Home » Support » User Manual » The Software Licensing System » Serial number generators » PHP-Based Serial Number Generator

PHP-Based Serial Number Generator

The full version of PHP-based generator can be found in Keygen\PHP folder, below you will find description of the most interesting details.

Setup of PHP-based generator

At the top of keygen.php file there are some lines that setup the generator:

//////////////////////////////////////////////////////////////////////////////////////////////
// The following lines should be generated by VMProtect
$exported_algorithm = "RSA";
$exported_bits = 2048;
$exported_private = "PJvj4kEpoQMIpYK+9wEt......xKeiSZgzdiln8Q==";
$exported_modulus = "rOlny/3QgZb/VmGr3CmY......I6ESAUmtQ+RBqQ==";
$exported_product_code = "oLQdGUn8kVk=";
//////////////////////////////////////////////////////////////////////////////////////////////

This code is generated by VMProtect (see Export Key Pair section for details). It is important to copy it without errors. Otherwise serial numbers will not be generated or will not work with protected application.

Serial number content

In the next lines of keygen.php we’ll provide data that will be placed to the new serial number. Data stored in the keyed array, some of them may absent. All fields are the same as in VMProtect, when you create a new license.

$params = array(
	user_name => "John Doe", // UTF-8!
	email => "john@doe.com",
	hwid => "vHGMdMRvGCPjWcCQ", // Exactly as returned by VMProtectGetCurrentHWID
	expire_date => array(year => 2009, month => 10, day => 1),
	maxbuild_date => array(year => 2009, month => 10, day => 1),
	time_limit => 10,
	user_data => base64_decode("CGCvRvMWcPHGdMjQ"), // string of bytes
	);

Handler function for successfull generation

Next code block in keygen.php is a function that will be called if the serial number will be generated end encrypted without errors. It has single parameter – string with new serial number. The purpose of the function is to send serial number to the payment processing service. As the generator is called by HTTP-query and this is PHP – just print it using echo command. You may want to split it to lines of 75 characters length. You may also want to send yourself a copy of the serial number or put it to the database. This is up to you.

function OnSerialGenerated($serial)
{
	$serial = wordwrap($serial, 75, "\n", true);
	echo $serial;
}

Handler function for failed generation

The last piece of code in keygen.php is a function that will be called in case of any problems while generation or encryption. Function has single parameter – english text that describes what was wrong.

function OnSerialGenerationFailed($details)
{
	echo "You will receive serial number in the next 24 hours"; // message to the customer
//	mail("support@vendor.com", "Houston, we have a problem", $details); // message to vendor
}

This fucntion can be called if user name doesn’t fit to the serial number or if serial number is too long, or if encryption failed because of bad parameters. There are many reasons why this function may be called. You should do two things here. First of all, you have to reply something to payment processing service that called you. It waits for serial number, but you don’t have it, so just reply “The serial number will be sent to you in 24 hours”.

Afther that collect all the information you can. Collect input parameters, $params block, description of the problem that you received as a parameter. Collect $_GET and $_POST arrays and send them all to yourself by e-mail. You have to generate serial number yourself, so you need as much information as possible. Do not call die() here. It will be called automatically a bit later.

Notes

The PHP-based serial number generator is very simple. It doesn’t care about recomendations given here. It doesn’t check caller’s IP address and doesn’t read input parameters. Do not forget to follow the recomendations while modifying the generator for your needs.

The serial number generator accepts user name and e-mail in UTF-8 encoding. Ask your payment processing service about encoding they use to send you those parameters. Maybe you will have to convert them before creating serial number. Incorrect encoding will not break serial number, but if you want to display user name or e-mail in “About” window – it is better to use UTF-8.

Asymmetric encryption is a time and CPU consuming process. Being implemented using plain PHP it may take up to 20 seconds to encrypt serial number with 2048-bits RSA key. The serial number generator tries to use accelerated functions if any of them exists. It tries gmp_powm, bi_powmod, bcpowmod and falls back to PHP if none of them presents. The first one works 20 times faster than the last one, so it is better to check what functions are supported by your host and maybe ask system administrator to enable faster functions to speedup number generation process.