Reputation: 79
how does this "licensing" work with this software
optimizepress is a wordpress plugin. I own a copy and use it and am wondering how they use the licensing to secure the product.
I would like to consider this for securing my own php script if it's viable.
Here's what they do to secure their product:
On there server where you download the script you have to enter your domain url in a text box to license the plugin for that url.
They have 2 textboxs to enter your domains in: 1. if it's first time licensing sites 2. adding more sites to your account
Then you click a submit button and a serial code is sent back
After you install the plugin in wordpress, you must goto the settings area where it asks you to enter the serial code for verification otherwise you can't use the script
How is this done? Could this be used with my php script I'll be distributing?
thanks for your thoughts
Upvotes: 0
Views: 375
Answers (1)
Reputation: 1888
I'm not specifically familier with this script however it is very possible it is a script using cURL, the serial number will be used to authenticate your account for verification to access your account.
Next it will most likely pull the URL the script is being run from and verify that the URL is listed on your account.
From there if the URL is not listed it will probably send a fail command killing the script, if the URL is listed it will authenticate.
If it is listed then the script will check the status of the license and either run or kill the script.
There is a division in using this type of model whereby some developers believe if there is no response from the auth server then the script should assume it is allowed to run to not interrupt the user experience, others believe if the auth server doesn't reply its very possible it could be an unauthorised usage so they kill the activity.
There are other technologies available to do the same thing and depending on your application this may not be suitable, just have a look at various licensing models.
As a note, for this style of distribution you may want to use a PHP encoder such as ionCube so the script cannot be hacked to bypass authentication. In addition when writing a script to use an API, I also recommend having the user assign the IP address, this way the first query to the API for auth is am I allowed to talk to this server. This provides a lot of protection to your API script that will then move on to verify the license is valid or not.
I hope this will be helpful for you.
Upvotes: 1
Related Questions
- Serial generation with PHP
- How are software license keys generated?
- license key for php script
- key for software
- Ioncube with license key (not license file)
- How is this public key == private key
- How would one secure a PHP script to make it only usable when bought?
- How to implement licensing in php downloadable application
- Check if a generated license is valid
- Seeking FOSS licensing software