To Improve our licence control system

[Akex]

Well, some noticed that a new discussion about our forum (not only) began just there : https://vborg.vbsupport.ru/showthread.php?t=76212

I won't discuss about author permission and so on, as it was already done many times before.

As we are not official, and I'm not complaining about that, we tried to find a way to make the difference between licenced members and users of pirated version. We are tired of that bunch of guys asking where they could download vb ...

The system is quite easy to use. When members try to download our french language version (which can also be downloaded on vbulletin.com), a error message ask them to go to a particular post on vbulletin.org (with the agreement of Xenon) and click on a link which is in a code area (only viewable by licence owners).

The link redirects them to a script on our forums which checks the HTTP_REFERER which must be the post url given above. If so, they can download the language file. The HTTP_REFERER prevents people having acces to our translation without going on vbulletin.org before. It's not 100% secure but I think it could be improved.

That's why I made this thread. To have your opinion about this system and have some ideas to improve it .

Thank you

[noppid]

What would be cool is a form we could put an email address in and let it check if it's connected to a valid license. If it is, we can email code to that email address only.

[Akex]

Impossible to do that as only Jelsoft can connect emails to licence owners.

[Erwin]

Quote:

Originally Posted by Akex

Impossible to do that as only Jelsoft can connect emails to licence owners.

Correct. They won't allow non-officially sites hosted on remote servers access to this database for many reasons, some of which would involve privacy and security.

[Link14716]

The license verification system I made for GeekyDesigns.com makes a randomly generated md5 hash (large array of many things, and many random things, then shuffled around and made into one big md5) that is added to the datastore and then auto-edits a post here containing the hash (though editing will probably have to be done manually now that vB checks referrers for $_POST stuff). Then, the user goes to a page, clicks a link to show the post with the hash, and has to enter it into a form. If it matches, they are added to a secondary group for licensed users.

[cinq]

Quote:

Originally Posted by Akex

That's why I made this thread. To have your opinion about this system and have some ideas to improve it .

I hope I didn't make a big fuss out of nothing by posting that thread

In any ways, my suggestion is, why not try to make vbulletin-fr an official site ?
Probably involves a lot more work though.

[Dean C]

Quote:

Originally Posted by Link14716

The license verification system I made for GeekyDesigns.com makes a randomly generated md5 hash (large array of many things, and many random things, then shuffled around and made into one big md5) that is added to the datastore and then auto-edits a post here containing the hash (though editing will probably have to be done manually now that vB checks referrers for $_POST stuff). Then, the user goes to a page, clicks a link to show the post with the hash, and has to enter it into a form. If it matches, they are added to a secondary group for licensed users.

And what happens when a users license expires or is revoked? Your system unfortunately doesn't encompass this as fa as I can understand from what you said

[Akex]

Quote:

Originally Posted by Dean C

And what happens when a users license expires or is revoked? Your system unfortunately doesn't encompass this as fa as I can understand from what you said

Well, it's the same for Brian with vBadvanced and us with our system.*

I would prefer something like Link14716 system, but as he said, we can't make POST request from outside (better for security). However, it's (LINK, Brian and our ... systems) better than nothing and our policies can differ from Jelsoft ones as it concerns stuff on our forums.

Why not making a form on vBulletin.com which could say if an email address corresponds to a valid licence owner.
Another suggestion. Why don't allow POST requests from some sites (.i.e LINk one and vbulletin-fr for example), which could allow us to edit our post (only one post) automatically thanks to cronjobs ? It should be safer than HTTP_REFERER I think. It's just a suggestion and I understand it could be difficult or dangerous to do so.

[Revan]

Quote:

Originally Posted by Dean C

And what happens when a users license expires or is revoked? Your system unfortunately doesn't encompass this as fa as I can understand from what you said

When I joined GeekyDesigns forum and went through the validation system, it said that I would be moved out of this usergroup after a set period of time, at which I would have to reenter the hash to once again prove my licence status.

[Erwin]

Quote:

Originally Posted by Akex

Well, it's the same for Brian with vBadvanced and us with our system.*

I would prefer something like Link14716 system, but as he said, we can't make POST request from outside (better for security). However, it's (LINK, Brian and our ... systems) better than nothing and our policies can differ from Jelsoft ones as it concerns stuff on our forums.

Why not making a form on vBulletin.com which could say if an email address corresponds to a valid licence owner.
Another suggestion. Why don't allow POST requests from some sites (.i.e LINk one and vbulletin-fr for example), which could allow us to edit our post (only one post) automatically thanks to cronjobs ? It should be safer than HTTP_REFERER I think. It's just a suggestion and I understand it could be difficult or dangerous to do so.

You need to address Jelsoft directly regarding these suggestions.