- Laravel Can't Generate An Application Key On Facebook
- Laravel Can't Generate An Application Key On Android
- What Is Php Laravel
Feb 12, 2020 This video is unavailable. Watch Queue Queue. Watch Queue Queue. Jun 22, 2015 Welcome to the incredibly popular Easy Laravel 5 companion blog. To celebrate the new edition's release (updated for Laravel 5.5!) use the discount code easteregg to receive 20% off the book or book/video package! » Buy the book The One-to-Many (also known as the Has Many) relationship is useful when you want to relate one table record to one or many other table records.
How can I create a product key for my C# Application?
I need to create a product (or license) key that I update annually. Additionally I need to create one for trial versions.
Related:
Answers:
You can do something like create a record which contains the data you want to authenticate to the application. This could include anything you want – e.g. program features to enable, expiry date, name of the user (if you want to bind it to a user). Then encrypt that using some crypto algorithm with a fixed key or hash it. Then you just verify it within your program. One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it).
Beware of false sense of security though – sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. It doesn’t matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this. Even if they can’t someone will, and will distribute the hacked version. Same applies even if you supply a dongle – if someone wants to, they can patch out the check for that too. Digitally signing your code won’t help, they can remove that signature, or resign it.
You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof. So you should just make it difficult enough that an honest user will not forget to pay. Also be very careful that your scheme does not become obtrusive to paying users – it’s better to have some ripped off copies than for your paying customers not to be able to use what they have paid for.
Another option is to have an online check – just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period. All the same caveats apply though – people can get round anything like this.
Consider also the support costs of having to deal with users who have forgotten their key, etc.
edit: I just want to add, don’t invest too much time in this or think that somehow your convoluted scheme will be different and uncrackable. It won’t, and cannot be as long as people control the hardware and OS your program runs on. Developers have been trying to come up with ever more complex schemes for this, thinking that if they develop their own system for it then it will be known only to them and therefore ‘more secure’. But it really is the programming equivalent of trying to build a perpetual motion machine. 🙂
Answers:
Who do you trust?
I’ve always considered this area too critical to trust a third party to manage the runtime security of your application. Once that component is cracked for one application, it’s cracked for all applications. It happened to Discreet in five minutes once they went with a third-party license solution for 3ds Max years ago… Good times!
Seriously, consider rolling your own for having complete control over your algorithm. If you do, consider using components in your key along the lines of:
- License Name – the name of client (if any) you’re licensing. Useful for managing company deployments – make them feel special to have a “personalised” name in the license information you supply them.
- Date of license expiry
- Number of users to run under the same license. This assumes you have a way of tracking running instances across a site, in a server-ish way
- Feature codes – to let you use the same licensing system across multiple features, and across multiple products. Of course if it’s cracked for one product it’s cracked for all.
Then checksum the hell out of them and add whatever (reversable) encryption you want to it to make it harder to crack.
To make a trial license key, simply have set values for the above values that translate as “trial mode”.
And since this is now probably the most important code in your application/company, on top of/instead of obfuscation consider putting the decrypt routines in a native DLL file and simply P/Invoke to it.
Several companies I’ve worked for have adopted generalised approaches for this with great success. Or maybe the products weren’t worth cracking 😉
Answers:
Whether it’s trivial or hard to crack, I’m not sure that it really makes much of a difference.
The likelihood of your app being cracked is far more proportional to its usefulness rather than the strength of the product key handling.
Personally, I think there are two classes of user. Those who pay. Those who don’t. The ones that do will likely do so with even the most trivial protection. Those who don’t will wait for a crack or look elsewhere. Either way, it won’t get you any more money.
Laravel Can't Generate An Application Key On Facebook
Answers:
If you are asking about the keys that you can type in, like Windows product keys, then they are based on some checks. If you are talking about the keys that you have to copy paste, then they are based on a digitial signature (private key encryption).
A simple product key logic could be to start with saying that the product key consists of four 5-digit groups, like
abcde-fghij-kljmo-pqrst
, and then go on to specify internal relationships like f+k+p should equal a, meaning the first digits of the 2, 3 and 4 group should total to a. This means that 8xxxx-2xxxx-4xxxx-2xxxx is valid, so is 8xxxx-1xxxx-0xxxx-7xxxx. Of course, there would be other relationships as well, including complex relations like, if the second digit of the first group is odd, then the last digit of the last group should be odd too. This way there would be generators for product keys and verification of product keys would simply check if it matches all the rules.Encryption are normally the string of information about the license encrypted using a private key ( digitally signed) and converted to Base64. The public key is distributed with the application. When the Base64 string arrives, it is verified (decrypted) by the public key and if found valid, the product is activated.
Answers:
There is the option Microsoft Software Licensing and Protection (SLP) Services as well. After reading about it I really wish I could use it.
I really like the idea of blocking parts of code based on the license. Hot stuff, and the most secure for .NET. Interesting read even if you don’t use it!
Microsoft® Software Licensing and
Protection (SLP) Services is a
software activation service that
enables independent software vendors
(ISVs) to adopt flexible licensing
terms for their customers. Microsoft
SLP Services employs a unique
protection method that helps safeguard
your application and licensing
information allowing you to get to
market faster while increasing
customer compliance.
Protection (SLP) Services is a
software activation service that
enables independent software vendors
(ISVs) to adopt flexible licensing
terms for their customers. Microsoft
SLP Services employs a unique
protection method that helps safeguard
your application and licensing
information allowing you to get to
market faster while increasing
customer compliance.
Note: This is the only way I would release a product with sensitive code (such as a valuable algorithm).
Answers:
I have to admit I’d do something rather insane.
- Find a CPU bottleneck and extract it to a P/Invokeable DLL file.
- As a post build action, encrypt part of the DLL file with an XOR
encryption key. - Select a public/private key scheme, include public key in the DLL file
- Arrange so that decrypting the product key and XORing the two
halves together results in the encryption key for the DLL. - In the DLL’s DllMain code, disable protection (PAGE_EXECUTE_READWRITE)
and decrypt it with the key. - Make a LicenseCheck() method that makes a sanity check of the
license key and parameters, then checksums entire DLL file, throwing
license violation on either. Oh, and do some other initialization
here.
When they find and remove the LicenseCheck, what fun will follow
when the DLL starts segmentation faulting.
when the DLL starts segmentation faulting.
Answers:
If you want a simple solution just to create and verify serial numbers, try Ellipter. Monster hunter generations ultimate key quests hr 13. It uses elliptic curves cryptography and has an “Expiration Date” feature so you can create trial verisons or time-limited registration keys.
Answers:
Another good inexpensive tool for product keys and activations is a product called InstallKey. Take a look at www.lomacons.com
Answers:
The trick is to have an algorithm that only you know (such that it could be decoded at the other end).
There are simple things like, “Pick a prime number and add a magic number to it”
More convoluted options such as using asymmetric encryption of a set of binary data (that could include a unique identifier, version numbers, etc) and distribute the encrypted data as the key.
Might also be worth reading the responses to this question as well
Answers:
There are some tools and API’s available for it. However, I do not think you’ll find one for free 😉
There is for instance the OLicense suite:
http://www.olicense.de/index.php?lang=en
http://www.olicense.de/index.php?lang=en
Answers:
You can check LicenseSpot. It provides:
- Free Licensing Component
- Online Activation
- API to integrate your app and online store
- Serial number generation
- Revoke licenses
- Subscription Management
Answers:
One simple method is using a Globally Unique Identifier (GUID). GUIDs are usually stored as 128-bit values and are commonly displayed as 32 hexadecimal digits with groups separated by hyphens, such as
{21EC2020-3AEA-4069-A2DD-08002B30309D}
.Use the following code in C# by
System.Guid.NewGuid()
.I hope it helps.
Answers:
Please check this answer: https://stackoverflow.com/a/38598174/1275924
The idea is to use SKM Platform as the license server. Here’s a step-by-step example (in VB.NET)
Answers:
I’m going to piggyback a bit on @frankodwyer’s great answer and dig a little deeper into online-based licensing. I’m the founder of Keygen, a licensing REST API built for developers.
Since you mentioned wanting 2 “types” of licenses for your application, i.e. a “full version” and a “trial version”, we can simplify that and use a feature license model where you license specific features of your application (in this case, there’s a “full” feature-set and a “trial” feature-set).
To start off, we could create 2 license types (called policies in Keygen) and whenever a user registers an account you can generate a “trial” license for them to start out (the “trial” license implements our “trial” feature policy), which you can use to do various checks within the app e.g. can user use Trial-Feature-A and Trial-Feature-B.
And building on that, whenever a user purchases your app (whether you’re using PayPal, Stripe, etc.), you can generate a license implementing the “full” feature policy and associate it with the user’s account. Now within your app you can check if the user has a “full” license that can do Pro-Feature-X and Pro-Feature-Y (by doing something like
user.HasLicenseFor(FEATURE_POLICY_ID)
).I mentioned allowing your users to create user accounts—what do I mean by that? I’ve gone into this in detail in a couple other answers, but a quick rundown as to why I think this is a superior way to authenticate and identify your users:
- User accounts let you associate multiple licenses and multiple machines to a single user, giving you insight into your customer’s behavior and to prompt them for “in-app purchases” i.e. purchasing your “full” version (kind of like mobile apps).
- We shouldn’t require our customers to input long license keys, which are both tedious to input and hard to keep track of i.e. they get lost easily. (Try searching “lost license key” on Twitter!)
- Customers are accustomed to using an email/password; I think we should do what people are used to doing so that we can provide a good user experience (UX).
Of course, if you don’t want to handle user accounts and you want your users to input license keys, that’s completely fine (and Keygen supports doing that as well). I’m just offering another way to go about handling that aspect of licensing and hopefully provide a nice UX for your customers.
Finally since you also mentioned that you want to update these licenses annually, you can set a duration on your policies so that “full” licenses will expire after a year and “trial” licenses last say 2 weeks, requiring that your users purchase a new license after expiration.
I could dig in more, getting into associating machines with users and things like that, but I thought I’d try to keep this answer short and focus on simply licensing features to your users.
Tags: c++
This is the first part of a series of tutorials by Michael Heap, covering how to build a multi-channel help desk system with Laravel. In this post, we’ll take a basic web based help desk system and extend it to send and receive SMS messages using the built-in Laravel notification system (which is powered by Nexmo).
Prerequisites
To work through this post, you’ll need a Nexmo account and the Nexmo Command Line tool installed and configured, as well as your usual Laravel prerequisites.
In the second half of the post, we’ll be receiving webhooks from Nexmo when you receive an SMS message, so you’ll need to expose your local web server somehow. We recommend using ngrok for this.
Getting started
Scaffolding an application and generating models and migrations is tedious, and getting you to create forms and views is even worse. To save everyone a lot of pain, we’ve created a quick start repository that you can clone and run that has all of the boring work done for you.
Start by forking the Deskmo repository so that once you’ve made some changes, you can commit them back to Github. Then, clone the
initial-scaffolding
branch on to your local machine. This branch contains pre-generated models, migrations, and forms.Once you have the repository on your machine, copy
.env.example
to .env
and edit any values (e.g. database credentials) that you may need to change for your application to run.The next thing to do is run
composer install
to fetch all of our dependencies. This is a vanilla Laravel install, with the exception of laravelcollective/html
being added for our form generation.Once Composer has finished, it’s time to run our application. Generate ssh login key for non existing client account. We need to generate a new application key, run our database migrations and start the built in web server
To use the application, you’ll need to register an account (don’t worry, this is just in your local database!). You might notice that the registration form has an additional field,
phone_number
. This is the number we’ll send an SMS to later on so make sure you enter your number carefully in international format, omitting the leading 0 (e.g. 14155550100). If you’re interested in learning how to add additional fields to your registration form, take a look at this commit.Creating an account will automatically log you in and take you to a page that says there are no tickets. Click on New Ticket in the top right and create a new ticket.
Your “Recipient User ID” will be “1”. This could be a nice autocomplete at some point, but entering the user ID works just as well for now
Once you click Submit it should take you back to the list of tickets, but this time the ticket your just created should be shown.
We’re finally in a position to start writing code! Although we have a system that allows you to create tickets there’s still a lot more that it can do. In the rest of this post, we’ll purchase a Nexmo phone number, send an SMS notification whenever a ticket is created and allow the customer to reply to the ticket via SMS.
Purchasing a Nexmo phone number
We mentioned earlier that we’d need a Nexmo phone number to receive SMS messages, and that they’d be sent to us as a webhook. To make it easy for people to reply, we’ll use the same number as our outbound number too.
You can purchase and configure a number via the Nexmo Dashboard, but today we’ll be using the Nexmo CLI.
To purchase a number, we use the
number:search
command to find a number with both SMS and voice support, then the number:buy
command to purchase that number. We’re buying a US number here, but you can replace US with any of the 45+ countries that Nexmo has local numbers in.Make a note of the number returned as we’ll need it very soon.
Configuring Nexmo
To send an SMS notification via Laravel’s notification system, we need to install
nexmo/client
with composer and configure our application with our Nexmo API key and secret, plus the number that we just bought.Install
nexmo/client
by running composer require nexmo/client
. Next, edit config/services.php
and add the following configuration options:Finally, edit
.env
and provide your API key, secret and Nexmo number. It should look like this:That’s all it takes to integrate Nexmo with Laravel’s notification system – one
composer install
and three config values.Sending a notification
We’re now in a position to send a notification, but we don’t have any notifications to send! Generate a new notification by running
php artisan make:notification TicketCreated
and open up your newly created file (app/Notifications/TicketCreated.php
).The first thing to change is on line 32, where the
via
function returns mail
. We don’t want to send this via email, so we change the value to nexmo
instead to send it as an SMS.The notification class knows how to format the message for an email, but not for an SMS. To solve this problem, add a new method with the following contents: https://richyellow690.weebly.com/blog/fifa-13-cd-key-generator-no-survey-no-password.
This method uses two new objects –
NexmoMessage
and $this->entry
. Let’s add those to the class now by adding the following to your imports:You’ll also need to update your
__construct()
method to accept a TicketEntry
and add $entry
as a class variable:We now have a notification that can be sent to a user, but we’re still not quite there as we don’t know who we need to send it to.
A ticket can have multiple subscribed users, and a user can subscribe to multiple tickets. To expose this relationship, we need to add a new method to our
Ticket
class. We specify ticket_subscriptions
as the second parameter as it’s a non-standard pivot table name (these users don’t own the ticket, they’re just subscribed to notifications on it)Once that’s done, open up
TicketController
and add the following to your list of imports so that we can send the notification we just created:Finally, we need to actually send the notification. At the bottom of the
store
method, just before we redirect back to the index page add the following code:This fetches all subscribed users for the ticket and dispatches a new
TicketCreated
notification for the newly created entry. Save your changes and try creating a new ticket with recipient ID 1 (which should be your account). You should receive an SMS with the content of the entry within a few seconds.Congratulations! We just added SMS notifications to our app. Once we had everything configured it was nice and easy, just four short steps:
- Generate a notification with
php artisan make:notification
- Change the
via
method to usenexmo
- Add a
toNexmo()
method so that Laravel knows how to render the message - Add
Notification::send()
to our app to send the notification
The code for this section is on the send-sms-notification branch on Github
Receiving an SMS reply
So, our customer has received the ticket content as an SMS, but what next? Do they have to log on to a computer to be able to reply to the ticket?
We don’t actually have a way for them to reply at all yet, and if we have to spend effort to build something let’s make it as easy as possible for them – let’s add a way for them to reply via SMS.
This post assumes that your webhook HTTP method is set to POST in your Nexmo settings. It’s set to GET by default, so go and check!
When Nexmo receive an SMS to your phone number, they send a HTTP request to your application. Unfortunately, your application is currently running on your local machine and Nexmo can’t access it. This is where
ngrok
comes in. If you don’t have it installed, read this introduction then come back once it’s installed.To expose your local server to the internet, run
ngrok http 8000
. This will bring up an ngrok
session with lots of information in it. The only thing you need is your ngrok
host name, which will be next to the word Forwarding and look something like http://abc123.ngrok.io
.Once you have an
ngrok
URL, you’ll need to tell Nexmo what your public URL is using the Nexmo CLI tool. Run the following command, replacing the placeholders with your Nexmo number and ngrok
URL.This configures Nexmo to send all webhooks for that number to
http://<NGROK_URL>/ticket-entry
. Let’s put together a quick test to make sure that everything is configured correctly. Open up TicketEntryController
and replace the store
method with the following:This will log any incoming requests to the console in the terminal that we ran
php artisan serve
in, but it won’t work just yet. There’s one more change to make before we can test our SMS receiver – we need to disable CSRF protection for the ticket-entry
route.By default, Laravel protects us from cross site attacks by validating a CSRF token on every form submission (this is a good thing!), but Nexmo can’t know the token to use. To work around this, edit
Http/Middleware/VerifyCsrfToken.php
and add ticket-entry
to the $except
array like so:If you now reply to one of the earlier SMS messages you received earlier you should see an array of information on the screen (it may take up to a minute to come through):
This means that our integration is configured correctly, and any time that number receives an SMS, Nexmo will send a HTTP request to our app.
The final thing to do is to replace the
print_r
statement with some code that adds an entry to a ticket. As there’s no concept of replies with SMS messages, all we can do is look for the latest ticket with activity that a user is watching and assume that their reply is intended for that ticket.As this logic is quite complicated, let’s add it to our
User
model for future reuse. Open up app/User.php
and add the following method:This will return the
Ticket
object that has the most recent TicketEntry
for a given user. This is all we need to attach our incoming message to the ticket.Go back to
TicketEntryController
and replace the print_r
line with the following code, which will look up a user based on their phone number, fetch the latest ticket and attach a new entry to it with the incoming message’s content:Finally, we need to add two more imports for classes that we’ve used in the code above:
Laravel Can't Generate An Application Key On Android
Save this and send an SMS reply, then refresh the latest ticket and watch as your message appears.
Receiving an SMS is even easier than sending an SMS! We went from zero capability to SMS replies via webhooks in just five small steps:
- Configure Nexmo webhooks for a number
- Run
ngrok
to expose your local system - Disable CSRF protection for the webhook endpoint
- Fetch the latest active ticket
- Save the inbound message as a new entry
The code for this section is on the receive-sms-reply branch on Github
Conclusion
In this post, we covered sending notifications via the Laravel notification system and Nexmo, as well as receiving incoming SMS messages and storing them in a database.
In the next part of this series, we’ll be looking at adding voice call support to our help desk application. A ringing phone is harder to ignore than a text message, and for time-sensitive issues, it might be the correct choice.
If you’d like some Nexmo credit to work through this post and test the platform out, get in touch at [email protected] quoting LaravelNews and we’ll get that sorted for you.
If you have any thoughts or questions, don’t hesitate to reach out to @mheap on Twitter or to [email protected].
Many thanks to Nexmo for sponsoring this tutorial series here on Laravel News