Free slots 777 real money download.Enjoy Free 888+200 Daily Legal Bonus

ernst1234
(@ernst1234)

1 year, 5 months ago
Hi there!

Well done on what seems to be the most solid and comprehensive social login plugin in the free category.

We have an existing woocommerce store, and we want to:
1) Allow social login for NEW “customer” users, but also,
2) Allow social login for EXISTING “customer” / “wholesaler” users

The questions are a bit detailed, but this could be very valuable for other users as well.

Question set 1:
If an EXISTING WP user, wants to use social login, how would this work if:
1) Their WP user_email is exactly the same as the social_email?
2) Their WP user_email is different than the social_email? E.g. would they be able to link their WP profile to a particular social profile? If they are able to “link” – is the WP user_email overwritten with the social_email?

Question set 2:
```
super_socializer.php
function the_champ_connect
    // some in between code here
    $googleLoginState = mt_rand();
    update_user_meta($googleLoginState, ...);
```
It looks like you are updating user_meta of a random user_id. Isn’t this sort of dangerous? Perhaps you can just explain how this works.

Question set 3:
```
social_login.php
function the_champ_user_auth
    // some in between code here
    $existingUsers = get_users('meta_key=...&meta_value='.$profileData['id']);
    // some logic here
    wp_delete_user($existingUser[0]->ID);
```
Could this not cause an EXISTING “customer” user with additional user info and orders, to lose all their data? Perhaps you can just explain under what circumstances users are deleted in this way?

Thank you and all the best
Ernst

Viewing 1 replies (of 1 total)

Plugin Author Heateor Support
(@heateor)

1 year, 5 months ago

Hi Ernst,

Thanks for the appreciation ??

1) Their WP user_email is exactly the same as the social_email?
If the emails match, plugin logs that user to that existing account.

2) Their WP user_email is different than the social_email?
In this case, a new account will be created having the email of the social network used for social login, unless this social account is linked to that existing account. After you have activated the social login at your website, existing users can link their social media accounts from the Social account linking section at the default user profile page. You can also use the shortcode to integrate Social account linking interface at the page of your choice.

>>>It looks like you are updating user_meta of a random user_id. Isn’t this sort of dangerous? Perhaps you can just explain how this works.
Plugin generates a random number which is saved in the database before initiating social login authentication request when someone clicks social login icon. This number is sent in the URL for social authentication to the social network. After that user authenticates social login by logging into their social account, social network sends this number back to the website where social login icons were clicked. Plugin then fetches this number from the request and checks if it exists in the database of the website to make sure this request was initiated from this website and it’s not a fake request from a third party. After this, user’s profile data is sanitized and that user is logged into the website.

>>>>Could this not cause an EXISTING “customer” user with additional user info and orders, to lose all their data? Perhaps you can just explain under what circumstances users are deleted in this way?
This is the case when the social account that is being used to link to an existing account at your site was used in the past for social login and was not verified (user needs to verify email address when a social network doesn’t provide it and admin has configured social login to verify email specified by user). If this account was not verified since then it’s deleted and linked to the existing account.

Viewing 1 replies (of 1 total)

The topic ‘Existing WP user Login logic and two code questions’ is closed to new replies.