I have read an answer to another question here on Stack Overflow. Let me first quote the incriminated part:
If your goal is to make people pay for it, you better register a key on your server side for each client. Then, when they connect to update, they will send the key and if she's in your database and valid, you output your zip file. If not, you don't.
I am asking that, technically, how would one secure his/her PHP-based project with the register a key method? Let's say we have this:
$key = file_get_contents('http://auth.project.example.com/auth.php?auth_key=asd123');
if ( $key === "auth_valid" )
define('AUTH', TRUE);
And after that, we check AUTH to see whether we (from the client's perspective) bought the system or not. Obviously, if we did not, AUTH will be FALSE or would not be defined at all. The problem is, that a client with only little-to-no knowledge to PHP would easily comment out these lines, hotwire AUTH to be TRUE and there he/she is, using the system with it thinking it had been bought, while, in reality, it hadn't.
