forked from Stratusclear/asana_whmcs_addon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
checklicense.php
130 lines (128 loc) · 6.18 KB
/
checklicense.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
// Begin Check Function
function check_license($licensekey, $localkey = "") {
$whmcsurl = "http://stratusclear.com/billing/";
$licensing_secret_key = "2ntZMPRSrnRt3G^Y"; # Unique value, should match what is set in the product configuration for MD5 Hash Verification
$check_token = time() . md5(mt_rand(1000000000, 9999999999) . $licensekey);
$checkdate = date("Ymd"); # Current date
$usersip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR'];
$localkeydays = 15; # How long the local key is valid for in between remote checks
$allowcheckfaildays = 5; # How many days to allow after local key expiry before blocking access if connection cannot be made
$localkeyvalid = false;
if ($localkey) {
$localkey = str_replace("\n", '', $localkey); # Remove the line breaks
$localdata = substr($localkey, 0, strlen($localkey) - 32); # Extract License Data
$md5hash = substr($localkey, strlen($localkey) - 32); # Extract MD5 Hash
if ($md5hash == md5($localdata . $licensing_secret_key)) {
$localdata = strrev($localdata); # Reverse the string
$md5hash = substr($localdata, 0, 32); # Extract MD5 Hash
$localdata = substr($localdata, 32); # Extract License Data
$localdata = base64_decode($localdata);
$localkeyresults = unserialize($localdata);
$originalcheckdate = $localkeyresults["checkdate"];
if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
if ($originalcheckdate > $localexpiry) {
$localkeyvalid = true;
$results = $localkeyresults;
$validdomains = explode(",", $results["validdomain"]);
if (!in_array($_SERVER['SERVER_NAME'], $validdomains)) {
$localkeyvalid = false;
$localkeyresults["status"] = "Invalid";
$results = array();
}
$validips = explode(",", $results["validip"]);
if (!in_array($usersip, $validips)) {
$localkeyvalid = false;
$localkeyresults["status"] = "Invalid";
$results = array();
}
if ($results["validdirectory"] != dirname(__FILE__)) {
$localkeyvalid = false;
$localkeyresults["status"] = "Invalid";
$results = array();
}
}
}
}
}
if (!$localkeyvalid) {
$postfields["licensekey"] = $licensekey;
$postfields["domain"] = $_SERVER['SERVER_NAME'];
$postfields["ip"] = $usersip;
$postfields["dir"] = dirname(__FILE__);
if ($check_token)
$postfields["check_token"] = $check_token;
if (function_exists("curl_exec")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $whmcsurl . "modules/servers/licensing/verify.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
curl_close($ch);
} else {
$fp = fsockopen($whmcsurl, 80, $errno, $errstr, 5);
if ($fp) {
$querystring = "";
foreach ($postfields AS $k => $v) {
$querystring .= "$k=" . urlencode($v) . "&";
}
$header = "POST " . $whmcsurl . "modules/servers/licensing/verify.php HTTP/1.0\r\n";
$header.="Host: " . $whmcsurl . "\r\n";
$header.="Content-type: application/x-www-form-urlencoded\r\n";
$header.="Content-length: " . @strlen($querystring) . "\r\n";
$header.="Connection: close\r\n\r\n";
$header.=$querystring;
$data = "";
@stream_set_timeout($fp, 20);
@fputs($fp, $header);
$status = @socket_get_status($fp);
while (!@feof($fp) && $status) {
$data .= @fgets($fp, 1024);
$status = @socket_get_status($fp);
}
@fclose($fp);
}
}
if (!$data) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
if ($originalcheckdate > $localexpiry) {
$results = $localkeyresults;
} else {
$results["status"] = "Invalid";
$results["description"] = "Remote Check Failed";
return $results;
}
} else {
preg_match_all('/<(.*?)>([^<]+)<\/\\1>/i', $data, $matches);
$results = array();
foreach ($matches[1] AS $k => $v) {
$results[$v] = $matches[2][$k];
}
}
if ($results["md5hash"]) {
if ($results["md5hash"] != md5($licensing_secret_key . $check_token)) {
$results["status"] = "Invalid";
$results["description"] = "MD5 Checksum Verification Failed";
return $results;
}
}
if ($results["status"] == "Active") {
$results["checkdate"] = $checkdate;
$data_encoded = serialize($results);
$data_encoded = base64_encode($data_encoded);
$data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
$data_encoded = strrev($data_encoded);
$data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
$data_encoded = wordwrap($data_encoded, 80, "\n", true);
$results["localkey"] = $data_encoded;
}
$results["remotecheck"] = true;
}
unset($postfields, $data, $matches, $whmcsurl, $licensing_secret_key, $checkdate, $usersip, $localkeydays, $allowcheckfaildays, $md5hash);
return $results;
}
// End Check Function
?>