PHP Script for Server-Side validation issues

[Marcus]

Hello community,

I tried to implement a Server-side validation as shown in the tutorial here

Code: Select all

https://www.advancedinstaller.com/user-guide/qa-server-side-sn.html

I used XAMPP to start a local webserver and provide a example database with the data mentioned in the tutorial above. Since the mysql functions are no longer available in the newer XAMPP / PHP version I changed the corresponding lines to mysqli.

This is my script:

Code: Select all

<?php

// server response codes
define('LICENSE_VALID',   '601');
define('LICENSE_INVALID', '602');

// database connection parameters
$db_host = 'localhost:3306';
$db_user = 'marcus';
$db_pass = 'passwort123';
$db_name = 'licensing_test_db';

// client information table
$clients_tbl_name = 'clients';
$sn_tbl_col       = 'serial_no';

/**
 * Server HTTP response to the query issued by Advanced Installer serial validation tool.
 */
function ServerResponse($is_valid, $posted_serial = '', $lang_id = 1033)
{
  $msg_sep = "\n";

  // load error messages from your database, using "$lang_id" for localization (optional)

  if($posted_serial == '')
    return LICENSE_INVALID . $msg_sep . "Missing Serial Number !";

  if($is_valid == true)
    return LICENSE_VALID;
  else
    return LICENSE_INVALID . $msg_sep . "Serial Number: " . $posted_serial . ' is invalid !';
}

// Variables POSTed by Advanced Installer serial validation tool to this web page: "sn", "languageid".
if(isset($_POST['sn']) && trim($_POST['sn']) != '')
{
  // get the serial number entered by the installing user in the "UserRegistrationDlg" dialog
  $sn = $_POST['sn'];

  // get the email entered by the installing user in the "UserRegistrationDlg" dialog
  $email = $_POST['email'];

  // get the system language ID of the user's machine
  // (you can use this parameter to display a localized error message taken from your database)
  $languageid = (int) $_POST['languageid'];

  // get the additional information entered by the installing user in the "UserRegistrationDlg" dialog
  $additional_information = $_POST['ai'];

  // connect to database
  $db_conn = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
  if(!$db_conn)
  {
    // issue error response
    echo ServerResponse(false, $sn, $languageid);
    die();
  }

  // select target database
$db_selected = @mysqli_select_db($db_conn, $db_name);
  if(!$db_selected)
  {
    // issue error response
    echo ServerResponse(false, $sn, $languageid);
    die();
  }

  // prepare SQL statement
  $sn_query = "SELECT `". $sn_tbl_col ."` FROM `". $clients_tbl_name ."` WHERE `". $sn_tbl_col ."` = '" . mysqli_real_escape_string($sn) . "'";

  // execute query
  $result = @mysqli_query($db_conn, $sn_query);

  // get result set size
  if(@mysqli_num_rows($result) == 0)
  {
    // serial number NOT found in database => issue error response
    echo ServerResponse(false, $sn, $languageid);
    die();
  }
  else
  {
    // serial number was found in database => issue SUCCESS response
    echo ServerResponse(true, $sn, $languageid);
    die();
  }
}
else
{
  // issue error response
  echo ServerResponse(false);
  die();
}

?>

The problem is now that no matter what serial I input into my installer, the serial will always be shown as invalid when passed to the php script. I checked the logs of the XAMPP Apache server and it showed the following incoming request:

Code: Select all

::1 - - [13/Jun/2019:13:14:10 +0200] "POST /serialcheck_copy.php HTTP/1.1" 200 36 "-" "AdvancedInstaller"

I can not see any of the expected parameters passed in the URL? Now I don't know if my script is actually wrong or the incoming data from the installers POST request is wrong...

Could somebody help me?

[Eusebiu]

Hi and welcome to our forums.

I'm not sure why you encounter this problem. Can you create an HTML form that sends the serial number to your PHP scrip and see what result you get when you try to send a correct serial number? You can also try to debug your PHP script by writing to an output file at different lines of it.

Best regards,
Eusebiu

[Marcus]

Hello Eusebiu,

I am so sorry for my late reply! I found the issue: Actually the server logs I looked at did not contain all information. The message was sent correctly, but the PHP script did not correctly trim the message.

For anyone that maybe finds this thread via Google, the following steps helped me:

1. Install XDebug for Xampp
They actually provide a very useful helper tool and their https://xdebug.org/wizard.php.
2. Use Visual Studio Code or UEStudio
3. Download the PHP Debug plugin for VSC, UEStudio already comes with such a plugin

Now you can debug your PHP script while receiving POST data from Advanced Installer. This is very helpful when developing a script for server side validation.

From my side this thread can be closed.

[Eusebiu]

Hi Marcus,

I'm glad you solved the problem.

Thank you for sharing the solution with us, I'm sure it will help other users in the future.

Best regards,
Eusebiu