// API Routing $manager = new ToadLicenseManager($pdo); $action = $_GET['action'] ?? '';
verifyLicense(); </script> </body> </html> | Feature | Implementation | |--------|----------------| | License key storage | SHA-256 hash, never plaintext | | Domain binding | Prevent key reuse across different sites | | Expiry check | Server-side datetime comparison | | Message injection | Use parameterized queries (already done) | | API abuse | Add rate-limiting (e.g., 5 req/min per IP) | | Admin auth | Add login session / API token for admin routes | 6. Example License Key Generation (for admin CLI) function generateToadKey($domain, $expiryDate) $secret = "TOAD_SECRET_SALT"; // keep secret $payload = $domain . $expiryDate . $secret; $hash = substr(hash('sha256', $payload), 0, 16); return "TOAD-" . strtoupper(substr($domain,0,4)) . "-" . $hash;
if ($action === 'verify_license') $rawKey = $_POST['license_key'] ?? ''; $domain = $_POST['domain'] ?? $_SERVER['HTTP_HOST']; echo json_encode($manager->validateLicense($rawKey, $domain)); Toad License Key And Site Message
const res = await fetch('/license_api.php?action=verify_license', method: 'POST', body: formData ); const data = await res.json(); const statusDiv = document.getElementById('license-status'); if (data.valid) statusDiv.innerHTML = `<span style="color:green">✅ License valid until $data.expires_at</span>`; loadSiteMessage(); else statusDiv.innerHTML = `<span style="color:red">❌ License invalid: $data.reason</span>`; // Optional: block site content document.body.innerHTML = '<h1>Access Denied</h1><p>Invalid license.</p>';
// Get active site message public function getActiveMessage() $stmt = $this->pdo->prepare(" SELECT message_text, message_type FROM site_messages WHERE is_active = 1 LIMIT 1 "); $stmt->execute(); return $stmt->fetch(PDO::FETCH_ASSOC) ?: null; $expiryDate
3.1 Add/Edit License (admin only) // admin_license.php if ($_POST['add_license']) $rawKey = $_POST['license_key']; $domain = $_POST['domain']; $expires = $_POST['expires_at']; // YYYY-MM-DD HH:MM:SS $keyHash = hash('sha256', $rawKey); $stmt = $pdo->prepare(" INSERT INTO licenses (license_key_hash, domain, expires_at) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE license_key_hash = VALUES(license_key_hash), expires_at = VALUES(expires_at), status = 'active' "); $stmt->execute([$keyHash, $domain, $expires]); echo "License added/updated."; 3.2 Set Site Message // admin_message.php if ($_POST['set_message']) $msg = $_POST['message_text']; $type = $_POST['message_type']; // Deactivate all old messages $pdo->exec("UPDATE site_messages SET is_active = 0"); $stmt = $pdo->prepare(" INSERT INTO site_messages (message_text, message_type, is_active) VALUES (?, ?, 1) "); $stmt->execute([$msg, $type]); echo "Site message updated.";
This is designed as a (PHP/MySQL) with a simple frontend UI (HTML/JS) — but the logic can be adapted to Node.js, Python, etc. body: formData )
<!DOCTYPE html> <html> <head> <title>Toad Protected Site</title> <style> .toast-message padding: 12px; margin: 10px 0; border-radius: 5px; .info background: #e3f2fd; color: #0d3c55; .warning background: #fff3e0; color: #a86400; .error background: #ffe6e5; color: #b71c1c; .success background: #e0f7e8; color: #1e6f3f; </style> </head> <body> <div id="license-status"></div> <div id="site-message"></div> <script> async function verifyLicense() const formData = new FormData(); formData.append('license_key', 'TOAD-KEY-12345-ABCDE'); // from user input or saved formData.append('domain', window.location.hostname);
elseif ($action === 'get_message') echo json_encode($manager->getActiveMessage());
async function loadSiteMessage() const res = await fetch('/license_api.php?action=get_message'); const msg = await res.json(); if (msg && msg.message_text) const msgDiv = document.getElementById('site-message'); msgDiv.innerHTML = `<div class="toast-message $msg.message_type">$msg.message_text</div>`;
public function __construct($pdo) $this->pdo = $pdo;