Hi! I want to add licence keys and domain checking to my scripts. I will be encrypting my scripts with codelock, so its fairly safe that my clients won't be able to pull out the code. To provide them with a licence key, they tell me their domain (in form of a URL). I use the URL and the name of the script to create a unique licence key for them to use... [code]// example data provided by client (they can also use an IP address) $url = parse_url("http://www.example.com/etc"); $script_name = "my script name"; $host = $url['host']; $hash = md5($host.$script_name); // create a readable licence key with dashes separating sets of 4 characters for ($i=0; $i<strlen($hash) / 4; $i++) { $hash_pieces[] = substr($hash, $i*4, 4); } $licence_key = implode("-",$hash_pieces); // in this example $licence_key is created as: // 6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59 [/code] Then within the script I check that the licence key is valid for the script name and domain on which they are running it... [code]// example data provided by client (they enter their licence key to use the script) $licence_key = "6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59"; $script_name = "my script name"; $domain = $_SERVER['SERVER_NAME']; if (empty($domain)) $domain = $HTTP_SERVER_VARS['SERVER_NAME']; $ip = $_SERVER['SERVER_ADDR']; if (empty($ip)) $ip = $HTTP_SERVER_VARS['SERVER_ADDR']; $hash_1 = md5($domain.$script_name); $hash_2 = md5($ip.$script_name); if ($domain == "localhost" || $hash_1==str_replace("-","",$licence_key) || $hash_2==str_replace("-","",$licence_key) ) { // licence key okay - execute } else { // licence key not okay - don't execute }[/code] I'm also considering calving off the second half of the licence key, because security doesn't need to be that tight, 16 characters (plus dashes) should be more than enough. Thanks in advance for any feedback you guys can provide!!! ;D