Signup Plus is a feature in NATS4 that allows you to reactivate a member's subscription, or to repurchase a non-recurring subscription.
You will need to provide your users with a signup plus link:
If the parameters passed in the signupplus link match multiple subscriptions, a page will display to allow the surfer to choose which subscription they want to manage.
To customize the look and feel of this page, you can edit the site templates: "page_choose_subscription"/"page_choose_subscription_mobile"
Once the surfer has a single subscription targeted, a page will display asking them to verify their email address in order to reactivate/repurchase.
To customize the look and feel of this page, you can edit the site templates: "gateway_signupplus"/"gateway_signupplus_mobile" and "thirdparty_signupplus"/"thirdparty_signupplus_mobile"
The template used for the surfer will be determined by what type of biller they signed up with originally.
Signup Plus also contains additional security features, which allow you to further secure the transactions occurring on your Signup Plus forms. For example, you can use API calls to get secure member authorization strings, verify surfer information on the Signup Plus form, and change the input source to use POST instead of GET.
Use the MEMBER_STRING_AUTH_SIGNUPPLUS variable to choose whether or not you wish to use the new member auth strings available in NATS 4.1. These strings contain a variety of information, and are designed to prevent unwanted subscription purchase attempts by outside sources.
This feature will be set to off by default. If you want to enable this feature for your Signup Plus transactions, you can add the following necessary code in the config.php script on your NATS server:
$config['MEMBER_STRING_AUTH_SIGNUPPLUS'] = 1;
This will activate the MEMBER_STRING_AUTH_SIGNUPPLUS setting to use additional security for your member authorization strings. Do not add the provided code if you want to leave this feature disabled.
Once you have activated this setting, you must use the get_member_package_upgrade_string API call to get the correct auth string for the member you want to upgrade. Please see our API Get Member Package Upgrade String wiki article for more information on this process.
This function will return the auth string necessary for your members to get authenticated with for the Signup Plus process. Include the auth string in the link for your member, and they will be able to use the Signup Plus feature with the MEMBER_STRING_AUTH_SIGNUPPLUS security setting enabled.
Signup Plus Form Verification
You can also add additional security checks on your Signup Plus form. The Signup Plus feature verifies member e-mail addresses by default, but you can add a switch to choose between verifying a member's e-mail address, password, or both e-mail address and password. If you want to enable this feature for your Signup Plus transactions, you can add the following necessary code in the config.php script on your NATS server:
$config['SIGNUPPLUS_REQUIRED_FIELDS'] = 0;
Add this setting with a value of '1' if you want Signup Plus to verify member passwords. Change this to a value of '2' if you want Signup Plus to verify both member passwords and e-mail addresses. Do not add the provided code if you only want to verify member e-mail addresses.
This allows you to choose what member information you want to authenticate on the Signup Plus form itself, preventing anyone from submitting a Signup Plus form with an incorrect e-mail address, password, or both.
Signup Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your members' information.
This feature is set to use $_REQUEST by default. If you wish to use $_POST to authenticate your Signup Plus form transactions, add the following code to your config.php script:
$config['SIGNUPPLUS_POST_ONLY'] = 1;
Add this setting with a value of '1' if you want Signup Plus to only allow $_POST when authenticating your members. Do not add the provided code if you want to use $_REQUEST when authenticating members.
You can use the Throttling feature to help secure your signupplus.php page, preventing surfers from forcing transactions without the correct auth string. Just go to the "Security" configuration page, found in the Configuration Admin.
For more information on this feature, please see our Throttling wiki article.