I have read an answer to another question here on Stack Overflow. Let me

Question

0

Asked: June 6, 20262026-06-06T13:31:33+00:00 2026-06-06T13:31:33+00:00

I have read an answer to another question here on Stack Overflow. Let me

0

I have read an answer to another question here on Stack Overflow. Let me first quote the incriminated part:

If your goal is to make people pay for it, you better register a key on your server side for each client. Then, when they connect to update, they will send the key and if she’s in your database and valid, you output your zip file. If not, you don’t.

I am asking that, technically, how would one secure his/her PHP-based project with the register a key method? Let’s say we have this:

$key = file_get_contents('http://auth.project.example.com/auth.php?auth_key=asd123');
if ( $key === "auth_valid" )
    define('AUTH', TRUE);

And after that, we check AUTH to see whether we (from the client’s perspective) bought the system or not. Obviously, if we did not, AUTH will be FALSE or would not be defined at all. The problem is, that a client with only little-to-no knowledge to PHP would easily comment out these lines, hotwire AUTH to be TRUE and there he/she is, using the system with it thinking it had been bought, while, in reality, it hadn’t.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T13:31:35+00:00

Editorial Team

2026-06-06T13:31:35+00:00Added an answer on June 6, 2026 at 1:31 pm

You would use encryption and eval. Though, thinking about it, once it’s evalled, then you have lost, as they could just change eval for echo. So, in that case you’ll need to include the business parts on your server via an API.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have read an answer to another question here on Stack Overflow. Let me

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply