Software Registration Process

Posted on 2006-05-03
Last Modified: 2010-04-05
Hi Experts,

I have software application that the user must activate with a serial number that we will give him.
This serial number will be valid for X Days. For example 1 x year (365 days) etc.

Following are the steps of our registration process:
1. User download software
2. We email user software registration number based on whether he bought a 1/2/3 year license.
3. User enters this serial number in the software.
4. The software will determine if its valid by checking with our online MySQL database that this serial number has not been registered previously and then allow the further use of the software according to the license period.
5. After the serial number "online checking" has completed the software needs to sent this serial number to our online MySQL database with a request to flag it as been "USED" or "RESERVED" or whatever......  :)

Ok I know this sound quite hectic but I have layout the process in bit detail just incase someone else has got a better idea than this which does not involves too much work.

My solution to this:
For checking and flagging a serial number I have thought to sent the variables via a URL and then have a PHP script doing the work for me on the other side.
***But the problem is how can I determine the result from the script on the Delphi side***

For example:
To flag a serial number it should be quite easy:
I can use ShellExecute() with an url for example: "" as parameter and on the PHP site I simply GET the variables from the url and insert it into the MySQL database.


To check whether a serial number has been used prior to flag it I need to receive a response from the script.
I where thinking maybe to fake a page not found (404) error when the serial has been used else a page found (200) if the serialnumber is OK.

1) So how can I from the PHP scripts side fake a page not found (404) or found (200) and
2) then in Delphi how can I receive these responses?
3) What would be a good implemention of a serialnumber which has a expiry date encoded? Any examples welcome.
4) And please feel free if you have any better suggestions.

Question by:Marius0188
    LVL 14

    Assisted Solution

    1. At the server end, the PHP script can return a result (not necessarily a response code, it can be plain text), which would be encrypted. You can specify the responses that your app react to, e.g. if the PHP script returns code 100, it can mean that everything is OK. (Of course, again, the code will be *encrypted*).

    2. I would recommend that you use an HTTP component such as Indy's TIdHttp. That way, when you issue a GET, you can just check the resulting response that you got.


      Reply: string;

    Reply := DecryptCode(IdHttp1.Get(''));
    // assume that DecryptCode is a function which decrypts the reply into something that your programme will understand

    I would also suggest that instead of sending the serial in plain sight, it will be a good idea to encrypt it as well, because anyone with a proxy tool will be able to sniff out the GET.
    LVL 4

    Expert Comment

    1.  Have you handled re-installation of the software on the same PC by the user?
    2.  Have you handled re-installation of the software on another PC when the first PC became obsolete?

    Have a look at the link below it has some usefull tips.
    LVL 10

    Expert Comment

    there is also another flaw in that security design, anyone with a custom made proxy can also fake whatever your server send as a OK Serial number. so the proxy will return a OK Code to the program and your server will never actually see the request.
    LVL 3

    Accepted Solution

    One solution is to use TDownloadUrl action (in ExtActns unit) and make your php script return somekind of ini-file so you can easily have additional information, witch you can
    show to your user. Actual response should be crypted someway.

      fDownload := TDownLoadURL.Create(self);
        fDownload.Filename := 'C:\Temp\Result.ini';
        fDownload.URL := '';

    Your software is time limited, hopefully you have considered what if user turns computer clock back?
    LVL 4

    Expert Comment

    Have a look at the last comment block in the thread indicated below, it may give you some ideas on serial number implementation.

    Author Comment

    >>1.  Have you handled re-installation of the software on the same PC by the user?
    >>2.  Have you handled re-installation of the software on another PC when the first PC became obsolete?

    In regards to this comment we have thought about it but we have decided not to REALLY block the user.
    We would though just like to enable us to identify serial numbers that have been mis-used.
    For example:
    If we see in the MySQL database (online) that a certain key has been used 5000 in a single month then its quite likely been posted on some serial crack website. So we can now 1) identify this serial number, 2) disable it and 3) issue the original user a new serial should we think he is innocent.

    Author Comment

    My I ask to all,

    In general our goal is not to try and fight piracy 100% which will result in a very lengthy process.

    We are aiming for the following:
    1) Implement a simple hazzle free (for end user) security system just to stop the rookies from copying our software
    2) Track the use (qty) of serial numbers.
    3) Yes and then we would like to make it secure on the simplest level. As long as the user is not able to just make a raw copy and distribute to all his friends, we are happy. Because he need to distribute his serial number as well and then we will be able to identify these mis-uses of serial numbers and we can track down the user.

    Do you believe that the process I have explained in the very first comment will provide the best solution to this?
    Does anyone else have a better solution?

    Author Comment

    And sorry I fogot to add.

    I would like more specifics to the creation of a time limited serial.
    I have read through the article listed on
    and it was really helpfull.

    But some ideas of creating a serial number with expiry date embedded would also be appreciated.

    Thanks in advance!
    LVL 1

    Expert Comment


    Another option would be to use a 3rd party registration service such as Software DNA.  They provide the necessary SDK for connecting to their site and manage the registration issues for you.

    Have a look at for more info...
    LVL 4

    Assisted Solution


    First you need an serial number encryption system that allows you to encode not only the user's serial number but also the fact that it is time limited.

    Have a database table with customers name, serial number, date allocated, current time limit and encrypted registration string (If issued).

    You could issue software with a tempory activation key as standard.

    The software when run for the first time checks the registry for a valid registration, as none has yet been entered, a registration key is requested. A default Registration key with 30 day timer is entered.

    Once the user has entered this, then the encrypted data can be stored in several points within the registry, along with the encrypted installation or issue date. The format of the encrypted acivation key should be modified prior to storeage in case the user tries to find it with a registry search using the activation key you supplied
    Date encrypted as StrDate
    procedure TfrmRegistration.InsertDateInstalled(strDate: string);
    var Reg: TRegistry;
        Reg:= TRegistry.Create;
            Reg.RootKey:= HKEY_CURRENT_USER;
            if Reg.Openkey('<AnyFolderName>', true) then
                Reg.WriteString('<dateIssued>', strDate);

    Thereafter when the software is run, a number of different routines from various points within your software should extract the data from the registry and decrypt it, Only the decryption routine should be in your supplied software).
    Then run calc against current date to see if software authorisation has expired. If the software is out of time then set a number of booleans to flag the fact and take some sort of action.  Set another registry value to record that the software has expired. This registry reading should be checked ever time the software is run and acted upon.

    To help prevent the user from resetting the date encrypt within the registry the number of times
    that the software has been run should also be encrypted and stored in the registry, if the number of runs is checked and if it exceeds a preset number then action can again be taken.

    Increment the number of times the software has been run after each check and re encrypt the result.

    The Activation code needs to look different for every new serial number that you issue, so that certain
    characteristics such as the time limit or lack of time limit are not identifiable,
    otherwise this may allow the user to change part of their serial number to affect the time limit.

    Having embedded a time limit, you can either prefix it with an encrypted marker to indicate its start point or place it at a fixed point, although the latter is not adviseable.

    ie Variable length dummy prefix + Serial no xxx + Time Limit or No Limit + dummy suffix to pad string out

    Below are two simple examples with a key code run up for this example only.

    Dummy prefix variable Length + Serial Number 1234567890 + Time Limit 30+ Dummy suffix

    Then the same serial and time limit with slightly different prefix to give an entirely
    different activation key string

    Another prefix of variable Length + Serial Number 1234567890 + Time Limit  30+ different suffix

    The two encrypted strings contain the same base information but look entirely different.

    When the user runs the software the registry details should be  looked up from a number of different points within your application and action taken according to the results returned.

    Good luck

    LVL 4

    Expert Comment

    Another 3rd party piece of software can be downloaded from the link below.
    This is supplied as Freeware and is quite comprehensive.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
    Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now