Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. New feature request

Topic-icon New feature request

Active Subscriptions:

None
11 years 7 months ago #48185 by none
New feature request was created by none
Hi,

I would need a very important option which I couldnt find in JFBConnect admin.
Here is my problem.
I have 2 Joomla registered users. "User A" and "User B".

User A logs in and hits the facebook or any other social button. Then JFBconnect connects the XYZ's facebook profile to User A. After "User A" logs out "User B" logs in (which is the same user than User A) and also hits Facebook login and loads in again his XYZ Facebook profile field data. So User A and User B have connected to the same Facebook profile and they both have the same field data transferred.

I need an option in the admin where I can block this so one Facebook profile cannot/should not be connected to multiple users on the site. If a Facebook profile connected to another user then the component should reject the Facebook connection request.
We use JFBconnect to identify users on the site and this issue breaks down our identification process. Can I get a fix for this please. It would be extremely helpful.
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago - 11 years 7 months ago #48186 by none
Replied by none on topic New feature request
I checked jfbconnect_user_map table in the database.
If another user connects to the same facebook (or any other social profile) in jfbconnect_user_map table the user ID just simply changes. This is really bad and I dont think just for me. Basically any user could change, steal the identity of a previously registered user. Not to mention that the user profile in Jomsocial and the profile field data will be the same. These profiles get duplicated which is also bad for SEO.

I just need some sort of option which allows or disallows the multiple social connections.
"Allow to reconnect social profiles - Yes or No"
If it was set you "NO" then a message should appear saying "This Facebook (or Google, Twitter etc) profile is linked to another user." and reject the connection.
Last edit: 11 years 7 months ago by none.
The topic has been locked.
Support Specialist
11 years 7 months ago #48193 by alzander
Replied by alzander on topic New feature request
First, a couple of clarifications:
* If a user already has a Facebook account mapped to their account, the "Facebook" icon won't show while they're logged in. So, a user that's already connected to Facebook won't be able to easily swap to a different account.
* We do allow a Facebook user to switch the Joomla account they are associated with, as you've noted above. They need to login to the other Joomla account and click the Facebook button, which will move the link to the new account.
* In the 6.3 release, we have a new system in the works where a user will be able to see all the social network accounts they have linked to their Joomla account and the ability to link/unlink accounts. It will be an easier management interface so users know exactly what account(s) are connected to their profile.

As for:

This is really bad and I dont think just for me. Basically any user could change, steal the identity of a previously registered user. Not to mention that the user profile in Jomsocial and the profile field data will be the same. These profiles get duplicated which is also bad for SEO.

To do what you're saying, the 'bad' person stealing the identity would already need to know your Joomla and/or social network credentials. In that case, there's much worse things they could do, and no checks in JFBConnect could detect or prevent that. We've had the above functionality for over 4 years in JFBConnect and it's never been a security risk.

In general, we don't plan to change the above behavior, for now at least. Possibly with the 6.3 release and the easier ability to switch, link or unlink accounts, we may add some more options for preventing it. In the real world, the only time we've heard of users switching their accounts is when the developer of a site is test site is logging in and out repeatedly with different accounts. Most users don't have multiple Facebook profiles and, if they do, they may actually want to switch the profile they are linked to on your site.

I hope that helps explain, but if you have any other questions or suggestions, definitely let us know.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago #48201 by none
Replied by none on topic New feature request
Alex,

* If a user already has a Facebook account mapped to their account, the "Facebook" icon won't show while they're logged in. So, a user that's already connected to Facebook won't be able to easily swap to a different account.

Im aware of this. When I described the issue I wrote "user "A" logs out and after user "B" logs in and reconnects the same Facebook profile with the same imported field data.
This is what we definitely want to prevent. We can't allow that either remove/unlink their social profile (by user) or change his Joomla user account and reconnect the same Facebook profile. Maybe others dont have the need to prevent this but we built a whole custom script to identify an user based on their Facebook profile. If they can swap their user ID then the whole script we build is basically useless. I just would like to ask you to add an option in the admin to be able to prevent unlink and relink social profiles to another user if it was connected before to another user. It would save my life and the 2 months work we have put into this.

Thanks
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. New feature request
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS