Jump to content

Community

[[Template core/global/global/lkeyWarning does not exist. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

Mark

IPS Staff
  • Content Count

    36,065
  • Joined

  • Last visited

  • Days Won

    107

 Content Type 

Profiles

Downloads

IPS4 Documentation

IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Forums

Everything posted by Mark

  1. You should see this: And then the form your screenshotted is what appears if you click "Continue as New Member".
  2. I still use an RSS client 😅
  3. Braintree is a payment gateway provided by PayPal which provides some great additional features for PayPal transactions including a significantly improved recurring payments model. We are delighted to be bringing full support for Braintree for Commerce in Invision Community 4.4. What is Braintree? Braintree is a payment gateway provided by PayPal which supports taking payments by credit cards (including Apple Pay and Google Pay) and Venmo as well as PayPal, providing a good option for communities wanting to use a single payment gateway, and also brings improved functionality for recurring PayPal transactions. For PayPal transactions, there are no additional fees and the checkout experience uses the normal PayPal experience your customers are used to. Recurring PayPal Improvements Recurring payments / Billing Agreements in PayPal have up until now been initiated by PayPal. Invision Community tells PayPal what the renewal terms of a purchase are, but then it's up to PayPal to take that payment and notify your community when it succeeds (or fails). This comes with a number of limitations and problems. It makes it difficult for you as an admin to modify an existing purchase or for the customer to upgrade/downgrade. It also means the customer has to create separate Billing Agreements for each purchase. Most significantly though, it means if there is a delay in receiving the payment (such as an expired card) it is sometimes unclear what should happen on your community's end, and how it can be resolved if/when the payment is received. Other payment gateways work the other way around. When a customer pays by card, for example, they have the option of storing their card details. Later, if they make another purchase or a renewal invoice is generated, Invision Community can tell the gateway to recharge the same card - and if it fails, allow the customer to provide an alternative payment method. This allow both you and your customers to have much greater control, and is much more reliable. Braintree resolves this by allowing customers when paying with PayPal to save their PayPal account in the same way they would save a credit card on file. When paying with PayPal, users will see a simple checkbox which, if checked, will allow future payments to be taken with PayPal automatically. Storing PayPal Accounts for Recurring Payments Other Features In addition to an improved checkout experience, our integration with Braintree supports: Taking payments by Credit Card, including 3DSecure checking and the ability for customer to store card details on file. Braintree uses a fully PCI-compliant method of taking card details in a way that ensures the card information never reaches your server. Apple Pay and Google Pay Venmo, which also allows storing accounts in the same way as PayPal accounts. Offering PayPal Credit Handling chargebacks/disputes Support for Braintree's Advanced Fraud Tools A Disputed PayPal Transaction Existing Setups and Upgrading The existing PayPal gateway will continue to be available for basic PayPal integration, and your existing set up will continue to work exactly as it does now after upgrading. If you are using PayPal, especially if you are using Billing Agreements, we strongly recommend switching to Braintree after upgrading. While it isn't possible to convert existing Billing Agreements, you can allow existing ones to continue to work and use Braintree for new purchases. Please note that while existing setups will work fine, from 4.4 it will no longer be possible to set up a new PayPal method with either Billing Agreements, or to take payments by card, as PayPal has deprecated the API this was using in favour of Braintree and it can no longer be enabled on new accounts. As mentioned though, this does not affect any existing setups, which, if you do not switch to Braintree, will continue to work as they do now. This blog is about our upcoming release Invision Community 4.4.
  4. PHP 7.1 or higher required (no particular recommendation beyond that other than of course the latest is always a good idea). MySQL 5.5.3 or higher required, 5.6.2 or higher recommended (though again, latest is always a good idea).
  5. The best way to convert guests into members is to make the onboarding process as simple as possible. Over the years, we've added special log in methods for Facebook, Google, LinkedIn and Microsoft. We've carefully hand coded these integrations to allow guests to sign up with just a few clicks using services they're already a member of. These services used to use proprietary methods to link with other websites, but a new standard has emerged. OAuth You may not know it, but you're probably familiar with OAuth already. If you have enabled the ability for users of your community to sign in with their Facebook, Twitter, Google, LinkedIn or Microsoft account, you may have noticed that the process for setting up each of these is quite similar. This is because they all use the OAuth protocol. In Invision Community 4.3, we are introducing several exciting new features: In addition to all of the existing social networks above, which retain their "easy setup" status, we have also added Wordpress. Users on your community can now sign in with any Wordpress site you control (you will need to install a Wordpress plugin to enable OAuth capabilities). As well as those "easy setup" options, we have also added the ability for you to allow users on your site to sign in with any OAuth 2.0 based provider. This means, for example, if your community is based in a location where other social networks are popular, if they use OAuth, you can set those up too. While the setup is a little bit more complicated, this doesn't require any custom programming - you'll just need to find out a few more pieces of information from the provider (an example is provided below). Invision Community itself can now also serve as an OAuth 2.0 server so you can set up other sites to be able to facilitate logins using credentials from your community. This works in conjunction with our REST API, allowing you to make API calls as an authenticated member, which will return just the information that user has access to. With the ability for Invision Community to serve as both an OAuth server and client, this now provides standard integration for multiple Invision Communities together, which will now replace the old IPS Connect feature. We have also taken this opportunity to make a few other minor tweaks to login, registration and account management features, especially for communities which rely heavily on non-standard login methods (more details below). Setting Up a Custom OAuth Provider For this example, I'm going to use vk.com, which is a popular social network in Europe. While Invision Community doesn't provide this as one of the "easy setup" options, it is based on OAuth 2.0 so we can use the new functionality in Invision Community 4.3 to set it up. In older versions, the list of login handlers in the AdminCP had all of the providers listed with enable/disable toggles - because now you can add as many custom handlers as you like in 4.3, it's now a list where you can add/delete options: Login Handlers List When clicking the "Create New" button, you'll see all of the different handlers Invision Community supports. Since vk.com isn't in the list, but is still OAuth 2.0-based, I'll choose the "Other OAuth 2.0" option: Choosing a Login Handler You'll now need to use the documentation provided by the site you want to integrate with to fill out this form. While no custom programming is required, the documentation is usually quite technical in nature - but you only need a few key pieces of information. We anticipate that for some of the more popular options, guides will be provided to help you find the information you need. I have created an application in vk.com's developer center and so I will copy and paste my credentials into the form: Inputting vk.com credentials I then need to find the endpoints from vk.com's documentation and input those too. Inputting vk.com endpoints Next I need to find the endpoint where I can access the user's information within their API and the parameters they are returned by. The only required piece of information is an ID, but you can also provide the parameters for accessing the display name, email address and profile photo. If display name/email address isn't available/provided, the user will be asked for this the first time they sign in. vk.com's API doesn't provide access to the email, but I can use the screen name as the display name, and they do provide access to the photo: Inputting vk.com User Information Endpoint and response parameters Finally, provide a logo and a color for the sign in button and some final settings: Inputting vk.com Logo and Button Color And now vk.com login is set up. A button will now show up on the front end which I can use to sign in. I didn't provide a way to access the email address, so on the first sign in, the user will be prompted to provide that, but the screen name and profile photo from vk.com will be used: Signing in with vk.com Using Invision Community as an OAuth Server You can also set up Invision Community itself to be an OAuth Server. This may be useful for two main reasons: If you want to integrate two communities together, or integrate with something else which supports adding custom OAuth clients. If you are a developer and want to use the REST API using OAuth for authentication rather than an API Key. You can either make requests as an authenticated user (by obtaining an access token) or using Client Credentials. The screenshots below show the full capabilities which are quite technical and mostly aimed at developers. If you will just use this feature to link two communities, don't be concerned if it looks too complicated, an easy-to-follow guide will be available to achieve that. You will set up the clients from the AdminCP: Setting up an OAuth Client When creating the OAuth Client, you can control which scopes are available, and which endpoints of the REST API they provide access to: Defining OAuth Client Scopes The login process is then the standard OAuth flow, and users have the ability to view authorisations in the account settings: Authenticating an OAuth Client The REST API has new and updated endpoints to be aware of the authenticated user: A new REST API endpoint which returns details of the currently authenticated user An updated REST API endpoint which, when called using OAuth authentication, will only return data the authenticated user has access to Other Login System Tweaks Users can now choose if they want to change their local display name or email address if it is changed by an external login method (or the administrator can choose this behaviour). If there is an issue with this (for example, it wants to change the email to one that is already taken), or profile photo syncing, this is now better communicated to the user. You can now control per-login-handler if new registrations are allowed using it. This addresses some confusion from previous versions as to if the "Allow New Registrations" setting applies to accounts being created by social network logins. The Standard login handler can be disabled if you rely totally on an alternate login method. To allow this to happen: All areas where a user is prompted to re-enter their password (some areas of the account settings) now allow reauthentication using any login handler. You can disable local registration but still allow accounts to be created by other login handlers, or redirect users to an external URL to register an account. You can also disable or redirect to an external URL for changing email address / password or the Forgot Password tool. You can now create multiple instances of the external MySQL database and LDAP login methods which have also had some other minor tweaks: The external MySQL database handler now has PHP's password_hash() function as an available option for password encryption type, and defining a custom encryption method is now much easier, done entirely in the AdminCP without needing to modify PHP files. You can now choose if changes to the local display name / email address / password is synced back to the external database / LDAP database. You can optionally show these handlers in the Account Settings pages like other login handlers to allow users with an existing account to link their accounts. You can define a Forgot Password URL for the external database which the user will be redirected to if they try to use the Forgot Password tool and that is how their account is authenticated.
  6. There is backwards compatibility so you should be fine 🙂 If you want to update it, we don't have any specific documentation, but if you take a look at one of our login handlers, the methods are all well documented.
  7. Not to the end user. Mostly from people who either didn't read the terms and got their accounts closed or are confused about how chargebacks work (which is not something the gateway has any control over).
  8. End-to-end encryption is not really possible as there is no method for storing the keys in a browser with reliable persistence (unlike in a mobile app). Note that "secret comversations" in Facebook Messenger, for example, can only be created and viewed on their mobile app, not their website.
  9. Not at this time. Most gateways, including Stripe, Braintree, and PayPal, do not allow most types of adult content. It was probably that. Obviously this is out of our control. I have expensive tastes 😂 (also specific purchase amounts trigger certain behaviours when in testing mode).
  10. Yes it is. Just like with Stripe you set up each as a separate payment method (but using the same credentials). This allows you to control where they are available (for example, since Apple Pay cannot handle recurring payments you might want to offer that only for products which don't have renewals). They will automatically hide if the user's device doesn't support them (Apple Pay can only be used on Apple products, for example). You can set the "Available To" setting in a payment method (which controls which countries it is available to) to none of them, which effectively "disables" a payment method. You can keep using Stripe for cards and just switch to Braintree for PayPal. If you wanted to switch everything to Braintree to have everything in one location, you would lose cards customers have stored on file (though this would be handled gracefully - they'll just be sent an invoice like they would if their card had expired).
  11. Other than notifying Commerce about a dispute (which does use a webhook), everything is initiated by Commerce's end. If a user revokes permission for the recurring charges from their PayPal account then the next time Commerce tries to charge it, it will treat it the same as it would a declined/expired credit card: it will try to use any other payment methods they have on their account and, failing that, will send them a renewal invoice.
  12. So if there are two packages: one costing $10 and another costing $30, you want a user upgrading between them to be charged $30? Why would the user not make a new purchase and get a full renewal cycle? Wouldn't $20 (which can be achieved by choosing the "Difference between the purchase prices" option) make more sense?
  13. We have no plans to remove the \IPS\Ftp classes, which are used by the upgrader. But the ability to set up the system to store uploaded files like attachments on an external FTP server was deprecated in 4.3.0 (i.e. 8 months ago).
  14. It's actually still there so people who were using it wouldn't suddenly end up with things broken. You could add a row to the table in the database where the configurations are stored if you really wanted to.... but I wouldn't recommend it. It was notorious for causing errors where the FTP server's flood protection or other limitations would suddenly block the connection and then suddenly the community would be unable to upload anything and have other issues caused by the communication not working. While some who knew what they were doing were able to configure the FTP server in a way that these issues wouldn't happen, it was used by such a small number of communities (like... less than 0.1%) and the percentage of those it caused irreparable issues to was so high, it just made sense to deprecate it. Especially in today's world where more robust solutions like Amazon S3 are available. Or, as you mention, a virtual drive on the webserver.
  15. Happy New Year from Sydney! 🙂
  16. To clarify since @Joel R mentioned me specifically... 😂 We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before 5.11.2.0 was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches. Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.
  17. Self-hosting our software currently requires a server with PHP 5.6+ (PHP 7 recommended) and MySQL 5.1+ (MySQL 5.6+ recommended).
  18. If you're willing to submit a support ticket, I'd be interested to check that there's nothing else going wrong. It seems to me very bizarre that someone would miss the equally sized "Download" button and click "Buy Now" and submit payment 6 separate times. If you do, mention this post so the support team know to send it up to me.
  19. Allowing your customers to find exactly what they need as fast as possible will no doubt increase sales. A good number of our customers use Commerce to sell physical items. Until now, it's always been a little tricky to set up the store to allow customers to drill down into specific items within the store. In Invision Community 4.4, the sidebar in the store now includes filter options to help customers find the product they're looking for. Using the filter sidebar Administrators can set up whatever filters they like for each product. In this video above, you can see we have set up filters for color and price. You can set these filters up in the AdminCP by simply specifying each possible option: Creating a custom filter Once the filters have been set up, you can then add each filter to the categories it applies to (so you can have different filters for different categories) and when editing any product you can specify as many values for each filter as is appropriate (for example, if you have a color filter, you can choose multiple colors if the product allows the customer to choose a color, or if the product has multiple colors). Choosing the filter values when creating/editing a product In addition to these custom filters, you will also see filters for price (you can set appropriate bands for each category), rating, and stock level. Other Commerce Improvements In addition, we also have a few more features new to Commerce in 4.4: There are new sidebar blocks for best selling products, latest products, product reviews and a featured product. When sending a bulk mail, you can target recipients by the total amount they have spent. Categories with no products in them are hidden automatically in the store. Notification emails sent to customers to let them know their purchase will expire soon (including if they will be automatically charged) have been improved to show more clearly what will happen. When viewing a customer page in the AdminCP, active purchases are separated from expired and cancelled purchases to make it easier to discern which are active. Custom field values are now included on printed invoices. When filtering support requests in the AdminCP, you can now choose "more than" or "less than" for all time-based filter options. When using stock actions to reply to support requests, the stock reply can be incorporated into the staff member's default reply content rather than overwriting it. Invoices in the AdminCP can now be filtered by status. This blog is part of our series introducing new features for Invision Community 4.4.
  20. If you go to AdminCP > Commerce > Payments > Settings > Checkout. you can set it so guests are not asked for a display name. Also on that page, you can set it so under certain circumstances, the customer's real name and billing address isn't required - however, some payment methods require this information. Beyond that, the only thing they are asked for is an email address (which we need to send the order confirmation and details to) and password. So the only thing that it asks for which could be avoided is the "Password" field.
  21. Two Factor Authentication significantly improves your security and is certainly not just dumbing things down. Generally speaking, there are three ways of proving you are who you say you are: knowledge factors (something you know, like a password), possession (something you have, like a mobile phone) and inherent (something you are, like a fingerprint). Using a strong password helps address some of the shortfalls of the knowledge factor - it protects you against someone trying to guess (or bruteforce) your password. However, it doesn't prevent you against a variety of other attacks (for example, if someone was able to compromise your system and install a key logger). But two factor authentication adds an additional factor into play: usually a possession factor. In addition to providing your (hopefully strong) password, it requires you to prove that you have in your possession a device which belongs to you. It should be used whenever available, especially for things which require additional security. To address the original question: email is generally not a great 2FA method as it is already the method of recovery if a user forgets their password. If you use email as the second authentication factor, it means an attacker only has to gain access to the desired victim's email account in order to compromise their account - which effectively brings you back to a single-factor authentication system.
  22. As the comment explaining why it's there says, it is needed for some features (the comment mentions embeds, but trying to edit templates or pages could also have issues with this set).
  23. You're probably thinking of when Apple changed the gun emoji to look like a water pistol and then other vendors followed suit.
  24. We haven't used salted md5s since v4 😉 We use bcrypt.
  25. You can add an image() function in your Item extension (Downloads shows the file's screenshot).
×
×
  • Create New...