Installation / Activation

Local mode

Since the local Login-API is pre-installed it just needs to be enabled!

  • Navigate to Login page / Local Login-API and activate it

  • The code-editor for easy changes directly in the webadmin interface can also be found in the same menu

  • Copy the default profile and adapt the file conf/main.config

  • See the plugin configuration documentation for everything else

External mode

Attention

  • The rest of this document covers the installation on an external webserver only.

Hint

The Login-API SDK is written in PHP and runs on Linux with apache, nginx, or any other webserver that is able to run PHP.

Preconditions

  • You need the knowledge to administrate a Linux webserver. Please understand that we can’t support basic server administration.

  • The SDK is mainly tested with PHP 5.6, but should work with PHP 5.4 too.

  • Some files are encrypted with the ionCube PHP module, so you have to install the ionCube loader in your webserver. We ship a loaders for PHP 5.4 and PHP 5.6 with the SDK.

  • Since version 2.0 the way to encrypt the communication between an IACBOX and the webserver has changed to AES-256 with padding (done with PHP module openssl). If you are using an older version the PHP module mcrypt (AES-128, no padding) is necessary.

  • curl module (only needed for social and payment plugin).

  • A database is only needed if you use a plugin which depends on a specific database.

  • Call the htdocs/check_install.php script to check your installation and delete that file afterwards!

Webserver configuration

  • The public access should be granted to the htdocs folder only! This setting will also be checked by check_install.php. An alias is not enough to secure the access. If somebody gets to know the original path he/she can still access all files. In the example below we refer to the configuration of an apache server.

  • Example: DocumentRoot /var/www/myloginapi/htdocs

  • If you want to use a database as backend it is important to set the correct DB-settings and create the database first (have a look at the instructions at the end of the document howto use DBs (MySQL and PostgreSQL)).

Login-API configuration

Some configurations in the conf/main.config need to be in sync with your IACBOX configuration (Modules -> Interface -> Login-API/Custom Logon Page). Find more information in the table below:

Configuration Key

Default

webserver-url

Necessary when using plugins which are redirecting to an external page (payment, social, …)

use-encryption

true

use symmetric encryption

encryption

AES-256

Per default we use AES-256 (encrypted with the php-module openssl) else AES-128

encryption-shared-secret

Shared Secret which can be found in the Login API configuration on the IACBOX

lgnapi-version

2.1

For backwards compatibility we differentiate between the old and new protocol version.

Attention

  • If the configuration lgnapi-version is wrong some plugins will not work anymore (PMS).

RDBMS Backends

This is an optional step if you have custom plugins which need a database or you want to log to a database. We have two samples for MySQL and PostgresSQL. These two backends only differ in the create table syntax. The DBs get accessed through the PHP DB abstraction Layer PDO and support many different DBs. It should be easy to adapt these scripts for another DBMS.

Each backend comes with its own installation code. The only precondition is that you create the database and a user for it first (do not run with admin or root users in production!).

MySQL

1
2
3
4
# mysql -u root -p
mysql> create database iacbox_loginapi;
mysql> grant usage on *.* to loginapi@localhost identified by 'new_password';
mysql> grant all privileges on iacbox_loginapi.* to loginapi@localhost;

Replace new_password with a long random password (> 10 chars).

PostgresSQL

1
2
3
4
# createdb -h localhost -U postgres iacbox_loginapi
# psql -U postgres iacbox_loginapi
loginapi=# CREATE ROLE loginapi WITH PASSWORD 'new_password' NOSUPERUSER NOCREATEDB NOCREATEROLE;
loginapi=# ALTER DATABASE iacbox_loginapi OWNER TO loginapi;

Now create the tables with install-script: Open this link in your browser: http://your.domain-or-ip.com/loginapi/backend_install.php and click on Install. If everything went fine you should see an Ok for each table.

Attention

REMOVE the backend_install.php and check_install.php after installation since leaving them in-place is considered a security risk!