Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Force Login is not working correctly
  • Hi everyone,

    We are trying to include a 'Login with Facebook' button that will checks if there is a user with the fb_id that we pass in post, if so then login them in:

    $id = Input::post('id');

    $user = Model_User::query()
                    ->where('fb_id', $id)
                    ->get_one();

    if ($user) {

         Auth::force_login($user);

    }

    If I have guest_login enabled, this always logs in the guest user if I disable guest_login then I get a 500 server error and I'm not quite sure what I'm doing wrong.

    Thanks in advance.
  • HarroHarro
    Accepted Answer
    force_login() requires a user_id, not an object, so you need to do

    Auth::force_login($user->id);

    But are you sure you want to do this, it is extremely easy to hack this, and to login as any user without knowing the password.

    If you want to use Oauth logins like Facebook, it's better to have a look at Auth's Opauth extension (see the docs) which provide this feature completely integrated in Auth, and in a secure way.
  • I have also tried the user->id, but the documentation says you can pass a \Model\Auth_User object as well, maybe it is outdated.

    I wasn't sure of any other way to do it but I will take a look at this Opauth and see how it works, can it be used simultaneously with ORMAuth?
  • You are correct, you can pass a \Model\Auth_User object as well, but you don't do that, you pass something called Model_User.

    The Opauth extension is complete integrated in Auth, both for Ormauth and for Simpleauth, you can find information here: http://fuelphp.com/docs/packages/auth/opauth/intro.html and there is also an example of a login/registration controller so you can see how the extension works.

    Opauth information can be found here: http://opauth.org/ and you install the auth strategies it supports via composer, for example facebook: https://github.com/opauth/facebook
  • I will try the Opauth out, thank you so much for your help.
  • It looks like does not start new session. I use 1.8.2 on php 7.2.

    Implementing impersonation fuctionality I destroy current session and than force_login(), but user does not look like logged in. Only when I added Session::start() after destroy it begins working... but when I used it with another fuel version (alas, I did not remember which) and php 5.6 it was working without starting session manually.
  • You might want to test 1.9-dev, to see if the problem still exists there.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion