Password Robot

How to install and set up Password Robot (v3.18)

Installation

Setup

Control panel FAQs

Troubleshooting FAQs

Miscellaneous FAQs

Payment gateways

Installation

How to install Password Robot

Unzip the Password Robot zip file to your computer. Upload the pr folder (in ASCII mode) into the directory on your server where your site's home page is located. Next, go into the cgi-bin folder and upload the pr folder there into the cgi-bin directory on your server.

Now that both folders have been copied to your server, set 755 permissions on /cgi-bin/pr/pr.cgi and the /cgi-bin/pr directory. To complete your installation, use your web browser to access pr.cgi and click the "Install now" link the program displays. (Did you get an error? Check out the Troubleshooting FAQs below.)

(Depending on the server, it's sometimes necessary to set 777 permissions on directories you want Password Robot to protect. You can do this now if you like.)

If your web hosting plan supports crontab, you can start the cron job Password Robot uses to automatically make backups and check for expired or abused accounts. Please contact us for more details.

Testing your installation

First, sign in, and click on to the "Settings" page to change your admin password.

Move on to the "Directories" page and click the "Refresh this list" link to have Password Robot find and list all the directories on your server. Select a directory to protect, enter "Members" for the group name, and click the "Protect this directory" button.

Now that you've protected a directory, add an account for yourself from the "Accounts" page, and try to access the directory with your web browser.

Finally, if you were able to login, check your email for a message from Password Robot containing the details of the account you added.

Setup

How to set up a registration form

Registration forms let your users add an account for themselves to your members database.

Use register.html in the pr folder as a starting point for creating your registration forms. You can open the page in any text or HTML editor to change it to your liking. Following are descriptions of the "hidden" form fields on the page:

Use the "required" field to list fields users should be required to fill in when completing the form.

The "account_length" field value specifies the number of days accounts should remain active before expiring. You can set it to 0 (zero) to have the form create accounts that never expire.

The "group" field indicates which group accounts should be added to.

The "status" field value determines whether the form should create Active or Inactive accounts for members. Active account holders can login immediately. Inactive members can't login until you activate their account from the control panel.

When the "allow_renewals" field value is set to "yes", members are able to renew their Expired or Active account just by completing the form. If their account has expired, it's made active again. If their account is already active, more days are added to its account length.

"url_to_response" is the address of the page Password Robot should send members after they complete the form.

Using custom registration form fields

Password Robot has 15 custom fields (named custom_01, custom_02, and so on) you can add to registration forms to collect more information from users. For example, if you want members to provide their city and state, you would add the following lines to your form:

<p>City<br />
<input type="hidden" name="custom_02" /></p>
<p>State<br />
<input type="hidden" name="custom_03" /></p>

To view the information members enter in custom fields, you'll need to give each one a title on the "Settings" page in the control panel. In the case of the previous example, you would enter "City" and "State" for the "Custom 02" and "Custom 03" field titles. Now when you edit an account in Password Robot, the program will display the city and state values members entered on your registration form.

Automatically deactivating abused accounts

Password Robot can automatically deactivate accounts that appear to have been shared with other people. The program determines whether an account may have been abused by tracking the number of IP addresses the account holder uses over the course of a day.

You'll need to do 3 things to use this feature: (1) Start the Password Robot cron job, (2) set an IP address limit on the "Settings" page in the control panel, and (3) add an IP logging tag to a page in your protected directory.

If your web hosting plan includes crontab support, contact us for details on how to start the cron job. You can set the IP limit to the maximum number IPs you think a member should use each day. (A setting of "5" might work for you.)

Password Robot uses a server feature called Server Side Includes (SSI) to record IP addresses. Using an SSI tag on a page requires the page's name end with .shtml (instead of .htm or .html). Change the name of the page you intend to track so that it ends with .shtml.

Finally, copy and paste the line below to the page anywhere between the <body> tags to have Password Robot record the IP address of members that access it:

<!--#include virtual="/cgi-bin/pr/ip.cgi" -->

Control panel FAQs

How can I create an account that never expires?

Enter 0 (zero) in the "Account Length" field or just leave it blank.

How can I add more details to accounts?

Password Robot has 15 custom fields you can use to add more information to your accounts. To use one, just give it a title on the "Settings" page.

For example, if you would like to record each member's city and state, you would enter "City" and "State" in the "Custom 02" and "Custom 03" fields on the "Settings" page. Now you can click the "Add more info" link on the "Add an account" form on the "Accounts" page to enter city and state values for accounts.

What do the E, D, X, R, and A links do?

The E, D, X, R, and A links on the "View Accounts" page let you edit, delete, deactivate, renew, and activate accounts, respectively.

Deactivating an account prevents members from accessing protected directories. Renewing an expired account or activating an inactive account gives members access to protected directories again.

How do I personalize my email messages?

You can customize any messages that Password Robot automatically sends and any emails you send from the "Email Members" page. Following is a list of personalization tags you can use:

$custom_01     $custom_09     $username
$custom_02     $custom_10     $password
$custom_03     $custom_11     $name
$custom_04     $custom_12     $email
$custom_05     $custom_13     $start_date
$custom_06     $custom_14     $expire_date
$custom_07     $custom_15     $account_length
$custom_08

Enter any tag in the subject or body of a message and Password Robot will automatically replace it with its value from the member's account record. For example, if you use the $email tag in a message, Password Robot will replace $email with the member's email address.

How do I customize the Edit Profile template?

The "Edit Profile" template is the form that appears when members submit the form on edit_profile.html in the pr folder. The template displays the member's account information.

You can use any of the personalization tags listed above ("How do I personalize my email messages") with the "Edit Profile" template. Following are descriptions of the "hidden" form fields on the page:

Use the "editable" field to list the names of the fields members should be able to edit.

The "required" field lets you list the names of fields members are required to fill in when updating their profile.

"url_to_response" is the address of the page Password Robot should send members after they complete the form.

Troubleshooting FAQs

Why is "Internal Server Error" coming up?

This usually means 755 permissions weren't set on pr.cgi or the Password Robot files weren't uploaded in ASCII mode.

To fix the problem, try setting 755 permissions on pr.cgi. If you're installing Password Robot for the first time (and there aren't any accounts in your database), try deleting the files from your server and uploading them again in ASCII mode.

Why is "Software Error: Can't continue after import errors at pr.cgi..." coming up?

This error means the version of Perl running on your server is too old to run Password Robot. The program requires Perl 5.6.0 or higher. Many web hosts will gladly install a newer version of Perl for you. (5.6.0 was released in 2000.)

If your host won't install a later version of Perl for you, we recommend Modwest. Their $8.95 a month starter plan comes with great support and everything you need to run Password Robot.

Why can't I login to the directory I protected?

Password Robot may have incorrectly guessed how your server is set up. To fix the problem, first try protecting the directory again from the "Directories" page.

If you still can't login, you'll need to update the "htaccess" file template on the "Templates" page in the control panel. Open the template and replace the path on the AuthUserFile line with the correct path from root to /cgi-bin/pr/data/$group.txt.

If you're not sure what the path should be, you can ask your host, "What's the path from root to my cgi-bin?"

Why can't I receive email from Password Robot?

Password Robot may not be using the correct path to sendmail for your server. To fix the problem, edit the /cgi-bin/pr/config.cgi file on your server. Replace the 'path_to_sendmail' value with the correct path to sendmail on your server.

If you're not sure what the path should be, you can ask your host, "What's the path to sendmail?"

Why aren't accounts expiring?

If accounts aren't deactivated when they expire, verify the "Deactivate expired accounts" option on the "Settings" page is enabled. If it is enabled, the cron job Password Robot uses to automatically check for expired accounts may not be running. Try restarting the job.

Miscellaneous FAQs

How can I backup and re-install Password Robot?

To backup Password Robot, download the pr and /cgi-bin/pr folders that were uploaded during the initial installation. Delete /cgi-bin/pr/config-temp.cgi and the /cgi-bin/pr/data-temp folder. Now rename config.cgi and the data subdirectory in the /cgi-bin/pr directory to config-temp.cgi and data-temp. Follow the directions above (How to install Password Robot) to re-install.

Payment gateways

Using PayPal with Password Robot

You can use Password Robot with PayPal to charge your visitors a fee to become a member. Visitors begin by clicking a payment button on your site that takes them to PayPal's site to submit payment. Once they've been billed, PayPal returns them to a registration form on your site to sign up for an account.

Use the two payment buttons on paypal_subscribe.html in the pr folder as a starting point for creating your own. The first button on the page lets users pay a one-time fee to become a member for 30 days. The second button charges users a monthly fee for membership.

The payment buttons' "custom" form field is used to specify which group accounts should be added to and how many days they should remain active before expiring. For recurring payment buttons (like the second button on the page), the account length value should always be set to 0 (zero).

The "return" field for both buttons tells PayPal to send customers to paypal.cgi after their payment is accepted. paypal.cgi verifies the payment was successful and displays the "PayPal Payment Complete" or "PayPal Payment Pending" pages found on the "Templates" page in the control panel.

The "PayPal Payment Complete" page contains a registration form set up to create an Active account for customers. The "Payment Pending" form creates an Inactive account that you must activate when the customer's eCheck clears.

Password Robot will automatically deactivate accounts with recurring payments whenever they are cancelled and come to the end of their term. The recurring payment button's "notify" field makes this possible. PayPal's server will automatically notify paypal.cgi when a subscription has expired.

Password Robot uses PayPal's "Payment Data Transfer" (PDT) feature to verify payment and display an appropriate response. To enable PDT, sign in to your PayPal account and click the "Profile" link near the top of the page. Click the "Web Payment Preferences" link in the "Selling Preferences" section. Enable "Auto Return" and enter the URL to your site's home page for the "Return URL". Enable "Payment Data Transfer" and copy the "Identity Token" to your clipboard (or write it down) for later. Finally, click the "Save" button to save your changes.

Now in order for Password Robot to verify payments, you'll need to paste the "Identity Token" you copied earlier into the config.cgi file in the /cgi-bin/pr folder on your server. Open the file and copy and paste the token in the space provided on the "paypal_auth_token" line. Password Robot is now setup to properly communicate with PayPal's server.