Simple activation system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Simple activation system

Post by Sindarin »

My idea would be a simple activation system for a program.
the user enters his/her serial number and accordingly when the form is submitted, it returns the right activation code back.

So we have: database.php which holds the activation codes and serials:

Code: Select all

<?php

//keys
$serialcode1="1kqwee";
$activcode1="1aaers";
$serialcode2="2rtyyr";
$activcode2="Sacfgd4";
$serialcode3="tefd34";
$activcode3="zdfrt21";


?>
and activate.php which is the action taken after the form submitted:

Code: Select all

<?php

include('database.php');

$getserial = $_POST['serial'];

if ($getserial==$serialcode1)
{
echo "<br><center>Your activation code is:<b> $activcode1</b>";
}
else
{
echo "<br><center><b>Serial not correct.</b><br><a href='javascript:history.back(-1)'>back</a>";
}

?>
now, how can I make it if the user puts serial no. 2 in the form, that activation code no. 2 is returned to him, no. 3 serial gets no. 3 activation etc.
Last edited by Sindarin on Wed Dec 05, 2007 5:22 am, edited 3 times in total.
User avatar
Inkyskin
Forum Contributor
Posts: 282
Joined: Mon Nov 19, 2007 10:15 am
Location: UK

Post by Inkyskin »

A database would be much easier for doing this - but since you are using static variables, I think an array might be better.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Post by Sindarin »

I know, but I am afraid to use a database... yet.
and I don't know how to use arrays... :oops: maybe an example?
devendra-m
Forum Contributor
Posts: 111
Joined: Wed Sep 12, 2007 3:16 am

Post by devendra-m »

database.php

Code: Select all

<?php

$serialcode=array('1kqwee'=>'1aaers','2rtyyr'=>'Sacfgd4','tefd34'=>'zdfrt21');

?>
activate.php

Code: Select all

<?php

include('database.php');

$getserial = $_POST['serial'];

if (trim($serialcode[$getserial ])!='')
{
echo "<br><center>Your activation code is:<b>". $serialcode[$getserial ]."</b>";
}
else
{
echo "<br><center><b>Serial not correct.</b><br><a href='javascript:history.back(-1)'>back</a>";
}

?>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

devendra-m wrote:database.php

Code: Select all

<?php



$getserial = $_POST['serial'];

if (trim($serialcode[$getserial ])!='')
{

?>
A couple problems with this code.

a) You do not check for the existance of $_POST['serial']
b) You do not properly check for the existance of your activation code

Code: Select all

$serialcode = array(
   '1kqwee'=> 	'1aaers',
   '2rtyyr' => 	'Sacfgd4',
   'tefd34' => 	'zdfrt21'
);

if (isset($_POST['serial']) && isset($serialcode[$serial])) {
   echo 'Your activation code is: '. $serialcode[$serial];
}
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Post by Chalks »

Sindarin wrote:I know, but I am afraid to use a database... yet.
I was too... but really, simple databases are _easy_. This is a very simple introduction to mysql databases that really made things easy for me. It's not super advanced, but it will get your feet wet. :)
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Post by Sindarin »

Thank you both! It works like a charm!

so if I also want to take into account the username as well, I would have to add more arguments right?

Code: Select all

if (isset($_POST['serial']) && isset($serialcode[$serial]) && isset($_POST['username']) && isset($username[$serial])
or I would have to use 2 arrays and compare them?
I was too... but really, simple databases are _easy_. This is a very simple introduction to mysql databases that really made things easy for me. It's not super advanced, but it will get your feet wet.
I have been told that their setup is not that easy, but I'll have to see into it eventually.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Break it down into a few simple steps:

1. Check the user is logged in (likely a given ;))
2. Check the form contents (contains serial number, and is valid, same for username)
3. Check the serial number is an existing one you know about.
4. Retrieve the matching activation code.
5. Display activation code to user.

Writing out the actual steps will make coding the process simpler.

Code: Select all

// serialCode => activationCode, or database data
$serialCodes = array(
    '1kqwee' => '1aaers',
    '2rtyyr' => 'Sacfgd4',
    'tefd34' => 'zdfrt21',
);

// check serial/username from form is clean (alphanumeric and existing)
// could shorten this using some functions to reuse validation checks
$clean = array();
if (isset($_POST['serial']) && !empty($_POST['serial']) && ctype_alnum($_POST['serial'])) {
    $clean['serial'] = $_POST['serial'];
} else {
    echo 'The serial code is invalid';
}
if (isset($_POST['username']) && !empty($_POST['username']) && ctype_alnum($_POST['username'])) {
    $clean['username'] = $_POST['username'];
} else {
    echo 'The username is invalid';
}

// only assign from clean data (looks long, but it's just a safe habit for security)
$serialCode = $clean['serial'];
$userName = $clean['username'];

// get the matching activation code if it exists and echo
$activationCode = '';
if (isset($serialCodes[$serialCode])) {
     echo $userName, ' , your activation code is: ', $serialCodes[$serialCode];
} else {
     echo 'No serial code is invalid';
}
I'd be careful about accepting the username from a form - make them login first otherwise users could pretend to be other users and steal everyones activation code by making brute force requests on a large collection of possible serial codes. If a user logs in, you could store their username in a PHP Session (e.g. $_SESSION['username']) which other users can't alter or edit (it's stored on the server). Lots of reading about Sessions and how great they are in the manual or online. If you have no login system, limit the number of attempts any one person can attempt (e.g. 5 attempts per IP and then force a half-hour/hour delay before anyone with that IP can try again).

Databases are pretty easy to setup. MySQL can be installed from a Linux package manager or tool like apt, and there's a Windows binary you can install in a few clicks. PhpMyAdmin is one of the best web based MySQL management tools - makes database management really simple, and you can install it on your development system. Follow up on the suggested tutorial and see how it goes :).
Post Reply