Including external php files and using functions from them?

I'm trying to implement an as simple as possible licensing system in a installable web-app that I'm building (user downloads and uploads to their server). After learning that sessions can't be set cross-domain (which was my first choice), I've now thought about including an external file on my server, containing a function called validate() which validates whether or not the license exists in my database.

Flow of events: User inputs license key on his site -> License key posted to the file /validate.php which includes a file from my server -> Server checks to see if license key is included in database -> If yes, sets a session on users domain and redirects to admin section -> If no, redirects back to login page, with an error message.

Here's my code (theoretical - may have issues):

validate.php

include("http://www.example.com/function.php");
validate($_POST['license']);

function.php

include("db_conn.php");

function validate($license)(
$conn = mysql_connect($db_host, $db_user, $db_pass); mysql_select_db($db_name);

$license = mysql_real_escape_string($license);

$query = "SELECT FROM licenses WHERE license = '$license'";
$result = mysql_query($query);

if(mysql_num_rows($result) == 1) {
    mysql_close($conn);
    session_set_cookie_params(60*60*24*30,"/","." . $_SERVER['SERVER_NAME']);
    session_start();
    $_SESSION['license_valid'] == "YES";
    header("Location:" . $_SERVER['SERVER_NAME'] . "/ad开发者_JAVA百科min");
} else {
    mysql_close($conn);
    header("Location" . $_SERVER['SERVER_NAME'] . "/login/?error=1");
}
);

The problem is, I'm not sure how the server will handle the function validate() for example, will the session be set on my server, or the user's server? Will it use my $_SERVER['SERVER_NAME'] or the user's? Will it look to include db_conn.php from my server, or the user's?

Your projected flow:
User inputs license key on his site (happens on his server)
License key posted to the file /validate.php ... (happens on his server)
...which includes a file from my server (which doesn't work)

Your actual flow will be:
User inputs license key on his site (happens on his server)
License key posted to the file yoursite.com/validate.php ... (happens on his server)
... which runs a script on your server.

Your server checks to see if license key is included in the database.

If yes, sets a session on your server for that user, and redirects to admin section on your server.
If no, redirects to login page on your server, with an error message.

The correct way to set it up is to have a file on your server that takes a URL parameter of the license key, checks to see if it's valid, then outputs something to indicate whether it is or not.

validate.php (on your server)

<?php
session_start();

$key = $_POST['license_key'];
// Please clean this variable, obvious SQL injection, blah blah

include('function.php'); // From your server, contains the validate() function
if (validate($key))
{
    // Log them in on your server
    $_SESSION['license_key'] = $key;
}
else
{
    // Say error and show the login form from your server
}

Now someone on another server can set the action on their <form> to http://yourserver.com/validate.php and your server will take over from there.

When you include a script, all the variables in the included script will run as if they were inline, inside the including script.

Essentially, just imagine all that code is inside validate.php, and it will run as if it were.

There is a gotcha to watch out for here - if function.php is in a different directory to validate.php, the include inside validate.php which asks for db_conn.php will fail - you'll need to change this page to match the path from the including file.