| Author |
Message |
Mail Bag
Answering Your Questions Since... 9:30am
Joined: 28 Aug 2005
Posts: 124
|
 Posted: Aug 16, 2007 02:34pm Post subject: Add subscriber-only content, requiring login, to your websit |
 |
|
| Quote: | | Modular Merchant's subscription products system is great! But, can I password protect web pages on my website, which is not part of my store? I want to have "members-only" pages on my website that my customers can log in to, but only if they have a subscription to "product X" in the shopping cart. Is this possible? |
Yes, the very thing you described is available in Modular Merchant version 3.0 or higher. Version 3.0 introduces a "Remote Subscription Validation" (RSV) system, which will allow you to add a login form to your website that will connect to your store, and verify that the customer has a valid subscription to the products you specify.
Following is a tutorial on using the RSV system... (A sample PHP page containing all the code examples below is also available for download.)
----------------------------------------------------------------------------------------------------------------------
Prerequisites:
----------------------------------------------------------------------------------------------------------------------
This tutorial assumes the reader has the following:
A) A basic understanding of how to build a webpage; including working with HTML source code, and creating links, tables, styles and images.
B) A hosted website, compatible with PHP scripts.
C) Access to upload files to your website.
A tutorial on these prerequisites is outside the scope of this guide. However, if you require instruction on these items, many free resources and tutorials are available on the Internet, and a variety of books are available in the computer section of your local bookstore.
----------------------------------------------------------------------------------------------------------------------
What's required on your members-only web page?
----------------------------------------------------------------------------------------------------------------------
The members-only page will need several components:
1. A log in form, which is displayed by default,
2. The members-only content, which is displayed after the customer successfully logs in,
3. Some PHP "if" tags to toggle the display between the log in form and the members-only content,
4. A link to a subscription-validation PHP script, provided by Modular Merchant,
5. Several variables that will determine which products you require a subscription to, and how the login script will handle them.
If the components listed above sound overwhelming, don't worry! Each component is discussed in detail below:
----------------------------------------------------------------------------------------------------------------------
Component 1: A log in form, which is displayed by default.
----------------------------------------------------------------------------------------------------------------------
Since a subscription to one or more products is required to view the content on the members-only page, it's going to need a login form. The visitor will enter the login information for their customer account in your store. The login form will use this to look up their purchase history in your store, to confirm their subscription.
The log in form is a basic HTML form. It needs three "input" fields: an "email" field, a "password" field, and a hidden "submit_form" field. (The "submit_form" field can have any value.)
Here's an example of the absolute minimum of what the login form needs:
| Code: | <form action="URL_THE_FORM_POSTS_TO" method="post" enctype="multipart/form-data" name="login_form">
<p>Email: <input name="email" type="text" id="email" value="" /></p>
<p>Password: <input name="password" type="password" id="password" value="" /></p>
<input name="submit_form" type="hidden" id="submit_form" value="submit_form" />
<input name="submit" type="submit" id="submit" value="Log In" />
</form> |
----------------------------------------------------------------------------------------------------------------------
Component 2: The members-only content, which is displayed after the customer successfully logs in.
----------------------------------------------------------------------------------------------------------------------
The next item to add to the members-only page is the actual content that is displayed to the customer after they have successfully logged in. This can be any web page content: HTML, PHP, JavaScript, Flash, database-driven content, etc.
In this tutorial, my members-only content will be a simple declaration that the customer has logged in:
| Code: | <p><b>You are logged in!</b> Insert subscriber-only content here...</p>
<p><a href="this_page.php?logout=Y">Log out.</a></p> |
Bonus Round:
Notice my subscriber-only content also includes a log out link? This link reloads the same page, passing a variable named "logout". The subscription-validation PHP script provided by Modular Merchant contains a log out function, which will reset the customer's login status, returning them to the screen with the log in form.
----------------------------------------------------------------------------------------------------------------------
Component 3: Split log in form and the members-only content by adding PHP "if" tags to your page's source code.
----------------------------------------------------------------------------------------------------------------------
This may sound scary, but it's pretty simple. When the customer successfully logs in, a server variable stating "yes, this customer is logged in" will be set for the duration of their browsing session. By checking for the presence of this variable, we can switch which content on our page is displayed to the user. There are three PHP tags to add to the page's source code:
First, place this PHP tag before your log in form: | Code: | | <?php if($_SESSION['is_subscription_valid']!='Y') { ?> |
Second, place this PHP tag after your log in form, but before the members-only content:
Third, place this PHP tag after the members-only content:
The entire page content should now look something like this:
| Code: | <?php if($_SESSION['is_subscription_valid']!='Y') { ?>
<form action="URL_THE_FORM_POSTS_TO" method="post" enctype="multipart/form-data" name="login_form">
<p>Email: <input name="email" type="text" id="email" value="" /></p>
<p>Password: <input name="password" type="password" id="password" value="" /></p>
<input name="submit_form" type="hidden" id="submit_form" value="submit_form" />
<input name="submit" type="submit" id="submit" value="Log In" />
</form>
<?php } else { ?>
<p>You are logged in! Insert subscriber-only content here...</p>
<p><a href="this_page.php?logout=Y">Log out.</a></p>
<?php } ?> |
----------------------------------------------------------------------------------------------------------------------
Component 4: Include a link to a subscription-validation PHP script, provided by Modular Merchant.
----------------------------------------------------------------------------------------------------------------------
Next up, the script that will be the "engine" that powers the validation system needs to be downloaded and called from the page. First, be sure you've uploaded the subscription-validation PHP file, named "mm_subscription_validator.php" to your website in the same directory that contains the web page you're working on. After this file has been uploaded, it can be called by adding a single line of PHP code to the web page:
| Code: | | <?php include('mm_subscription_validator.php'); ?> |
Add this line of code to the beginning of the page's source code, before the login form and subscribers-only content.
The entire page content should now look something like this:
| Code: | <?php include('mm_subscription_validator.php'); ?>
<?php if($_SESSION['is_subscription_valid']!='Y') { ?>
<form action="URL_THE_FORM_POSTS_TO" method="post" enctype="multipart/form-data" name="login_form">
<p>Email: <input name="email" type="text" id="email" value="" /></p>
<p>Password: <input name="password" type="password" id="password" value="" /></p>
<input name="submit_form" type="hidden" id="submit_form" value="submit_form" />
<input name="submit" type="submit" id="submit" value="Log In" />
</form>
<?php } else { ?>
<p>You are logged in! Insert subscriber-only content here...</p>
<p><a href="this_page.php?logout=Y">Log out.</a></p>
<?php } ?> |
----------------------------------------------------------------------------------------------------------------------
Component 5. Set several variables that will determine which products you require a subscription to, and how the login script will handle them.
----------------------------------------------------------------------------------------------------------------------
There are five variables to set in your page's source code. These variables control how the customer's subscription check is handled. Here's the scoop on each of these five variables.
Variable 1: $product_ids
Set this variable to a comma-separated list of the product System ID (SID) numbers of all the products the customer must be subscribed to.
Examples: $product_ids = '1'; or $product_ids = '1,2,3';
Variable 2: $all_any
If this variable is set to 'all', then the customer must be subscribed to ALL of the products specified by the $product_id variable. If it is set to 'any', then the customer only needs to be subscribed to one of those products.
Example: $all_any = 'any';
Variable 3: $subscription_vs_order
If this variable is set to 'subscription', then the validator will check the customer's scheduled orders, to make sure they have an upcoming scheduled order for each of the required products. If this variable is set to 'order', then it will check all of the past orders the customer has placed in your store to see if any of them contain the required products.
Example: $subscription_vs_order = 'subscription';
Variable 4: $check_ip
If set to 'Y', then the user's IP address must match the one on file in their store account. If set to 'N', then the IP address validation will be skipped.
Example: $check_ip = 'N';
Variable 5: $store_url
Enter the URL of your Modular Merchant store. The URL must end in a slash: "/"
Example: $store_url = 'http://www.website.com/store/';
The entire page content should now look something like this:
| Code: | <?php
session_start();
$product_ids = '1,2,3';
$all_any = 'any';
$subscription_vs_order = 'subscription';
$check_ip = 'N';
$store_url = 'http://www.website.com/store/';
?>
<?php include('mm_subscription_validator.php'); ?>
<?php if($_SESSION['is_subscription_valid']!='Y') { ?>
<form action="URL_THE_FORM_POSTS_TO" method="post" enctype="multipart/form-data" name="login_form">
<p>Email: <input name="email" type="text" id="email" value="" /></p>
<p>Password: <input name="password" type="password" id="password" value="" /></p>
<input name="submit_form" type="hidden" id="submit_form" value="submit_form" />
<input name="submit" type="submit" id="submit" value="Log In" />
</form>
<?php } else { ?>
<p>You are logged in! Insert subscriber-only content here...</p>
<p><a href="this_page.php?logout=Y">Log out.</a></p>
<?php } ?> |
Bonus Round:
Notice in the code example above, we've also sneaked in the PHP command "session_start();". This command is required in order for the server to remember the state of the customer's login from page to page. Without it, the customer would be logged back out when they left the page. By using this command, we could spread our members-only content among multiple web pages!
----------------------------------------------------------------------------------------------------------------------
The final results:
----------------------------------------------------------------------------------------------------------------------
I can now upload my members-only web page to my website, just like any other page on my site. When a visitor views that page, they will first see the login form, asking for the email address and password associated with their customer account in my store.
If the visitor enters this information and clicks the submit button, the page will look up their order history in my store and confirm that they are subscribed to the required products. If they have a valid subscription, the page will reload, displaying the subscriber-only content.
Unless the customer logs in successfully, there is no way for them to see the subscriber-only content. If they're not logged in, then selecting "view source" in the web browser will only display the login form. The members-only content is protected from unauthorized viewing.
----------------------------------------------------------------------------------------------------------------------
Downloads:
----------------------------------------------------------------------------------------------------------------------
The files referenced in this article are available for download.
subscription-validation PHP script: The script that powers the login and membership check.
Sample PHP page containing all the code examples above: Why build your entire page from scratch? Use the sample page to get a jumpstart on your members-only website!
Last edited by Mail Bag on Feb 14, 2008 01:33pm; edited 2 times in total |
|
aaman
Joined: 11 Jun 2008
Posts: 4
|
| Posted: Jun 11, 2008 11:04am Post subject: |
|
|
This helps, thanks.
However, what if I want to protect an entire folder, or a grouping of webpages, and not just one web page.
For instance, with my membership site, all of the files, etc. that I want protected go in a directory called:
http://www.mydomain.com/membersonly/
How would I go about protecting everything in that directory?
Thank you,
Adam |
|
Mail Bag
Answering Your Questions Since... 9:30am
Joined: 28 Aug 2005
Posts: 124
|
| Posted: Jun 11, 2008 12:38pm Post subject: Restrict multiple pages to subscribers only |
|
|
| Quote: | | what if I want to protect an entire folder, or a grouping of webpages, and not just one web page? |
Great question. Adding the subscription validation check to a group of web pages can be done by simply adding a few lines of PHP code to each page you'd like to protect. Here's an example:
---------------------------------------------------------------------
Example: A login page, plus an additional protected page
---------------------------------------------------------------------
In this example, I have two pages I would like to protect on my site. These two pages are named "login.php" and "content.php". The "login.php" page will contain the login form for my users, so I'll add the HTML & PHP code, provided in the original article above, to this page. This will challenge my users to log in, and when they do, their subscription will be validated.
If the user's subscription is successfully validated on "login.php", then a PHP $_SESSION variable named $_SESSION['is_subscription_valid'] will be set to "Y". Since PHP $_SESSION variables are retained in the server's memory from one page of the site to the next, we can reference this variable on other pages we want to protect. This $_SESSION variable is the key to protecting multiple pages.
All that needs to be added to beginning of the "content.php" page (and any other page on my website that I want to protect) is a couple of lines of PHP code that will look something like this:
| Code: | <?php
session_start();
if($_SESSION['is_subscription_valid']!='Y') {
header('location: login.php');
exit();
}
?> |
The sample PHP code does several things:
1. It first starts the PHP session, which will load the value of the $_SESSION['is_subscription_valid'] variable into memory.
2. If the value of $_SESSION['is_subscription_valid'] does not equal "Y", then the user will be instantly redirected back to the "login.php" page.
3. If the value of $_SESSION['is_subscription_valid'] is equal to "Y", then the HTML content of the "content.php" page will be displayed as usual.
Then, just add a copy of this PHP code to any other page on your website you'd like to protect. Only those users who have successfully logged in will be able to view the protected pages' content. If the user's subscription is invalid, or if they haven't logged in yet, then they'll be redirected back to the "login.php" page to log in with their credentials.
_________________
Modular Merchant Mail Bag
Answering your questions, queries and puzzlers.
Modular Merchant shopping cart software, website hosting, and custom programming. |
|
aaman
Joined: 11 Jun 2008
Posts: 4
|
| Posted: Jun 11, 2008 01:17pm Post subject: |
|
|
Great, thank you. That makes it clear.
Part 2 of this question: what if I wanted to protect an entire vBulletin forum, such as:
http://www.mydomain.com/myforum/
Would I need to add the php code to each page in the forum script?
This question extends to any subfolder. Is it possible to protect an entire folder?
The reason I am asking is because I typically setup a protected area, like:
domain.com/mymembers/
And then I dump everything into that area - zip files, pdf's, videos, content pages, custom software applications, etc, and just protect the entire folder.
This is what I'm trying to accomplish with Modular Merchant.
Thank you,
Adam |
|
Mail Bag
Answering Your Questions Since... 9:30am
Joined: 28 Aug 2005
Posts: 124
|
| Posted: Jun 11, 2008 02:44pm Post subject: Protecting Files vs. Directories |
|
|
| Quote: | | Would I need to add the php code to each page in the forum script? |
If using the shopping cart's RSV system to restrict access to those forum page(s), then, yes, the forum page(s) would need to have the RSV code added to the page(s) source code, or forum template, etc.
| Quote: | | This question extends to any subfolder. Is it possible to protect an entire folder? |
A single rule to protect an entire directory is something that would probably be controlled by a .htaccess file or server configuration, but not PHP. PHP can't control the access to an entire directory on a server, it can just control access on a file-by-file basis.
Since PHP doesn't handle directory-level access, and the RSV system is designed to be used in PHP scripts, restricting access to an entire directory is outside the scope of what the RSV system is designed to handle.
This type of rule to protect an entire directory can also be set up in the Plesk web hosting control panel that is included with Modular Merchant hosting accounts. More information on protecting an entire directory with Plesk and/or a .htaccess file is available in another article on this forum: http://forums.modularmerchant.com/viewtopic/510/
I hope this information is helpful!
_________________
Modular Merchant Mail Bag
Answering your questions, queries and puzzlers.
Modular Merchant shopping cart software, website hosting, and custom programming. |
|
aaman
Joined: 11 Jun 2008
Posts: 4
|
| Posted: Jun 11, 2008 03:49pm Post subject: |
|
|
Yes, very helpful, thank you.
I guess my next question then is: can you help me to solve this problem?
I have a linux server that runs cpanel. But, I must be able to protect a directory as I've described in my last post.
What can you do to help me figure this out?
A bit more background about myself: I have searched all over the net for a integrated solution that meets my needs. Finding Modular Merchant was extremely exciting, because it truly is the ONLY system I've found that does almost everything I need it to.
At this point, the only thing holding me back from upgrading from a trial account to a paid account is the feature I'm talking about in this post.
Let me describe my problem to you in even more detail.
I run membership sites. In the past, I've had to use 1shoppingcart, and integrate it with program called aMember. 1sc takes the orders and customer details, and aMember holds all of the data for the members. It also protects directories on my server. I use the 1sc affiiliate module to signup affiliates, but the affiliate module doesn't handle recurring billing.
Then I found Modular Merchant.
You guys have almost allowed me to eliminate my old inferior setup by providing an integrated solution that is simpler, and more cost effective.
I am sure there is a solution to this directory problem -- but I am not a programmer. If you can't directly fix the problem for me, can you describe to me how it would be fixed? Then, I can hire a programmer to create some sort of module that will do this for me.
Thanks so much for your help. Top-notch support so far.
Adam |
|
Mail Bag
Answering Your Questions Since... 9:30am
Joined: 28 Aug 2005
Posts: 124
|
| Posted: Jun 12, 2008 09:13am Post subject: Maybe a Unix shell script, or a .htaccess file in the direct |
|
|
| Quote: | | I guess my next question then is: can you help me to solve this problem? I have a linux server that runs cpanel. ... If you can't directly fix the problem for me, can you describe to me how it would be fixed? Then, I can hire a programmer to create some sort of module that will do this for me. |
The next step I'd recommend is to ask these same questions to the facility that hosts the servers in question. There seems to be a bazillion different ways in which a Linux server can be configured, so only the company managing the server will know for certain what it is and isn't configured to do.
I may be mistaken here, but protecting the entire directory would be controlled at the server-level, not the PHP level, which would require a custom script written in Unix to be running on the server. (Maybe a Unix shell script, or a .htaccess file in the directory?) And, even then, the Unix solution may need to reference PHP session variables to control the access to the files in the directory, which I don't know is possible or not.
Regardless of whether my theory above is correct or complete bollox, the solution would come from the facility hosting the server, since they're the ones managing the device and its configuration.
An alternate solution may be available, which would be to use both the Subscription Products and Digital Products modules in the shopping cart to set up a "Digital Library" that your customers can subscribe to. A tutorial on setting up a subscribable digital library is available here.
_________________
Modular Merchant Mail Bag
Answering your questions, queries and puzzlers.
Modular Merchant shopping cart software, website hosting, and custom programming. |
|
aaman
Joined: 11 Jun 2008
Posts: 4
|
| Posted: Jun 12, 2008 11:05am Post subject: |
|
|
Would I be able to hire your team to look into this, and create a custom solution for me that would do this?
I would rather pay you to do it, than find a programmer to configure my server for me (there is no way my hosting company is going to do this). |
|
Mail Bag
Answering Your Questions Since... 9:30am
Joined: 28 Aug 2005
Posts: 124
|
| Posted: Jun 12, 2008 02:29pm Post subject: Remote Subscription Validation Follow-Up |
|
|
| Quote: | | Would I be able to hire your team to look into this, and create a custom solution for me that would do this? |
If the Unix script to run at the server-level on the remote server is the solution you wish to go with, then it's not something that Modular Merchant's developers can assist with. We only develop custom scripts for use on our servers, and we work in the PHP programming language, not Unix.
Even though we really do appreciate that you'd rather pay us to do this than someone else, we'd hate to muddle through a project that's outside our area of expertise. It's more important to us that projects for our clients are done right, which means that certain projects should be performed by someone other than us. (Wow, that sounded very self-righteous...  At any rate, I hope it got the idea across. )
_________________
Modular Merchant Mail Bag
Answering your questions, queries and puzzlers.
Modular Merchant shopping cart software, website hosting, and custom programming. |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Advanced Search
Register
Profile
FAQ
Memberlist
Log in
