I have a social login (Facebook) in my app (made with Ionic) in order to provide a simple way to log into my app. But I got a weird problem.
Some users (I can't reproduce it, because I can't see a pattern) are getting registered into my database multiple times (as often as they open the app). And some users miss an email address. However, the only API connection with the app and my server script is the following:
<?php
error_reporting(0);
include_once('../lib/database_connect.php');
include_once('../lib/clean.php');
if(empty($_GET['fbID'])){
$resultFlag = false;
} else {
$fbId = clean($_GET['fbID']);
$fbEmail = clean($_GET['fbEmail']);
if(!empty($_GET['password'])){
$password = md5(clean($_GET['password']));
} else {
$password = "";
}
$fbFirstName = clean($_GET['fbFirstName']);
$fbLastName = clean($_GET['fbLastName']);
$fbGender = clean($_GET['fbGender']);
$fbLink = clean($_GET['fbLink']);
$fbLocale = clean($_GET['fbLocale']);
$fbAccessToken = clean($_GET['fbAccessToken']);
$resultFlag = false;
$sql = "SELECT * FROM user WHERE fb_id = $fbId";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0 && $fbId != 1){
while($info = mysql_fetch_assoc($result)){
$userID = $info['id'];
$resultFlag = true;
}
$sql = "UPDATE user SET fb_id = '".$fbId."', email = '".$fbEmail."', password = '".$password."', first_name = '".$fbFirstName."', last_name = '".$fbLastName."', gender = '".$fbGender."', fb_link = '".$fbLink."', locale = '".$fbLocale."', fb_token = '".$fbAccessToken."', last_active = NOW() WHERE email = '".$fbEmail."'";
mysql_query($sql);
} else {
$sql = "INSERT INTO user (fb_id, email, password, first_name, last_name, gender, fb_link, locale, fb_token, last_active, created) VALUES ('".$fbId."', '".$fbEmail."', '".$password."', '".$fbFirstName."', '".$fbLastName."', '".$fbGender."', '".$fbLink."', '".$fbLocale."', '".$fbAccessToken."', NOW(), NOW())";
mysql_query($sql);
$userID = mysql_insert_id();
$resultFlag = true;
}
$response =
array(
'userID' => $userID,
'userFirstName' => $fbFirstName,
'userLastName' => $fbLastName
);
}
if($resultFlag == true){
$response = array('result' => $resultFlag, 'user' => $response);
} else if ($resultFlag == false) {
$response = array('result' => $resultFlag);
}
echo $_GET['callback']."(".json_encode($response).")";
?>
The script checks with the unique Facebook User ID if the user is already registered, if not, it generates a new record. Funny thing is that with multiple user records, the records are exactly the same, there is no different Facebook User ID or something else.
Does someone else had a problem like this?
