Jump to content

Encoding Your PHP Source Code


coded4u

Recommended Posts

I have written something to encode my PHP Source code for my website, i'm going to use it for the download i give out for free. I want to encode it so people can't view/edit the real source code. I have managed to encode it and then decode it  so it will run. Not too bad for those who don't really know how to use php as they wont know what to remove to get the real source code, but for those who know how to use php will get access to the real source code. This is what i'm using, if anyone has anything a little more advance then that would be great. (I know anything encoded can be decoded) I just want to try make things harder for them to decode it.

 

Encode:

<?php

$php='The php source code...';

base64_encode(gzdeflate($php))

?>

Decode:

<?php

eval(gzinflate(base64_decode('S03OyFdQD/AIUAjOLy1KTlVwzk9JVbdWAAA=')));

?>

 

If the user replaces eval for echo it will display the php, so maybe i need something that will stop the user removing eval? If eval isn't in the code dont run anything, something like that... i dont know, like i said, could do with some help from you guys.

Link to comment
Share on other sites

You can't, anything you come up with in PHP you need to be able to undo in PHP. Which means you'll have to give the solution to get to the plain text version of the code with the script, in order to have it work.

 

There are a number of commercial products out there that can encode your PHP code for you, but they all require a component on the server-side which is able to decrypt the code again. One such method is already implemented in PHP, if I haven't misunderstood anything, and is used by Zend Encoder (and a few others).

That said, I really doubt your code is valuable enough to warrant any such obfuscation. Usually this is only an annoyance for legit customers, as those who want to get to your code can easily do so none the less.

 

DRM is an oxymoron, and will only work if you control every single point in the chain.

Link to comment
Share on other sites

If you want to sell it, you can sell it as what's known as "software as a service".

 

Or, license it properly. If your code is worth a damn, plenty of legitimate people will buy it. The people that crack it will most likely represent a small, irrelevant portion of users.

 

There's plenty of nullified versions of vBulletin and IPB floating around the Warez world, but those companies are still thriving.

Link to comment
Share on other sites

Its just a project i want to build up on, i want to see how secure i can get it. I don't want to pay for other php encoders or anything. Takes the fun out of doing it myself... but if i can get it pretty secure then i will no doubt use it for the free downloads.

Link to comment
Share on other sites

The best you can do without involving a server plugin/php extension of some sort is to make the code hard to read by doing things like replacing the variable names with incomprehensible messes.  Similar to most JS minifiers these days that replace variable names with single letters and remove all spaces and what not.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.