license server file
<?php
$licenseno = $_POST['license'];
$document_root = $_POST['doc'];
$website_url = $_POST['url'];
$server_ip = $_POST['ip'];
if ( !preg_match ('/^[a-zA-Z0-9]+$/', $licenseno ) xor !preg_match ('/^[0-9\.]+$/', $server_ip ) xor
!preg_match ('/^(http:\/\/)?(www\.)?[a-z0-9\/\.-]+$/i', $website_url ) xor !preg_match ( '/^[a-z0-9_\-\/]+$/i', $document_root )
)
{
echo 0; //do nothing but we should log the attempt mail() or something
}
else
{
include_once 'folder/mysql.class.php';
if ( preg_match ('/www/i', $website_url ) )
{
$domain = explode ('www.', $website_url );
$formatdomain = $domain[1].', www.' . $domain[1];
}
else
{
$formatdomain = $website_url.', www.' . $website_url;
}
$db = new MySQL;
//Set Variables
$db->databasename = 'value';
$db->databaseuser = 'value';
$db->databasepassword = 'pass';
//Initilize database
$db->initialize_database ();
$get_license = $db->query ("SELECT domainname, localpath, serverip
FROM license
WHERE licenseid='".$licenseno."'");
if ( $db->count_rows ( $get_license ) == 1 )
{
$license = $db->fetch_array ( $get_license );
if ( $license['domainname'] == NULL && $license['localpath'] == NULL && $license['serverip'] == NULL ) //Reissue
{
$update = $db->query ("UPDATE license
SET domainname='$formatdomain', localpath='$document_root', serverip='$server_ip'
WHERE licenseid='$licenseno'");
if ( $update )
{
echo 3; //been reissued
}
else
{
echo 4; // failed, try again later
}
}
else
{
if ( $formatdomain == $license['domainname'] && $document_root == $license['localpath'] && $server_ip == $license['serverip'] )
{
echo 2; //details match
}
else
{
echo 5; //failed, installed elsewhere
}
}
}
else
{
echo 1; //license doesnt exist
}
}
cURL is being used to post data to this file. This file resides on my server. The file that posts the data will be encrypted with ioncube. It will do something based on the output of this script.
3 or 2 it will create or update a key to say the last time the check was run and the data is valid.
1 or 5 dont let the script run delete key or something to that effect.
0 nothing is done. They may have unencoded the file or somehow set their own properties and trying to hack the script if the regex doesnt conform. So the file on my server will email me most likely and I will try and get the ip accessing the file and ban it in cpanel or automatically black list the ip.
4 the database connection failed, try again at a later date or later.
If there is a timeout which will be coded in the cURL file because it cannot connect to the website then it will check the license file it created before hand and make sure the script/software is in the last place it was issued for, however this should only be done for 3 days max otherwise they are purposely trying to circumvent licensing so delete the key.
How does this look and does it look safe enough?
What is the best way to check if my site is down when the script tries to verify its license.
