Hi,

I have installed Facebook Connect on a test site and a live site, and on both I experience the problem that users registering/signing in using FCB can see the admin menu, and hence access the admin sections of the site. The users are noted as Registered in the DB, not Admin or Super Admin.
There should be no connection with the admin-account. The email is different and no FB ID is present in the comprofiler DB table. I have tried different FB accounts and different browsers.

I have not found any notice on this in the forums, please advise.

Cheers,
Pontus.

Hi Kyle,

thanks for your reply. My information was indeed very poor, sorry about that. Thanks for bringing it up anyway.

The site runs on Joomla 1.0.16 with CB 1.2.3. I have installed the FBC 1.1. Php is ver 5.2.9.

The administrator menues (modules) are set as Special and are not visible to Registered users normally (as expected). This has always been working.

When I use the FBC login however, from scratch, as a random user, the admin/special menues are visible to me, and I can also access the components they are linking to. This is not as I had expected it.

When I inspect the newly created user in Joomla back end, it has the username FirstName_LastName, as expected, and the usertype is set as Registered.

The puzzling part for me is then how a user with type Registered can access Administrator modules just because the user logged in using FCB (if this is in fact the reason).

I have tried with separate browsers and computers to avoid that there is a cookie recognizing me as a Super Admin. Also the email address of the FB profile I tried is not present in the Joomla DB, and particularly the FB ID is not present in the comprofiler table. I have also tried separate Facebook accounts, with the same result.

Have I maybe missed an other location in the DB where information on FBC i stored?

When prompting $my->usertype; "Registered" is echoed.

In the attached image you find the Module setting for the Admin Menu, and below the Menu itself, displayed below the Main menu, set as Public.

If you need any other information, please just let me know.

Cheers,
Pontus.

Hi Kyle,

a small misunderstanding there. The FB ID and the email (taken from FB) IS present when I have registered/logged in using FBC. What I meant was that it was not present there before. This to avoid that the Facebook profile email or ID already existed for that of an administrator, in which case those users would have been the same.

I installed CB 1.3 and the problem persists.

Another thing I tried was to log in using FCB, then disable the cb.facebookconnect plugin when I was logged in. I could still access the admin menu/module upon refresh. When I logged out, using normal CB logout and (after having requested a new password) logged back in, I could no longer access the admin content, with the very same user.

Regards,
Pontus.