Dertermine if User login with Facebook or Website Login?

0
votes

On the website, there will be two ways of login - facebook login or website standard login.

What is the correct way to determine if user logged with facebook or website login?

I am thinking adding a field called login_type field in users table.

value will be "facebook" or "standard"

If user logged in via facebook then store the value of login_type in the session something like $_SESSION['login_type'] = "facebook";

However, if user want to logout, we need to make sure to execute facebook logout function.

Something like this?

logout.php

if ($_SESSION['login_type'] == "facebook") { 
  $facebook->getLogoutUrl()
  //execute the url to CURL?
  header("LOCATION: index.php");
}
1
phpfacebookfacebook-graph-api

1 Answers

2
votes
  1. Add a field for the Facebook user id to your user table (e.g. fb_id)
  2. When the user logs in via Facebook you do exactly the same thing you would do during a "normal" log in - but instead of checking username/password you'll check Facebook id/valid access token
  3. After this you just can authenticate the user via his session. You don't have to care about Facebook logins anymore.
  4. On logout kill your own session etc. and then you may redirect to the Facebook logout-URL where Facebook will kill their session stuff. You can't really curl that because you won't get facebook.com's cookies. ;) Doing this will also log the user out on Facebook which can be quite annoying for him.

P.S.: To be clear about 4.: If your app runs outside of Facebook you have to log the user out of Facebook when he logs out of your app/website. See I.6. at https://developers.facebook.com/policy/#policies.