ugh,
you see, the user can do something like this on the url,
http://www.mysite.com/showregkey?custom ... =123456789
for example before showregkey.php gets executed, i ask for a serial number from the customer so i could generate the registration key base from the serial number the customer has given.
problem is, something like that line above can happen... any idea? or should i just email registration key to the users? i wanted to do this so immedietly after paying, user can get it's registration key.
many thanks,
showing registration key to the user using in a php web page
Moderator: General Moderators
you can simply show the customer the serial number on a webpage after they signed up so they can write it down somewhere, and enter it in http://www.mysite.com/showregkey?custom ... =123456789, or u can make a link that sends directly to the page with the serial number in the address bar like this
hopws this helps. Make sure u are using a database if u want to save ther serial number so u can check it, Notheless, i recomend using a username/password method and a login in page.
Code: Select all
echo "<a href="www.mysite.com/showregkey?customer_serial_no=$serial_number">Click here to enter</a>";hi guys,
oke please let me explain in more detail...
i have a php page that generates the registration key base from the serial number the user has given on the registration form. let's call the registration form. reg.PHP
upon payment using the customer's credit card, he will be taken to another PHP page that shows it's registration key to unlock the software. let's call this PHP page, thankyou.PHP
now, that PHP page has an algorithm that generates the registration key base from the customer's serial number. For example i store the serial number on a variable/textfield called serial on reg.PHP.
now on thankyou.PHP, i used the serial number stored in serial that was taken from reg.PHP to product the registration key for the user,
now the smart users can simply do this on thankyou.php;
http://www.mysite.com/thankyou?serial=123456789
and they will get the registration key, thus, kinda like stealing registration keys without paying,
hope i explained well now,
oke please let me explain in more detail...
i have a php page that generates the registration key base from the serial number the user has given on the registration form. let's call the registration form. reg.PHP
upon payment using the customer's credit card, he will be taken to another PHP page that shows it's registration key to unlock the software. let's call this PHP page, thankyou.PHP
now, that PHP page has an algorithm that generates the registration key base from the customer's serial number. For example i store the serial number on a variable/textfield called serial on reg.PHP.
now on thankyou.PHP, i used the serial number stored in serial that was taken from reg.PHP to product the registration key for the user,
now the smart users can simply do this on thankyou.php;
http://www.mysite.com/thankyou?serial=123456789
and they will get the registration key, thus, kinda like stealing registration keys without paying,
hope i explained well now,
So the problem is, it's not secure.
If you have some registration values in the reg.php in cookies, and you check those in thankyou.php than the use must be a vailid user. I think.
Or you can not only give the serial, but allso a email adres to the link.
With those 2 you can send the regcode to the email adres and you will allwase have a vailid e-mail adres.
If you have some registration values in the reg.php in cookies, and you check those in thankyou.php than the use must be a vailid user. I think.
Or you can not only give the serial, but allso a email adres to the link.
With those 2 you can send the regcode to the email adres and you will allwase have a vailid e-mail adres.