Automated Challenge / Response system - PHP Script?

Welcome to our brand new Clickteam Community Hub! We hope you will enjoy using the new features, which we will be further expanding in the coming months.

A few features including Passport are unavailable initially whilst we monitor stability of the new platform, we hope to bring these online very soon. Small issues will crop up following the import from our old system, including some message formatting, translation accuracy and other things.

Thank you for your patience whilst we've worked on this and we look forward to more exciting community developments soon!

Clickteam.
  • I'm not sure if this can be done with a PHP script or not. Jahkri created an interesting challenge / response system which acts as a form of copy protection. As it stands, the user would have to copy/paste their challenge code (their device ID) and email it to me. They would then receive a different code from me which they would copy/paste into the software to unlock it. Can this be automated in some fashion in order to shorten the user's wait time and take the burden off myself?

    Here are the threads which detail the processes involved:
    Please login to see this link.
    Please login to see this link.

    We can discuss the specifics if anyone is interested. I would love to have this and am willing to pay for the work. I would need it quite soon.

  • Well,
    Not sure though, but perhaps it can be done with the "E-Mail-Object".
    If you' re able to retrieve the E-Mails via the E-Mail-Object and get the
    Serial-Number out of the E-Mail-Object, it could convert the Serial-Number
    into the Unlock-Number and send the New Code (via E-Mail-Object) directly
    to the End-User. Not sure though how You would have to setup the "E-Mail-Object".

    With kind regards,
    jahkri

  • Ive actually been playing with that exact idea. There are two issues I'm aware of (and I'm sure plenty I'm not privy to).

    1. Is the Email Object secure? Since the address sending me the user's info needs to be hard programmed into the software with the email address and it's password. I need to be sure that password doesn't get sniffed out. That could cause all sorts of trouble! If this can be secured, I think it's the method I'll use if nobody takes the job.

    2. I'd have to keep the program that decodes the serial and sends back the unlock code running at all times. That's not really a major issue but it is something to consider.

    All in all, I'd feel more secure knowing someone with more skill than myself is handling the job. I have everything in place for my first two programs except the software security! Purchases, serials being sent out thanks to Easy Digital Downloads, website, printed marketing materials, you name it. The last piece of the puzzle is keeping things secure...

  • Unfortunately that's very true. It can still be worth protecting from the non-pirate software swappers. I also think it can add a value to the software from the buyers side. Rather than just paying for something they get a serial number and at least an attempt to say what they bought from you is worth your attempted protecting. Again, depends on the software.

  • You could do this pretty easily;

    1. User enters credentials

    2. Program generates a unique key

    3. Program encrypts User Cred + Unique Key using whatever decrypt-able method

    4. Program sends encrypted data to server-side via POST

    5. Server gets data, decrypts with predefines/predictable salt

    6. Server enters Unique Key into database, code associated with User Creds

    7a(if fail) If user has more then 2 associated with user, send failure as server response

    7b(if success). Encrypt unlock code with decrypt-able method

    8. Send the new code as the server response

    9. Program receives code, unencrypted

    10. Program checks validity, then saves key in safe method

    11. Program is now unlocked, all automated.

    Required basic/moderate knowledge of PHP and a database(SQL, probably MySQL), and would work safely, and PHP runs on call with an apache2 request, so its not really "always running", besides the apache2 listen service.

    Alternatively, if you can find a way to use SSL (correctly), you wouldn't need to encrypt sent data on client end, making the whole thing just a bit simpler.

    I'm actually working on a cURL extension for doing things like this, without needing complex client/server side encryption, I got annoyed with the GET objects lack of HTTPS/SSL support.

    Really named Ben Otter, but oh well, eh?

  • Try this...

    User creates account and provides Email, Password, First Name, Last Name, etc...

    As an example...
    When they log in using the app you create a string... left(Email, 6)+ Password + left(Email, 5)

    When they go to activate the software using their Email and Password you send the string instead only hash it. hash(string)

    On the server end use the email address and the password in the DB to recreate the hash. If it matches then use the First Name, Last Name, Email, and Password to create a new hash. There is your activation key. When you send the New Has back to the client send the First and last name to them as well and save it somewhere.

    Every time they log in you can now check the hash sent to them against the First and Last name, Email, and Password provided or just hash the Email and Password and check it against the server for authentication.

    Hope that helps!

    Please login to see this link.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!