Client Login API

This is the preferred way to securely authenticate your user's private data. The Client Login API performs a 'pre-auth' on the user's data, then routes them to their personalized install page.
Client API Explanation

Overview

The Client clicks on a SimpleScripts icon, located within your control panel, which pulls up a server-side script.
The server-side script contacts SimpleScripts securely with client information.
SimpleScripts performs a "pre-auth", and responds with a success/failure status and a single-use login link (if success) or failure reason.
The server-side script parses information then prints out a <meta> style redirect or error message.
Client is redirected into SimpleScripts, and logged into their respective account.

Location

https://www.simplescripts.com/api/client_login.php

Requirements

KeyValueNotes
host_keyYour Host KeyYour Host Key is a unique identifier provided by SimpleScripts for tracking purposes. This key is used in all SimpleScripts APIs.
host_api_keyYour Host API KeyYour Host API Key is a special password required to use this and any other SimpleScripts API. Keep this password secure!
user_uniqueUnique Account IDA host-wide unique id for the client. CRITICAL! This value defines the login / install list memory for users. Can be the user's username (if unique among ALL of your servers) or an account id, etc.
user_emailname@customerdomain.comThe customer's email address is used STRICTLY for account login and completion/notification emails. You can edit the templates in your host customization panel.
user_domaincustomerdomain.comThe customer's main domain goes here.
user_ip255.255.255.1This IP is used by SimpleScripts for FTP connections, and may be used in an alternative access URL if the main domain's DNS is not pointed to their hosting account.
user_usernameusernameThe customer's FTP account username.
user_passwordmypass1The customer's FTP account password.
user_ftprootpublic_html[optional] The relative path from the user's ftp root directory to the web root (or document root) for the domain given above. We'll attempt to detect it if not entered.
user_cphostbox1.myhost.com[optional] The user's control panel IP address or domain/subdomain name. Used for accessing server APIs for databases, etc
user_cpuserusername[optional] The user's control panel username. Used for accessing server APIs for databases, etc
user_cppasspassword[optional] The user's control panel password. Used for accessing server APIs for databases, etc
user_cpreferbox1.myhost.com[optional] The referring servername, used to create a "return to panel" tab in the customer interface.
user_cptypepanel_name[optional] The Control Panel name. (cpanel, plesk, interworx, etc)
user_redirectupgrade, WordPress[optional] Landing page for the end user. This can be "upgrade" to go to the user's available upgrades, the name of a script (such as WordPress), or a category name (Content_Management or Website_Builders)
user_localeen_US[optional] The preferred locale of the client. We are currently adding support for this, and it can be any of the following codes: English (US)
plan_codebasic, etc[optional] If you have setup plan codes in the Script List section of Configuration, you can enter the plan code id here to display alternate script lists to these users.

Return Values

A successful request (not necessarily a successful operation) will return a string concatenated with a pipe "|" symbol. Exploding the string on the pipe symbol will give you an array of parts, which are notated below. Note: Part Zero will always be a binary 0 or 1, depending on the operations failure or success, respectively.
SuccessPart 1Notes
0Secure Connection RequiredAll requests must use the https:// protocol when calling the SimpleScripts APIs.
0HostKey RequiredThis field is required. For more information, view the Requirements table above.
0HostAPIKey RequiredThis field is required. For more information, view the Requirements table above.
0Invalid HostKey/HostAPIKey CombinationJust like a bad username/password combination, this means you have provided bad information.
0Unique ID RequiredThe client's unique id is required. For more information, view the Requirements table above.
0Main Domain RequiredThe client's main domain, in the format of "domain.com", is required. For more information, view the Requirements table above.
0Email Address RequiredThe client's email address is required. For more information, view the Requirements table above.
0Username RequiredThe customer's main FTP account username is required.
0Password RequiredThe customer's main FTP account password is required.
1<Redirect URL>A single-use temporary url with a short validity period is presented as part one. Use the value of part one to inject into a meta refresh, or Location: header.

Sample Code

Download the cPanel Developer Kit
This includes a copy of the below code, and a shell script (must be root to run) to install this directly in your cPanel. Instructions are included in the README.txt file. [.TGZ Format]
Plesk Users: Add the below code to your server, and use the "Create Icon" tool to add the direct icon.
<?php
/* Sample Code for the SimpleScripts Client Login API. */

//Gather all the necessary client information into one place.
//START EDITING HERE.
$my_request = array(
   "host_key" => "YOUR HOST KEY",
   "host_api_key" => "YOUR HOST API KEY",
   "user_unique" => "HOSTING-WIDE UNIQUE CLIENT ID HERE",
   "user_domain" => "domain.com",
   "user_ip" => "255.255.255.0",
   "user_email" => "client@domain.com",
   "user_username" => "ftpuser",
   "user_password" => "ftppass",
   "user_cptype" => "cpanel",
);
//STOP EDITING HERE.

//build the query.
$my_request_str = "";
foreach ($my_request as $key => $value) { $my_request_str.= $key."=".urlencode($value)."&"; }

//cPanel (and maybe other panels) come with a gutted version of PHP that does not 
//include the standard CURL libraries.  If your panel supports them, you can use those instead.
ob_start(); 
passthru('curl -k https://www.simplescripts.com/api/client_login.php
	--data "'.rtrim($my_request_str,"& ").'" --max-time 60'); 
$response = ob_get_contents(); 
ob_end_clean();

//Take apart the response.  First part is the success/failure bit (1/0, respectively), 
//and the second is either a link to redirect to, or a failure message for debugging.
$parts = explode("|",$response);
if ($parts[0] == "0") { 
	die("Something went wrong!<br />\n".$parts[1]); 
}
else {
	header("Location: ".$parts[1]);
}
?>