Ok heres my code i used to make an install that validates a serial number and name and whatever else you wanna add, and then it emails you the details such as mac address, time and date activated and the copy that their windows is registered too. You don' have too go to those extremes but the option is their if you want it.

SUF7 Code Place this on your activation screen with 2 text fields with the variables of UserName and UserSerial. This code is for the next button:

-- Gets the username and serial from the text fields named UserName
-- And UserSerial.
sUsername = SessionVar.Expand("%UserName%");
sPassword = SessionVar.Expand("%UserSerial%");

-- Setup the data to be sent. (No md5 though)
sCheckScriptURL = "http://www.domain.com/authenticate.php";
tValuesToPass = {reguser = sUsername, regserial = sPassword};
nSubmitMethod = SUBMITWEB_POST;
nTimeout = 20;
nPort = 80;
tAuthData = nil;
tProxyData = nil;

-- Just some simple stuff to set up
strProductName = SessionVar.Expand("%ProductName%");
-- Email address you want to receive the details on
strEmailTo = "dwayne121@bigpond.com";
-- Location of the mail script to send the details out.
strURL = "http://www.domain.com/mail.php";

-- System Variable Values About The User Passed For The Email
userinfo = System.GetUserInfo();
regowner = userinfo.RegOwner;
netdetails = System.GetLANInfo();
nicaddress = netdetails.NIC;
regorganization = userinfo.RegOrganization;
driveserial = Drive.GetInformation(_SourceDrive).SerialNumber;
time = System.GetTime(TIME_FMT_AMPM);
current_time = System.GetTime(1);
date = System.GetDate(DATE_FMT_EUROPE);
current_date = System.GetDate(2);
emailaddress = "strEmailTo";

-- Prepare the message to be sent
local strMessage = "";
strMessage = strMessage.."Product: "..strProductName.."\r\n";
strMessage = strMessage.."Name: "..SessionVar.Expand("%UserName%").."\r\n";
strMessage = strMessage.."Serial: "..SessionVar.Expand("%UserSerial%").."\r\n";
strMessage = strMessage.."Info: "..regowner.."\r\n";
strMessage = strMessage.."Mac Address: "..nicaddress.."\r\n";
strMessage = strMessage.."Reg Organization: "..regorganization.."\r\n";
strMessage = strMessage.."Drive Serial: "..driveserial.."\r\n";
strMessage = strMessage.."Registration Time: "..current_time.."\r\n";
strMessage = strMessage.."Registration Date: "..current_date;



local strSubject = "Registration for "..strProductName;
local strFrom = emailaddress;
local strTo = strEmailTo;

-- Create the message data to be sent to the mail.php script:
local tblValues = {MailTo=strTo,MailFrom=strFrom,MailSubject=strSubj ect,MailMessage=strMessage};
local nLastError = Application.GetLastError();

-- Show a dialog box while the persons details are being checked
StatusDlg.Show();
StatusDlg.ShowProgressMeter(false);
StatusDlg.SetTitle("Validating");
StatusDlg.SetStatusText("Please wait while your details are being checked with the server...");
-- Presto Send to the web and hide the activation dialog box
sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);
local strResult = HTTP.Submit(strURL,tblValues,SUBMITWEB_POST);
StatusDlg.Hide();



-- The details were correct. (the installer received a value of one)
if sResult == "1" then
-- The username and password was right
Screen.Next();
else
-- Those details provided were wrong. Or no longer in the database.
Dialog.Message("ERROR", "Those details are invalid. Or they have been removed from the server", MB_OK, MB_ICONSTOP);
end

Heres the code for the php script validating the details:
<?

// Returns '1' if details received are correct, or '0' if the details were incorrect

// Set the table of users
// Add some entries to the table "Username"=>"Serial"
// You must complete all entrie with a comma, except the last table entry(or it won't work)
$user_table = array(
"Test"=>"6771-1863-0916-62376",
"John"=>"6439-6712-0452-34419",
"Mr Smith"=>"0367-9465-9762-61028",
"Gary??"=>"4235-9686-7813-91870",
"NEVER"=>"9861-2206-4899-55662"
);

// Was data posted to the script?
if ($_POST)
{
// Search through the table
foreach($user_table as $username=>$serial)
{
// Check if the details received via the installer are correct
if (($_POST['reguser'] == ("$username")) AND ($_POST['regserial'] == ("$serial")))
{
// The Details Were Correct And Authenticated, Then Send the result to the installer.
echo '1';
exit;
}
}
// The details supplied were not correct.Return the value of 0 to tell the installer to not let the install continue without the proper details
echo '0';
exit;
}

else
{
// The script wasn't sent any post data by the installer. Or it was loaded through a web browser etc.
echo "No Registration data found. h4x0r";
}

?>

Mail.php this is the file that will email the details of the user to your email address specified.
<?php

// Send the details received from the users system to yuor email address you specified

$MessageNoSlashes = stripslashes($MailMessage);
$SubjectNoSlashes = stripslashes($MailSubject);

mail( "$MailTo",
"$SubjectNoSlashes",
"$MessageNoSlashes",
"From: $MailFrom\r\n"
."Reply-To: $MailFrom\r\n");
?>

Nice example!!

Adam Kapilik

Looking good. When I get some time I'll have to give this a go.

Thanks for sharing.

Good example!

I would like to see something like this that uses some database backend like MySQL to check the table of serial numbers, and can update it when it is activated so that it can't be used again. Managing a PHP file with serial numbers is not very convenient in my opinion if you have a large number of customers and/or products.

If anyone has some code to do this already, I would love to see it. If not, if someone wants to try and tackle this, please come forward! :D

I'll give it a shot i'm pretty handy with php actually. Ok here is what i was thinking of tell me if this is too your liking i'll code it and stuff and then share it with everyone.

A Php script that connects to a mysql database which in turn checks a serial and username sent from the installer using md5 encryption of course. Then it goes one step further and maybe locks that serial to the harddrive serial number or something like that? Maybe if someone has programming knowledge they could make a plugin of some sort that maybe allows hardware id's to be generated in the same way microsoft does with windows XP.

Also if it's a business solution for companys why not add an admin backend to the php/mysql system as well? Allowing you to add and remove of serials and usernames as well as stats and other stuff. I think it would be great and i'm gonna give it a go i'll keep you's informed as I attempt to try this. I'll freely share it with you if I am successful.

That sounds pretty good to me and is basically what I was thinking. If you want to go ahead and try this, I would be mroe than willing to test this out for you.

Let me know how you progress with this and if you need any help. I'll try to do what I can! Thanks! :yes

Well the mysql part is the simple bit. But now i've started on the admin panel for adding serials etc and reporting stats. It's coming along ok but I probably won't have anything for a week or so. I have yet to make it mark a serial as used once it has been inputted. But I don't see major hurdle from this being a reality.

Wow very nice script.. but Im with "Tek" how I want it.
So im very interested too with a system like you told us "dwayne12". a webb login admin system is just great to add or delete or even ban users :)
maybe a system that auto add users from there purchase or maybe that is something up to every person.. we all use different online shop systems etc.. but maybe some system that auto take a serial number from the database to the new user.. and then that serial is only for that user and no one else.

looking forward to see this project! Let us know how it goes!

/reed

Hey,

Sorry about my long absence from the forums. I had quite a few pc problems to sort out as well as not being home much lately. I lost a bit of code for the system I was working on but nothing too major. I've had a hectic work schedule lately as well as trying to balance a website I've started on http://www.techittytech.com which is just currently a forum. This will probably take me longer than expected, but it will be complete and reed that idea you suggested is actually a very good idea.

It would make the system for user friendly and easier for the clients so they don't get impatient. With a little help of some php minded people we could make it tie in with universal shopping cart systems and online stores. And with that in mind I'll run from the top again about what it'll will do basically. Saves everyone a read from the first post.

A PHP script that ties in with a MySqL user database. When the user runs the install they enter a code that was generated maybe after their purchase through whatever means online shop, paypal, credit card. Cause after the online purchase, maybe a script that adds a username, password, order number and serial number to the database. The order number will of course be tied to the username as well as the serial. Now basically what will happen is a serial can only be used once, but one can be obtained through an online form which validates your order number and maybe a couple of other details that someone wouldn't wanna have circulated across the net. An administration backend will be able to control every aspect of the system. Remove a user, Blacklist a serial, Blacklist an Email Address, Add a user, ip banning(maybe), as well as various stats.

I'm not sure if I left anything out in that I kinda typed it a bit fast as I'm quite busy working on my site as well as 2 other projects for bands. Let me know if thats what you pretty much want and if not, rewrite it to how you want it.

Thanks m8,
Its brilliant code, just one very quick question,
authenticate.php I think any one can access this file from my web site, is there any way that I can encrypt it or any idea?
And if you say that no one can monitor well using some network monitor software I can do this so it mean any one can do this.
I think to protect it is they only way to encrypt all information or I have no idea,
do you?

and about mysql idea is very very good and i think its best way to protect every thing and manage user and serials but i never seen any reply after this it would be great if you can post this project.
thanks for help.
and your site dwayne12 is still not working


phpBB : Critical Error

Could not connect to the database

Hi Guys,

Code developed bye dawyne is awesome, but i dont see any post after this, Now here is what i can do for this forum, i have complete PHP source ready developed for admin control pannel to view or delete users and serial no:. But all i need is some modifications to the authenticate.php. That would be great if some one could help me in on this.

Cheers

Hey everyone this project isn't lost and I have made the whole system I've just gotta tweak the authenticate.php file to make it secure etc. The package is called SauthSQl and it has an admin interface with add, delete, edit, add serial, browse the database features plus a few others. It's fairly secure and it's open source as well so any add ons to it would be great I think this project has great potential shortly I will release the code with the authenticate.php completed it's 90% done and a few changes will be made to the code give or take a week or so.

Sorry about my long absence but I've been extremely busy with work etc but I have still been working on this project.

Dwayne.

Thanks m8,
Its brilliant code, just one very quick question,
authenticate.php I think any one can access this file from my web site, is there any way that I can encrypt it or any idea?
And if you say that no one can monitor well using some network monitor software I can do this so it mean any one can do this.
I think to protect it is they only way to encrypt all information or I have no idea,
do you?

and about mysql idea is very very good and i think its best way to protect every thing and manage user and serials but i never seen any reply after this it would be great if you can post this project.
thanks for help.
and your site dwayne12 is still not working


phpBB : Critical Error

Could not connect to the database

Yes to stop information being sniffed or w/e just use MD5 encryption which I didn't add to that example but it's quite easy to do. The project is basically done all the coding is done just fixing up the gui a bit.

That's great news dwayne12! I am looking forward to trying it out!

I appreciate your efforts with this project. :yes

No worries. I was planning on setting up like a beta test actually just to make sure the project will function properly when it's done.

Maybe do a small scale beta test online where you can maybe report problems and suggest ideas which sounds like a viable option.

Nearly done...

dwanyne12 - I attempted to visit your site, if you need hositng, I have a LOT of server space, bandwith, etc. I'll be happy to host any Indigio Rose related content for you at no charge, just let me know.

mike@mtplans.com

thanks, Mike

That would be greatly appreciated Mike. I just couldn't be bothered paying for my old hosting mainly because of the lack of time to work on my site. I could use the space you're offering for the beta test of SauthSQL.

Hey everyone.

Firstly I am terribly sorry for my long term absence from the forums with no updates on SauthSQL or anything like that, but I have been working very hard with this project I just haven't had the time I would have liked lately to complete it quicker.

I have as an added feature to the package some AJAX into the package such as when you want to search for a client in the database it searches as you type and displays the results instantly. Updating client details are done on the fly they are updated as you type them into the search fields the details are updated in real time in the MySQL database.

For my lack of absence I will be adding more features and better encryption to this. Please note that this package will be released as open source and if there is flaws or w/e don't be afraid to contribute your knowledge to it and make this package an ongoing thing.

Removing a client can now be done in realtime as well without any page refreshes using AJAX once again. I think I'll end up making everything use AJAX to remove, update, add and delete from the database. No page refreshes means more efficient time wise especially if this package will be used for a small software business.

As well as these changes I will be creating a more appealing interface with ease of use in mind as well as keeping it simple too. Here are the features that will be in the package(finalised).

*Administration Panel;
> Add A Client.
> Remove A Client.
> Update A Client.
> Activate A Client.
> Browse Database.
> Site Config.
> Client Info.

The package is basically finished. I'm focusing on making the package Valid html and valid css. Making the code clean and easy to read as well as heavy commenting the code so it's understandable.

I will be setting up a website shortly for the beta test of SauthSQl to take place, when it takes place you will have to create an account. Accounts will be limited to the amount of 30 people. Once the quota of 30 people has been filled no more people will be able to take part of the beta test.

As a beta tester your role will be to test the package out thoroughly and report any bugs using the bug report tool which will be provided on the website as a part of your account.

Any other suggestions for features etc etc would be great.

Dwayne.

Any more news?

I have been away from this forum but after reading this im very happy!!! something like this I have been waiting for a long time :)

Great work and hopes the beta test goes well and it will be out soon.

Edit: By the way.. can get into your wensite.. can't fins url it says..

/reed

Any news on this?

/reed

Hi everyone,

Firstly I am terribly sorry for my notable absence yet again I've just been side tracked and a lot of other stuff has been happening. I decided that a beta version may not be required as I have started on a release I won't dub as beta software so everyone can use it straight after being released. I've decided to revamp the code, plug security holes, clean the code a bit and make the whole package a whole lot better looking.

I won't set a time frame but I am confident the new version could be done in a very very short time. I just have set myself high expectations for this project and every time I thought something was good, I made it a whole load better each time. I just want this project to be something that I can be proud of and everyone else can enjoy.

I will update the features list in a couple of days in another post but rest assured SauthSQL will be coming without a doubt.

ps. About 2 weeks or so and it'll be released.

Dwayne C.

Thanks for the update. Awaiting the release patiently... :D

Thanks for the updated information.. can't wait to the release too :)

/reed

Okay it's time for the list of features that will be in the release of SauthSQL.


Ajax enabled administration panel with; Add, Delete, Edit and Ban users.
Statistics about the number of users, number of active and inactive accounts and number of banned users.
Easy to use install, to set up the package quick and easy with just a few details required to get it working.
Extra security measures within the code to prevent the most simple attacks occurring to the installation and compromising any users details.
Nicely displayed and formatted code which is heavily commented for further editing by users who know what they are doing.
Nice graphical interface with easy to use navigation and nicely formatted text.
Error reporting feature which allows errors to be reported to me for repair as well as bugs and security holes.


I might add in a few extra features at release time perhaps.

Wow, sounds great!! can't wait for the release for this :)
keep the good work up :yes

/reed

Looking forward to checking this version.

:yes

Heres a screen shot of the administration panel so far. It's only an early design so this most likely won't be the administration panel layout just a little experiment I thought I would screen shot for you all. I'll post more and more screen shots as I complete more and more of the visual content.

http://i61.photobucket.com/albums/h49/dwayne121/sauthsqlscreenshot.jpg

Also a couple of features I forgot to mention. There will be an AJAX paginated search engine you can search by user id, firstname, lastname, serial number and soon even ip hopefully in the final release or perhaps an updated version shortly.

Whenever there is an error, the error reporting tool will automatically send an error report to me telling me the problem, this will be voluntary and you will be able to disable it if you are nazi about security.

I've decided I will stick with the current GUI design I have it works I think it's not as ugly as some php interfaces on projects where the css is all horrible I think this is fine. Here is another screenshot I couldn't edit my previous post because of some 15 minute edit timeout in place.

http://i61.photobucket.com/albums/h49/dwayne121/sauthsql_usermanagement.jpg

Looking good, thanks for the screen shots.

Wow again!!
This going to be better and better then the hours ticking on :)
Keep the work up and post as many screens as possible and if you want to show us something :)

The features of this is very good is you ask me and the admin panel design is very nice.. but if I want to change so it fit into my orginal site layout is this possible from a template or is it hard coded? I like the design so no questions about that just if ask if I want to try to see how it may look bundled into my own site design but not a big deal so keep your work up!

/reed

The layout of sauthsql is simply just html and css so changing the look and feel of the pages is as simple as opening the pages up in dreamweaver or whatever your weapon of choice be.

I have made very fast progress of the coding of SauthSQL, seeming as I decided to rewrite all of the old code the sites development is coming along surprisingly fast.

Currently the GUI of most pages has been created and now I am in the process of implementing the AJAX into the package which shouldn't take too long. I also came up with some more idea's for SauthSQL which I think could improve it way more.

Also for this system will everyone be requiring a user registration system so users can register for their product etc etc? Throw me some idea's if you will and I will see what I can do just want to make sure this package has the features that you want and need. Heres some screenshots.

http://i61.photobucket.com/albums/h49/dwayne121/Sauthsql_edituser.jpg
Shown above: The edit user form which uses ajax to fetch the users details when it's provided the users details the edit details box is then shown immediately with the current users details once you are done the details are updated instantly after a javascript confirmation box is shown.
http://i61.photobucket.com/albums/h49/dwayne121/Sauthsql_adduser.jpg
Shown above: The add user page allows you to add a new user to your database and then once you are done the user is added instantly via ajax after a javascript confirmation box is displayed asking you if you are sure that you want to add the user.

You just continue show us great stuff!!!
Product registration sounds like good idea..

Normal HTML and CSS thats sounds great.. but as I said I like your design but we will see.

/reed

User registration can be done in many ways.. but one that I like is soemthing like this one: http://www.leonardosh.it/maddog/en/maddog_reg.asp
Maybe something like that for the page that users can register the product :)

Just an idea from me.

/reed

Something like that is a great idea reed. How about when the user purchases a product they are given a purchase number and then using the same principle of the site you showed me they then simply enter their email address and purchase code from the invoice then they receive an email with a serial number which can only be used once to install the product.

I would love to have it so a license file is created so the product can be used with the same serial more than once but that won't be possible without compromising leaks of the serial number. I will create something like that tonight and upload a screenshot, I need some webspace with php/mysql so I can showcase some of the work to people.

Something like that is a great idea reed. How about when the user purchases a product they are given a purchase number and then using the same principle of the site you showed me they then simply enter their email address and purchase code from the invoice then they receive an email with a serial number which can only be used once to install the product.

I would love to have it so a license file is created so the product can be used with the same serial more than once but that won't be possible without compromising leaks of the serial number. I will create something like that tonight and upload a screenshot, I need some webspace with php/mysql so I can showcase some of the work to people.


Glad you like the idea :)
What I know users that purchase the product get the "Purchase code" automatic from the online shop then they have their own program for the product that generate the the "serial number" depends on your hardware in your computer.. then we use the register form here http://www.leonardosh.it/maddog/en/maddog_reg.asp for the users to active the product but thats offside the installer but maybe a way thats like the same but I think you got the idea anyway:)
but a online validate (check for genuine serial) etc thats your script will make is great so :)

User=email@address.com
PurchaseCode=the purchase code
Key=the key that user will get back after register the product just to be able to active it
Serial=the simple serial that the program product generate

that was just how they did :)

/reed

Something like that is a great idea reed. How about when the user purchases a product they are given a purchase number and then using the same principle of the site you showed me they then simply enter their email address and purchase code from the invoice then they receive an email with a serial number which can only be used once to install the product.

I think this sounds pretty good.. user just need to register the product so they get the serial sended to them so they later can validate the serial from the installer, like that!


I would love to have it so a license file is created so the product can be used with the same serial more than once but that won't be possible without compromising leaks of the serial number. I will create something like that tonight and upload a screenshot, I need some webspace with php/mysql so I can showcase some of the work to people.

license file created, thats sounds like a great idea if you ask me!
But the leaks of serials is not good.. but maybe you come up with a nice idea to sovle it so looking forward to the screens later :cool

/reed

No matter what method anyone puts into place there will always be some way to work around it (Look at Microsoft), but if we can make it so it's harder to circumvent our registration protection then most people will give up trying to crack some registration scheme that would be a waste of time especially if this is only for small to moderate scaled products we're not talking about creating some uncrackable scheme for a major software corporation but hey if a major software corporation wants to use Sauthsql I am persuaded by large amounts of cash :cool

I've started on the registration system now hopefully might have a screen shot on here in just a few hours. Anyways I'm just going to type/clarify what i am going to do.


User purchases product from the internet via shopping cart or whatever.
The user is then given a purchase number this will be 10 digits in length.
The user will then be placed into the system, but the user will be marked as not being able to be used.
Once the user via the appropriate form has entered their purchase number and email address along with their firstname and lastname a serial is then sent to the users email address.
Once the email has been sent to the user with the serial, the user can now open the installation for the product enter the serial they were sent as well as their purchase id as an added measure and then if the details validate the user is allowed to install the application.
Once the user has used the serial it will not be allowed to be used again, users who pay for a product and expect to reinstall due to format can email the company along with their serial and purchase number as well as other personal details and a new serial will be sent to them. A user will not be permitted to request a new serial more than 3 times each month this will help prevent distribution.


The theory I have behind circumventing distribution is to require personal details that I am sure a user wouldn't feel comfortable distributing around the internet such as email addresses, first and last names as well as date of birth etc. This wouldn't prevent all circulation but I'm sure it would help prevent alot of it.

No matter what method anyone puts into place there will always be some way to work around it (Look at Microsoft), but if we can make it so it's harder to circumvent our registration protection then most people will give up trying to crack some registration scheme that would be a waste of time especially if this is only for small to moderate scaled products we're not talking about creating some uncrackable scheme for a major software corporation but hey if a major software corporation wants to use Sauthsql I am persuaded by large amounts of cash :cool

You are so right.. a protection system can allways go around in someway, but your idea is great!


I've started on the registration system now hopefully might have a screen shot on here in just a few hours. Anyways I'm just going to type/clarify what i am going to do.


Man.. you are working fast :yes



User purchases product from the internet via shopping cart or whatever.
The user is then given a purchase number this will be 10 digits in length.
The user will then be placed into the system, but the user will be marked as not being able to be used.

Very good idea of the system! go for it :)


Once the user via the appropriate form has entered their purchase number and email address along with their firstname and lastname a serial is then sent to the users email address.

Yeas that is what I want to have it.. but in a online shop users normaly need to register or purchase in real name and correct email address, but your soulution here is great.


Once the email has been sent to the user with the serial, the user can now open the installation for the product enter the serial they were sent as well as their purchase id as an added measure and then if the details validate the user is allowed to install the application.

On the validate page in the installer I personally want the user validate email adress, serial and the purchase code just to be sure the user is a genuine user.. I think its possible right?


Once the user has used the serial it will not be allowed to be used again, users who pay for a product and expect to reinstall due to format can email the company along with their serial and purchase number as well as other personal details and a new serial will be sent to them. A user will not be permitted to request a new serial more than 3 times each month this will help prevent distribution.


Very nice idea.. like that very much!! But maybe the serial can be used 2-3times before need a recreation from me (company) maybe? but in other hand more control if its one time only as you said. Like that idea very much :cool

We skip the "license file" creation or will that be little overkill or what do you think? I think the system as you describe it would take hard time to go around it.. and as you said for smaller products the "hackers" don't want to spend that much time to go around so I say as before.. go for it :yes


The theory I have behind circumventing distribution is to require personal details that I am sure a user wouldn't feel comfortable distributing around the internet such as email addresses, first and last names as well as date of birth etc. This wouldn't prevent all circulation but I'm sure it would help prevent alot of it.
Im with you there too, but people that want to pruchase a product often want to share the personal information just to be sure they do right and can easly get support later. But for the form to get the serial etc just need to contain "email address, purchase code and first/last name i same field" more is not needed.. then for internal use from the company it would be great to have something like you showed before:

http://i61.photobucket.com/albums/h49/dwayne121/Sauthsql_adduser.jpg

But then the user need to post it to so its little compromise.. but looking forward to this then you are done with it and some screens info of the progress work :yes

/reed

Heres the activation page. It's simple looking, but effective it does what it's suppose to do.

http://i61.photobucket.com/albums/h49/dwayne121/sauthsql_activate.jpg

That's the only page that a user will actually see the rest are only seen by the company owner in the administration panel. More work to showcase will up soon.

Heres the activation page. It's simple looking, but effective it does what it's suppose to do.

http://i61.photobucket.com/albums/h49/dwayne121/sauthsql_activate.jpg

That's the only page that a user will actually see the rest are only seen by the company owner in the administration panel. More work to showcase will up soon.

Wow looks great man!! cant wait now:)
Just a question.. the dropdown list for choose product.. is that needed? or can it be disable, lika Admin option maybe?

And another thing.. the activation php page.. is that located inside the admin panels folder or can it be where ever I want to place is on my site for example?

Anyway this looks so good as it can be.. extremly good work :yes

/reed

The activation page is outside of the admin folder and is not accessible via the administration panel but managing the content on it will be accessible via the admin panels manage content menu. Seeming as the activation script is the only script an outside user can access it is displayed separately I may even make it look better which I think I may do.

The activation page is outside of the admin folder and is not accessible via the administration panel but managing the content on it will be accessible via the admin panels manage content menu. Seeming as the activation script is the only script an outside user can access it is displayed separately I may even make it look better which I think I may do.

Okey, thats cool.. looking forward to this :)
Great work so far!!

/reed

User purchases product from the internet via shopping cart or whatever.
The user is then given a purchase number this will be 10 digits in length.
The user will then be placed into the system, but the user will be marked as not being able to be used.
Once the user via the appropriate form has entered their purchase number and email address along with their firstname and lastname a serial is then sent to the users email address.
Once the email has been sent to the user with the serial, the user can now open the installation for the product enter the serial they were sent as well as their purchase id as an added measure and then if the details validate the user is allowed to install the application.
Once the user has used the serial it will not be allowed to be used again, users who pay for a product and expect to reinstall due to format can email the company along with their serial and purchase number as well as other personal details and a new serial will be sent to them. A user will not be permitted to request a new serial more than 3 times each month this will help prevent distribution.



Heres the activation page. It's simple looking, but effective it does what it's suppose to do.

http://i61.photobucket.com/albums/h49/dwayne121/sauthsql_activate.jpg

That's the only page that a user will actually see the rest are only seen by the company owner in the administration panel. More work to showcase will up soon.

This is pretty much I wanted to have but to input more ideas that I want to have.

First like this registration page: http://www.leonardosh.it/maddog/en/maddog_reg.asp I want to have like a security like the "Code" there so users input the random code from the image there..

And for the purchase/registration progress like this (which are pretty much like that you describe before): http://www.flythemaddog.com/forum/index.php?showtopic=2408

So what I want to have at the registration page is pretty much like yours:

Firstname: (real first and lastname, same from the purchase if possible)
Lastname: (real first and lastname, same from the purchase if possible)
Email Address: (same email address that users used for the purchase if possible)
Purchase Code: (same as your Purchase Id, but I what to have the purchase code made of 12 characters, the first is a letter and the last two can also be letters if possible) gaves more security :)
Code: (this random image numbers)

The "Purchase Code" that users will be given on purchase I want to it to be made of 12 characters, the first is a letter and the last two can also be letters and random generated as normal.. maybe from SUF and its serial number generation tool, there you can make the construction of the numbers? and then export the numbers out.

the validate screen in the installer I want it to be pretty much the same as the registration page on the website.. except the code image.. so like this in the installer:

Firstname: MyFirstName
Lastname: MyLastName
Email Address: MyEmailAddress@something.com
Purchase Code: XXXXXXXXXXXX (eg. A123456789BC) (12 characters, the first is a letter and the last two can also be letters)
Serial Number: Like normals or that type I deside to user later? will it be so we developer can set this later?

I think this sounds very great stuff!!

If you need more ideas or my opinon what I want it then shoot for it.. or need someone to test it in server etc.. if you have msn then contact me via the PM on the forum if you dont want to share all with your msn :)

Looking forward to this system now I need some sleep.. will work night at work this day so need to sleep pretty much the whole day here but thats cool.. I can do pretty much I wanted at work at nights.. play with this stuff, xbox360 and much more for example :)

/reed

I didn't do any coding on Sauthsql today whatsoever! I had an easy day actually and decided I want the administration panel to look better than it does I'm thinking of taking a vista approach to it and use glossy black effects on it make it look really professional. I'll be redesigning the logo I had made for it plus rescheming the css I thought maybe adding the option of selectable colour schemes would be cool or even just allowing a user to edit the css style that comes with Sauthsql.

I have also added an wysiwyg editor (open source) that I found on google which I will be using for content based management such as registration page and error messages. This will make it easy for people who don't know html tags for text formatting.

Anyways I'm going to get started on creating a new colour scheme might have some screenshots in a few days. This means development of Sauthsql has been pushed back, but I want it to look the best I think it can and I think it has a lot of improvement for visual appearnace ;)

I didn't do any coding on Sauthsql today whatsoever! I had an easy day actually and decided I want the administration panel to look better than it does I'm thinking of taking a vista approach to it and use glossy black effects on it make it look really professional. I'll be redesigning the logo I had made for it plus rescheming the css I thought maybe adding the option of selectable colour schemes would be cool or even just allowing a user to edit the css style that comes with Sauthsql.
We all need som day off sometimes so no worries about that :)
I only running Vista from the release day and I love it very much.. very fast etc.. so I have not been boot up XP sense I installed Vista Ultimate :)
Looking forward to the new cool style you talk about


I have also added an wysiwyg editor (open source) that I found on google which I will be using for content based management such as registration page and error messages. This will make it easy for people who don't know html tags for text formatting.

Anyways I'm going to get started on creating a new colour scheme might have some screenshots in a few days. This means development of Sauthsql has been pushed back, but I want it to look the best I think it can and I think it has a lot of improvement for visual appearnace ;)

wysiwyg editor is allways good to have.. looks more professional is you ask me. And again sounds great the new colour theme you working on.. just let us know. And you got my new ideas how I want to have it so then you start the development again of the code then you know what to do :) hehe

Great stuff you working on anyway!

By the way.. I sent you a PM on this forum.

/reed

Hey,

My website is now back up well the forums are anyways so I'd thought I would share that with you as a lot of Sauthsql updates will be displayed on the website. If you're interested in the development of Sauthsql then visit my forums. The main site is still under development at the moment but the forums are functional.

http://techittytech.com/forums/

A lot of updates will be frequently posted on the forums sometimes even daily updates etc.

Thanks,
Dwayne

I'm interested in the work you've done on this so I tried clicking on the link but got a 404 message. (not found)

This is very good!!

Try this URL: http://techittytech.com/forum/

/reed

Hello all,

Just ran across this...this evening... did this project die off?

Thx...jim

I'm slowly creating another thing to do this, but aiming only at the engine, without any interface to it. Though it'll be possible to send virtually as much information you want for validation.

Hi,

This project didn't die I have just been so busy with work and other stuff that I simply lost time for it. I can provide the authentication file and the SUF installer if anyone would like it.. I might get the GUI system complete one day but my work load is hectic and I don't like my chances of that happening shortly.

Included in the file is the SQL for the sauthsql database. The Authenticate PHP script and the setup factory installer project file.

SauthSQL Download!! (http://www.techittytech.com/sauthsql/Sauthsql.zip)

Enjoy, hopefully someone might be able to code a GUI interface for it before I do. Please respect my work efforts and give credit if used in anything,greatfully appreciated.

I downloaded it, there's not much done. What happened to the nice Web GUI? Anyway I'm currently working on ActyLine, a clone of SauthSQL (you gave me the idea) but it's designed to be used from, any programming language capable of HTTP.Submit and POST.

I got someone working on PHP so I can focus on other parts, and it will be a commercial product, but I'll make sure to give out a free version for everyone here at IR Forums ;)

Like I said I may complete a GUI for SauthSQL when I get the time. I scrapped the previous GUI I may have it on backup somewhere. But I changed the layout so many times I just deleted it.

I have sparked interest into SauthSQL again. I'm going to make it create hash files so that the software being installed will require a lock file, perhaps a custom DLL should do the trick and tie it into an online activation server system that authenticates the license file and activates the software.

I'm re-working on SauthSQL's code, so you will see an OOP principle approach being used this time. Plus a more secure hashing authentication system, with a talkback feature that activates the software. I'm not going to set a time frame but this will be free software released under some free license I'm not entirely sure yet.

Keep an eye out for future development updates. I'll track my progress here in my thread :)

Sounds great to hear you are still working on it :)

/reed

It's been one long roller coaster that's for sure! But I have started on coding SauthSQL in PHP, I'm actually having fun overcoming hurdles and huge problems which is what I like :)

Essentially here is a recap of what SauthSQL will do, and how it will do it (the best way I can describe it!).


Summary:
Software theft and piracy is an ever ongoing problem with large software companies who invest millions of dollars into protection routines, encryption software, powerful hardware and high security measures. Sure that gets the job done usually but chances are, you're not rich, yet!

What if you could have that powerful piracy solution for your software product and not have to pay a cent for it? SauthSQL aims to do what many have tried and failed at! Secure software distribution management and security.

Much like windows XP and it's activation process, SauthSQL contacts an authentication server which verifies through certain details contained in an encrypted license file if the user is really the owner of this software. The license file is intended only to be used by the licensee and if it is distributed, hopefully intelligent detection routines will be able to tell this through comparison algorithms which I have been working on.

Taking into consideration many factors such as hardware keying and the chance of hardware being removed rendering the software useless SauthSQL will allow the user to modify their system provided that they do not change the system completely as this will be detected.

In the process a user will be required to give the server, the serial number their purchase number and a pin code, other information will be submitted and tied to your serial number this will only occur once, but the checks will be ongoing every time the serial is used.


Problems to resolve:

Generating a license file with the users registration data and identifiable information collected from the users system.
Preventing the license file from being modified and distributed on the web.
Making SauthSQL hard to crack, using complex algorithms and encryption routines.
Allowing a user to install the software offline through obtaining a license file or activation code perhaps via sms, telephone, etc.
Preventing data from being intercepted and then spoofed from a third party (hacker, script kiddie).
Preventing a serial from being used on a system that it wasn't intended for.


I have a lot of things to do before SauthSQL is finished but I think it will be great when it's done. Stay tuned for an update sometime soon. I'll add to this post eventually with more information as I get further on with the project.

If anyone would like to volunteer time and knowledge for SauthSQL then please contact me via:

Msn: dwayne_the_guitar_pirate@hotmail.com
OR
Emai: dwaynecharrington@gmail.com

I am interested in anyone familiar with compiling .DLL files potentially for creating a hashed license file using SUF!

As well as people with moderately advanced knowledge in PHP for encryption routines, security and server!

I added you to MSN or Live!, whatever it's called. I guess we could combine ideas from ActyLine with those from SauthSQL and make something better. I'll explain over MSN.

Sounds like a sweet deal to me. Combining ideas would be a good idea, seeming as it is PHP making it compatible with any installation would be easy seeming as all data handled will be handled by POST.

Perhaps we could go to the extent of creating plugins for various CMS's like PHP-Nuke, Joomla, e107, PHP-Fusion, PostNuke, Wordpress.

Also various open source shopping cart systems. Os-commerce, Zen-Cart and a few other players.

Definitely a plugin system would be a fantastic idea. I'll talk to you about it on MSN when you're on, my time zone is GMT +10 I'm usually on my time around 6pm onwards.

Ouch, I'm GMT+2... 6 PM in GMT+10 is 2 AM here...

Oops, my math sucks. 18:00 in GMT+10 is 10:00 in GMT+2. That's good:D

This sounds very good boys!
Keep me informed :)

/reed

Yeah, I have almost all the client-side code done, but it's for AMS (since I don't use Setup Factory), but it'll hopefully be for all IR products when it reaches 1.0.

OK, this will be GPL, with LGPL and other licenses available for a small fee (not fixed yet, won't be higher than $10 though) to cover the conversion process (we might release it directly as LGPL if the quality doesn't meet the top standards). The communication in currently encrypted with ROT13 (SSL available), but I plan to make with Blowfish and SHA-1 + MD5 for the serial number (of SHA-512 directly if PHP supports it) so there's a ton of security (the primary concern ;))

dwayne12 said that he'll work on the server stuff, so I'll work on the client part. I plan to find some volunteers to help converting it to PostgreSQL, OBDC, and other DBs, in PHP, ASP, ColdFusion, and so. Heh, we might even make our own system, but PHP & MySQL are the primary target (PHP 4 & MySQL 4 strongly preferred since PHP 5 & MySQL 5 hosts are pretty rare).


Well, that's all planned for now. I'll talk to dwayne12 to plan other stuff, though I've done careful planning for ActyLine and all is very good, just work needs to be done. See ya later guys, and try to give us suggestions :yes

OK, here (http://www.actyline.yurx.com/forums) are my old ActyLine forums. I'm not sure which name to use, but I'd pick should use ActyLine because it sounds more modern.

Progress update: We now have a SVN server! A friend from UK was kind to provide one for me, and it's great! Now anyone can download ActyLine and take a look at the progress (pretty nothing right now, just me messing with the licensing, folder structure, etc). To get the SVN address go here: http://www.actyline.yurx.com/forums/viewtopic.php?f=2&t=17

OK, time for a status update. A friend was working on a function to check if it's ActyLine "on the phone" and I told him to rewrite it to use the licensee info sent by the client and add blowfish to decrypt it. As I was a little tired in the afternoon, I took a nap and as a result I'm not sleepy even at 3 AM :) So I went and rewrote pretty much 70% of the PHP code (expanding my PHP knowledge quit a lot) and now it should be much faster and secure. That's all.

As of today, 2007.09.12, 07:18 GMT, Actyline has reached 100 revisions on it's Subversion repository. As a result, we, the ActyLine developers, have decided that ActyLine is not worth to be continued and the project has been canceled. We thank you to everyone who helped us reach our first milestone! I wonder how many people will spot this and realize that it's a joke. Anyway, congratulations for spotting this!

Ladies and Gentlemen I am very pleased to announce SauthSQL Beta: 1.0 is just days possibly hours away from release!

What to expect:
* Secure encryption using MD5 and Blowfish(you define the key).
* Heavily commented code (LUA code for Set-up factory and PHP code for server script).
* MySQL Database SQL code for setting up the database.
* Small GUI for adding, deleting, editing, banning a user from the database.

It is possible to use this script not just with Set-up factory, it could be used with any installation provided all variables are the same in the PHP and installation code changing will be a breeze because of the in-depth commenting of the code.

Future Additions:
* Installer for installing SauthSQL.
* High security layer.
* SMS/Telephone activation methods implementation.
* Shopping cart integration; Open source and commercial products.
* Paypal support; Smooth transactions with paypal integration.

I will be updating the script regularly after Beta 1.0 is released to the public. feedback on it would be greatfully appreciated.

Another update people.

I have successfully completed the authentication part of SauthSQL. The encryption uses Blowfish with a key that you define yourself. I did have to overcome a few hurdles involving set-up factory and the strange strange type of ecb blowfish encryption set-up factory uses, I have a custom unpadding function that helps unpad the data plus a swap function that converts the encrypted data to big endian format.

Although I am sorry to disappoint a few of you, there is presently no GUI as it is only a beta version copy of SauthSQL. Beta version 2 should hopefully have a beta GUI which I will work on and improve for the stable release.

This project has sure taken it's time but it's worth it in the end.

Please be advised that SauthSQL uses the PEAR library and it is a requirement as it uses PEAR for the encryption.

** Another status update **

After quite a lot of thinking, I have decided that I will bundle all versions including the current one that's about to be released with an advanced installer. Which will help the user step by step install SauthSQL, Create the MySQL database, Define the Encryption key and other stuff required. :yes

This will in turn, make the installation process a lot easier and user friendly.

** Another status update **

After quite a lot of thinking, I have decided that I will bundle all versions including the current one that's about to be released with an advanced installer. Which will help the user step by step install SauthSQL, Create the MySQL database, Define the Encryption key and other stuff required. :yes

This will in turn, make the installation process a lot easier and user friendly.

Great news!!
Looking forward to this, but keep us updated and post screens then you have a GUI interface :)

/reed

Any updates on this project? I have been following it for a while. It looks great so far. I am relatively new to AMS, started with 6.0 and now have 7.0, but I have been using MySQL and PHP for several years. I think this will be a great help to all of us and if I can help in anyway, please let me know.

This sounds like a great piece of coding you guys have been working on. The suspense is killing me!! :D Any ideas when the big release will be?

:) Dwayne has developed a good code. I test it in a real environment using a website where I uploaded the scripts. Everything is all right, except for one detail: I can't understand why don't receive the mail with the user's data :rolleyes. I'm sure the smtp mail server is working because I test ASP code in which send a short e-mail to me (a year ago). If anyone know what steps are required to try, I would appreciate it.

Sounds like a good solution. Looking forward to seeing it soon.

WOW! I have been looking for something like this for years! When I saw this forum, I read all of it! It took me about 20 minutes but that's ok. This sounds just awesome! I hope this comes out soon. WOW! :yes


www.dknh.org

Any news on the project dwayne12?
Like screens from the GUI etc.. :)

/reed

dwayne12 been trying to get my hands on this for sometime now your link no longer works just wondering if you still had this working i like the idea and would
of loved to used it with my software i have

give me a heads up if you are still working on it thanks.

:yes OK, I'm sure that code will be a good success with all that features (including client-encryption, server-decryption, etc., etc.) , but what happend if anyone else have the same trouble I found? :cool I'm not specialized with all the internet software (and it's very possible somebody else will have this trouble in the future). Maybe if i tried to be more specific in my tests, we could resolve it.

I use H-Sphere, a web hosting Automation Control Panel for shared web hosting services (you can get more information in Wikipedia.org) but the mail software service is @Mail, a commercial webmail, mail-server and groupware solution designed by Calacode, located in Sydney, Australia (visit Wikipedia.org for more info). I created a mail account with H-Sphere almost two years ago, but only can be used in @Mail (compose, read, send, etc.) When the setup is going to send the mail details about the client (system variable values about the user), that details are supposedly sent to that @Mail account.

I was thinking the reason I don't receive the mail, is that the server which is storing H-Sphere and the php script, couldn't be a POP server and/or SMTP server (but I said I could receive a mail generated by a asp script). I also was thinking the mail generated by the php script could require some kind of extra code to be accepted by the H-Sphere's smtp server or @Mail's smtp server. For example if I have a Yahoo account, and if I use Outlook Express, or Outlook 2003, I must activate the authentication features to use Yahoo's mail servers. The problem is I don't find authentication features in the @Mail web application (neither in H-Sphere). I also was thinking it could be treated like spam, but how that could be?, since the POP and SMTP servers used are provided by the same @Mail (or H-Sphere?).

Hey everybody,

After receiving a few emails from people as well as reading this forum, it would seem that the demand for this is far greater than I thought it was. When I started I honestly thought interest in this project was minimal now I see that I was wrong.

So I am now announcing my return to resume the development of "iSecurePHP". It's been a bumpy ride basically for this project, I still have all of the code for this and I guess now I just have to go over it again and pick up where I left off from.

The features will be the same as I posted a page or two back. This time round the project will be finished and I want it to be the shortest time possible as well for keeping you folks waiting.

I'll keep regular updates in this forum and I welcome suggestions via email for this project as well as contributions if anyone is interested.

Thanks and it's good to be back!

- Dwayne Charrington.
http://www.dwaynecharrington.com

Here's a little update about the project so far where I left off and where I have still to complete.

* iSecurePHP comes with 2 client source project files. For AutoPlay Media Studio and Setup Factory.

* iSecurePHP is semi-compatible with other installations and applications.
Pre-requisites are:

Your application or installation can communicate with a PHP script.
Your application or installation can send data via POST to a PHP script.
Your application or installation must send base64_encoded / Blowfish encrypted data to iSecurePHP unless you mod it to do otherwise.

* iSecurePHP uses 2-way blowfish encryption. Data is sent to iSecurePHP base64 encoded / Blowfish encrypted.

* iSecurePHP will have a Administration panel.

* iSecurePHP comes with an installation to install on your server.

Great news!
looking forward to this project!

/reed

That would make two of us Reed.

Basically all that needs to be done now is create the installation for iSecurePHP and to create the administration panel and all of the pages and functions and that is it.

The authentication part has been 100% finished now, functioning just fine.

I've tested everything regarding the encryption about 25 times maybe more and I am pretty happy with how stable the code currently is, could be room for improvement but the first release will be Beta anyway, so bugs may occur.

As an added bonus for users, I'll be using AJAX on some functions for example.

* Live updated stats about the database, number of users, activations, registrations.

* Database tasks will all be simplified with AJAX calls so no page refreshes.

For the Beta 2, there will be a beta 2 because beta 1 will have bugs and more bugs will most likely occur. Beta 2 will have plugin support I will also write up a little document explaining how to develop plugins for iSecurePHP.

Writing plugins for iSecurePHP will require knowledge of PHP & MySQL.

Sounds great... Can't wait!

How much time do you think it will take to finish? thanks

Well it kinda depends. If you want iSecurePHP without an installer or Administration Panel, then it's functional now but you will need some knowledge of PHPMyAdmin or something and know how to edit some values in a PHP configuration file.

Otherwise my estimate is a few days perhaps.

At the moment I'm working on the installer for installing the script to your web server. This is important for people who don't know how to edit database values and script values etc.

The administration panel is veering behind the development of the installer, I alternate between them.

Wow thats great news!
Keep up the work and keep us updated :)
This going to be nice!

/reed

I would be interested in porting this the Coldfusion 8 when you release it....will source code be available with purchase ??

It's been a while since I've checked this forum. THANK YOU DWAYNE!! :D I'm ecstatic you've taken the project back up. You just made my day better. Keep up the good work!

I would be interested in porting this the Coldfusion 8 when you release it....will source code be available with purchase ??

Hi Hiddenhole,

iSecurePHP will be freely available and completely open source for everyone.

I will offer paid services for iSecurePHP as well. These are completely optional:

Paid Full Support - $60 - 3 months.:

Email support - A reply within 8 hours or less of receiving the email.
Instant Messaging Support - Support via Windows Live Messenger.
Half price script installation - Half price script installation only $50.

Script Installation - $100 for non paid full support users.:

Script installation and configuration - Your script is set-up and configured to run without you having to lift a finger.

I decided not to create a script installer for iSecurePHP too much time wasted that could be spent on other features. So instead it's a configuration file you change the details in, create a database and import the .sql file into PHPMyAdmin or something and you are good to go.

You are more than welcome to port it to Coldfusion 8 in fact I encourage it and anyone else who wants to port this to another language or database other than PHP & MySQL.

I've been working on the administration panel and the reason it's taking longer than expected is because I've been plugging all potential security risks that I have seen with the administration panel. Because this script will be a package used by companies and whatnot, I want it to be safe and secure and not let anyone's details become easily available.

Here is an update folks.

I have got great progress on iSecurePHP. I decided to create an installer which is now done.

It creates the configuration file for you so theres no need to edit the script.

I have also made the code more efficient, it still needs prettying up but that'll be last on the agenda. I just want to get this project out there and do a little bit of beta testing before I decided to release it fully public.

I would be very interested in hearing from software developers who have already got a product that they can test iSecurePHP with. I'm planning on a private beta in about a week or so. I will be very interested in getting feedback from people who use Autoplay Media Studio or Setup Factory 7.0 to get a rough idea of the projects effectiveness.

I can be contacted via: dwaynecharrington(at)gmail(dot)com. Or you can reach me by my blog which I'm always on. http://www.dwaynecharrington.com.

I look forward to finally getting this project out and rolling!

Im back to work :( but this keep thing up thanks :)

/reed

It's slowly getting there, I haven't been able to do much over the past couple of weeks I haven't been feeling that well health wise. I still don't but I still have managed to do some stuff with iSecurePHP though.

Sorry about the wait it shouldn't be too much longer.

Okay, so I've been a bit slack on the updates and what not. I haven't posted a screenshot in a long time so here it is, a screenshot of the final GUI of the administration panel for iSecurePHP. There will be more too come shortly as soon as I complete a few things. The colour scheme is simply controlled by a CSS stylesheet, if you don't like the pink then you can change it if you feel inclined to do so.

Screenshot #1 (http://www.dwaynecharrington.com/projects/iSecurePHP/screenshots/screenshot1.jpg)
What do you think of the use of pink in the admin panel?

Here's another screenshot of the user management panel.

Screenshot #2 (http://www.dwaynecharrington.com/projects/iSecurePHP/screenshots/screenshot2.jpg)

iSecurePHP is almost actually complete. The administration panel development is coming along a lot faster than I expected. I am quite proud of the new administration panel layout with the pinks and stuff. Expect this probably ready for beta testing in like a few days or so, I'm in development overdrive at the moment. :eek:

Looks good! not I a big fan of pink but nice theme anyway!
I think its nice if it can be edited:) which I think it is.. hehe keep it up!

/reed

The theme can be definitely edited to your tastes easily. The administration panel is CSS and XHTML. The logo is just a photoshopped logo which I can provide the PSD so you can change it.

Okey, super cool!

/reed

any idea how long before the beta comes out?

I noticed the project was not listed on dwayne's site anymore, did he kill it off?

I am really looking forward to seeing this in action

Hey people,

I completely forgot about this forum, other things on my mind. I have a working copy available of iSecurePHP. The administration panel is semi complete. It has browse, add, and delete functionality.

iSecurePHP is available now, although it's beta, it has been tested by people and it works fine.

I have all the details regarding to project updates and whatnot on my website:
http://www.dwaynecharrington.com/projects/isecurephp/

Chances are I won't check this forum much, so please do visit that link (bookmark it!).

And what if someone changes their hosts file to redirect your webserver (after finding it out from using a fiddler) to their localhost and making a file return true to your verification?

I'm was looking for something like this, but all the site links and the site is giving 404 errors or a 403 error.

Is thi project dead. I'd like to use this in my Airwolf project to protect the files from going to the pirates. Using a system like this would then make it easier to find serials that has been posted with the file so i can balck list them!

I wrote something for a client that used an SQL table & php.

basically it sent in the serial # and checked the sql table to see if it had already been registered; if not; it updated the sql table with the user information (filled w/in SUF's screens) and returned an ulock code. (I sent in the hard drive s/n; the php manipulated it and returned a hash value back) This prevents someone from updating the dns and proving their own server to return "a good value" -- since the value only works for that specific hard drive.

It was all relatively easy to do. Since this client paid me for the work & it is his commercial software protection scheme, I can't share the exact code -- the process was very easy to do.

Whoa. Completely forgot about iSecurePHP. I've still got the code on my harddrive, but haven't done anything with it in a long time. Last time I checked it was in a functional state with a partial admin panel.

As for concerns;

1. A person can't spoof the host by redirecting using a hosts file for the simple fact a MD5 key which you define in the application and in the server which is sent obfuscated and encrypted is checked on returning of the result. So unless you have the MD5 key, it cant be tricked so easily.

2. What's stopping someone sniffing the data and then using it to create a spoof server? Quite a lot of time would be required to decipher the data being sent to the server - due to the fact that a lot of 'dummy data' to trick spoofing is also sent obfuscatec (in simple terms, a spoofer doesn't know what data is dummy data, and what is real data regarding to the application).

3. If anyone is interested in the code for iSecurePHP, contact me via my website: http://dwaynecharrington.com.

Hope iam Right here ....

Want that Setupfactory download a random Serial from a url like xyz.com/code.php

That code has to give to "uCode" (function in a screen that i made) now its empty but i want that it get code from that url

Hope you can help me ^^ because you coded a screen that is similar to my idea

thx

Sorry for doublepost .. cant edit:

I have that code but doenst work @setupfactory because

"=" is requested but cant put in there ...

here my code:

WebRequest webRequest = WebRequest.Create("http://xyz.de/code.php");
WebResponse webResponse = webRequest.GetResponse();
StreamReader sr = new StreamReader(webResponse.GetResponseStream(), Encoding.ASCII);
uCode = sr.ReadToEnd();


pls help :D

I've started on this project slowly in my spare time again. The feature-set has changed, and things seem to have gotten way advanced from the original idea it was.

Features


Secure licencing client and server side through the use of encrypted values
Online invoicing and integrated payment gateway system
Online software download tracking and management
Individual license code tracking and unique user serial code tracking.
Ability to add your software products, assign quotas and limits to the amount of licences given out.
Customer client area where they can login in and change their personal details, purchases new products and request new serial codes for their products
Administration panel for the administrator to add new users, edit and remove them. Add, edit and delete products. Change site settings
Version checking(optional) - Every time a user tries to install a product you own, you can enforce whether or not they have to be using the latest version of your software to continue installation
Automated software deployment. Allow iSecurePHP to automatically send the software installation to the end user once they have successfully made a payment through your site
Ability to integrate with Wordpress, Joomla!, PHPBB, vBulletin, MyBB, Vanilla and more
Time limited licenses and expiration installations, plus more


I'll try to update this topic as much as possible.

Hi, I got around the web-serial activation problem by;

1. Using the FTP plugin and downloading an ini file from the FTP server.
This file has the number of allowable installations in it.

2. The values inside it are blowfish crypto-values and

3. using SF8 to unencrypt those values to validate the install. Subtract one from the allowable installs variable

4. re-crypt the values and

5. put the file back on the server.

simple, crude but it works

Hey Shide,

iSecurePHP is something along those lines, but it offers far more advanced customisation features. I've since added a lot of code to it in the last couple of days.

In your SUF project file you define an encryption key which will encrypt and decrypt encoded data sent to and from the iSecurePHP server.

Data is sent encrypted with blowfish to the server where it is then unpadded, base64 decoded and then unencrypted. The details are then searched through the use of precise SQL queries.

I am offering the option of version checking. This means that the version number of the users software is sent to the server and checked, and if you decide that you want to force users to use your new version, they must upgrade to install.

After everything is verified a result is sent back to the install which is blowfish encrypted and then the installation will decrypt it and move forward if the result is true. The encryption keys are also matched to ensure that iSecurePHP sent the data.

This will be hostsfile spoof proof unless someone knows your encryption key and makes a PHP script to fake the server, very unlikely unless you choose a poor encryption key.

There is also a client area where clients can login and change their details, purchase new products and request help.
(http://www.exampledomain.com/client)

The administration panel allows you to modify every aspect of iSecurePHP. Add, edit and delete users. IP banning, product banning, version banning and more.

Automated product delivery system: Allow your clients to purchase software automatically via payment gateways (paypal, moneybookers) and have a product serial number sent to them automatically along with a link to the install file directly to their email address.

Pirate alert mode: Through the use of a custom algorithm, iSecurePHP will detect whether or not a particular user id or product serial is being used a lot and from multiple countries and different names. It will do comparison checks and alert you if it suspects that your software has been distributed onto the Internet.

SUF project file generation: Not sure how to implement iSecurePHP into your SUF project? iSecurePHP will generate a base project file for you to modify and change to get started making your installations secure.

I am going to be offering paid and free versions of iSecurePHP, obviously a paid version because of my hard work and time spent creating this script.

Here's an update of what the administration panel is going to look like. I swear I've designed like 25 different layouts for the admin panel, I think this one will stick.

http://dwaynecharrington.com/isecurephp_screenshot.png
http://dwaynecharrington.com/isecurephp_screenshot2.png

More to come people.

Hello everyone,

It seems as though iSecurePHP has been slowly in development for what nearly 3 or so years now? Funny thing is I am still slowly developing it and making it completely awesome.

The expectations will no doubt be high for something that has been in development for so long. I am a perfectionist and it'll be out sometime soon, hopefully by early 2010.

The idea is simple, but creating something that works securely is another priority that can be dealt with in a lot of ways. I am making it so it is pretty impenetrable.

Much like anything, it can't be 100% secure and hack-proof, but even if it's 95% hack-proof, it's good enough. Rather than saying a beta will be ready, but then discovering the code isn't ready for beta, I'll stick to the mantra of releasing it when it's ready to be released.

The authentication part is done, but I'm going to go through all of my code and remove, optimise pieces of code that I wrote back in the early stages of iSecurePHP.

I do promise that it will be worth the wait. I know a lot of you are looking for something like this, so I want it to work properly for you.

iSecurePHP will have:

* Licensing system - Time expiring licences, IP restricted licences and pretty much any type of licence restriction you can come up with. It'll have a custom licence creator.

* Useful widgets that will help track and protect your software from illegal distribution. Intelligent tracking will be able to detect if a serial is being used illegally through the use of some pretty heavy algorithms that I have coded for iSecurePHP.

* Completely OOP. The whole entire iSecurePHP package is written in OOP PHP code.

* API System - I'm hoping to have a decent and functional API for iSecurePHP allowing you to do cool things with its data.

* Invoicing & File Distribution System - Automatically sell and distribute your software with integrated payment gateways and automatic file delivery to your users.

Plus way more... Thanks for your support over the years, I look forward to the feedback once it's done.