Jump to content

Archived

This topic is now archived and is closed to further replies.

meckr

licensing PHP scripts

Recommended Posts

Does anyone know of a method for licensing retail PHP scripts and being able to disable the license if the license is violated?

I am looking for a program that I can run on my own server in my own MySQL DB. How does one secure their retail Scripts?

Any ideas????

I have looked at a few services but they charge monthly fees. i do not sell enough scripts to pay for monthly fees.

Please help

Share this post


Link to post
Share on other sites
I've got some hair brained ideas on this matter, but nothing that is really fool proof, your question perplexes me greatly. If no one gives you any good ideas on this matter, I'll share with you some of my nutty ideas.

Share this post


Link to post
Share on other sites
There are script encryption for prtection shipped with zend studio - never had to use them so don't know what they do.

problem with encryping the script is that the encryption key must somehow be available to the script - which means the user could extract the code themselves at some point if they find the key out.

Now I had an idea of only porting part of your script to the server and have an installation script that copied the other fiels from your server - this way you can check the requesting url etc etc. Problem being you need to ensure open base dir is not set and all that malarkey.

Share this post


Link to post
Share on other sites
Yo have just made an good script for a client or a friend, and you know they will try to sus out your code and play with it. You know that they arent that good at php and probably wont understand it very well if it were straight code, let alone something like:

[code]

DQppZighaXNzZXQoJF9QT1NUWydzdWJtaXRvayddKSl7IA0KZWNobyAnPGZvcm0gbmFtZT0iZm9ybTEiIG1ldGhvZD0icG9zdCIgYWN0aW9uP SInLiRQSFBfU0VMRi4nIj4NCiAgPHA+DQogICAgPHNlbGVjdCBuYW1lPSJzZWxlY3RbXSIgc2l6ZT0iMTAiIG11bHRpcGxlPg0KICAgICAgPG9wdGlv biB2YWx1ZT0ib3ZlcndhdGNoIj5PdmVyd2F0Y2g8L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9ImR1c3QiPmR1c3Q8L29wdGlvbj4NCiAgICA gIDxvcHRpb24gdmFsdWU9ImR1c3QyIj5kdXN0Mjwvb3B0aW9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0iYXp0ZWMiPmF6dGVjPC9vcHRpb24+DQogIC AgICA8b3B0aW9uIHZhbHVlPSJtaWxpdGlhIj5taWxpdGlhPC9vcHRpb24+DQogICAgICA8b3B0aW9uIHZhbHVlPSJ0b3JsYW4iPnRvcmxhbjwvb3B0a W9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0icHJvZGlneSI+cHJvZGlneTwvb3B0aW9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0ib2FzaXMiPm9hc2lz PC9vcHRpb24+DQogICAgICA8b3B0aW9uIHZhbHVlPSJ0cmFpbiI+dHJhaW48L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9Im51a2UiPm51a2U 8L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9InRpZGVzIj50aWRlczwvb3B0aW9uPg0KICAgIDwvc2VsZWN0Pg0KCTxpbnB1dCBuYW1lPSJzdW JtaXRvayIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0ic3VibWl0b2siPg0KICAgIDxicj4NCiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJTdWJta XQiIHZhbHVlPSJTdWJtaXQiPg0KICA8L3A+DQogIDwvZm9ybT4nOw0KICAgDQp9IGVsc2Ugew0KDQokYXJyYXk9ICRfUE9TVFsnc2VsZWN0J107DQok aSA9IDE7DQpmb3JlYWNoKCRhcnJheSBhcyAkc2hvdykgew0KZWNobyAnVmFyIG51bWJlciAnLiRpLicgaXMgZXF1YWwgdG8gJy4kc2hvdy4nOzxicj4 nOyANCiRpKys7DQp9DQplY2hvICc8YnI+PGJyPm9yIHdvdWxkIHlvdSBsaWtlIHRvIHNob3cgYW5vdGhlciBzaG9ydGxpc3RlZCBzZWxlY3Rib3g/PG JyPjxicj4nOw0KZWNobyAnIDxmb3JtIG5hbWU9ImZvcm0xIiBtZXRob2Q9InBvc3QiIGFjdGlvbj0iJy4kUEhQX1NFTEYuJyI+DQogIDxwPg0KICAgI DxzZWxlY3QgbmFtZT0ic2VsZWN0W10iIHNpemU9IicuY291bnQoJGFycmF5KS4nIiBtdWx0aXBsZT4nOw0KZm9yZWFjaCgkYXJyYXkgYXMgJG5ld2xp c3Qpew0KZWNobyAnPG9wdGlvbiB2YWx1ZT0iJy4kbmV3bGlzdC4nIj4nLiRuZXdsaXN0Lic8L29wdGlvbj4nOw0KICAgfQ0KIA0KIGVjaG8gJzwvc2V sZWN0Pg0KCTxpbnB1dCBuYW1lPSJzdWJtaXRvayIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0ic3VibWl0b2siPg0KICAgIDxicj4NCiAgICA8aW5wdXQgdH lwZT0ic3VibWl0IiBuYW1lPSJTdWJtaXQiIHZhbHVlPSJTdWJtaXQiPg0KICA8L3A+DQogIDwvZm9ybT4nOw0KCQ0KCQ0KCX0NCg==

[/code]


That is obviously undecipherable to any human, let alone the php newbie your friend is, but its actually a working example of my array selection from [a href=\"http://www.reaktor7.com/list.phps\" target=\"_blank\"]http://www.reaktor7.com/list.phps[/a]
To do that you need to use the following php command:
base64_encode($string)


Just put any value into $string and it will be encoded, the only thing which it wont do (yet) is full php pages.
Now, what use is a string encoded if you cant see what it is? well this is the fun part, you can now Decode them and they will be exactly the same as how you encoded it.
base64_decode($string)

Will put everything back to normal.

Now, If you do want to do full php pages you need to get rid of your php tags (<? <?php ?>), but we can still execute that script without them!
I use the following code (thanks to phpfreaks) to encode my php pages easily.

[code]
<?php
$x = (isset($HTTP_GET_VARS['x'])) ? $HTTP_GET_VARS['x'] : '';
if (empty($x)) {
?>
<form action="<?=$_SERVER['PHP_SELF']?>?x=encrypt" method="POST">
<textarea name="code" rows="10" cols="35"></textarea>
<br />
<input type="submit" value="Submit" />
</form>
<?
} else if ($x == 'encrypt') {
$code = (isset($HTTP_POST_VARS['code'])) ? $HTTP_POST_VARS['code'] : '';

$code = str_replace("<?php", "", $code);
$code = str_replace("<?", "", $code);
$code = str_replace("?>", "", $code);
$code = html_entity_decode($code);
$code = stripslashes($code);
$code = base64_encode($code);

echo "<textarea rows='15' cols='50'>".$code."</textarea>";

}
?>  
[/code]


Chuck that in a php page and put it on your webserver, and you should get something like this.
It simply removes all your php tags, and encodes it, giving you the encoded text on the next page.

Now, if you want to unencode this script and execute it, you simply use:
eval(base64_decode($encryptedstring))

and it will unencode your php script and execute it.

I wont tell you how to unencode and then view scripts as that sort of defeats the purpose, but most php coders should be able to work it out..

Just as a final note, this code is not secure. Its only to be used to 'hide' source code, not to encrypt data. Anyone can unencode this if they know how.

Share this post


Link to post
Share on other sites
a couple of scripts that i've paid for, one for example that allows DOC's to be viewed as plain text from your website, are encoded by Zend Encoder I think. Makes it look as jumbled garble.
All it needs is Zend Optimizer to be installed on the server, but I'm finding most hosts either have it or will put it on for you. I've got a VPS so i had to install it myself but you can't run encoded PHP files without it.

the way redarrow has done it, i've seen used too. only problem with it is it just takes a little bit of time. and considering the issue is to protect them, the people who are most likely to WANT to unprotect them are also the people that are easily ABLE to. And the problem with this way, compared to Zend, is that it's slow as it uses a script to decipher it wheras Zend uses a compiled program to do it. like he said tho, it's a good-ish way of hiding parts of the source.

i believe that Zend Optimizer+Encoder (or programs that work identiacally) are the only real ways to go to protect PHP scripts properly.

Share this post


Link to post
Share on other sites
But then zend/ioncube can be decoded so there is no absolute way of encoding scripts

Share this post


Link to post
Share on other sites
The key is the more difficult you make it the less likely they are to try to decode it.

Share this post


Link to post
Share on other sites
Ok Maybe I should clear it up a bit.


Here is my dilema.


I sell PHP scripts on my website and I use paypal to accept payments (everything else costs too much in fees).

The problem is that I get a ton (about 60%) of fraudulant chargebacks. I either need a method of requiring a license key to which I can control, so that the person does not have a working script if I disable the key, when they do chargebacks. or a method of forcing the customer to prove they have received the script so that I can show that proof to Paypal so I do not get chargebacks.


Any ideas as to how I can do this. Zend Guard is way to damn expensive.

Thanks for all your help with this problem.

Share this post


Link to post
Share on other sites
definitely check out

[a href=\"http://www.phpaudit.com\" target=\"_blank\"]http://www.phpaudit.com[/a]

Share this post


Link to post
Share on other sites
Also look at [a href=\"http://www.olate.co.uk\" target=\"_blank\"]http://www.olate.co.uk[/a]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.