Jump to content

Archived

This topic is now archived and is closed to further replies.

jezari

Please check my code - licence keys / domain check

Recommended Posts

Hi!

I want to add licence keys and domain checking to my scripts.  I will be encrypting my scripts with codelock, so its fairly safe that my clients won't be able to pull out the code.

To provide them with a licence key, they tell me their domain (in form of a URL).  I use the URL and the name of the script to create a unique licence key for them to use...

[code]// example data provided by client (they can also use an IP address)
$url = parse_url("http://www.example.com/etc");

$script_name = "my script name";

$host = $url['host'];

$hash = md5($host.$script_name);

// create a readable licence key with dashes separating sets of 4 characters
for ($i=0; $i<strlen($hash) / 4; $i++) {
$hash_pieces[] = substr($hash, $i*4, 4);
}
$licence_key = implode("-",$hash_pieces);

// in this example $licence_key is created as:
// 6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59
[/code]

Then within the script I check that the licence key is valid for the script name and domain on which they are running it...

[code]// example data provided by client (they enter their licence key to use the script)
$licence_key = "6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59";

$script_name = "my script name";

$domain = $_SERVER['SERVER_NAME'];
if (empty($domain)) $domain = $HTTP_SERVER_VARS['SERVER_NAME'];
$ip = $_SERVER['SERVER_ADDR'];
if (empty($ip)) $ip = $HTTP_SERVER_VARS['SERVER_ADDR'];

$hash_1 = md5($domain.$script_name);
$hash_2 = md5($ip.$script_name);

if ($domain == "localhost"
|| $hash_1==str_replace("-","",$licence_key)
|| $hash_2==str_replace("-","",$licence_key) )
{
// licence key okay - execute
} else {
// licence key not okay - don't execute
}[/code]


I'm also considering calving off the second half of the licence key, because security doesn't need to be that tight, 16 characters (plus dashes) should be more than enough.


Thanks in advance for any feedback you guys can provide!!!  ;D

Share this post


Link to post
Share on other sites
I guess it would work. But it would be very easy to make a key generator and thereby be able to register the script without a serial from you.

Share this post


Link to post
Share on other sites
A keygen just contains a list of known working keys, yes?

The code gets the domain on which the script is running (via $_SERVER['SERVER_NAME']) and this is used to form the licence key.  So I don't think a keygen could be used since the licence key is unique for each domain?

Share this post


Link to post
Share on other sites
No. A keygen generates a serial/key that would work.

You need to keep the way you generate the key secret, so you could do this:

- User input serial in config file
- Each time the script is run it will open a connection to http://your-site.com/check_key.php?key=bla bla bla
- check_key.php on your server will check if the key is valid (and possibly if it is in your customer database). It will return e.g. 1 if it's valid and 0 if it isn't.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.