Subs Configuration Help

This page provides help on configuring and customising your Subs system. Configuration of Subs usually only needs to be done once when you first install or upgrade Subs.

Note Before you configure Subs and as a separate exercise, you will have to set up the access control on your web site so that it uses the Subs password file to authorise users. Setting up the access control on your web server is not an optional step. If you do not do it, anyone and everyone will be able to access your supposedly protected information. Subs does not set up the .htaccess or .nsconfig files or whatever your web server needs to protect the files your users want to subscribe to. You will need to be (or have access to someone) familiar with the access control system on your web server in order to do this.

Configuration page

There is a single page that allows you to configure and reconfigure most things in Subs. The Configuration page is usually installed here. There is also a link at the bottom of each administrator page.

You will usually have to enter the 'admin' user name and password before you can access the Configuration page.

To configure or reconfigure Subs, load that page, change some or all of the fields and press the "Change Configuration" button at the bottom of the page.

Fields

This section explains the meaning of each of the fields on the Configuration page.

Database file name

This field specifies the file name and the type of your User Database. The User Database holds the details of all your users, including their passwords and Credit Card numbers. For security reasons, you should make sure this file is in a secure place, and certainly not in your web server directory. Enter the absolute path to the file, for example /usr/local/etc/users.

The Type field allows you to specify the format of the User Database. The choices are:

DBM. Uses a Unix DBM, or NDBM file, depeding on what sort of DBM support is built in to your version of Perl. You should not choose this type if your Perl does not support DBM. DBM format will have superior performance to the other types, especially for large databases of more than 1000 users, however it is harder to process with standard Unix tools. If you specify DBM, Subs will create 2 files with .pag and .dir extensions.

Flat File. This is a simple ASCII file format that is designed for good performance, and is easy to process with simple Perl scripts.

Comma Separated. This is an ASCII file with comma separated fields and optional quotes. Its performance is not as good as DBM, and its a bit trickier to parse with Perl, but it is compatible with the import and export formats of many spreadsheet and other programs. See File Formats for details of the file format.

If you change the file name or file type after you have already populated your User Database, Subs will not copy or convert the file to the new location or format. You will effectively start a new database in the new location and format. The Subs distribution includes a utility to convert User Databases from one format to another. We recommend that you make a suitable choice of database type and location before you start to add users, and stick with them.

Password file name

This field gives the name of the password file that your web server will use to authorise your users. The name you give here must agree with the name of the password file given in your access control file.

The password file is an NCSA style password file, ie each line is of the form userName:encryptedPassword.

The password file will be rewritten whenever you edit a users details, whenever you press "Update Password File" or whenever the update program runs. It will contain an entry for every user with either Trial or Approved status, and whose access has started but not expired at that time.

Administrator full name

Administrator email address

These fields specifies the full real name and email of the administrator of your Subs system. They appear as a contact at the bottom of each page, and as the "from" address in outgoing email. You should enter the name and email address of a person or group who is able to deal with customer account and access problems. You might for example give the name and email addres of your support organisation.

Location of the 'sendmail' program

This field gives the absolute path to the Unix sendmail program on your web server. This is required for Subs to automatically send email to new and expiring subscribers. It is often something like /usr/lib/sendmail, but you should check with your web server host administrator to be sure.

Location of web server access log

This field specifies where the access log for your web server is. It should be a full path name. Typical values are /usr/local/etc/httpd/logs/acccess_log. This field is used by pirateCheck so it can analyse accesses to your web site. If you do not use pirateCheck, you do not need to enter anything into this field.

Email text to send to new subscribers

This is the text of email that will be sent automatically when you add a new user to Subs, when you change a user to Approved, or when you extend the subscription end date. It is only sent if you have entered an email address for the user. The email would usually express some thanks for subscribing and give them their user name and password.

This text can include a number of special keywords that will be replaced with actual details when the mail is sent:

$input{'name'} is replaced with the users login name.

$input{'password'} is replaced with the users password

$input{'full_name'} is replaced with the users full name

$input{'address1'} is replaced with the users address line 1

$input{'address2'} is replaced with the users address line 2

$input{'city'} is replaced with the users city

$input{'state'} is replaced with the users state

$input{'postcode'} is replaced with the users postal code

$input{'country'} is replaced with the users country

$input{'start_date'} is replaced with the actual start date of the subscription

$input{'end_date'} is replaced with the actual end date of the subscription

$config{'service'} is replaced with the service name that you entered in Your Service Name above.
$config{'admin_name'} is replaced with the name you entered in Administrator full name above.
$config{'admin_address'} is replaced with the name you entered in Administrator address above.

Online Registration Policy

This menu controls how new users are treated during online registration. If you are not using online registration, ignore this field. The available options are:

No access until manual authentication
New users are registered online with a status of "Wait for approval". They have no access rights until you process their payment request and set their access start and end dates. This option is best suited to sites that only have manual credit card processing.

Normally you would regularly search for users with status "Wait for approval", and for each one found, you would process their payment request (the period they requested is shown at the bottom of the edit user page). You would then set a status of Approved Access Start Date of "today" and an "Access End Date" of, say "6 months" or whatever was requested. If a card could not be processed, you should set the account status to Held, which will deny access. You should also email the account holder informing them of the problem with their card.

No access until manual authentication
New users are registered online with a status of "Trial". They have full access rights, and will keep them until you process their payment request. Their Access Start and Access End Dates will be set according to the subscription period they requested. This option is best suited to sites that only have manual credit card processing, but who wish to be able to offer immediate access to new subscribers. There is an obvious risk in this policy, since unscrupulous people could subscribe with a bogus credit card, and get free access until you try to authenticate them.

Normally you would regularly search for users with status "Trial", and for each one found, you would process their payment request (the period they requested is shown at the bottom of the edit user page). If the payment succeeds, set their account status to Approved. If a card could not be processed, you should set the account status to Held, which will deny access. You should also email the account holder informing them of the problem with their card, although there is every chance they will be uncontactable.

Immediate access after authentication
This is the safest and best Policy, but it requires that you subscribe to an online Credit Card processing agency such as CreditNet. With this policy, when a new users subscribes online, their payment request is automatically processed with the card processing agency you configured in Use this Card Processor. If their payment is authenticated, they are immediately set to Approved, and have immediate access to your web site.

Use this Card Processor

This menu selects the Credit Card Processor you wish to use. The options are:

None
This selects a credit card proccing software that will always reject the card. Do not choose this option if you select "Immediate access after authentication" in Online Registration Policy
CreditNet
This selects card processing by CCN. If you select this options you must configure the next 4 fields too. Please follow the instructions in Subs Installation in order to install and configure the CreditNet client software.

CreditNet Merchant ID

If you selected CreditNet, enter the merchant ID that you get from CCN.

CreditNet Merchant Password

If you selected CreditNet, enter the merchant password that you get from CCN.

Path to PGP program

If you selected CreditNet, enter the full path to the PGP program, typically /usr/local/bin/pgp.

Path to PGP home directory

If you selected CreditNet, enter the complete path to the PGP home directory you created as part of the PGP installation.

Prices

This section allows you to configure the prices for the different subscription periods you are offering. There will be one row for each subscription period listed in @defaultPeriods in util.pl. You should enter a price in dollars for each period. Prices should be entered like 10.00, but just 10 will do. These prices will be shown in the menu on the public online registration page, and will also be passed to you credit card processor if you selected "Immediate access after authentication" in Online Registration Policy

File Formats

All file formats have one record per user. All file formats contain the following "Standard" fields in this order:

Password. Plain text (not encrypted)
Full Name
Email address
Address line 1
Address line 2
Notes
Status. Either "Wait for approval", "Trial", "Approved" or "Held"
Added Date. Seconds since 1/1/1970 that the user was fisrt added
Start Date. Seconds since 1/1/1970 that the user's permitted access starts.
End Date. Seconds since 1/1/1970 that the user's permitted access ends.
Card Type. The name of the brand of credit card.
Card Number
Card Name. The name on the credit card.
Card Expiry Date
Card Authorisation Number.Unused in this version.
Payment Request Date.
Payment Request Period.
City
Postal Code
Country
State

DBM Files use the user name as the key. The value is the "Standard" fields separated by NULLs. Flat Files are one record (ie one user) per line. A line consists of NULL separated fields. The first field is the user name, followed by the Standard fields. Comma Separated files are one record (ie one user) per line. A line consists of comma separated fields. The first field is the user name, followed by the Standard fields. If a field contains a comma, it is surrounded by double quotes ("), and any double quotes in the field are escaped (prefixed) by backslash (\).

Lock File

Subs uses a lock file to make sure only one administrator is able to update the User Database at a time. Its usual location is /tmp/subsLockFile.

update

This program rebuilds the password file that is read by your web server. It runs through all the users in the User Database. Users that have an account status of either "Trial" or "Approved", and whose access period has started but not expired have their name and encrypted password entered into the password file.

The password file is updated automatically whenever you add or edit a users details, whenever a user registers online or whenever you press the "Update Password File" button on an adminstrator page. But you should also arrange for update to run automatically at least once per day using the Unix cron(1) command. If you do this then users whose subscriptions expire will be automatically removed from the password file. If you didn't run update automatically from cron, you would have to press the "Update Password File" button manually at least once per day, otherwise your expired users would get extra days free access to your site.

Update is run automatically by pirateCheck, so you do not need to run update if you are running pirateCheck regularly.

If you do not understand how to set up cron jobs on your web server host, get your host administrator to help you.

A typical cron entry would look something like:
15 1 * * * cd /usr/local/etc/httpd/cgi-bin/subs/private; ./update
This will cause update to run at 1.15 am every day of the year. Update must be run from the directory where it is installed, hence the cd in the cron entry above.

convertDatabase

This utility program can be used to convert User Databases between DBM, Flat File and Comma Separated files. You might need to do this to initially convert a database of users exported in in Comma Separated format from a spreadsheet program to the Subs DBM format. Alternatively, you might want to export the Subs database to a database or mailing list program in Comma Separated format.

convertDatabase must be run from the directory where it is installed. The -h flag will give help on how to use it.

Other configurable items

You can configure most things with the Configure page as described above. However, keen and knowledgeable administrators can configure many other things too, such as:

Template files. Each web page generated by the CGI scripts is built using a "template file". Template files have a .tpl extension and look just like an ordinary HTML file. You can change the look and feel of all the Subs pages by editing the template files with an HTML or text editor. Be careful to to remove any of the things that look like "$something" These flag where dynamic information is to be placed when the CGI script runs.
At the top of util.pl there are a number of definitions that would not normally need to be changed. However you can edit these with a text editor if you want to:
- Add or remove Credit Card types
- Add or remove account states (never remove "Approved" as this is the one used as a flag for current users)
- Add or remove subscription period. Only the periods listed in defaultPeriods will be available to users during online registration.

pirateCheck

Often, web sites with interesting material that are protected by password become the target of pirates and the hacker community. Valid user names and passwords are circulated and many people will get unauthorised access to the protected material for free.

You can prevent this happening to your site by running the pirateCheck program. PirateCheck analyses your web server access log and looks for usernames that are being used from many different locations. Any accounts that are being used to milk your site are automatically marked as Held and their access privileges disabled. PirateCheck also automatically disables access for subscriptions that have expired.

You can run pirateCheck by hand if you wish, but the best way is to run it automatically from cron(1). That way pirates will be detected and disabled even if you cannot get to your machine. See your system administrator for details on how to run pirateCheck automatically each day from cron(1).

PirateCheck works by looking through the web server access log file that you specify on the Subs Configuration page. It looks at all accesses to protected areas on your web server that occurred in the last 2 days, and counts the number of different browsers used by each user. If it detects more than 4 different browsers in use, it assumes that the user name is in circulation, marks it as Held, and sends email to the Subs administrator. Finally, pirateCheck rebuilds the password file. If you run pirateCheck regularly, you do not need to run update too.

If you do not understand how to set up cron jobs on your web server host, get your host administrator to help you.

A typical cron entry would look something like:
1 15 * * * cd /usr/local/etc/httpd/cgi-bin/subs/private; ./pirateCheck
This will cause pirateCheck to run at 1.15 am every day of the year. PirateCheck must be run from the directory where it is installed, hence the cd in the cron entry above.

Multiple configurations

Subs supports optional multiple configuration files. This is useful if you are administering several different subscription products on the one web server. You can set up several completely different configurations and easily edit and maintain them. You can have several completely different product configurations, each with different user databases and password files.

There are several pages that allow administrators to operate on all your Subs users in all Subs databases at the same time (listAll.cgi, pendingAll.cgi and listSites.cgi) . In order to use these pages, you must set up metaconfig.pl in PRIVATECGIDIR. You will nee to edit this file with a text editor, and invent a short, unique name for each separate Subs configuration you want.