NATS4 Upgrade Plus

From TMM Wiki
Revision as of 15:36, 2 November 2017 by TMM Rich (talk | contribs)
Jump to navigationJump to search
NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Billers Admin
The Billers Admin
Biller
Biller Fees
Taxes
NATS Cascades
Add Cascade
Cascade Weight
Autocascade
Hidden Cascades
Geo-Targeting Cascades
Post-Biller Templates
HTTPS Gateways
Timed Cascade Rules
Upgrade Plus
Token Plus
Gateway One Step Join
Extra Biller Fields
Send Information To Special Biller
Setting Rules
Cross Sell Supported Billers
Upsell Supported Billers
Packageplus Supported Billers
Tokenplus Supported Billers

Upgrade Plus is a feature in NATS4 that allows you to potentially shorten a Member's Trial by offering them incentives to upgrade in your Members Area. If the member chooses to opt out of their free trial with Upgrade Plus, you will need to update your member records after they complete the upgrade.

To do this, you can give the following link to your users in order to upgrade them:

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>

Replace <linkdomain> with the site's actual linkdomain, then replace <siteid> with the site's NATS site I.D. number. Finally you must replace <username> with the user's NATS username.

Adding in custom passthroughs

In addition, you can updated custom 1-10 fields during the upgradeplus page by having hidden variable "upgrade_vars[custom1]" or you can build a submit url like this:

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>&submit=1&email=XXXX@XXXX.com&upgrade_vars[custom1]=test

On the above case, custom1 field value will get updated to be "test". You can set custom1 - custom10 fields.

Username

In NATS, you can replace <username> with <?=$_SERVER['REMOTE_USER']?>. In CARMA, you can replace <username> with {$username}.

Updating Member Records

After the biller upgrades the member, you need to update their account in your system. This means they probably need to login again.

If you use MySQL Auth in your Server to authenticate members using the NATS members table, you can add an additional check to see if a member is in their trial or full membership and give them the right access respectively. Go to the Sites Admin and enter the the login page URL in the Upgrade Approval URL field or set up a Upgrade Approval Template that re-logs in the user.

If you use your own user management system, you can use the Upgrade Post URL to send upgrade notifications to your own scripts. Your scripts should mark the member as upgrade. If your system requires the user to log in again, use the Upgrade Approval URL or Upgrade Approval Template as described above.

Multiple Sites

If you have your Member's Area shared across multiple sites and can't be sure which site the member is coming from, you can send a comma separated list of siteids instead of just one. To do this, use the siteids field instead of the site field. Be advised: If you have a member that belongs to multiple sites with the same username, NATS may not retrieve the correct member. In this situation, you should send the specific siteid of the member attempting to upgrade.

http://<linkdomain>/signup/upgradeplus.php?siteids=<siteid1>,<siteid2>&username=<username>

Replace <siteid1> with the first site's NATS site I.D. number, <siteid2> with the I.D. of the second site, etc. Replace <username> with the user's NATS username. Replace <linkdomain> with the site's linkdomain.

If you are using Epoch and this may be an epoch member, you will want to append this a returnurl field for epoch.

http://<linkdomain>/signup/upgradeplus.php?siteids=<siteid1>,<siteid2>&username=<username>&returnurl=http://<linkdomain>/signup/epoch_upgradeplus_returnurl.php

If a non-Epoch member uses the the upgrade URL above, NATS removes the Return URL field and only sends the information needed.

Additional Security

As of NATS4.1, Upgrade Plus offers additional security features that you can use to further secure your member upgrades. The MEMBER_STRING_AUTH_UPGRADEPLUS variable allows you to choose whether or not you wish to use the new member auth strings, which contain a variety of information and are designed to prevent unwanted upgrade attempts by outside sources.

This feature will be set to off by default. If you want to enable this feature for your Upgrade Plus transactions, you can add the following necessary code to the config.php script on your NATS server:

$config['MEMBER_STRING_AUTH_UPGRADEPLUS'] = 1;

This will activate the MEMBER_STRING_AUTH_UPGRADEPLUS setting to use additional security for your member authorization strings. Do not add the provided code if you want to leave this feature disabled.

Once you have activated this setting, you must use the get_member_instant_upgrade_string API call to get the correct auth string for the member you want to upgrade. Please see our API Get Member Instant Upgrade String wiki article for more information on this process.

This function will return the auth string necessary for members to get authenticated for the Upgrade Plus process. Include the auth string in the link for your member, and they will be able to perform an instant upgrade using Upgrade Plus using the MEMBER_STRING_AUTH_UPGRADEPLUS setting.

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>&authstring=<authstring>

Throttling

Throttling is a security setting available in NATS4.1, which allows you to lock out surfers for a specified period of time if they make too many attempts on certain pages in NATS.

You can use the Throttling feature to help secure your upgradeplus.php page, preventing surfers from forcing transactions without the correct auth string. Just go to the "Security" configuration page, found in the Configuration Admin.

For more information on this feature, please see our Throttling wiki article.

More Detailed information on the page

  • {list_tours full=1 site=$member.siteid} Populates the tours array with detailed information
  • $tours[$member.tourid] will be an array of all the tour data, such as link domain, etc, as specified for list tours