hi guys, i developed a site in php, and i dont want to give source code to the client, i want to encrypt the code and place it on the server or to give to the client, is it possile, please help me....
thanks in advance
mohan7690
0
Newbie Poster
Recommended Answers
Jump to PostWell most of the good ones you need to pay for but just for the basics, Pobs does the job and can be found at: http://pobs.mywalhalla.net/. I've used it in the past it works great providing you read the manual.
Jump to Postanything coded can be decoded, given time and incentive, made easier, the php interpreter has to be able to decipher the code
there is a prior thread
http://www.daniweb.com/forums/thread170346.html
that discusses remote updates
similar code can be used to turn off your script after a given date,
lock the script to …
All 5 Replies
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
Well most of the good ones you need to pay for but just for the basics, Pobs does the job and can be found at: http://pobs.mywalhalla.net/. I've used it in the past it works great providing you read the manual.
almostbob
866
Retired: passive income ROCKS
anything coded can be decoded, given time and incentive, made easier, the php interpreter has to be able to decipher the code
there is a prior thread
http://www.daniweb.com/forums/thread170346.html
that discusses remote updates
similar code can be used to turn off your script after a given date,
lock the script to particualr domain to prevent 'sharing'
unless the subscription is paid,
obfuscated code that turns off unless they comply with whatever terms seems to work
First run message " This product is running in demonstration mode \n Full functions are available for 90 days \n After 90 days reporting will be disabled "
Expiry message " The demonstration period has expired. \n Report generation has been disabled until the subscription is current \n Contact (me) at (email telephone) "
The installer updates a code in the distribution on first run, checks the codes on re-install, we don't, yet, get multiple re-installs of the 90 days free trial,
we give multiple re-issues of lost product keys, (quite often people just dont seem to write things down), the product key locks to a domain name, at our server on update check, the unregistered user sees either a " XX days of the trial period remain " or a lockout message " This product is registered to a different domain. \n Report generation has been disabled until the subscription is current \n Contact (me) at (email snail mail telephone) "
& remote updates means we know for certain where the product has been installed
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
anything coded can be decoded, given time and incentive, made easier, the php interpreter has to be able to decipher the code
With that being said, I remember reading somewhere in daniwebs about this topic that you get what you pay for. So as you mentioned free ones are more likely to be cracked however, if you pay for a thousand dollar encrypter then not many people will buy the product just so they can find the right algorithm to crack. So point is, generaly the more you pay the more secure it will be.
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
With that being said, I remember reading somewhere in daniwebs about this topic that you get what you pay for. So as you mentioned free ones are more likely to be cracked however, if you pay for a thousand dollar encrypter then not many people will buy the product just so they can find the right algorithm to crack. So point is, generaly the more you pay the more secure it will be.
You could always write your own simple encrypting and decrypting functions with PHP:
eg:
take the file files/file.php and writes an encrypted form in files/file.enc.php
<?php
$passphrase = 'my secret key';
/* Turn a human readable passphrase
* into a reproducable iv/key pair
*/
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) .
md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);
$text = file_get_contents('files/file.php');
$fp = fopen('files/file.enc.php', 'wb');
stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
fwrite($fp, $text, strlen($text));
fclose($fp);
?>Decrypt the file and execute it as PHP:
<?php
$passphrase = 'my secret key';
/* Turn a human readable passphrase
* into a reproducable iv/key pair
*/
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) .
md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);
$text = file_get_contents('files/file.php');
$fp = fopen('files/file.enc.php', 'rb');
stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);
$text = rtrim(stream_get_contents($fp));
fclose($fp);
// execute file
eval("?>".$text."<?php");
?>Requires php_mcrypt and php_mcrypt_filter extensions.
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
Note that decryption is done withing PHP itself. So it is easy to get the state of the program after decrypting and thus the whole decrypted file.
However, it will keep away 99% of users from stealing it. So if its for one time use, something like that is probably a good choice.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.