hi guys, i developed a site in php, and i dont want to give source code to the client, i want to encrypt the code and place it on the server or to give to the client, is it possile, please help me....

thanks in advance

anything coded can be decoded, given time and incentive, made easier, the php interpreter has to be able to decipher the code
there is a prior thread
http://www.daniweb.com/forums/thread170346.html
that discusses remote updates
similar code can be used to turn off your script after a given date,
lock the script to particualr domain to prevent 'sharing'
unless the subscription is paid,
obfuscated code that turns off unless they comply with whatever terms seems to work
First run message " This product is running in demonstration mode \n Full functions are available for 90 days \n After 90 days reporting will be disabled "
Expiry message " The demonstration period has expired. \n Report generation has been disabled until the subscription is current \n Contact (me) at (email telephone) "
The installer updates a code in the distribution on first run, checks the codes on re-install, we don't, yet, get multiple re-installs of the 90 days free trial,
we give multiple re-issues of lost product keys, (quite often people just dont seem to write things down), the product key locks to a domain name, at our server on update check, the unregistered user sees either a " XX days of the trial period remain " or a lockout message " This product is registered to a different domain. \n Report generation has been disabled until the subscription is current \n Contact (me) at (email snail mail telephone) "
& remote updates means we know for certain where the product has been installed

anything coded can be decoded, given time and incentive, made easier, the php interpreter has to be able to decipher the code

With that being said, I remember reading somewhere in daniwebs about this topic that you get what you pay for. So as you mentioned free ones are more likely to be cracked however, if you pay for a thousand dollar encrypter then not many people will buy the product just so they can find the right algorithm to crack. So point is, generaly the more you pay the more secure it will be.

With that being said, I remember reading somewhere in daniwebs about this topic that you get what you pay for. So as you mentioned free ones are more likely to be cracked however, if you pay for a thousand dollar encrypter then not many people will buy the product just so they can find the right algorithm to crack. So point is, generaly the more you pay the more secure it will be.

You could always write your own simple encrypting and decrypting functions with PHP:

eg:

take the file files/file.php and writes an encrypted form in files/file.enc.php

<?php
$passphrase = 'my secret key';

/* Turn a human readable passphrase
 * into a reproducable iv/key pair
 */
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) . 
               md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);

$text = file_get_contents('files/file.php');

$fp = fopen('files/file.enc.php', 'wb');
stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
fwrite($fp, $text, strlen($text));
fclose($fp);

?>

Decrypt the file and execute it as PHP:

<?php

$passphrase = 'my secret key';

/* Turn a human readable passphrase
 * into a reproducable iv/key pair
 */
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) . 
               md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);

$text = file_get_contents('files/file.php');

$fp = fopen('files/file.enc.php', 'rb');
stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);
$text = rtrim(stream_get_contents($fp));
fclose($fp);

// execute file
eval("?>".$text."<?php");

?>

Requires php_mcrypt and php_mcrypt_filter extensions.

Note that decryption is done withing PHP itself. So it is easy to get the state of the program after decrypting and thus the whole decrypted file.

However, it will keep away 99% of users from stealing it. So if its for one time use, something like that is probably a good choice.

This article has been dead for over six months. Start a new discussion instead.