xoops forums

wishcraft

Module Developer
Posted on: 2009/10/23 20:51
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#1

License Key Validation

I am wondering who will offer the first validator for XOOPS, that is something that will validate your got a licenced version of Xoops..

The way the validation works is simple:

Just say your XOOPS license is like so:

cugucu-qkomsm-cc0maq-iagasm-ugomew


You recompile the list of 7 character Checksums in a row, turning the trash ones to a char that marks to skip it like a –

You then crawl the license key across the string like so say this is your code you have recompiled of the 7 parts checksums from $_SERVER and the license texts’ from license.php (this needs to be writable in the install)

Ie.

cudsfgggfugcuqghkjhgjohjgmjsmchjcjh0jhmhjaq76iytahjtyrj876gasm678u78g786o78mew


You would then find indexes in the key to the license key

cudsfgggfugcuqghkjhgjohjgmjsmchjcjh0jhmhjaq76iytahjtyrj876gasm678u78g786o78mew

Based on percentiles/tolerance of the variable you have minus both the trash responses (A checksum/hash of a random or the time or microtime is consider trash in the comparison).. Minus 1/2 and you have the percentile of match for the key, when you are within this tolerance and especially if you find combination of 2 or more characters in place, you have a valid key.

Remember a double may not occur you just have to look for a sequential sequence of the hash starting at 0 and going to the end of the hash array.

The Things in this comparison that match for certain are the cu, smc, aq, gasm, mew (if you are awarding a count these would have 2, 3, 4 points as the characters are candidate as a double or triple combination and find so in this comparison having at least 11 congruent characters definable match points (in this example) would be in comparison a defined and valid match.

I would love to see some validation in modules, so people can tell there XOOPS are running on a licensed box. Part of this was because of the XOBJ_DTYPE_DECIMAL and the need in all forms of software to provide a key for legal purposed of you being licensed to own and hold your own cash. This is the same with all operating systems like Ubuntu (Provided PGP Based License - See on Boot) - Microsoft Windows (OEM, MLC) and many other OS and systems for operating a site.

This is due to ownership laws of data and money and other things like this, impressionable cash everything, just say you needed for example to take on your credit card company you could included a hash in your transactional header of your credit card gateway and this would prove to a judge the money was made on your system was yours.

There are many benefits of this, this means you have better legal protection using XOOPS cause you can validate your system unlike most other CMS!! This will give you the package but WILL ALSO ALLOW to prove it was all done in that environment - this is partly why people provide license keys, and unlike most GPL that should have this - XOOPS Does now.

I have seen plenty of cases where online casinos have to take on the big names in banking/gateways over millions of dollars, this assistance from us is also to provide us with the legal grounds of being able to say, that is physically your copy of XOOPS as you are all uniquely identified.

hervet

Friend of XOOPS
Posted on: 2009/10/24 6:57
hervet
hervet (Show more)
Friend of XOOPS
Posts: 2267
Since: 2003/11/4
#2

Re: License Key Validation

Quote:

wishcraft wrote:
I am wondering who will offer the first validator for XOOPS, that is something that will validate your got a licenced version of Xoops..

Now it's a licencied product ? Not anymore Open Source ?

ghia

Community Support Member
Posted on: 2009/10/24 10:22
ghia
ghia (Show more)
Community Support Member
Posts: 4954
Since: 2008/7/3 1
#3

Re: License Key Validation

No, it could be addionally offered as a licensed product.
Now you get it for free, but without any warranties of any kind.
If you will offer XOOPS with some warranties, you need a protection of its integrety and also a manner to control some license. This thread explores the possibilities of doing so.

Mamba

Moderator
Posted on: 2009/10/24 13:58
Mamba
Mamba (Show more)
Moderator
Posts: 10810
Since: 2004/4/23
#4

Re: License Key Validation

This actually could be good for ISV as Herve - to sell paid support and making sure that the user is using a licensed/paid version of XOOPS when asking for support

wishcraft

Module Developer
Posted on: 2009/10/24 21:17
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#5

Re: License Key Validation

It already is a licensed product you two ("mamba" & "Ghai"), under GPL, It is more a comment about how many GPL Products don't give you a key.. In GPL/GNU it has been like buying a house but your ownly renting it afterwards without anyway of locking the front door.

So many people like you both have associated a license key/system key with a 'paid' product.. This for once is that at absolutely no charge free license key.. all with the ability to do validations and conformable system key.

That is key that uniquely identifies your product under the licensing as your own.. Under the terms of the license.php which has also been missing.

This for example is really useful in purchase products cause you can SOAP or CURL the license key to your base website or even generate a further key from it, hervet is definably in the thoughts of this.. as he can then ask for their key and generate a security system to stop breach of copyright of paid products.

Partly why I don't offer any as without this there is no way to secure your code... I also require it for the international support site and many other people.. Doesn't change the license, only embedded and keys it.

At the moment we are still tossing around having it in either the mainfile.php (which i don't think is a good idea for an easy upgrade and customised mainfile - as was with 2.3.3) or in the /include/license.php

wishcraft

Module Developer
Posted on: 2009/10/24 21:24
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#6

Re: License Key Validation

Quote:

hervet wrote:
Quote:

wishcraft wrote:
I am wondering who will offer the first validator for XOOPS, that is something that will validate your got a licenced version of Xoops..

Now it's a licencied product ? Not anymore Open Source ?


No still GNU/GPL just finally with a key, they should all offer this for legal indemnity that every single site made with xoops, is not run by XOOPS or installed by xoops.

Always be open source - but making a key you can distribute, is secure and also conform that is usable by other GPL was not the easy task..

wishcraft

Module Developer
Posted on: 2009/10/24 21:31
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#7

Re: License Key Validation

Quote:

ghia wrote:
No, it could be addionally offered as a licensed product.
Now you get it for free, but without any warranties of any kind.
If you will offer XOOPS with some warranties, you need a protection of its integrety and also a manner to control some license. This thread explores the possibilities of doing so.


There are plenty of product built from XOOPS that is a 'paided' licensed product. Xoosla is one of them.. In there example you would be able to change the enumerators in the keygen and the license.php headers like XOOPS_LICENSE_CODE, XOOPS_LICENSE_TEXT and have it as a paid product.

I think you are both being really amusing.. This was meant to be about validating the key..

wishcraft

Module Developer
Posted on: 2009/10/24 21:36
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#8

Re: License Key Validation

Quote:

Mamba wrote:
This actually could be good for ISV as Herve - to sell paid support and making sure that the user is using a licensed/paid version of XOOPS when asking for support


Yeah that is a valid point but mamba I think you are confusing XOOPS for a paid product, but i still needs a key in a distribution path this scale. But yeah hervet could have a module that uses curl or soap to check keys, run a cart and ticketing system etc that uses the key to generate his own hash that identifies his client without it there is no real way of knowing if someone has share there details..

It provides all this security that we haven't had and allows us to be uniquely identifiable to clients, xoops, and the greater good. This is physically as well.. Mind you talking about the physical world of xoops, my house has been much quieter since installing a copy of XOOPS with a key, I don't have every single page impression ever made by XOOPS at my water tap, or in the shower.

It will also be extremely useful in 2.5.0 with the PDO (Procedural Database Objects) for example image you are writting a module that uses MySQL AES_ENCRYPT or AES_DECRYPT, it gives you a hash that allows for unique cryptology of database on a spectral scale. Which means alot more security..