I would like To know how I can Immediatly update the serial database to my clients without re-sending my entire project output to them because this is time consuming when projects reach 10-200+mb and the regurlar 56k'ers would not like to keep downloaded this size of file just to get the serial user table or project user table updated and secure from potiential project serial crackers and abused serial users.

This is great when you need to Disable/Re-Enable certain users. Because the Patch can be just A serial update from TrueUpdate forcing the user to update his/her project with the new list of serials.

On new project launch if the serial entered does not match any of the Serial Updates have Setup Factory automatically remove all project files that were previously installed from older projects Disabaling the "Serial Cracker" from Continue using the Old project if installed most "Serial Crakers" will download and try the same serial for the newer project release and will be prompt with these circumstances.

I really hope there is A reader that will respond to this question and explain if possible step by step to this dilima. thankyou always


[SkyTearz]

If you are able to write a small DLL then you can pass serial through to that to verify your serial. This way you can maintain the serial database however you want and it can be completely outside of the installer.

One good way to do this would be to host the serials database on your Web site (MySQL, etc.) and then have the updater validate serial numbers using the HTTP.Submit action to send the user's serial to the Web script (PHP, etc.) and then the Web site validates the serial and sends back a status code.

Great reply's. Am Im able to get A few sample's though or complete walkthrough's would greatly appreciate if the timing is well on your half. Having A-d-d isnt really the best thing to have...hehe... So you have to supply me with some material I can work off of. But I always try my best to understand everthing that is told. Pictures are worth A thousand words to me and thousand words are like pictures to me if step by step =D

For a DLL solution the first question is "do you have a compiler"?

like an asm? or masm or somthing like that? no but know what one is.

Something to write a DLL in which asm/masm is one but generally that is not a first choice for most people. C/C++/Delphi/Basic/etc..

But it sounds like there would be a fair learning curve. There would be a number of programming areas which need to be brought together effectively to make it happen without having a weak solution.

You might want to follow up on Brett's suggestion first.

Do you have any examples of how to make a serial-submission code + web-form? I tried. No luck. :( If you can help, please do.


aahhhhh......

Hello? Anyone?

This may be just one of many ways to handle Serials etc.

1. learn how to use the 'crypto plugin' and zip plugins.
2. maintain an 'encrypted serial number list', then zip it with a 'password'
3. maintain an 'encrypted lua file' - with approved unzip-decrypt functions..approved crc values' anything else, included in above .zip if desired.
4. Upload it to the server.
5. Create a 'special SUF7 'module' who's task is to dload via your chosen
method from the server the above created zip. This module has code-functions which perform unzip and decryption of the 'latest lua file' etc
in your now downloaded 'uploaded zip'. Extract the lua file and 'load it'.
(This Lua drives the checking of serials other related actions etc.).
if loaded without error..delete it. The serial number list has been decoded
and read to a Table, then this 'list' is deleted from user's system.
Now everything is in 'memory' ..the processing so far is very fast,
so the chance of a savvy user intercepting the 'raw decrypted file-s'
before they are committed to 'memory' is very minimal.

Note: when the target program was originally installed, the serial number
at time of installation was 'encrypted' to the registry--the raw serial number is not recorded.
(your lua script above 'knows how to decode this back to
its raw state for comparison with approved list).

6. The loaded Lua has a function that cycles through the Table of 'serials'
created, performing 'approved or now disallowed' checking-
7. Based on this checking, actions within this Lua determine how
you wish to handle things from then on.

My theory is you can update and change- add approved encryption-decryption 'sygnatures' -methods at will.
You could even 'change' the encrypted serial on use's system if needed !.
As long as your fancy Lua file 'knows' all previously approved 'methods' of serial comparison etc.

Download overhead is minimal, up to you to upload and maintain your
encrypted 'control file-s' on the Server.

Once the proccess is done , your code removes all strings, tables from
memory by setting them all to 'nil' .

If it takes a week or longer to get things going and lots of testing etc.,
then so be it. So far it has cost you nothing but time and increased your
knowledge of action scripting etc. Looking forward, % of profits go to
engaging someone else to construct PHP or web scritping etc.

Hope the above made some form of sense.

Sorry to rave on --however I have this working for me as a method.
I lear'nt a lot by doing it :yes

(I do not feel comfortable supplying any code on how I got things working
this way.. I need to 'protect' code, I hope people understand..)

Tip when using the zip plugin..for added security..encrypt each file
before it is added to your zip. Encrypt the .zip itself ..Zip programs
cannot even show you the 'binary list' -what is inside the .zip.

This also disguises the fact that the .zip itself is 'passworded' as
the zip program reports the file as either 'corrupt' or just plain 'unreadable.'

you can call your .zip 'mytricky.bmp' if you want..Decrypt functions-actions
know what to look for etc..

I was acually looking for more of a way to keep track of what serials have been used by storing them in a online database, and have the program send the serial to the database, check in one table to see if it is used, and if it is not, check the other table to see if it is a true serial. That would be much better than having to update in manually.


Has anyone done this?
And if they have, can they post/ PM me the code?

Anyone? Someone?

pleeeeeeeaaaaaaaaasssssseeeeeeeeeeee..............

Sorry Indigo Rose does not have any such sample code. I have used MYSQL and PHP before and it works nice. You may be able to find an online book or something on using these two technologies together. I had a great book but I can't seem to find it around.

I also suspect that people that have developed these types of systems do not want to give away their source code for security reasons.

Adam Kapilik

I was acually looking for more of a way to keep track of what serials have been used by storing them in a online database, and have the program send the serial to the database, check in one table to see if it is used, and if it is not, check the other table to see if it is a true serial. That would be much better than having to update in manually.


Has anyone done this?
And if they have, can they post/ PM me the code?

This is not a simple, "here is some source code - upload these files and you are on your way" type of task. It will definitely take some understanding of PHP/MySQL on your part. Like Adam said, you would be best off to do some learning about those subjects. There is a LOT of free information about these technologies around. It is not an overly complex task once you understand the underlying technology, but until you do it will be very frustrating for you.

I am not trying to discourage you at all. I just want to give you a realistic idea of what you will have to do to accomplish this. The other option if you are in a hurry and this is central to your business processes is to hire a good PHP programmer to develop the system for you. Try http://www.rentacoder.com or another similar site.

It's definitely a big project. Certainly more than a few lines of code, but it can be done. It just takes some elbow grease, as they say. Let us know how it goes! I'm sure that people here would be happy to assist you with parts of it if you get stuck as you go along.

You may also find that your ISP will offer this Service to set things up for a fee.

I do have an understanding of PHP/MySQL......I'm just not that good at it. I guess I can try it.....

Hi. Ok this part isn't too bad:

I was acually looking for more of a way to keep track of what serials have been used by storing them in a online database, and have the program send the serial to the database, check in one table to see if it is used, and if it is not, check the other table to see if it is a true serial. That would be much better than having to update in manually.

The best way to do this is to validate the serial first. Best is to use encryption. Here's a typical flow I might recommend for this task.

1. Application gets serial from user input and then encrypts it and send the encrypted version to a PHP script on your server.

2. Your server compares that encrypted string against your database of serials (encrypted). If it finds the serial then it is valid and the script goes onto step 3. If it doesn't find the serial the script exits and an error message is sent back to the application.

3. If the serial is valid then you check to see if it has already been registered. This is still a check against your main serial database, only this time it is checking a separate column (let's call it "validated") for a "1" or a "0" to see if the serial has previously been added. If it finds a "1" then the serial has already been added to the database so the script ends and sends back a "serial already stored" message. If it finds a zero, then it simple toggles this to a "1" and the script ends, sending back a success message to the application.

Anyhow that's my two cents FWIW. it's not a huge task, a couple dozen lines of code can swing this task. It's beyond my schedule this month to write for you or I would have just done that... Don't get discouraged, I guarantee you that if you have a small amount of PHP/MySQL knowledge that you can get this done in an afternoon. :)

We're here to help with your code anytime, if you are running into problems feel free to post your PHP and we'll go from there. Remember, just define the steps you need to take, and then knock down one step at a time. And before you know it, you'll be finished. If you need help breaking down the above plan into smaller steps just let me know and we'll whip up a task list. Rock on. :yes

Okay. I have this:


<?php

$localnoslashes = stripslashes($location);
$namenoslashes = stripslashes($Name);

mysql_connect("localhost", "db_user", "pass");
mysql_select_db("db_name");

$query = mysql_query("INSERT INTO `data` (name, ign, location)
VALUES ('$namenoslashes', '$ign', '$localnoslashes');

?>


Unfortunately, I don't have a database to test it on yet, so i don't know if it works. :(

My problems are:


Figuring out how to compare the users serial numbers to all the serials numbers in the database($serial).
Doing the thing Corey suggested, with the "0" and "1".
Getting the same thing with the verification number($verkey).


I'm totally in the dark as how to do this......help.......please.....thank you......

OK the first step, before everything else, is to create a database of serials. You will need a little MySQL experience to get started. I recommend using Google to do a few basic tutorials on how to "read from", "write to", and "compare with" a MySQL data table. In any event you'll need this in order to maintain your database. Trust me, this stuff is all easy. Hit Google and you'll be reading and writing data in a couple hours. :yes

FWIW anyway you come at this, that's going to be the critical first step. :)

In the user guide, something about "Returns" in the HTTP.Submit function is metioned. I want to use that, but I don't know how I get the web script to send the information (Whether the serial was valid or not) or how to get the setup to take/read/display it.

Oh, and is there also a way in SF7 to encrypt the data before it is sent off? All the serials in my database will have MD5 encryption, and I would like a way to encrypt the data before it is sent.

Oh, and I can't find a way to compare the users sent serial to the ones in the database.....any insight on this?

Hi.

1. Just use "echo" or "print" in your PHP script to output some data to the return value.

2. Setup Factory 7.0 is fully compatible with the plug-ins at http://www.autoplay.org including "Crypto" which gives you full blown support for MD5 and more! Free demo download at http://www.autoplay.org/plugin/crypto_encryption.php .:)

3. This is what I was saying. This is basic PHP/MySQL. You could find a better explanation of how to compare value in a script to values in a MySQL database on Google than I could offer. It's very simple stuff. Just check out a few tutorials on "using PHP to read/write to a MySQL database" and you'll be set. Basically you'll just use a MySQL command, i.e. SELECT * FROM table WHERE serial = 'KJD987JH4O238UOIJF'; or whatever...

Hope that helps. :)

PS don't forget to validate all info you pass to your server, i.e. strip *everything* except letters and numbers or whatever for security purposes. In general, for security, never pass anything "extra" to a server. :yes

Okay thanks guys. I have most of it done. Your help was very appreciated. If I find any "unknown errors" i'll post them here.

Great news! Glad to hear it... :)