Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jan 2007
    Posts
    57
    Thanks
    11
    Thanked 0 Times in 0 Posts

    Encrypt a PHP script

    Hello guys!

    I was wondering how does one go about encrypting a PHP script, what is the procedure, what software is needed, does the end user have to install it on their server?

    I have a script that I will be offering to my users to upload to their server and use it (the script itself will be slightly different for each user so it'll have to be encrypted for each one separately). I however prefer it if the users don't have access to modify the script so I want to encrypt it.

    So how does that work? How secure it actually is? Would it work from any modern server configuration without the need of any additional software if not - what software would be needed?

    Thank you!

  • #2
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Preface: I am not a PHP guru by any measure. All of this is just "as far as I know" stuff:

    Unless you have compiled software installed on their server to handle encryption/decryption you can't really do much with it that can't be broken relatively easily. Once your source code is on another server it's out of your hands.

    If you just want to deter casual users who have very little PHP acumen you could probably get by just using base64 encoding.

    Check these out:
    http://php.net/manual/en/function.base64-encode.php
    http://php.net/manual/en/function.base64-decode.php

    There are more sophisticated methods that are more difficult to break, but any PHP-only method will be breakable.

    Some people use an actual encryption key and build in a call to a page on their own server that contains the decryption key (making the key NOT a part of the PHP that the user has) but all the user has to do is visit the link or have their server echo the response from the link and they get instant access to the key anyway. You can obfuscate the code to make it take a few steps to find, but eventually the user will be able to reverse engineer it if they want to.
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    We actually just recently talked about about this: http://www.codingforums.com/showthread.php?t=186111

    Basically you don't have a lot of options, most people just use license agreements to deal with piracy and things like that. Your other option is to put the bulk of your code into a PHP extension but then for someone to use it on their server they would need to install the extension. That usually isn't possible on any shared server hosting.
    OracleGuy

  • #4
    New Coder
    Join Date
    Jan 2007
    Posts
    57
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Thank you guys!

    Based on what I've read I've decided to not encrypt as those who won't be able to "decrypt" the code would probably not be able to do anything with the "source" code either. And those who do have the skills or desire to decrypt it won't be stopped by it anyways so it seems like other means of protection are to be used.

    Thank you once again folks and may the force be with you!

  • #5
    New Coder
    Join Date
    Dec 2009
    Posts
    84
    Thanks
    6
    Thanked 3 Times in 3 Posts
    @ electrify77
    thought encrypted code still possible to decrypted but i suggest you to don't care about it.

    your encrypted code just possible decrypted by advanced coder, but maybe not for beginner, so you have prevent it at least from common coder...
    Best Regards,

  • #6
    New Coder
    Join Date
    Apr 2009
    Location
    Denmark <'3
    Posts
    44
    Thanks
    5
    Thanked 1 Time in 1 Post
    You can use the ioncube encode (http://www.ioncube.com/) though it costs money and it needs access to php ini to setup the loader but if you got it should be easy

    (Its the same that WHMCS uses for their hosting cms product )

    Regards


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •