xfCheck [Deleted]

Cupara

Cupara

Well-known member
Mythotical submitted a new resource:

xfCheck - License validation storing encrypted tokens.

Like the new me or updates being released, ask me how you can donate any amount of money to help in maintaining the environment I develop on and keep the support free.

Description: xfCheck is a license validation system for XenForo. If you want your site to validate XenForo licenses before allowing access to the full site then this add-on does just that. The user will input their generated token and domain, the generated token is encrypted and stored. This provides a sense...
Click to expand...

Read more about this resource...
 
How about adding the token and domain fields to the registering page, if it fails, it prevents registering for the forum
 
Mike Edge said:
How about adding the token and domain fields to the registering page, if it fails, it prevents registering for the forum
Click to expand...
Good idea, that would require me to do another part where it can be enabled for current users and upon registration do the check or just registration or after registration using cron.

Allan said:
Thank you :)

But, what is the difference with this add-on?
Click to expand...
tyteen4a03 is correct. Reading the description of KK's and mine you will see the significant difference.

tyteen4a03 said:
This addon stores your tokens while KK's addon does not.

You didn't post your actual encrypted content. Cheating :p
Click to expand...
Here is the code when I download my blob and open with a text editor: Äs ?ûN∫t=K ¿ÌNÅxú∂äÒ>ÄÅ◊_`Ÿ˘

Figure that code out. LOL
 
The thing about that is no user should have the same token and if so they have been hacked and need to check on that.
 
I mean, if user A validating himself with his token and domain, can user B validating himself with user A token and domain?
 
Yes but the only way that can even be possible is for User B to hack User A and grab a token hence User A can change their password on the XenForo site and generate a new token making the token User B has invalid. So more or less it is yes and no.
 
Mythotical said:
Yes but the only way that can even be possible is for User B to hack User A and grab a token hence User A can change their password on the XenForo site and generate a new token making the token User B has invalid. So more or less it is yes and no.
Click to expand...

I think what he means is, make the field in the database unique, so if a valid token gets distributed though a warez site, 50 people all can't verify using the same token.
 
Shelley said:
Damn good suggestion Mike one I was considering in going to make but was unsure whether it was possible. +1 and Liked Suggestion
Click to expand...

Yeap, would love to see my idea added. If not in the full form. Maybe as 1st step, sort of like how vB uses enter your age to continue. Once you validate your domain and token, it takes you to step 2. Also would like to have the domain used saved to database as custom user title.
 
Mike Edge said:
I think what he means is, make the field in the database unique, so if a valid token gets distributed though a warez site, 50 people all can't verify using the same token.
Click to expand...
If people change their token after validating it a) 50 people can't verify using the same token and b) saving the token via the addon is pointless.
 
Mike Edge said:
I think what he means is, make the field in the database unique, so if a valid token gets distributed though a warez site, 50 people all can't verify using the same token.
Click to expand...
Azhria Lilu said:
If people change their token after validating it a) 50 people can't verify using the same token and b) saving the token via the addon is pointless.
Click to expand...
I can see where Mike is coming from because my addon grabs the permanent token and holds it in encrypted form. That way it could be unique, the thing is that with encryption I'm not sure I could make the field unique. I would have to include a system that reports to admins duplicate tokens then let the admin handle it.
 
Mythotical said:
I can see where Mike is coming from because my addon grabs the permanent token and holds it in encrypted form. That way it could be unique, the thing is that with encryption I'm not sure I could make the field unique. I would have to include a system that reports to admins duplicate tokens then let the admin handle it.
Click to expand...
Yes but if someone uses a token to validate somewhere using your addon and then changes their token straight after validation takes place.. then the existing token no longer exists... so what's the point in keeping it on record?
 
Azhria Lilu said:
Yes but if someone uses a token to validate somewhere using your addon and then changes their token straight after validation takes place.. then the existing token no longer exists... so what's the point in keeping it on record?
Click to expand...

Good point.

I think just a easy means of confirming they are legit and that is the end of that. I don't think records are needed and keeping the simplicity is probably the better step to take without it making it overly complicated.
 
Azhria Lilu said:
Yes but if someone uses a token to validate somewhere using your addon and then changes their token straight after validation takes place.. then the existing token no longer exists... so what's the point in keeping it on record?
Click to expand...

I thought the same thing.
 
Mike Edge said:
I think what he means is, make the field in the database unique, so if a valid token gets distributed though a warez site, 50 people all can't verify using the same token.
Click to expand...
That's what I'm thinking. Thank you Mike. I was bad in english since it was not my native language.
 
Azhria Lilu said:
Yes but if someone uses a token to validate somewhere using your addon and then changes their token straight after validation takes place.. then the existing token no longer exists... so what's the point in keeping it on record?
Click to expand...
The record that is stored is the returned license_token, the generated token is replaced by that which is a permanent token. I did it that way for future validation if site owners need to have yearly validations or whatever then the user would generate a new token, if the license token returned matches what is in the database then the validation is successful otherwise it is failed and the user is unvalidated at that time. Permanent license tokens are unique in that they can be returned when validating but that is it. The purpose I'm implementing for them is to keep things unique as Mike stated above in turn I will set a cron to run daily and to check returned license tokens against current entries then upon registration reject if there is a match and if some one slips by then the admin is notified.

As I stated in the original post, this does not save the generated token, it saves the returned permanent token that no one will know or have access to unless you are the license owner.
 
One more update once XF1.2 is release then xfCheck will reach EOF as I don't see it being used too often but I will leave the current version for those who may wish to use it. I will update it as well to work with any XF that is released and it breaks.

If you wish to use a version that does not store anything you can use @King Kovifor [XI] License Validation
 
You must log in or register to reply here.

Similar threads

XenSoluce
[Xen-Soluce] Information Page Management [Deleted]
Replies
3
Views
103
XenSoluce
XenSoluce
MentaL
Hide avatar on deleted posts for staff. [Deleted]
Replies
1
Views
23
MentaL
MentaL
napy8gen
Aventarius v2 [Deleted]
Replies
1
Views
28
napy8gen
napy8gen
napy8gen
ST Xenforo 2 Super Pack [Deleted]
Replies
1
Views
25
napy8gen
napy8gen
napy8gen
ST Xenforo 2 Pro Pack [Deleted]
Replies
1
Views
40
napy8gen
napy8gen
Back
Top Bottom