php licensing system

This is a pretty specialized topic. You have to consider what your product will be worth and how good you want the protection to be. If you are selling it for $10 a copy maybe the protection doesn't have to be all that great. If this is a product that has taken you a lot of time to develop and will be selling for $50 - $100 / copy or more, then putting cheap do-it-yourself protection on it may almost be the same as giving it away.

You are actually looking at two separate but related facilities. The first one takes your source code and produces something that will run successfully but does not contain the original source. It can't (easily) be de-compiled / reversed so pirates can't easily make changes to it or disable any other security features. Commercial products like Ioncube, Zend and Source Guardian produce "byte-code" which is like a semi-compiled version of the program. The byte code doesn't have the original source but it isn't true executable code either. This requires some sort of run-time module to interpret the byte code.

If you do some internet searching you will find programs (some of them free) that "obfusticate" the code. These use fairly standard techniques to make it difficult to understand the code and usually produce a string that can be executed with an Eval statement. The problem with this is that it can easily be broken so it is not a secure way to protect you code.

Once you figure out how to protect the code, then you need to look at the licensing portion and how that is going to work. You may want to be able to issue a separate key for each user. You may want to allow demo capability where they can try the program before they buy it. If your key generation process isn't very sophisticated, then pirates will figure out how you did it and generate their own keys (they may do that even if it is). If the key isn't locked to the machine or doesn't require some sort of online activation, then someone will probably post a key for the program so people can avoid paying you. You will need the ability to to re-generate a key in case the customer loses it. The code for processing the license keys needs to be buried within your protected code so no one can alter it or deactivate it.

The requirements to do this well are pretty complex. The project to build it might be bigger and more complex than the project for the program you are trying to protect. There is also the problem of testing it. To do that properly, you need the same level of knowledge that the pirates have so you can determine how difficult it will be to bypass your protection. Putting in that amount of effort to protect a single program probably isn't worth it.

Ioncube provides a "pay-as-you-go" online option that allows you to protect a program for a relatively low cost. Ioncube also provide licensing software but I don't know if you can use that without buying the full Ioncube package.

This isn't a project for amateurs: not if you want any real protection. The other approach, of course, is to sell a service rather than the software itself. That avoids the whole software protection issue (even though it creates some others).

PHPshadow (http://www.phpshadow.com) encrypts PHP code, and requires a license code (a file) to be copied onto the server before it will work.

One option is a 50 Euro one-off payment per customer (it's locked to a specific domain name).
The other option is an annual payment of 20 Euro.

Because you are providing software to your clients, it's probably the one-off payment option you want (unless you can be bothered arranging renewals each year).

If you're likely to sell lots of copies of your software, you can always approach them about a bulk license arrangement.

A system like PHP Shadow might deter the amateur but I suspect that a serious hacker would find a way to break it. Since the code is still there, just encrypted, it has to be de-encrypted in order to run it. At that point it would be vulnerable. I'd rather trust Ioncube where you don't get the original code in any form, just the byte code. But then again, you said you wanted to do it yourself from scratch.

Thanks all..............And I will try to do something about yours suggestion.