What is the recommended way to add a license validation scheme to a purchasable extension?
I would like to be able to use a registration code and validate Extension purchase using REST API for Marketplace.
I see that other extensions are hiding and obfuscating a curl call to validate the purchase in OpenCart Marketplace. Is this the solution we should be using to "license" an extension? Personally I don't like this method as every developer has to create their own license validation scheme. Is there an "official" way to validate licenses?
I realize that with open source code, whomever has the code can circumvent license validation by locating and removing any licensing code. Without some type of purchase validation, someone could share extensions and/or use on multiple sites with a single purchase. How does a developer of OpenCart extensions protect IP?
I do not think its possible for 100% solution, however something simple would be better than nothing. :-)
Thanks for any suggestions or ideas on how other developers are protecting intellectual property.
RGB World - FREE and Commercial Extensions
For custom work or support, please use our Contact Form or visit our Support Forum.
Favorite Quote: There are 10 types of people in the world. Those who understand binary and those who don't. 
Looking for simplicity on the matter to avoid replication of an extension on an opensource project is simply unavoidable; replication will still occur.rgbworld wrote: ↑Thu Aug 03, 2023 12:05 amWhat is the recommended way to add a license validation scheme to a purchasable extension?
I would like to be able to use a registration code and validate Extension purchase using REST API for Marketplace.
I see that other extensions are hiding and obfuscating a curl call to validate the purchase in OpenCart Marketplace. Is this the solution we should be using to "license" an extension? Personally I don't like this method as every developer has to create their own license validation scheme. Is there an "official" way to validate licenses?
I realize that with open source code, whomever has the code can circumvent license validation by locating and removing any licensing code. Without some type of purchase validation, someone could share extensions and/or use on multiple sites with a single purchase. How does a developer of OpenCart extensions protect IP?
I do not think its possible for 100% solution, however something simple would be better than nothing. :-)
Thanks for any suggestions or ideas on how other developers are protecting intellectual property.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Forgetting simplicity and code redundancy, is there an official or recommended way to validate the purchase of an extension?straightlight wrote: ↑Thu Aug 03, 2023 7:22 pmLooking for simplicity on the matter to avoid replication of an extension on an opensource project is simply unavoidable; replication will still occur.
I've searched the Marketplace and forums for developer extension licensing and come up short
If nothing currently exists, I can write something up and post an example here. However, if there is a recommended process, I would appreciate information on the matter. If anyone is aware of an existing Marketplace purchase-validation or extension licensing solution please advise.
My idea would be to use a curl request to an endpoint (Marketplace or other), with an order id, email, etc. Then "activate" the extension based on the results of the reply. I'm open to any discussion or ideas.
Thanks!
RGB World - FREE and Commercial Extensions
For custom work or support, please use our Contact Form or visit our Support Forum.
Favorite Quote: There are 10 types of people in the world. Those who understand binary and those who don't.
In this case, better to code it up yourself by posting an example.rgbworld wrote: ↑Sat Aug 05, 2023 4:58 pmForgetting simplicity and code redundancy, is there an official or recommended way to validate the purchase of an extension?straightlight wrote: ↑Thu Aug 03, 2023 7:22 pmLooking for simplicity on the matter to avoid replication of an extension on an opensource project is simply unavoidable; replication will still occur.
I've searched the Marketplace and forums for developer extension licensing and come up short
If nothing currently exists, I can write something up and post an example here. However, if there is a recommended process, I would appreciate information on the matter. If anyone is aware of an existing Marketplace purchase-validation or extension licensing solution please advise.
My idea would be to use a curl request to an endpoint (Marketplace or other), with an order id, email, etc. Then "activate" the extension based on the results of the reply. I'm open to any discussion or ideas.
Thanks!
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Hi!
This licensing model is popular in Russia. Your server receives a callback from the marketplace after purchasing your extension. It then automatically generates a license code and sends it to the customer's email address.
All of these solutions use the ioncube loader or PHP obfuscators. Most often, the controller and/or admin model are encrypted; less often, the catalog model and controller are encrypted (only to protect the code).
I usually worked on finalizing the code of encrypted modules.
Most often, such files are easily decrypted on dezender.net. The decryption of one file costs 5 euros. Once it was not possible to decrypt, the issue was resolved by events.
Encrypted modules are prohibited on the official marketplace.
This licensing model is popular in Russia. Your server receives a callback from the marketplace after purchasing your extension. It then automatically generates a license code and sends it to the customer's email address.
All of these solutions use the ioncube loader or PHP obfuscators. Most often, the controller and/or admin model are encrypted; less often, the catalog model and controller are encrypted (only to protect the code).
I usually worked on finalizing the code of encrypted modules.
Most often, such files are easily decrypted on dezender.net. The decryption of one file costs 5 euros. Once it was not possible to decrypt, the issue was resolved by events.
Encrypted modules are prohibited on the official marketplace.
Last edited by halfhope on Sun Aug 06, 2023 6:07 am, edited 2 times in total.
Sometimes such systems grow to CRM-like systems. At this step, the functions of checking for updates for modules usually appear, sometimes with automatic updates. Be careful with this feature, I know three developers whose systems were compromised. Also you can use third-party software licensing mgmt systems.
My FREE extensions in marketplace. [ security | flexibility | speedup ]
Hi, when customers purchase your code, they should have the right to read and modify it according to their specific needs. Using obfuscators or encrypting the code can make it challenging to maintain the code in the future.
View all extensions | Request custom work | Pricing | Contact Me
Not only can it be challenging but also prohibited on the Marketplace.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I never suggested encrypting code, obfuscating, or trying to hide the code from a customer. I am vehemently opposed to such tactics - which is why I said I was looking for a "simple" solution. If a nefarious actor wants to circumvent licensing, then so be it. If a developer wants to tear it apart or modify it to make it their own, that's fine as well.
The original question was whether or not there is a recommended or official process for licensing extensions? Apparently, the answer is No.
Are other developers just hoping that someone won't put their extensions on a torrent site? (somewhat rhetorical)
Is license-validation frowned upon or not with regard to OpenCart?
Validation of a purchase should not be complicated or a burden on customer, and IMO should be built into core OpenCart. That said, I am working on an extension example that does what I want. I will post it here or try to get it added to OC repo when it's completed. Attached are couple screen grabs. The only thing left to do is a curl call to validate the license. On the store's server, I also need to implement the receiving of Marketplace callback for maintaining a license table.
My plan is to do some of what @halfhope suggested:
- Receive a callback from the marketplace and add details to a database table.
- On extension settings page, add an Ajax register form (order_id and email) - Done. See attachments.
- Validate the purchase on form submission and activate extension accordingly.
Thanks for the replies.
The original question was whether or not there is a recommended or official process for licensing extensions? Apparently, the answer is No.
Are other developers just hoping that someone won't put their extensions on a torrent site? (somewhat rhetorical)
Is license-validation frowned upon or not with regard to OpenCart?
Validation of a purchase should not be complicated or a burden on customer, and IMO should be built into core OpenCart. That said, I am working on an extension example that does what I want. I will post it here or try to get it added to OC repo when it's completed. Attached are couple screen grabs. The only thing left to do is a curl call to validate the license. On the store's server, I also need to implement the receiving of Marketplace callback for maintaining a license table.
My plan is to do some of what @halfhope suggested:
- Receive a callback from the marketplace and add details to a database table.
- On extension settings page, add an Ajax register form (order_id and email) - Done. See attachments.
- Validate the purchase on form submission and activate extension accordingly.
Thanks for the replies.
Attachments
Screenshot 2023-08-07 at 12.04.45 AM.png (46.91 KiB) Viewed 4084 times
Screenshot 2023-08-07 at 12.04.01 AM.png (104.68 KiB) Viewed 4084 times
RGB World - FREE and Commercial Extensions
For custom work or support, please use our Contact Form or visit our Support Forum.
Favorite Quote: There are 10 types of people in the world. Those who understand binary and those who don't.
There is no RESTful API for licensing, and it won't make sense anyway.
When you order and pay for an OpenCart extension, you get an email confirmation from OpenCart which contains the link to your OpenCart account (which you already know anyway). In your OpenCart account there is a download section for your purchased extensions. The end-user can open a support ticket via the OpenCart extension page, and the extension author will then receive a support request with the following details:
When you order and pay for an OpenCart extension, you get an email confirmation from OpenCart which contains the link to your OpenCart account (which you already know anyway). In your OpenCart account there is a download section for your purchased extensions. The end-user can open a support ticket via the OpenCart extension page, and the extension author will then receive a support request with the following details:
So it pretty much has everything you'd need for an open-source extension.Order Details
Order ID: xxxxxxx
Order Date: 2023-xx-xx xx:xx:xx
Order Status: Complete
License Status: Active
License Expire: Jan 20, 2024
Extension Details
.....
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Not only prohibited on the official marketplace, prohibited in general by the License: GNU/GPL !!halfhope wrote: ↑Sun Aug 06, 2023 5:14 amHi!
This licensing model is popular in Russia. Your server receives a callback from the marketplace after purchasing your extension. It then automatically generates a license code and sends it to the customer's email address.
All of these solutions use the ioncube loader or PHP obfuscators. Most often, the controller and/or admin model are encrypted; less often, the catalog model and controller are encrypted (only to protect the code).
I usually worked on finalizing the code of encrypted modules.
Most often, such files are easily decrypted on dezender.net. The decryption of one file costs 5 euros. Once it was not possible to decrypt, the issue was resolved by events.
Encrypted modules are prohibited on the official marketplace.
Mean in other words: every "buyer" has the right to get the plain (uncrypted / unobfuscated) files - so then why working this way?
Or: why working on the "Open Source" szene, publishing extensions under "somewhat" license (other then GNU/GPL which all extensions has to be licensed because the "Framework" OpenCart is published under that license) and then encrypting/obfuscating?
Many times the so called "developers" argue with "protecting my code" - if so really, you should not publish any extension for OC!
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Actually, the GPL license suggests that there may be no close connection with a separate library file that is used in the module - https://www.gnu.org/licenses/gpl-faq.html#GPLPlugins
But even more interesting is that there is no legal precedent proving that the GPL license can be applied to extensions and it will be considered legal, which is why there is a whole article about it on the specialized website - https://copyleft.org/guide/comprehensiv ... dech5.html
We also have the case of MySQL v. Progress Software case, where it was clearly determined that a library that does not have close communication can be closed.
Also, the copyright laws of the United States, the European Union, Hong Kong, and other countries contain provisions stating that a program is a set of instructions, not a place in memory or an inherited object. And the law is more legally binding than a licensing agreement.
Also, in all these jurisdictions, there is a provision that “method of operation” are not subject to copyright protection. Whereas the GPL license applies only to what is protected by copyright.
An example of the implementation of the principle No protection for “method of operation” is the case of Oracle v Google, where it was established that the names of methods are NOT equal to their imperative implementation. Also in the EU there is the case of SAS Institute v. World Programming Ltd (C-406/10).
We also have presumption of authorship and contract law in all countries. Usually, contracts (including licensing agreements) should contain provisions typical for the industry. And we see that other licenses, both free and commercial, either do not infringe on the rights of the authors of extensions or explicitly assign copyright to the authors of extensions (I can give examples if it is not considered advertising).
It is precisely the extortion to give up one's property rights that we see in the marketplace. After all, the license for the program that the user accepts when installing it is a matter for the copyright holder and the user. To alienate property rights of third-party developers, a separate copyright alienation agreement is required, which no extension developer has ever signed.
And now the most interesting thing is that modules most actively use code like
$this->load
$this->db->query
And this code is not of GPL origin - viewtopic.php?f=10&t=5204&start=0
Accordingly, it is not original, which means that it is not subject to the GPL
But even more interesting is that there is no legal precedent proving that the GPL license can be applied to extensions and it will be considered legal, which is why there is a whole article about it on the specialized website - https://copyleft.org/guide/comprehensiv ... dech5.html
We also have the case of MySQL v. Progress Software case, where it was clearly determined that a library that does not have close communication can be closed.
Also, the copyright laws of the United States, the European Union, Hong Kong, and other countries contain provisions stating that a program is a set of instructions, not a place in memory or an inherited object. And the law is more legally binding than a licensing agreement.
Also, in all these jurisdictions, there is a provision that “method of operation” are not subject to copyright protection. Whereas the GPL license applies only to what is protected by copyright.
An example of the implementation of the principle No protection for “method of operation” is the case of Oracle v Google, where it was established that the names of methods are NOT equal to their imperative implementation. Also in the EU there is the case of SAS Institute v. World Programming Ltd (C-406/10).
We also have presumption of authorship and contract law in all countries. Usually, contracts (including licensing agreements) should contain provisions typical for the industry. And we see that other licenses, both free and commercial, either do not infringe on the rights of the authors of extensions or explicitly assign copyright to the authors of extensions (I can give examples if it is not considered advertising).
It is precisely the extortion to give up one's property rights that we see in the marketplace. After all, the license for the program that the user accepts when installing it is a matter for the copyright holder and the user. To alienate property rights of third-party developers, a separate copyright alienation agreement is required, which no extension developer has ever signed.
And now the most interesting thing is that modules most actively use code like
$this->load
$this->db->query
And this code is not of GPL origin - viewtopic.php?f=10&t=5204&start=0
Accordingly, it is not original, which means that it is not subject to the GPL
Who is online
Users browsing this forum: No registered users and 2 guests
