I would like to enquire further details about the terms of using php for commercial application development.

The scenario is that I have built an application using PHP and intend to host it with a 3rd party hosting

company. I am renting the server at the hosting company and the customer that is going to use the application

has no access to the application source code and hosting server. I control the access but the customer can use

the application for the business purpose. Therefore how does the PHP licensing terms apply in my scenario?

Recommended Answers

All 6 Replies

First, I honestly believe that you should consult a copyright attorney. There is no way I have the training and any knowledge in giving legal advice in software licensing. Software licensing is one of the most complicated one to understand.

Most developers engaged in enterprise level open sources applications e.g. yours truly and Mr. LDA. Tend to select the license that will cover the things that we fear the most. We have three licensing schemes on the applications that we write DBD(don't be a dick), MIT, and GPL. For all scripts and snippets we published on blogs and forums, we tend to give it DBD and MIT. For our distributable applications we shoot for GPL.

A good example, PHP is lincense under BSD. Why does PHP opted to take the BSD license? The reason is that, you can build any application in PHP secured or not so secured, the front-end user will not be able to file a lawsuts against PHP. In other words, if your PHP written application has been hacked by some obnoxious hacker, your clients will not be able to file a legal actions against the core of your application which is PHP.

Now, when it comes to your propriety license, you can probably have put it out in MIT or BSD.

My reasoning behind having it release in BSD or MIT is that they cannot modify any accessable source codes of your application without notifying you first. MIT allows you to separate your encrypted source codes from the original BSD license of PHP.

Second, if your application have vulnerability issues, at least you will not be fully responsible for all of the blame. Although you can make an addendum release on the software later, but you cannot be held liable for unforseen or forceful entry on your application, but your client will be responsible to their endusers. When you do this make sure this is the first thing you must disclose to your subscriber. You tell them right up-front, otherwise they can file charges against you if your application does not perform as promised.

If you think you are a competent programmer and you are 1000% confident that your application is an ultra-secure and unique than the rest of all the applications written in PHP including the likes of facebook, go ahead an call your attorney and let him draw the EULA. Otherwise, you will have to think about how much your company will be liable if problems arises. Think of what is going on with Sony corporation right now. Think about this, why the majority of the facebook services are free?

The bottom line is that, you already invested great amount of money in putting up your business, why not spend a couple of thousand more for a legal advicement.

That's my take on this, AND there is no way I am 100% certain on my response above. We always seek for the advice of an attorney in dealing with desktops and web application that we coded.

Now, when it comes to your propriety license, you can probably have put it out in MIT or BSD.

Propriety license - Are you refering to the php web application (e.g. student management system)?

e.g. student management application

 YOUR SERVER + Application
    + School = your end-user
        + Students = school's end-user

Take the simple example above. If some delicate information are forcefully taken from the application you wrote e.g. grades, student id, name, email address, class schedule, grades , and anything that are considered private. Who has the ultimate responsibility?

A scenario, a hacker broke into your application and start changing the grades of the students. Who's responsibility is this? Are you prepare to recover from this? How about a back-up for data recovery?

What can you do to protect yourself if such hideous things occurs?
Do you believe in "Code Of Ethics for Programmers and Developers"?

Or should we let the application run without any regards to the school and student's rights of Privacy. Or maybe, we can let the school handle the chaos and let them lie about pretty much everything without accepting responsibility on our end?

What would be the appropriate EULA and TOS for the above?
Maybe you don't need one, don't your think?

Another example

    +Apache + MySQL + PHP
        + CodeIgniter + other open source
            + Your Application which is not an open source
                + Payment gateway - external services
                    + Shoppers - end-users

if the shopper's credit card information are stolen, who is responsible between you, codeigniter, Apache/MySQL/PHP AND between you and the payment gateway? Assuming the four before your application are licensed BSD and MIT? How about between your application and the Payment gateway?

how about

    +Apache + MySQL + PHP
        + Magento + other open source
            + Your Application which is not an open source
                + Payment gateway - external services
                    + Shoppers - end-users

Since I am hosting the PHP web application in a 3rd party hosting company therefore should I place the following document in the server:

Click Here

Apart from that should I also embed the following clause on my php pages:

"This product includes PHP software, freely available from <http://www.php.net/software></http:>".

I google a couple of php websites but I can't see the above clause embedded.

I think PHP is pretty loose in implementing license compliance. Providing link to your webpage is an excellent way showing your appreciation to the creators and contributors of PHP distribution.

You can also aknowledge them by just including your acknowledgement inside the source code.

for example,


    * source codes are written in PHP. For more information about
    * PHP license, please visit http://php.net/license

How about your html framework e.g. bootstrap vs. foundation?

If you are using bootstrap, another consideration must be given on the use of glyphicon and bootstrap. Glyphicon have a very strict licensing. The majority of developers use font-awesome when distributing application, because of the MIT licence which is an open source friendly.

Bootstrap is license under Apache v2.0 which can be included in GPLv3, but GPLv3 cannot be included in the Apache v2.0. It is like putting a coffee creamer over coffee, but coffee is not allowed to be pour over coffee creamer. However, MIT license can co-exists with Apache v2.0 without precendence. This is the reason why we can install PHP in apache server. Another good example is the case of nginx server with 2-clause BSD-like license, that can serve as a reverse proxy for the apache server, but you cannot make the apache2 to carry out the reverse proxy configuration for the nginx.

As Veedeoo already stated, licensing compliance is the most complicated one to follow because of the thin line separating them.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.