Reputation: 1348
php check license id with postback url
I'm working on a php installer for a web application / software.
The installer need a valid license ID to finish the installation (for example: "aDs34Nsi9sa").
To check if the license ID is valid i have a php script on my main domain that check my db and return 1 if the licenseID exist and is active or 0 otherwise. This file should be called like this:
https://www.domain.com/check.php?id=aDs34Nsi9sa
So i'm wondering if is correct to use file_get_contents() to check the license ID via PHP..
$check = file_get_contents("https://www.domain.com/check.php?id=$license_field");
if( $check == 1 ) {} // finish installation
else {} // print error msg
Is this way correct and secure?
Upvotes: 0
Views: 417
Answers (1)
Reputation: 146500
Of course, you need to properly URL-encode data before injecting it into a URL. And it's up to your remote server to detect brute force attacks. Other than that:
Your check assumes that
allow_url_fopenis enabled and PHP has SSL support. Make sure you explain that in the requisites and get ready for support enquiries and workaround coding.Data sent through SSL should remain private enough.
And, well, it isn't particularly difficult to crack. Malicious users just need to impersonate the remote site.
Upvotes: 1
Related Questions
- PHP check download link without downloading the file
- Serial generation with PHP
- license key for php script
- Get an activation key string from URI
- PHP Postback URL
- Remote check script license
- Any alternative to curl_exec()?
- How to implement licensing in php downloadable application
- Check if a generated license is valid
- Checking link from a host with php