Password Management Setup

If your business model is to buy access to one site and receive access to one site – or buy access to one site and receive access to multiple sites, but only use a single password file, then you should use the Single Segpay password management script below.

If your business model doesn’t fit the description above or if you're not sure which script best works with your business model, contact Segpay Tech Support at: techsupport@segpay.com

Step 1: Install the Script

Follow these steps to install the script on your server.

If you don’t already have the sppwmgr.php and htpasswd.php scripts, contact your account manager or email Tech Support at techsupport@segpay.com.

  1. Open the sppwmgr.php script in notepad or any editor of your choice.

  2. Locate the line that looks like this:

    Copy 
    #### Toccata Key
    $tocatta_key = 'abcdefg';

  3. Modify the line so that it reflects the key that will be used to access the commands of the script. This key is created by you.

    Example:

    Copy 
    #### Toccata Key
    $tocatta_key = 'myWeb$ite-345798237';

  4. Locate and modify the line that looks like this:

    Copy 
    #### Full path to your .htpasswd file (*Needs to be writable)
    $full_path_to_htpasswd = '/var/www/html/testweb1/members/.htpasswd';

    This path should be the location of your password file. This file should be an .htpasswd file. Encryption method should be Unixcrypt.

  5. Save your file to your desktop.

  6. Upload your completed sppwmgr.php, sppwmgr.log and the htpasswd.php file to your cgi-bin or a place where it can be executed over the web.

  7. Change the permissions on the file to reflect 755. Ownership should be according to the webservers permissions.

  8. Open a browser and type the following commands in the address bar to test:

    Add Command - adds the user name and password secified to the .htpasswd file.

    Copy 
    http://www.yoursitename.com/cgi-bin/sppwmgr.php?key=abcdefg&action=add&username=bobsmith&password=M0n3y

    Delete Command - removes the username specified from the .htpasswd file, displays an error if the username is not present in the htpasswd file.

    Copy 
    http://www.yoursitename.com/cgi-bin/sppwmgr.php?key=abcdefg&action=delete&username=bobsmith

    Query Command - returns either "exists" if found or "does_not_exist"

    Copy 
    http://www.yoursitename.com/cgi-bin/sppwmgr.php?key=abcdefg&action=query&username=bobsmith

    List Command - lists the contents of the htpasswd file.

    Copy 
    http://www.yoursitename.com/cgi-bin/sppwmgr.php?key=abcdefg&action=list

    Log Command - displays the log file (stored in .logfile) the number of lines displayed is controlled by a variable that is defined at the top of the script ($number_of_log_records_to_display).

    Copy 
    http://www.yoursitename.com/cgi-bin/sppwmgr.php?key=abcdefg&action=log

Step 2: Configure a Postback Notification

Next you'll configure a postback notification profile in the SegpayMerchant Portal.

  1. Log into the Merchant Portal: https://mp.segpay.com

  2. Go to MY WEBSITES > MANAGE POSTBACKS

  3. Click ADD POSTBACK and ceate a new postback profile. You can use whatever description you would like.

  4. Enter the following:

    Copy 
     INQUIRY URL: www.yoursite.com/cgi-bin/sppwmgr.php?key=yourkey&action=query&username=<extra username>

              INQUIRY Expected Response:  does_not_exist

              ENABLE URL: www.yoursite.com/cgi-bin/sppwmgr.php?key=yourkey&action=add&username=<extra username>&password=<extra password>

              Enable Expected Response: added

              DISABLE URL: www.yoursite.com/cgi-bin/sppwmgr.php?key=yourkey&action=delete&username=<extra username>
              Disable Expected Response: deleted

    Tip: No need to enter http:// before any URL in the URL field. Our system will append this at the execution of the postback.

  5. Click Save to submit all the information.

  6. Go to MY WEBSITES -> MANAGE PACKAGES.

  7. Edit the PACKAGE that you want to associate with a postback profile.

  8. Go to the Postback dropdown menu and choose the Postback profile name that you want to associate with this PACKAGE.

  9. Click Save.

  10. Run a test transaction to verify all is working correctly.

Step 3: Troubleshooting

Error Recommended Solutions
"Internal Server Error"

  • Check your server logs for the error message.

  • Check the permissions on the script so that they are set to 755.

  • Check that the script has the proper permissions to be executed.
"Bad Key"

  • Add to the end of the URL in your browsers address bar: &key=yourkey

  • Make sure that the key that you are using is the same as listed in the script.
"Unable to open password file /.htpasswd for reading/locking (No such file or directory)"

  • Check the path in the script to the password file.

  • This can be a relative or absolute path to the password file.
"Unable to open password file /etc/.htpasswd for reading/locking (Permission denied)" Check the permissions on the password file. It should be set to at least 744