1

I am wanting to have a webpage check for a validation key that is stored in a mysql database. In the database I have 1000 serial numbers stored.

After a serial number gets validated I would like for it to return me to the page and NOT ask me for a serial number again.

Here is what I have so far:

<?php 
require 'keygen-connect.php';
$key = addslashes(htmlentities($_GET['key']));
if ($key == "") {
die("No key found");
}
$query = "SELECT * FROM `keys` WHERE key='".$key."'";
$result = mysql_query($query) or die("Could not execute query");
if (mysql_num_rows($result) > 0) {
echo "Key valid";
// Setting the key activated
$query = "UPDATE `keys` SET activation='yes' WHERE `key`='".$key."'";
$result = mysql_query($query);
} else {
echo "Key invalid";
}
?>

This is saved as a file on my server called "keygen-validate.php". This file will connect to my database and look through the serial numbers to make sure it is ok.

Where I am having trouble is the part that tells my page to run the serial number through the keygen-validation.php file.

<!DOCTYPE html>
<html lang="en">
  <head>
    <?php 
     // what do I need to put here to have this page run this serial number
    784a97bf1955d5f7a2b9dd6c1e371e17b73c42bc
    through the keygen-validation.php file?
    ?>
  </head>
  <body>
  </body>
</html>

I should also add that this is meant to be something simple. I do not need the pricey options. I'm sure that folks could easily do things to circumvent my efforts but this is as much of a learning project as anything else.

Thanks

Also, it has been pointed out that I need to update to pdo ... so, yeah, I'm working on that :)

KulerGary
  • 217
  • 1
  • 4
  • 17
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Sep 24 '15 at 17:33
  • 2
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Sep 24 '15 at 17:33
  • `key='%20or%201%3D1` this in your URL would activate all keys – SparK Sep 24 '15 at 17:57
  • Jay - You are 100% correct and I will fix that. I'm combing through some really old code updating it as I go along. Thnx for reminder. – KulerGary Sep 24 '15 at 18:16
  • Spark - I'm not sure I understand what you are getting at ... – KulerGary Sep 24 '15 at 18:18
  • Spark - Nevermind ... I looked it up and see what you were getting at – KulerGary Sep 24 '15 at 18:21

3 Answers3

0

PHP is completely unnecessary on your front-end. All you need is a <form> with an input for the key, which submits to your PHP script for back-end processing.

<form action="keygen-validate.php">
  <input type="text" name="key">
  ...

The submitted value will arrive in your PHP file in $_GET['key'] as required.

user229044
  • 232,980
  • 40
  • 330
  • 338
  • The OP wants in the script head, as a means of validation I guess? – SparK Sep 24 '15 at 17:49
  • I can get this to work in a form as you suggest but what I really need is that after a number gets validated as "good" to return me to the original page and NOT ask for my serial number again. – KulerGary Sep 24 '15 at 18:14
  • @KulerGary That's a much larger question that the one you've asked. – user229044 Sep 24 '15 at 18:15
0

Since you are using GET, you can submit the data using a form, and an action of GET.

So, for example:

<form action="keygen-validate.php" method="get"> Serial Number:<br /> <input type="*inputType*" name="*key*" /> </form>

That way, GET can retrieve your 'key' parameter.

I haven't done anything with PHP in quite some time, so someone feel free to correct / expand on this.

T. Google
  • 11
  • 4
0

If you want to check a serial key in every page you load and the serial key is already in the URL all you need to do is include your script and instead of echoing the result for "invalid key" you call exit() or set a header() with proper 401 error.

Other ways to achieving what you want is to wrap your validation in a function with a $key para meter instead of reading from $_GET. Then on your page you include your script and call its function passing the $key value to it.

SparK
  • 5,181
  • 2
  • 23
  • 32