How to hide (encode) my php code.

[waverider303]

I am doing a job for a company and I want to hide my php code so that the client cant go onto their ftp server click on the .php file and view the php code. Is there a way that I can make that code hidden so that they cannot change the code and possible mess up their site?

[ardyandkari]

if you are worried about a client "messing up their site", then dont give them ftp access.  explain that it is for their own good that you keep the records. 

 

that is option a.  i used this with a client of mine, because we both knew that if she got access, something would get screwed up.

 

option b is give them the access...if they screw up the site, you would fix it for a fee...not your fault that they are dumb/careless/stupid enough to mess around where they shouldnt...

 

 

[corbin]

I would just make a backup of the site at present state and make it clear to them that you'll either fix it for a fee or restore it right back to the backup.

[waverider303]

Those are both good options but I cannot block access to someone who owns/pays for the rights to the ftp.server I encountered a code once that completely encoded the file it showed a bunch of:

aWYoITApJE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO2ZnZXRzKCRPMDAwTzBPMDAsMTAyNCk7ZmdldHMoJE8wMDBPME8wMCw0MDk2KTskT08wME8wME8wPShiYXNlNjRfZGVjb2RlKHN0cnRyKGZyZWFkKCRPMDAwTzBPMDAsMzcyKSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpKTtldmFsKCRPTzAwTzAwTzApOw==')));return;?>
kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7tMlVC2x1coAPk3YlF3Ypd24VFoiXkZL7tMlVC2x1coAPwMOifoyJCbYlDB5MdZ5XDuEJhTShDB5jduaLcUImfMyZDByJdoazRmnPFtFpKXPLDoaSFyOvFoljwe0IwLYvdo9ZFZ5XDuEJKXPLC29Sd3kgdbYmwe0IwJw7tMlMwtipF3YlftILb1nNA1Odk3aXcoy0cBWmbULpGXpMd3wIhtOpNTr7koL8NUOed2xvFmYWcbkTDbOlKZOphZSpGXPLC29Sd3wINUELb1nNA1Odk2Yvdo9ZkZ4LDU4mUA4mbTShkuy1cbk5HJE9wtkaArOnarAIwJ4LA2l0caCVwLYvdo9ZFZnTOaWIW29Sd3kBCBx1cUE9wtFLC29Sd3wmwyfwOakywr9ZcoaZTmaswe0IkZOpkZw7tJOZcbY1duWZwe0IdblzFBxgFbalFmLPkuy1cbk5HJLhd3wIcollwtIJW291doOVk3WIcbilC3a0cUnxfBaZGU4Ikuy1cbk5HJwpKXp9tMlMwtILFMazfBx0HJl7tJOjd2xvFl9sF2FINUEJW29Sd3kzwoiifMAICMaldJn1FoOifoaLRJw7tm1lduYlwuShkoYvdo9Zb21zcZE9wtked2xvFmHIC291doWIdM90woklwuaXcoy0cBWVwynScByzcUnjd250CBY0wulvfbwICBOsDB5pF3OZCbOvFJ4JKXp9tm0hkuy1cbk5we0IwmYldoajftEQwocZd20IwJ4LA2l0caCVwLYvdo9ZFZn3DoaZcUnNFMOlFL51dUE8NUEmkrYvdo9ZF1nlFlYpfoAmwo9ZcoaZwok5wr9ZcoaZTmaswjShkuklF3aSftE9wo15F3ySb3y1cbk5htOxfBaZGULhd3wIcollwtIJW291doOVk3WIcbilC3a0cUnxfBaZGU4JhTShkyYlC3Opd2

 

its like being encoded some how. How can i possibly do this to my code?

[Zane]

I know Zend has an encoder type thing that they offer but I've never used it.

 

I always figured it would be a hassle to setup

[corbin]

It also costs money.  A lot of money.

 

 

I don't know of any free encryption stuff for PHP files.

[peranha]

seach google for

 

"encode php code"

 

There are a lot of programs that come up, some are free, some cost money.  Not sure if any work, I dont encode my scripts.

[corbin]

I would imagine for it to work well, it would have to be an extension.  I've never seen a free one that was an extension.

 

 

Edit:  Actually one of the first ones that comes up and is free looks decent....  I retract my earlier statements.

[waverider303]

I was able to find the coding that was in the file i was talking about earlier:

 

<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$OOO000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64');$OO00O0000=22492;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($

 

 

 

How were they able to do this?

[CroNiX]

Couldn't you just make the files read only so they couldn't modify them?

[akitchin]

I was able to find the coding that was in the file i was talking about earlier:

 

<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$OOO000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64');$OO00O0000=22492;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($

 

 

 

How were they able to do this?

 

have you read anyone else's replies? they've told you exactly what you're looking for: google "encode php code" and look at your options. as everyone has said, you will need an encoding program.

[corbin]

I was able to find the coding that was in the file i was talking about earlier:

 

<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$OOO000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64');$OO00O0000=22492;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($

 

 

 

How were they able to do this?

 

That takes about 4 seconds for someone who knows what he/she is doing to bypass by the way....

[waverider303]

Corbin your saying that this can be decoded easily just by looking?

[CroNiX]

No, hes saying its easy to decode...

[Daniel0]

I'm so 1337 that I can decode it just by looking at it

[corbin]

With an ASCII chart, I could own that.  Kidding lol.

[ardyandkari]

i was thinking that was ASCII...

 

the problem with that type of encoding is you have to have the way to decode readily available so that people can see the page and not just a jumble of characters...

 

my advise again is not to encode and just limit your clients access or charge to fix.

[akitchin]

I'm so 1337 that I can decode it just by looking at it

 

i'm so 1337 that when i look at it, it decodes itself out of fear.

 

that could also be the chuck norris photo behind me in my office.

[corbin]

i was thinking that was ASCII...

 

the problem with that type of encoding is you have to have the way to decode readily available so that people can see the page and not just a jumble of characters...

 

my advise again is not to encode and just limit your clients access or charge to fix.

 

 

Uh what?  It was being decoded server side and eval'd.

[ardyandkari]

but if the clients have access, they can still screw up the page...if anyone gets access they can change stuff...

 

(i was basically saying that it is not like md5, sha, etc. where the key is secret)

 

[corbin]

Oh cool I thought you meant client as in person viewing the page.  Hehe, I've been having lots of slow moments today.

[ardyandkari]

no probs! its FRIDAY!!!!!

[CroNiX]

Having encoded code also puts a larger load on the server as it has to be decoded every time its run, which is not really good IMO.  Who cares if your client messes the code up...then they have to pay you to fix it as it was their fault, not yours.  Easy money.