Connecting to a remote website?
Moderator: General Moderators
Connecting to a remote website?
Hey there,
I want to allow my clients script to send information to my website (in this case the domain of the scritp and the lisence key) so that the script can check it and then return a value back to the cleints script.
How do you suggest I do this? I think I would also need to CMOD the script receiving the data right?
Thanks
Ben
I want to allow my clients script to send information to my website (in this case the domain of the scritp and the lisence key) so that the script can check it and then return a value back to the cleints script.
How do you suggest I do this? I think I would also need to CMOD the script receiving the data right?
Thanks
Ben
you could just send it via post or get
you might wanna fire off an email too,
in case thier host has url wrappers dissabled.
Code: Select all
<?php
$domain = $_SERVER['SERVER_NAME'];
$liscense_num = 'foobar123';
$url = "http://yourwebsite.com/collector.php?domain=$domain&liscense=$lisence_num";
$auth = @file_get_contents($url);
?>you might wanna fire off an email too,
in case thier host has url wrappers dissabled.
well, it going to be unlikely that a host does that. maybe a free host will, but its very limiting to thier users t do such a thing.
i think of heard of some host disabling url wrappers so that users sites cant be hacked by doing remote includes. im not sure if they can just restrict url wrappers for include, i would think they would have to dissable them altogether.
i know theres a setting in php.ini to dissalow url wrappers for fopen(), im not sure if that would affect file_get_contents, but i think it would/should.
ive never looked into this so i might be wrong.
but i think you need to realize that no matter what you do, it cannot always work.
user can and will circumvent your registration system if they have the source code.
that being said,
fsockopen() is prob your best bet. you can post data to another url w/ it.
theres example on how to do that on the php manual page for that function, and its been asked more than a few times here on this forum in the last wk, and examples were given. so doing a search on this forum for fsockopen should get you started.
it still might be possible url wrappers could affect fsockopen, like i said i havent looked into it.
i think of heard of some host disabling url wrappers so that users sites cant be hacked by doing remote includes. im not sure if they can just restrict url wrappers for include, i would think they would have to dissable them altogether.
i know theres a setting in php.ini to dissalow url wrappers for fopen(), im not sure if that would affect file_get_contents, but i think it would/should.
ive never looked into this so i might be wrong.
but i think you need to realize that no matter what you do, it cannot always work.
user can and will circumvent your registration system if they have the source code.
that being said,
fsockopen() is prob your best bet. you can post data to another url w/ it.
theres example on how to do that on the php manual page for that function, and its been asked more than a few times here on this forum in the last wk, and examples were given. so doing a search on this forum for fsockopen should get you started.
it still might be possible url wrappers could affect fsockopen, like i said i havent looked into it.
Thanks guys.
rehfeld, if that is true, how do you think most software developers get around that? There are a lot of scripts out their that require a liciense for it to work... I found this code that checks the licience for a script. They don't connect to their website:
Any thoughts?
rehfeld, if that is true, how do you think most software developers get around that? There are a lot of scripts out their that require a liciense for it to work... I found this code that checks the licience for a script. They don't connect to their website:
Code: Select all
<?php
define("C137e1bc1", "FF");
class FF_LICENSE
{
var $_users = 0;
var $_domain = "";
var $_expires = "";
var $_key = "";
function FF_LICENSE($Key)
{
$this->_key = $Key;
$this->F38ff71c2();
}
function F38ff71c2()
{
$this->_key = eregi_replace("-", "", $this->_key);
$this->_key = eregi_replace(sprintf("^%s", C137e1bc1), "", $this->_key);
$this->_key = urldecode($this->_key);
$this->_key = base64_decode($this->_key);
$arrData = explode("|", $this->_key);
$this->_users = (int)@$arrData[0];
$this->_domain = @$arrData[1];
$this->_expires = @$arrData[2];
}
function F2c222fe5()
{
return $this->_users;
}
function Fdea0676b()
{
return $this->_domain;
}
function F03133fc0()
{
return $this->_expires;
}
function Fc6558062()
{
$domain = $_SERVER["HTTP_HOST"];
if(md5($domain) == $this->Fdea0676b())
return true;
else
return false;
}
}
?>i thought you just wanted to find out who was using your scripts, i didnt realize your trying to protect them from being copied.
well, somewhere in your script you will need to call that class, and do something like
whats to stop me from removing those lines of code?
you can use encryption like zend encoder, which is pretty strong, but it can cracked,
someone can just write some code in C to make it spill php source if they really want to spend the time. (unlikely though, and wouldnt be easy)
zend encoder is very expensive too.
theres other cheaper alternatives, but at least the ones ive seen(i havent looked at many)
just mangle the source w/ lots of str_replace and for loops and then use eval(), which slows the scripts down alot,
no matter how fast they say it is.
im not saying not to use encryption,
if you really want to protect your scripts thats your best bet,
but they can be cracked(i cracked one in about 2 hours)
but the average user will probably never even try, and if they do may not be successfull unless they understand php well,
in which case, they may not even be using your script, but would be prob writing thier own scripts.
if you used a combination of the class you posted,
along w/ encryption your scripts would be pretty hard to steal,
but definately not impossible.
if you end up using encryption let me know,
send me an encrypted copy, i wanna see if i can crack it
(just for fun of course)
well, somewhere in your script you will need to call that class, and do something like
Code: Select all
if (!$FF_LISCENSE->authorized()) {
die('dont steal my script');
}whats to stop me from removing those lines of code?
you can use encryption like zend encoder, which is pretty strong, but it can cracked,
someone can just write some code in C to make it spill php source if they really want to spend the time. (unlikely though, and wouldnt be easy)
zend encoder is very expensive too.
theres other cheaper alternatives, but at least the ones ive seen(i havent looked at many)
just mangle the source w/ lots of str_replace and for loops and then use eval(), which slows the scripts down alot,
no matter how fast they say it is.
im not saying not to use encryption,
if you really want to protect your scripts thats your best bet,
but they can be cracked(i cracked one in about 2 hours)
but the average user will probably never even try, and if they do may not be successfull unless they understand php well,
in which case, they may not even be using your script, but would be prob writing thier own scripts.
if you used a combination of the class you posted,
along w/ encryption your scripts would be pretty hard to steal,
but definately not impossible.
if you end up using encryption let me know,
send me an encrypted copy, i wanna see if i can crack it
Thanks mate, yes I should have explained better but i thought that was the best way to do it.
That's interesting how it can so easily be hacked
The script I'm selling is sold to my customers who hardly know how to use a PC, so I won't have much problem regarding being hacked.
I had a squiz at the code I gave. How do I setup unique liciences? Does the code have the domain encrypted in the F38ff71c2() function or something? I see something that might tell something: C137e1bc1
Thanks for your input
Ben
That's interesting how it can so easily be hacked
The script I'm selling is sold to my customers who hardly know how to use a PC, so I won't have much problem regarding being hacked.
I had a squiz at the code I gave. How do I setup unique liciences? Does the code have the domain encrypted in the F38ff71c2() function or something? I see something that might tell something: C137e1bc1
Thanks for your input
Ben
did that class not come w/ instructions?
in concept, this is whats happening
when they buy the script, they must provide you w/ the domain name they will be using it on.
you then create a key based on this domain name, lets say md5
so if their domain was
example.com
you could create a key by doing
$key = md5('example.com');
then you need to hardcode that specific key into thier script for them
then, each time the script runs, it makes sure the keys match like so
that class is just doing something similar to this, and also does checks for expires and such
in concept, this is whats happening
when they buy the script, they must provide you w/ the domain name they will be using it on.
you then create a key based on this domain name, lets say md5
so if their domain was
example.com
you could create a key by doing
$key = md5('example.com');
then you need to hardcode that specific key into thier script for them
then, each time the script runs, it makes sure the keys match like so
Code: Select all
$key = 'your hardcoded key you generated when they purchased it';
if ($key != md5($_SERVER['SERVER_NAME'])) {
die('please contact foo software inc for liscence upgrade');
}that class is just doing something similar to this, and also does checks for expires and such