Checking License Key using HTTP

[Access_Help]

Hi,

I want to allocate License keys to users, I want to achieve the concept where I store a license key in a text file on a webserver.

Every time the user opens the database, a HTTP response checks the license key to see if it valid.

Has anyone created anything like this...or if anyone can guide me to a pre-written code to achieve this?

 

[theDBguy]

Hi. Yes, I have done something like that but decided to use a SQL Server table on the web server instead of a text file because I thought if someone managed to download the text file, then they could see all the licenses.

 

[vba_php]

but decided to use a SQL Server table on the web server instead of a text file because I thought if someone managed to download the text file, then they could see all the licenses.

did you consider putting the file in a password protected dir? would ur users be able to see it even if they inputted the dir password? I do that all the time with godaddy websites I manage. It seems to work fine. but a lot of them don't get much traffic, so any black hats or curiosity seekers would not even consider messing with it. they don't even know it exists anyway. they seek the money, not the 2 bit nobody that has nothing to lose.

 

[theDBguy]

did you consider putting the file in a password protected dir? would ur users be able to see it even if they inputted the dir password? I do that all the time with godaddy websites I manage. It seems to work fine. but a lot of them don't get much traffic, so any black hats or curiosity seekers would not even consider messing with it. they don't even know it exists anyway. they seek the money, not the 2 bit nobody that has nothing to lose.

Hi Adam. No, I don't think I considered that. The other reason I decided against using a text file is the extra layer of parsing its content. Whereas, when using a table, it was easier for me to "target" a specific user to check for a license key. It's basically just a query with a criteria. Thanks for letting me know about this option though. Cheers!

 

[vba_php]

hey Access Help,

I did this a long time ago with a client who insisted on the same thing you are wanting. This was pretty clever of me, and I never got caught by a hacker for doing it (I'm not sure they could do anything about it anyway), but it worked fine. Do you have any experience with PHP or HTML forms? If you do, you could certainly implement something like this like I did:

https://github.com/ajetrumpet102345/coding-examples/blob/master/HTML-PHP-VBA License Validation

 

[Access_Help]

hey Access Help,

I did this a long time ago with a client who insisted on the same thing you are wanting. This was pretty clever of me, and I never got caught by a hacker for doing it (I'm not sure they could do anything about it anyway), but it worked fine. Do you have any experience with PHP or HTML forms? If you do, you could certainly implement something like this like I did:

https://github.com/ajetrumpet102345/coding-examples/blob/master/HTML-PHP-VBA License Validation

This looks great, however, not familiar with PHP.

 

[vba_php]

This looks great, however, not familiar with PHP.

if you wanna try it, I would be willing to humor myself by implementing it for you. send you a full blown text file with everything you need and an HTML file and PHP POST script you can upload to your server. no charge. It would be a fun little pet project. interested? php runs on both IIS and APACHE as well as LINUX and WINDOWS so you wouldn't have an issue I wouldn't think.

 

[Access_Help]

if you wanna try it, I would be willing to humor myself by implementing it for you. send you a full blown text file with everything you need and an HTML file and PHP POST script you can upload to your server. no charge. It would be a fun little pet project. interested? php runs on both IIS and APACHE as well as LINUX and WINDOWS so you wouldn't have an issue I wouldn't think.

Yes Please.

Thank you so much.

 

[vba_php]

Yes Please.

Thank you so much.

I just saw this response of yours. I assume you're not in a hurry because it's the weekend? The code is on my github page so let me copy it into my system and run the tests on it to make sure everything works before sending it over to you. I can probably have it to you sometime later today or tomorrow. Is that OK?

by the way, what type of server are you on? who's your hosting company?

 

[vba_php]

Access_Help,

I had to modify what I had on github a little bit. It's been quite a while since I've used that method of registering a product via a key entry. I tested this whole thing on an IIS sever running windows. The PHP version I used was the newest I believe - version 7.3.1. The only part of the PHP validation script that didn't work was the last block....

//store the users product key in a seperate log file to be checked later if someone else tries to use the same key to register the product twice.
if ($validation == "true") {
    $handle = fopen("ValidationsRedeemed.txt", "w");
    echo fputs($handle, $validationKey . "|");
    fclose ($handle);
                            }
else { //user entered a product key that is not recognized.  tell them to try again.
    echo "<script>alert('The product key entered is not valid.'+'\\n\\n'+'Please try again.');
         window.location.href='test.php';</script>";
     }

....I verified with multiple veterans that told me there's nothing wrong with it and it should work. I even tried to use an alternative I/O function in PHP, which they also told me should work, but didn't. My suspicion is that the problem lies with my hosting plan, the crappy windows server or OS, or maybe a GoDaddy setting. I despise GoDaddy and always have. Nobody there seems to have any knowledge about what they do. It's pretty sad, although I have had some success talking to level 2 agents. so maybe you can do this part of the code work yourself by checking for previous validations in an access table instead? But at any rate, see the "instructions" doc attached to this post for how to implement this thing (which is pretty unorthodox if you ask me!). Have fun with it!

<edit>
hey I forgot to mention too...the validation script does not throw the good key value back to access so you'll have to implement that yourself, in terms of how to let the user into the system after they've run the PHP scripts. you can use a number of methods. one would be to put a hidden <input> element on the form's page and reference it after the validation script runs, then capture that hidden element's value in the VBA routine provided, put it in access table and let the user in that way. if you're familiar with the document object model used in web apps, you should know how to do it. the dom works fine with vba code. you can use "ie.document.[element].[method]", for one, to do that stuff. if you don't know how, I can probably assist if you need it. just ask. also, if you know javascript, what I've provided you here, done with PHP, can be done much easier with js, and with less code.

 

[gemma-the-husky]

you probably need to look at constructing a one way hash key.

process the hard disk id, (say) and the user name (say) in some way to produce a hash key, and then use selected characters from the resultant key as the licence key.

The calculation is only valid on a single machine, and the calculation mechanism can't be recovered from the supplied licence key - so the end user can't give the app away, as his key won't work on a different machine.

 

[vba_php]

The calculation is only valid on a single machine, and the calculation mechanism can't be recovered from the supplied licence key - so the end user can't give the app away, as his key won't work on a different machine.

the package I gave this individual covers all those possibilities Gemma. And the VBA routine included in the zip file does include create a "hash" type key as a license. however, it does not technically use a hash function like sha1(), but rather generates a product key exactly like you see microsoft doing (5-character strings, in 5 seperate blocks), by running the randomize() statement 5 different times.

 

[Access_Help]

Access_Help,

if you don't know how, I can probably assist if you need it. just ask. also, if you know javascript, what I've provided you here, done with PHP, can be done much easier with js, and with less code.

Hey,

Thanks, it works well. I do however need your help with the following:

- I want to keep displaying the splash form until the activation key is entered by the user (basically annoy the user and not let them open anything unless the product is activated).

- I need a check every time the product is open to check that the activation key is present in the redeemed file so that when I remove the activation key at the time of renewal, it prompts them with the splash screen.

 

[vba_php]

I want to keep displaying the splash form until the activation key is entered by the user (basically annoy the user and not let them open anything unless the product is activated).

you haven't told me what the problem is though sir! your stating your desire without a description of what you currently have. I'm not God. I can't walk on water, read minds, or make 5000 fish appear magically from the sky by raising my hands. Please provide me some help here. It sounds like this problem can be fixed by modifying the code I initially gave you in a marginal manner.

I need a check every time the product is open to check that the activation key is present in the redeemed file so that when I remove the activation key at the time of renewal, it prompts them with the splash screen.

you've got the same issue here as with my first quote of yours. HELP: what are you currently doing? are you storing the redeemed key in an access table like I suggested, or did you modify my PHP script successfully to look inside the txt file "redeemed.txt" that I gave you, on your server via an I/O stream? your question sounds like you are storing the redeemed/valid keys in the text file on the server? is that right? if that's what you're doing, confirm that for me and I'll help solve the problem just like I promised...

 

[Access_Help]

your question sounds like you are storing the redeemed/valid keys in the text file on the server? is that right? if that's what you're doing, confirm that for me and I'll help solve the problem just like I promised...

That's correct, the file is saving the redeemed key, if I remove the key from the file, I would like the splash screen to appear to the user asking them to renew...but for this I need some programming which saves the key to a specified table, if the key in the table does not match the one in the redeemed file, then the user should be prompted to enter a new key.

I am not a programmer so do need your help in implementing this.

 

[Access_Help]

you haven't told me what the problem is though sir! your stating your desire without a description of what you currently have. I'm not God. I can't walk on water, read minds, or make 5000 fish appear magically from the sky by raising my hands. Please provide me some help here.

The problem is that the user should not be able to use the product without registering first, I want to keep displaying the splash form until the activation key is entered by the user (basically annoy the user and not let them open any forms unless the product is activated). The login form in my DB should appear only when the activation key has been accepted.

 

[isladogs]

Use a modal form to prevent the user clicking anywhere else.
Place an Exit button on the form to quit the application as the only alternative.

 

[vba_php]

That's correct, the file is saving the redeemed key, if I remove the key from the file, I would like the splash screen to appear to the user asking them to renew...

OK,

this is kind of why I initially suggested that you store the redemptions in an access table. that way you can do comparisons like this with simple access lookup functions instead of server side code.

if I remove the key from the file

you should *never* literally remove a previous product key from a storage space. you need that historical data for reference. I highly doubt any of the big players do that. did you mean to say something else? I would suggest something else as an alternative to removing the key literally. how about storing a "expiration date" string inside the "redeemed.txt" file where it is associated with the product key that is valid? that would surely work. you can also do this same thing in an access table if you want to make things easier on yourself.

If you want to use PHP, here's my solution for you. this doesn't accomplish everything. you will have to choose a method yourself. but this should give a foundation for success. here's what it does:

• opens IE as a background window when the splash screen loads, but IE is still visible
• navigates to a landingPage.php with an html form
• populates the input element with the current date (you can also use a hidden element here)
• runs the POST PHP script and checks the date entered against entries in the file "ValidationsRedeemed.txt", that I tested with this content:

  12/01/2019|12/12/2019|12/31/2019

• throws a messages if the date in the HTML form matches any date in the .txt file and informs the user that the key is expired and to contact the admin for a new key
• when the user closes the javscript message box, the IE instance quits and he returns to the splash screen where he started

this is just an example. I'm assuming you can use your creativity to fill in the rest of the process? If you can't, let me know and I'm sure I can help you in that regard. note: my test runs did not work because the vba line ie.document.forms(0).submit refuse to work for me. I think it's because of this stupid office 365. I know the method works. There's 100 different forum articles confirming it, not to mention my FAQ article on this forum. Let me know if it also doesn't work for you. I believe also, that in order for DOM methods to work in vba, you have to have the "HTML Object Library" reference checked, if you haven't done that already. Have fun!

sorry for the late response. my mom passed away last night so i've been on the phone with my dad all day. Also, Colin's take should be implemented. it's simple and easy.

 

[Access_Help]

OK,
[*]navigates to a landingPage.php with an html form
[*]populates the input element with the current date (you can also use a hidden element here)
[*]runs the POST PHP script and checks the date entered against entries in the file "ValidationsRedeemed.txt", that I tested with this content:

12/01/2019|12/12/2019|12/31/2019

[*]throws a messages if the date in the HTML form matches any date in the .txt file and informs the user that the key is expired and to contact the admin for a new key
[*]when the user closes the javscript message box, the IE instance quits and he returns to the splash screen where he started
[/LIST]
this is just an example.

sorry for the late response. my mom passed away last night so i've been on the phone with my dad all day. Also, Colin's take should be implemented. it's simple and easy.

Sorry to hear about your mum..may she rest in peace.

OK, so I have had a chance to re-look at the modified coding,

I am facing the same errror: ie.Document.Forms(0).submit

I reach the landing page with the date and small rectange block next to it, but after that it doesn;t do any of the mentioned checks..


Thank you for your help with this

 

[vba_php]

Sorry to hear about your mum..may she rest in peace.

OK, so I have had a chance to re-look at the modified coding,

I am facing the same errror: ie.Document.Forms(0).submit

I reach the landing page with the date and small rectange block next to it, but after that it doesn;t do any of the mentioned checks..


Thank you for your help with this

this might be an issue with the browser. I'm not really sure. what version of IE do you have? what version of windows do you have? have you tried all the recommended suggestions in my FAQ article regarding the different ways you can submit forms and click buttons? I would think that at least *one* of those ways would work for you, cuz there's like 4 or 5 different workarounds that are available. let me know.