Online Serial Key Validation with InstallAware, the Database Part (final)

In this last installment of the serial validation series, we’re taking a look at the database structures used by the web side scripts. You’ll need to know some SQL-92 or T-SQL basics, if you don’t already please visit and to get acquainted.

First, some database design. We’ll keep serial data on one table and user data on another table.

The serials table columns:
id (bigint) , productname (nvarchar), serial (nvarchar), activated (tinyint)

The users table columns:
id (bigint), firstname (nvarchar), lastname (nvarchar), username (nvarchar), password (nvarchar)

During validation we can use the SQL SELECT statement to make sure the serial number has not been used before and has not been activated yet:
SELECT id FROM serials WHERE serial=@serial AND activated != 1

This is a T-SQL compliant query, where @serial is the parameter containing the serial number being queried. If this query doesn’t return a value, that’ll mean that the serial number specified is either invalid or has already been activated.

Otherwise, we can go ahead and activate this serial number. The T-SQL statement for this activation is:
UPDATE serials SET activated=1 WHERE serial=@serial

Now, all that remains to do is to add an entry in the users table:
INSERT INTO users(firstname,lastname,username,password) VALUES(@firstname,@lastname,@username,@password);

My suggestion for you is to implement all of the above statements as separate stored procedures and not stand-alone “injected” queries lying around inside multiple web script files. It’s better that way since code maintenance overhead is reduced – just like replacing all separate Run Program statements with a common Label statement like we did earlier for the MSIcode update script.

So as you can see, in a few simple lines, we’ve implemented the business logic/workflow of our application, in an integrated fashion with InstallAware. You’ve probably noticed that there isn’t any directly InstallAware related content in this post, but we’ve had a lot of requests for samples of web server back-end behavior for things like serial activation, so we hope this helps!

Thank you and we’ll be back soon,

Panagiotis Kefalidis
Software Design Team Lead
InstallAware Software Corporation

Online Serial Key Validation with InstallAware, the Code Part

Hi all! It’s been a few days since my last post about wrapping our update mechanism around your application and it’s time for some web server code samples; but first, I wanted to make an enhancement to the update script.

If we want to change our “Run Program As” commands, we’ll have to edit multiple parts of the update script. At best, this is tedious; typically it will introduce errors with forgotten or misplaced commands. The solution is simple: we’ll use the Label and GoTo Label MSIcode commands to create a re-usable region of code. This way, we’ll remove all pairs of existing “Run Program As” and “Terminate Installation” commands, replacing them with a GoTo Label command that points to a new “Label” called “RunProgramSection“, with the “Run Program As” and “Terminate Installation” commands underneath.


So now, instead of making changes all over the place in the MSIcode script, I only have to make one change under the Label command. That way, I can re-use this code block in other projects:

I can also build in more sophisticated behavior, adding more MSIcode commands. Lets say you want to run two programs – one might be a tray application and the other one the “real” application.

Quite easily done. Extensibility and scalability are everything these days!

And now for some server side code. First, please make sure you’re familiar with a server side scripting language like PHP or ASPX. Please visit and if you need a jumpstart. I’ll assume that you’ve done your homework and that you can follow the simple scripts provided below.

First some PHP. If you remember, I pass some parameters from my MSIcode InstallAware setup/client script to the web/server script as URL parameters. In PHP, URL parameters are stored inside a predefined variable called $_GET, which is a global array. If you want to read a user’s serial number and your parameter is called serial, you can try the following:

$serial = strip_tags($_GET[‘serial’]);

Now, the PHP script variable $serial has our parameter’s value. Let’s see if the serial number provided is actually valid:

if ( CheckIfLegimitate($serial) )
return “1,”.srand(time());
return “0,”.srand(time());

If the serial is valid, the PHP script above returns “1”, or “0” otherwise. Either way, the return value is appended with a comma delimited random number. Back on the InstallAware setup/client side, I read this value using the “Download File” MSIcode command, and I then parse it using Parse String; which lets me obtain both the status code (“1” or “0”), and of course the random number.

Next post: Database schema scripts and more code. It’s going to be the last post from these series so, stay tunned!

Panagiotis Kefalidis
Software Design Team Lead
InstallAware Software Corporation