Interferon

Maybe there is a publicly accessible application we can hook into for testing? That could eliminate any server-side errors on our site.

Thank you. I got it working perfectly with these settings: width = 100% height = auto

I have a strange issue with a database field that contains a YouTube video ID. I am displaying the field like this: {$record->customFieldDisplayByKey('video','display')|raw} The resulting HTML code starts off like this: <div class="ipsEmbeddedVideo" contenteditable="false" style="width:640px;max-width:640px;height:390px;"><div> Notice the width is hard-coded into the element at 640px. I am not sure where this is coming from. It is not coming from our max video width setting from the forum. I even downloaded the entire community site and did a search through the files for this code, and could not find it. It is possible I could have stupidly modified a template file to force the size like this. The default video embeds on the forum work fine. Any ideas? Where is this code originating from?

Yes, that is exactly what we are doing. I sent a PM.

Okay, I definitely recommend setting your product to send out a second email that provides a link to the Purchases page so the user can get their key. You should also add instructions for activating a product on Steam, if it is a Steam key. Great plugin. 🏅

I placed another order on our site, and I did receive the secondary email, which I have set to provide a link to the purchases page. I believe it would be best to immediately go to the purchase page after ordering, but if the secondary email is working this gives us an acceptable delivery mechanism.

We have the authentication token working now. I can see the authentications in the IPB admin panel, along with the correct scopes. However, every API call we try to make results in a NO_PERMISSION error. The URL is set like this: std::string url = "https://www.xxxxxx.com/forums/api" + endpoint; Where endpoint is equal to "/core/me". The token appears to be working, because if I set it to a random string I get an error saying it is invalid. The URL appears to be correct because if I make up an endpoint that doesn't exist I get an INVALID_CONTROLLER error. The error code is 2S291/3. I also notice I don't see any of my calls using an OAUTH token as the credential appearing in the API log.

I noticed upwork.com has improved their messaging system. This might provide some inspiration. What they have created is halfway between a forum messaging system and Discord / Slack. It's pretty nice. I uninstalled Arrowchat because people did not use it much and it made page loading slower.

I just got my first referral on my account. It was actually brilliant to show the account signups instead of just anonymous sales. I heard the little notification noise, I see the account of the person I helped create, and now I want to help answer their questions so they will buy something. This is definitely an underutilized feature I think we need learn how to use properly.

I am still trying to figure this out, but this C# code from Google might help you: https://google.github.io/google-api-cpp-client/latest/guide/oauth2.html

....

It's possible but it's pretty advanced. I am hiring someone on Upwork right now to implement that last part for me. The end result will be a function where you enter the user name and password, and then you can use the whole Invision REST API, including user authentication. What OS does your program run on?

Forwarding them to the purchase page right after purchase would be good. The custom email would probably be okay, but it does not seem to be working.

I am working on a system to do this. Maybe it will be turned into a general-purpose C library. What programming language do you use?

I will investigate the OATH stuff now. I was able to make a simplified web API very easily that checks ownership and active status of a license using PHP.

How else would you possibly do it?

Using PHP and an API key I can very easily view purchase status given a user ID and an item ID. Creating our own intermediate web API might be a good idea, because it would prevent mountains of data from going back to the user. Should I be looking at an approach like that instead?

Following example here: https://invisioncommunity.com/developers/rest-api/index/ I changed the URL to "https://www.xxxxxxxxxxx.com/api/core/hello/" but it is saying the key is invalid: curl_easy_setopt(curl, CURLOPT_USERPWD, publickey.c_str()); If I use an API key then it actually works, but I want to use the per-user OATH method since this is running on the user's computer.

Now let's try to connect our application. First we initialize curl: curl_global_init(CURL_GLOBAL_DEFAULT); Create a curl object: curl = curl_easy_init(); Set the URL for the request: curl_easy_setopt(curl, CURLOPT_URL, "https://www.xxxxxxxxxxxx.com/oauth/token/?key=" + publickey); Set the timeout value: curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10000); Construct the authorization header: //Construct authentication token std::string postdata; char authHeader[1024]; unsigned char buff[32]; hmac((unsigned char*)privatekey.c_str(), privatekey.length(), (unsigned char*)postdata.c_str(), postdata.length(), buff); String encoding = base64_encode((const unsigned char*)buff, 32); int len = sprintf(authHeader, "Authorization: %s", encoding.c_str()); //Construct header struct curl_slist* headers = curl_slist_append(headers, "Content-Type: text/xml"); headers = curl_slist_append(headers, authHeader); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); Here is the hmac function, which is using OpenSSL: void hmac(unsigned char* key, int keylen, unsigned char* message, int messagelen, unsigned char* out) { HMAC_CTX* ctx = HMAC_CTX_new(); unsigned int len = 32; // Using sha1 hash engine here. // You may use other hash engines. e.g EVP_md5(), EVP_sha224, EVP_sha512, etc HMAC_Init_ex(ctx, key, keylen, EVP_sha256(), NULL); HMAC_Update(ctx, message, messagelen); HMAC_Final(ctx, out, &len); HMAC_CTX_free(ctx); } And finally perform the request: CURLcode res = curl_easy_perform(curl); When I do this, the result is CURL_OK but there is an "invalid_request" error in the returned JSON object. The error description says "request must be a POST request". Okay, so my postdata value is just an empty string. Is there some kind of "hello" message I should set this to? I am just trying to break through the network at this point and make sure I can actually communicate with the server.

I am implementing the IPB REST API into a C++ program that runs on the customer's computer. This program runs without the use of a web browser. This is meant to provide a mechanism to check software licenses. In the future I also want to add these features: Allow users to upload screenshots directly from our application to the community gallery. Allow users to browse, purchase, and download IP.Downloads files directly in our application. Basically I am using IPB to build some of the functionality of Steam, for our own applications. First step: I am creating an OATH client. None of the client types describe what I am doing, so I am choosing "Custom Confidential OATH client". Here is the description: The secret code will be stored in the program's compiled source code, so I think this is what best fits my situation. (There are potential absolutely certain DLL security issues I am not going to go into here.) For "Available Grant Types" I am choosing "Resource Owner Password Credentials" as this seems to describe exactly what I am trying to do: I don't know what "Redirection URLs" means so I am just adding my community URL. For "Authorization Prompt" I am choosing the default setting. Now I am confused because I am not using a web browser at all for this application.

I am getting ready to release a new product and I want to build sales on our own website outside of Steam. I am looking into the IPB license keys system but I can't find any information on it. There are two options, standard and MD5. The IPB documentation just says this: I assume the generated keys are using some kind of standard system, but there is no input for a private key or anything like that. How does my C++ application validate a license key? If this requires connection to the REST API, what is the point of using keys? You could just have the user enter their name and password, and check to make sure they purchased the item?

I tried adding a custom email for the store product, but that email is never received. The whole experience is extremely negative, it's like saying "Thank you for your money, now go away".

I was testing out the single-user-license key extension, and I realized it's virtually impossible for a customer to find their product information after ordering something. The email they receive does not tell them to go to their purchase history for their product info. The page after they order only says "You can go to Your Orders", which has no information on their product. There is no way for the customer to actually know they are supposed to go to the Purchases page to get their product information, so it looks like the website just stole their money. If I buy something online, I expect to see the license key right away after ordering, or to be sent in an email. It took me ten minutes to find the license key after ordering, on my own site. Why is this hidden from the customer?

Okay, I found it is hidden away in "Purchases". This is very confusing. The email the customer receives does not contain the key. After ordering, they are told they can go to "My Orders" but that page does not contain the license key either. Is there any way to send the key in a way the customer will actually see it? If I have to send out an email every time someone orders something then this is no better than just manually sending keys.

I just installed this. I changed an existing product to use SULK license keys for new purchases. I purchased a new copy of the product from my own account using my account balance. The transaction worked and the license keys list shows that one is used, but how does the customer actually receive their key? I don't see it anywhere.