I really hope you're not storing plain text passwords. If you are I strongly urge you to remove that usage and find a better way. A lot of people, frustratingly, use the same password for several accounts. Storing anyone's password in plaintext is a massive security vulnerability. Even temporarily is a bad idea. What is your PAP integration doing that it needs the users password?
We did store plain text passwords to log users to PAP until we found
this post
that they wrote recently.
So now we only need to create a randomly generated password for registering users to PAP after their first successful registration to CB
We talked about it a couple of years ago and you suggested to store the password temporarily in a cb field [cb_passaffiliation], so we used until now :
Code:
include_once('/var/www/html/affiliation/api/PapApi.class.php');
$Juser = CBuser::getUserDataInstance( '[user_id]' );
// convert the user parameters to a format for the external application
$args = array();
$args['email'] = "[EMAIL]";
$args['fname'] = "[firstname]";
$args['lname'] = "[lastname]";
$args['refid'] = "[USERNAME]";
$args['parentuserid'] ="[cb_parrain]";
$args['password'] = "[cb_passaffiliation]";
$args['data3'] = "[cb_address]";
$args['data4'] = "[city]";
$args['data6'] = "[cb_pays]";
$args['data7'] = "[zipcode]";
$args['data13'] = "[user_id]";
// params info
$pap4Username = "xxxx";
$pap4Pwd = "xxxx";
$pap4Url = str_replace( 'https', 'http', '[cb:config param="live_site" /]' ) . '/affiliation/scripts/server.php';
try {
$session = new Gpf_Api_Session($pap4Url);
if (!$session->login($pap4Username, $pap4Pwd)) {
die("Please contact affiliate manager. Error message: ".$session->getMessage());
}
//try to load referer
if("[cb_codeparrainpartenaire]") {
$PaPid = new Pap_Api_Affiliate($session);
$PaPid->setUserid("[cb_codeparrainpartenaire]");
try {
$PaPid->load();
if ($PaPid) {
//set the correct parent
$args['parentuserid'] = "[cb_codeparrainpartenaire]";
//reset PAPVisitorID cookies to erase them.
CBCookie::setcookie( 'PAPVisitorId', '' , time(), '/', '.activ-ha.com');
CBCookie::setcookie( 'PAPVisitorId', '' , time(), '/', 'activ-ha.com');
// register click to the right referer
$referer = $PaPid->getRefid();
$clickTracker = new Pap_Api_ClickTracker($session);
$clickTracker->setAccountId('default1');
try {
$clickTracker->setAffiliateId($referer);
$clickTracker->track();
$clickTracker->saveCookies();
} catch (Exception $e) {
die("Erreur sur le tracking. Erreur message: ".$e->getMessage());
}
}
}
catch (Exception $e) {
$args['parentuserid'] = "[cb_parrain]";
//erase wrong code for not giving wrong commissions on autoaction following
$Juser->cb_codeparrainpartenaire = "[cb_parrain]";
//$Juser->storeDatabaseValue( 'cb_codeparrainpartenaire', '' );
$Juser->store();
}
}
// create new affiliate
$affiliate = new Pap_Api_Affiliate($session);
$affiliate->setUsername($args["email"]);
$affiliate->setPassword($args["password"]);
$affiliate->setFirstname($args["fname"]);
$affiliate->setLastname($args["lname"]);
$affiliate->setRefid($args["refid"]);
$affiliate->setParentUserId($args['parentuserid']);
$affiliate->setData(3,$args["data3"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(4,$args["data4"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(6,$args["data6"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(7,$args["data7"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(13,$args["data13"],Pap_Api_Affiliate::OPERATOR_EQUALS );
if(!$affiliate->add()) {
die("Erreur sur le parrainage, merci de contacter votre affiliate manager. Erreur message: ".$affiliate->getMessage());
}
else {
// echo("Affiliate successfully added");
$referer = htmlspecialchars($affiliate->getUserid());
$Juser->cb_refid = $referer;
//$Juser->storeDatabaseValue( 'cb_refid', $referer );
}
}
catch(Exception $e) {
die("PAP4 API call error, merci de contacter votre affiliate manager. Erreur message: ".$e->getMessage());
}
But I think that maybe we could retrieve the CB password with var_ ? so that PAP and CB password are in sync at least at the registration process.
krileon
