Page 1 of 1

Simple activation system

Posted: Wed Dec 05, 2007 5:12 am
by Sindarin
My idea would be a simple activation system for a program.
the user enters his/her serial number and accordingly when the form is submitted, it returns the right activation code back.

So we have: database.php which holds the activation codes and serials:

Code: Select all

<?php

//keys
$serialcode1="1kqwee";
$activcode1="1aaers";
$serialcode2="2rtyyr";
$activcode2="Sacfgd4";
$serialcode3="tefd34";
$activcode3="zdfrt21";


?>
and activate.php which is the action taken after the form submitted:

Code: Select all

<?php

include('database.php');

$getserial = $_POST['serial'];

if ($getserial==$serialcode1)
{
echo "<br><center>Your activation code is:<b> $activcode1</b>";
}
else
{
echo "<br><center><b>Serial not correct.</b><br><a href='javascript:history.back(-1)'>back</a>";
}

?>
now, how can I make it if the user puts serial no. 2 in the form, that activation code no. 2 is returned to him, no. 3 serial gets no. 3 activation etc.

Posted: Wed Dec 05, 2007 5:14 am
by Inkyskin
A database would be much easier for doing this - but since you are using static variables, I think an array might be better.

Posted: Wed Dec 05, 2007 5:19 am
by Sindarin
I know, but I am afraid to use a database... yet.
and I don't know how to use arrays... :oops: maybe an example?

Posted: Wed Dec 05, 2007 6:18 am
by devendra-m
database.php

Code: Select all

<?php

$serialcode=array('1kqwee'=>'1aaers','2rtyyr'=>'Sacfgd4','tefd34'=>'zdfrt21');

?>
activate.php

Code: Select all

<?php

include('database.php');

$getserial = $_POST['serial'];

if (trim($serialcode[$getserial ])!='')
{
echo "<br><center>Your activation code is:<b>". $serialcode[$getserial ]."</b>";
}
else
{
echo "<br><center><b>Serial not correct.</b><br><a href='javascript:history.back(-1)'>back</a>";
}

?>

Posted: Wed Dec 05, 2007 3:01 pm
by John Cartwright
devendra-m wrote:database.php

Code: Select all

<?php



$getserial = $_POST['serial'];

if (trim($serialcode[$getserial ])!='')
{

?>
A couple problems with this code.

a) You do not check for the existance of $_POST['serial']
b) You do not properly check for the existance of your activation code

Code: Select all

$serialcode = array(
   '1kqwee'=> 	'1aaers',
   '2rtyyr' => 	'Sacfgd4',
   'tefd34' => 	'zdfrt21'
);

if (isset($_POST['serial']) && isset($serialcode[$serial])) {
   echo 'Your activation code is: '. $serialcode[$serial];
}

Posted: Wed Dec 05, 2007 9:35 pm
by Chalks
Sindarin wrote:I know, but I am afraid to use a database... yet.
I was too... but really, simple databases are _easy_. This is a very simple introduction to mysql databases that really made things easy for me. It's not super advanced, but it will get your feet wet. :)

Posted: Thu Dec 06, 2007 9:35 am
by Sindarin
Thank you both! It works like a charm!

so if I also want to take into account the username as well, I would have to add more arguments right?

Code: Select all

if (isset($_POST['serial']) && isset($serialcode[$serial]) && isset($_POST['username']) && isset($username[$serial])
or I would have to use 2 arrays and compare them?
I was too... but really, simple databases are _easy_. This is a very simple introduction to mysql databases that really made things easy for me. It's not super advanced, but it will get your feet wet.
I have been told that their setup is not that easy, but I'll have to see into it eventually.

Posted: Thu Dec 06, 2007 10:13 am
by Maugrim_The_Reaper
Break it down into a few simple steps:

1. Check the user is logged in (likely a given ;))
2. Check the form contents (contains serial number, and is valid, same for username)
3. Check the serial number is an existing one you know about.
4. Retrieve the matching activation code.
5. Display activation code to user.

Writing out the actual steps will make coding the process simpler.

Code: Select all

// serialCode => activationCode, or database data
$serialCodes = array(
    '1kqwee' => '1aaers',
    '2rtyyr' => 'Sacfgd4',
    'tefd34' => 'zdfrt21',
);

// check serial/username from form is clean (alphanumeric and existing)
// could shorten this using some functions to reuse validation checks
$clean = array();
if (isset($_POST['serial']) && !empty($_POST['serial']) && ctype_alnum($_POST['serial'])) {
    $clean['serial'] = $_POST['serial'];
} else {
    echo 'The serial code is invalid';
}
if (isset($_POST['username']) && !empty($_POST['username']) && ctype_alnum($_POST['username'])) {
    $clean['username'] = $_POST['username'];
} else {
    echo 'The username is invalid';
}

// only assign from clean data (looks long, but it's just a safe habit for security)
$serialCode = $clean['serial'];
$userName = $clean['username'];

// get the matching activation code if it exists and echo
$activationCode = '';
if (isset($serialCodes[$serialCode])) {
     echo $userName, ' , your activation code is: ', $serialCodes[$serialCode];
} else {
     echo 'No serial code is invalid';
}
I'd be careful about accepting the username from a form - make them login first otherwise users could pretend to be other users and steal everyones activation code by making brute force requests on a large collection of possible serial codes. If a user logs in, you could store their username in a PHP Session (e.g. $_SESSION['username']) which other users can't alter or edit (it's stored on the server). Lots of reading about Sessions and how great they are in the manual or online. If you have no login system, limit the number of attempts any one person can attempt (e.g. 5 attempts per IP and then force a half-hour/hour delay before anyone with that IP can try again).

Databases are pretty easy to setup. MySQL can be installed from a Linux package manager or tool like apt, and there's a Windows binary you can install in a few clicks. PhpMyAdmin is one of the best web based MySQL management tools - makes database management really simple, and you can install it on your development system. Follow up on the suggested tutorial and see how it goes :).