1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Q] How to make a php script requires key to work?

Discussion in 'PHP & Perl' started by cbnoob, Dec 18, 2011.

  1. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Hey all,

    I'm making a script and it's running fine and I want to sell it on the market. However, when the customers buy the script, they will have all the code. Do anyone know how to make scripts requires a kind of activation to work? Just like the SEO pressor or some premium themes?

    Thanks a lot.
     
  2. webwhizz

    webwhizz Power Member

    Joined:
    Apr 3, 2011
    Messages:
    692
    Likes Received:
    656
    Occupation:
    P-R-0
    Location:
    scotland
    good question, i have the same problem, ive made a twitter app php script, i want to sell ,but need to include a license key or it will just be copied,
     
  3. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,147
    Google Ioncube

    But it will limit your sales as not all hosts support it.
     
    • Thanks Thanks x 2
  4. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Thanks jazzc, is there any alternative? The price for those quite high for me.
     
  5. woofoo

    woofoo Junior Member

    Joined:
    Oct 19, 2011
    Messages:
    123
    Likes Received:
    17
    Theoretically, you can make your script visits some site for a key.

    For ex:
    make some hash function, that takes a domain name and makes a key (let it be md5 for ex). After your script makes md5 it send it to your db, which checks it against list of sites.

    So when you sell, you have to ask your customer for domain, where he gonna use it
     
  6. mark0v

    mark0v Junior Member

    Joined:
    May 6, 2010
    Messages:
    114
    Likes Received:
    20
    I think there are a few scripts available which obfuscate the code, but they just remove line breaks and swap variable names to unintelligible random strings. unless you use ioncube to encode it, someone will be able to reverse engineer it if they want to. there's also zend, but it's been cracked and doesn't work with php 5.3+
     
  7. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Zend Guard 5.5 has support for PHP 5.3. Still a relatively expensive solution, unless you have a killer script and plan on making bank out of it.
     
  8. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,147
    And what stops someone to edit it directly to always return true? ;) That 's where encoders come in to raise the bar. Unfortunately, the only semi-good solution currently is Ioncube.
     
    • Thanks Thanks x 1
  9. xpwizard

    xpwizard Junior Member

    Joined:
    Nov 6, 2010
    Messages:
    198
    Likes Received:
    122
    Unless you are selling high ticket items ($500+) then getting an encoder is a waste in my books...
    Even with Ion, if people want the code, they will pay to have it decoded.

    Take it from someone with experience, just focus on coding and providing support. There will always be those who steal your code (I bet you've stolen someones code/work before), but as long as you are good to your customers, then they will be loyal to you in the future.
    The only alternative which I use for a few scripts, is sell memberships and host the code yourself.
     
    • Thanks Thanks x 3
  10. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Unless you use an encoder like IonCube or Zendguard (Ion would be the best of any choice) then you won't have high chance at securing your script. Even if you use encoding algorithms (rot, gzip, base64 etc) it can be decoded. Even if its nested. I've created my own decoder to loop through evaling everything until it gets to the end code.

    Only thing partially reliable is Ioncube. I'm not sure if there's a public decrypter for that, but older encryption schemes with ioncube were reversible.

    Long story short, if its digital and you give other people the files, it will never be secure.



    On the other hand, if its a service then you can set yourself up as a SaaS provider where they just get the functionality and you handle the servers and coding. They never touch the code. Just the interface.
     
    Last edited: Dec 19, 2011