Difference between revisions of "Token Plus"
TMMStephenY (talk | contribs) |
TMMStephenY (talk | contribs) |
||
Line 74: | Line 74: | ||
Change this setting to '1' if you want Token Plus to use $_POST to authenticate your [[Ct#Member|members]]. Leave this on the default setting ('0' or blank) if you want Token Plus to use $_REQUEST when authenticating your [[Ct#Member|members]]. | Change this setting to '1' if you want Token Plus to use $_POST to authenticate your [[Ct#Member|members]]. Leave this on the default setting ('0' or blank) if you want Token Plus to use $_REQUEST when authenticating your [[Ct#Member|members]]. | ||
+ | |||
+ | === Throttling === | ||
+ | |||
+ | Throttling is a security setting available in [[NATS]] 4.1, which allows you to lock out [[Ct#Surfer|surfers]] for a specified period of time if they make too many attempts on certain pages in [[NATS]]. | ||
+ | |||
+ | You can use the Throttling feature to help secure your tokenplus.php page, preventing surfers from getting working auth strings through brute force. Just go to the "Security" configuration page, found in the [[NATS4 Configuration Admin|Configuration Admin]]. | ||
+ | |||
+ | For more information on this feature, please see our '''[[Throttling]]''' wiki article. |
Revision as of 13:51, 9 May 2011
Token Plus is a feature in NATS4 that allows members of Token Sites to purchase additional tokens for their account, without requiring them to re-input their payment information. This lets your existing members complete additional token transactions quickly and easily, eliminating additional steps in the process.
Enabling Token Plus
Before you can enable Token Plus in NATS, you must first have a Token Site set up in the Sites Admin. If you do not already have one up, please see our Token Sites wiki article for more information on setting one up.
Once you have Token Sites set up in NATS, you can enable Token Plus by editing settings in the Sites Admin. To begin, navigate to the Sites Admin, locate the Token Site you want to enable Token Plus on, and click the "Set Join Options" action icon for that site. This will bring you to the "Join Options for this Site" page, where you'll see every join option that you have set up. Edit an existing join option, or create a new join option that you want to have Token Plus enabled for.
You will see a setting marked "Token Rebuy Allowed" -- just fill in this box to enable the repurchasing of tokens by existing members. Once you have set that, configure the rest of your join option settings, and save your changes.
Token Plus will now be enabled for your chosen join option. You can enable Token Plus for any join option you set up for a token site in NATS. Just edit the join option for any site and check the "Token Rebuy Allowed" box to do so.
To disable Token Plus for your members, simply uncheck the "Token Rebuy Allowed" checkbox for your join options.
Setting Rules
The Rules feature lets you offer your Token Plus join options only to members referred from different tours, programs, affiliates, countries, and billers.
You can also use rules to offer your Token Plus join option for a specific duration of time, letting you use it as a limited promotion. Please see our NATS4 Rules wiki article for more information on this feature.
Additional Security
Token Plus also contains additional security features, which allow you to further secure the transactions occurring on your join forms. For example, you can use API calls to get secure member authorization strings, verify surfer information on the join form, and change the input source to use POST instead of GET.
MEMBER_STRING_AUTH_TOKENPLUS
Use the MEMBER_STRING_AUTH_TOKENPLUS variable to choose whether or not you wish to use the new member auth strings available in NATS 4.1. These strings contain a variety of information, and are designed to prevent unwanted token purchasing attempts by outside sources.
You can find this variable setting in the signup directory on your NATS server, located at nats_4/www/signup/tokenplus.php. Locate the following setting:
$config['MEMBER_STRING_AUTH_TOKENPLUS'] = 0;
This setting will be set to off by default. Change the value for this setting from 0 to 1 to activate the MEMBER_STRING_AUTH_TOKENPLUS setting to use additional security for your member authorization strings.
Once you have activated this setting, you must use the get_member_token_rebuy_string API call to get the correct auth string for the member you want to enable Token Plus for. Please see our NATS4 API Get Member Token Rebuy String wiki article for more information on this process.
This function will return the auth string that is required for your members to get authenticated for the Token Plus process. Include the auth string in the link for your member, and they will be able to use the Token Plus feature with the MEMBER_STRING_AUTH_TOKENPLUS security setting enabled.
Join Form Verification
You can also add additional security checks when offering Token Plus options for your members registered to Token Sites.
The Token Plus feature verifies member e-mail addresses by default on the join form, but you can also add a switch to choose between verifying a member's e-mail address, password, or both e-mail address and password.
Locate the following code in your tokenplus.php script:
$config['TOKENPLUS_REQUIRED_FIELDS'] = 0;
Change this setting to '1' if you want Token Plus to verify member passwords. Change this to '2' if you want Token Plus to verify member passwords and e-mail addresses. Leave this on the default setting ('0' or blank) if you want Token Plus to verify member e-mail addresses.
This lets you choose what member information you want NATS to verify on the join form itself, preventing anyone from submitting a Token Plus join form with an incorrect e-mail address, password, or both.
Using $_POST
Token Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your members' information. If you wish to use $_POST to authenticate your join form transactions, modify the following code in your tokenplus.php script:
$config['TOKENPLUS_POST_ONLY'] = 0;
Change this setting to '1' if you want Token Plus to use $_POST to authenticate your members. Leave this on the default setting ('0' or blank) if you want Token Plus to use $_REQUEST when authenticating your members.
Throttling
Throttling is a security setting available in NATS 4.1, which allows you to lock out surfers for a specified period of time if they make too many attempts on certain pages in NATS.
You can use the Throttling feature to help secure your tokenplus.php page, preventing surfers from getting working auth strings through brute force. Just go to the "Security" configuration page, found in the Configuration Admin.
For more information on this feature, please see our Throttling wiki article.