krileon wrote:
It's done this way so someone doesn't link to an account that isn't theirs. How is Facebook supposed to know what CB user to link to? It doesn't. You can't use email either as most of the social sites don't give you an email address. When they do you can specify a different email to send to the application in the login dialog so it'd be easy to hijack an admins account if someone wanted so such a feature was not and will not be added. Once the user has linked accounts they can use either/or login to login fine.For a simple user is not friendly to think a three-step process: first a normal login; then he must link his CB account with his social networks account and, third, only from this moment he is able to login with the social network account.
Please Log in or Create an account to join the conversation.
krileon wrote:
PM backend super administrator login credentials and will take a look.The big problem is that I'm not able to register new users and I don't understand why.
Please Log in or Create an account to join the conversation.
I'm asking to disable it for testing purposes only to confirm an issue. I will then test locally and confirm. The issue is then marked as a bug, investigated, and fixed for next release. I've created the below bug ticket for investigation.No captcha? And how do I avoid spam?
No, I will never implement this. Email address alone is not a secured way to know a user is who they say they are. This would be a massive security vulnerability. During Facebook authentication dialog I could simply tell it I want to give a different email address to the application and Facebook gives me a nice input to supply one. I would then supply the email address of the Super Administrator of the website and am instantly connected to the account. I then change the password in profile edit and have taken over the site.-It ask the SN email
-It verifies if the email is already present in Joomla
-If yes, it create the connection
-If no, it create a new user.
Ok, will take a look; thank you.Ok, I thank you a lot in advance
Please Log in or Create an account to join the conversation.
krileon wrote: During Facebook authentication dialog I could simply tell it I want to give a different email address to the application and Facebook gives me a nice input to supply one. I would then supply the email address of the Super Administrator of the website and am instantly connected to the account. I then change the password in profile edit and have taken over the site.
Please Log in or Create an account to join the conversation.
It's during the authentication dialog when reviewing details of data requested. Some of the other social sites let you do this too. There is no security issue, because I don't allow what you're wanting; nor will I ever, if you want/need it then you need to implement at your own risk.Only for my personal knowledge, can you explain me better?
When I login with FB (after the link) I have always write the FB email/password.
Where I would put the email of superadmin? IN FB or in my profile?
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.