So you would have a user system on your company's website where they would have to log in to download the application? Now what about if they tried leak it.
Oh, so it's not a PHP/web application?
Then the licensing system should be in the software itself. You can't rely on a website to completely protect an application.
The application should ask for a license key soon after installation. Exactly what happens if they don't enter it relies on if you have a 'free trial' or 'lite' version or none of the above.
When the key is entered, the application can, at that point, either directly query a database or query a website which queries a database, in an attempt to see if the license key is valid or not.
If it is not valid, kick them out of the application (or disable functionality).
What happens when the user has no internet is up to you. To fight user annoyance, perhaps you can require that the application be initially activated over the internet via the license key. After that, it doesn't matter if you have internet or not. But, every time the application starts up, it should
try to check if the license key is still valid over the internet.
This will prove useful if you ever need to disable a license key due to piracy or unauthorized sharing or what-not.
The database should, at the very least, also store expiration dates that the application can check against as well. You should store the expiration date in the application whenever possible, so, if they only go on the internet once--to activate the app, then the application will still 'run out' when the license key expires.
In order of using a website to get this information from a database -- just echo out certain data based on mysql queries. Use GET variables to check specific user/application input, ex. validating a specific license key may go to
You must be registered to see links
.
There's a lot you can do, but a company shouldn't expect a PHP developer to handle it all.
What a company
should expect is for their application to be leaked illegally over the internet. They should combat that, not combat people trying to illegitimately download their application from their website (which you can attempt to combat via temporary download links).
P.S. Hehe, I have to share this... for anyone trying to secure 'premium' versions of scripts, you should
not do it like this (presented below is code from the lite version of a vBulletin plugin by a popular vB plugin developer):
PHP:
/**
* Whether we have the pro version or not
*
* @public boolean
*/
public static $isPro = false;
PHP:
// Show branding or not
$show['thanks_branding'] = $vbulletin->options['dbtech_thanks_branding_free'] != '<(:{AdvancedThanks.Key|AdvancedThanks.Branding.Free}:)>';
And yeah, it does work as you think it would. Every single one of this guy's plugins follows this practice.