I was thinking of implementing a MySQL database with valid serial codes which would be checked against user input and grant usage of the app if the check returns true, but I know this is way too basic since the user (who will be using a localhost based application) could easily crack the database and add his own serials (or at least tell someone else who has got a basic understanding of PHP & SQL if they think apps come out of the “magic box”).
Since I have not done this before, is there any popular approach? Or better yet it’d be nice if you just gave me some ideas.
There is never going be any 100% uncrackable approach. Anything can be reverse engineered, if you have the time and know-how.
But what you can do to maximise your chances of not being cracked is use some kind of pre-compiler/obfuscator like Zend Guard or ionCube (and others) to protect your code. Most (all?) of these come with pre-built licensing functionality, which is definitely the recommended approach.
The problem with these is that they are not free…
EDIT
Thinking about it, you could implement something like this yourself, safely, in a very select set of circumstances. If you are developing something that you could distribute HipHop binaries of, you could implement something without fear that it could be cracked by people who don’t fairly seriously know what they are doing. HipHop is freely available to download from github.
The remote database check is still a bad idea though, because people can sniff the network traffic and reverse engineer the keys, or learn how to spoof the response (a simple hosts file edit could intercept the network traffic). You would be better hard-coding the key for each instance and validating it on each invoke with some algorithm – this site and Google may help you here.