-
How to install the access script
The script provided is merely a form. It contains the information needed to display the pricepoints that you selected, and the code-capturing fields.
Example: a form in format WML:
<p> <anchor> Pay with Allopass <go href="http://wap.allopass.com/access/script.wml" method="post"> <postfield name="SITE_ID" value="xxxxxx" /> <postfield name="DOC_ID" value="xxxxxx" /> <postfield name="LG_SCRIPT" value="uk" /> </go> </anchor> </p>Example: form in format XHTML Mobile ou i-mode:
<form action="http://wap.allopass.com/access/script.wml" method="post"> <input type="hidden" name="SITE_ID" value="xxxxxx" /> <input type="hidden" name="DOC_ID" value="xxxxxx" /> <input type="hidden" name="LG_SCRIPT" value="uk" /> <input type="submit" value="Pay with allopass" /> </form>This field must contain at least 3 fields:
- The
SITE_IDfield contains the Allopass ID of your site. - The
DOC_IDfield contains the Allopass ID of your protected product (=protected document). - The
LG_SCRIPTfield contains the displaying language of the script.
NOTE:
In previous examples,the value "xxxxxx" should be replaced by the Allopass ID of your site for the field
SITE_IDand by the Allopass ID of your protected product (document) for the fieldDOC_ID.The values of these fields are provided in the standard script (see page "Product Script Setup" in the section "My Products").
Form Submit URL:
When this form is submitted, this data is sent to the URL http://wap.allopass.com/access/script.wml.
IMPORTANT:
Certain mobile platforms reject lengthy URLs, it is mandatory to submit the data with the method "post".
-
Form optional fields
You can add several optional fields to this form, which are not present in the standard script. These hidden fields (thus of the HIDDEN type) must respect the format requirements for the type of content of your WAP site.
For a site in WMLformat :
<postfield name="RECALL" value="1" />
For a site in XHTML format, Mobile or i-mode:
<input type="hidden" name="RECALL" value="1" />
The optional fields that you can add to this form are identical to those used for One-Time payment scripts. Consult the list of optional fields.
- The
-
How to test the access script
Once you are done with installing the script, a "Pay with Allopass" button should display on your access page (see Picture 1 below).
Picture 1: Access button to script
When clicking the "Pay with Allopass" button, your visitors are redirected to a script hosted on our servers (see Picture 2 below). This script enables your customer to dial the surcharged number associated to the country they selected, and to insert their Allopass code. Once the code is validated, your customers will be able to consult your paid-content.
NOTE:
Just before the access script to your paid-content displays, a standard disclaimer will appear and state that: Access to surcharged numbers is reserved to major persons.
If you dispose of our own disclaimer and wish to deactivate Allopass one, you must ask our customer support first at: contact@allopass.com.
Picture 2: Access Script to paid-document (product)
If you are redirected to an error page "Script unavailable" instead of your access script, it means that your form was ill-installed (see: Product Script Setup). This error page displays the list of error codes which meaning is explained in section Errors and return codes.
-
Securing a paid-access product
You can secure access to your paid-product by checking the Allopass platform. This requires specific manipulations, as explained hereafter.
-
How it works
The goal is to prevent visitors from accessing your product without prior checking by the Allopass code capturing form.
To do so, you must use theRECALLoptional field so as to pass to your return page the Allopass code(s) nserted.Once your return page has received this information, you dispose of 1 minute to check the validity of the code(s) by checking our platform.
Illustration 3: Edition de documents WAP
You can send a HTTP request to a script hosted on our platform in order to check the validity of the code(s).
This script is available at the followingURL :
http://www.allopass.com/check/vf.php4
and takes two parameters:
CODEcontains the code(s) to be checkedAUTHcontains the ID of your product (document) (see. picture 3)
The server can answer:
- OK
- Valid code
- NOK
- Erroneous code
- ERR
- The request was not understood (The ID of your document may be erroneous).
For more details, see the PHP example below .
-
Securing a paid-access product
Your access form displays as:
In WML:
<p> <anchor> Pay with allopass <go href="http://wap.allopass.com/access/script.wml" method="post"> <postfield name="SITE_ID" value="12" /> <postfield name="DOC_ID" value="34" /> <postfield name="LG_SCRIPT" value="uk" /> <postfield name="RECALL" value="1" /> </go> </anchor> </p>In XHTML Mobile or i-mode:
<form action="http://wap.allopass.com/access/script.wml" method="post"> <input type="hidden" name="SITE_ID" value="12" /> <input type="hidden" name="DOC_ID" value="34" /> <input type="hidden" name="LG_SCRIPT" value="uk" /> <input type="hidden" name="RECALL" value="1" /> <input type="submit" value="Payer par allopass" /> </form>If your product (return page) is a script named return.php, this script will be called when a valid code is inserted. You'll find there the variable HTTP named
RECALL, of the GET type, which contains the code inserted.Here is how the up-end of your script should look like return.php:
<?php session_start(); $RECALL = !empty( $_GET["RECALL"] ) ? trim( $_GET["RECALL"] ) : false; if( $RECALL === false ) { // Missing RECALL parameter // Customer is redirected to an error page header( "Location: http://mobile.mydomain.com/error.wml" ); exit(1); } // $RECALL contains the access code(s) // $AUTH contains the ID of your document (product)(see. Picture 3) $RECALL = urlencode( $RECALL ); $AUTH = urlencode( "1234/5678/91011" ); /** * Consult Allopass platform to check the code(s) collected * in $RECALL. The content of the variable $result will look like a table * in the format below: * * // In case of 1-code product * * Array( 0 => "OK", 1 => "FR" ); * * // In case of a multicode product (2 codes) * * Array( * 0 => "OK", * 1 => "FR", * 2 => "OK", * 3 => "FR" * ); * * in $result[1] and $result[3] you'll have the code of the customer's country (FR, BE, UK, DE, CH, CA, LU, IT, ES, AT, ...) */ $scriptURL = "http://www.allopass.com/check/vf.php4"; $result = @file( "{$scriptURL}? CODE={$RECALL}&AUTH={$AUTH}" ); // testing of the server answer for( $lineIndex = 0; $lineIndex < sizeof( $result ); $lineIndex+=2 ) { if( trim( $result[$lineIndex] ) != "OK" ) { // The server answered ERR or NOK // Access is denied header( "Location: http://mobile.mydomain.com/error.wml" ); exit(1); } } /** * The code is valid ! * A session variable named CODE_OK is initiated, with * value 1. In the following pages, you'll just have to test the * presence of this variable. If present, the * customer is authorized, otherwise they'll be redirected to an error page. */ $_SESSION["CODE_OK"] = "1"; ?>
-
Securing a paid-access area
In the paid-access area's page, you can check if the session variable (
CODE_OK) initiated in your return page is present (see Securing a paid-access product).<?php session_start(); if( !isset( $_SESSION ["CODE_OK"] ) || $_SESSION["CODE_OK"] != "1" ) { // The session variable CODE_OK is not initiated // or isn't equal to 1. Access is denied. header( "Location: http://mobile.mydomain.com/error.wml" ); exit(1); } ?>
-
-
Errors and return codes
Code Signification 210x Format issues affecting optional fields 2100 NDEfield is not valid2101 RECALLfield is not valid2102 RECALL_CAfield is not valid2103 DATASfield is not valid2104 AP_CAfield is not valid2105 AP_CA_IDCn,AP_CA_MNTnandAP_CA_MAPnfields are wrongly configured2106 AP_CA_IDCnfield is not valid2107 AP_CA_MNTnfield is not valid2108 AP_CA_MAPnfield is not valid211x Missing mandatory fields 2110 unspecified site ID ( SITE_IDfield )2111 unspecified document ID ( DOC_IDfield )2112 unspecified script language ( LG_SCRIPTfield )