Difference between revisions of "NATS4 Upgrade Plus"

From TMM Wiki
Jump to navigationJump to search
Line 49: Line 49:
 
As of [[NATS]] version 4.1, Upgrade Plus offers additional security features that you can use to further secure your [[Ct#Member|member]] upgrades. The ''MEMBER_STRING_AUTH_UPGRADEPLUS'' variable allows you to choose whether or not you wish to use the new [[Ct#Member|member]] auth strings, which contain a variety of information and are designed to prevent unwanted upgrade attempts by outside sources.
 
As of [[NATS]] version 4.1, Upgrade Plus offers additional security features that you can use to further secure your [[Ct#Member|member]] upgrades. The ''MEMBER_STRING_AUTH_UPGRADEPLUS'' variable allows you to choose whether or not you wish to use the new [[Ct#Member|member]] auth strings, which contain a variety of information and are designed to prevent unwanted upgrade attempts by outside sources.
  
You can find this variable setting in the ''signup'' directory on your [[NATS]] server, located at ''nats_4/www/signup/upgradeplus.php''. Locate the following line of code:
+
This feature will be set to off by default. If you want to enable this feature for your Upgrade Plus transactions, you can add the following necessary code to the ''config.php'' script on your [[NATS]] server:
  
 
<pre>
 
<pre>
Line 55: Line 55:
 
</pre>
 
</pre>
  
This setting is set to off by default. If you wish to activate the ''MEMBER_STRING_AUTH_UPGRADEPLUS'' setting, simply change the value from 0 to 1.  
+
This will activate the ''MEMBER_STRING_AUTH_UPGRADEPLUS setting to use additional security for your [[Ct#Member|member]] authorization strings. Do not add the provided code if you want to leave this feature disabled.
  
 
Once you have activated this setting, you must use the ''get_member_instant_upgrade_string'' API call to get the correct auth string for the [[Ct#Member|member]] you want to upgrade. Please see our [[NATS4 API Get Member Instant Upgrade String|API Get Member Instant Upgrade String]] wiki article for more information on this process.
 
Once you have activated this setting, you must use the ''get_member_instant_upgrade_string'' API call to get the correct auth string for the [[Ct#Member|member]] you want to upgrade. Please see our [[NATS4 API Get Member Instant Upgrade String|API Get Member Instant Upgrade String]] wiki article for more information on this process.

Revision as of 16:05, 9 May 2011

NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Billers Admin
The Billers Admin
Biller
Biller Fees
Taxes
NATS Cascades
Add Cascade
Cascade Weight
Autocascade
Hidden Cascades
Geo-Targeting Cascades
Post-Biller Templates
HTTPS Gateways
Timed Cascade Rules
Upgrade Plus
Token Plus
Gateway One Step Join
Extra Biller Fields
Send Information To Special Biller
Setting Rules
Cross Sell Supported Billers
Upsell Supported Billers
Packageplus Supported Billers
Tokenplus Supported Billers

Upgrade Plus is a feature in NATS4 that allows you to potentially shorten a Member's Trial by offering them incentives to upgrade in your Members Area. If the member chooses to opt out of their free trial with Upgrade Plus, you will need to update your member records after they complete the upgrade.

To do this, you can give the following link to your users in order to upgrade them:

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>

Replace <linkdomain> with the site's actual linkdomain, then replace <siteid> with the site's NATS site I.D. number. Finally you must replace <username> with the user's NATS username.

For some billers, you need to send extra information. NATS keeps things simple: you can include all of the information for all of you billers in one URL and NATS will filter out any information that isn't needed by the member's specific biller. For example, Epoch requires you set the Return URL:

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>&returnurl=http://<linkdomain>/signup/epoch_upgradeplus_returnurl.php

If you are using Epoch and this may be an epoch member, you will want to append this a returnurl field for epoch.

http://<linkdomain>/signup/upgradeplus.php?site=<siteid>&username=<username>&returnurl=http://<linkdomain>/signup/epoch_upgradeplus_returnurl.php

If a non-Epoch member uses the the upgrade URL above, NATS removes the Epoch Return URL field and only sends the information needed.

For the list of fields you need to send each biller, please check the biller's instructions in the Biller Instruction's list on the right.

Username

In NATS, you can replace <username> with <?=$_SERVER['REMOTE_USER']?>. In CARMA, you can replace <username> with {$username}.

Updating Member Records

After the biller upgrades the member, you need to update their account in your system. This means they probably need to login again.

If you use MySQL Auth in your Server to authenticate members using the NATS members table, you can add an additional check to see if a member is in their trial or full membership and give them the right access respectively. Go to Sites Admin and enter the the login page URL in the Upgrade Approval URL field or set up a Upgrade Approval Template that re-logs in the user.

If you use your own user management system, you can use the Upgrade Post URL to send upgrade notifications to your own scripts. Your scripts should mark the member as upgrade. If your system requires the user to log in again, use the Upgrade Approval URL or Upgrade Approval Template as described above.

Multiple Sites

If you have members area shared across multiple sites and can't be sure which site the member is coming from, you can send a comma separated list of siteids instead of just one. To do this, use the siteids field instead of the site field.

http://<linkdomain>/signup/upgradeplus.php?siteids=<siteid1>,<siteid2>&username=<username>

Replace <siteid1> with the first site's NATS site I.D. number, <siteid2> with the I.D. of the second site, etc. Replace <username> with the user's NATS username. Replace <linkdomain> with the site's linkdomain.

If you are using Epoch and this may be an epoch member, you will want to append this a returnurl field for epoch.

http://<linkdomain>/signup/upgradeplus.php?siteids=<siteid1>,<siteid2>&username=<username>&returnurl=http://<linkdomain>/signup/epoch_upgradeplus_returnurl.php

If a non-Epoch member uses the the upgrade URL above, NATS removes the Return URL field and only sends the information needed.

Additional Security

As of NATS version 4.1, Upgrade Plus offers additional security features that you can use to further secure your member upgrades. The MEMBER_STRING_AUTH_UPGRADEPLUS variable allows you to choose whether or not you wish to use the new member auth strings, which contain a variety of information and are designed to prevent unwanted upgrade attempts by outside sources.

This feature will be set to off by default. If you want to enable this feature for your Upgrade Plus transactions, you can add the following necessary code to the config.php script on your NATS server:

$config['MEMBER_STRING_AUTH_UPGRADEPLUS'] = 0;

This will activate the MEMBER_STRING_AUTH_UPGRADEPLUS setting to use additional security for your member authorization strings. Do not add the provided code if you want to leave this feature disabled.

Once you have activated this setting, you must use the get_member_instant_upgrade_string API call to get the correct auth string for the member you want to upgrade. Please see our API Get Member Instant Upgrade String wiki article for more information on this process.

This function will return the auth string necessary for members to get authenticated for the Upgrade Plus process. Include the auth string in the link for your member, and they will be able to perform an instant upgrade using Upgrade Plus using the MEMBER_STRING_AUTH_UPGRADEPLUS setting.

Throttling

Throttling is a security setting available in NATS 4.1, which allows you to lock out surfers for a specified period of time if they make too many attempts on certain pages in NATS.

You can use the Throttling feature to help secure your upgradeplus.php page, preventing surfers from forcing transactions without the correct auth string. Just go to the "Security" configuration page, found in the Configuration Admin.

For more information on this feature, please see our Throttling wiki article.

More Detailed information on the page

  • {list_tours full=1 site=$member.siteid} Populates the tours array with detailed information
  • $tours[$member.tourid] will be an array of all the tour data, such as link domain, etc, as specified for list tours