Auto Login
How it works?
AutoLogin is a free HostBill plugin (included in all versions since 2016-05-06) that allows you to log-in your customers from external application/website with customer email address.
The power of AutoLogin feature is that you are not forced to redirect user anywhere after log-in into your application, all actions are taken in the background, between your application's server and HostBill's.
Additionally you can auto-logout customers once they log-out of your application.
Connecting your application and auto-login should work with this flow:
- Client logs-in into your application
- Your application generates access hash from user email + secret from module configuration
- Your application HTTP POST this hash to Auto-Login module
- Module authenticates customer, and returns url that you should link your application from. I.e.: via "Access billing portal" link
- Once customer visits this link he/she will be automatically logged in.
- [Optional] When customer logs out of your application, it POST request to log-out customer from HostBill too
- [Optional] You can use 'redirect' parameter to generate URL that redirects clients to a specific resource.
Configuring module
This module is by default included in all new HostBill downloadable packages.
Visit Settings → Modules → Plugins, find and activate "Client Auto Login" module. If module is not on your list, make sure to update to latest HostBill version first.
You need to enter:
- your secret code that will be used to create access hash in your application code,
- set rate limit attempts
- hash verification method (this will impact your code)
Important info about code samples
Atlassian tends to replace & char with & in code below, after copy please replace & with & in your code and set $hashMethod
Code sample: Login customer
Code sample below is in PHP using cURL.
<?php
//Set hash method: 'md5' or 'hmac_sha256'
$hashMethod = 'md5';
// Get cURL resource
$ch = curl_init();
// Set AutoLogin url
curl_setopt($ch, CURLOPT_URL, 'http://yourhostbillurl.com/index.php?cmd=autologin&action=login');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Data to post:
$email= "user@email.com"; //Client's email address
$duration = "160"; //Time in seconds for how long user login link will work
$secret = "SECRET_CODE"; //Secret code set in module configuration (in previous step)
$hashData = $email.$secret.$duration;
if($hashMethod && $hashMethod === 'hmac_sha256') {
$hash = hash_hmac('sha256', $hashData, $secret); //Verification string
} else {
$hash = md5($hashData); //Verification string
}
$body = http_build_query([
'email'=>$email,
'duration'=>$duration,
'hash'=>$hash,
'redirect' => 'http://yourhostbillurl.com/index.php?cmd=clientarea&action=invoices', //optional
]); //data to post
// Set POST data
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
// Send the request & save response to $resp
$resp = curl_exec($ch);
if(!$resp) {
die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
} else {
$array = json_decode($resp,true);
if($array['success']) {
$login_url = $array['login_url']; //url to link customer to HostBill
$token = $array['token']; //token we can use to log user out
} else {
die('Error: "' . $array['error'] .'"');
}
}
curl_close($ch);
Code sample: Logout customer
Code sample below is in PHP using cURL.
<?php // Get cURL resource $ch = curl_init(); // Set AutoLogin url curl_setopt($ch, CURLOPT_URL, 'http://yourhostbillurl.com/index.php?cmd=autologin&action=autologout'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Data to post: $token = ""; //Login token returned upon user auto-login (previous step) $body = http_build_query([ 'token'=>$token ]); //data to post // Set POST data curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $body); // Send the request $resp = curl_exec($ch); curl_close($ch);