Facebook第二次验证用户

I'm developing a PHP/MYSQL powered system, and have facebook, twitter and normal login.

Each user DB record has 'type' assigned to it, which defines how they logged in, but here's where I run into a logical problem,

I record their email, username in the DB once they log into my website.

Now let's say they access the site through a different laptop and click 'login with facebook', how do I make sure that they are the same person? As you can change email and username on facebook. Do I record their user id from facebook or?

Any help would be apreciated

Facebook have the unique userid. You can use that one to identify the same person.

You do not have to store the email and username of the facebook user. Getting email address of the facebook user depends on the permission. So you can just save his profile id / user id. Do a mapping with your local userid and facebook id, so when next time user connects to facebook, get the fb id and then make a session with your local user id mapped with it.