Jump to content


Photo

licensing PHP scripts


  • Please log in to reply
9 replies to this topic

#1 meckr

meckr
  • Members
  • PipPip
  • Member
  • 18 posts

Posted 31 March 2006 - 12:38 AM

Does anyone know of a method for licensing retail PHP scripts and being able to disable the license if the license is violated?

I am looking for a program that I can run on my own server in my own MySQL DB. How does one secure their retail Scripts?

Any ideas????

I have looked at a few services but they charge monthly fees. i do not sell enough scripts to pay for monthly fees.

Please help
And what is more, I agree with everything I have just said!

Education is what remains after one has forgotten everything he learned in school. --Albert Einstein.

www.tspadvantage.com

#2 txmedic03

txmedic03
  • Members
  • PipPipPip
  • Advanced Member
  • 313 posts
  • LocationCall, TX, USA

Posted 31 March 2006 - 01:52 AM

I've got some hair brained ideas on this matter, but nothing that is really fool proof, your question perplexes me greatly. If no one gives you any good ideas on this matter, I'll share with you some of my nutty ideas.

SEMPER FIDELIS!

I can't stop you from doing something silly, but at least I can help you do it right.


#3 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 31 March 2006 - 02:20 AM

There are script encryption for prtection shipped with zend studio - never had to use them so don't know what they do.

problem with encryping the script is that the encryption key must somehow be available to the script - which means the user could extract the code themselves at some point if they find the key out.

Now I had an idea of only porting part of your script to the server and have an installation script that copied the other fiels from your server - this way you can check the requesting url etc etc. Problem being you need to ensure open base dir is not set and all that malarkey.
follow me on twitter @PHPsycho

#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 31 March 2006 - 03:53 AM

Yo have just made an good script for a client or a friend, and you know they will try to sus out your code and play with it. You know that they arent that good at php and probably wont understand it very well if it were straight code, let alone something like:


DQppZighaXNzZXQoJF9QT1NUWydzdWJtaXRvayddKSl7IA0KZWNobyAnPGZvcm0gbmFtZT0iZm9ybTEiIG1ldGhvZD0icG9zdCIgYWN0aW9uP SInLiRQSFBfU0VMRi4nIj4NCiAgPHA+DQogICAgPHNlbGVjdCBuYW1lPSJzZWxlY3RbXSIgc2l6ZT0iMTAiIG11bHRpcGxlPg0KICAgICAgPG9wdGlv biB2YWx1ZT0ib3ZlcndhdGNoIj5PdmVyd2F0Y2g8L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9ImR1c3QiPmR1c3Q8L29wdGlvbj4NCiAgICA gIDxvcHRpb24gdmFsdWU9ImR1c3QyIj5kdXN0Mjwvb3B0aW9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0iYXp0ZWMiPmF6dGVjPC9vcHRpb24+DQogIC AgICA8b3B0aW9uIHZhbHVlPSJtaWxpdGlhIj5taWxpdGlhPC9vcHRpb24+DQogICAgICA8b3B0aW9uIHZhbHVlPSJ0b3JsYW4iPnRvcmxhbjwvb3B0a W9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0icHJvZGlneSI+cHJvZGlneTwvb3B0aW9uPg0KICAgICAgPG9wdGlvbiB2YWx1ZT0ib2FzaXMiPm9hc2lz PC9vcHRpb24+DQogICAgICA8b3B0aW9uIHZhbHVlPSJ0cmFpbiI+dHJhaW48L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9Im51a2UiPm51a2U 8L29wdGlvbj4NCiAgICAgIDxvcHRpb24gdmFsdWU9InRpZGVzIj50aWRlczwvb3B0aW9uPg0KICAgIDwvc2VsZWN0Pg0KCTxpbnB1dCBuYW1lPSJzdW JtaXRvayIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0ic3VibWl0b2siPg0KICAgIDxicj4NCiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJTdWJta XQiIHZhbHVlPSJTdWJtaXQiPg0KICA8L3A+DQogIDwvZm9ybT4nOw0KICAgDQp9IGVsc2Ugew0KDQokYXJyYXk9ICRfUE9TVFsnc2VsZWN0J107DQok aSA9IDE7DQpmb3JlYWNoKCRhcnJheSBhcyAkc2hvdykgew0KZWNobyAnVmFyIG51bWJlciAnLiRpLicgaXMgZXF1YWwgdG8gJy4kc2hvdy4nOzxicj4 nOyANCiRpKys7DQp9DQplY2hvICc8YnI+PGJyPm9yIHdvdWxkIHlvdSBsaWtlIHRvIHNob3cgYW5vdGhlciBzaG9ydGxpc3RlZCBzZWxlY3Rib3g/PG JyPjxicj4nOw0KZWNobyAnIDxmb3JtIG5hbWU9ImZvcm0xIiBtZXRob2Q9InBvc3QiIGFjdGlvbj0iJy4kUEhQX1NFTEYuJyI+DQogIDxwPg0KICAgI DxzZWxlY3QgbmFtZT0ic2VsZWN0W10iIHNpemU9IicuY291bnQoJGFycmF5KS4nIiBtdWx0aXBsZT4nOw0KZm9yZWFjaCgkYXJyYXkgYXMgJG5ld2xp c3Qpew0KZWNobyAnPG9wdGlvbiB2YWx1ZT0iJy4kbmV3bGlzdC4nIj4nLiRuZXdsaXN0Lic8L29wdGlvbj4nOw0KICAgfQ0KIA0KIGVjaG8gJzwvc2V sZWN0Pg0KCTxpbnB1dCBuYW1lPSJzdWJtaXRvayIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0ic3VibWl0b2siPg0KICAgIDxicj4NCiAgICA8aW5wdXQgdH lwZT0ic3VibWl0IiBuYW1lPSJTdWJtaXQiIHZhbHVlPSJTdWJtaXQiPg0KICA8L3A+DQogIDwvZm9ybT4nOw0KCQ0KCQ0KCX0NCg== 



That is obviously undecipherable to any human, let alone the php newbie your friend is, but its actually a working example of my array selection from [a href=\"http://www.reaktor7.com/list.phps\" target=\"_blank\"]http://www.reaktor7.com/list.phps[/a]
To do that you need to use the following php command:
base64_encode($string)


Just put any value into $string and it will be encoded, the only thing which it wont do (yet) is full php pages.
Now, what use is a string encoded if you cant see what it is? well this is the fun part, you can now Decode them and they will be exactly the same as how you encoded it.
base64_decode($string)

Will put everything back to normal.

Now, If you do want to do full php pages you need to get rid of your php tags (<? <?php ?>), but we can still execute that script without them!
I use the following code (thanks to phpfreaks) to encode my php pages easily.

<?php 
$x = (isset($HTTP_GET_VARS['x'])) ? $HTTP_GET_VARS['x'] : ''; 
if (empty($x)) { 
?> 
<form action="<?=$_SERVER['PHP_SELF']?>?x=encrypt" method="POST"> 
<textarea name="code" rows="10" cols="35"></textarea> 
<br /> 
<input type="submit" value="Submit" /> 
</form> 
<? 
} else if ($x == 'encrypt') { 
$code = (isset($HTTP_POST_VARS['code'])) ? $HTTP_POST_VARS['code'] : ''; 

$code = str_replace("<?php", "", $code); 
$code = str_replace("<?", "", $code); 
$code = str_replace("?>", "", $code); 
$code = html_entity_decode($code); 
$code = stripslashes($code); 
$code = base64_encode($code); 

echo "<textarea rows='15' cols='50'>".$code."</textarea>"; 

} 
?>  


Chuck that in a php page and put it on your webserver, and you should get something like this.
It simply removes all your php tags, and encodes it, giving you the encoded text on the next page.

Now, if you want to unencode this script and execute it, you simply use:
eval(base64_decode($encryptedstring))

and it will unencode your php script and execute it.

I wont tell you how to unencode and then view scripts as that sort of defeats the purpose, but most php coders should be able to work it out..

Just as a final note, this code is not secure. Its only to be used to 'hide' source code, not to encrypt data. Anyone can unencode this if they know how.

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 31 March 2006 - 07:44 AM

a couple of scripts that i've paid for, one for example that allows DOC's to be viewed as plain text from your website, are encoded by Zend Encoder I think. Makes it look as jumbled garble.
All it needs is Zend Optimizer to be installed on the server, but I'm finding most hosts either have it or will put it on for you. I've got a VPS so i had to install it myself but you can't run encoded PHP files without it.

the way redarrow has done it, i've seen used too. only problem with it is it just takes a little bit of time. and considering the issue is to protect them, the people who are most likely to WANT to unprotect them are also the people that are easily ABLE to. And the problem with this way, compared to Zend, is that it's slow as it uses a script to decipher it wheras Zend uses a compiled program to do it. like he said tho, it's a good-ish way of hiding parts of the source.

i believe that Zend Optimizer+Encoder (or programs that work identiacally) are the only real ways to go to protect PHP scripts properly.
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#6 sford999

sford999
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 31 March 2006 - 10:04 AM

But then zend/ioncube can be decoded so there is no absolute way of encoding scripts

#7 txmedic03

txmedic03
  • Members
  • PipPipPip
  • Advanced Member
  • 313 posts
  • LocationCall, TX, USA

Posted 31 March 2006 - 10:12 AM

The key is the more difficult you make it the less likely they are to try to decode it.

SEMPER FIDELIS!

I can't stop you from doing something silly, but at least I can help you do it right.


#8 meckr

meckr
  • Members
  • PipPip
  • Member
  • 18 posts

Posted 31 March 2006 - 10:03 PM

Ok Maybe I should clear it up a bit.


Here is my dilema.


I sell PHP scripts on my website and I use paypal to accept payments (everything else costs too much in fees).

The problem is that I get a ton (about 60%) of fraudulant chargebacks. I either need a method of requiring a license key to which I can control, so that the person does not have a working script if I disable the key, when they do chargebacks. or a method of forcing the customer to prove they have received the script so that I can show that proof to Paypal so I do not get chargebacks.


Any ideas as to how I can do this. Zend Guard is way to damn expensive.

Thanks for all your help with this problem.
And what is more, I agree with everything I have just said!

Education is what remains after one has forgotten everything he learned in school. --Albert Einstein.

www.tspadvantage.com

#9 Stifler

Stifler
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 31 March 2006 - 10:50 PM

definitely check out

[a href=\"http://www.phpaudit.com\" target=\"_blank\"]http://www.phpaudit.com[/a]

#10 sford999

sford999
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 31 March 2006 - 11:10 PM

Also look at [a href=\"http://www.olate.co.uk\" target=\"_blank\"]http://www.olate.co.uk[/a]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users