当前位置: 文江博客话题详情

PHP CMS:“Call Home”安装时的各种功能

发布于 2024-11-01 08:26:48 字数 401 浏览 1 评论 0原文

我正在开发一个网络应用程序,可以免费下载该应用程序以与生产站点的其他许可证一起试用。我知道这类事情是不受欢迎的,但我想在安装文件中包含一两行,以将当前安装 URL 保存回我的数据库,以便我可以与付费用户进行交叉检查。我并不想验证许可证(但)除了监控盗版之外,这些 URL 不会以任何方式使用。如果用户删除此代码或没有互联网连接(本地安装),则不会出现错误。另外,出于法律原因,我会在 EULA 中让用户了解此功能。

大多数回调函数都使用 file_get_contents 但它们正在验证,我只想存储一个 URL。发送带有 GET 变量中转义的 URL 的请求是否可行?各种服务器设置的安全性、速度和功能是关键。

也欢迎任何替代建议......我仍在努力找出许可和“保护”该软件的最佳方法。

预先感谢您的任何帮助!

原文

I am developing a web application that will be downloaded free for trial with other licenses for production sites. I know that these sorts of things are frowned upon but I would like to include a line or two in the install file to save the current install URL back to my database so I can cross check that with paying users. I am not trying to validate licenses (yet) these URLs would not be used in any way except to monitor for piracy. If the user removes this code or doesn't have an internet connection (installing locally) then there would be no error. Also, for legal reasons I would make the user aware of this function in the EULA.

Most call home functions out there use file_get_contents but they are validating, I just want to store a URL. Is sending a request with the URL escaped in a GET variable a viable option? Security, speed and functionality on a wide variety or server setups is key.

Any alternate suggestions are also welcome... I am still trying to figure out the best way to license and "protect" this software.

Thanks in advance for any help!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

只有影子陪我不离不弃 2024-11-08 08:26:48

这是系统的一个相当简单的版本,但它现在应该可以完成工作。它的工作原理是提供当前服务器的 URL 作为密钥,但是您可以将其替换为许可证的唯一 ID。

对于 CMS/应用程序:

<?php
define('SITE_INVALID', 'invalid');
define('AUTH_SITE',    'http://www.example.com/verify.php');

function verify_install($key){
    $result = file_get_contents(AUTH_SITE.'?key='.urlencode($key));

    if($result == SITE_INVALID){
        return false;
    }

    // Valid
    return true;
};
?>

然后在页面中的某个位置(早期):

<?php
$site_key = $_SERVER['SERVER_NAME'];    // Use current site URL (eg: www.example.com)

if(!verify_install($site_key)){
    // Invalid
    echo 'Your account is disabled';
    exit();
}

// Continue as normal
?>

在许可证服务器上:

<?php
define('SITE_VALID',    'valid');
define('SITE_INVALID',  'invalid');

function verify_remote_install(){
    if(!isset($_GET['key'])){
        // Nothing sent - assume fine
        return true;
    }

    $key = urldecode($_GET['key']);

    // (Check if key in database, etc)
    $result = key_is_valid($key);   // Replace with your own method

    if(!$result){
        // Invalid
        return false;
    }

    // Valid
    return true;
}
?>

然后进行验证:

<?php
$result = verify_local_install();

if(!$result){
    echo SITE_INVALID;
} else {
    echo SITE_VALID;
}
?>

您需要将 key_is_valid() 函数替换为您的验证方法key,无论是检查它是否在数据库中还是其他地方。

另外,如果您不确定(例如:如果与验证服务器的连接失败,或者密钥未发送),您最好假设它是有效的,这样如果出现用户无法控制的问题,你会给他们无罪推论。您希望为合法用户提供最佳体验,并在可能的情况下阻止盗版,而不是给付费用户带来不便。

如前所述,任何具有 PHP 基本知识(甚至只是能够阅读)的人都可以轻松找到它并禁用它(如果代码没有以某种方式混淆)。您可以在 http://code.google.com/ 找到可以为您执行此操作的开源应用程序p/phpobfuscator/.如果您仍然想允许开发人员修改应用程序,您可以考虑混淆许可代码,放入一个单独的文件并给它一个假的、无辜的名称。

This is a fairly simple version of the system, but it should do the job for now. It works by providing the current server's URL as the key, however you could swap that for a unique ID for the license.

For the CMS/application:

<?php
define('SITE_INVALID', 'invalid');
define('AUTH_SITE',    'http://www.example.com/verify.php');

function verify_install($key){
    $result = file_get_contents(AUTH_SITE.'?key='.urlencode($key));

    if($result == SITE_INVALID){
        return false;
    }

    // Valid
    return true;
};
?>

Then somewhere in your page (early on):

<?php
$site_key = $_SERVER['SERVER_NAME'];    // Use current site URL (eg: www.example.com)

if(!verify_install($site_key)){
    // Invalid
    echo 'Your account is disabled';
    exit();
}

// Continue as normal
?>

And on the license server:

<?php
define('SITE_VALID',    'valid');
define('SITE_INVALID',  'invalid');

function verify_remote_install(){
    if(!isset($_GET['key'])){
        // Nothing sent - assume fine
        return true;
    }

    $key = urldecode($_GET['key']);

    // (Check if key in database, etc)
    $result = key_is_valid($key);   // Replace with your own method

    if(!$result){
        // Invalid
        return false;
    }

    // Valid
    return true;
}
?>

Then to verify:

<?php
$result = verify_local_install();

if(!$result){
    echo SITE_INVALID;
} else {
    echo SITE_VALID;
}
?>

You'll need to replace the key_is_valid() function with your method of verifying the key, whether that be checking if it's in the database or otherwise.

Also you'll be better to assume it is valid if you're unsure (eg: if the connection to the verification server fails, or if the key is not sent), that way should something go wrong that is outside the user's control, you'll give them benefit of the doubt. You want to give the best experience to the legitimate users, and stop the pirates if possible, rather than inconveniencing your paying users.

As said before, anyone with a basic knowledge of PHP (or even just able to read) could easily find this and disable it if the code is not obfuscated in some way. An open-source application to do that for you can be found at http://code.google.com/p/phpobfuscator/. If you want to still allow developers to modify the application, you could consider just obfuscating the licensing code, putting in a separate file and giving it an fake, innocent name.

回复 原文
江湖正好 2024-11-08 08:26:48

我建议查看 http://www.socialengine.net/ 如何加密其源代码并获取解密密钥和授权。他们相当大并且有可靠的方法。不久前我为了好玩尝试破解它,但失败了。

I recommend checking out how http://www.socialengine.net/ encrypts their source code and gets the decrypt key and authorization. They are pretty big and would have reliable methods. I tried to crack it a while back for fun, but failed.

回复 原文
~没有更多了~

关于作者

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文