Hi Experts,
I have software application that the user must activate with a serial number that we will give him.
This serial number will be valid for X Days. For example 1 x year (365 days) etc.
Following are the steps of our registration process:
1. User download software
2. We email user software registration number based on whether he bought a 1/2/3 year license.
3. User enters this serial number in the software.
4. The software will determine if its valid by checking with our online MySQL database that this serial number has not been registered previously and then allow the further use of the software according to the license period.
5. After the serial number "online checking" has completed the software needs to sent this serial number to our online MySQL database with a request to flag it as been "USED" or "RESERVED" or whatever...... :)
Ok I know this sound quite hectic but I have layout the process in bit detail just incase someone else has got a better idea than this which does not involves too much work.
My solution to this:
For checking and flagging a serial number I have thought to sent the variables via a URL and then have a PHP script doing the work for me on the other side.
***But the problem is how can I determine the result from the script on the Delphi side***
For example:
To flag a serial number it should be quite easy:
I can use ShellExecute() with an url for example: "http://www.signgenius.com
***BUT***
To check whether a serial number has been used prior to flag it I need to receive a response from the script.
I where thinking maybe to fake a page not found (404) error when the serial has been used else a page found (200) if the serialnumber is OK.
------------Questions-----
1) So how can I from the PHP scripts side fake a page not found (404) or found (200) and
2) then in Delphi how can I receive these responses?
3) What would be a good implemention of a serialnumber which has a expiry date encoded? Any examples welcome.
4) And please feel free if you have any better suggestions.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Questions:
1. Have you handled re-installation of the software on the same PC by the user?
2. Have you handled re-installation of the software on another PC when the first PC became obsolete?
Have a look at the link below it has some usefull tips.
http://www.inner-smile.com
One solution is to use TDownloadUrl action (in ExtActns unit) and make your php script return somekind of ini-file so you can easily have additional information, witch you can
show to your user. Actual response should be crypted someway.
fDownload := TDownLoadURL.Create(self);
try
fDownload.Filename := 'C:\Temp\Result.ini';
fDownload.URL := 'http://myserver.com/myscr
fDownload.ExecuteTarget(ni
ParseResultIni('C:\Temp\Re
finally
FreeAndNil(fDownload);
end;
Your software is time limited, hopefully you have considered what if user turns computer clock back?
Have a look at the last comment block in the thread indicated below, it may give you some ideas on serial number implementation.
http://www.experts-exchang
>>Questions:
>>1. Have you handled re-installation of the software on the same PC by the user?
>>2. Have you handled re-installation of the software on another PC when the first PC became obsolete?
In regards to this comment we have thought about it but we have decided not to REALLY block the user.
We would though just like to enable us to identify serial numbers that have been mis-used.
For example:
If we see in the MySQL database (online) that a certain key has been used 5000 in a single month then its quite likely been posted on some serial crack website. So we can now 1) identify this serial number, 2) disable it and 3) issue the original user a new serial should we think he is innocent.
My I ask to all,
In general our goal is not to try and fight piracy 100% which will result in a very lengthy process.
We are aiming for the following:
1) Implement a simple hazzle free (for end user) security system just to stop the rookies from copying our software
2) Track the use (qty) of serial numbers.
3) Yes and then we would like to make it secure on the simplest level. As long as the user is not able to just make a raw copy and distribute to all his friends, we are happy. Because he need to distribute his serial number as well and then we will be able to identify these mis-uses of serial numbers and we can track down the user.
Do you believe that the process I have explained in the very first comment will provide the best solution to this?
Does anyone else have a better solution?
And sorry I fogot to add.
I would like more specifics to the creation of a time limited serial.
I have read through the article listed on http://www.inner-smile.com
and it was really helpfull.
But some ideas of creating a serial number with expiry date embedded would also be appreciated.
Thanks in advance!
Another option would be to use a 3rd party registration service such as Software DNA. They provide the necessary SDK for connecting to their site and manage the registration issues for you.
Have a look at https://www.softworkz.com for more info...
Ok
First you need an serial number encryption system that allows you to encode not only the user's serial number but also the fact that it is time limited.
Have a database table with customers name, serial number, date allocated, current time limit and encrypted registration string (If issued).
You could issue software with a tempory activation key as standard.
The software when run for the first time checks the registry for a valid registration, as none has yet been entered, a registration key is requested. A default Registration key with 30 day timer is entered.
Once the user has entered this, then the encrypted data can be stored in several points within the registry, along with the encrypted installation or issue date. The format of the encrypted acivation key should be modified prior to storeage in case the user tries to find it with a registry search using the activation key you supplied
Example:
Date encrypted as StrDate
procedure TfrmRegistration.InsertDat
var Reg: TRegistry;
begin
Reg:= TRegistry.Create;
try
Reg.RootKey:= HKEY_CURRENT_USER;
if Reg.Openkey('<AnyFolderNam
Reg.WriteString('<dateIssu
finally
Reg.CloseKey;
Reg.Free;
end;
end;
Thereafter when the software is run, a number of different routines from various points within your software should extract the data from the registry and decrypt it, Only the decryption routine should be in your supplied software).
Then run calc against current date to see if software authorisation has expired. If the software is out of time then set a number of booleans to flag the fact and take some sort of action. Set another registry value to record that the software has expired. This registry reading should be checked ever time the software is run and acted upon.
To help prevent the user from resetting the date encrypt within the registry the number of times
that the software has been run should also be encrypted and stored in the registry, if the number of runs is checked and if it exceeds a preset number then action can again be taken.
Increment the number of times the software has been run after each check and re encrypt the result.
The Activation code needs to look different for every new serial number that you issue, so that certain
characteristics such as the time limit or lack of time limit are not identifiable,
otherwise this may allow the user to change part of their serial number to affect the time limit.
Having embedded a time limit, you can either prefix it with an encrypted marker to indicate its start point or place it at a fixed point, although the latter is not adviseable.
ie Variable length dummy prefix + Serial no xxx + Time Limit or No Limit + dummy suffix to pad string out
Below are two simple examples with a key code run up for this example only.
Dummy prefix variable Length + Serial Number 1234567890 + Time Limit 30+ Dummy suffix
NERK94wV9|5/Djd1X8KnALOJ-e
Then the same serial and time limit with slightly different prefix to give an entirely
different activation key string
Another prefix of variable Length + Serial Number 1234567890 + Time Limit 30+ different suffix
:0Dwn:F5g4IEaETZ9uYmxtHECB
The two encrypted strings contain the same base information but look entirely different.
When the user runs the software the registry details should be looked up from a number of different points within your application and action taken according to the results returned.
Good luck
Another 3rd party piece of software can be downloaded from the link below.
This is supplied as Freeware and is quite comprehensive.
http://www.wakproductions.
Business Accounts
Answer for Membership
by: DragonSlayerPosted on 2006-05-03 at 09:40:39ID: 16597846
1. At the server end, the PHP script can return a result (not necessarily a response code, it can be plain text), which would be encrypted. You can specify the responses that your app react to, e.g. if the PHP script returns code 100, it can mean that everything is OK. (Of course, again, the code will be *encrypted*).
2. I would recommend that you use an HTTP component such as Indy's TIdHttp. That way, when you issue a GET, you can just check the resulting response that you got.
e.g.
var
Reply: string;
Reply := DecryptCode(IdHttp1.Get('h
// assume that DecryptCode is a function which decrypts the reply into something that your programme will understand
I would also suggest that instead of sending the serial in plain sight, it will be a good idea to encrypt it as well, because anyone with a proxy tool will be able to sniff out the GET.