Php License Key System Github Hot -

This validator requires no outbound HTTP by default, but includes a revocation check CDN.

<?php
class LicenseValidator {
    public function __construct(private string $publicKeyPath) {}
public function validate(string $licenseKey, string $currentDomain): array 
    // Remove dashes and decode
    $raw = base64_decode(str_replace('-', '', $licenseKey));
    [$payloadB64, $signature] = explode('::', $raw);
    $payload = json_decode(base64_decode($payloadB64), true);
// Verify signature via libsodium
    $publicKey = sodium_crypto_sign_publickey_from_secretkey(
        file_get_contents($this->publicKeyPath)
    );
    if (!sodium_crypto_sign_verify_detached($signature, $payloadB64, $publicKey)) 
        throw new \Exception("Invalid signature: License tampered.");
// Check expiry
    if ($payload['expires'] < time()) 
        throw new \Exception("License expired.");
// Domain wildcard match
    $matched = false;
    foreach ($payload['domains'] as $allowed) 
        if (fnmatch($allowed, $currentDomain)) $matched = true;
if (!$matched) throw new \Exception("Domain not licensed.");
return $payload['features']; // Return entitlements

}

Secure endpoints with API key or OAuth for admin actions. Rate-limit validate endpoint. php license key system github hot

<?php
header('Content-Type: application/json');
$input = json_decode(file_get_contents('php://input'), true);
$licenseKey = $input['license_key'] ?? '';
$domain = $_SERVER['HTTP_HOST'] ?? '';
$stmt = $pdo->prepare("SELECT * FROM licenses WHERE license_key = ?");
$stmt->execute([$licenseKey]);
$license = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$license) 
echo json_encode(['valid' => false, 'reason' => 'Key not found']);
exit;
 This validator requires no outbound HTTP by default,
if ($license['status'] !== 'active') 
echo json_encode(['valid' => false, 'reason' => 'License ' . $license['status']]);
exit;

if ($license['domain'] && $license['domain'] !== $domain) 
echo json_encode(['valid' => false, 'reason' => 'Invalid domain']);
exit;

if ($license['expires_at'] && strtotime($license['expires_at']) < time()) 
echo json_encode(['valid' => false, 'reason' => 'License expired']);
exit;
 Secure endpoints with API key or OAuth for admin actions
echo json_encode(['valid' => true, 'message' => 'License active']);

php artisan serve --port=8080

Your license API is now live at http://localhost:8080/api/licenses/validate. The repo includes a Postman collection for testing.