Results 1 to 8 of 8
  1. #1
    Join Date
    May 2014
    Posts
    31

    Exclamation Two licensing algorithms

    For some reasons I don't want to use SPBAS or PHPLicengine or ionCube licensing. Instead I want to create my own licensing. I evaluated these two solutions and Kayako and noticed SPBAS does serialize+base64_encode an array containing license data and concatenate it with "spbas" separator and with a md5 hash of that array with a secret key to make sure that array is not tampered. But PHPLicengine and Kayako use a complicate math formula to encode/decode the data with a key without any need to particular extensions like openssl or mcrypt.
    Which way do you recommend me to go? the way SPBAS uses or PHPLicengine and Kayako use?

  2. #2
    Join Date
    May 2011
    Location
    Columbus, Ohio
    Posts
    270
    Assuming you are distributing the code to be licensed as .php files only, then go with simplest method. No need to make things complicated that can easily be changed via the PHP scripts anyhow.

    As a hint, using a program like SourceCop does next to nothing in protecting your code.
    This signature intentionally left blank.

  3. #3
    Join Date
    May 2014
    Posts
    31
    I didn't uderstand what you are saying. Anybody else please?

  4. #4
    Join Date
    May 2011
    Location
    Columbus, Ohio
    Posts
    270
    If you are going to distribute the code you want licensed as just plain .php files, and not complied with something like ionCube or NuCoder, then I would recommend going the basic route of just returning a serialized array. Complicating it with math formulas and/or encoding it so that it not easily "readable" just adds about 60 more seconds of work for someone wanting to strip out the licensing of the code.

    I mentioned SourceCop, as I have seen people use that where they think it will hide the source code. Then they do fancy calculating with data that they think no one will know how it is done (example deciding a fancy license response). Easily defeated (and puts more load on server than need be)
    This signature intentionally left blank.

  5. #5
    Join Date
    May 2014
    Posts
    31
    Of course I will do obfuscate the source with ionCube. I meant about locking on domain/ip which method I described from PHPLicengine and SPBAS is better? The source will be ionCubed anyway.

  6. #6
    Join Date
    May 2014
    Posts
    31
    An answer?

  7. #7
    Join Date
    May 2011
    Location
    Columbus, Ohio
    Posts
    270
    Well since you will be semi protecting the code, then no need to do too much of anything fancy. Something like this would work:

    PHP Code:
    function dataEncodeIsh$data ) {
        
    $data str_splitstrrevtrimbase64_encodeserialize$data ) ), '=' ) ) );
        
    $intDataLen count$data );
        
    $intRandChar mt_rand55116 );
        if ( 
    $intRandChar 65) { $intRandChar -= 7; }
        elseif ( 
    $intRandChar 90) { $intRandChar += 6; }
        
    $strReturn str_repeatchr$intRandChar ), $intDataLen ) ;
        for ( 
    $c $intDataLen$c 0$c-- ) {
            
    $intPos ord$strReturn$c } ) % $c;
            
    $strReturn$c-} = $data[$intPos];
            unset(
    $data[$intPos]);
            
    $data array_values($data);
        }
        return 
    $strReturn;
    }

    function 
    dataDecodeIsh$strData ) {
        
    $intDataLen strlen($strData);
        
    $strReturn $strData{0};
        for ( 
    $c 2$c $intDataLen$c++ ) {
            
    $intPos ord$strData$c } ) % $c;
            
    $strReturn substr($strReturn,0,$intPos) . $strData{$c-1} . substr($strReturn,$intPos);
        }
        
    $data unserializebase64_decodestrrev$strReturn ) ) );
        return 
    $data;

    Nothing really fancy, but it does use a random character to "shuffle" the string around, so that each time the same data is "Encoded" it will have 1 in 62 chances of being the same if you pass the same information. Each time you make the license call, add the time stamp in the request, and then make sure that same timestamp is returned back. You can also add a few pieces of "random" data into there to make them look even more less trackable.
    Last edited by TwineDev; 12-07-2014 at 06:33 AM.
    This signature intentionally left blank.

  8. #8
    Join Date
    May 2014
    Posts
    31
    Hi TwineDev,

    Sorry to not thank you before, I was offline for a few months and I saw your answer just now!
    Thank you for the help. Anyway, I decided to go with ionCube licensing and for an online ionCube license handler, I posted this http://www.webhostingtalk.com/showthread.php?t=1489609

    Thanks again for the useful code.

Similar Threads

  1. load balancing algorithms
    By josephgarbett in forum Dedicated Server
    Replies: 3
    Last Post: 01-24-2012, 11:23 AM
  2. Best For Licensing
    By shahaz in forum Web Hosting
    Replies: 4
    Last Post: 10-11-2011, 07:20 AM
  3. Algorithms in Search Engines Usage
    By boonchuan in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-04-2004, 03:53 AM
  4. Licensing
    By The Laughing Cow in forum Programming Discussion
    Replies: 10
    Last Post: 01-17-2003, 05:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •