: Creating unique, random strings often based on a seed (like a user's email) to ensure each key is tied to a specific identity.
The server requires a relational database to track activations. A minimal schema includes:
When a client requests an update, your licensing server checks GitHub for the latest release tag. If the client's version is outdated, the licensing server uses a to fetch the private asset and securely proxy or redirect the user to it.
GitHub provides robust, uptime-guaranteed hosting for your code. By using GitHub APIs alongside a lightweight validation server (e.g., hosted on Vercel, Fly.io, or a basic VPS), you eliminate the need for expensive, high-maintenance database setups. 3. Native Composer Integration php license key system github hot
CREATE TABLE `licenses` ( `id` INT AUTO_INCREMENT PRIMARY KEY, `license_key` VARCHAR(64) NOT NULL UNIQUE, `status` ENUM('active', 'expired', 'suspended') DEFAULT 'active', `max_instances` INT DEFAULT 1, `activated_instances` INT DEFAULT 0, `expires_at` DATETIME NOT NULL ); CREATE TABLE `activated_domains` ( `id` INT AUTO_INCREMENT PRIMARY KEY, `license_id` INT, `domain_name` VARCHAR(255), FOREIGN KEY (`license_id`) REFERENCES `licenses`(`id`) ON DELETE CASCADE ); Use code with caution. 2. The API Validation Endpoint ( verify.php )
false, 'message' => 'Method not allowed']); exit; $licenseKey = $_POST['license_key'] ?? ''; $domain = $_POST['domain'] ?? ''; if (empty($licenseKey) || empty($domain)) http_response_code(400); echo json_encode(['success' => false, 'message' => 'Missing parameters']); exit; // 1. Connect to Database (Abbreviated) $pdo = new PDO('mysql:host=localhost;dbname=licensing', 'user', 'password', [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ]); // 2. Validate License $stmt = $pdo->prepare("SELECT * FROM licenses WHERE license_key = ? AND status = 'active' AND expires_at > NOW()"); $stmt->execute([$licenseKey]); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) echo json_encode(['success' => false, 'message' => 'Invalid or expired license']); exit; // 3. Check Activation Limits $stmt = $pdo->prepare("SELECT COUNT(*) FROM activations WHERE license_id = ?"); $stmt->execute([$license['id']]); $currentActivations = $stmt->fetchColumn(); if ($currentActivations >= $license['max_instances']) // Check if this domain is already registered $stmt = $pdo->prepare("SELECT id FROM activations WHERE license_id = ? AND domain = ?"); $stmt->execute([$license['id'], $domain]); if (!$stmt->fetch()) echo json_encode(['success' => false, 'message' => 'Activation limit reached']); exit; else // Register new activation $stmt = $pdo->prepare("INSERT INTO activations (license_id, domain, instance_id) VALUES (?, ?, ?)"); $stmt->execute([$license['id'], $domain, hash('sha256', $domain)]); // 4. Generate Cryptographically Signed Response $responseData = [ 'success' => true, 'license' => $licenseKey, 'status' => 'activated', 'expires_at' => $license['expires_at'], 'timestamp' => time() ]; // Load your private key to sign the data $privateKey = openssl_pkey_get_private(file_get_contents('/path/to/private_key.pem')); openssl_sign(json_encode($responseData), $signature, $privateKey, OPENSSL_ALGO_SHA256); echo json_encode([ 'data' => $responseData, 'signature' => base64_encode($signature) ]); Use code with caution. Step 4: Implementing Client-Side Verification
Use RSA to sign a unique token with a private key. The application then uses an embedded public key to verify it. Activation Machine Fingerprinting : Creating unique, random strings often based on
echo json_encode(['valid' => true, 'message' => 'License active']);
[ Client Application ] --( Sends License Key & Domain )--> [ Licensing Server ] | [ Client Application ] <--( Returns Encrypted Status/JWT )-- [ Validates Data ] The Licensing Server
The foundation of the server is a relational database designed to track licenses, customer details, and hardware activations. If the client's version is outdated, the licensing
When the client checks a license, the server must verify the key exists, has not expired, and is not exceeding its activation limit on different domains.
Implementing a PHP license key system offers numerous benefits, including:
: A simple, robust class for generating random and unique keys. It supports custom prefixes (e.g., SLK- ), letter casing, and structured templates using A for letters and 9 for numbers.
