03-11-2009, 05:04 AM
i am coding new script this days, in the past i was using mail or @fopen to make the notification if any body installed my script or uploaded it to his host .
and the @fopen("http://site/file.php?url=http://"."$HTTP_HOST"."$PHP_SELF","r");
but i know about @fopen isn't secure enough beside the both of mail and @fopen are so clear in the code and anybody gonna remove them easlly .
i don't like to use the both in the notification any more , so please any idea about better notification ways which gonna be more complex in the code ??
03-11-2009, 07:51 AM
You can never be 100% certain these will work (assuming that they were scripted correctly). Mail can be disabled, and fopen on a remote host will only work if they've enabled url_fopen in they're ini.
This is part of the problem with PHP. Generally speaking, to make a portable generic script is pretty much to just pass out you're source code. You can scramble it all you want, it can always be re-evaluated by a good and determined developer.
However, if you can program in C, you can write PHP extensions instead. Though they may or may not be usable on shared hosting, they can be added into dedicated servers. These are far more difficult to extract the code out of. Once again, if you have a determined programmer they could reverse engineer it. These are about the only way I can think of to reliably control program access with licensing keys.
03-11-2009, 08:08 AM
You could always buy Zen Guard (http://www.zend.com/en/products/guard/). I don't know if its worth the money though. There is also this one: https://www.phpcipher.com/
But I don't know how reliable these are.
03-11-2009, 08:36 AM
thanks a lot for that helpful reply , but we missed something here .
i was wasting my time with learning some hacking for fun before couple years ago, so i can tell you with being sure about almost of the hacker and the crackers haven't any knowledge about any programming language like more than 70 % of them, and this taking us to the this question, how those 70 % hacking and cracking our works without knowledge about any programming language ???
almost of us know the answer as i guess, about the 30 % of the crackers who know some programming no comments about them but they exactly got almost of the targets which they looking for , after that they posting in the hacking forums to the other 70 % some toys to play with
now if u would googling about some hacking forums you will find posts like "null some scripts and put your copyright" and into the body of the post you will find search the script for those words and remove them "eval(base64_decode(" or "mail(" or "file_get_contents" or .......
so about us we cant make 100% secure script, but we trying to keep those 70% away from our work long as possible .
that makes use have to do more complex ways in the notification which will be hard to find by searching the script , so any new ideas please ??
eval is evil. this is not wise to use it. why don't you look at the integration scripts of some php licensing softwares and see what they did and learn from them to make your own?