When you sell products and have an update on a product that costs money, you have to decide how to handle it. You can make it free, cost a bit of money, or you can just make updaters buy the whole product again. We chose the second option for our Ez-Architect software as it evolved from version 4 to version 5. But in order to do that, customers were asked to prove they owned version 4—if they couldn't, they would need to pay full price ($19.99) rather than the ten dollar update fee. There's only one way to do that with a download: input their version 4 key, a.k.a. registration number or pin code. The idea is that we check their number against our key code files, and if it matches, they get it for $10, otherwise it's $19.99. Obviously MySQL and PHP are the way to go here, so we did. We tried at first to use fopen, fgets, to read a text file full of key numbers, but our server host is too strict to allow that (for security reasons) so our script failed to read the file even though it was written correctly.

We needed to use the following to get the keys into MySQL:

include_once"configuration.php";

$sql = "CREATE TABLE IF NOT EXISTS ez4keys (
id int(11) NOT NULL auto_increment,
keyysss varchar(30) NOT NULL,
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";

// Execute query
mysql_query($sql);
mysql_query("INSERT INTO ez4keys (id, keyysss)
VALUES('','153-677-45667-67782-3'),('','153-657-45667-67882-0'),
[zillions of other keys here] . . . ('','150-657-45690-67882-8')");

By the way, if you think the above are valid keys, you may want to RE-think that (they're examples only)! So, how did we get the zillions of numbers in MySQL query form, as seen above? Easy! Our text editor, Editor2, has a replace feature which we applied to the zillions of numbers which were in list form as a VERY long column of numbers. We searched for End of line, and replaced it with '),('',' and the job was done in under a second—including throwing out End of lines (Returns), except for adding ('',' to the front of the list and dumping ,('',' from the final number. With the above code run in a PHP file, the numbers went into the db just fine.

So, with the zillions of keys now securely entombed in a MySQL database table, we needed to get the customers to enter their numbers and we would compare these against our list.

Below is the ez-architect-update.php file on the server, which we used as part of the solution. Note the class .b1 through .b4t. in the code. When there are update buttons on the screen, these are what precisely style their screen positions. We used tables at first, but it looked a bit sloppy no matter what we did so we went with individual DIVs, each with their own fine-tuned positioning. What buttons are we talking about? Here's the scenario:

We used ez-architect-update.php to simply get product info on the screen, and to grab a couple of PHP includes via this code:

include_once"configuration.php";
include_once"deccetr3563tedbynbdeb5ccstsw54w3.php";

These are not the real file names, but you get the idea. Not revealing real names is for security purposes. Using an unguessable name for the file with the real meat in it, deccetr3563tedbynbdeb5ccstsw54w3.php, is also for security reasons. Having the files be PHP is for security since one cannot "View Source" with PHP. Having these 2 files be includes is—you guessed it—for security. Here's why: if you "include" them, you can control access even better. The ez-architect-update.php page had to be linked to and used as a publically available website page. If we tried to use .htaccess on it, when users tried to surf to it, they'd get Not Authorized and that would suck. To explain this, please see the .htaccess listing at the bottom of this web page. See how we control access on the 2 includes? No one can index the site to see file names because of the Options -Indexes command, nor can they get to or see the 2 includes. Neither are publically available due to the commands we used so even if they knew the file names they'd still run into Not Authorized if they tried to see them and since they're PHP, therefore unlistable, that helps too. However, if PHP was not working on a server during maintenance, people can see all the code in publically available PHP files as if they were text files, but the "order deny,allow" and "deny from all" commands in the .htaccess file cures that problem. (With these files, you can type them into a text editor, save them as .htaccess, and stick them in the appropriate folder on your server in your FTP program.)

For more security discussions, see security-levels-from-javascript-and-php-input-filtering.html and security-levels-and-php.html, and for what goes into a configuration.php file, which connects the browser to the server and a specific MySQL db, see the-configure-file.html.

To continue, ez-architect-update.php is simply to get product info on the screen, and to grab a couple of PHP includes which do all the heavy lifting. The deccetr3563tedbynbdeb5ccstsw54w3.php file creates a form that everyone can see as well as 4 update buttons that only users who enter acceptable key numbers can see. Why 4 update buttons? They are for USA/Canada OR Foreign and also for buyers of keys as well as buyers of keys & a download of the product. Anyway, there are 2 product images near the top of the screen put there by ez-architect-update.php, and when a user enters their old version key in order to update to the new version, the MySQL db is searched and if a match is found, the buttons are generated in PHP and they are superimposed on top of the images in such a way the images seem to disappear. In reality, they're still there—the buttons and their description text both have white backgrounds since that's the styling in their DIVs' classes and this covers the images.

Let us have a look at the PHP code in the include file deccetr3563tedbynbdeb5ccstsw54w3.php. As you can see, after some input filtering, the form where anyone can enter key numbers is echoed onto the screen. It's cool how one can simply put HTML code inside PHP echo quotes and the code will act like regular HTML on the page. Note that keys are 19 characters long and that's the maximum number allowed. Back to the filtering, now: The only acceptable input is numbers and single hyphens (not 2 in a row) so everything else is replaced with an empty string in the preg_replace() function. The ^ in the pattern says "if it is not the following, dump it". The strip_tags() and mysql_real_escape_string() functions cannot do any good since the characters involved have already been excised—they're just there for the hell of it and because they're a good habit to get into. They can't hurt. However, the replacing of 2 hyphens in a row with an empty string is good since this is a hacker vulnerability and we allowed hyphens in our earlier replace function.

If they do not get exactly 19 characters through the filters, they get sent to Key-Input-Error.html where they're encouraged to either buy the product (rather than updating, which is cheaper) or try again with the key inputting. If they pass that hurdle, their input is matched against db keys. If MySQL contains the number, the buttons are shown. (Incidentally, the reason we didn't use "key" for the field name in ez4keys is that we tried it but it didn't work. Apparently it's a reserved word for SQL, MySQL, PHP, or all of the above.) The mysql_affected_rows() function is run after we attempted to select the key from the db. If it found something in a row/record, this will result in a 1 value rather than a 0, unless the key list in the db has duplicate keys. But the script will still work, if one OR MORE rows match, which is why we wrote it that way. If the key they input is good, the buttons appear inside DIVs with the CSS positioning classes already discussed. There is an extra DIV that gets thrown into the mix if their key is good. It has a big black square in it and it covers up the "Ready to upgrade? Click here." message link that the ez-architect-update.php file included in its content to get users to click down to the anchor where the input form is. Note that the final else clause catches users who put in exactly 19 numbers and hyphens that all got through the filters but there was no match. They, also, get sent to Key-Input-Error.html.

So now you know how to use PHP and MySQL to check key codes to see if you should allow the inputter to update to the new version or not.

<HTML>
<HEAD>
<BASE TARGET="_top">
<TITLE>Ez-Architect Update</TITLE>
<META NAME="description" CONTENT="Ez-Architect Update">
<META NAME="keywords" CONTENT="Ez-Architect Update">
<STYLE TYPE="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;}
A {text-decoration: none}
A:visited {text-decoration: none}
A:active {text-decoration: none}
A:hover {text-decoration: underline; color: red;}
.Arial-24px0000FFb {font:bold 24px Arial, sans-serif; color:#0000FF}
.Arial-36px0000FFb {font:bold 36px Arial, sans-serif; color:#0000FF}
.Arial-16pxn {font:normal 16px Arial, sans-serif}
.Arial-16pxb {font:bold 16px Arial, sans-serif}
h1 {font:bold 28px Verdana; color:black;text-align:left}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.b1 {position:absolute;top:230px;left:180px;z-index:99;background-color:#fff;height:68px;width:165px;text-align:left}
.b1t {position:absolute;top:230px;left:345px;z-index:99;background-color:#fff;height:68px;width:545px;text-align:left;padding:11px}
.b2 {position:absolute;top:298px;left:180px;z-index:99;background-color:#fff;height:68px;width:165px;text-align:left}
.b2t {position:absolute;top:298px;left:345px;z-index:99;background-color:#fff;height:68px;width:545px;text-align:left;padding:11px}
.b3 {position:absolute;top:366px;left:180px;z-index:99;background-color:#fff;height:68px;width:165px;text-align:left}
.b3t {position:absolute;top:366px;left:345px;z-index:99;background-color:#fff;height:68px;width:545px;text-align:left;padding:11px}
.b4 {position:absolute;top:434px;left:180px;z-index:99;background-color:#fff;height:98px;width:165px;text-align:left}
.b4t {position:absolute;top:434px;left:345px;z-index:99;background-color:#fff;height:98px;width:545px;text-align:left;padding:11px}
.url {position:absolute;top:155px;left:260px;width:730px}
.ready {position:absolute;top:0px;left:810px;width:180px;height:150px;font-size:28px;padding:20px;background-color:#fff}
.instructions {position:absolute;top:540px;left:260px;width:600px}
.form {position:absolute;top:1182px;left:300px;width:500px}
.pictures {position:absolute;top:230px;left:180px;width:700px;height:284px}
.info {position:absolute;top:0px;left:0px;width:2000px;padding:200px 1200px 1400px 300px;background-color:#bbb;z-index:199;height:2000px}
</STYLE>
</HEAD>

<BODY SCROLL="auto" BGCOLOR="#FFFFFF" TOPMARGIN=0 LEFTMARGIN=0>

<?php

include_once"configuration.php";
include_once"deccetr3563tedbynbdeb5ccstsw54w3.php";

?>

<div id='top' class='url'>
<h1>Ez-Architect 5 Upgrade</h1></div>
<div class='ready'><b>Ready to upgrade? Click <a HREF="#ready">here</a>.</b></div>
<div class='pictures'><table style='text-align:center'>
<tr>
<td width=352>
<IMG SRC="ez-architect-sample-plan-1.jpg" WIDTH=332 HEIGHT=282 BORDER=1 alt="Ez-Architect sample plan 1"></td><td><IMG SRC="ez-architect-sample-plan-2.jpg" WIDTH=332 HEIGHT=282 BORDER=1 alt="Ez-Architect sample plan 2"></td>
</tr>
</table></div>
<div id='top' class='instructions'><p>
NEW FEATURES<BR><UL><LI>Four dozen colored patterns<LI>Auto-dimension lines for lines and rectangles<LI>Drawing method 2 mouse clicks without dragging has been added as an option along with conventional drag-and-click method<LI>Printable reports containing all objects, their name, sizes and angles<LI>Colors have been added to pattern editing and you may add your own permanently to the palette<LI>PDF file export<LI>wmf file export<LI>Fractional Inches and Fractional Feet and Inches can now be selected as Drawing Units<LI>Right click brings up Edit menu display<LI>Red lines in rulers that follow cursor<LI>Expanded Preferences dialog<LI>Preview feature in File Menu allows viewing unopened plans as thumbnails<LI>Program opens with all settings the same as last session
</UL>
</p><P>
To do this upgrade, simply enter your Ez-Architect 4 key (pin code/serial number) that was emailed to you when you purchased Ez-Architect 4. Enter it in the box below and click the "Submit Ez-Architect 4 key" button. You will get a whole new program and new key when you upgrade, and your old key will not work with the new version. To find your old key number, search for Ez-Architect content in the body of your emails.

<ol><LI>In PocoMail, use Search in the Edit menu or Ctrl+F
<LI>In Thunderbird, use Find in the Edit menu or Ctrl+Shift+F
<LI>In Windows Mail, use Find in the Edit menu or Ctrl+Shift+F
<LI>In Outlook, use Find (Ctrl+E) or Advanced Find (Ctrl+Shift+F) in the Tools menu
<LI>If your email program isn’t listed here, you’ll find that most email programs have search functions. Use the search function to search the body of your saved email messages for Ez-Architect (do not forget the hyphen).
<LI>Once your find the email that came from us, you’ll find your key.</ol>
</P></div>
</BODY>
</HTML>

<?php

$pattern1 = '/[^0-9\\-]/';
$replacement = '';
$K=$_POST['key'];
if(isset($K)){
$K=strip_tags($K);
$K=preg_replace($pattern1, $replacement, $K);
$K=preg_replace('/\-\-/', $replacement, $K);
$K=preg_replace('/\-\-/', $replacement, $K);
$K=mysql_real_escape_string($K);

if (strlen($K) <> 19) {echo '<script language="javascript">window.location = "Key-Input-Error.html"; </script>';}
}

echo "<div id='form' class='form'><a name='ready'><hr></a>
<form name='myform' method='post' action='ez-architect-update.php'>
<table width='500' border='0' cellpadding='2' cellspacing='2' align='left'>
<tr><td>Enter Ez-Architect 4 key (also called pin code or serial number)</td></tr>
<tr><td><input name='key' size='19' maxlength='19' value=''></input></td></tr>
<tr><td><input name='save' type='submit' value='Submit Ez-Architect 4 key'>  
<input name='reset' type='reset' value='Reset'></td></tr>
</table>
</form>
</div>";

if(isset($K)){
$check_user_data = mysql_query("SELECT * FROM ez4keys WHERE keyysss = '$K'")
or die(mysql_error());
$rc = mysql_affected_rows();
if ($rc>0){echo "<div class='b1'><A HREF='http://mcsii.biz/cart/cart.php?target=product&action=buynow&product_id=16366&category_id='><IMG SRC='upgrade.jpg' WIDTH=155 HEIGHT=61 BORDER=0></a></div><div class='b1t'><b>$10.00 USA-CANADA — Full version (demo + key): upgrade if you're from usa/canada and you don't have the Ez-Architect 5 demo</b><BR><BR></div>
<div class='b2'><A HREF='http://mcsii.biz/cart/cart.php?target=product&action=buynow&product_id=16367&category_id='><IMG SRC='upgrade.jpg' WIDTH=155 HEIGHT=61 BORDER=0></a></div><div class='b2t'><b>$10.00 USA-CANADA — Key only: upgrade if you're from usa/canada and you've already downloaded the Ez-Architect 5 demo</b><BR><BR></div>
<div class='b3'><form target='paypal' action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_s-xclick'>
<input type='hidden' name='hosted_button_id' value='83VN29K37PRGC'>
<input type='image' src='http://www.theliquidateher.com/upgrade.jpg' border='0' name='submit' alt='PayPal - The safer, easier way to pay online!'>
<img alt='' border='0' src='https://www.paypal.com/en_US/i/scr/pixel.gif' width='1' height='1'>
</form></div><div class='b3t'><b>$10.00 FOREIGN — Full version (demo + key): upgrade if you're NOT from usa/canada and you don't have the Ez-Architect 5 demo</b></div>
<div class='b4'><form target='paypal' action='https://www.paypal.com/cgi-bin/webscr' method='post'>
<input type='hidden' name='cmd' value='_s-xclick'>
<input type='hidden' name='hosted_button_id' value='BN3ELRYA7E9WJ'>
<input type='image' src='http://www.theliquidateher.com/upgrade.jpg' border='0' name='submit' alt='PayPal - The safer, easier way to pay online!'>
<img alt='' border='0' src='https://www.paypal.com/en_US/i/scr/pixel.gif' width='1' height='1'>
</form></div><div class='b4t'><b>$10.00 FOREIGN — Key only: upgrade if you're NOT from usa/canada and you've already downloaded the Ez-Architect 5 demo</b></div><div style='z-index:99;position:absolute;top:0px;left:800px;width:190px;height:151px;background-color:#000;padding:0'>    </div>";}

else {echo '<script language="javascript">window.location = "Key-Input-Error.html"; </script>';}
}
mysql_close();

<Files "configuration.php">
order deny,allow
deny from all
</Files>
<Files "deccetr3563tedbynbdeb5ccstsw54w3.php">
order deny,allow
deny from all
</Files>
Options -Indexes