License System
Server (/server/index.php)
Now we have the client side sorted lets carry on with the development of the server side where we validate the license details received from the client against the SQL database.
To begin we will set-up the MySQL database and assign a user to it allowing full access to it. Then if you use phpMyAdmin as a GUI to administrate your MySQL server navigate to it and then choose the database you just created and then click the Import tab on the top of the page.
Download the SQL file above then choose the file you just downloaded then click import. This will create a MySQL table within the database called license with 5 fields. The ID field being the primary key and with auto increment enabled.
While we still have phpMyAdmin open we can insert a new row into the licenses table creating a key we can use to test the script once completed. To do this click the table name now visible on the left hand side in the navigation panel. On the top an insert tab will now be shown click it.
You can then fill in the fields the id value field should be left blank as this is automatically filled in. In my example I am using the settings for my website. The domain is the domain where the client script is hosted and the website_ip is the IP address of which the client’s website is hosted on. The status is usually always active unless you want to disable the license key obviously.
Then as before start by creating a new PHP page and opening the PHP tags.
if(!mysql_connect("DATABASE_HOSTNAME", "DATABASE_USERNAME", "DATABASE_PASSWORD")){
echo "Error: Connection To The MySQL Server Failed.";
}
if(!mysql_select_db("DATABASE_NAME")){
echo "Error: Unable To Select Database.";
}
First we must connect to the MySQL server, we do this using the code above. If we are unable to either connect to the MySQL server or connect to the chosen database then we echo out some error messages. Normally we would use an or die statement to stop the script from running. But because this page is being requested by the client stopping the execution of this page would also stop the execution of the client’s page. Therefore we will leave it up to the client to choose how to handle this error.
$required_keys = array("key", "domain", "website_ip");
Next we set some required fields that must be sent across in order to process the license.
foreach ($required_keys as $req_key)
{
if (array_key_exists($req_key, $_POST))
{
$sanitised[$req_key] = stripslashes(strip_tags($_POST[$req_key]));
}
else
{
echo "Error: " . $req_key . " missing from passed variables.";
break 1;
}
}
Here we go through each of the values in the $required_keys array and check if a key in the $_POST array exists with the same value using the array_key_exists function. If it does then it is sanitised by removing any tags and slashes added. This is then assigned to the $sanitised array. This process is then repeated for the remaining values in the $required_keys array. Should a key not be found then an error is reported back to the client.
$ret_db = mysql_query("SELECT * FROM `license` WHERE `key` = '" .
mysql_real_escape_string($sanitised['key']) . "' && `domain` = '" .
mysql_real_escape_string($sanitised['domain']) . "' && `website_ip` = '" .
mysql_real_escape_string($sanitised['website_ip']) . "' LIMIT 0,1");
Next we will run a query against the license table checking for a row that matches the details given. We are attaching the function mysql_real_escape_string to any variables implemented within our query this is to help prevent SQL injection into the query.
if (mysql_num_rows($ret_db) == "0")
{
echo "Invalid Details.";
}
else
{
Here we check if a row is pulled from the database. If no rows are pulled then we echo an error Invalid Details message. If a row is available then we carry on.
$retdb = mysql_fetch_array($ret_db);
if ($retdb['status'] == "active")
{
echo "1";
}
else
{
Next we retrieve the fields from the table and check if the row’s status field is shown as active. If it is then we return a 1 to the client signalling that the license is valid. If it is not active then we carry on.
if ($retdb['status'] == "inactive")
{
echo "Details Valid, License Status Inactive.";
}
else
{
echo "Details Valid, License Status Unknown.";
}
}
}
If the status is inactive then we return the inactive error message, otherwise we return a global error message as we do not know what other status it is set to.
You have now completed the server page. You should end up with something similar to this.
<?php
if(!mysql_connect("DATABASE_HOSTNAME", "DATABASE_USERNAME", "DATABASE_PASSWORD")){
echo "Error: Connection To The MySQL Server Failed.";
}
if(!mysql_select_db("DATABASE_NAME")){
echo "Error: Unable To Select Database.";
}
$required_keys = array("key", "domain", "website_ip");
foreach ($required_keys as $req_key)
{
if (array_key_exists($req_key, $_POST))
{
$sanitised[$req_key] = stripslashes(strip_tags($_POST[$req_key]));
}
else
{
echo "Error: " . $req_key . " missing from passed variables.";
break 1;
}
}
$ret_db = mysql_query("SELECT * FROM `license` WHERE `key` = '" .
mysql_real_escape_string($sanitised['key']) . "' && `domain` = '" .
mysql_real_escape_string($sanitised['domain']) . "' && `website_ip` = '" .
mysql_real_escape_string($sanitised['website_ip']) . "' ORDER BY `id` DESC LIMIT 0,1");
if (mysql_num_rows($ret_db) == "0")
{
echo "Invalid Details.";
}
else
{
$retdb = mysql_fetch_array($ret_db);
if ($retdb['status'] == "active")
{
echo "1";
}
else
{
if ($retdb['status'] == "inactive")
{
echo "Details Valid, License Status Inactive.";
}
else
{
echo "Details Valid, License Status Unknown.";
}
}
}
?>
Thank you for reading this tutorial, Please if you have a couple seconds please rate this tutorial using the 5 stars at the top of this page.
Pages: 1 2
Leave a Reply
You must be logged in to post a comment.
