Master Members Only V3

M A N U A L

Foreword

Version 3.6 changed the way downloads are handled. Temporary files are no longer necessary.

See Downloadable Files for more information.

Requirements

To install and use Master Members Only V3, these requirements must be met:

• Your domain server must be UNIX or Linux, have sendmail or qmail available, and have Perl version 5+ installed.
   
• The Perl modules LWP::Simple and Time::Local must be available on your server. If they aren't, your hosting company will need to install those modules before Master Members Only V3 can be used.
  
  To find out whether or not those Perl modules are on your server, you can ask your hosting company or use Master Pre-Installation Tester from http://willmaster.com/master/pit/
   
• To install Master Members Only V3 and to upload your members only pages into your Secret Directory, you must have and be able to use an FTP program for uploading files, creating directories, and changing permissions.
   

  (Note:

  If your hosting company provides a Control Panel for this purpose, the maximum file size that can be uploaded might be about 32k. Some Master Members Only V3 files are larger than 32k.)

   
  CuteFTP and WS_FTP for Windows, and Transmit for Macintosh, are among the many FTP programs that allow you to CHMOD (change directory and file permissions). These are all available for download at http://tucows.com/

List of Files

{top}

Here is a list of the files you should have received when you generated Master Members Only V3. Depending on how you generated your copy of Master Members Only V3, the files with .cgi extensions may have .pl extensions instead.

admin[CGI]
always[CGI]
autoadd[CGI]
autoaddremote[CGI]
download[CGI]
example_autoadd_call[CGI]
extend[CGI]
extend.html
failedlogin.html
first.htm
forgotpw.html
help[CGI]
IndependentVerification[CGI]
LicenseAgreement.html
login.html
main[CGI]
mainupdate[CGI]
MMOmanual.html
nextpage.htm
okay[CGI]
outside.html
pwsent.html
README.txt
signup[CGI]
signup.html

Here are the files by category:

If you did not receive all of the above files, please write to us at programmer@willmaster.com — include a list of the files you did receive and the domain name Master Members Only V3 was generated for.

Getting Started

{top}

Determining directories
   — Program Directory
   — Secret Directory
   — Development Directory
Installing programs
Setting permissions
Readying the Secret Directory
Initializing the Control Panel
Testing

      Determining directories

To install Master Members Only V3 and get started, you will need 3 primary directories; a Program Directory, a Secret Directory, and a Development Directory. Create these directories per the instructions below.

1. Program Directory:
   
   This is the directory where the Master Members Only V3 Programs will be installed. It must be in a directory allowed to run CGI programs, probably a directory called "cgi-bin" or something similar.
   
   Master Members Only V3 is a set of programs. You'll probably want to create a directory within your "cgi-bin" to install Master Members Only V3. This will allow you to keep the set of programs separate from other CGI programs you have installed or may install in the future. For example, you might name that directory: mmo
   
   The Program Directory (named mmo in our example) has a subdirectory. It must be named data and have global write permission. (See Setting permissions.)
   
   The data directory is where the various Master Members Only V3 databases are located.
   
   The data directory has its own subdirectory. It must be named p and have global write permission. (See Setting permissions.)
   
   The p directory is where the file containing your own Control Panel password is located. (The password will be scrambled and located in a file named "p[CGI]" after your first use of the Control Panel.)
   
   This is how the directory structure might look:

   cgi-bin |
           | mmo |
                 | data |
                        | p
   

   Once installed in the mmo directory, Master Members Only V3 will maintain the files in the data and p directories.
   
 
{up}

2. Secret Directory:
   
   This directory is for your members only pages — only the web pages, not image, sound, external style sheet, SSI, or external JavaScript files. Preferably, the Secret Directory is not accessible by browser (when you type it's URL into your browser, you should get an error message).
   
   Here are several choices where you might put your Secret Directory, with the most secure listed first.
    
   • If your server allows you to upload files into directories behind the public documents directory (the public documents directory is where your domain's default index.html page is at):
      
     1. Create a directory somewhere behind the public documents directory.
        
     
     
     2. Name it something that makes sense to you.
        
     
     
     3. Make a note of the server directory path to your new Secret Directory.
     
     
   • If your cgi-bin directory will allow only CGI programs to be accessed by browsers, no HTML files (to test, upload a page into your cgi-bin directory and type its URL into your browser):
     
      
     1. Create a directory somewhere in your cgi-bin directory.
        
     
     
     2. Name it something that makes sense to you.
        
     
     
     3. Make a note of the server directory path to your new Secret Directory.
     
     
   • If you do not have access to directories below your public documents directory and your cgi-bin directory allows browsers to access HTML pages:
     
      
     1. Decide upon a Secret Directory name that is unlikely to be guessed. If it's guessable then it's accessible. You may even want to bury the Secret Directory several subdirectories deep, each with names unlikely to be guessed. Example:

        x23OPr_t |
                 | h0O23d |
                          | YmtrcwQb
        

        (In the example, you would put a blank web page named index.htm or index.html in each of the first two directories after the directories have been created. That will prevent anyone from obtaining a directory listing in their browsers and seeing what the next directory name is.)
        
     
     
     2. Create that directory (and possibly also subdirectories) somewhere in your cgi-bin directory.
        
     
     
     3. Make a note of the server directory path to your new Secret Directory.
     
     
   The reason you make a note of the server directory path (or URL, in the last situation) is because Master Members Only V3 will require that information to be entered into its Control Panel.
   
 
{up}

3. Development Directory:
   
   Here is where you develop your members only site. It can be any directory on your server.
   
   Actually, you don't have to develop your site on your server. You can develop it on your personal computer, if you prefer. The idea is to develop your initial members only site where it is easy and quick to test changes. (You could develop it in the Secret Directory itself, but that would require using Master Members Only V3 to test links and other changes.)
   
   When your members only area is ready, you move the web pages to your Secret Directory. Only the .htm and/or .html web page files are moved. Do not move image, sound, external style sheet, SSI, or external JavaScript files. (See Developing Your Members Only Area and Maintaining your Secret Directory for details.)
    

{up}

{top}

      Installing programs

Upload the programs into your Program Directory. Upload and set file permissions (see Setting permissions) as indicated in the following table:

{up}

{top}

      Setting permissions

Permissions can be set via telnet or with some FTP programs. Here are the permission numbers translated into defining attributes:

Some FTP programs use the term "Other" or "Global" instead of the term "World" as used above.

{up}

{top}

      Readying the Secret Directory

If your members only pages are ready, you can upload the web pages into your Secret Directory now. See Developing Your Members Only Area for details.

(If your site is not yet ready and you want to try your Master Members Only V3 installation, you may upload the two example members area files, first.htm and nextpage.htm, into your Secret Directory. Those two are sufficient to test your installation.)

{up}

{top}

      Initializing the Control Panel

The Control Panel has [?] help links to guide you in it's use. Your browser must be JavaScript enabled to use the [?] links because they spawn a popup window. Also, if you have any browser add-ons that automatically close popup windows, those features may need to be turned off before the [?] help links will work.

When you first type the URL of admin[CGI] into your browser, you will be asked to provide a password. What you type here will be your password for future access to the Control Panel.

After the password screen, you will see a page with several buttons. Click "Configuration."

The only sections required for initialization are "Email Settings" and "Member Area Settings." See The Control Panel for information about other configuration settings.

{up}

{top}

      Testing

If you want to manually add your own membership before testing, click the "Members" button from the Control Panel's Main Page then scroll down to "Manually Add Member(s)."

To test your installation:

If things don't work and you can't find the reason, please contact us at Technical Support.

The Control Panel

{top}

The Control Panel has [?] help links to guide you in it's use. Your browser must be JavaScript enabled to use the [?] links because they spawn a popup window. Also, if you have any browser add-ons that automatically close popup windows, those features may need to be turned off before the [?] help links will work.

When you first type the URL of admin[CGI] into your browser, you will be asked to provide a password. What you type here will be your password for future access to the Control Panel.

Here is a short synopsis of each of the Control Panel's main functions (the Control Panel [?] help links contain more information):

1. Configuration

1. Email Settings: Specify the name and email address to be used in outgoing email headers. Also, the location of sendmail is specified here.

2. "Password Sharing" Fraud Possibility Notifications: Specify what password sharing fraud possibilities you want to be notified of and how sensitive the notifications shall be. Also specify the subject line your email notifications shall have.

3. Record Changed Notifications: If you want to be notified whenever a member record is changed, specify the subject line your email notifications shall have.

4. New Sign-Up Notifications:

• Webmaster Notification — If you want to be notified whenever a member record is changed, specify the subject line your email notifications shall have.

• Member Notification — If you want to be notified whenever a member record is changed, specify both the subject line and the body content the member's email notifications shall have. Placeholders may be used (see Personalizing Member Email and Members Only Pages).

5. Lost Password Emails: Specify both the subject line and the body content the member's "lost password" emails shall have. Placeholders may be used (see Personalizing Member Email and Members Only Pages).

6. Cookie Use Settings: Specify whether or not you will be using cookies and, if yes, how long the cookies are to remain on the member's computer.

7. Log Off Time Periods: Specify when member's are automatically logged off (subordinate to the cookie setting) and how much time should elapse before your, yourself, are automatically logged off the Control Panel (for security in case you walk away from your computer :)

8. Member Area Settings: A directory path, a URL, and some file names are specified here. These are required for Master Members Only V3 to function correctly.

9. Optional Member Area Settings: You may specify log-in and password retrieval forms and acknowledgement page here. If not specified, Master Members Only V3 will utilize default pages.

10. File Downloads: If you are offering file downloads, specify the directory location where the downloadable files are located. The directory location can be anywhere on your server.

    The downloadable files directory location is not disclosed when the file is being downloaded. Still, if it may be possible to guess the location and protection from illicit downloads is a high consideration, the directory with the downloadable files can be somewhere in the cgi-bin or in a directory that is password protected, somewhere public browsers can't access.

11. Preferred Date Format: Make choices about how you want dates displayed.

2. Member Records

1. View/Edit/Delete Members: Retrieve reports specific member records or a range of records (including the entire database). The reports can be as text, HTML, or form (for editing). You can select which fields you want included in the reports

2. Manually Add Members: Add member records manually.

3. Import Members: Import members from flat file databases like the tab- and comma-delimited files created with the "File|Export" feature of popular databases. You can also import databases with other delimiters, like those that may be created with Perl CGI programs. The database you're importing can have more fields than Master Members Only V3, and it can have less fields. Numerous imported date formats (for expiration date, etc.) are supported.

   Note: Please do a backup of Master Members Only V3 database files before importing databases. If something happens during the import, you'll have something to restore from. (The "Backup Data" and "Data Restoration" buttons on the main page of the control panel can be used for this purpose.)

4. Send Email To Entire Membership: If you want to send an email to the entire membership, click this button.

5. Authorization Code for External Program to Automatically Add Members: If you allow external programs to automatically add records to the Master Members Only V3 databases, the external programs must know the authorization code you specify here.

3. Expiration Handling

1. Grace Period: When a membership expires, how many days grace are you giving?

2. Advance Notice: Specify how many days before the membership expires that an email notice shall be sent. Provide the email from name and address, the subject line, and the email body. Placeholders may be used to personalize the email notice.

4. User Log Reports

   You can graph page popularity, graph member's number of page views, and display a report concerning every page a specific member has viewed. Graph bar color and maximum length can be specified. Specify the beginning and ending dates for the graphs and report.

5. Backup Data

1. Schedule Automatic Backups: You can specify that a backup is automatically done every so many number of days. And you can specify how long to keep the backup files.

2. Unscheduled Backup: An Unscheduled Backup is actually a backup you do manually by clicking this button.

6. Data Restoration

   If you need to restore the membership database or the access database, select one from the available scheduled or unscheduled backups. Then click the button to restore the databases from the selected backups.

Developing Your Members Only Area

{top}

Developing the members only area pages
Preparing pages for the Secret Directory
Uploading to the Secret Directory

      Developing the members only area pages

The Development Directory is for use when developing your members only pages. We suggest that you use this directory during your development stage to make the creation of your members only pages faster and easier. If you prefer, you can develop your pages on your computer instead of in a Development Directory on your server. Do what is easiest for you.

After the pages are working to your satisfaction, they are modified in special ways and moved to the Secret Directory. (See Preparing pages for the Secret Directory and Uploading to the Secret Directory)

The primary thing to remember when developing your members only pages is that all link URLs (href="___" and src="___") must be complete http://... URLs.

Here are other considerations:

{up}

{top}

      Preparing pages for the Secret Directory

1. Verify that all href="___", src="___", and action="___" URLs specify complete http://... URLs. This includes URLs related to forms, images, sounds, external style sheets, and external JavaScript files. If in doubt, make it a complete URL.

2. If your pages use SSI, change the relative URLs to complete http://... URLs.

3. Replace href="___" URLs that link to other members only web pages with a special code. Links to non-member directories and links to other sites on the internet should not be changed, only links to the web pages of your members only area.

   The code is [[PAGE:____________]] where ____________ is replaced with the file name of the members only page being linked to.

   For example, if your link is href="http://mydomain.com/development/terms.html" then change it to href="[[PAGE:terms.html]]"

   If you have members only web pages in subdirectories of the Development Directory, then the file name must include the name of the subdirectory. For example, if your link is href="http://mydomain.com/development/subdir/mypage.html" then change it to href="[[PAGE:subdir/mypage.html]]"

4. For utilizing the file download link feature, replace download links with a special code.

   The code is [[DOWNLOAD:____________]] where ____________ is replaced with the name of the file to be downloaded.

   Do not specify the downloadable file's URL or location, just the file name.

   For example, if your download link is href="http://example.com/passworded/directory/mybook.zip" then change it to href="[[DOWNLOAD:mybook.zip]]"

   See Downloadable Files for more information.

{up}

{top}

      Uploading to the Secret Directory

Once the web pages in your Development Directory (or on your computer) have been properly prepared, they need to be moved to your Secret Directory. Move only the web pages — image, sound, style sheet, or other non-web page files should not be in the Secret Directory.

If you have web pages in subdirectories of your Development Directory, they must be moved into subdirectories of the same name in the Secret Directory.

After your web pages are moved, download a copy to your computer for a backup.

Then, if you used a Development Directory on your server, delete the members web pages from the Development Directory — this is to prevent the pages from being accessed by those not authorized to do so. However, delete only the web pages from the Development Directory, not image, style sheet, or other files (the pages in your Secret Directory might depend on the image and other non-web page files in the Development Directory).

Personalizing Member Email and Members Only Pages

{top}

You may use the following codes/placeholders anywhere in email to members send through the control panel and anywhere on your members only web pages where you want custom information inserted. When the email is sent or the page is displayed by Master Members Only V3, the placeholder is replaced with real information. (If the real information is not available, the placeholder is deleted.)

Maintaining your Secret Directory

{top}

If you wish, members only page changes and new members only pages can be accomplished in the Development Directory. Using the Development Directory allows for easy page viewing and external link verification.

However, you certainly don't have to do it in the Development Directory. Do what works best for you.

Whenever your Secret Directory changes, make a backup copy. The backup copy can restore your Secret Directory to a previous version if required.

Allowing Members To Change Their Own Record

{top}

You can let your members change their own record, name and email and so forth. Simply paste the form below into one of your members only pages.

You can change the form's design and the form field labels, if you wish. But the action="_____" and name="_____" and value="_____" attributes should remain as they are.

Exception: The value="_____" for the name="thankyoupage" hidden field can have a different file name. Replace first.html with the file name of the membes only page you want to use as the "thank you" page.

Downloadable Files

{top}

Files can be downloaded from the members area in a way that does not disclose the file's location.

The downloadable files are all placed in one directory. To prevent direct linking, even if the directory location should be guessed, the directory can be somewhere in the cgi-bin or password protected — somewhere public browsers can't access.

The location of the downloadable files directory is specified in the "File Downloads" section of the Control Panel's configuration page.

The links for the downloadable files in the members area pages are constructed with a special placeholder. The format is:

<a href="[[DOWNLOAD:mybook.zip]]">
Click to download My Book
</a>

Replace mybook.zip with your downloadable file name and make sure your downloadable file is in the downloadable files directory.

See Developing the members only area pages | Preparing pages for the Secret Directory for more information about creating protected download links for the members area pages.

Signup Form

{top}

A signup form is not strictly necessary; other methods of adding members to the Master Members Only V3 database are entering them manually with the control panel or letting an e-commerce or other program do it.

An example signup form is file signup.html

The form's action="___" is the Master Members Only V3 signup[CGI] program.

Optionally, you can specify the membership period in years, months, and/or days. Examples:

<input type="hidden" name="period_years" value="1">
<input type="hidden" name="period_months" value="2">
<input type="hidden" name="period_days" value="10">

You may use none, one, two, or all three of the above. If you use more than one, the membership period will be the result of adding the periods together. If you use none, the membership period will be indefinite.

Membership Extension Form

{top}

This form can be used to extend the expiration date of existing members. Like the signup form, the membership extension form is not strictly necessary; other methods of adding members to the Master Members Only V3 database can be utilized.

An example membership extension form is file extend.html

The form's action="___" is the Master Members Only V3 extend[CGI] program.

Optionally, you can specify the membership period in years, months, and/or days. Examples:

<input type="hidden" name="period_years" value="1">
<input type="hidden" name="period_months" value="2">
<input type="hidden" name="period_days" value="10">

You must use at least one of the above. You may use two or all three. If you use more than one, the membership period will be the result of adding the periods together.

Other Forms and Page

{top}

Member log-in Form
Log-in failed form
Lost password form
Password sent confirmation page

All of the forms and the confirmation page addressed in this section may be custom designed by you (the action="____" for the forms is the URL to the Master Members Only V3 main[CGI] program).

To use your custom pages, specify their URLs in the Configuration Control Panel, under "Optional Member Area Settings." If the URLs are not specified, Master Members Only V3 will generate and display default pages as appropriate.

{up}

{top}

      Member log-in form

This is a form used to log into the member's only area. An example form is in file login.html

If you wish, you can provide a link to the "lost password" form by sending data name forgot_password with value yes to main[CGI]. Example:

<a href="http://url/to/main[CGI]?forgot_password=yes">
Forget password?</a>

{up}

{top}

      Log-in failed form

This is a form used when the previous log-in attempt failed. An example form is in file failedlogin.html

Like the Member log-in Form, a link to the "lost password" form can be provided.

{up}

{top}

      Lost password form

When a member forgets or loses a password, this form can be used to request the password be sent to the member's email address of record.

The "lost password" form must contain this hidden field:

<input type="hidden" name="sp" value="yes">

{up}

{top}

      Password sent confirmation page

When a member's password has been sent to the email address of record, a confirmation page is presented. An example confirmation page is in file pwsent.html

How To Password Protect Individual Web Pages

{top}

These instructions are for password protecting any PHP web pages anywhere on your domain — pages in locations other than the secret directory.

This requires Master Members Only version 3.5+ be installed.

Individuals who logged into your Master Members Only web site can access these pages. Others can not.

Here are the instructions.

1. Turn cookies on in the control panel.

   In the Master Members Only control panel, click on the "Configuration" button.

   Scroll down to the "Cookie Use Settings" section.

   Check the "Yes" radio button. And specify how long the cookie shall last on the member's computer. (If you remove the member from the MMO database and the cookie continues to exists on the ex-member's browser, access to your protected PHP web pages will still be denied.)

2. Create a PHP file.

   Create a PHP file named header.php (or any other file name that makes sense to you) that contains the following:

   <?php // Two values need to be customized: // 1. // Specify the absolute http://... URL to script okay[CGI] $URLofOkayScript = "http://example.com/cgi-bin/mmo/okay[CGI]"; // 2. // Specify the relative or absolute URL to your log-in or other redirect page (if // relative, make it relative to the document root, beginning with a "/" character). $URLofRedirectPage = "http://example.com/"; // // No other modifications are necessary. // $ouch = 'yes'; if($_COOKIE['MMOtrack'] or ($_COOKIE['MMOtrack'] != '0')) { $URLofOkayScript = preg_replace('/^\s+/','',$URLofOkayScript); $URLofOkayScript = preg_replace('/\s+$/','',$URLofOkayScript); $tpos = strpos($URLofOkayScript,'://'); if($tpos > 0) { $URLofOkayScript = substr($URLofOkayScript,$tpos+strlen('://')); } $uri = '/'; $host = $URLofOkayScript; $tpos = strpos($URLofOkayScript,'/'); if($tpos > 2) { $host = substr($URLofOkayScript,0,$tpos); $uri = substr($URLofOkayScript,$tpos); $uri .= '?'.$_COOKIE['MMOtrack']; } $page = ''; $requestline = "GET $uri HTTP/1.0\r\n"; $fp = @fsockopen("$host", 80, $errno, $errstr, 20); if(!$fp) { echo "<p>$errstr ($errno)</p>"; return; } else { fwrite($fp,"$requestline"); fwrite($fp,"Host: $host\r\n"); fwrite($fp,"Accept: */*\r\n"); fwrite($fp,'User-Agent: '.$_SERVER['HTTP_USER_AGENT']."\r\n"); fwrite($fp,"Connection: Close\r\n"); fwrite($fp,"\r\n"); while (!feof($fp)) { $page .= fgets($fp, 128); } fclose($fp); } $n = strpos($page,"\n"); $r = strpos($page,"\r"); $eolchar = ''; if($r === false) { $eolchar = "\n"; } elseif($n === false) { $eolchar = "\r"; } else { if($r < $n) { $eolchar = "\r\n"; } else { $eolchar = "\n\r"; } } $eolpos = strpos($page,"$eolchar$eolchar") + strlen("$eolchar$eolchar"); $page = substr($page,$eolpos); if(strpos($page,'1 yes') > 0) { $ouch = ''; } else { $ouch = 'yes'; } } if($ouch) { $domain = $_SERVER['SERVER_NAME']; $domain = preg_replace('/^www\./i','',$domain); setcookie('MMOtrack','0',time()+1,'/',".$domain"); header("Location: $URLofRedirectPage"); exit; } ?>

   Verify the URLs at the two customization places are correct.

   Upload header.php (or whatever you named the file) to your server. It can be in the cgi-bin or a public document directory or wherever. What matters is that you know the directory path to the file's location in order to do the next step.

3. Protect individual pages.

   Do this for each PHP web page you are protecting:

   Put the following PHP code at the very top of the source code of the web page. There may be nothing, not even any spaces or blank lines, above this PHP code.

   <? include_once($_SERVER['DOCUMENT_ROOT']."/path/header.php"); ?>

   In the PHP code above, replace "/path/header.php" with the quoted URI of header.php (or whatever you named the file in the previous step).

   The URI is the URL with the protocol and domain information removed. If the URL were http://example.com/path/header.php then the URI would be /path/header.php

   If the location of your header.php is not within the document root directory or subdirectories, replace everything between the parenthesis in the above PHP code with the quoted complete server directory path to the file. Example:
   include_once("/www/example/cgi-bin/header.php");

Your protected PHP web pages may contain any content normal web pages can contain.

Database Integrity

{top}

Databases are vulnerable. Power fluctuations and server restarts while databases are being updated are only two of the variables most of us have no control over. Master Members Only V3 has locking mechanisms in place to help prevent simultaneous database updates; even so, if two database requests arrived at the exact same micro-second then it is possible the database could be corrupted.

Even with the variables beyond your control, there is something you can do:

— Make frequent backups of your databases —

Your databases are in the /data directory. Every file in the /data directory is part of the Master Members Only V3 system of databases.

A backup copy of all database files should be made weekly. These can be scheduled as automatic backups or you can do unscheduled backups manually. See The Control Panel. If you anticipate or experience a surge of new members, another backup should be made.

If you wish to keep a backup copy of the databases on your hard drive, in addition to those made through the control panel, use your FTP program and download every file in the /data directory. Download the files as binary, not as ASCII/plain text. Extra precaution such as this is prudent, especially if you have a large number of members.

If you need to restore your databases from copies on your hard drive, upload your latest backup copy with FTP. Upload the files as binary.

Technical Support

{top}

Technical support is available via the "contact" links of any of our web sites. The willmaster.com contact page is at by email at http://willmaster.com/contact.shtml

Alternatively, click here to open your email software (a spam-harvest-proof email link).

If you desire to have us install Master Members Only V3 for you, custom installation information can be found at http://willmaster.com/master/installation.shtml

Thank you for your purchase of Master Members Only V3.

Copyright 2001,2007 William Bontrager