regify documentations

Documentation and help portal

regify Provider documentation

Introduction

This document is meant to help you administer and maintain the regify provider application. It is a reference for installing, configuring and maintenance of the whole application.

Configuration

The configuration of a regify portal consists of two areas. While the portal configuration is about the behaviour and functionality of the portal, the portal optics is for provider-specific adaptions.

Portal configuration

You can find these option using the Manage sub-providers option in your web administration. Please click the Edit regify-provider main configuration file button to edit this file.

Please do not edit this file manually on the appliance, because otherwise synchronisation to other systems (redundancy) will not work! Only use the editor in sub-provider management.

The configuration file contains all settings that differ from the regify defaults.

Most settings are simply set using a TRUE or FALSE value. TRUE is meant for „YES“ and FALSE for „NO“.

Here is an example (depending on your editor, the colors may differ):

<?php
// comment
define('MAINTAINMODE', FALSE);
?>

Here you can set TRUE to set the maintain-mode of the portal or FALSE to allow normal operation. Some other functions need strings (textual information) or numbers. Strings must be covered by quotes or double quotes. Numerical values are to be entered directly

<?php
define('SOMEFILE', "/tmp/ClearingLock.dat");

define('SOMEVALUE', 1234);
?>

In the first case, a string value is defined for SOMEFILE. Strings need to get covered using quotes or double quotes. In the second example, a numeric value is given to SOMEVALUE. Numeric values and TRUE/FALSE are not covered using quotation-marks.

Some configuration options need to define an array with multiple values. Please refer to the PHP documentation to learn about PHP array settings or study the examples below.

Portal configuration options in detail

You do not need to set all of the available options. Most of them can remain undefined. If they are undefined, they will use the default values.

You can find these option using the Manage sub-providers option in your web administration. Please click the Edit regify-provider main configuration file button to edit this file.

Please contact regify support at support@regify.com if you like to change something and you are not sure about how to change or what the option does.

Provider information
MAINTAINMODE	If set TRUE, wether the portal or the regify client software is able to work. Every customer will get a maintenance information. Set this, if an error occurs or you are planning some maintenance that might break the portal for a while.

Provider information

MAINTAINMODE

If set TRUE, wether the portal or the regify client software is able to work. Every customer will get a maintenance information. Set this, if an error occurs or you are planning some maintenance that might break the portal for a while.

regify specific definitions

regify specific definitions
FORCE_HTTP	If set to TRUE, the regify portal does not create any https:// links. It creates only insecure http:// links. This is only for development purposes and testing systems. Do not set this on productive systems.
HTTPPROXY	Here you can define a proxy for external url calls. Leave empty ("") if your server has direct connection to the internet. Format: "ProxyNameOrIP:Port"
USEREXPIREDAYS	How many days will a regify subscription or invitation be available, if the e-mailed user does not activate his account by clicking the e-mail link? Default is 6 days.
ACTIVEAFTERSIGNIN	Days of premium membership the user will get after he successfully created an account (use -1 to start without premium membership). Default is 30 days.
NOTIFYEXPIRATIONMAIL	Define, on which days before regimail professional expiration the user should get an expiration reminder e-mail. Separate by comma. Leave empty ("") to disable expiration messages. Default: "7,3" (7 and 3 days before expiration)
USERPASSWORDLENGTH	Length of normal user-passwords. Default is 8.
SETPREMIUMANYTIME	Set this value to TRUE to let the portal set premium-membership of grouped users at any time to the group value. If set to FALSE, the portal will not reduce premium-membership of a user in case the admin changes the premium-membership of a group or the SDK changes premium-membership of a group. Default=FALSE.
EMERGENCYURL	In case the provider switches automatically to maintenance-state (no clearing or no cryptoserver), this URL will get called directly. Please leave empty to disable this feature. Example URL to receive an SMS using sms4.de: `<?php $url = "https://www.sms4.de/cgi-bin/sms_out.pl?"; $url .= "handynr=49172123456&user=xxxx&pwd=xxxx&kdnr=xxxx"; $url .= "&tarif=4"; $url .= "&text=".urlencode("regify maintenance mode!"); define('EMERGENCYURL', $url); ?>`
PDFENABLED	Set this value to TRUE, if you have configured PDFPATH and you like to allow users to download their transaction-history as a PDF document.
REGIBILL_DEFAULT_SUBJECT	If a regibill standard transaction is started, this text is set as subject in the transaction history.
REGIBILL_DEFAULT_REMINDER	The duration of the reminder period of regibill transactions. Important: regibill standard does never trigger a receipt information. Upon this, this value is only for database optimisation (how long is the key held in active table).
DEBITSTATECHECK	If set to true, customers can send regibill or regipay only with activated automatic debit (Lastschrift). Otherwise it is denied.
MAXHITSPERPAGE	The number of hits for each page on multiple-page results (regibill, regipay history)!
$AdminRoles[]	This array defines the access-options for the different administration roles. Please change this values only in consultation with regify support.
MAXUPLOADSIZE	Defines the maximum size of files to get uploaded in megabytes. Please only enter the numeric value without any characters. Default: 8
COMMON_COUNTRIES	List of IOC code of common countries of your customers. This allows you to bring some common countries to the top of country lists. Default is "GER LUX FRA GBR SUI" (divide by blank). Also see list of IOC codes in addendum of this document.
ALLOWED_OBLIG_ATTACH	List of file extensions allowed for upload as obligatory attachments. The list has to be separated by semicolon (like "jpg;doc;xml").

FORCE_HTTP

If set to TRUE, the regify portal does not create any https:// links. It creates only insecure http:// links. This is only for development purposes and testing systems. Do not set this on productive systems.

HTTPPROXY

Here you can define a proxy for external url calls. Leave empty ("") if your server has direct connection to the internet.

Format: "ProxyNameOrIP:Port"

USEREXPIREDAYS

How many days will a regify subscription or invitation be available, if the e-mailed user does not activate his account by clicking the e-mail link? Default is 6 days.

ACTIVEAFTERSIGNIN

Days of premium membership the user will get after he successfully created an account (use -1 to start without premium membership).

Default is 30 days.

NOTIFYEXPIRATIONMAIL

Define, on which days before regimail professional expiration the user should get an expiration reminder e-mail. Separate by comma. Leave empty ("") to disable expiration messages.

Default: "7,3" (7 and 3 days before expiration)

USERPASSWORDLENGTH

Length of normal user-passwords. Default is 8.

SETPREMIUMANYTIME

Set this value to TRUE to let the portal set premium-membership of grouped users at any time to the group value. If set to FALSE, the portal will not reduce premium-membership of a user in case the admin changes the premium-membership of a group or the SDK changes premium-membership of a group.

Default=FALSE.

EMERGENCYURL

In case the provider switches automatically to maintenance-state (no clearing or no cryptoserver), this URL will get called directly. Please leave empty to disable this feature.

Example URL to receive an SMS using sms4.de:

<?php
$url = "https://www.sms4.de/cgi-bin/sms_out.pl?";
$url .= "handynr=49172123456&user=xxxx&pwd=xxxx&kdnr=xxxx";
$url .= "&tarif=4";
$url .= "&text=".urlencode("regify maintenance mode!");
define('EMERGENCYURL', $url);
?>

PDFENABLED

Set this value to TRUE, if you have configured PDFPATH and you like to allow users to download their transaction-history as a PDF document.

REGIBILL_DEFAULT_SUBJECT

If a regibill standard transaction is started, this text is set as subject in the transaction history.

REGIBILL_DEFAULT_REMINDER

The duration of the reminder period of regibill transactions. Important: regibill standard does never trigger a receipt information. Upon this, this value is only for database optimisation (how long is the key held in active table).

DEBITSTATECHECK

If set to true, customers can send regibill or regipay only with activated automatic debit (Lastschrift). Otherwise it is denied.

MAXHITSPERPAGE

The number of hits for each page on multiple-page results (regibill, regipay history)!

$AdminRoles[]

This array defines the access-options for the different administration roles. Please change this values only in consultation with regify support.

MAXUPLOADSIZE

Defines the maximum size of files to get uploaded in megabytes. Please only enter the numeric value without any characters.

Default: 8

COMMON_COUNTRIES

List of IOC code of common countries of your customers. This allows you to bring some common countries to the top of country lists. Default is "GER LUX FRA GBR SUI" (divide by blank).

Also see list of IOC codes in addendum of this document.

ALLOWED_OBLIG_ATTACH

List of file extensions allowed for upload as obligatory attachments. The list has to be separated by semicolon (like "jpg;doc;xml").

Intrusion detection system and session management
IDSTRESHOLD	Define the treshold for PHPIDS. If this treshold is reached, the access will get blocked (session will get destroyed!).
SESSION_ACTIVITY_TIMEOUT	This value defines, how many seconds a session will last on the portal. If a user is not calling a page after that time, the session is invalid (user is logged out). This applies also to SDK and client access (sdk.php, regify.php and regify2.php).
MAX_DOS_LOAD	Defines, how many high-load processes of a given type are allowed at a time to avoid any unattainability of the server. Such processes are PDF generation for regibill validation reports or PDF generation of transaction history or GDPR reports. Those jobs can run a maximum of MAX_DOS_LOAD times at the same time (counting over all your machines)! If you run multiple and/or strong machines, you can increase to 20 or even 50. But 10 should do the trick for most. Default: 10
LOCK_AFTER_FAILED_ATTEMPTS	If a user tried to login several times with wrong password, this function blocks any further attempt (even if password is correct). The user may try again after 10 minutes. This constant defines the treshold for failed logins. If you set this value to 0 (zero), the function is disabled (unlimited attempts, not recommended). Default: 10

Intrusion detection system and session management

IDSTRESHOLD

Define the treshold for PHPIDS. If this treshold is reached, the access will get blocked (session will get destroyed!).

SESSION_ACTIVITY_TIMEOUT

This value defines, how many seconds a session will last on the portal. If a user is not calling a page after that time, the session is invalid (user is logged out). This applies also to SDK and client access (sdk.php, regify.php and regify2.php).

MAX_DOS_LOAD

Defines, how many high-load processes of a given type are allowed at a time to avoid any unattainability of the server. Such processes are PDF generation for regibill validation reports or PDF generation of transaction history or GDPR reports. Those jobs can run a maximum of MAX_DOS_LOAD times at the same time (counting over all your machines)! If you run multiple and/or strong machines, you can increase to 20 or even 50. But 10 should do the trick for most.

Default: 10

LOCK_AFTER_FAILED_ATTEMPTS

If a user tried to login several times with wrong password, this function blocks any further attempt (even if password is correct). The user may try again after 10 minutes. This constant defines the treshold for failed logins.

If you set this value to 0 (zero), the function is disabled (unlimited attempts, not recommended).

Default: 10

regibox specific

MAXBOXSIZE

The maximum disk space consumption a user is allowed to utilize using regibox. This is the default and applies to all users who did not get a dedicated limitation. The value is in GigaBytes.

Default is 2.

ENABLE_RGB_FOR_ALL

Set to TRUE to give every new user that is created the initial permission to use regibox

Please note that regibox accounts trigger cost! In doubt, contact us for clarification.

Default is FALSE.

BOX_QUOTA_OVER

If a regibox size exceeds X percent or more above 100%, the system administrator is getting an e-mail by the system.

Default is 20 (means warning at 120%).

RGB_QUOTA_WARN

If a regibox size exceeds this usage level, the regibox owner is getting an e-mail by the system.

Default is 90 (means 90%).

sharing specific
SHARE_MAX_SIZE_COMPLETE	The maximum size a user is allowed to share in sum across all his shares. Default: 250MB/user

sharing specific

SHARE_MAX_SIZE_COMPLETE

The maximum size a user is allowed to share in sum across all his shares.

Default: 250MB/user

Authentification and security switches

Authentification and security switches
AUTHCOUNTRIES	If authentication option is active, please select the IOC code of the countries for which you provide the authentication service (divide using blank). Example "GER LUX FRA GBR SUI". Also see list of IOC codes in addendum of this document.
AUTH_BITLENGTH	Define the bitlength for identity-files. Possible values: 1024, 2048, 3072, 4096. The bigger the value, the more computing power is needed. Use only with care.
UNLOCKCODETYPE	Defines, how the unlock-code will be generated (used by users to decrypt indetity-files). The following Chars define the used charsets: "U"=Uppercase Alphanumeric Chars "L"=Alphanumeric Lowercase Chars "N"=Numeric Chars Combinations of these values are allowed. Default = "ULN".
UNLOCKCODELENGTH	Defines the length of the unlock code. Default for numeric only: 16.
INVITATIONAUTHTOLEVEL	If you set a value from 1 to 5, an invited user will get authenticated by default using this authentication level. This requires, however, that the inviting user is already authenticated by the same or a higher level. Set to 0 to prevent any authentication (default).
INVITATIONAUTHONLYSDK	This option applies only if the INVITATIONAUTHTOLEVEL option was set. Setting this option to TRUE prevents authentication of users that are not being initiated by the provider-SDK. If set to FALSE, the INVITATIONAUTHTOLEVEL option affects all invitations.
AUTHTRANSMITTYPE	Select which type of authentication transmission will be used 0 = Use regify SMS gateway 1 = Use own SMS gateway (using AUTHTRANSMITURL) 2 = Use no SMS at all
AUTHTRANSMITURL	This URL is used to call the SMS gateway. The following placeholders allow you to complete the url (they are already url encoded): [r] = unlockreturninformation (mobile number) [t] = text to transmit in ISO-8859-1 [u] = text to transmit in UTF16/UCS and HEX [8] = text to transmit in UTF-8 [s] = sender info in ISO-8859-1 (eg domain of provider) [e] = 0 if text seems valid GSM 03.38 encoding, 1 if it seems not (unicode) Example URL to send an Unlock-Code SMS using serienSMS.de: `<?php $url = "https://www.sms4.de/cgi-bin/sms_out.pl?" . "handynr=[r]&user=xxxx&pwd=xxxx&kdnr=xxxx&" . "text=[t]&tarif=1"; define('AUTHTRANSMITURL', $url); ?>`
AUTHTRANSMITURLGOODRESULT	In case you use AUTHTRANSMITURL, please enter the result that indicates a successful sending as a Regular Expression (for example: /200/ if you need to get "200" or /<status>0<\/status>/i if you need to get a result containing "<status>0</status>").
AUTHTRANSMITNUMBERMODE	This option defines how the mobile number [r] is handled for replacement in your own AUTHTRANSMITURL: Mode 0 = format number like 49771… Mode 1 = format number like +49771… Mode 2 = format number like 0049771…
function AuthTransNumberConvert($O) {}	This optional function allows you to check or convert the [r] value before inserting. This overwrites the AUTHTRANSMITNUMBERMODE option. This may get used to ensure a given pre-code or to remove unwanted chars etc. This function needs to return the correct value. If it returns "" (empty string), the sending is canceled. If this function is not existing, this feature is simply ignored and the value of AUTHTRANSMITNUMBERMODE is used.
AUTHOPTIONS	This value allows you to set the maximum authentication level of this provider instance (and all subproviders). You can get the needed codes from regify. For more information contact support@regify.com.
EMAIL_CODE_LENGTH	The length of the verification code sent by email to the user. This code is used for email/account activation and password reset.
SMS_CODE_LENGTH	The length of the numeric verification code sent by SMS. Used for account activation and password reset.
DEFAULT_DIALING_CODE	The default value for the international dialing code. It’s set to the German code by default ("+49").

AUTHCOUNTRIES

If authentication option is active, please select the IOC code of the countries for which you provide the authentication service (divide using blank). Example "GER LUX FRA GBR SUI".

Also see list of IOC codes in addendum of this document.

AUTH_BITLENGTH

Define the bitlength for identity-files. Possible values: 1024, 2048, 3072, 4096. The bigger the value, the more computing power is needed. Use only with care.

UNLOCKCODETYPE

Defines, how the unlock-code will be generated (used by users to decrypt indetity-files). The following Chars define the used charsets:

"U"=Uppercase Alphanumeric Chars
"L"=Alphanumeric Lowercase Chars
"N"=Numeric Chars

Combinations of these values are allowed. Default = "ULN".

UNLOCKCODELENGTH

Defines the length of the unlock code. Default for numeric only: 16.

INVITATIONAUTHTOLEVEL

If you set a value from 1 to 5, an invited user will get authenticated by default using this authentication level. This requires, however, that the inviting user is already authenticated by the same or a higher level. Set to 0 to prevent any authentication (default).

INVITATIONAUTHONLYSDK

This option applies only if the INVITATIONAUTHTOLEVEL option was set. Setting this option to TRUE prevents authentication of users that are not being initiated by the provider-SDK. If set to FALSE, the INVITATIONAUTHTOLEVEL option affects all invitations.

AUTHTRANSMITTYPE

Select which type of authentication transmission will be used

0 = Use regify SMS gateway
1 = Use own SMS gateway (using AUTHTRANSMITURL)
2 = Use no SMS at all

AUTHTRANSMITURL

This URL is used to call the SMS gateway. The following placeholders allow you to complete the url (they are already url encoded):

[r] = unlockreturninformation (mobile number)
[t] = text to transmit in ISO-8859-1
[u] = text to transmit in UTF16/UCS and HEX
[8] = text to transmit in UTF-8
[s] = sender info in ISO-8859-1 (eg domain of provider)
[e] = 0 if text seems valid GSM 03.38 encoding, 1 if it seems not (unicode)

Example URL to send an Unlock-Code SMS using serienSMS.de:

<?php
$url = "https://www.sms4.de/cgi-bin/sms_out.pl?" .
"handynr=**[r]**&user=xxxx&pwd=xxxx&kdnr=xxxx&" .
"text=**[t]**&tarif=1";
define('AUTHTRANSMITURL', $url);
?>

AUTHTRANSMITURLGOODRESULT

In case you use AUTHTRANSMITURL, please enter the result that indicates a successful sending as a Regular Expression (for example: /200/ if you need to get "200" or /<status>0<\/status>/i if you need to get a result containing "<status>0</status>").

AUTHTRANSMITNUMBERMODE

This option defines how the mobile number [r] is handled for replacement in your own AUTHTRANSMITURL:

Mode 0 = format number like 49771…
Mode 1 = format number like +49771…
Mode 2 = format number like 0049771…

function AuthTransNumberConvert($O) {}

This optional function allows you to check or convert the [r] value before inserting. This overwrites the AUTHTRANSMITNUMBERMODE option. This may get used to ensure a given pre-code or to remove unwanted chars etc. This function needs to return the correct value. If it returns "" (empty string), the sending is canceled. If this function is not existing, this feature is simply ignored and the value of AUTHTRANSMITNUMBERMODE is used.

AUTHOPTIONS

This value allows you to set the maximum authentication level of this provider instance (and all subproviders). You can get the needed codes from regify. For more information contact support@regify.com.

EMAIL_CODE_LENGTH

The length of the verification code sent by email to the user. This code is used for email/account activation and password reset.

SMS_CODE_LENGTH

The length of the numeric verification code sent by SMS. Used for account activation and password reset.

DEFAULT_DIALING_CODE

The default value for the international dialing code. It’s set to the German code by default ("+49").

Shopsystem definitions
SHOPCURRENCY	Currency used in this provider. It is used for transaction-prices and shop-system.
RENEWALPERIODOFNOTICE	This number of days is the period of notice for automatic renewal of the account. If the rest-time of the premium-membership under-runs this value, the bank data and the automatic debit authority is not changeable anymore and the account gets renewed. If you set to 0 (zero), the customer can prevent renewal even on the last day of his actual premium-period.
INVOICINGINTERVAL	The interval, in which the transactions will get converted to a accounting transaction. After conversion (bank account entries are generated), the counters are getting reset to 0. 0 = daily (shortly before midnight) 1 = weekly (last day of the week) 2 = monthly (last day of the month, default) 3 = every quarter (last day of each quarter of the year) 4 = once a year (on the last day of the year)
ORDER_INVALID_AFTER	If an order is not marked as "payed" after that number of days, it is automatically marked as "cancelled". The default is 21 days.

Shopsystem definitions

SHOPCURRENCY

Currency used in this provider. It is used for transaction-prices and shop-system.

RENEWALPERIODOFNOTICE

This number of days is the period of notice for automatic renewal of the account. If the rest-time of the premium-membership under-runs this value, the bank data and the automatic debit authority is not changeable anymore and the account gets renewed.

If you set to 0 (zero), the customer can prevent renewal even on the last day of his actual premium-period.

INVOICINGINTERVAL

The interval, in which the transactions will get converted to a accounting transaction. After conversion (bank account entries are generated), the counters are getting reset to 0.

0 = daily (shortly before midnight)
1 = weekly (last day of the week)
2 = monthly (last day of the month, default)
3 = every quarter (last day of each quarter of the year)
4 = once a year (on the last day of the year)

ORDER_INVALID_AFTER

If an order is not marked as "payed" after that number of days, it is automatically marked as "cancelled".

The default is 21 days.

Mailing options
PREVENTREALSENDERADDRESS	Normally, all system e-mails are using the mailrobot address, given in sub-provider administration, as the sender (from:). There are two exceptions on this: Inviting e-mails and Online written regify messages. In this case, the sender-address is the main mailaddress of the current regify account. If you are having problems by relaying such messages, set this option TRUE. In this case, those messages will get the mailrobot address as sender, too. Additionally, the main mailaddress of the regify account will get added as ReplyTo field to those messages. Default is TRUE to prevent relaying problems!
REPORTCOPYADDRESS	Please enter a mailaddress, if you like to receive a copy of the monthly report that is sent to regify. Please keep in mind, that the content is not encrypted (as the report to regify is). Separate multiple recipients using comma (,). Leave empty to receive no copy.

Mailing options

PREVENTREALSENDERADDRESS

Normally, all system e-mails are using the mailrobot address, given in sub-provider administration, as the sender (from:).

There are two exceptions on this:

Inviting e-mails and
Online written regify messages.

In this case, the sender-address is the main mailaddress of the current regify account. If you are having problems by relaying such messages, set this option TRUE. In this case, those messages will get the mailrobot address as sender, too. Additionally, the main mailaddress of the regify account will get added as ReplyTo field to those messages.

Default is TRUE to prevent relaying problems!

REPORTCOPYADDRESS

Please enter a mailaddress, if you like to receive a copy of the monthly report that is sent to regify. Please keep in mind, that the content is not encrypted (as the report to regify is).

Separate multiple recipients using comma (,).

Leave empty to receive no copy.

Design options

If you like to change the optical appearance of the regify provider software, please refer to the document „customizing regify provider appearance“.

Monitoring options

You can monitor the state of the regify provider by using any monitoring software you are comfortable with. You can use Nagios as such a tool.

The following monitoring-sources are recommended:

The lockfile /opt/provider/ClearingLock.dat
If this lockfile exists, at least one clearing connection is not ok. It is automatically removed if the provider was able to re-connect again (every 5 minutes).
The lockfile /opt/provider/MaintenanceLock.dat
If this lockfile exists, the provider has gone to maintenance-mode (eg missing all clearing connections). It is automatically removed if the provider was able to fix his problems by himself.
The MySQL logfile at /var/log/mysqld.log
There is a problem if it contains entries with [error].
Calling the following URL in intervals:
https://<Serverurl>/monitoring.php
This method checks free system space, clearing-availability, database-availability and database-replication in one single call.

Possible results of monitoring.php:

OK → Everything is fine
WARNING: {msg} → The provider runs, but some problems are detected (see message)
ERROR: {msg} → The provider is not running (see message for reason)

In addition, the regify provider software appliance also contains the Nagios client tools. You can call them if you like. Please contact support@regify.com for help on enabling the Nagios client. Please note that we can not give you support or training on how to use and configure Nagios. See https://wiki.regify.com/index.php?title=Nagios_Information for more technical information.

There is also Zabbix monitoring possible. See https://wiki.regify.com/index.php?title=SSH_Monitoring_with_Zabbix for more information.

Updating provider software

To update the regify provider, you need to enter the appliance administration menu (SSH) and use the check for updates option.

This is descibed in detail in the regify provider appliance manual.

Restoring backups

Backups are created automatically by the backup option in your appliance menu (SSH). Please refer to the appliance manual to find out more about the backup option.

In order to restore such a backup, the following prerequisites must be given:

The target appliance must be set up.
The appliance wizard and the web wizard (https://domain/WIZARD/) must be run (because we need your clearing access data configured in order to be able to decrypt the backup).
You need the backup file to restore available for upload on your system.
If your system is replicated, we strongly recommend to restore one system in the beginning and later set up the replicated system based on the restored data.

The backup restore can get startet in two ways:

In the web administration gui Provider maintenance Restore backup. Simply upload the backup file and restore begins.
By using SSH access. Drop to shell and enter (sudo or root user):

$ sh /usr/libexec/regify-provider-app/restore [backup-file]

After the restore, the SSL usage is deactivated!

If you are behind some SSL offloading LoadBalancer, this is ok. But you still need to set the Loadbalancer IP Addresses now! Enter SSH appliance menu and either select Set LB IP Address ] or select menu:Provider[Stop using SSL.
If your provider needs to do the offloading, please enter SSH appliance menu and activate SSL Provider Start using SSL. If the hostname matches the restored SSL certificate and key, it is automatically used and activated.

Sub-provider management

The regify provider software allows you to create sub-provider. A sub-provider is a sub-instance of your regify provider software to allow customized and individual reselling of the regify service. Creation and management of sub-providers is located in the regify provider administration dialogs. This option is only visible to the administrator of the main provider.

Creating a new sub-provider needs some jobs to do and should be done only by administrators with good knowledge about the regify technology and webhosting.

To create a new sub-provider, please follow the setup-guide on the regify WIKI for detailed instructions: http://wiki.regify.com/index.php?title=Setting_up_a_new_sub-provider

Sub-provider options

Common tab

Common tab / Provider-name

This is the name of this sub-provider. This name will be seen by your customers, too.

Common tab / Domain

this entry defines the domain, to which this sub-provider is assigned. Example: „regify.company.com“. You are not allowed to change this value (read only).

Common tab / Administrators

This dialog allows you to define the administrators for this sub-provider and which roles they have.

Changes to the administration-roles are saved directly, no matter if you save the other sub-provider settings later or not.

Common tab / Menu-flags

Those flags are used to define some menu-behaviour of your regify sub-provider. Please look up the Sub-provider menu-flags chapter in this document.

Common tab / Default-language

If the portal is not able to determine the language of the browser, this value will be used. If you are operating in germany, „german“ will be a good choice. This language is also uses in several other situations, where a users choice is not available.

Common tab / Allow inviting users to

This option allows you to define a list of domains. If the list is empty, all ungrouped users are allowed to invite new people without restrictions. If this list is filled, only users with a main-mailaddress inside of this list are allowed to invite other users to this provider. If a foreign provider is defined, users that are not listed in this domain-list will be able to invite, but their invitation will get forwarded to the foreign regify provider. You might need to refresh the page to update the dialogue.

Changes to the domain-list are saved directly, no matter if you save the other sub-provider settings later or not.

Common tab / Ungrouped members are undesired in this provider

If you check this option, the provider try’s to prevent of having ungrouped users. If a foreign provider is defined, invitations that will result in an ungrouped member will get redirected to this foreign provider. If you do not check this option, invitations that will result in an ungrouped member will remain on this provider (even if a foreign provider is defined). This option affects only invitations that are generated by grouped members!

Contact tab

Please enter all your contact data. Please do not leave empty fields here.

External invitation tab

Here you can enter the inviting options for foreign providers. Please look up the following "invitation-chart" in the "Addendum" chapter, and the „sub-provider external invitation options“ chapter for further information relating this field.

Prices tab

Enter the end-user prices for your products. The given values are including the VAT! More about this in the separate "provider billing documentation".

Shop tab

Please define your shop options here. More about this in the separate "provider billing documentation".

Other tab

Other tab / Authentication

You can define the Max. authentication level for the sub-provider. This option is not available for the main sub-provider (ID 1). The maximum level for sub-providers is defined by regify after certification. If you are interested in certification for authentication levels above 3, please contact support@regify.com.

Other tab / Enable sharing

Enable the sharing feature (for regibox 2.x) by ticking the corresponding checkbox. Please note that regibox must be enabled in general for this function to work. Also, the user must be an activated regibox user for this to work for him.

Sub-provider menu-flags

Many functions and menü options can get enabled/disabled by setting or removing a menu-flag. The following flags are available:

Flag	Description
A	Menu-option „transaction overview“ available (regimail, regipay and regibill - if available)
B	Menu-option „validate regibill“ available (affects menu and login-page)
C	Menu-option „system configuration“ available
D	Menu-option „create regimail online“ available
E	Menu-option „read regify online“ available (affects menu and login-page)
F	Menu-option „new password“ available
G	Menu-option „authenticate me now“ available
H	Menu-option „authentication state“ available
K	Menu-option „personal information“ available
L	Menu-option „e-mail addresses“ available
M	Menu-option „manage representatives“ available
N	Menu-option „regimail membership“ available (enables shop system)
O (oh)	Menu-option „delete my account“ available
P	Menu-option „manage bank account“ available (only, if available)
S	Menu-option „downloads“ available (affects menu and login-page)
T	Menu-option „invite user“ (affects portal and clients that are using phpInviteDirect.php)
U	Menu-option „manage obligatory attachments“ available
V	Menu-option „help and faq’s“ available
W	Menu-option „order“ for group-admins available
X	Menu-options „regibox“ available
Other, non-menu related, option switches
1	Allow new members by self-registration
2	Display „coupon-code“ questions on registering and invitation dialogs (enable negotiator codes)
3	Display „group-code“ question on registering dialog
4	Enables a connector. It extends the transaction history. If the connector supports search functionality, a "Search archived transactions" menu-option is also displayed.
7	Users are allowed to chose their own password in "new password" dialog (using a fixed password strength check).

Flag

Description

Menu-option „transaction overview“ available (regimail, regipay and regibill - if available)

Menu-option „validate regibill“ available (affects menu and login-page)

Menu-option „system configuration“ available

Menu-option „create regimail online“ available

Menu-option „read regify online“ available (affects menu and login-page)

Menu-option „new password“ available

Menu-option „authenticate me now“ available

Menu-option „authentication state“ available

Menu-option „personal information“ available

Menu-option „e-mail addresses“ available

Menu-option „manage representatives“ available

Menu-option „regimail membership“ available (enables shop system)

O (oh)

Menu-option „delete my account“ available

Menu-option „manage bank account“ available (only, if available)

Menu-option „downloads“ available (affects menu and login-page)

Menu-option „invite user“ (affects portal and clients that are using phpInviteDirect.php)

Menu-option „manage obligatory attachments“ available

Menu-option „help and faq’s“ available

Menu-option „order“ for group-admins available

Menu-options „regibox“ available

Other, non-menu related, option switches

Allow new members by self-registration

Display „coupon-code“ questions on registering and invitation dialogs (enable negotiator codes)

Display „group-code“ question on registering dialog

Enables a connector. It extends the transaction history. If the connector supports search functionality, a "Search archived transactions" menu-option is also displayed.

Users are allowed to chose their own password in "new password" dialog (using a fixed password strength check).

All flags can get combined. The order does not matter. All flags need to be uppercase or numeric.

Sub-provider external invitation options

You can add the option to allow user not only to invite new users to the same regify provider. Additionally, invitations can go to another regify-provider instead. For this option, you need to set the URL and Parameters that will get called on the remote regify provider to start invitation. The parameters for the URL are defined in the regify provider-sdk. In case of questionbs, please contact support@regify.com for assistance.

If you enter the calling string, the regify provider will substitute some placeholders with the correct data. Therefore, you are able to control the behaviour of the external invitation.

Replaced placeholders are:

Values	Meaning
Values for the invited user
[m] or [mb]	<mailaddress> or <mailaddress base64>
[p] or [pb]	<prefix> or <prefix base64>
[fn] or [fnb]	<first name> or <first name base64>
[ln] or [lnb]	<last name> or <last name base64>
[un] or [unb]	<username> or <username base64>
[o] or [ob]	<organisation> or <organisation base64>
[mn] or [mnb]	<mobile number> or <mobile number base64>
Values of the inviting user
[in] or [inb]	<invitationer full name> or <invitationer full name base64>
[io] or [iob]	<invitationer organisation name> or <invitationer organisation name base64>
[uid]	<invitationer UserID> in sending regify provider
[mad] or [madb]	<mailaddress> or <mailaddress base64> of invitationer
[ia]	<invitationer auth-level>
Other parameters
[c]	selected language code
[q] or [qb]	<personal message> or qb=<personal message base64>

Values

Meaning

Values for the invited user

[m] or [mb]

[p] or [pb]

[fn] or [fnb]

[ln] or [lnb]

[un] or [unb]

[o] or [ob]

[mn] or [mnb]

Values of the inviting user

[in] or [inb]

[io] or [iob]

[uid]

<invitationer UserID> in sending regify provider

[mad] or [madb]

<mailaddress> or <mailaddress base64> of invitationer

[ia]

Other parameters

[c]

selected language code

[q] or [qb]

It is highly recommended to use the base64 encoded placeholders versions to avoid problems in transmission (if option offers a base64 encoding). In case of any trouble, please carefully check the logfiles of both affected systems (regify providers).

Example values:

ProviderURL: https://portal.regify.com

ProviderUser (Important: this user needs INVITING-USER checked in Product settings / SDK of destinations provider): SDKUser:MyPassword

ProviderCall: f=userinvite&mb=[mb]&pb=[pb]&fnb=[fnb]&lnb=[lnb]&ob=[ob]&c=[c]&qb=[qb]&i=test&inb=[inb]&iob=[iob]&ia=[ia]

Administration roles

The regify-Provider administration offers different administration roles. Most of the administration-functions are only available to users with own the correct role.

The roles are set in sub-provider administration module described in the Sub-provider management chapter.

The available rules are:

hotline: Offers only limited functionalities for simple user management like address, email addresses and password reset initiation.
subprovider: Functionalities needed for sub-provider management, which is close to master admin except of "Manage sub-providers" option.
helpdesk: Functionalities like hotline but also including functions related to negotiators and groups. Also includes authentication and Excel/CSV user invitations.
accounting: Only accounting related modules. No access to user related functions but can export payments, manage negotiators and payments.
master admin: Grants access to all administration modules.
special1: Reserved for special uses, ask support@regify.com if you need a very special admininstration role.

Depending on theese roles, the administrator is able to use the assigned administration-functions or not.

The roles that are needed for different administration-pages are defined using a configuration-array in configuration.php (see Portal configuration).

Monthly report explanation

The regify-provider software generates a monthly report. It will get generated exactly on the last day of the month. The time depends on the time, the daily job is started (normally, some minutes before midnight).

This report is for regify billing and for technical interested persons. It is automatically sent to regify every month.

You can get a copy of the report in readable form by setting REPORTCOPYADDRESS in configuration. But please do not use this for invoicing your customers. The Data Export function in your provider web administration offers you to export billing data in much more detail and containing the needed values.

The report contains a detailed description of its values since regify provider 5.1.2 and is now self explaining. If you have questions about the values, please feel free to contact us for a more detailed explanation.

Addendum

Technical support information

Online resources

FAQ’s available in English, French and German under

https://www.regify.com/?PageID=regifyFAQ

Extensive wiki available in English at

https://wiki.regify.com

Installing third party software

We do not allow you to activate other rpm repositories except the regify ones. You are not allowed to install other software on the appliance. The only exception is software needed for your virtualization environment. By doing this, you accept the following licence agreement for installing such software:

Installation of driver software and programs in the context of virtualisation technologies

regify also provides support for customers who use the regify provider software appliance or the regigate software appliance on virtual servers (e.g. on VMWare, Virtualbox or Microsoft Hyper-V) according to the maintenance agreement and in line with commercial practice. As virtualisation technologies emulate functions of physical computers, regify assumes that regify products work in virtual environments as they do in physical environments. Therefore, provisioning of the regify support is based on the assumption that a potential problem or error that is observed in a virtual environment can be replicated in a physical one.

A regify customer may install other software on a regify appliance if such software is critical for the operation of the virtual environment. The existing maintenance agreement between customer and regify also applies for such virtual setups. However, problems or errors that only occur on virtual systems or in combination with software that was installed by the customer are not covered by the maintenance agreement. In such cases, regify reserves the right to charge the customer for time and effort. Moreover, regify does not assume any liability for system failure or loss of data.

Invitation-chart

International IOC country codes

AFG Afghanistan

ALB Albania

ALG Algeria

ASA American Samoa

AND Andorre

ANG Angola

ANT Antigua and Barbuda

ARG Argentina

ARM Armenia

ARU Aruba

AUS Australia

AUT Austria

AZE Azerbaijan

BAH Bahamas

BRN Bahrain

BAN Bangladesh

BAR Barbade

BLR Belarus

BEL Belgium

BIZ Belize

BEN Benin

BER Bermuda

BHU Bhutan

BOL Bolivia

BIH Bosnia and Herzegovina

BOT Botswana

BRA Brazil

IVB British Virgin Islands

BRU Brunei

BUL Bulgaria

BUR Burkina Faso

BDI Burundi

CAM Cambodia

CMR Cameroon

CAN Canada

CPV Cape Verde

CAY Cayman Islands

CAF Central African Republic

CHA Chad

CHI Chile

CHN China

COL Colombia

COM Comoros

CGO Congo

COD Congo (Dem. Rep.)

COK Cook Islands

CRC Costa Rica

MNE Crna Gora

CROC roatia

CUB Cuba

CYP Cyprus

CZE Czech Republic

CIV Côte D’Ivoire

DEN Denmark

DJI Djibouti

DMA Dominica

DOM Dominican Republic

TLS East Timor

ECU Ecuador

EGY Egypt

ESA El Salvador

GEQ Equatorial Guinea

ERI Eritrea

EST Estonia

ETH Ethiopia

FRO Faroe Islands

FIJ Fiji

FIN Finland

FRA France

GAB Gabon

GAM Gambia

GEO Georgia

GER Germany

GHA Ghana

GRE Greece

GRN Grenada

GUM Guam

GUA Guatemala

GUI Guinea

GBS Guinea-Bissau

GUY Guyana

HAI Haiti

HON Honduras

HKG Hong Kong

HUN Hungary

ISL Iceland

IND India

INA Indonesia

IRI Iran

IRQ Iraq

IRL Ireland

ISR Israel

ITA Italy

JAM Jamaica

JPN Japan

JOR Jordan

KAZ Kazakhstan

KEN Kenya

KIR Kiribati

PRK Korea (North)

KOR Korea (South)

KUW Kuwait

KGZ Kyrgyzstan

LAO Laos

LAT Latvia

LIB Lebanon

LES Lesotho

LBR Liberia

LBA Libya

LIE Liechtenstein

LTU Lithuania

LUX Luxembourg

MKD Macedonia

MAD Madagascar

MAW Malawi

MAS Malaysia

MDV Maldives

MLI Mali

MLT Malta

MHL Marshall Islands

MTN Mauritania

MRI Mauritius

MEX Mexico

FSM Micronesia

MDA Moldova

MON Monaco

MGL Mongolia

MAR Morocco

MOZ Mozambique

MYA Myanmar

NAM Namibia

NRU Nauru

NEP Nepal

NED Netherlands

AHO Netherlands Antilles

NZL New Zealand

NCA Nicaragua

NIG Niger

NGR Nigeria

NOR Norway

OMA Oman

PAK Pakistan

PLW Palau

PLE Palestine

PAN Panama

PNG Papua New Guinea

PAR Paraguay

PER Peru

PHI Philippines

POL Poland

POR Portugal

PUR Puerto Rico

QAT Qatar

ROU Romania

RUS Russia

RWA Rwanda

SKN Saint Kitts and Nevis

LCA Saint Lucia

VIN Saint Vincent and the
Grenadines

SAM Samoa

SMR San Marino

KSA Saudi Arabia

SEN Senegal

SRB Serbia

SEY Seychelles

SLE Sierra Leone

SIN Singapore

SVK Slovakia

SLO Slovenia

SOL Solomon Islands

SOM Somalia

RSA South Africa

ESP Spain

SRI Sri Lanka

SUD Sudan

SUR Suriname

SWZ Swaziland

SWE Sweden

SUI Switzerland

SYR Syria

STP São Tomé and Príncipe

TPE Taiwan

TJK Tajikistan

TAN Tanzania

THA Thailand

TOG Togo

TGA Tonga

TRI Trinidad and Tobago

TUN Tunisia

TUR Turkey

TKM Turkmenistan

TUV Tuvalu

UGA Uganda

UKR Ukraine

UAE United Arab Emirates

GBR United Kingdom

USA United States of America

URU Uruguay

UZB Uzbekistan

VAN Vanuatu

VEN Venezuela

VIE Vietnam

ISV Virgin Islands of the US

YEM Yemen

ZAM Zambia

ZIM Zimbabwe