Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Creating new user account with PHP and JSConnect (after successful PayPal payment)

MBMBMBMBMBMB New
edited November 2013 in Vanilla 2.0 - 2.8

Hello all,

I'm developing a website based on a customized membership system. New users have to pay a membership fee via PayPal. When a payment is done, PayPal sends an IPN (Instant Payment Notification) to a PHP script on my server (paypal.php). Of course no webpage is showing: paypal.php only sends a confirmation email to the new member. All of this is currently working.

Now I'd like paypal.php to create a new user account (with some previously generated password) in Vanilla forums, after email is sent. The problem is I'm a big newbie with Vanilla and JSONP.

I've installed Vanilla in a subfolder and enabled JSConnect. I've also installed Vanilla jsConnect Client Library for PHP (functions.jsconnect.php) in the same subfolder as paypal.php. I also added the index.php script that is provided for testing, filling it with correct $clientID and $secret.
Then, back to Vanilla JSConnect settings, I created a connection to this index.php script. The test link in JSConnect settings correctly returns:

test({"email":"john.php@anonymous.com","name":"John PHP","photourl":"","uniqueid":"123","client_id":"MySite","signature":"27202f4981e2964dd9ce2b266c279e36"})

The problem is I don't know what to do now. How can I tweak the index.php script in order to make it create a new Vanilla account for "John PHP" using a password of my own?…
Another question is: paypal.php is not intended to show any webpage. Can Vanilla user creation be achieved in such a "silent mode"?

Any help would be greatly appreciated.

Here is what index.php currently looks like:

===========

require_once("path/to/functions.jsconnect.php");

// 1. Get your client ID and secret here. These must match those in your jsConnect settings.
$clientID = "MySite";
$secret = "3821b26f38527075b7904e5974fa5675";

// 2. Grab the current user from your session management system or database here.
$signedIn = true; // this is just a placeholder

// YOUR CODE HERE.

// 3. Fill in the user information in a way that Vanilla can understand.
$user = array();

if ($signedIn) {
   // CHANGE THESE FOUR LINES.
   $user['uniqueid'] = '123';
   $user['name'] = 'John PHP';
   $user['email'] = 'john.php@anonymous.com';
   $user['photourl'] = '';
}

// 4. Generate the jsConnect string.

// This should be true unless you are testing. 
// You can also use a hash name like md5, sha1 etc which must be the name as the connection settings in Vanilla.
$secure = true; 
WriteJsConnect($user, $_GET, $clientID, $secret, $secure);

===========

Comments

  • Welcome to the community!

    The way jsConnect operates is to create a new connection in the vanilla db and link a user account to the connection. If there is no associated user existing, it creates it.

    So there is no need to create an account or passwod. You just need to authorize the user on your main site, and return the expected JSON. Once the user visits your forum and logs in, Vanilla will query your index.php file and either let them in or not.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • Thanks a lot, hgtonight (and sorry for the late reply).

    I think I understand better. However, is there a way to make Vanilla create a new user with a predefined password of my own?

    (This may sound as a newbie question. It is.)

    Thanks in advance for any help.

  • Yes your premium membership need to be on the main site. You close off the forum to registrations.

    grep is your friend.

  • However, is there a way to make Vanilla create a new user with a predefined password of my own

    Well of course but what are you hoping to do with it?

    SSO doesn't work by transporting usernames and passwords. that would be a weakness in the security.

    grep is your friend.

  • Thanks x00. The forum has to be open to paying members (signed in via my own separate PHP logic, through jsConnect) and to random non-paying visitors (registered or signed in using the standard Vanilla way).

    What I'd like to do is to assign a predefined forum password (PHP-created) to paying members, so that I can email it to them just after their PayPal payment. How can I achieve that in PHP?

    Thanks in advance for any help.

  • x00x00 MVP
    edited November 2013

    You don't really need this password with JsConnect. jsConnect only kicks in when the first connect to the forums.

    JsConnect is the authentication system for the forum which takes over password authentication.

    If they had an old account not created by jsConnect they would have link the old account using the old password once.

    Ofcourse it is possible to create an account before jsConnect, but i would wonder why bother, if it means they are going to have to do another step.

    grep is your friend.

  • Create a theme hook after the register connect event and assign a different role.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • @hgtonight said:
    Create a theme hook after the register connect event and assign a different role.

    My understanding is there is no difference from paying and not paying on the forum. But if there was you can do what you say, or you can back port the more recent version of jsConnect which do role mapping.

    I think what he is saying is becuase there are existing members who have never logged on through the front site, it would make sense to send those whose account have purchased a vanilla password

    I'm guessing he doesn't wish to use jsConnect at all. However in which case why don't they just register for the forum?

    Personally I would just make it all SSO and have the front end handle login, you can distinguish between premium and non. I have done it this way many times an it is simpler, than having sort of SSO.

    He would need to import the exiting users users sending their new passwords (unless he can make use of the same hash) or get them to register, then they would need to link the accounts once.

    grep is your friend.

Sign In or Register to comment.