Difference between revisions of "Signup Plus"

From TMM Wiki
Jump to navigationJump to search
 
Line 85: Line 85:
 
Epoch - 5.0.2.7<br>
 
Epoch - 5.0.2.7<br>
 
SegPay - 5.0.2.7<br>
 
SegPay - 5.0.2.7<br>
 +
Rocketgate - 5.0.2.7<br>
 +
Rocketgate Native- 5.0.2.7<br>
  
 
As of version 5.0.2.7, NATS allows you to send subscription pass through data for reactivation transactions.  You can use any of the available subscription pass through fields.  For example, to send the member_subscription->passthrough2 field, you need to add the following to your signupplus.php link.
 
As of version 5.0.2.7, NATS allows you to send subscription pass through data for reactivation transactions.  You can use any of the available subscription pass through fields.  For example, to send the member_subscription->passthrough2 field, you need to add the following to your signupplus.php link.

Latest revision as of 13:07, 18 October 2021

NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Sites Admin
The Sites Admin
Sites
Site Setup
Site Templates
Tour Setup
Join Options
No Cost Registration
Special Pricing Options
Join Option Rules
Post URL Usage
Post URLs in NATS4
Approval/Upgrade/Denial Variables
Approval/Upgrade/Denial Template Variables
Mobile Tours
Token Sites
ID Numbers
Site Partner
Site User Management
Example Postbacks for Site User Management
Configure Redirects
Split A-B Testing
Username Checking
Form Validation
Post-Biller Templates
Send Information To Special Biller
Join Option Box vs Button
Qualified Join Page Hits
Allowed languages
Customize Join Form
Package Plus
Token Plus
Signup Plus
Type-In Traffic
Coupon Codes
Setting Rules
Site Groups
Options Simulator
ATVOD Verification Process

Signup Plus is a feature in NATS4 that allows you to reactivate a member's subscription, or to repurchase a non-recurring subscription.

You will need to provide your users with a signup plus link:

http://<linkdomain>/signup/signupplus.php?site=<siteid>&username=<username>

Replace <linkdomain> with the site's actual linkdomain, then replace <siteid> with the site's NATS site I.D. number. Finally you must replace <username> with the user's NATS username.

Multiple Subscriptions

If the parameters passed in the signupplus link match multiple subscriptions, a page will display to allow the surfer to choose which subscription they want to manage.

To customize the look and feel of this page, you can edit the site templates: "page_choose_subscription"/"page_choose_subscription_mobile"

Verifying User

Once the surfer has a single subscription targeted, a page will display asking them to verify their email address in order to reactivate/repurchase.

To customize the look and feel of this page, you can edit the site templates: "gateway_signupplus"/"gateway_signupplus_mobile" and "thirdparty_signupplus"/"thirdparty_signupplus_mobile"

The template used for the surfer will be determined by what type of biller they signed up with originally.

Additional Security

Signup Plus also contains additional security features, which allow you to further secure the transactions occurring on your Signup Plus forms. For example, you can use API calls to get secure member authorization strings, verify surfer information on the Signup Plus form, and change the input source to use POST instead of GET.

MEMBER_STRING_AUTH_SIGNUPPLUS

Use the MEMBER_STRING_AUTH_SIGNUPPLUS variable to choose whether or not you wish to use the new member auth strings available in NATS 4.1. These strings contain a variety of information, and are designed to prevent unwanted subscription purchase attempts by outside sources.

This feature will be set to off by default. If you want to enable this feature for your Signup Plus transactions, you can add the following necessary code in the config.php script on your NATS server:

$config['MEMBER_STRING_AUTH_SIGNUPPLUS'] = 1;

This will activate the MEMBER_STRING_AUTH_SIGNUPPLUS setting to use additional security for your member authorization strings. Do not add the provided code if you want to leave this feature disabled.

Once you have activated this setting, you must use the get_member_package_upgrade_string API call to get the correct auth string for the member you want to upgrade. Please see our API Get Member Package Upgrade String wiki article for more information on this process.

This function will return the auth string necessary for your members to get authenticated with for the Signup Plus process. Include the auth string in the link for your member, and they will be able to use the Signup Plus feature with the MEMBER_STRING_AUTH_SIGNUPPLUS security setting enabled.

http://<linkdomain>/signup/signupplus.php?site=<siteid>&username=<username>&authstring=<authstring>

Signup Plus Form Verification

You can also add additional security checks on your Signup Plus form. The Signup Plus feature verifies member e-mail addresses by default, but you can add a switch to choose between verifying a member's e-mail address, password, or both e-mail address and password. If you want to enable this feature for your Signup Plus transactions, you can add the following necessary code in the config.php script on your NATS server:

$config['SIGNUPPLUS_REQUIRED_FIELDS'] = 0;

Add this setting with a value of '1' if you want Signup Plus to verify member passwords. Change this to a value of '2' if you want Signup Plus to verify both member passwords and e-mail addresses. Do not add the provided code if you only want to verify member e-mail addresses.

This allows you to choose what member information you want to authenticate on the Signup Plus form itself, preventing anyone from submitting a Signup Plus form with an incorrect e-mail address, password, or both.

Using $_POST

Signup Plus also offers another security feature, allowing you to change the method of submitting data from $_REQUEST to $_POST to further authenticate your members' information.

This feature is set to use $_REQUEST by default. If you wish to use $_POST to authenticate your Signup Plus form transactions, add the following code to your config.php script:

$config['SIGNUPPLUS_POST_ONLY'] = 1;

Add this setting with a value of '1' if you want Signup Plus to only allow $_POST when authenticating your members. Do not add the provided code if you want to use $_REQUEST when authenticating members.

Throttling

Throttling is a security setting available in NATS 4.1, which allows you to lock out surfers for a specified period of time if they make too many attempts on certain pages in NATS.

You can use the Throttling feature to help secure your signupplus.php page, preventing surfers from forcing transactions without the correct auth string. Just go to the "Security" configuration page, found in the Configuration Admin.

For more information on this feature, please see our Throttling wiki article.

Pass Through Data

Note: this feature works for ALL billers that have a NATS Signupplus integration via a backend call. Only the following billers that have a NATS Signupplus integration via a redirect have this functionality
Epoch - 5.0.2.7
SegPay - 5.0.2.7
Rocketgate - 5.0.2.7
Rocketgate Native- 5.0.2.7

As of version 5.0.2.7, NATS allows you to send subscription pass through data for reactivation transactions. You can use any of the available subscription pass through fields. For example, to send the member_subscription->passthrough2 field, you need to add the following to your signupplus.php link.

&member_extra[0][subscription_passthrough2]=<your value here>

You will also need to make sure that your Signupplus templates include the following code.

{if !empty($memberExtra) && is_array($memberExtra)}
	{foreach from=$memberExtra key=member_extra_key item=member_extra_val}
		{if is_array($member_extra_val)}
			{foreach from=$member_extra_val key=member_extra_key2 item=member_extra_val2}
				<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}][{$member_extra_key2|escape:'htmlall'}]" value="{$member_extra_val2}"/>
			{/foreach}
		{else}
			<input type="hidden" name="member_extra[{$member_extra_key|escape:'htmlall'}]" value="{$member_extra_val}"/>
		{/if}
	{/foreach}
{/if}

Additionally, you can use the SIGNUPPLUS_INHERIT_SUBSCRIPTION_PASSTHROUGH_DATA config setting (config admin -> surfer page, one-click systems section) to tell NATS how to deal with the subscription pass through variables.

Do Not Inherit (default) blank out existing subscription pass through values, only use the values from the member_extra array
Inherit and Override override subscription pass through values with the values from the member_extra array
Inherit and Override blank values override subscription pass through values with the values from the member_extra array only if the existing value is blank (0 is not blank)
Inherit Only do not update the subscription pass through values, values from the member_extra array will be ignored

Advanced Member Lookup

Usually, the member lookup is done using the siteid and the username parameters. That will uniquely identify the member record in NATS. However, that member record might have multiple subscriptions. It is also possible to link to the /signup/signupplus.php script using a list of siteids instead of one siteid. In that case, it is possible that multiple member records (with multiple subscriptions each) match the initial lookup. When NATS is not able to determine a unique subscription, it will show the page_choose_subscription template so that the surfer can specify the subscription to use. You can use additional flags to narrow or widen that lookup. You can use them by adding the params to the URL and/or the form on the template.

Main Lookup

username and site (or siteid) => this method is the default and works in the majority of the use cases, but can lead to multiple matching subscriptions for the same member record.

OR

memberid and session => just like the 'username and site' method above, this method works in the majority of use cases but can lead to multiple matching subscriptions for the same member record.

OR

username and siteids => this method works well when you have unique usernames for all of your NATS sites. In that case, it can only lead to multiple matching subscriptions for the same member record. If you do not have unique usernames for all of your sites, this method can lead to multiple matching members as well.

OR

memberidx (<biller>:<biller subscriptionid>) => this method will always lead to 1 subscription

Lookup Flags

These flags are used to narrow or widen the initial member lookup

Subscription status (these options are mutually exclusive)

  • active_only => only return active subscriptions
  • expired_only => only return expired subscriptions
  • when neither flag is provided => return both active and expired subscriptions (default)

Subscription attribution (these options are mutually exclusive)

  • billerName => only return subscriptions for the given biller
  • allow_NATS_biller => allow subscriptions with the NATS:<value> memberidx (for example, NCR joins)
  • when neither flag is provided => do not return subscriptions with the NATS:<value> memberidx (default)

Ordering Flags

These flags are used to order matching subscriptions on the page_choose_subscription template

  • prefer_active => show active subscriptions first
  • prefer_expired => show expired subscriptions first

Limit Flags

These flags are used to return only 1 subscription

  • most_recently_accessed_only => return only the most recently created/updated subscription
  • least_recently_accessed_only => return only the least recently created/updated subscription