Jump to content

License Add-on Local Key Enabled?

dglynch

By dglynch
in Developer Corner

 Share

Recommended Posts

dglynch Junior Member

dglynch

Posted
Posted

Hey everyone,

 

I am by no means a php developer, but I wanted to create some php projects which after months and great friends I have. I purchase the license add on a while ago and pretty much threw it in the code as in the sample. It worked great because I set up the project and not the end user. I am now releasing my project to the public but I can't manually install and encode everyone's site so I knew I now needed to get the code refined. I think I have done it (after all it works) but when reviewing the licensing manager logs I noticed that every time the project page was refreshed it hit my server (The last access field in the Manage License Key page).

 

After careful reviewing of the code I found:

 

$localkeyvalid = false;

 

I thought hmmm can hurt to try it and I changed it to true. Now it does seem to check the local flat file I have the holds the hash.

 

After this is all done I have two questions:

 

1.)Did I really enable it to check the local hash first then if that is invalid the actual key file?

2.)How do I check if my code is working if my server goes down?

 

I am also willing to show code snippets if anyone wants help to use flat files for the add-on. I know I used about 6 different website to gather and piece the information I needed together.

0
Link to comment
Share on other sites
dglynch Junior Member

dglynch

Posted
  • Author
Posted

Ok so I messed something up. By changing the false to a true I basically sabotaged the entire license check system. It bypassed check the server altogether is what it did because it always assumed the local hash was valid even if it really was not.

 

I still have a dilema, the server is being checked EVERY TIME a page loads. I thought the purpose of the local hash was to prevent this?

0
Link to comment
Share on other sites
jclarke Senior Member

jclarke

Posted
Posted

If you used the sample code provided with the licensing add on, it first checks to see if the local key is valid and it will skip checking the remote key if it is.

 

It sounds like you have an issue with your local key, it is not being stored or passed properly to your check license function. If you post how you are storing and retrieving the local key we might be able to see what is causing the issue.

0
Link to comment
Share on other sites
dglynch Junior Member

dglynch

Posted
  • Author
Posted

Flat files, just plan .txt using get_file_contents and put_file.

 

 

function check_license($licensekey,$localkey="") {
   $whmcsurl = "http://www.abc.com/whmcs/";
   $licensing_secret_key = "secretkey1234"; # Unique value, should match what is set in the product configuration for MD5 Hash Verification
   $check_token = time().md5(mt_rand(1000000000,9999999999).$licensekey);
   $checkdate = date("Ymd"); # Current date
   $usersip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR'];
   $localkeydays = 15; # How long the local key is valid for in between remote checks
   $allowcheckfaildays = 5; # How many days to allow after local key expiry before blocking access if connection cannot be made
   $localkeyvalid = false;
   if ($localkey) {
       $localkey = str_replace("\n",'',$localkey); # Remove the line breaks
   $localdata = substr($localkey,0,strlen($localkey)-32); # Extract License Data
   $md5hash = substr($localkey,strlen($localkey)-32); # Extract MD5 Hash
       if ($md5hash==md5($localdata.$licensing_secret_key)) {
           $localdata = strrev($localdata); # Reverse the string
       $md5hash = substr($localdata,0,32); # Extract MD5 Hash
       $localdata = substr($localdata,32); # Extract License Data
       $localdata = base64_decode($localdata);
       $localkeyresults = unserialize($localdata);
           $originalcheckdate = $localkeyresults["checkdate"];
           if ($md5hash==md5($originalcheckdate.$licensing_secret_key)) {
               $localexpiry = date("Ymd",mktime(0,0,0,date("m"),date("d")-$localkeydays,date("Y")));
               if ($originalcheckdate>$localexpiry) {
                   $localkeyvalid = true;
                   $results = $localkeyresults;
                   $validdomains = explode(",",$results["validdomain"]);
                   if (!in_array($_SERVER['SERVER_NAME'], $validdomains)) {
                       $localkeyvalid = false;
                       $localkeyresults["status"] = "Invalid";
                       $results = array();
                   }
                   $validips = explode(",",$results["validip"]);
                   if (!in_array($usersip, $validips)) {
                       $localkeyvalid = false;
                       $localkeyresults["status"] = "Invalid";
                       $results = array();
                   }
                   if ($results["validdirectory"]!=dirname(__FILE__)) {
                       $localkeyvalid = false;
                       $localkeyresults["status"] = "Invalid";
                       $results = array();
                   }
               }
           }
       }
   }
   if (!$localkeyvalid) {
       $postfields["licensekey"] = $licensekey;
       $postfields["domain"] = $_SERVER['SERVER_NAME'];
       $postfields["ip"] = $usersip;
       $postfields["dir"] = dirname(__FILE__);
       if ($check_token) $postfields["check_token"] = $check_token;
       if (function_exists("curl_exec")) {
           $ch = curl_init();
           curl_setopt($ch, CURLOPT_URL, $whmcsurl."modules/servers/licensing/verify.php");
           curl_setopt($ch, CURLOPT_POST, 1);
           curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
           curl_setopt($ch, CURLOPT_TIMEOUT, 30);
           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
           $data = curl_exec($ch);
           curl_close($ch);
       } else {
           $fp = fsockopen($whmcsurl, 80, $errno, $errstr, 5);
         if ($fp) {
           $querystring = "";
               foreach ($postfields AS $k=>$v) {
                   $querystring .= "$k=".urlencode($v)."&";
               }
               $header="POST ".$whmcsurl."modules/servers/licensing/verify.php HTTP/1.0\r\n";
           $header.="Host: ".$whmcsurl."\r\n";
           $header.="Content-type: application/x-www-form-urlencoded\r\n";
           $header.="Content-length: ".@strlen($querystring)."\r\n";
           $header.="Connection: close\r\n\r\n";
           $header.=$querystring;
           $data="";
           @stream_set_timeout($fp, 20);
           @fputs($fp, $header);
           $status = @socket_get_status($fp);
           while (!@feof($fp)&&$status) {
               $data .= @fgets($fp, 1024);
             $status = @socket_get_status($fp);
           }
           @fclose ($fp);
           }
       }
       if (!$data) {
           $localexpiry = date("Ymd",mktime(0,0,0,date("m"),date("d")-($localkeydays+$allowcheckfaildays),date("Y")));
           if ($originalcheckdate>$localexpiry) {
               $results = $localkeyresults;
           } else {
               $results["status"] = "Invalid";
               $results["description"] = "Remote Check Failed";
               return $results;
           }
       } else {
           preg_match_all('/<(.*?)>([^<]+)<\/\\1>/i', $data, $matches);
           $results = array();
           foreach ($matches[1] AS $k=>$v) {
               $results[$v] = $matches[2][$k];
           }
       }
       if ($results["md5hash"]) {
           if ($results["md5hash"]!=md5($licensing_secret_key.$check_token)) {
               $results["status"] = "Invalid";
               $results["description"] = "MD5 Checksum Verification Failed";
               return $results;
           }
       }
       if ($results["status"]=="Active") {
           $results["checkdate"] = $checkdate;
           $data_encoded = serialize($results);
           $data_encoded = base64_encode($data_encoded);
           $data_encoded = md5($checkdate.$licensing_secret_key).$data_encoded;
           $data_encoded = strrev($data_encoded);
           $data_encoded = $data_encoded.md5($data_encoded.$licensing_secret_key);
           $data_encoded = wordwrap($data_encoded,80,"\n",true);
           $results["localkey"] = $data_encoded;
       }
       $results["remotecheck"] = true;
   }
   unset($postfields,$data,$matches,$whmcsurl,$licensing_secret_key,$checkdate,$usersip,$localkeydays,$allowcheckfaildays,$md5hash);
   return $results;
}

// End Check Function

# Get Variables from storage (retrieve from wherever it's stored - DB, file, etc...)

$licensekey = file_get_contents("./templates/templatename/key.txt");
$localkey = file_get_contents("./templates/templatename/localhash.txt");


$results = check_license($licensekey,$localkey);

if ($results["status"]=="Active") {
   # Allow Script to Run
   if ($results["localkey"]) {
       # Save Updated Local Key to DB or File
       $localkeydata = $results["localkey"];
   }
} elseif ($results["status"]=="Invalid") {
   die('License could not be verified, please contact us for assistance.');
} elseif ($results["status"]=="Expired") {
   die('License could not be verified, please contact us for assistance.');
} elseif ($results["status"]=="Suspended") {
   die('License could not be verified, please contact us for assistance.');
}
$fileput = './templates/templatename/localhash.txt';

file_put_contents($fileput, $localkeydata);

 

I have also tried to put

 

$localkey = file_get_contents("./templates/templatename/localhash.txt");

 

before the license check and it is still a no go. Now if I go into the localhash.txt all the proper information is in there. I can delete it, save and refresh the index page (where the license check is) and the localhash comes back. So I know its something stupid I am over looking to check the license first.

0
Link to comment
Share on other sites
jclarke Senior Member

jclarke

Posted
Posted

The problem is $results["localkey"] only returns a value if a new localkey is returned by check_license function. If the localkey is valid it doesn't return the localkey value again. So when you do file_put_contents($fileput, $localkeydata) every time, it overwrites the local key with a blank value on the second request.

 

The fix would be to only save the localkey file when a localkey is returned:

 

if ($results["status"]=="Active") {
   # Allow Script to Run
   if ($results["localkey"]) {
       # Save Updated Local Key to DB or File
       $localkeydata = $results["localkey"];
       $fileput = 'localhash.txt';
       file_put_contents($fileput, $localkeydata);
   }
} elseif ($results["status"]=="Invalid") {
   die('License could not be verified, please contact us for assistance.');
} elseif ($results["status"]=="Expired") {
   die('License could not be verified, please contact us for assistance.');
} elseif ($results["status"]=="Suspended") {
   die('License could not be verified, please contact us for assistance.');
}

0
Link to comment
Share on other sites
  • 1 month later...
dglynch Junior Member

dglynch

Posted
  • Author
Posted

Thanks so much Joe, I have had a busy month and I am just now getting to view this thread but it worked perfect! I can't thank you enough!!!!!

 

Is there a way to mark this as "solved" or give you some type of kudos or a thank you?

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept