Post: Licensing System
12-25-2015, 04:08 AM #1
Passion
League Champion
(adsbygoogle = window.adsbygoogle || []).push({}); I'm slowly starting to understand and learn PHP/SQL so i wrote up this licensing system.

Basically what this does is uses an api to check if the key is valid or not.

Features:
Login with license key.
View content for people that are logged in only.
Logout.
API System
Check if key is valid

Images:

You must login or register to view this content.
You must login or register to view this content.


Installation:

Upload the SQL file to PHPMyAdmin.
Make sure to edit the db.php file in /inc with your database details.
[/SIZE]

Download:

You must login or register to view this content.


Tiphat
Last edited by Passion ; 03-04-2016 at 02:33 PM.

The following 5 users say thank you to Passion for this useful post:

Helping-Hand, Dan, Pianist Prodigy, Specter, Sturmi :3
12-25-2015, 08:45 AM #2
Dan
I'm a god.
This is a nice start, checked it out and it's not bad for starting.

Few notes, probably easier to read in an actual editor..
Code does work, tested it on localhost.
Removed styling for less characters, etc.
index.php:
If I forgot anything or you have a question quote or PM me.
    
<?php
session_start(); // better to use session_start() at top
$paginaname = 'Home'; // not sure what this is, removed it
include 'header.php'; // The following file is missing, not sure if it's supposed to be in the download or not.
include 'api.php'; // You'll see why I did this later on.
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Licensing System</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="theme/bootstrap.css" media="screen">
<link rel="stylesheet" href="theme/usebootstrap.css">
<link rel="shortcut icon" type="image/png" href="https://www.nextgenupdate.com/forums/images/smilies/wat.png"/>
</head>
<body>
<div class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<a href="" class="navbar-brand">Passion</a>
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#navbar-main">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="navbar-collapse collapse" id="navbar-main">

<ul class="nav navbar-nav">
<li><a href="index.php">Home</a></li>
<li><a href="api.php">API</a></li>
<li><a href="check.php">Check</a></li>
</ul>

</div>
</div>
</div>
<div class="container">
<div class="row">
<div class='col-md-3'></div>
<div class="col-md-6">
<div class="login-box well">
<?php
if(isset($_POST['submit'])){
$key = strtolower($_POST['password']); // changed the variable $password to $key for the function, though you can use $password, just change it in the function.
strtolower($key); // moved this to the above, less lines, etc
if(empty($key)){ // instead of $password == '', just use empty(), like in api.php
echo "Please enter a key.";
} else
{
$ip = include "https://localhost/api.php?key={$password}"; // Removed this.
if (getKey($key)) // You'll see why I changed this in api.php, and this is why we included api.php at the top, so it knows where the function is.
{
$_SESSION['password'] = $key;
}
else {
echo '<div class="alert alert-dismissable alert-danger">
<button type="button" class="close" data-dismiss="alert">×</button>
Key is invalid.
</div>';
}

}

}
?>
<form method="post">
<legend><?php echo isset($_SESSION['password']);// if $_SESSION['password'] isn't set, it'll throw an error.. There's two possible ways to fix this. 1) Disable PHP errors (cheap way). 2) Add the function isset(), what this does is check if the session is set, if not then it won't echo anything.
echo isset($error); // this is why we made the invalid key statemant a variable.
?></legend>
<div class="form-group">
<label for="password">License KEY</label>
<input id="password" name="password" placeholder="Password" type="text" class="form-control" autocomplete="off" required /> // this is now required and doesn't show past entries
</div>
<div class="form-group">
<input type="submit" name="submit" class="btn btn-info btn-lg btn-block" value="Login" />
<center><?php if (isset($_SESSION['password'])) { echo 'Logged in'; } else { echo 'Please log in'; } ?></center>
</div>
</form>

</div>
</div>
</div>
</div>


<script src="https://code.jquery.com/jquery-1.10.2.min.js"></script>
<script src="bootstrap/bootstrap.min.js"></script>
<script src="bootstrap/usebootstrap.js"></script>
</body>
</html>


API.php:
    
<?php
require_once 'inc/db.php';


function getKey($key) // Creating the function. Here's where you can change this to $password
{
global $odb; // In functions, if the variable isn't used within it, it has to be made global, since $odb (the db connection variable) isn't defined within the function, we have to let the function know it exists.
$SQLGetInfo = $odb->prepare("SELECT * FROM `keys` WHERE `key` = :key LIMIT 1");
$SQLGetInfo->bindParam(':key', $key);
$SQLGetInfo->execute();
$keyinfo = $SQLGetInfo->fetch(PDO::FETCH_ASSOC);
if($SQLGetInfo->rowCount() > 0) { // this checks to see if the key entered exists, if the value is less than or equal to 0, it doesn't.
$keys = $keyinfo['key']; // this sends the key to index.php to echo it out.
return true; // this lets index.php that the key match was successful
}
/* removed the following due to already being on index.php
else {
die("Key is invalid.");
}
*/
}
?>

The following user thanked Dan for this useful post:

Passion
12-25-2015, 12:53 PM #3
Toxic
former staff
for logging in, store the username in the cookie for the original login, and retrieve it using echo $username (or whatever u named it), in a certain element Sal
12-25-2015, 01:08 PM #4
Passion
League Champion
Originally posted by ToXiC View Post
for logging in, store the username in the cookie for the original login, and retrieve it using echo $username (or whatever u named it), in a certain element Sal


Sessions are better
12-25-2015, 01:52 PM #5
Woof
...hmm
I would suggest implementing some sort of 'fingerprint' check to your sessions to help prevent hijacking. Easiest way you could go about this would be to check the agent and/or IP of the remote user. I'm fairly certain I did post something quite a while back about this, but it seems to have been removed for some reason. I guess it was just too old?
Idk
12-25-2015, 02:39 PM #6
Toxic
former staff
Originally posted by Passion View Post
Sessions are better


Yeah, however, u can get the sessions token from chrome or any other browser, and set it to another PC (which can people make 'token-logger'Winky Winky
12-26-2015, 02:33 AM #7
Tustin
Balls of Steel
Originally posted by ToXiC View Post
for logging in, store the username in the cookie for the original login, and retrieve it using echo $username (or whatever u named it), in a certain element Sal

Don't do this. This allows anyone to edit the cookie to whatever name they want and login as that person. If you're going to use cookies, generate some unique identifier for each person and store that in the database and the cookie. Then you can compare it that way and log people in. Make sure it's a completely unique id and not something that's publicly visible (like a userid, username, etc). You also shouldn't use their hashed password as the cookie either.

The following user thanked Tustin for this useful post:

JB
12-26-2015, 05:38 AM #8
Toxic
former staff
Originally posted by Tustin View Post
Don't do this. This allows anyone to edit the cookie to whatever name they want and login as that person. If you're going to use cookies, generate some unique identifier for each person and store that in the database and the cookie. Then you can compare it that way and log people in. Make sure it's a completely unique id and not something that's publicly visible (like a userid, username, etc). You also shouldn't use their hashed password as the cookie either.


just like vB Sal
12-27-2015, 06:39 AM #9
CyberNomadic
Web Developer
:| Okay guys, time to build a legit Login System for you all :|

The following user thanked CyberNomadic for this useful post:

Jon Snow
12-27-2015, 06:52 PM #10
Passion
League Champion
Originally posted by CyberNomadic View Post
:| Okay guys, time to build a legit Login System for you all :|


Sad Awesome suprise us

The following user thanked Passion for this useful post:

Helping-Hand

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo