So I'm designing a program that I plan to sell for 5-10$, the only problem is, how can I ensure that people get their own license and install it that way? Is there a way to cross-reference something in php to my database, so I can create a license for someone, and force them to register their site and ONLY make that license work on their URL?

Why don't you use PHPAudit with ionCube?

Yeah I just checked into it. I want to learn how to use it as well as know what scripts I can buy (Just for future reference). Or if I buy phpaudit, can I look at the code and see how it works?

dose pupaudit with ioncube allow you to use it on all your scripts without buying a licence agian?

You can use CURL to verify licensing data on your database.

When they install it, have your script make a call to your database to check the validity of their license using CURL, and don't allow the installation if the license you issued is invalid.

there is zend encoder.... I have been looking at it

zend encoder only encodes / encrypts your php script, it doesn't issue licenses. I believe its called zend guard now as well.

I would also use Phpaudit and Ioncube

Another vote on PHPAudit and ionCube. They are some really great people working on that script.

Part of the reason I wanted to know how it's done is because I want to learn how to program things like that.

dose pupaudit with ioncube allow you to use it on all your scripts without buying a licence agian?

Yes, sure does :) You can setup multiple storefronts and products in PHPAudit with the same license.

In terms of doing it yourself, it depends how complex you want it to be. The simplest validation is using something like cURL or Sockets etc... to send data to your server, e.g.: www.mydomain.com/licensecheck.php?domain=somedomain.com. The page on your server takes the domain name passed to it and checks your database/list for it, and then outputs a '1' for valid or '0' for invalid - your script then processes the value and acts accordingly.

So I'm designing a program that I plan to sell for 5-10$, the only problem is, how can I ensure that people get their own license and install it that way? Is there a way to cross-reference something in php to my database, so I can create a license for someone, and force them to register their site and ONLY make that license work on their URL?

Protecting your Scripts
By Scott Isaacs


The latest release of Microsoft's VBScript and JScript language engines provide support for script encoding. Script encoding helps protect the intellectual property you have in your scripts by making them illegible. We introduce you to this new feature and explain how you can use it to protect your scripts.
To encode your script, you need to download and install the Script Encoder Beta tool from Microsoft's web-site. You can find the tool at Microsoft's Scripting Site (http://msdn.microsoft.com/scripting/). This tool encodes your script for use with the latest language engines from Microsoft. The encoded scripts only run with this language engine thereby limiting this feature mostly to Internet Explorer 5.0 users. All browsers without this language engine will ignore the script block.
The script encoder runs from the command prompt. By default all scripts on your page are encoded. Any HTML on the page is left untouched. To encode scripts on a page you simply run the script encoder as follows: SCRENC input.htm output.htm
Below we encode a simple script that displays the current date and time on the page: <SCRIPT>document.write(new Date())</SCRIPT>
After running the script through the encoder, the script is encoded and the language is modified to represent this encoding: <SCRIPT language = JScript.Encode>#@~^IgAAAA==@#@&NG1Es+xDRS.kD+cxh~9mY+vb#@#@&cAkAAA==^#~@</SCRIPT>
By default, the entire script is encoding. However, even though your scripts are encoded, you will often want to include a copyright notice within the script block. By controlling where the script encoder should start encoding with the "**Start Encode**" comment you can ensure you leave important comments in the script's header.
For example, to preserve a copyright when encoding the script: <SCRIPT>//Copyright© 1999. InsideDHTML.com, LLC All rights reserved.//**Start Encode**document.write(new Date())</SCRIPT>
Now the copyright is left intact and the script following the copyright is encoded. Encoded scripts only run on browsers that have the 5.0 or later release of Microsoft's scripting engines. The 5.0 engine comes with Internet Explorer 5.0 and can be optionally installed by the user with previous versions of Internet Explorer. For the most part, this feature is only usable with scripts targeting Internet Explorer 5.0. Where script encoding becomes very useful is when combined with another Internet Explorer 5 feature - behaviors. Next we show you how to encode your behavior files (http://www.siteexperts.com/tips/functions/ts19/page2.asp).

An old but interesting article. However in the comments section someone pointed out that it can be trivially worked around. The commentator wrote:

I don't know if you noticed, but do the following:

Encypt an external JS file and load the page with it.

So far, so good.

Now SAVE the file to disk... Well, you'll find the Encrypted JS completely DECRYPTED in an external file.

And I only found one workaround, and not one presented by Microsoft...

So perhaps not as promising as it first appears for client side code protection, and of course Microsoft specific. We all know this to be the case, but Amanda Congdon's (ex. Rocketboom) classic Internet Explorer vs. FireFox survey (http://www.rocketboom.com/vlog/archives/2005/12/rb_05_dec_02.html) shows other browsers to be very popular, and writing anything MS specific is a big mistake unless the target audience is known to use IE, and maybe even then...

Has anyone tried out http://phpshield.com ?

I would like to know how it compares with Ioncube encoder. Both offer bytecode compilation and encryption.

Has anyone tried out http://phpshield.com ?

I would like to know how it compares with Ioncube encoder. Both offer bytecode compilation and encryption.
PHPShield is (basically) SourceGuardian without the licensing components. You'll probably be able to find quite a few reviews on SourceGuardian as it's been around for quite a while.

One concern I have with phpshield is that I'm not sure how often it is updated - SourceGuardian has had several releases over the past few months (adding extra protection such as obfuscation) but phpShield doesn't seem to have had any new releases.

It's crucial that whatever solution you choose has regular updates - people are always trying to break the protection offered by products such as Zend Guard, ionCube encoder, SourceGuardian etc... and so it's better if your chosen provider tries to stay ahead of them, rather than waiting for the protection to be broken before taking any action.

zend encoder only encodes / encrypts your php script, it doesn't issue licenses. I believe its called zend guard now as well.

cURL is an option for the licencing however PHPAudit would be a better option IMO

and zend/ioncube will work for him to stop his scritp from being cracked.

also code somethign so that people don't have to install the zend optimizer or ioncube loader. like clientexec have a folder wiht the files in so basically it installs it for runtime.

thign is ioncube is pretty expensive though i ahvent looked into zend.

ionCube so far has been the easiest solution I've found.. The web encoder makes everything a simple upload and download task, and it's issued out at a very good price ($5, I can encrypt a whole commercial script several times). phpAudit is probabley the most well-known licencing software available, although with such a low-end script, I doubt you'll find much copyright abuse.

thign is ioncube is pretty expensive though i ahvent looked into zend.

If you think ionCube is expensive, best not to look at Zend ;)

ionCube is $199 for a perpetual license with 12 months updates, Zend Guard retails at $999 for an annual license (i.e. pay $999 every year). As a small business, you can pick it up for 40% less, $597 per year.

$199 to me is a small price to pay for the protection, but, for a cheap product it can be a big chunk of profit gone like that. You might find it more economical to use the ionCube online encoder, depending on how many files you have and how often you'll need to encode them - you buy credits (minimum "deposit" is $5) and you can run a 'test' encode to see how much it'll cost you before actually doing it properly.

If you think ionCube is expensive, best not to look at Zend ;)

ionCube is $199 for a perpetual license with 12 months updates, Zend Guard retails at $999 for an annual license (i.e. pay $999 every year). As a small business, you can pick it up for 40% less, $597 per year.

$199 to me is a small price to pay for the protection, but, for a cheap product it can be a big chunk of profit gone like that. You might find it more economical to use the ionCube online encoder, depending on how many files you have and how often you'll need to encode them - you buy credits (minimum "deposit" is $5) and you can run a 'test' encode to see how much it'll cost you before actually doing it properly.

and if you're looking at seeling it to mroe than 15 people you have your phpaudit licence to pay for.

in the OP's case anyway.

We started off by using the ionCube encoder and continued to offer only ionCube encoded versions for some time. However some customers requested Zend encoded versions and so we were able to use the Zend Small Business program to get a cheap version of Zend Guard. Unfortunately I don't think this is available any more. As mentioned, ionCube offer the option to use their online encoder for a very low price which might make more sense than buying a copy of the encoder if your script is cheap to buy.

All good hosts will support ionCube or Zend, and should support both - they're both well known and are trusted. The other encoding products might be cheaper to buy initially but they're less well known so hosts are less likely to install the loaders.

I found that the ionCube encoder is a far superior system as regards the interface and the security of the encoded output. It is also faster in terms of execution speed to use ionCube than it is Zend - according to our tests the Zend Optimizer doesn't actually optimize, it slows down execution. There's also the lack of ASCII encoding which makes it more likely that a customer will corrupt the files uploading them.

Both ionCube and Zend have built in license managers but I think it's more flexible to use an external system you write yourself or buy. This can be tied into the purchasing process easier and makes management easier overall.

we were able to use the Zend Small Business program to get a cheap version of Zend Guard. Unfortunately I don't think this is available any more.

It is still available, just in a different form :)

Old Small Business Program: Zend Studio + Zend Guard for $450/$395
New small business program: 40% discount off Zend Guard & x% off Platform

For ionCube's license manager, it's also worth noting that you need to have the Pro or Cerberus version, the basic $199 version doesn't come with any licensing options.

Old Small Business Program: Zend Studio + Zend Guard for $450/$395
New small business program: 40% discount off Zend Guard & x% off Platform

Right. So instead of paying the full $995 per year, at 40% off the annual price is $597 as per http://www.zend.com/store/software/zend_small_business_program

Even with that discount it's still quite a large investment, particularly if you are only just starting and you want to encode with the ionCube encoder as well. Plus you have to pay annually with Zend:

Zend Guard is available for an annual subscription of $995 per year. The license includes the ability to encode and license an unlimited number of PHP applications during the term of the subscription. PHP applications encoded or licensed during the term of the subscription will continue to run after the subscription has expired. When the subscription has expired, new applications will not be able to be encoded or licensed.

Whereas with ionCube you can continue to use it forever, just the support and upgrades expire.

An initial 12 months of support and product upgrades are included for FREE, with a guaranteed entitlement to one FREE upgrade when available should no upgrade be released within that period. Support and upgrade entitlement may be renewed for a further 12 months at a discounted price of $95 if purchased within 14 days expiry of an existing support entitlement.

From a customer perspective, I much prefer the way ionCube handle it - the same way we do our software sales. Means you can continue to encode without having to pay a subscription.

I think the OP does not care much about the different products on the market, he's just interested in how to achieve the protection.

I wanted similar protection for StyleSmooth (our cPanel and Direct Admin skin). It's sold on a license basis and I did not want people downloading the skin and installing on multiple servers or even distributing the product on warez networks.

We basically used the Snoopy class (PHP net client script) in a custom script which was encoded into the header of our skin. The script sent the client's server IP to our check script which verifies and returns error codes if the IP is not found/or is inactive in the database.

You can download Snoopy from here: http://www.weberdev.com/get_example-1347.html

It's been effective for us