Remote Authentication - Integrating with your own Database

October 15, 2014 Uberflip Customer Success

What is Remote Authentication?

With this feature, you can protect your  Flipbooks by requiring a username and password (optional) to view. As with all Flipbook Security options, the set up is done at the Folder level and will apply to all Flipbooks belonging to that Folder.

This feature is intended to leverage your existing database of registered members or subscribers.

Rather than give us access to your database, if you are, or someone on your team is, able to write a simple script that is accessible over the web, the Flipbook reader can pass information (USERNAME and PASSWORD ONLY) via a POST to that script which can compare to your member database and return a response either indicating or preventing access. 

 

Remote Authentication Flow

Remote_Authentication_Diagram.png

 

 

 

 

 

 

 

 

Configure Remote Authentication

Step 1 - Access Security/Subscription Settings for the Folder and Choose the 'Remote Authentication' Use-Case

edit_security_or_subscription_-_small.png

 

 

 

Select_Use-Case_-_Remote_Authentication.png

 

 

 

 

 

 

 

 

Step 2 - Configure Login Screen and Script Settings

Login_Settings_-_Remote_Authentication.png

 

 

 

 

 

 

 

 

 

 

 

 

 

Referencing the image above, the fields are:

  1. Your remote login script to POST to:
    Enter the URL of your script residing on your host system.  This script will need to accept the Username and Password(optional) variables from the Flipbook login screen via a POST command,  compare them to your member database, and return a value indicating valid or invalid credentials.
     
  2. Success return value:
    Value your script returns to the Flipbook indicating valid or invalid credentials.  You have two approaches:
  • Enter a string value in the text box our Application will look for to indicate valid credentials.  If the script returns a value matching that string, access will be granted.  All other values returned by the script will prevent access.
  • Return user's ID.  Check this box and your script can return a username/user id corresponding to the credentials passed, which will allow the user to use Annotation tools on the Flipbook (if you've turned them on).   If using this option your script MUST return a value of 0 (zero), for invalid credentials.  Any returned value other than 0 will allow access (See this section below for an example script).
  • NOTE:  Only the following characters will be recognized when returning values so please keep your responses within this character set:
     A-Z
     a-z
     0-9
     @
     .
     _
     -
     space
     /
     \
     ,
     :
     ;
     ! 
     =
  • Username field name:
    Enter the variable name in your script that will be assigned the username submitted from the login screen.
     
  • Password Field name (optional):
    Enter the variable name in your script that will be assigned the password (if required) submitted from the login screen.
     
  • Custom login Screen message (optional):
    Enter a message that you want to display to end users on the login screen.  You can use HTML/CSS/Javascript to get fancy!
     
  • Custom login Screen message (optional):
    Website for readers to navigate to for help in subscribing, logging in, or forgot password (optional).
     
  • Click "Save" button to apply settings/changes or click Close button to cancel.

 

Step 3 - Allow for Previewing of Pages without Logging In

Preview_Settings_-_Remote_Authentication.png

 

 

 

 

 

 

 

 

  1. Toggle on/off preview option and enter how many pages you would like non members to view without logging in.
  2. Click "Save" button to apply settings/changes or click Close button to cancel.

 

Reference Example

Let's take a fictional website "www.abc-co.com" as an example.

In this example:

  • ABC Co. has a database of users who can gain access to a specific title
  • ABC Co. creates a script that checks if a user has the necessary privileges
  • the remote login script is http://www.abc-co.com/loginscript.php
  • the username field name is uname
  • the password field name is pword
  • the string returned on success is welcome!
     
  • Our system POSTS a form that can be assumed to look like

    <form method="post" action=" http://www.abc-co.com/loginscript.php">
    <input type="text" name="uname" value="bob" />
    <input type="password" name="pword" value="bob123" />
    </form>
     
  • since user bob's password is "bob123", the script prints out "welcome!". Whatever is printed out by the script will be returned as the value, so make sure to not print out any html.

Our system will send the form using POST method (not GET) only from our backend, so you need not worry that anyone will ever see this script via client-side scripting.


An example php script: (for learning purposes only)

<?php
 
//open connection to database
mysql_connect(…);

//select your database
mysql_select_db(…);

$sql = "SELECT count(*) FROM `user_table` where username='" . $_POST['uname'] . "' AND password='" . $_POST['pword'] . "' LIMIT 1";

$result = mysql_query($sql);
$count = mysql_result($result,0);

if($count==1){
echo "welcome!";
} else {
echo "username/password combo not found";
}

?>

 

 

New: Return User's ID as Success Message

With the introduction of the Annotation Tools Widget comes the ability to return your users' ID instead of a generic success message. This will allow us to store information for your remote users on our system.

If "return user's ID" is selected as the Success return value, your script should be modified to output the user's ID or username IF the credentials were found to be valid. 

Your script should return a value of  "0"  (zero) if the query FAILS then our system will deny access to the user.

In the example above, the last code block could simply be changed to:

  • ...
    if($count==1){
    echo $_POST['uname'];
    } else {
    echo "0"; }
    ...
Previous Article
What method do I use for Remote Authentication?
What method do I use for Remote Authentication?

Depending on what you already have set up as far as external databases/payment integrations OR how you want...

Next Article
Avoid Double Login - Remote Authentication & AuthenticateRemoteUser API Method
Avoid Double Login - Remote Authentication & AuthenticateRemoteUser API Method

If you have your own database, along with a website, you might want to prevent having site users log in twi...