It is possible to get some example

Hello @pumukyyy

thank you for your message and for your interest in my plugin.

I have to ask first, do you want to use this plugin to license a plugin of your own? If so, then you must be aware of the fact that some users might just edit the plugin files themselves and circumvent the activation process.

If all your business logic is inside this plugin this process would be fairly easy for any somewhat-experienced PHP developer.

If this doesn’t bother you, then let me know and I’ll shoot an example your way ??

Hello again @drazenbebic.
Thank you for responding so quickly, the idea is to make a freemium add-on. I am new to this world, so I cannot think of another way to do a verification, I know it is very easy to avoid, is there any other way to make it more difficult?
would something like this be activated or deactivated?

 <?php 

if ( isset( $_REQUEST['activate_license'] ) || isset( $_REQUEST['deactivate_license'] ) ) {

    if ( ! wp_verify_nonce(  $_REQUEST['wfs_license_nonce'], 'wfs_license_nonce' ) ) {

        wp_die("Error - Invalid nonce verification ?");

    }else {

        $license_key = sanitize_text_field( $_REQUEST['wfs_license_key'] );             

        if ( isset( $_REQUEST['activate_license'] ) ) {

            $license_action = 'activate/';

        }elseif ( isset( $_REQUEST['deactivate_license'] ) ) {

            $license_action = 'deactivate/';
        }

        $api_params = array(
            
            'consumer_key' => WFS_CONSUMER_KEY,
            'consumer_secret' => WFS_CONSUMER_SECRET,
        );

        $url_params = WFS_LICENSE_SERVER_URL;
        $url_params .= $license_action;
        $url_params .= urlencode($license_key);

        $query = esc_url_raw( add_query_arg( $api_params, $url_params ) );
        $response = wp_remote_get($query, array('timeout' => 20, 'sslverify' => false));

        if ( is_array( $response ) && ! is_wp_error( $response ) ) {

            $license_data = json_decode( wp_remote_retrieve_body( $response ) );

            if( 1 == $license_data->success ){

                if ( isset( $_REQUEST['activate_license'] ) ) {

                    update_option( 'wfs_license_key', $license_key ); 

                }elseif ( isset( $_REQUEST['deactivate_license'] ) ) {

                    update_option( 'wfs_license_key', '' ); 
                }

            }else{

                $msg .= $license_data->message;
            }
        }else {

            _e( 'something did not go well when reading the license');
        }

    }
}

?>
<form action="" method="post" style="width:100%;">
    <?php wp_nonce_field( 'wfs_license_nonce', 'wfs_license_nonce' ); ?>
    <div class="content-label-share">
        <label class="label-share">
            <p class="label-p"><?php _e( 'License Key' ); ?></p>
            <input class="input-share" type="text" id="sample_license_key" name="wfs_license_key"  value="<?php echo get_option('wfs_license_key'); ?>" >
            <?php if ( !empty( $msg ) ) { echo '<p>'.$msg .'</p>'; } ?>
        </label>
    </div>  
    <p class="submit">
        <?php submit_button( __( 'Activate' ), 'primary', 'activate_license', false, array( 'id' => 'wsf-activate-license-id' ) ); ?>
        <?php submit_button( __( 'Deactivate' ), 'delete', 'deactivate_license', false, array( 'id' => 'wsf-deactivate-license-id' ) ); ?>
    </p>
</form>     
<?php 

Thanks for the help

• This reply was modified 4 years, 10 months ago by Pmk Web Dev.

And to verify the license I have something like that

$msg ='';
$result = '';
$api_params = array(
    'consumer_key' => WFS_CONSUMER_KEY,
    'consumer_secret' => WFS_CONSUMER_SECRET,
);

$url_params = WFS_LICENSE_SERVER_URL;
$url_params .= urlencode( get_option( 'wfs_license_key' ) );

$query = esc_url_raw( add_query_arg( $api_params, $url_params ) );
$response = wp_remote_get($query, array('timeout' => 20, 'sslverify' => true));

if ( is_array( $response ) && ! is_wp_error( $response ) ) {

    $license_data = json_decode( wp_remote_retrieve_body( $response ) );

    if( isset( $license_data->success ) &&  $license_data->success == 1 ) {

        $current_date = strtotime(date("Y-m-d H:i:00",time()));
        $expires_date = strtotime($license_data->data->expiresAt);

        if ( isset( $license_data->data->licenseKey) && strcmp ( $license_data->data->licenseKey, get_option('wfs_license_key') ) == 0 && $current_date < $expires_date ) {

            $result .= $license_data->data->licenseKey;

            $msg .= __( 'your license will be active until:' );
            $msg .= ' '. $license_data->data->expiresAt;

        }

    } else{

        $msg .= __( 'Invalid License' );
    
    } 

} else {

    $msg .=  __( 'something did not go well when reading the license' );

}

Hello @pumukyyy

Sorry for the late reply, I was sick the last couple of days.

Do you still need help with this?

hello again @drazenbebic
I hope you’re well, I still need your help, I’m a little stuck with the plugin

If you can give me an example of the best form of implementation, it would be helpful

Hello @pumukyyy

I’m sorry but I didn’t have much free time this week, and next one’s not looking much better either. However, I’ll write something up tomorrow, no worries ??

Thank you!????

Hello @pumukyyy

I haven’t been able to recreate your problem, I’m having some problems with my cURL libraries on my local development machine.

However, when I copy-paste the URL into POSTMAN it executes perfectly, that means that something’s not right with the code.

Hello again @drazenbebic.
With the code I gave you as an example, it works for me, but I wanted to know if there is any other way to make it safer.

Hello @pumukyyy

well it depends on your requirements. What exactly is this freemium add-on you mentioned? Is it a WordPress plugin? If so, then it’s impossible to do unless your business logic resides in a remote API.

If all your business logic resides inside this add-on and the source code is delivered to the users/customers (as is the case with WordPress) it will be trivially easy to circumvent.