(adsbygoogle = window.adsbygoogle || []).push({}); I'm slowly starting to understand and learn PHP/SQL so i wrote up this licensing system.

Basically what this does is uses an api to check if the key is valid or not.

Features:
Login with license key.
View content for people that are logged in only.
Logout.
API System
Check if key is valid

Images:

You must login or register to view this content.
You must login or register to view this content.


Installation:

Upload the SQL file to PHPMyAdmin.
Make sure to edit the db.php file in /inc with your database details.[/SIZE]

Download:

You must login or register to view this content.

This is a nice start, checked it out and it's not bad for starting.

Few notes, probably easier to read in an actual editor..
Code does work, tested it on localhost.
Removed styling for less characters, etc.
index.php:
If I forgot anything or you have a question quote or PM me.

    

<?php

session_start(); // better to use session_start() at top

$paginaname = 'Home'; // not sure what this is, removed it

include 'header.php'; // The following file is missing, not sure if it's supposed to be in the download or not.

include 'api.php'; // You'll see why I did this later on.

?>

<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <title>Licensing System</title>

    <meta name="viewport" content="width=device-width, initial-scale=1">

    <link rel="stylesheet" href="theme/bootstrap.css" media="screen">

    <link rel="stylesheet" href="theme/usebootstrap.css">

	<link rel="shortcut icon" type="image/png" href="https://www.nextgenupdate.com/forums/images/smilies/wat.png"/>

  </head>

  <body>

    <div class="navbar navbar-default navbar-fixed-top">

      <div class="container">

        <div class="navbar-header">

          <a href="" class="navbar-brand">Passion</a>

          <button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#navbar-main">

            <span class="icon-bar"></span>

            <span class="icon-bar"></span>

            <span class="icon-bar"></span>

          </button>

        </div>

        <div class="navbar-collapse collapse" id="navbar-main">

          

		  <ul class="nav navbar-nav">

		    <li><a href="index.php">Home</a></li>

            <li><a href="api.php">API</a></li>

			<li><a href="check.php">Check</a></li>

		  </ul>

		  

        </div>

      </div>

    </div>

     <div class="container">

    <div class="row">

        <div class='col-md-3'></div>

        <div class="col-md-6">

            <div class="login-box well">

			<?php

                if(isset($_POST['submit'])){

                    $key = strtolower($_POST['password']); // changed the variable $password  to  $key for the function, though you can use $password, just change it  in the function.

                    strtolower($key); // moved this to the above, less lines, etc

                    if(empty($key)){ // instead of $password == '', just use empty(), like in api.php

                        echo "Please enter a key.";

                    } else

                    {

                        $ip = include "https://localhost/api.php?key={$password}"; // Removed this.

                        if (getKey($key)) // You'll see why I changed this in api.php, and this is why we included api.php at the top, so it knows where the function is.

                        {

                            $_SESSION['password'] = $key; 

                        }

                        else {

                            echo '<div class="alert alert-dismissable alert-danger">

                                    <button type="button" class="close" data-dismiss="alert">×</button>

                                    Key is invalid.

                                  </div>';

                        }

					

                    }

 

                }

            ?>

                    <form method="post">

                        <legend><?php echo isset($_SESSION['password']);// if $_SESSION['password'] isn't set, it'll throw an error.. There's two possible ways to fix this. 1) Disable PHP errors (cheap way). 2) Add the function isset(), what this does is check if the session is set, if not then it won't echo anything.

                            echo isset($error); // this is why we made  the invalid key statemant a variable. 

                            ?></legend> 

                        <div class="form-group">

                            <label for="password">License KEY</label>

                            <input id="password" name="password" placeholder="Password" type="text" class="form-control" autocomplete="off" required /> // this is now required and doesn't show past entries

                        </div>

                        <div class="form-group">						

                            <input type="submit" name="submit" class="btn btn-info btn-lg btn-block" value="Login" />

                            <center><?php if (isset($_SESSION['password'])) { echo 'Logged in'; } else { echo 'Please log in'; } ?></center>

                        </div>

                    </form>

                

            </div>

        </div>

    </div>

</div>





    <script src="https://code.jquery.com/jquery-1.10.2.min.js"></script>

    <script src="bootstrap/bootstrap.min.js"></script>

	<script src="bootstrap/usebootstrap.js"></script>

  </body>

</html>

API.php:

    

<?php

 require_once 'inc/db.php';





    function getKey($key) // Creating the function. Here's  where you can change this to $password

	{

        global $odb; // In functions, if the variable isn't used within it, it has to be made global, since $odb (the db connection variable) isn't defined within the function, we have to let the function know it exists.

		 $SQLGetInfo = $odb->prepare("SELECT * FROM `keys` WHERE `key` = :key LIMIT 1");

         $SQLGetInfo->bindParam(':key', $key);

         $SQLGetInfo->execute();

         $keyinfo = $SQLGetInfo->fetch(PDO::FETCH_ASSOC);

         if($SQLGetInfo->rowCount() > 0) { // this checks to see if the key entered exists, if the value is less than or equal to 0, it doesn't.

             $keys = $keyinfo['key']; // this sends the key to index.php to echo it out.

             return true; // this lets index.php that the key match was successful

         } 

        /* removed the following due to already being on index.php

         else { 

             die("Key is invalid."); 

         }

        */

	}

?>

for logging in, store the username in the cookie for the original login, and retrieve it using echo $username (or whatever u named it), in a certain element

Sessions are better

I would suggest implementing some sort of 'fingerprint' check to your sessions to help prevent hijacking. Easiest way you could go about this would be to check the agent and/or IP of the remote user. I'm fairly certain I did post something quite a while back about this, but it seems to have been removed for some reason. I guess it was just too old?

Yeah, however, u can get the sessions token from chrome or any other browser, and set it to another PC (which can people make 'token-logger'

Don't do this. This allows anyone to edit the cookie to whatever name they want and login as that person. If you're going to use cookies, generate some unique identifier for each person and store that in the database and the cookie. Then you can compare it that way and log people in. Make sure it's a completely unique id and not something that's publicly visible (like a userid, username, etc). You also shouldn't use their hashed password as the cookie either.

just like vB

:| Okay guys, time to build a legit Login System for you all :|

suprise us