* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Do you check old license key during upgrade?

Hi,

When customers want to buy the upgrade, they have to enter old license key before they can go to the real order page and complete the payment.

It allows to send customers single fully functional key and don't require to enter two keys in the program (old and new keys).

However, I don't check validity of the entered old keys. This is a simple formal check, because I don't want to write a complex code or have a scripts with the database of old keys. 

I  trust my customers.  It's OK?
Igor Kokarev Send private email
Sunday, December 01, 2013
 
 
Presumably you're asking for the old keys in order to give these users a special lower upgrade price on your new version. Correct?

You'll probably have abuse of the system if you don't actually check if the old pkey already exists.

It wouldn't be too hard to check. Just do a simple query of your database:


SELECT * FROM your_old_pkey_table WHERE pkey = 'properly quoted old pkey' LIMIT 1


If it returns a row then you know the product key supplied is correct. Otherwise they just inputted junk in order to get a cheaper price.
Wyatt O'Day Send private email
Sunday, December 01, 2013
 
 
Wyatt O'Day,

Thanks for your advice! I'll think on this variant.
Igor Kokarev Send private email
Monday, December 02, 2013
 
 
Here's what I would do:

Spend a few minutes to add a line in your code to save the old code they used to a log. After some time (a couple of months), look at the log and see what codes people have been using.

If there are lots of fake codes, then spend the time to implement a full check.

If they are all fine, you can probably keep on trusting your customers.
Nick Moore Send private email
Monday, December 02, 2013
 
 
Hi Nick,

Good idea! Thanks.

I only have one concern regarding security. The log file with entered old keys, or datebase with old keys should be protected, or hackers may steal these keys.

Not all keys are old ones. Some keys - are upgrade from one edition to another edition within same version (from Home to Professional).
Igor Kokarev Send private email
Monday, December 02, 2013
 
 
Instead of getting their old key, which many of them lose, you must ask their registered email address.

Check if they have purchased the older version of the product in question.

Regards,
Gautam Jain
Gautam Jain Send private email
Tuesday, December 03, 2013
 
 
Gautam Jain,

Many thanks!

A very, very interesting idea! And it's more safe for my bussiness. Because I needn't to store license keys in a database which can be hacked.
Igor Kokarev Send private email
Tuesday, December 03, 2013
 
 
>> "Because I needn't to store license keys in a database which can be hacked."

If your website can be hacked so easily then you've got bigger problems than stolen licenses. Business destroying problems: stolen credit cards (either directly from your site or by sending your customers to a phishing site), unknowingly delivering malware & viruses to visitors, being de-listed from search engines, etc., etc., etc..
Wyatt O'Day Send private email
Tuesday, December 03, 2013
 
 
>> And it's more safe for my bussiness. Because I
>> needn't to store license keys in a database
>> which can be hacked.

Don't you have a facility to send customers their keys to their email address if they have lost for some reason?

I get many emails like "I am moving to new computer, please send me key", "I have lost my key, please send" etc.

It is a simple form. Just ask their registered email address and send keys to that email address.

Thanks
Gautam Jain Send private email
Wednesday, December 04, 2013
 
 
I have a form that allows users to enter either their original purchase  reference or registration code.  A php script checks these against my sales database and if they are eligible they are re-directed to a fastspring page with a unique coupon embedded in the link to give them access to the discounted pricing.  Has worked well for years and has not been taken advantage of.
Mark Nemtsas Send private email
Wednesday, December 04, 2013
 
 
hi Igor,

It really depends on how many customers  you have. I do not think that there will be a lot of people that want to fool you. But definitly you need to keep some records.

With ActivationCloud you do not need to send the customer a new Key, you can just upgrade the old one via your account.  You also may search the key to upgrade by customer's name, company name or e-mail.

WebAPI for upgrades is coming soon. You can use it in your store so upgrades will be fully automated.
ActivationCloud Send private email
Saturday, December 07, 2013
 
 
I have customers buying updates for 12 years now and I always check whether that person has bought the full version at some point in the past. I never ever had someone who tried to pose as existing customer. I guess that people who would try to scam you that way rather go directly to warez sites.
Ralf Send private email
Thursday, December 12, 2013
 
 
"Just ask their registered email address and send keys to that email address."

But what if their registered address no longer exists?  I've bought lots of software in the past where the email address used is gone because it was an ISP one that no longer exists.  How can I prove myself?  I can't.
PSB136 Send private email
Saturday, December 21, 2013
 
 
@PSB136

>> "How can I prove myself [in cases where I can't access old email addresses]?  I can't."


Right, so you handle the edge-cases manually. There will always be an edge-case. Just write the purchase form to handle the 99.9% of the cases (cases where the customer still has access to email and/or their old product key). For everyone else you, the company, can just verify the customer's old order via phone or email.

Easy Peasy Lemon Squeezy.
Wyatt O'Day Send private email
Saturday, December 21, 2013
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz