress
- Add a Facebook button to the comment form, login form, registration form, and WPMU signup form
- Customize the redirect URL for first-time visitors, returning visitors, and logged-out visitors
- Restrict autoregistration to Facebook friends, Facebook fans, Facebook group members, explicitly invited users, everyone, or no one
- Send a customizable welcome mail to autoregistered users
- Customize the role assigned to autoregistered users
- Show/Hide/Customize the Widget's links, checkboxes, and textfields. Show the logged-in user's avatar in the Widget.
- Priority support
- ...And more
- Add a new debug option to disable the "Missing POST Data" login logs
- Add instructions to the admin panel for submitting your app for review (now required to post announcements to your users' walls)
- Change the publish_stream permission to publish_actions
- Confirmed working with WP 3.9.1
- Tested with WP 3.9
- Include the WP version in login logs
- CSS fix for twentyfourteen theme on iPhone & Android
- Change email to link in the copyright notice
- Fix a critical bug that sometimes causes users to be logged in under the wrong account 32-bit servers
- Facebook has rearranged their developers page again; updated the setup instructions in the admin panel & readme
- Checked compatibility with WP 3.8.1
- Minor security fix
- Update the summary in the 'plugins' page of the WP admin panel
- Update the Premium admin panel tab with features from addon v33
- Update the ReadMe (tagline, list premium features, etc)
- Verified compatibility with WP 3.8
- Add a "more info" link to the debug option for enabling logs (in the admin panel).
- Add a "callback" param to jfb_output_facebook_btn (required to support an in-progress premium feature)
- Add an admin panel warning if W3-Total-Cache is detected (with simple instructions for debugging an issue it sometimes causes)
- Add an admin panel warning if WPEngine is detected (with simple instructions for debugging an issue it sometimes causes)
- Tested on WP 3.7.1
- Fix PHP warnings when saving plugin options with WP_DEBUG enabled (Thanks Christian Wach!)
- Replace "Mouseover for more" info links in the admin panel with "Click for more," which uses a more mobile-compatible lightbox.
- Update WP compatibility number
- Widget uses wp_lostpassword_url() instead of site_url( 'wp-login.php' ), so that wp-login.php can be moved/renamed.
- Remove the "cURL not found" admin panel warning; it's no longer required (as of v3.0.0)
- Widget uses wp_login_url() instead of site_url( 'wp-login.php' ), so that wp-login.php can be moved/renamed.
- Revisions to satisfy wp.org's (apparently) new, stricter repo rules...:
- Instead of redirecting to _process_login.php, _process_login.php is always included and logins are handled during "init" (via a $_POST check)
- Remove __inc_wp.php
- Remove _autologin.php (it was extremely outdated & not necessary to the core plugin)
- Remove unused jQuery file
- Remove licensecheck
- Remove the auths (& add option to report usage statistics)
- Update the app setup instructions to mention Sandbox Mode (which FB now seems to be enabling by default)
- Update WP compatibility number
- Fix the image-based button preview in the admin panel teaser
- IMPORTANT: If you're a Premium user, please view FAQ46 BEFORE installing this update.
- IMPORTANT: If you've implemented any custom actions that utilize the Facebook API instance provided by this plugin, you'll need to update your code to use graph URLs instead (i.e: jfb_api_get("https://graph.facebook.com/me?access_token=".$arg['access_token'])). Further examples can be found on the plugin documentation page.
- This update completely eliminates the dependance on the old Facebook PHP API, which will speed up logins, significantly reduce memory usage, and prevent errors on localhost servers without a public URL.
- This update also adds support for Premium addon v30, which provides many new features (including the ability to use image-based / css-styleable login buttons).
- Display a warning for users who upload the premium addon to the wrong directory
- More descriptive error message for "Missing POST Data (access_token)"
- Cleanups to admin panel tab switching; refreshing the panel now restores the previously-shown tab
- Widget login form uses site_url (to support FORCE_SSL_LOGIN)
- Login callback redirects to _process_login.php over https if FORCE_SSL_LOGIN is enabled
- wp_login was getting a bad 2nd parameter when called during an autoregistration; fixed
- Check for a premium function before choosing the avatar cache dir
- Update the eStore link in one admin panel warning
- Pass the facebook UID into _process_login.php so it can be logged. This is useful for debugging failed login attempts, as we can determine if they were triggered by a valid user (and if so, who).
- Add appID and appValid to the Support Info tab
- Update the cURL test on the Support Info tab
- More descriptive instructions for users who've moved wp-config
- Fix the login button jumping around on initialization (thanks to yet another bug introduced by Facebook)
- Compatibility fix for BP Avatar Bubble
- Fix compatibility with woocommerce (wp_login action was supposed to take 2 parameters)
- Remove xmlns:fb from the header tag. It doesn't seem to be necessary for any modern browsers, and breaks validation for HTML5. If you find it necessary, you can always re-add it with a simple filter.
- Fix for validating the API key/secret on servers with invalid SSL cert
- jQuery is not working for some users on WP3.5. I explicitly enqueue it now.
- Fix mistake with prelogin error check
- Fix double-counting of logins (hopefully)
- Add a keepalive event & prelogin error check
- Fix a minor bug with new user notifications in WP3.5
- Update WP compatibility number
- Fix a harmless warning that appears on BP when WP_DEBUG is defined
- Another minor cleanup to the button-outputting code
- Add new filter
- Oops - very minor revision from 2.5.1 :)
- Combine the two profile picture queries into one (shave ~0.3s off of login time)
- Eliminate action wpfb_output_button, and cleanup jfb_output_facebook_btn for clarity (and in prep for a future change)
- I've eliminated the need for the Facebook PHP SDK entirely. Although it's still included and passed to the actions/filters for backwards-compatibility, calls to the Graph API should now performed via jfb_api_get() and jfb_api_post(), using the access_token provided. Specific changes:
- Rename jfb_get() to jfb_api_get()
- Add jfb_api_post() for API calls requiring HTTP POST
- Facebook JSON responses are decoded to associative arrays rather than objects (to match the format of the PHP SDK)
- Rename "accessToken" to "access_token" to better match the naming convention used by the Graph API
- Update jfb_post_to_wall() to avoid using the $facebook class
- Update all queries & error checks in _process_login.php to avoid using the $facebook class
- Rearrange things in _process_login.php, putting the $facebook initialization code into a "to deprecate" block
- Get rid of the 2.3.6 'one-time update' code to store the app access token in the DB
- Explicitly pass & check for the user access token in _process_login.php
- Provide the user access token to wpfb_session_established, wpfb_connect, wpfb_existing_user, wpfb_inserting_user, wpfb_inserted_user, and wpfb_login (so you can use it to query the Graph API in your addons)
- Cleanup jfb_output_facebook_callback()
- Fix a harmless notice that may appear if you have WP_DEBUG defined
- I've eliminated the old REST PHP library, which was only being used to validate the AppID & Secret in the admin panel; validation is now done with Graph. IMPORTANT: If you've been using this plugin since the old "App Key" days (over a year ago) and the AppID in your admin panel is an old alphanumeric value, you should replace it with the new numeric-only AppID shown in your App's settings on Facebook.
- Include the AppID in login logs
- Add a few more things to the Support Info tab
- Update the Premium Options tab to reflect the latest addon version
- Fix error reporting for a rare login bug
- Use wp_mail() instead of php mail() to send login logs (for servers with custom mail configurations)
- Include a stylesheet with some default widget styles
- Show "WP-FB AutoConn+" in the admin menu if the Premium addon is installed
- Improve browser detection for login logs (+ add detection for Android & iPad)
- Login logs include the full useragent string
- Get rid of old nonce debugging code
- Move the nonce check back to before the Facebook connection
- Bug fix when error-detecting the token in the admin panel
- When connecting with Facebook in the admin panel, cache the app token to the database (so addons/customizations can use it to access the API later)
- Add log messages when each action/filter is run in _process_login.php (for debugging add-ins)
- Move the Facebook connection to before the nonce check
- Add a new action 'wpfb_session_established,' so we can talk to Facebook before anything else happens
- Users who didn't update to 2.3.1 when it was released may now have some malformed avatar URLs in their db (resulting in frontend 'strpos' error messages); this update will fix those avatars. Note: Please remember to update your plugin whenever a new version is released, as Facebook changes their API regularly and skipping updates can sometimes lead to unpredictable behavior.
- Fixed a problem with Curl detection caused by FB changing things without telling people
- Facebook has yet again broken their API, causing avatars to always fetch size 50x50 (even for the "large" size used by BuddyPress and some 3rd party themes). This update should work around FB's bug, returning avatars to their former behavior.
- Fix a rare bug with avatar fetching
- Major performance improvement: logins should now be substantially faster on sites with large user databases.
- Update version compatibility number
- The 'Failed to get the Facebook User Session' error now refers to a specific FAQ.
- Add support for debugging memory usage and execution time (via the email logs)
- Combine Admin notices into one action
- Update the admin panel's premium teaser to include newly-added features
- Add an admin panel check to warn users whose servers don't have CURL installed
- Add an admin panel check to warn users whose servers dont have JSON installed
- Add a new tab to the admin panel with "Support Info" (to include when reporting a bug/issue)
- Nonce fix to resolve a conflict with Buddypress Groups, and potential validation issues with other plugins that use the default nonce name/action (thanks gbellucci!)
- Check for compatibility with WP3.3
- Removed an old (now unused) database option that was getting written on every pageload (thanks Aaron Frerichs!)
- Removed plugin sponsorship messages. See Automattic Bullies WordPress Plugin Developers -- Again.
- Fix: wpfb_extended_permissions filter was not being applied if neither "post to wall" nor "request email" options were checked.
- Add new BuddyPress XProfile mapping to the premium admin panel
- All new TABBED Admin panel!
- Better error reporting for "wp_insert_user failed"
- Add a note to the "Delete All Options" section of the admin panel
- Eliminate old admin panel code related to updating .htaccess rules for autologin
- Fix: Username style was defaulting to the legacy format on Buddypress
- Fix: Admin panel was not properly showing when the new username format is selected
- The "Buddypress-Friendly" username format (First.Last) seems to create issues with author links in WordPress, so I've added a new "First_Last" option (and left the old option there for legacy support only). If you have multiple authors and are using the "First.Last" format, you may want to change your username format.
- Move the Wall Announcement code into a filter, so it can be removed/replaced/customized if desired
- Update WP compatibility number
- Fixed a bug where the plugin was incorrectly stripping some language_attributes, causing problems for rtl languages.
- Eliminate the outdated xd_receiver.htm file
- Eliminate the outdated validate_php5.php file
- Update the instructions for creating an app (Facebook has changed things around yet again)
- Use https instead of http in channel.html to prevent insecure content warning
- Fix "wp_insert_user failed" bug (since 2.1.0)
- Fix a critical bug introduced in 2.1.0: not prompting for e-mail could result in false user account matches (i.e. logging someone in as someone else). Please update now!
- Replace deprecated get_settings() with get_option()
- Add rel=nofollow to the lostpassword link
- Update to use OAuth 2.0. NOTE: Premium users must also update their addons; see the support page for how.
- Don't apply sanitize_title to nicenames
- Fix for completely non-alphanumeric usernames
- Filtered avatars use the $alt provided by WP core (or theme)
- Fixed bug with avatar caching on BuddyPress
- Increase version campatiblity number
- Remove legacy API code from _process_login.php
- Remove legacy code for registering email hashes (Facebook has eliminated that functionality from their API for some reason...)
- Update instapopup to work with the new API
- Fixed avatars in Settings -> Discussion when avatar fetching is enabled
- Apply sanitize_title to the nicename (thanks Espen Espelund)
- Add sponsorship message
- General cleanups to _process_login.php
- Add a channelUrl to FB.init to resolve known bugs with the FB api
- _process_login will now look for "rememberme" POST variable
- Added a new "wpfb_rememberme" filter, so you can override the above if desired
- Oops: wpfb_userinfo_permissions was redundant; removed :)
- Handle relative paths in usermeta (for cached avatars)
- Get rid of some depreciated functions (get_usermeta -> get_user_meta)
- Add a new hook wpfb_add_to_asyncinit, so you can output your own JS after the Facebook API initializes
- Add a new filter wpfb_userinfo_permissions, so you can choose what userinfo permissions to ask for
- Check for function_exists('is_multisite') to support older versions of WP
- More descriptive error message for "Nonce check failed."
- More descriptive error message for "Failed to get the Facebook session."
- As Facebook has decided to shut off the old REST API on Sept 1, 2011, I've rewritten the core plugin to use the new Graph API. All Premium users must also update their addons to be compatible with this new core plugin.
- Removed "IE9 compatability mode" as it's no longer relevant.
- Removed "Request and require email permissions" as it's no longer relevant (all permissions are requested in a single popup, so one cannot be denied while approving the others).
- Show a warning to Premium users with an outdated version of the addon.
- Add an "IE compatability mode", so the old API will work on IE9. Can be disabled via debug options, but is enabled by default.
- CSS id fbLoginButton is now class fbLoginButton, to fix validation issue if multiple buttons are placed on the same page
- NOTE: Premium users using the "ajax spinner" feature must also update their addon!
- jfb_output_facebook_callback() is now automatically called by wp_footer; If you're manually outputting your own Facebook buttons, you should now ONLY call jfb_output_facebook_btn() (explicitly calling jfb_output_facebook_callback() is no longer needed!)
- Premium comment-form buttons now not dependent on Widget buttons
- Output some html comments
- Rename some functions that weren't following convention
- jfb_output_facebook_callback() prevents itself from outputting duplicate forms on the same page
- Just some revisions to the admin panel
- Another Facebook API error check in _process_login.php
- New filter wpfb_inserting_user to replace wpfb_insert_user
- CSS for the admin panel
- Slightly reworded disclaimer
- Remove Donate section from the admin panel (a bit redundant now that I've got a premium addon)
- Two minor html fixes in the admin panel
- Minor bug fix in browser detection (used by logging)
- Hide the MOD REWRITE section from the admin panel, and update documentation in _autologin.php
- Add a new wpfb_extended_permissions filter
- Report Browser and OS in the login logs
- Allow the Premium addon to reside outside the plugin dir, so it doesn't get overwritten by automatic updates (also requires an update to Premium.php; on its way...)
- Differentiate the "Save" buttons in the admin panel, for clarity
- Include the sitename in emailed login logs (helpful for people who admin multiple sites)
- Exception handling for stream.publish (may fail if the user enters too long a message)
- Add support for the new OpenGraph API to _process_login.php
- Earlier check for PHP5 in _process_login.php
- Remove extraneous test from _process_login.php
- Bundle new Facebook API (not used YET...)
- Cleanups to the admin panel
- Marked as compatible up to 3.1
- Add ability to enter your own logging email address
- Get rid of old "hide facebook button" debug option
- Fix for Facebook users who've enabled "Secure Browsing (https)" on their accounts
- Replace depreciated update_usermeta() with update_user_meta()
- Check for completely non-alphanumeric Facebook names when autoregistering with "Pretty Names" enabled
- Fix validation issue if present with Wordbooker (duplicate attribute in html tag)
- Update tested compatibility to 3.0.4
- Fix bug with avatars on author page
- Reveal new premium options in the panel
- Add wpfb_output_facebook_locale action
- Add wpfb_login_rejected filter
- Add some resources for a new premium feature, & reveal more premium options in the admin panel
- Fixed a BP bug introduced in 1.6.2...sorry!
- Add action wpfb_after_button
- "Use Facebook profile pictures as avatars is now just one option" (they aren't separate for WP and BP)
- Fixed a bug with author links (they didn't work because the "nicename" had a space in it)
- Removed the "Enable BuddyPress Support" option; it's always enabled now
- NEW OPTION: You can now select the autoregistered username style (FB_12345, FB_John_Smith, or John.Smith)
- Reveal the Premium options in the admin panel
- Error handling for depreciated connect.registerUsers function
- Compatability fix for W3-Total-Cache
- Remove one unnecessary call to Facebook API
- Add wpfb_admin_messages action
- Pass the callback name to wpfb_add_to_js action
- Add support for a new option in the premium version
- More descriptive error message
- Add wpfb_existing_user action
- jfb_output_facebook_init() is output in footer, once, instead of using jQuery. Should resolve conflict if multiple buttons are used on the same page.
- Slight revisions to readme
- Remove unneeded debug code
- Added new wpfb_prelogin action
- Added new wpfb_submit_loginfrm filter
- Added new wpfb_output_button filter
- Cleaner handling of a few admin panel options
- Cleaner integration with Premium addon
- Add full support for the Premium add-on
- Revise the features list in the Readme
- The wpfb_inserted_user action now supplies the full userdata of the inserted user
- Don't initialize the Facebook button until the page has finished loading (can be disabled via param to jfb_output_facebook_init())
- Setup hooks & options for lots of new premium features
- Add return URL to paypal donate button
- Hide the main plugin options until a valid API Key and Secret have been entered.
- Cleaned up admin panel code, regrouped the options, and rephrased some sections for better clarity.
- Cleaned up BuddyPress & Avatar code a bit
- Add an optional "Powered By" link (defaults to off)
- Revisions to premium-checking code
- Remove unneeded debug code
- Add support for eventual premium functionality
- Handle users with non-alphanumeric characters in their Facebook names.
- Use Firstname.Lastname rather than FirstnameLastname for Buddypress logins
- Revised some debug code, fixed problem with get_plugins()
- When debug logging is enabled, show REQUEST variables
- Added 2 new actions: wpfb_add_to_js and wpfb_add_to_form (Sponsored by VideoUserManuals)
- The prompts "Ask for permission to get the connecting user's email address" and "Request permission to post to the user's wall" are split into 2 separate permissions dialog, so the user may accept one but deny the other. (Sponsored by VideoUserManuals)
- Update the instructions (Facebook has changed some of the settings on their Create Application script).
- Performance optimization when searching for existing users during a login (thanks to Andy Clark)
- Still more checks to try and pinpoint the elusive "nonce check failed" bug
- More detailed log message on "nonce check failed" (to try and figure out what's causing it)
- Add a simple check to prevent users from accessing _process_login.php directly, PRIOR to the nonce check (so they get a different and more accurate error message)
- Attempt to find the user by directly looking up their email address before resorting to hashes
- Don't abort the login if Facebook refuses to register hashes (relevant on blogs with over 3,000 users)
- Slight rewording in the admin panel, for clarity
- Store proxied emails, if selected (Previously, the plugin was erroneously treating a "proxied facebook address" as "email address denied"; the log will now show what's really going on, and will store a proxied address, if selected).
- Clear previously fetched avatar if Facebook user has removed their profile picture
- Marked as compatible up to 3.0.1 (Oops! Forgot to do this earlier.)
- Nicer error reporting (thanks Andy Clark)
- Do not fetch Facebook profile picture if not present (revert to default WP/BP avatar)
- Fixed the "Object of class WP_Error could not be converted to string" bug
- Update Facebook API; PHP5 is now the minimum requirement
- This should (hopefully) fix the conflict with newer OpenGraph plugins (i.e. Like Button)
- New Feature: Use Facebook profile pictures as WordPress avatars
- Code reorganization; BuddyPress code is now in Main.php, avatars are fetched in _process_login.php, etc.
- Reorganize options a bit to make a separate "Buddypress" section
- Made "Replace BuddyPress avatars with Facebook profile pictures" as optional
- Use htmlspecialchars so the widget will validate when redirect_to contains special chars
- Get rid of PHP short tags
- Added "Disable nonce check" to debug options (not recommended - see FAQS on the plugin page)
- Oops! I made a commit error in 1.2.0.
- BuddyPress usernames generated via "First Name + Last Name" instead of "Name" (as reported here)
- Facebook profile images are automatically displayed as BuddyPress avatars
- Again redo how the "Require Email" option is enforced
- Add option to publish new user registration announcement on user's walls (prompts for permission on connect)
- Added action wpfb_inserted_user to run after a user is inserted
- Fixed "Require Email" option
- Minor change: Use wp_generate_password() for autogenerated passwords
- Fixed to work on sites with over 1,000 existing users.
- Add an error check for a very rare bug; If the plugin is working on your site, you may skip this upgrade.
- Include version number in login logs
- Slightly more descriptive error message in login logs
- Sanitize autogenerated usernames for BuddyPress
- Add "Show full log on error" option
- Add "Remove All Settings" (uninstall) option
- Check if other plugins have already included the Facebook API
- Logging: On failure, show the accumulated log up to the point of failure
- Logging: Show REQUEST variables
- Main: Add optional params to jfb_output_facebook_callback() and jfb_output_facebook_instapopup() so the default callback name can be overridden, allowing multiple login-handlers with different redirects and different email policies
- Main: auto-submitted login form's name based on the js callback name, to support multiple handlers
- Autologin: Fixed issue if both a button an autopopup were on the same page
- Include license
- Hopefully fix a crash on sites with more than 1,000 existing users
- Fix bug on some PHP4 configurations
- BuddyPress option is automatically enabled for BP installations
- Add wpfb_insert_user filter to run just before inserting an auto-created user
- Improved support for BuddyPress: use "pretty" usernames to fix profile links
- Include client IP in connection logs
- Cleanups/revisions to connection logs
- Add option to include Buddypress-specific filters
- Cleanup the Admin panel & update documentation
- Fix email hash-lookup for blogs with over 1,000 existing users
- Oops - Add support for PHP4 (really this time)
- Add support for PHP4
- Redirect form not generated by JS (this was leftover from an older version of the plugin...)
- Only check email hashes if there are actually existing users on the blog
- Add wpfb_connect hook that runs BEFORE a login is allowed
- If email privilege is denied on first connect, but subsequently allowed, the user's auto-generated account will have its email updated to the correct one.
- Added uption to REQUIRE email address (not just prompt for it)
- XHTML Validation fix
- Small typo in the Widget
- Hopefully fix the "Call to undefined function wp_insert_user()" bug
- Fix API_Key validation check - should work properly now.
- Convert PHP short tags to long tags for server compatability
- First Release