1. Requirements
2. Installation


1. The script is currently for Unix servers only (Redhat, Linux, FreeBSD, Mandrake, Sun, etc...) that use HTTP Basic Authentication to protect directories:


2. You can use the helper.cgi script to figure out all the appropriate server paths, Perl modules installed, etc...this script can be found here:       Download Now

3. MySQL database


1. Understanding HTACCESS authentication

If you are starting from scratch and have no idea how password protecting a directory works: CLICK HERE

Otherwise, in this first section I'll just give you a quick example of how you can protect directories on your server.

You will place a text file named .htaccess in the directory you want to password protect. This file MUST be named .htaccess and it will control not only the directory you put the file in, but directories that reside within it.

Example .htaccess file:



AuthUserFile /www/yoursite/html/cgi-bin/members/passwords/area1.txt
AuthGroupFile /dev/null
AuthName "'s Members Area"
AuthType Basic
ErrorDocument 401 /access_error.html

<Limit GET POST>
require valid-user

Use your text editor to create a .htaccess file, paste the info above in it, and upload it to a test directory on your server. Then try to access the directory in your browser - see how you are prompted for a password? You will not be able to access the directory. Here's an explanation of the file:

1. Path to the file containing usernames and passwords for access.
2. Standard line
3. Name that will be shown in password prompt box
4. Standard lin
5. After 3 unsucessful tries, the visitor will be sent to this page in your main web directory.
6. Many directives can go between the <limit> tags to ban IP addresses, limit users, etc..

You will need to create .htaccess files for each directory you want to protect. Usually, your interested in protecting only one directory so you'll only need one .htaccess file. The AuthUserFile will be set to the path of the password file you designate in the membership script.

2. Installation of the script

Installation of the script is fairly straighforward. Just extract the zip file to your hard drive and you'll find a cgi-bin directory and an html directory. The cgi-bin directory contains all of the scripts you need to upload and the html directory contains all the template signup forms you will use.

STEP 1: Create these directories on your server:

/cgi-bin/members (holds the main scripts)
/cgi-bin/members/backup (holds database files and backup files)
/cgi-bin/members/passwords (holds your password lists)

STEP 2: Upload all of the /cgi-bin files into the /cgi-bin/members directory


Example screenshot from FTP client:


STEP 3: Edit config.cgi in your text editor (you could do this before you upload the files)

MySQL connection variables: (get these from your hosting company)
$mysql_username = "username";
$mysql_password = "password";
$mysql_database_name = "database_name";
$mysql_host = ""; # not necessary
$mysql_port = ""; # not necessary

MySQL table name
By default it is "members", but if you already have a members table in your database you can change it to something else. To prevent future conflicts with other scripts you could call it "yoursite_members" or something similar.

$mysql_table_name = "members"; # Set this before you run create.cgi

Server path to the backup directory
This is an important directory that will contain some data files as well as any text file backups you make of the database. Make sure you do NOT put a trailing slash on the path.
$path_to_backup_directory = "/home/yoursite/html/cgi-bin/members/backup";

Server path to the directory containing membership "cash-in" codes
It's best to just set this to the backup directory as well.

$path_to_membership_codes = "/home/yoursite/html/cgi-bin/members/backup";

URL to the directory containing the cgi scripts
This will be the URL to the memers directory that contains all the .cgi files.

$url_to_scripts = "";

Administrative password
This is the admin page login password. Change this from "superpass" or everyone will be logging into your admin page.

$admin_pass = "superpass"; # Admin login password

Administrative email
This is the email address used in outgoing emails. Make sure there is \ before the @ sign.

$admin_email = "admin\";

Path to Sendmail
You can usually just leave this to /usr/sbin/sendmail as this is the default sendmail path.

$mail_prog = "/usr/sbin/sendmail"; # path to sendmail

Secret Word
This is a secret word that adds extra fraud protection to different features of the script. Right now it's only needed by the sendcode.cgi file to send out a code - but it will be used for other things in the future.

$secret = "SECRETWORD";

Server log analyzer settings
You must put in the full server path to the server log of your site. This is not a required thing, but it's the only way you will be able to use the script to analyze your server logs for logins. The base_url should be your main domain name and is used to display the server log data.

$path_to_server_log = "/home/yoursite/logs/log.txt";
$base_url = "";

Header and footer files
You need to create and upload html header and footer files if you want to customize some of the pages to match your site. Once uploaded, chmod the files 666 and make sure the full server path to the files is correct in these variables.

$path_to_header = "/home/yoursite/html/header.txt";
$path_to_footer = "/home/yoursite/html/footer.txt";

Do not change this variable. It's for future use only.

@the_fields = ("time","date","status","name","email","send_to","username","password","cryptpass","memberships","extra");

Step 4: Run the create.cgi script in your browser to create the database tables.

3. Setting up your first account

Once you have the script installed, the next thing you need to do is log into the admin page and go to the edit areas link on the bottom right of the main page.

Here is where you will create and edit each membership area. Here is an example of the settings:

Path to password file:
This is the full server path to the file containing the passwords for your membership area. Most likely you will want to put them all into the /cgi-bin/members/passwords folder. But you will still have to name each file:
would be a sample entry. This is the same path that you will have at the top of your .htaccess file in your password protected directory.

Url to members area:
This is the full url to the members area main page. New members will be forwarded to this page once they create or receive their login info.

Membership duration:
This is the duration of their membership in days. Right now the setting goes up to 9999 days which is effectively lifetime access, when the 30 years passes I'm sure this script will be updated to accomodate it.

Send signup email:
Check this box if you want the template email sent out to new members upon signing up.

Server path to initial signup email:
This is the full server path to the template of the email you want sent to members on the initial signup. The email should be in the format where the first line is the SUBJECT and every line after that is the MESSAGE. You can customize the email with tags: <name> <username> <password> for all the database fields in the @the_fields variable. These tags ARE CASE SENSITIVE.

Need cash-in code?:
Check this if you are sending out cash-in codes instead of giving "live" real-time access to the members area.

Url to cash-in code page:
If you have the above set to yes, you'll put the full url to the cash-in code page (template provided in the html folder)

Set new members to pending?:
Turned on, this will mark all new accounts inactive until you approve them at the admin page.

Fraud checking after signup:
This will use cookies to only activate an account once for real-time transactions. This is on top of other fraud prevention mechanism used to prevent multiple account signups.

These two variables do not have a function yet.

4. Creating your members directory

This is fairly simple. Just create a .htaccess file as outlined in section 1, then, at the top of the .htaccess file you will need to make the path to the password file match the "path to password file" that you set it section 3. That's it!

5. Connecting the script to your payment processor

A. Using the "cash-in" code feature (delayed access, but maximum security and control)

Even though it takes a little more work and accounts aren't created "on-the-fly", the cash-in code feature works great to screen payments before giving out memberships and it's also great if you are accepting multiple methods of payment.

1. Make sure at the admin page you turn on the cash-in code feature for your membership area.

2. In the /html/cashin_code folder of the zip file you'll find a template "cash-in" page that you will upload to an html viewable area of your site and also set the url to this file at the admin area config (Url to cash-in code page).

3. Then, just set up all your payment form buttons and when a sale is made, simple log into the admin page, paste in the buyers email - and a code will be sent to them instantly. That's it!

4. You can OPTIONALLY use your payment systems to automatically send codes out to people who make purchases. All you need to do is have your payment system trigger the sendcode.cgi file. You just need to forward them to the file like this by either redirecting them, using a text link, or a form button:

Make sure all of the capitalized fields are substituted into the url properly. This is an advanced method as you'd probably have to custom code your shopping system to do this. Typically this is done by creating a form button that sends the use to this file, or a text link.

B. Giving automatic access to paying members

When you want to give automatic access, basically the buyer will make a purchase, then be sent to the page where they can create their account. In order to make this 100% foolproof you'd have to use a payment system that only shows them this account creation page once. For example, if they save the url or try to reload it the form should NOT show back up. Most of the time people are more interested in getting what they paid for instead of frauding your system so if you can't do this then don't worry.

1. Make sure you have the cash-in code feature turned off for your area of interest.

2. Use the /html/instant/create_membership.html template as the "membership creation page". Make sure to open and edit the file to specify the area name for the membership and have the form point to your copy of cashin.cgi. For example, if you were using IBILL, you could use this page as your "webgood" page.

3. At this point, you would just make a test purchase and make sure the membership creation page shows up and a new member is added properly after it's filled out and submitted.



© 1998 - present, All Rights Reserved