Ali Asghar Toraby Parizy wrote:
Ok, thanks
but how can i create serial number that nobody can guess it. for example
when i use sha1() every body can examine it too! and so they can create it
what strategy is useful to protect license?

Ahh, so you are trying to protect your PHP code with a license key?

If so, then here are my thoughts on it.
- Don't bother encrypting the license key too much. Your code will be available as source code so it will be possible to circumvent any protection/limitation. - Even file validation like creating md5suma of files is nothing but headache because some FTP servers and clients will modify the source by adjusting the end of line characters (binary upload prevents this). - I have noticed that most customers will not mess with the scripts since they want support from you. Remove all comments from the source and the end of line characters to prevent the hobby tinkerer from causing problems. - The problem with people messing with the code is that they usually don't start a support request with "I changed something and now feature X does not work..." but rather with "All the sudden feature X stopped working....". - People who have the goal to circumvent your license code will do so regardless of protection and will see sophisticated protection as a challenge. So I don't bother with encryption of the information since implementing something secure will usually mean that it will get in the way of honest customers. Look at computer games, it is a prime example of copy protection interfering with honest customers by causing problems.

All I do is generate a license code which contains a string (name or customer id) and configuration values. The license code can be decoded via a function and validated.
So I turn the string
        AsgharToraby100C into this=> 0B50B-50B54-MSDD2-OMPDD-OMI33
Here 100C is the license value, the customer has a 100 client access license. The key has built in , very basic, validation bits to validate the key as a whole. The script can decode the license key via a function to retrieve the max authenticated user (100) before allowing new logins.
The string part can be decoded as well but capitalization is lost.

Here are a few license code functions I wrote many years ago. Maybe something like this will work/is what you are looking for.

... well actually ... I just looked at the code, I wrote it about 6 years, and I am bit embarrassed of how I handled a few things :) But the code is solid, it has been in use since then and I have not noticed any problems :)

So let me know if this sounds like something you are looking for and would like to see and I will cleanup the code for you.

Intelligent Life

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to