Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Hiding PHP Code

  1. #1
    Regular Coder
    Join Date
    Mar 2008
    Posts
    136
    Thanks
    39
    Thanked 1 Time in 1 Post

    Hiding PHP Code

    Hi all,

    I'm just wondering. If I wrote something in PHP and sold it to someone, but didn't want them to have access to the actual code, but still allow them to use it, is there any way of doing this?

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    No, you can always trace through source code since its interpreted. Even Obfuscated code can be traced - the better you know PHP the less meaningful you're variables need to be, so this actually becomes somewhat easy to do.

    An alternative is to compile C code into a PHP extension. If you know C its not that bad, though the lack of documentation provided by the zend team does make it pretty hard to figure out how to make it all work (still trying to figure out how PHP5 handles its objects so I can create my own for extensions).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    webguy08 (01-07-2010)

  • #3
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    No and yes. No, by default. But yes, if encrypted/encoded. Google for "encrypted PHP", I think.
    Are you a Help Vampire?

  • Users who have thanked tomws for this post:

    webguy08 (01-07-2010)

  • #4
    Regular Coder
    Join Date
    Mar 2008
    Posts
    136
    Thanks
    39
    Thanked 1 Time in 1 Post
    So am I correct in thinking that one would need to write an encryption program in say Java, call this program in the website, and then program would then decrypt the code and allow it to be read by the website?

  • #5
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by webguy08 View Post
    So am I correct in thinking that one would need to write an encryption program in say Java, call this program in the website, and then program would then decrypt the code and allow it to be read by the website?
    At that point you are better off doing what Fou-Lu said and just put your proprietary code in an extension.

    Why do you not want them to have access to the source?
    OracleGuy

  • #6
    Regular Coder
    Join Date
    Mar 2008
    Posts
    136
    Thanks
    39
    Thanked 1 Time in 1 Post
    Quote Originally Posted by oracleguy View Post
    At that point you are better off doing what Fou-Lu said and just put your proprietary code in an extension.

    Why do you not want them to have access to the source?
    I'm just wondering in case I ever come to need to do so .

    What do you (or even Fou-Lu) mean by putting the code in an extension?

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Quote Originally Posted by webguy08 View Post
    I'm just wondering in case I ever come to need to do so .

    What do you (or even Fou-Lu) mean by putting the code in an extension?
    You don't write PHP code, rather you write an extension for it in C and compile it into so or dll files. PHP itself is completely written in C. Here is an example of what you have for declaring a PHP function:
    Code:
    ZEND_FUNCTION(strcmp)
    {
    	zval **s1, **s2;
    	
    	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &s1, &s2) == FAILURE) {
    		ZEND_WRONG_PARAM_COUNT();
    	}
    	convert_to_string_ex(s1);
    	convert_to_string_ex(s2);
    	RETURN_LONG(zend_binary_zval_strcmp(*s1, *s2));
    }
    This is what is run when you execute the php code strcmp($s1, $s2);
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    webguy08 (01-07-2010)

  • #8
    Regular Coder
    Join Date
    Mar 2008
    Posts
    136
    Thanks
    39
    Thanked 1 Time in 1 Post
    So just to clarify whether I understand because this is new to me .
    1. Write code in C. Can it be C++ or C#?
    2. Export the C code as .dll. Is dll the only option?
    3. Write a PHP file which calls methods in the C file.

    Sorry if I'm not getting this lol.

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    1. C only.
    2. .so and .dll I believe are the only two types you can import. One for *nix and one for windows. You can create executables, but I believe that will lock them to cli only, so you would then need to call it as an external program.
    3. Correct. You can embed it in C as much as you want. You're entire php page could be executeMyCustomExtensionThatDoesEverything(); if you wanted it to be.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    webguy08 (01-07-2010)

  • #10
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Curiosity isn't a bad thing. But really you don't hardly ever see it done because there really isn't much of a need. A good example is the forum software we use here, vBulletin, it isn't free and it is done in PHP. Just because you happen to have the source code isn't a free pass to copy it as much as you want if the license forbids it.

    Even if you put your proprietary code in a C extension, doesn't mean someone couldn't run a disassembler on it and get the code back out of it, fyi. To do so is much more complicated but it is possible.
    OracleGuy

  • Users who have thanked oracleguy for this post:

    webguy08 (01-07-2010)

  • #11
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Quote Originally Posted by oracleguy View Post
    Curiosity isn't a bad thing. But really you don't hardly ever see it done because there really isn't much of a need. A good example is the forum software we use here, vBulletin, it isn't free and it is done in PHP. Just because you happen to have the source code isn't a free pass to copy it as much as you want if the license forbids it.

    Even if you put your proprietary code in a C extension, doesn't mean someone couldn't run a disassembler on it and get the code back out of it, fyi. To do so is much more complicated but it is possible.
    This is true. The extensions are really more for what the name implies; to extend PHP code by introducing functionality that is not native within it. Encryption is the better solution, but you would need to ensure that the technology exists on the installed server in order to perform the decryption. This will also substantially reduce the speed of you're code execution as well.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    webguy08 (01-07-2010)

  • #12
    Regular Coder
    Join Date
    Mar 2008
    Posts
    136
    Thanks
    39
    Thanked 1 Time in 1 Post
    If you were to create a decryption program to decrypt PHP what language would you choose? I tend to lean towards Java because I know it so well, but that would require the server have JVM installed on it I assume. A language that doesn't need something else installed is preferable.

  • #13
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by webguy08 View Post
    If you were to create a decryption program to decrypt PHP what language would you choose? I tend to lean towards Java because I know it so well, but that would require the server have JVM installed on it I assume. A language that doesn't need something else installed is preferable.
    Well the decryption would have to be integrated into the PHP engine which is all done in C I believe. But really doing so could potentially really limit the adoption of your program since custom software would be have to be installed on the server. At that point you might as well just write your own program that implements CGI and install that since that would give you really the ultimate flexibility.

    AFAIK most of the PHP "encryption" stuff you see on the web works like the JavaScript "encryption" where it is just obfuscating the code.
    OracleGuy

  • #14
    Regular Coder
    Join Date
    Nov 2009
    Location
    Hamilton, New Zealand
    Posts
    126
    Thanks
    0
    Thanked 17 Times in 17 Posts
    Protecting source code is really hard to do. Best bet, run a license. The majority of commercial scripts do this. It saves time to implement some sort of obfuscating method, and provides you legal grounds.

    No rational person would buy your script (and therefore accept your T&C, and license agreement), and then perform such an act that could incur fines/legal proceedings against them unless the benefit of the act they committed outweighs the cost of the fines/legal proceedings.

    And if you make your license agreement extremely costly, for example "Breaking any of these conditions will incur a fine of at least $50,000 USD" or similiar (I aint a lawyer so you'd probably need to research the exact wording), it is highly doubtful that someone will break the agreement.

    I've spent a lot of time trying to obfuscate code, as well as being paid a lot to do so. The time, effort and cost isn't worth it in my opinion. Best to invest your money in a law book or something.

    Regards,
    Rebbu
    Affordable Web Design (New Zealand Based)
    Internet Marketing Guru
    PHP/mySQL Expert
    -------------------------------------------

  • #15
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    You can do a cheap nasty trick of encoding it with base64 and then using eval like you'll find in many wordpress themes, however these are very easy to decrypt. It's possible for you to use zend, ioncube etc to do a proper encrypt on them and this makes them far less likely to be decrypted, although as it's said above, nothing is fully hack proof. There are means and ways around all encryptions. Java is not a method to do this. The extension idea is pretty clever, however you have to then give your client the extension, and they have to have it installed by the web host. Most shared hosts will laugh at you for this, so they would need their own dedicated server realistically, and unless you're selling something that will make them megabucks, I can't see this being viable though...


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •