How do I use a php function to check if a license key is in a mySQL database and if so then it will download something

Question

I have been looking around now for this solution for about 3 hours and since I am very new to MySQL and PHP I am having tons of trouble when trying to require someone to put a valid license key in a input area and if it is and they hit the "download" button then it will do an onClick function in PHP that checks to see if the license key they entered is in the licensing database.

<div class="licensedownload">
    <form action="download.php"  method="post">
    <div class="inside-license">
        <p class="license-header">blah</p>
    </div>
    &nbsp;
      <input type="text" class="license-box" placeholder="License Key"         required>
      &nbsp;
      <button type="submit" class="verified-download" name="submit"     onClick="download.php">Download</button>
      </form>
      &nbsp;
      <button type="submit" class="verified-download"     name="submit">Purchase</button>

    </div>

And here's my PHP.

 $mysqli = new mysqli('a', 'a', 'a', 
  'a');
$result = $mysqli->query("SELECT *  FROM `License Key` WHERE `License` LIKE 
 \'licensekeyhere\'");
if($result->num_rows == 0) {

} else {

header('Content-Type: application/download');
  header('Content-Disposition: attachment; filename="file.rar"');
  header("Content-Length: " . filesize("file.rar"));
 $fp = fopen("file.rar", "r");
 fpassthru($fp);
 fclose($fp);
}
$mysqli->close();

Okay, I've reviewed some of the comments and I now have

  if($_POST['licensecheck'] != 'CORRECT LICENSE KEY HERE') {

} 
else 
{

header('Content-Type: application/download');
 header('Content-Disposition: attachment; filename="Deluxe Viewbot.rar"');
header("Content-Length: " . filesize("Deluxe Viewbot.rar"));
$fp = fopen("Deluxe Viewbot.rar", "r");
fpassthru($fp);
fclose($fp);

}
$mysqli->close();

But for some reason it's still not downloading anything when I enter the correct license key and hit the download button?

Your code is open to [SQL injection](https://stackoverflow.com/q/332365/2469308) related attacks. Please learn to use [Prepared Statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Madhur Bhaiya, Oct 10 '18 at 10:08
what exactly is the problem? Btw, remove that onclick stuff, that's javascript and not needed — delboy1978uk, Oct 10 '18 at 10:11
@delboy1978uk The problem is that when I insert the correct license key that I have and hit download it isn't downloading the file. Like I said, I need a function to determine whether or not the license key someone is putting in is in the database or not and if it is, then it will download a file, and if its not then it will return and do nothing. — Essence, Oct 10 '18 at 10:15
Your licensekey input field should have a `name` attribute so you can check it. https://secure.php.net/manual/en/tutorial.forms.php — brombeer, Oct 10 '18 at 10:18
`onClick="download.php"` ... what are you expecting that to do? Why do you have 2 *submit* buttons on your form which *seem* like they should do different things? — CD001, Oct 10 '18 at 10:21
well spotted kerbholz, that is indeed his problem. Without a name, it won't appear in a POST request. Put it in an answer! — delboy1978uk, Oct 10 '18 at 10:22

score 0 · Accepted Answer · answered Oct 10 '18 at 10:26

0

Your input field is missing a name attribute. Change

<input type="text" class="license-box" placeholder="License Key"         required>

to

<input name="licensekey" type="text" class="license-box" placeholder="License Key" required>

You can then access the value of that input field via $_POST['licensekey'] in your PHP script. Read more on form handling: https://secure.php.net/manual/en/tutorial.forms.php

Note: you can use any name you want (as long as it doesn't already exist), just make sure the name matches the $_POST variable.

answered Oct 10 '18 at 10:26

brombeer

8,716
5
21
27

Hey I have done this now and I am still getting issues. I think there's something wrong with my php – Essence Oct 10 '18 at 10:45
What "issues" are you getting? Form not submitting? Wrong file downloaded? Have you turned on error_reporting to see any possible errors? Does the "download" part work on its own? – brombeer Oct 10 '18 at 10:50
My error_log folder is showing errors but they're not from anything related to what I'm trying to do. Apart from that the actual error is that it's still not downloading anything at all when I input the correct license key and hit the "download" button. What it should do is check if the input text is equal to a specific license key (for example: password1) and if password1 is in the input text when I hit "download" it should download the file that I have in the same directory. And if you don't enter the correct password (you enter password2) then it should not download anything. – Essence Oct 10 '18 at 10:54
Have you made sure your download part works on its own? Do you output anything else before sending `header`s? – brombeer Oct 10 '18 at 10:59
I've tried like 5 different ways to download and every time I click download it just opens the https://website.com/download.php with a blank white page, no download or anything. – Essence Oct 10 '18 at 11:13
You don't seem to want to answer my questions. Turn on error_reporting, display_errors and stuff to see any errors that occur in your script. Strip out the part with the licensekey check form and make sure the download part of your script works. Just run a script that has your `header('Content-Type: ... fclose($fp);` part in it. – brombeer Oct 10 '18 at 11:17
I took out the license check form and kept in the download stuff and the download didn't go at all, it just opened a white page. So the downloading script doesn't work. So then I just tested the $_POST['blah'] != 'blah'; stuff and that code didn't work either? – Essence Oct 10 '18 at 11:23
Add `ini_set('display_errors',1); error_reporting(E_ALL);` before your download to see any errors. Your script most likely can't find the file, maybe due to the space ` ` in the filename. – brombeer Oct 10 '18 at 11:30
Holy shit I'm too high for this. I was editing the wrong download.php file that entire time. I was using an old download.php file that I had in a different folder. I'll let you know if this all works now lol sorry – Essence Oct 10 '18 at 11:33
Don't do drugs and develop, kids! ;) – brombeer Oct 10 '18 at 11:35

How do I use a php function to check if a license key is in a mySQL database and if so then it will download something

1 Answers1