aMember 4 Authentication Issues

Discussion in 'aMember Pro v.4' started by invictus, Dec 16, 2011.

  1. invictus

    invictus Member

    Joined:
    Jul 18, 2011
    Messages:
    44
    I need to get the "amember_nr" cookie from a request of Wordpress. I'm using this function http://codex.wordpress.org/Function_API/wp_remote_post to send the credentials from wordpress.

    When I try with an incorrect user/pass I get this:
    [​IMG]
    ----------
    but When I try with a correct user login, I get this:
    [​IMG]
    (then after few minutes I got this error: "http_request_failed")

    The info that I'm sending with "wp_remote_post" are the user and the password with this code:
    PHP:
    $response wp_remote_post(
            
    'http://mypage.com/member/login',
            array(
                
    'timeout' => 300,
                
    'headers' => array(
                ),
                
    'body' => array(
                    
    'amember_login' => $_POST['username'],
                    
    'amember_pass'  => $_POST['password']
                )
            )
    );
    I've tried with another amember site with the same code and it works. (Only changing the login url and sending the correct amember user and password.)
  2. invictus

    invictus Member

    Joined:
    Jul 18, 2011
    Messages:
    44
    To be clear, I am trying to build this into my own web based software that will be installed on clients websites and use the above inside my app to authenticate customers so that they can download updates once it verifies they are customers with valid accounts in my main amember installation.

    So it will work like this:
    1. Customer buys my software using amember and creates an account on my amember website.
    2. Customer installs my software on their WordPress website. **Note - this is not my website, but my customers website where they use my software.
    3. My software contains an update check, when an update is available and the client is notified.
    4. Client is prompted for login and password (same login as their amember account on my website).
    5. If login is successful and user is authenticated then the update is installed.

    I am just having trouble with amember passing the authentication result to my app.

    Does anyone have experience doing this?
  3. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    invictus, for such application, htpasswd protection seems to be as the best option. Have you tried it?
    Enable "htpasswd" protection module, and use this option at aMember CP -> Setup -> Protect Folder.

    Another option is to try Am_Lite http://www.amember.com/docs/API/Lite . Note - you must be looking for PHPSESSID cookie, not for amember_nr (that is useful for protecting folders only).
  4. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    Some webhostings denies (by security reasons) HTTP requests from scripts to the same server. This may be the reason.
  5. invictus

    invictus Member

    Joined:
    Jul 18, 2011
    Messages:
    44
    Hi Alex,

    I don't know if htpasswd will work, because I don't want the user to download the update to their PC, I want my app to fetch and auto-install the new updates.

    How would I use Am_Lite? Can it be used on a remote customer website like I need?

    Thanks.
  6. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    Specially because your customers do not see the login process, htpasswd will work fine!
    Normally in browser, it results to popup login box.

    The process must be:
    - your application acquires username/password from a customer;
    - your application makes HTTP connection to the htpasswd-protected URL on your website, passing username/password with "basic HTTP authentication" (google how to do it in your programming language)
    - if you receive HTTP status == 200 (OK), you can use the stream to download content, and you are good to go. If you get HTTP Status == 401 (Authentication required), it means that username/password is wrong, or user subscription has expired.

Share This Page