MC-Access PWLink© script documentation

Introduction

MC-Access PWLink© is a real-time online access verification system linked to a rebilling and password management sytem and is used to manage subscription based membership sites.
This is a script that allows customers automatic access to a password protected area on your site after a realtime order is approved.

After approval of a realtime order, from the receipt page, a customer is asked to enter a username and password, which are then submitted to a script on your website. This script updates a password file, giving the customer instant access.

The latest version of this software is now able to automatically disable users after a rebill failure, or if the order is voided. We have added a password maintenance facility in your merchant menu. Through this facility you can manually deactivate/reactivate passwords, delete passwords (temporary disabled though), and create custom passwords, which are not linked to any order.

Configuration

Step 1. Download the password script here.
Step 2. Install the password script in a directory on your website with execute permissions.
Step 3. Test the script by entering the script url in your browser. You should see a login form.
Step 4. Enter the authentication code you chose or was issued to you by MultiCards. A menu should appear. If it does not, there are several possibilities, refer to errors below.

Operation

The script is activated from the receipt page, after an order was accepted.


Note: Currently, the password script can only be used for realtime orders.


In the receipt page a small form is included, which the customer can use to submit a username and password to your server

If something goes wrong, the action taken depends on what went wrong. If the customer entered a wrong username or a username that already existed, an error is shown to the customer stating what was wrong, giving the customer the chance to fix it. If something went wrong that can not be fixed by the customer, the customer sees "Configuration error" and an email is sent to the merchant containing details of the error.

When a password has succesfully been submitted, both the merchant and the customer will receive a confirmation email.

Demonstration

Proceed here for a demonstration of the password link script. The link leads to a sample receipt page, which a customer gets to see after completing the order process.
Note: this page uses a special order number, which is not flagged as used after submitting a password, making it suitable for repeated demonstrations. In an actual production environment, for each order a password can be submitted only once.

Setup a password controlled directory

To use the MultiCards MC-Access Password link you need to have .htaccess installed on the directory that you want to protect. If you don't know how that works on your server, you need to contact your server administrator and ask him to install this in the directory you want to protect and add one administrative user. He also needs to tell you the server path to the directory where the password file is stored. Please note that if you place the script in the directory where the password file is and activate the script, a techinfo button appears that allows you to find the correct server path.

Error messages

The following table lists the most common errors messages you may encounter, with possible solutions.

602 Authentication failure
The authentication code you submitted was incorrect. Please check the authentication in the script itself against the authentication code set in the page definition on the MultiCards server.

650 Password file not found
The location you specified for the password is incorrect.

651 Password file not readable
The password file doesn't have proper access permissions. In order for the web browser to be able to read it, it must have sufficient read permissions. These can be set using the chmod command. If you don't know how this works, you should contact your system administrator.

652 Password file not writable
The password file doesn't have proper access permissions. In order for the web browser to be able to write it, it must have sufficient write permissions. These can be set using the chmod command. If you don't know how this works, you should contact your system administrator.

653 Password file can not be created
The password file didn't exist, so the script tried to create it, but that didn't work. Please make sure the directory where you want to keep the password file has proper permissions, or create a password file yourself.

650 Password file not found

660 Password file may not be stored in web directory
If you see this error, you tried to put the password file inside the web directory. This is very bad, because this may enable visitors of your website to retrieve the password file. If you specifically want to do this or you protected the directory the password file is in (for instance with a password), you can set the variable check_webdir in the script to 0. This check will then be disabled.