PHP软件许可与授权验证系统软件授权验证是商业PHP产品的常见需求。今天说说PHP中实现软件许可验证系统的各种方案。最简单的授权验证是本地验证。检查授权文件是否有效。phpclass LicenseValidator{private string $publicKey;private string $licenseFilePath;public function __construct(string $publicKey, string $licenseFilePath /etc/license.key){$this-publicKey $publicKey;$this-licenseFilePath $licenseFilePath;}public function validate(): array{if (!file_exists($this-licenseFilePath)) {return [valid false, message 授权文件不存在];}$licenseData file_get_contents($this-licenseFilePath);$parts explode(\n, $licenseData, 2);if (count($parts) ! 2) {return [valid false, message 授权文件格式错误];}[$payload, $signature] $parts;$payload json_decode($payload, true);if ($payload null) {return [valid false, message 授权数据解析失败];}// 验证签名if (!$this-verifySignature(json_encode($payload), trim($signature))) {return [valid false, message 授权签名无效];}// 检查过期if (isset($payload[expires])) {$expires strtotime($payload[expires]);if ($expires ! false $expires time()) {return [valid false, message 授权已过期];}}// 检查域名if (isset($payload[domains])) {$currentHost $_SERVER[HTTP_HOST] ?? ;$match false;foreach ($payload[domains] as $domain) {if (fnmatch($domain, $currentHost)) {$match true;break;}}if (!$match) {return [valid false, message 域名未授权];}}return [valid true, data $payload];}private function verifySignature(string $data, string $signature): bool{$publicKeyResource openssl_pkey_get_public($this-publicKey);if ($publicKeyResource false) return false;$result openssl_verify($data, base64_decode($signature), $publicKeyResource, OPENSSL_ALGO_SHA256);openssl_free_key($publicKeyResource);return $result 1;}}?在线授权验证更灵活但需要联网phpclass OnlineLicenseService{private string $apiEndpoint;private string $productId;private string $clientKey;public function __construct(string $apiEndpoint, string $productId, string $clientKey){$this-apiEndpoint rtrim($apiEndpoint, /);$this-productId $productId;$this-clientKey $clientKey;}public function activate(string $licenseKey, array $serverInfo []): array{$data [license_key $licenseKey,product_id $this-productId,client_key $this-clientKey,server array_merge([host $_SERVER[HTTP_HOST] ?? gethostname(),ip $_SERVER[SERVER_ADDR] ?? ,php_version PHP_VERSION,], $serverInfo),];$ch curl_init($this-apiEndpoint . /activate);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_POST true,CURLOPT_POSTFIELDS json_encode($data),CURLOPT_HTTPHEADER [Content-Type: application/json],CURLOPT_TIMEOUT 10,]);$response curl_exec($ch);$httpCode curl_getinfo($ch, CURLINFO_HTTP_CODE);curl_close($ch);if ($httpCode ! 200) {return [success false, message 激活服务器不可用];}$result json_decode($response, true);if ($result[success] ?? false) {$this-storeLicense($result[license_data] ?? []);}return $result;}public function validate(): array{$localLicense $this-loadLicense();if (empty($localLicense)) {return [valid false, message 未激活];}// 定期在线验证if ($this-shouldRevalidate($localLicense)) {return $this-onlineValidate($localLicense[license_key]);}return [valid true, data $localLicense];}private function onlineValidate(string $licenseKey): array{$ch curl_init($this-apiEndpoint . /validate);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_POST true,CURLOPT_POSTFIELDS json_encode([license_key $licenseKey,product_id $this-productId,]),CURLOPT_HTTPHEADER [Content-Type: application/json],CURLOPT_TIMEOUT 5,]);$response curl_exec($ch);$httpCode curl_getinfo($ch, CURLINFO_HTTP_CODE);curl_close($ch);if ($httpCode 200) {$result json_decode($response, true);return [valid ($result[valid] ?? false), data $result];}// 验证服务器不可用时允许继续使用return [valid true, cached true];}private function storeLicense(array $data): void{$data[stored_at] time();file_put_contents(__DIR__ . /.license,json_encode($data, JSON_PRETTY_PRINT));}private function loadLicense(): array{$path __DIR__ . /.license;if (!file_exists($path)) return [];return json_decode(file_get_contents($path), true) ?: [];}private function shouldRevalidate(array $license): bool{$lastValidate $license[last_validate] ?? 0;return (time() - $lastValidate) 86400;}}?离线激活码生成phpclass OfflineLicenseGenerator{private string $privateKey;public function __construct(string $privateKey){$this-privateKey $privateKey;}public function generateLicense(string $productId, string $userId, string $expires): string{$data [product $productId,user $userId,expires $expires,generated date(Y-m-d H:i:s),nonce bin2hex(random_bytes(8)),];$json json_encode($data);$signature ;openssl_sign($json, $signature, $this-privateKey, OPENSSL_ALGO_SHA256);$license base64_encode($json) . . . base64_encode($signature);return chunk_split($license, 48, -);}public function verifyLicense(string $license, string $publicKey): array{$license str_replace(-, , $license);$parts explode(., $license);if (count($parts) ! 2) {return [valid false, message 格式错误];}$data base64_decode($parts[0]);$signature base64_decode($parts[1]);$publicKeyResource openssl_pkey_get_public($publicKey);$result openssl_verify($data, $signature, $publicKeyResource, OPENSSL_ALGO_SHA256);openssl_free_key($publicKeyResource);if ($result ! 1) {return [valid false, message 签名无效];}return [valid true, data json_decode($data, true)];}}?软件授权验证是商业PHP产品保护的重要手段。在线验证灵活但依赖网络离线验证不依赖网络但容易被破解。实际产品中通常会结合使用多种验证方式配合代码混淆增加破解难度。
PHP软件许可与授权验证系统
发布时间:2026/6/4 5:14:28
PHP软件许可与授权验证系统软件授权验证是商业PHP产品的常见需求。今天说说PHP中实现软件许可验证系统的各种方案。最简单的授权验证是本地验证。检查授权文件是否有效。phpclass LicenseValidator{private string $publicKey;private string $licenseFilePath;public function __construct(string $publicKey, string $licenseFilePath /etc/license.key){$this-publicKey $publicKey;$this-licenseFilePath $licenseFilePath;}public function validate(): array{if (!file_exists($this-licenseFilePath)) {return [valid false, message 授权文件不存在];}$licenseData file_get_contents($this-licenseFilePath);$parts explode(\n, $licenseData, 2);if (count($parts) ! 2) {return [valid false, message 授权文件格式错误];}[$payload, $signature] $parts;$payload json_decode($payload, true);if ($payload null) {return [valid false, message 授权数据解析失败];}// 验证签名if (!$this-verifySignature(json_encode($payload), trim($signature))) {return [valid false, message 授权签名无效];}// 检查过期if (isset($payload[expires])) {$expires strtotime($payload[expires]);if ($expires ! false $expires time()) {return [valid false, message 授权已过期];}}// 检查域名if (isset($payload[domains])) {$currentHost $_SERVER[HTTP_HOST] ?? ;$match false;foreach ($payload[domains] as $domain) {if (fnmatch($domain, $currentHost)) {$match true;break;}}if (!$match) {return [valid false, message 域名未授权];}}return [valid true, data $payload];}private function verifySignature(string $data, string $signature): bool{$publicKeyResource openssl_pkey_get_public($this-publicKey);if ($publicKeyResource false) return false;$result openssl_verify($data, base64_decode($signature), $publicKeyResource, OPENSSL_ALGO_SHA256);openssl_free_key($publicKeyResource);return $result 1;}}?在线授权验证更灵活但需要联网phpclass OnlineLicenseService{private string $apiEndpoint;private string $productId;private string $clientKey;public function __construct(string $apiEndpoint, string $productId, string $clientKey){$this-apiEndpoint rtrim($apiEndpoint, /);$this-productId $productId;$this-clientKey $clientKey;}public function activate(string $licenseKey, array $serverInfo []): array{$data [license_key $licenseKey,product_id $this-productId,client_key $this-clientKey,server array_merge([host $_SERVER[HTTP_HOST] ?? gethostname(),ip $_SERVER[SERVER_ADDR] ?? ,php_version PHP_VERSION,], $serverInfo),];$ch curl_init($this-apiEndpoint . /activate);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_POST true,CURLOPT_POSTFIELDS json_encode($data),CURLOPT_HTTPHEADER [Content-Type: application/json],CURLOPT_TIMEOUT 10,]);$response curl_exec($ch);$httpCode curl_getinfo($ch, CURLINFO_HTTP_CODE);curl_close($ch);if ($httpCode ! 200) {return [success false, message 激活服务器不可用];}$result json_decode($response, true);if ($result[success] ?? false) {$this-storeLicense($result[license_data] ?? []);}return $result;}public function validate(): array{$localLicense $this-loadLicense();if (empty($localLicense)) {return [valid false, message 未激活];}// 定期在线验证if ($this-shouldRevalidate($localLicense)) {return $this-onlineValidate($localLicense[license_key]);}return [valid true, data $localLicense];}private function onlineValidate(string $licenseKey): array{$ch curl_init($this-apiEndpoint . /validate);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_POST true,CURLOPT_POSTFIELDS json_encode([license_key $licenseKey,product_id $this-productId,]),CURLOPT_HTTPHEADER [Content-Type: application/json],CURLOPT_TIMEOUT 5,]);$response curl_exec($ch);$httpCode curl_getinfo($ch, CURLINFO_HTTP_CODE);curl_close($ch);if ($httpCode 200) {$result json_decode($response, true);return [valid ($result[valid] ?? false), data $result];}// 验证服务器不可用时允许继续使用return [valid true, cached true];}private function storeLicense(array $data): void{$data[stored_at] time();file_put_contents(__DIR__ . /.license,json_encode($data, JSON_PRETTY_PRINT));}private function loadLicense(): array{$path __DIR__ . /.license;if (!file_exists($path)) return [];return json_decode(file_get_contents($path), true) ?: [];}private function shouldRevalidate(array $license): bool{$lastValidate $license[last_validate] ?? 0;return (time() - $lastValidate) 86400;}}?离线激活码生成phpclass OfflineLicenseGenerator{private string $privateKey;public function __construct(string $privateKey){$this-privateKey $privateKey;}public function generateLicense(string $productId, string $userId, string $expires): string{$data [product $productId,user $userId,expires $expires,generated date(Y-m-d H:i:s),nonce bin2hex(random_bytes(8)),];$json json_encode($data);$signature ;openssl_sign($json, $signature, $this-privateKey, OPENSSL_ALGO_SHA256);$license base64_encode($json) . . . base64_encode($signature);return chunk_split($license, 48, -);}public function verifyLicense(string $license, string $publicKey): array{$license str_replace(-, , $license);$parts explode(., $license);if (count($parts) ! 2) {return [valid false, message 格式错误];}$data base64_decode($parts[0]);$signature base64_decode($parts[1]);$publicKeyResource openssl_pkey_get_public($publicKey);$result openssl_verify($data, $signature, $publicKeyResource, OPENSSL_ALGO_SHA256);openssl_free_key($publicKeyResource);if ($result ! 1) {return [valid false, message 签名无效];}return [valid true, data json_decode($data, true)];}}?软件授权验证是商业PHP产品保护的重要手段。在线验证灵活但依赖网络离线验证不依赖网络但容易被破解。实际产品中通常会结合使用多种验证方式配合代码混淆增加破解难度。
)
