01-15-2010, 10:11 PM
I was wondering how does one go about encrypting a PHP script, what is the procedure, what software is needed, does the end user have to install it on their server?
I have a script that I will be offering to my users to upload to their server and use it (the script itself will be slightly different for each user so it'll have to be encrypted for each one separately). I however prefer it if the users don't have access to modify the script so I want to encrypt it.
So how does that work? How secure it actually is? Would it work from any modern server configuration without the need of any additional software if not - what software would be needed?
01-15-2010, 10:57 PM
Preface: I am not a PHP guru by any measure. All of this is just "as far as I know" stuff:
Unless you have compiled software installed on their server to handle encryption/decryption you can't really do much with it that can't be broken relatively easily. Once your source code is on another server it's out of your hands.
If you just want to deter casual users who have very little PHP acumen you could probably get by just using base64 encoding.
Check these out:
There are more sophisticated methods that are more difficult to break, but any PHP-only method will be breakable.
Some people use an actual encryption key and build in a call to a page on their own server that contains the decryption key (making the key NOT a part of the PHP that the user has) but all the user has to do is visit the link or have their server echo the response from the link and they get instant access to the key anyway. You can obfuscate the code to make it take a few steps to find, but eventually the user will be able to reverse engineer it if they want to.
01-15-2010, 11:23 PM
We actually just recently talked about about this: http://www.codingforums.com/showthread.php?t=186111
Basically you don't have a lot of options, most people just use license agreements to deal with piracy and things like that. Your other option is to put the bulk of your code into a PHP extension but then for someone to use it on their server they would need to install the extension. That usually isn't possible on any shared server hosting.
01-17-2010, 09:47 PM
Thank you guys!
Based on what I've read I've decided to not encrypt as those who won't be able to "decrypt" the code would probably not be able to do anything with the "source" code either. And those who do have the skills or desire to decrypt it won't be stopped by it anyways so it seems like other means of protection are to be used.
Thank you once again folks and may the force be with you! :)
01-18-2010, 05:21 PM
thought encrypted code still possible to decrypted but i suggest you to don't care about it.
your encrypted code just possible decrypted by advanced coder, but maybe not for beginner, so you have prevent it at least from common coder...
01-18-2010, 05:36 PM
You can use the ioncube encode (http://www.ioncube.com/) though it costs money and it needs access to php ini to setup the loader but if you got it should be easy :)
(Its the same that WHMCS (http://www.whmcs.com/) uses for their hosting cms product )