Share-it and LimeLM

Question

Share-it and LimeLM

Hi,I have a simple question : does LimeLM work with Share-it ?I want something like "paypal" example (user receive the license automatically after the purchase) but with share-it.

Thank you.

Dec 14, 2012

Sam · Answer 1 · 2012-12-14T18:27:28Z

We don't have a pre-written example for Share-it, however you can use our other pre-written examples and modify them to work with Share-it. If you need pointers we'll be glad to help.

Damien Bataille · Answer 2 · 2012-12-16T21:30:33Z

Ok, i have started to see what we can do.

Here the help to integrate a key generator with shareIt : https://cp.shareit.com/shareit/cp/download/KeyGenSDK.pdfAnd the SDK to check : https://cp.shareit.com/shareit/cp/download/KeyGen.zip

So, i started with this page to generate keys : KeyGenerator.phpThe code : http://pastebin.com/1PNHCdjd

KeyGenerator.php call SendPKeys function in PaymentSettings.phpCode here http://pastebin.com/NmGqFGug

And i use LimeLM.php.

So, with the shareIt SDK to check, i have an return error : "ERC_SUCCESS", it is fine, i have the key in return.Can yout check if all is good ?If the security is good ?You can get use my code for all others people is all is fine for you.

Currently i am on the free plan. But i have created 10 "test keys", so i can continu all tests because i can delete all keys...

Thanks

LibertyStreet · Answer 3 · 2012-12-17T08:02:59Z

Would be nice if you could post this code when it is working. Share-It and Plimus are popular payment processors for software companies.

Sam · Answer 4 · 2012-12-17T23:13:28Z

Just skimming it, it looks good. Obviously you don't want the general public to have access to this file (that is, make sure the php is run on their servers, not remotely called from your servers).

Damien Bataille · Answer 5 · 2012-12-18T00:42:48Z

On the pdf : https://cp.shareit.com/shareit/cp/download/KeyGenSDK.pdfPage 8 :

"4 HTTP Key Generators (CGI) Web based key generators reside on your server and will be called by our order processing system on each completed purchase of a product. Our system will submit the key generator input values as form data via a HTTP request using the POST method. Your server should return the proper key in the response. e.g. https://keygen.yourcompany.com/keygen.pl We also support the secure HTTPS protocol. You don't need a server certificate from an independent certification authority, a self generated certificate will do. Input Values will be passed as URL encoded (application/x-www-form-urlencoded) CGI variables, we also support Unicode using UTF8 encoding upon request."

So, like you say, obviously it is not secure to have the php key generators on a public server.What is the solution ?

Ps : i am locked with the free plan, i can delete keys to continu my test.

Sam · Answer 6 · 2012-12-18T01:35:31Z

Well, Share-it offers a crummy solution (from the PDF you linked to). They really didn't think this through:

Security Considerations

For security reasons you should limit access to this URL to IP addresses from the followingnetworks:

CIDR Notation IP-Range from to85.255.19.0/24 85.255.19.0 85.255.19.255

Please note that this address space might change in the future. In this case you will be askedto adjust your web server configuration.

This is a disappointingly poor solution. You might want to consider another payment processor -- someone who takes security seriously. FastSpring is one choice. Or just PayPal.

If you want to continue with Share-it then to implement that, above your "include('PaymentSettings.php');" line in Keygen.php, add the following code:

function in_ip_range($ip_one, $ip_two=false){    if ($ip_two === false)	{        if($ip_one == $_SERVER['REMOTE_ADDR'])            return true;        else            return false;    }	else	{        if (ip2long($ip_one) <= ip2long($_SERVER['REMOTE_ADDR'])			&& ip2long($ip_two) >= ip2long($_SERVER['REMOTE_ADDR']))		{            return true;        }		else            return false;    }}


// if the request isn't coming from Share-it then bail outif (!in_ip_range('85.255.19.0','85.255.19.255'))    exit;

This does just what it looks like. It looks at the IP, and if it's not coming from Share-it then it exits the script without doing anything.

Damien Bataille · Answer 7 · 2012-12-18T12:46:09Z

Use .htaccess will not work ?Like this :

# ALLOW USER BY IP<Limit GET POST> order deny,allow deny from all allow from 85.255.19.0 allow from 85.255.19.255</Limit>

# PREVENT VIEWING OF .HTACCESS<Files .htaccess> order allow,deny deny from all</Files>

I will see for FastSpring. I need a reseler (like Shareit and FastSpring (?)). I can not use Paypal or other.

Ps : did you receive my email about my activation plan ?Thank you

Sam · Answer 8 · 2012-12-19T00:41:28Z

Use .htaccess will not work ?

htaccess will work.

Ps : did you receive my email about my activation plan ?

Yes, I'm replying right now.

LimeLM
Overview Pricing & Sign up Why LimeLM? Tour Log in Help
wyBuild
Overview Pricing & Buy Features What's new Help
Support forum
wyDay blog
wyDay Home
Downloads Buy Contact us Careers

Guest name
Youʼre not logged-in, but you can still post as a guest.

Email