Windows LIve EasySocial Signup Not Working

Sorry for the delay. I saw your original post, but was hoping to get a response from Giancarlo to see if he had a similar response to that script.

In general, there should be some output from the PHP file you created. Can you change the top line to:Or even your own website URL (with or without SSL) and let me know if output comes out? If not, it means something is blocking the output, which is ok.. it's likely some PHP setting that won't spit it out. The error code 0 is still useful. If Google.com, or your site, or other sites show more output though, it means there is something wrong with your server connecting to login.live.com

If that doesn't improve anything, I'd have to ask you to please Private Message me the following:
* Super Admin access to your site
* FTP credentials (we'll need to modify some files to add additional debugging code).

We'll gladly investigate further to figure out what's going wrong.

Thanks,
Alex

Dave,
Sorry for the delays. I just wanted to let you know we're planning to investigate this a bit more tomorrow and will hopefully have a solution for why WindowsLive isn't returning information about the user then.

Thanks,
Alex

Dave,
Apologies for the delays. We've been doing some investigation, but simply can't recreate or understand the issue you're having. The https root certificate for the Windows Live servers should be included in any PHP installation. The certificate name is:
VeriSign Class 3 Public Primary Certification Authority - G5
That's a very standard certificate for 'big' sites, and should be loaded properly. Obviously, on your site, there's issues doing that.

With that said, I was unable to FTP into your server. I'm not sure what was happening, but it was never connecting to even try authenticating.

What I can recommend to do, which should work, is edit the following file:
/libraries/joomla/http/transport/curl.php

Around line 63, you'll see:Directly under that, add the following line:That will decrease the overall efficacy of *outgoing* SSL connections on your site. Data will still be encrypted, but the destination (Microsoft's servers) won't be validated against known root certificates, since the Verisign root isn't properly found.

Please test that and let me know how it goes. Hopefully, authentication will start working and get you going for now.

Thanks,
Alex

Any information they can provide would be super helpful. That line that I had you add is a PHP directive that is basically telling it that the SSL certificate doesn't need to be checked. It doesn't get much lower-level than that.

Again, I was unable to FTP into your site, which could allow me to do more testing to narrow things down. For now, I wanted to get you going with something that works.

As for the the security with that line, it is *slightly* diminished to very focused attacks on your site. Someone would have be a 'man in the middle' and intercepting requests from your server to Facebook and really targeting your traffic for it to open up any sort of vulnerability. Again, all data *is* still encrypted during communications, so it's not publicly exposed in anyway.. but, a very, very serious hacker could target your site and decrypt a user's profile information while it's being transferred.

I hope that all explains things,
Alex