showing registration key to the user using in a php web page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mickey
Forum Newbie
Posts: 24
Joined: Thu May 01, 2003 11:14 am
Location: Philippines

showing registration key to the user using in a php web page

Post by mickey »

ugh,

you see, the user can do something like this on the url,

http://www.mysite.com/showregkey?custom ... =123456789

for example before showregkey.php gets executed, i ask for a serial number from the customer so i could generate the registration key base from the serial number the customer has given.


problem is, something like that line above can happen... any idea? or should i just email registration key to the users? i wanted to do this so immedietly after paying, user can get it's registration key.

many thanks,
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

please explain in more detail.
I might be dumb but I don't get the point ;)
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

Post by nincha »

you can simply show the customer the serial number on a webpage after they signed up so they can write it down somewhere, and enter it in http://www.mysite.com/showregkey?custom ... =123456789, or u can make a link that sends directly to the page with the serial number in the address bar like this

Code: Select all

echo "<a href="www.mysite.com/showregkey?customer_serial_no=$serial_number">Click here to enter</a>";
hopws this helps. Make sure u are using a database if u want to save ther serial number so u can check it, Notheless, i recomend using a username/password method and a login in page.
mickey
Forum Newbie
Posts: 24
Joined: Thu May 01, 2003 11:14 am
Location: Philippines

Post by mickey »

hi guys,

oke please let me explain in more detail...

i have a php page that generates the registration key base from the serial number the user has given on the registration form. let's call the registration form. reg.PHP

upon payment using the customer's credit card, he will be taken to another PHP page that shows it's registration key to unlock the software. let's call this PHP page, thankyou.PHP

now, that PHP page has an algorithm that generates the registration key base from the customer's serial number. For example i store the serial number on a variable/textfield called serial on reg.PHP.

now on thankyou.PHP, i used the serial number stored in serial that was taken from reg.PHP to product the registration key for the user,

now the smart users can simply do this on thankyou.php;
http://www.mysite.com/thankyou?serial=123456789

and they will get the registration key, thus, kinda like stealing registration keys without paying,

hope i explained well now,
[]InTeR[]
Forum Regular
Posts: 416
Joined: Thu Apr 24, 2003 6:51 am
Location: The Netherlands

Post by []InTeR[] »

So the problem is, it's not secure.

If you have some registration values in the reg.php in cookies, and you check those in thankyou.php than the use must be a vailid user. I think.

Or you can not only give the serial, but allso a email adres to the link.
With those 2 you can send the regcode to the email adres and you will allwase have a vailid e-mail adres.
Post Reply