How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Got something cool to share with AppGini users? Feel free to post it here!
Post Reply
User avatar
rngoda
Posts: 14
Joined: 2020-02-05 16:00
Location: KENYA
Contact:

How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Post by rngoda » 2021-01-26 12:55

Have you ever found yourself in a situation where you need to distribute copies of your Appgini generated applications and need to control them using special keys or ever created and deployed an application for a client and they refused to pay and you got nothing to do?

I have created a simple to use solution that you can generate special keys for your Appgini generated application and you can use this to lock or deactivate the application remotely in 3 simple steps.

STEP ONE
Create a free account HERE
Log in and create an app. Each app you create will have a special key generated for it and you will use this in step two below.
You can also modify your application key status to Inactive, this way your Appgini application will be locked in a way users can't use it anymore.

STEP TWO
Go to your hooks folder and find a file called header-extras.php and paste the following code in there.

Code: Select all

<?php 
#Provide your app_key below. Get your appkey by creatinga free account here: https://payherokenya.com/appcontrol
$keyjson= json_encode(array('app_key' =>'#yourkeyhere'));

#Send request to server.
$result=sendRequest("https://payherokenya.com/appcontrol/app/controller.php",$keyjson);
$resp=json_decode($result);
$status=$resp->response->status;
$message=$resp->response->message;

#If server returns inactive status, an error alert will be shown with your preffered message to the users.
if ($status=="Inactive") {
	# code...
	echo error_message("<b>".$message."</b>");exit;
}
In the above code replace #yourkeyhere with your actual generated key from STEP ONE
What this code does is it checks from our remote server if the key is Inactive and it will lock it and display an error message you will set in step one.

STEP THREE
Go to hooks folder and find a file named _global.php and paste in the following code at the very end:

Code: Select all

function sendRequest($url,$data){
		//Initiate cURL.
	$ch = curl_init($url);

		//Tell cURL that we want to send a POST request.
	curl_setopt($ch, CURLOPT_POST, 1);

		//Attach our encoded JSON string to the POST fields.
	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

		//Set the content type to application/json.
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Accept:application/json'));

    //Dont return result to screen,store in a variable.
	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);

		//Execute the request.
	$result = curl_exec($ch);
	return $result;
}
The code above is the function that is used to send requests to the remote server in step one.

That is it. You can now be able to lock your Appgini generated application remotely when the need arises. Feel free to try it out and give suggestions on how to improve my solution.
The Ambitious Programmer

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1050
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Post by jsetzer » 2021-01-26 13:38

Nice idea, thanks a lot for sharing.

A few thoughts, please don't get me wrong, I really appreciate your contribution.

Problematic from my point of view: as soon as you hand out your php code to the customer, they can simply remove or replace that function.

Legally, they are not allowed to, if they have signed a contract with you, forbidding it. Fair customers will not do so. But technically it is a matter of seconds. The better the software, the more interest there will be for stealing code and reselling under a different brand name. What is even worse: the code has a certain value, but the idea and experience behind sometimes are worth much more.

It is still almost impossible to protect code and intellectual property as soon as we pass the code to the customer or publish it somewhere. Interpreted languages like PHP can be hacked ad-hoc, if you don't control the server.

I'm working a lot for german government (well, not AppGini but C# ASP.NET MVC + Microsoft SQL Server). Their network ist physically separated from the rest of the world. In these scenarios we are not allowed to send data (curl request) through the internet for receiving a token from a remote server. We don't even use CDNs. So request would fail in secured, separated subnets.

Anyway, well done! And I hope others can contribute ideas for improvement!
Kind regards,
<js />

pfrumkin
Veteran Member
Posts: 119
Joined: 2020-02-18 17:58
Location: Albuquerque, New Mexico USA

Re: How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Post by pfrumkin » 2021-01-26 14:39

Jan's point is well taken, this can be easily defeated when we use interpreted languages. Steps could probably be taken to further obfuscate, but bad people can be smart. That said, it does work to keep honest people honest (there are some). If you do sell software as a service then this could be a tool to remind of subscription expiration. Could also be tailored to capture analytics about your tool from all of your subscribers.

~Paul

SkayyHH
Veteran Member
Posts: 309
Joined: 2015-04-27 21:18
Location: Germany

Re: How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Post by SkayyHH » 2021-01-26 22:43

can't you just include() parts of the program on your own server? I don't know if that works, that then php code is executed when it is on another server. if so, you could name the file e.g. with filename_customernumber.txt. If you rename it, then the program will no longer work on the customer.

SkayyHH
Veteran Member
Posts: 309
Joined: 2015-04-27 21:18
Location: Germany

Re: How To Remotely Control Or Deactivate Your Appgini Generated Application Using An Application Key

Post by SkayyHH » 2021-01-26 22:47

although - if that would work, you can hack the server. probably won't work...

Post Reply