: In highly sensitive setups, execute a small but vital piece of code on your licensing server and pass the result back to the client via API. Leverage Code Obfuscation
return $payload['features']; // Return entitlements
Software piracy and unauthorized redistribution are constant challenges for PHP developers. When selling premium WordPress plugins, Laravel packages, or standalone PHP scripts, a robust licensing system is essential to protect your intellectual property and secure your revenue.
First, create a table to store your license keys and their associated metadata. php license key system github hot
A license key system is a mechanism to control access to software functionality. It serves several purposes:
The server handles incoming API requests from your distributed software and checks them against a database of valid keys. 1. Database Schema
Your license server needs to track which keys belong to which users and where they are being deployed. A minimal database schema includes: : In highly sensitive setups, execute a small
How do you plan to ? (WooCommerce, Lemon Squeezy, Stripe, Paddle?)
✅ – Bind keys to $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] (or better, a machine fingerprint). ✅ Grace period – Allow 7 days of “trial mode” even with an invalid key. ✅ Deactivation endpoint – Let users release a license from an old install via a simple ?action=deactivate .
// Server-side validation endpoint (validate.php) header('Content-Type: application/json'); $licenseKey = $_POST['license_key'] ?? ''; $domain = parse_url($_POST['domain'] ?? '', PHP_URL_HOST); // 1. Database Lookup (Pseudo-code) $license = findLicenseInDatabase($licenseKey); if (!$license || $license['status'] !== 'active') echo json_encode(['status' => 'invalid', 'message' => 'License is inactive or does not exist.']); exit; // 2. Prepare Payload $responseData = [ 'status' => 'valid', 'license_key' => $licenseKey, 'domain' => $domain, 'expires_at' => $license['expires_at'], 'timestamp' => time() ]; $payload = json_encode($responseData); // 3. Sign the payload using OpenSSL private key $privateKey = openssl_pkey_get_private(file_get_contents('private_key.pem')); openssl_sign($payload, $signature, $privateKey, OPENSSL_ALGO_SHA256); echo json_encode([ 'data' => $payload, 'signature' => base64_encode($signature) ]); Use code with caution. Step 3: Client-Side Remote Phone Home (Client Side) First, create a table to store your license
: The client (the software being licensed) sends the key and potentially a machine-specific identifier (HWID) to the server via a POST request.
As a developer, protecting your software from unauthorized use is crucial. One effective way to achieve this is by implementing a license key system. In this post, we'll explore how to create a PHP license key system and make it secure.