Php License Key System Github Hot
While downloading a script is easy, understanding the architecture ensures you don't shoot yourself in the foot. Let's build a minimal, secure version inspired by the hottest patterns on GitHub.
Most license validation flows follow this pattern: php license key system github hot
Some advanced systems also include:
This validator requires no outbound HTTP by default, but includes a revocation check CDN. While downloading a script is easy, understanding the
<?php class LicenseValidator { public function __construct(private string $publicKeyPath) {}public function validate(string $licenseKey, string $currentDomain): array // Remove dashes and decode $raw = base64_decode(str_replace('-', '', $licenseKey)); [$payloadB64, $signature] = explode('::', $raw); $payload = json_decode(base64_decode($payloadB64), true); // Verify signature via libsodium $publicKey = sodium_crypto_sign_publickey_from_secretkey( file_get_contents($this->publicKeyPath) ); if (!sodium_crypto_sign_verify_detached($signature, $payloadB64, $publicKey)) throw new \Exception("Invalid signature: License tampered."); // Check expiry if ($payload['expires'] < time()) throw new \Exception("License expired."); // Domain wildcard match $matched = false; foreach ($payload['domains'] as $allowed) if (fnmatch($allowed, $currentDomain)) $matched = true; if (!$matched) throw new \Exception("Domain not licensed."); return $payload['features']; // Return entitlements
}
Let’s use the HashCash-PHP approach (no database, just a public key). Server returns status (valid/invalid/expired)
CREATE TABLE `licenses` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`license_key` varchar(64) NOT NULL,
`product_id` int(11) NOT NULL,
`domain` varchar(255) DEFAULT NULL,
`status` enum('active','expired','revoked') DEFAULT 'active',
`expires_at` datetime DEFAULT NULL,
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
UNIQUE KEY `license_key` (`license_key`)
);