Jump to content

Please check my code - licence keys / domain check


Recommended Posts

Hi!

I want to add licence keys and domain checking to my scripts.  I will be encrypting my scripts with codelock, so its fairly safe that my clients won't be able to pull out the code.

To provide them with a licence key, they tell me their domain (in form of a URL).  I use the URL and the name of the script to create a unique licence key for them to use...

[code]// example data provided by client (they can also use an IP address)
$url = parse_url("http://www.example.com/etc");

$script_name = "my script name";

$host = $url['host'];

$hash = md5($host.$script_name);

// create a readable licence key with dashes separating sets of 4 characters
for ($i=0; $i<strlen($hash) / 4; $i++) {
$hash_pieces[] = substr($hash, $i*4, 4);
}
$licence_key = implode("-",$hash_pieces);

// in this example $licence_key is created as:
// 6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59
[/code]

Then within the script I check that the licence key is valid for the script name and domain on which they are running it...

[code]// example data provided by client (they enter their licence key to use the script)
$licence_key = "6a9d-17ac-d0e0-1610-c14c-ba1b-7e97-2a59";

$script_name = "my script name";

$domain = $_SERVER['SERVER_NAME'];
if (empty($domain)) $domain = $HTTP_SERVER_VARS['SERVER_NAME'];
$ip = $_SERVER['SERVER_ADDR'];
if (empty($ip)) $ip = $HTTP_SERVER_VARS['SERVER_ADDR'];

$hash_1 = md5($domain.$script_name);
$hash_2 = md5($ip.$script_name);

if ($domain == "localhost"
|| $hash_1==str_replace("-","",$licence_key)
|| $hash_2==str_replace("-","",$licence_key) )
{
// licence key okay - execute
} else {
// licence key not okay - don't execute
}[/code]


I'm also considering calving off the second half of the licence key, because security doesn't need to be that tight, 16 characters (plus dashes) should be more than enough.


Thanks in advance for any feedback you guys can provide!!!  ;D
A keygen just contains a list of known working keys, yes?

The code gets the domain on which the script is running (via $_SERVER['SERVER_NAME']) and this is used to form the licence key.  So I don't think a keygen could be used since the licence key is unique for each domain?
No. A keygen generates a serial/key that would work.

You need to keep the way you generate the key secret, so you could do this:

- User input serial in config file
- Each time the script is run it will open a connection to http://your-site.com/check_key.php?key=bla bla bla
- check_key.php on your server will check if the key is valid (and possibly if it is in your customer database). It will return e.g. 1 if it's valid and 0 if it isn't.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.