Encoding Your PHP Source Code

[coded4u]

I have written something to encode my PHP Source code for my website, i'm going to use it for the download i give out for free. I want to encode it so people can't view/edit the real source code. I have managed to encode it and then decode it  so it will run. Not too bad for those who don't really know how to use php as they wont know what to remove to get the real source code, but for those who know how to use php will get access to the real source code. This is what i'm using, if anyone has anything a little more advance then that would be great. (I know anything encoded can be decoded) I just want to try make things harder for them to decode it.

 

Encode:

<?php

$php='The php source code...';

base64_encode(gzdeflate($php))

?>

Decode:

<?php

eval(gzinflate(base64_decode('S03OyFdQD/AIUAjOLy1KTlVwzk9JVbdWAAA=')));

?>

 

If the user replaces eval for echo it will display the php, so maybe i need something that will stop the user removing eval? If eval isn't in the code dont run anything, something like that... i dont know, like i said, could do with some help from you guys.

[scootstah]

This has literally no purpose. If you want to obfuscate the code, at least use something that can't be decoded in a fraction of a second, like http://www.ioncube.com/.

[Christian F.]

You can't, anything you come up with in PHP you need to be able to undo in PHP. Which means you'll have to give the solution to get to the plain text version of the code with the script, in order to have it work.

 

There are a number of commercial products out there that can encode your PHP code for you, but they all require a component on the server-side which is able to decrypt the code again. One such method is already implemented in PHP, if I haven't misunderstood anything, and is used by Zend Encoder (and a few others).

That said, I really doubt your code is valuable enough to warrant any such obfuscation. Usually this is only an annoyance for legit customers, as those who want to get to your code can easily do so none the less.

 

DRM is an oxymoron, and will only work if you control every single point in the chain.

[Jessica]

If you want to sell it, you can sell it as what's known as "software as a service". You host their site on your server, and they don't have access to the code.

[scootstah]

If you want to sell it, you can sell it as what's known as "software as a service".

 

Or, license it properly. If your code is worth a damn, plenty of legitimate people will buy it. The people that crack it will most likely represent a small, irrelevant portion of users.

 

There's plenty of nullified versions of vBulletin and IPB floating around the Warez world, but those companies are still thriving.

[Jessica]

Also true.

[coded4u]

Its just a project i want to build up on, i want to see how secure i can get it. I don't want to pay for other php encoders or anything. Takes the fun out of doing it myself... but if i can get it pretty secure then i will no doubt use it for the free downloads.

[kicken]

The best you can do without involving a server plugin/php extension of some sort is to make the code hard to read by doing things like replacing the variable names with incomprehensible messes.  Similar to most JS minifiers these days that replace variable names with single letters and remove all spaces and what not.

 

[coded4u]

Thank you kicken.

[shlumph]

Zend Guard is one option: http://www.zend.com/en/products/guard/

[coded4u]

But that means paying for Zend Guard & takes the fun out of trying to create something myself. Thanks anyway.