TalkPHP - View Single Post

ReSpawN · 12-11-2007, 07:43 PM

I've been working on a similar script for over a week now. I've created a complete page which stores all the keys I am releasing for my CMS. Over a 100 of them. All randomly base64_ and url_ encoded. For short, it generates and exports a complete list of jibberish. Then, a build in security feature in my CMS decodes the entire file using;

PHP Code:


			
$license = file_get_contents('licensefile');

Next, it checks through eregi (simply because it's insensitive) if, in a for loop, the key is present in the main file.

Now, I know this is not 100% hackproof, but we're getting there. At first, I was thinking of integrating a serial (into my CMS) and then making an external connection to my personal database (phpMyAdmin). Since that is not allowed by a BUNCH of hosts, I can not remotely deactivate or remove a serial. Next to that, what IF my host goes down? Then I'll be spammed with now over a dozen of users complaining why their copy of my CMS isn't working (since it's linked to my database). Customer is always king, so I have to make them happy again, thus giving them something for free.

"Humanity loves the word FREE."

I am linking the perspective Wildhoney has on this one. eval(uating) the script localy (server-side) on the remote host. My site that is. Now it is not even that safe because the only thing to do is export a value or boolean and tell the script it can go on processing the data.

The system we use, Shoppa, uses licenses as well. For modules and the complete CMS. It can be turned of remotely using the "mother of Shoppa's", the core. Simply clicking the green 'V' turns it off. And of course the red 'X' turns it on again. Thats also one way to do it.

This has been a complication for me and others for a long time but we're getting there.

12-11-2007, 07:43 PM	#3 (permalink)
ReSpawN The Frequenter Join Date: Nov 2007 Location: Netherlands Posts: 460 Thanks: 49	I've been working on a similar script for over a week now. I've created a complete page which stores all the keys I am releasing for my CMS. Over a 100 of them. All randomly base64_ and url_ encoded. For short, it generates and exports a complete list of jibberish. Then, a build in security feature in my CMS decodes the entire file using; PHP Code: `$license = file_get_contents('licensefile');` Next, it checks through eregi (simply because it's insensitive) if, in a for loop, the key is present in the main file. Now, I know this is not 100% hackproof, but we're getting there. At first, I was thinking of integrating a serial (into my CMS) and then making an external connection to my personal database (phpMyAdmin). Since that is not allowed by a BUNCH of hosts, I can not remotely deactivate or remove a serial. Next to that, what IF my host goes down? Then I'll be spammed with now over a dozen of users complaining why their copy of my CMS isn't working (since it's linked to my database). Customer is always king, so I have to make them happy again, thus giving them something for free. "Humanity loves the word FREE." I am linking the perspective Wildhoney has on this one. eval(uating) the script localy (server-side) on the remote host. My site that is. Now it is not even that safe because the only thing to do is export a value or boolean and tell the script it can go on processing the data. The system we use, Shoppa, uses licenses as well. For modules and the complete CMS. It can be turned of remotely using the "mother of Shoppa's", the core. Simply clicking the green 'V' turns it off. And of course the red 'X' turns it on again. Thats also one way to do it. This has been a complication for me and others for a long time but we're getting there.