Results 1 to 21 of 21
  1. #1

    [PHP] Does anyone know any good method to encrypt PHP code?

    Does anyone know any good method to encrypt PHP code?
    Something like the method which the BoxBilling uses

  2. #2
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    ionCube encoder is the best one.

    http://www.ioncube.com/php_encoder.php

  3. #3
    Join Date
    Oct 2004
    Location
    Oakville, ON
    Posts
    263
    BoxBilling and such use ioncube encoding to encrypt their content. You can check this out at: http://www.ioncube.com/online_encoder.php

    However keep in mind that this doesn't fully prevent someone from obtaining the source code. Where there is a will theres a way, and people have developed decoders.
    Regards,
    Josh Dargie
    Kualo.com
    Developer & Designer-Friendly Web Hosting

  4. #4
    Does anyone know any free?

  5. #5
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    Quote Originally Posted by CoolDB View Post
    Does anyone know any free?
    There are trial, nothing is free when it's good

    Another option is: SourceGardian, however I've heard they are having issues getting it working on PHP 5.4: http://www.sourceguardian.com/index.html

    There is a free one, but I've not heard of it for a long time: http://www.zend.com/en/products/guard/ Maybe that will help you.

  6. #6
    Zend has it's own encryption software, but it costs.

  7. #7
    Join Date
    May 2009
    Location
    Markham, Canada
    Posts
    458
    I am yet to see an encoder that cannot be decoded in 5 minutes... unfortunately

  8. #8
    Best: ionCube
    Free: JavaScript (Ex. http://www.javascriptobfuscator.com/Default.aspx)
    Web Hosting by Brontobytes

  9. #9
    Join Date
    Mar 2005
    Location
    Ten1/0/2
    Posts
    2,529
    PHP encoders only slow down honest people..... They don't stop the dis-honest one's.
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004

  10. #10
    Join Date
    Dec 2013
    Location
    Sydney, Australia
    Posts
    15
    What're your encrypting your file for? That would be a good question to ask first.

    e.g: Distribution (a product), hide password in script on a server, hide secret messages from FBI, etc.

  11. #11
    Naah, if i we're you i won't even consider encrypting your php code. You will just spend money on something that will only delay people who really wants to obtain your source code.

  12. #12
    Ioncube method is the best method to use as most major companies use it and it's really a safe method!

  13. #13
    Join Date
    Jan 2007
    Location
    Canada
    Posts
    113
    I've used Zend in the past... no complaints. As said, why are you encrypting your code?

  14. #14
    and the encoder makes your server working harder.

  15. #15
    Quote Originally Posted by twenty View Post
    As said, why are you encrypting your code?
    How would you sell something you've developed ? "Pay 5$ and get the source. Don't bother putting the S/N, you can remove it completely and use the soft for free." ?

  16. #16
    Join Date
    Mar 2013
    Posts
    1,328
    Why do you want to?

    That's the real question.

  17. #17
    Join Date
    Mar 2012
    Location
    United Kingdom
    Posts
    1,136
    IonCUBE is the best I have to say
    Sapatana.eu ILoveBilling
    120Gbps DDoS Protection on Shared Hosting, Reseller Hosting, XEN Windows and Linux VPS, Domains, SSL Certificates
    PayPal | BitPay (BitCoin) | UK Bank Transfer | International Bank Transfer

  18. #18
    Join Date
    Jan 2004
    Location
    Toronto, ON
    Posts
    1,104
    Honestly.. The only reason to encode it is to stop the run of the mill people who just randomly download things and try it... IonCube doesn't stop anyone who actually wants/needs to know what's going on in the encoded files.

    It takes 5 minutes to find, download and run the tool necessary to decode ioncube files.
    I specialize in neck beards
    https://thatshirt.com

  19. #19
    Ioncube is the better option by far, especially newer versions. For those wondering why someone would want to encrypt their code there's lots of reasons, I'll name a few below:

    1. Stop the tinkerers. The tinkerers are people who really know nothing about coding or what they are doing yet somehow feel the need to try and modify it anyways, thus breaking what the code is intended to do and possibly breaking their own server. If they can't modify it, they can't break it.

    2. Stop the middle men. These are the jerks who like to steal code because they are incapable of writing their own. But they are also generally incompetent and therefore cannot fix any "decoded" files because they have no idea what they are doing in the first place (you can't fully decode an ioncube file, there are always mistakes and you need to know what you are doing to make the decoded file usable).

    Now lots of people make the point that someone who does know what they are doing can decode the file and fix the mistakes. That's not why we encode files, anyone good enough to decode and fix the file would generally prefer to use their own code anyways. It's quicker to write their own than mess with decoding someone elses work, which won't suit their style anyways.

    So as a general rule the main purpose of encoding files is to stop ppl who don't know what they're doing from modifying them and also to stop the general average user that might not have the knowledge or will to write their own code and prefer to just steal others hard work.
    Tara Roberts
    www.whmxtra.com

  20. #20
    Join Date
    Jan 2004
    Location
    Toronto, ON
    Posts
    1,104
    Quote Originally Posted by whmxtra View Post
    Ioncube is the better option by far, especially newer versions. For those wondering why someone would want to encrypt their code there's lots of reasons, I'll name a few below:

    1. Stop the tinkerers. The tinkerers are people who really know nothing about coding or what they are doing yet somehow feel the need to try and modify it anyways, thus breaking what the code is intended to do and possibly breaking their own server. If they can't modify it, they can't break it.

    2. Stop the middle men. These are the jerks who like to steal code because they are incapable of writing their own. But they are also generally incompetent and therefore cannot fix any "decoded" files because they have no idea what they are doing in the first place (you can't fully decode an ioncube file, there are always mistakes and you need to know what you are doing to make the decoded file usable).

    Now lots of people make the point that someone who does know what they are doing can decode the file and fix the mistakes. That's not why we encode files, anyone good enough to decode and fix the file would generally prefer to use their own code anyways. It's quicker to write their own than mess with decoding someone elses work, which won't suit their style anyways.

    So as a general rule the main purpose of encoding files is to stop ppl who don't know what they're doing from modifying them and also to stop the general average user that might not have the knowledge or will to write their own code and prefer to just steal others hard work.
    It boils down to license key usage, it's harder to null a script if it's in a encrypted file (average person).. tinkerers will break a script regardless of what is where. It's honestly a waste of money to encrypt files unless it's required for your due diligence.

    In terms of the script being decoded properly, the things it screws up are very basic.. creating lines like
    $db = new ( );

    instead of $db = new db();

    which will throw an error and isn't difficult to fix... the problem is how these things are marketed to the general developing public... They make it seem like it's a security measure - which technically it is, but it's no different than DRM. It doesn't stop anybody who wants it... and for people who work on it it will sometimes include very important information like class init and functions that IDE's will need for codecompletion/insight.

    All mainstream software that uses any sort of licesning or encoding methods are all available widely... So again, you're only stopping the bottom barrel people who don't know how to find these, don't have friends who can give it to them, etc etc etc.

    All it does is annoy developers that will work with your product if you're hiding useful class declarations and things in it. If it's just protection key requests and what not that's fine (but still pointless, since some places have key locked to domains which limits setting up staging sites which completely locks out any usage).
    I specialize in neck beards
    https://thatshirt.com

  21. #21
    Tinkerers can break the script, that's ok, a simple upgrade or reinstall will fix that. But if they change something they could end up rm -rf'ing root without realising it. So it's better not to give them the chance

    Also, newest version of Ioncube stuffs up a lot more than that when you decode it. But that's my point, ppl who decode stuff don't have the knowledge of how to fix the broken code and those that do can write their own much faster. So it's a way to deter the average script kiddie.

    FYI not all mainstream software has a nulled version out there. Ours is running on thousands of servers and there is no nulled version out there. And if a nulled version were to pop up I could change things entirely and do things differently (I routinely change the way licenses and functions are handled anyways).

    But as you pointed out, Ioncube stops the bottom of the barrel people. That's all we want it to do.

    Just a quick example here, when I first took over this company with William 10+ years ago I redid the code from html and bash into php. Within a month there were two competing products (WHMPlus and WHMExt I think was the second one).

    Both companies were stealing my code, slapping a new css style on it and trying to compete. Once I started encoding the important stuff both companies shut their doors after a few weeks because without being able to outright steal my code they couldn't update their own software as they weren't smart enough to write their own code.

    That's the kind of thing we encode for, to stop guys like that from stealing from us. And anyone really good enough to decode it and fix the code has integrity and won't decode it as they can write their own code in their own style much faster than fixing someone elses.

    So like you said, it's a way to stop the bottom of the barrel people, which is really the main reason to encode. It's not even a security thing really, just a way to keep the worst of them from stealing our hard work.
    Tara Roberts
    www.whmxtra.com

Similar Threads

  1. What is the best cheap way to encrypt php?
    By tihhc in forum Programming Discussion
    Replies: 14
    Last Post: 02-02-2012, 12:58 PM
  2. Encrypt PHP
    By Danny159 in forum Programming Discussion
    Replies: 27
    Last Post: 09-14-2007, 02:39 PM
  3. Encrypt PHP Code
    By batulang in forum Programming Discussion
    Replies: 7
    Last Post: 08-21-2006, 02:56 PM
  4. encrypt password with php
    By GazCBG in forum Hosting Security and Technology
    Replies: 6
    Last Post: 01-27-2003, 09:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •