Break it down into a few simple steps:
1. Check the user is logged in (likely a given

)
2. Check the form contents (contains serial number, and is valid, same for username)
3. Check the serial number is an existing one you know about.
4. Retrieve the matching activation code.
5. Display activation code to user.
Writing out the actual steps will make coding the process simpler.
Code: Select all
// serialCode => activationCode, or database data
$serialCodes = array(
'1kqwee' => '1aaers',
'2rtyyr' => 'Sacfgd4',
'tefd34' => 'zdfrt21',
);
// check serial/username from form is clean (alphanumeric and existing)
// could shorten this using some functions to reuse validation checks
$clean = array();
if (isset($_POST['serial']) && !empty($_POST['serial']) && ctype_alnum($_POST['serial'])) {
$clean['serial'] = $_POST['serial'];
} else {
echo 'The serial code is invalid';
}
if (isset($_POST['username']) && !empty($_POST['username']) && ctype_alnum($_POST['username'])) {
$clean['username'] = $_POST['username'];
} else {
echo 'The username is invalid';
}
// only assign from clean data (looks long, but it's just a safe habit for security)
$serialCode = $clean['serial'];
$userName = $clean['username'];
// get the matching activation code if it exists and echo
$activationCode = '';
if (isset($serialCodes[$serialCode])) {
echo $userName, ' , your activation code is: ', $serialCodes[$serialCode];
} else {
echo 'No serial code is invalid';
}
I'd be careful about accepting the username from a form - make them login first otherwise users could pretend to be other users and steal everyones activation code by making brute force requests on a large collection of possible serial codes. If a user logs in, you could store their username in a PHP Session (e.g. $_SESSION['username']) which other users can't alter or edit (it's stored on the server). Lots of reading about Sessions and how great they are in the manual or online. If you have no login system, limit the number of attempts any one person can attempt (e.g. 5 attempts per IP and then force a half-hour/hour delay before anyone with that IP can try again).
Databases are pretty easy to setup. MySQL can be installed from a Linux package manager or tool like apt, and there's a Windows binary you can install in a few clicks. PhpMyAdmin is one of the best web based MySQL management tools - makes database management really simple, and you can install it on your development system. Follow up on the suggested tutorial and see how it goes

.