ghostrider 0 Report post Posted March 5, 2007 Is there any one way that I can protect something that I have written? 2 weeks ago I was contracted to write a script for a friend in California for $300. I have known him for a while, and I know he will respect my work, but if I sell this to other people how can I make sure they do the same? I would like to sell this script to others. I have thought of a couple possible ways to protect my code but I don't really like any of them. My question to you is whether I should use one of these ideas, or if there is a simpler way to protect my work.My first idea would be running the script off my own server and giving any customer that buys it access to it. However this wastes bandwidth and includes more programming for me, and even more modification of my script. It would also require me to step up more mysql tables which in turn takes up my space.My second option would to be to use an include statement. Without function.php, my script is uesless. I could write a small PHP file that is included in the script, a PHP file that I could change to either allow or deny the transfer of function.php. It would work something like this. // This is the code on the user's serverinclude('http://forums.xisto.com/no_longer_exists/;; // This is check.php// This PHP file would be transfered from the user's server.// $allowed would either be true or false, which would allow me to control whether or not the user gets the code.<?PHP$allowed = TRUE;if ($allowed == TRUE) {include('http://forums.xisto.com/no_longer_exists/ {die();} The above script presents two problems however. If my server is done, that means his script is done, which looks horrible on my part. Also if I ever change domain names or hosts then all the scripts need to be uploaded to reflect that.These are my two ideas? Does anyone have any other ideas, or a way I can improve on these?Thank you. Share this post Link to post Share on other sites
andybebad 0 Report post Posted March 9, 2007 (edited) you could try encrypting the code. http://php-encoder.phpcipher.qarchive.org/ Edited March 9, 2007 by andybebad (see edit history) Share this post Link to post Share on other sites
JakeB 0 Report post Posted March 13, 2007 Zend has an encryption software, and there are many free code obsfucators out there. Obsfucators basically change variable names, functions, etc into human-unreadable names so that it is impossible to make sense of the code. Google them Share this post Link to post Share on other sites
zeeman48 0 Report post Posted March 24, 2007 I've used POBS before, and it works pretty well for obfuscation.As for product use approval and activation, I happen to be working on a similar project at the moment. If you'd like, I can share some of my work with you (provided I get any work done, of course ). Share this post Link to post Share on other sites
Johnny 1 Report post Posted March 24, 2007 Encryption is the way to go. I had a gallery script at one point that had some pretty nasty encryption on it. Do it right and there's literally no way anyone will get around it. Share this post Link to post Share on other sites
zeeman48 0 Report post Posted March 24, 2007 But with encryption, you usually have to install some kind of module for PHP, and the most powerful software for this are things like Zend, which cost lots of money, and makes life harder for end users. Yes, it makes it more difficult for malicious users to steal your code, but you are also making life harder for your users, who don't neccessarially want to steal your code.On top of this, Obfuscation is not "reversable", you can't decrypt it or break the code. And, even if you obfuscate your code so it looks like Aramaic, and then encrypt it 50 times, the cleverest pirates can still break it.Yeah, encryption and obfuscation can deter some of the "n00bs" and "script kiddies", but if someone is determined to do something, they will eventually succeed.I would say that if you're really paranoid about not getting paid, do this:First, create some kind of product activation system. My recomendation would be to lock the activation code to the domain name so that it's harder to just type in the key.Next, put some product key verification code in every script file, except those that you won't be obfuscating (e.g. config.php, etc.)Then, obfuscate all your code so it can't be read very easily.Finally, encode all of it with Zend or something so it can't be read, but set it up so that your script will stop working at the end of the year so users are forced to come back and get another key (you choose if they have to pay for the upgrade) and copy of the software. This will keep your users annoyed but on a short leash and makes it harder to pirate your software. Share this post Link to post Share on other sites