Login via API and JavaScript

Visitor registration, booking and RSVP can be embedded into any HTML website (“custom website”) by embedding a javascript tag and a div container. The javascript tag loads the logic via javascript file from the fluxcess network, which then writes the html code for visitor registration or RSVP into the DIV tag.

Further, the custom website can use the login state of the current visitor and might, for example, display custom information.

For an RSVP login on any custom website, three items are required on the custom website:

  1. JavaScript: <script type="text/javascript" src="https://tickets.eventmanager.us/js/ticketshop2.js"></script>
  2. DIV with event id `<div class="ticketshop startbooking login" data-eventid="2587"></div>
  3. data element in the body, stating the url of the local login script <body data-loginurl="/?action=apilogin">
  4. PHP method validating the login on the server side
Your browser does not support svg.

Example PHP method:

    private function checkSessionValidity($session_id, $guest_id) {
        $isSessionValid = 0;
        $url = 'https://rsvp.eventmanager.us/api_1.0/de/fevent/<event id>/booking/verifyLogIn';
        
        $data = ['sid' => $session_id, 'guest_id' => $guest_id];
        $options = array(
            'http' => array(
                'header'  => "Content-type: application/x-www-form-urlencoded\r\nCookie: PHPSESSID=" . $session_id . "\r\n",
                'method'  => 'POST',
                'content' => http_build_query($data)
            )
        );
        $context  = stream_context_create($options);
        $result = file_get_contents($url, false, $context);
        if ($result === FALSE) {
            echo 'Error in session validity check.';
        }
        $resultJson = json_decode($result);
        if ($resultJson->session->loggedin == 1) {
            $isSessionValid = 1;
        }
        return $isSessionValid;
    }

Cookies

We need one cookie from the custom website, and one cookie from the fluxcess rsvp site. Third party cookies via ajax request failed to be handled properly in some of our tests by some browsers. We therefore work with a global js variable fluxcessSessionId which contains the session id of the fluxcess rsvp server.

The Cookie header cannot be modified in some browsers via javascript. We therefore use a custom header fluxcess whenever we send a request to the fluxcess rsvp server via javascript / jQuery / ajax.

Logout

Although the customer would only use the custom website and probably never get to see the fluxcess booking website, the logout needs to happen on both sites: On the custom website and on the fluxcess RSVP site.

This is important; otherwise, the user would login automatically after logging out and could literally not log out.

It is recommended to call the rsvp server API with a logout command from the custom website server side code. Example code:

    private function logOutOfFluxcessRsvp($session_id) {
        $isLoggedOut = FALSE;
        $url = 'https://rsvp.eventmanager.us/api_1.0/de/fevent/<event id>/booking/logOut';
        $data = ['sid' => $session_id];
        $options = array(
            'http' => array(
                'header'  => "Content-type: application/x-www-form-urlencoded\r\nCookie: FLUXCESS=" . $session_id . "\r\n",
                'method'  => 'POST',
                'content' => http_build_query($data)
            )
        );
        $context  = stream_context_create($options);
        $result = file_get_contents($url, false, $context);
        if ($result === FALSE) {
            echo 'Error logging out from fluxcess RSVP.';
        }
        $resultJson = json_decode($result);
        if ($resultJson->session->loggedin == 0) {
            $isLoggedOut = TRUE;
        }
        return $isLoggedOut;
    }

Event id and rsvp server / domain need to be replaced. It is important to ensure the session id is handed over correctly; otherwise, the logout will not be successful and the guest still be logged in. This is, because the fluxcess rsvp server will end only the specified session, and will not end any session if none is specified.