Results 1 to 23 of 23
  1. #1
    Join Date
    Jan 2005
    Location
    California
    Posts
    254

    Protecting your Scripts?

    So I'm designing a program that I plan to sell for 5-10$, the only problem is, how can I ensure that people get their own license and install it that way? Is there a way to cross-reference something in php to my database, so I can create a license for someone, and force them to register their site and ONLY make that license work on their URL?

  2. #2
    Join Date
    Aug 2006
    Location
    Frankfurt, Germany
    Posts
    54
    Why don't you use PHPAudit with ionCube?

  3. #3
    Join Date
    Jan 2005
    Location
    California
    Posts
    254
    Yeah I just checked into it. I want to learn how to use it as well as know what scripts I can buy (Just for future reference). Or if I buy phpaudit, can I look at the code and see how it works?

  4. #4
    dose pupaudit with ioncube allow you to use it on all your scripts without buying a licence agian?

  5. #5
    You can use CURL to verify licensing data on your database.

    When they install it, have your script make a call to your database to check the validity of their license using CURL, and don't allow the installation if the license you issued is invalid.
    JROX.COM Affiliate Manager
    Start Your Own Affiliate Program - Download a Free Copy
    Affiliate Marketing Software

  6. #6
    there is zend encoder.... I have been looking at it
    Web Hosting Review - Real Reviews by Real People Submit your company and get a link to your site, Read Reviews GET YOUR Voice HEARD and REVIEW your HOST NOW!!! Check out our IT Blog Tips & Tricks

  7. #7
    zend encoder only encodes / encrypts your php script, it doesn't issue licenses. I believe its called zend guard now as well.
    JROX.COM Affiliate Manager
    Start Your Own Affiliate Program - Download a Free Copy
    Affiliate Marketing Software

  8. #8
    Join Date
    Sep 2005
    Posts
    550
    I would also use Phpaudit and Ioncube

  9. #9
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842
    Another vote on PHPAudit and ionCube. They are some really great people working on that script.
    Nick Hudson - Prevail Host LLC - http://www.prevail.host/
    Premium Quality cPanel Hosting Services - CloudLinux, LiteSpeed & SSD
    WHMControl - Secure Your Server Logins & Automate Password Changes

  10. #10
    Join Date
    Jan 2005
    Location
    California
    Posts
    254
    Part of the reason I wanted to know how it's done is because I want to learn how to program things like that.

  11. #11
    Join Date
    Oct 2003
    Location
    Scotland, UK
    Posts
    2,900
    Quote Originally Posted by ProXHosting
    dose pupaudit with ioncube allow you to use it on all your scripts without buying a licence agian?
    Yes, sure does You can setup multiple storefronts and products in PHPAudit with the same license.

    In terms of doing it yourself, it depends how complex you want it to be. The simplest validation is using something like cURL or Sockets etc... to send data to your server, e.g.: http://www.mydomain.com/licensecheck...somedomain.com. The page on your server takes the domain name passed to it and checks your database/list for it, and then outputs a '1' for valid or '0' for invalid - your script then processes the value and acts accordingly.
    Alasdair

  12. #12
    Join Date
    Aug 2006
    Location
    Scottsdale, AZ 85251, USA
    Posts
    21

    Arrow

    Quote Originally Posted by Zaitech
    So I'm designing a program that I plan to sell for 5-10$, the only problem is, how can I ensure that people get their own license and install it that way? Is there a way to cross-reference something in php to my database, so I can create a license for someone, and force them to register their site and ONLY make that license work on their URL?
    Protecting your Scripts
    By Scott Isaacs


    The latest release of Microsoft's VBScript and JScript language engines provide support for script encoding. Script encoding helps protect the intellectual property you have in your scripts by making them illegible. We introduce you to this new feature and explain how you can use it to protect your scripts.
    To encode your script, you need to download and install the Script Encoder Beta tool from Microsoft's web-site. You can find the tool at Microsoft's Scripting Site. This tool encodes your script for use with the latest language engines from Microsoft. The encoded scripts only run with this language engine thereby limiting this feature mostly to Internet Explorer 5.0 users. All browsers without this language engine will ignore the script block.
    The script encoder runs from the command prompt. By default all scripts on your page are encoded. Any HTML on the page is left untouched. To encode scripts on a page you simply run the script encoder as follows: SCRENC input.htm output.htm
    Below we encode a simple script that displays the current date and time on the page: <SCRIPT>document.write(new Date())</SCRIPT>
    After running the script through the encoder, the script is encoded and the language is modified to represent this encoding: <SCRIPT language = JScript.Encode>#@~^IgAAAA==@#@&NG1Es+xDRS.kD+cxh~9mY+vb#@#@&cAkAAA==^#~@</SCRIPT>
    By default, the entire script is encoding. However, even though your scripts are encoded, you will often want to include a copyright notice within the script block. By controlling where the script encoder should start encoding with the "**Start Encode**" comment you can ensure you leave important comments in the script's header.
    For example, to preserve a copyright when encoding the script: <SCRIPT>//Copyrightę 1999. InsideDHTML.com, LLC All rights reserved.//**Start Encode**document.write(new Date())</SCRIPT>
    Now the copyright is left intact and the script following the copyright is encoded. Encoded scripts only run on browsers that have the 5.0 or later release of Microsoft's scripting engines. The 5.0 engine comes with Internet Explorer 5.0 and can be optionally installed by the user with previous versions of Internet Explorer. For the most part, this feature is only usable with scripts targeting Internet Explorer 5.0. Where script encoding becomes very useful is when combined with another Internet Explorer 5 feature - behaviors. Next we show you how to encode your behavior files.

  13. #13
    Join Date
    Mar 2002
    Location
    London & Kent, UK
    Posts
    372
    An old but interesting article. However in the comments section someone pointed out that it can be trivially worked around. The commentator wrote:

    I don't know if you noticed, but do the following:

    Encypt an external JS file and load the page with it.

    So far, so good.

    Now SAVE the file to disk... Well, you'll find the Encrypted JS completely DECRYPTED in an external file.

    And I only found one workaround, and not one presented by Microsoft...
    So perhaps not as promising as it first appears for client side code protection, and of course Microsoft specific. We all know this to be the case, but Amanda Congdon's (ex. Rocketboom) classic Internet Explorer vs. FireFox survey shows other browsers to be very popular, and writing anything MS specific is a big mistake unless the target audience is known to use IE, and maybe even then...
    Last edited by phpa; 09-05-2006 at 12:40 PM.

  14. #14
    Join Date
    Sep 2005
    Location
    India
    Posts
    750
    Has anyone tried out http://phpshield.com ?

    I would like to know how it compares with Ioncube encoder. Both offer bytecode compilation and encryption.
    Darsh Web Solutions : Web Design, PHP Development, E-Commerce Solutions

    PHP Tutorials : Tutorials and scripts for beginners

  15. #15
    Join Date
    Oct 2003
    Location
    Scotland, UK
    Posts
    2,900
    Quote Originally Posted by Jatinder
    Has anyone tried out http://phpshield.com ?

    I would like to know how it compares with Ioncube encoder. Both offer bytecode compilation and encryption.
    PHPShield is (basically) SourceGuardian without the licensing components. You'll probably be able to find quite a few reviews on SourceGuardian as it's been around for quite a while.

    One concern I have with phpshield is that I'm not sure how often it is updated - SourceGuardian has had several releases over the past few months (adding extra protection such as obfuscation) but phpShield doesn't seem to have had any new releases.

    It's crucial that whatever solution you choose has regular updates - people are always trying to break the protection offered by products such as Zend Guard, ionCube encoder, SourceGuardian etc... and so it's better if your chosen provider tries to stay ahead of them, rather than waiting for the protection to be broken before taking any action.
    Alasdair

  16. #16
    Join Date
    Jan 2005
    Location
    Leeds, England
    Posts
    183
    Quote Originally Posted by jroxonline
    zend encoder only encodes / encrypts your php script, it doesn't issue licenses. I believe its called zend guard now as well.
    cURL is an option for the licencing however PHPAudit would be a better option IMO

    and zend/ioncube will work for him to stop his scritp from being cracked.

    also code somethign so that people don't have to install the zend optimizer or ioncube loader. like clientexec have a folder wiht the files in so basically it installs it for runtime.

    thign is ioncube is pretty expensive though i ahvent looked into zend.

  17. #17
    ionCube so far has been the easiest solution I've found.. The web encoder makes everything a simple upload and download task, and it's issued out at a very good price ($5, I can encrypt a whole commercial script several times). phpAudit is probabley the most well-known licencing software available, although with such a low-end script, I doubt you'll find much copyright abuse.

  18. #18
    Join Date
    Oct 2003
    Location
    Scotland, UK
    Posts
    2,900
    Quote Originally Posted by Omega-Mark

    thign is ioncube is pretty expensive though i ahvent looked into zend.
    If you think ionCube is expensive, best not to look at Zend

    ionCube is $199 for a perpetual license with 12 months updates, Zend Guard retails at $999 for an annual license (i.e. pay $999 every year). As a small business, you can pick it up for 40% less, $597 per year.

    $199 to me is a small price to pay for the protection, but, for a cheap product it can be a big chunk of profit gone like that. You might find it more economical to use the ionCube online encoder, depending on how many files you have and how often you'll need to encode them - you buy credits (minimum "deposit" is $5) and you can run a 'test' encode to see how much it'll cost you before actually doing it properly.
    Alasdair

  19. #19
    Join Date
    Jan 2005
    Location
    Leeds, England
    Posts
    183
    Quote Originally Posted by tickedon
    If you think ionCube is expensive, best not to look at Zend

    ionCube is $199 for a perpetual license with 12 months updates, Zend Guard retails at $999 for an annual license (i.e. pay $999 every year). As a small business, you can pick it up for 40% less, $597 per year.

    $199 to me is a small price to pay for the protection, but, for a cheap product it can be a big chunk of profit gone like that. You might find it more economical to use the ionCube online encoder, depending on how many files you have and how often you'll need to encode them - you buy credits (minimum "deposit" is $5) and you can run a 'test' encode to see how much it'll cost you before actually doing it properly.
    and if you're looking at seeling it to mroe than 15 people you have your phpaudit licence to pay for.

    in the OP's case anyway.

  20. #20
    Join Date
    Feb 2004
    Location
    UK
    Posts
    170
    We started off by using the ionCube encoder and continued to offer only ionCube encoded versions for some time. However some customers requested Zend encoded versions and so we were able to use the Zend Small Business program to get a cheap version of Zend Guard. Unfortunately I don't think this is available any more. As mentioned, ionCube offer the option to use their online encoder for a very low price which might make more sense than buying a copy of the encoder if your script is cheap to buy.

    All good hosts will support ionCube or Zend, and should support both - they're both well known and are trusted. The other encoding products might be cheaper to buy initially but they're less well known so hosts are less likely to install the loaders.

    I found that the ionCube encoder is a far superior system as regards the interface and the security of the encoded output. It is also faster in terms of execution speed to use ionCube than it is Zend - according to our tests the Zend Optimizer doesn't actually optimize, it slows down execution. There's also the lack of ASCII encoding which makes it more likely that a customer will corrupt the files uploading them.

    Both ionCube and Zend have built in license managers but I think it's more flexible to use an external system you write yourself or buy. This can be tied into the purchasing process easier and makes management easier overall.
    David

  21. #21
    Join Date
    Oct 2003
    Location
    Scotland, UK
    Posts
    2,900
    Quote Originally Posted by Olate
    we were able to use the Zend Small Business program to get a cheap version of Zend Guard. Unfortunately I don't think this is available any more.
    It is still available, just in a different form

    Old Small Business Program: Zend Studio + Zend Guard for $450/$395
    New small business program: 40% discount off Zend Guard & x% off Platform

    For ionCube's license manager, it's also worth noting that you need to have the Pro or Cerberus version, the basic $199 version doesn't come with any licensing options.
    Alasdair

  22. #22
    Join Date
    Feb 2004
    Location
    UK
    Posts
    170
    Quote Originally Posted by tickedon
    Old Small Business Program: Zend Studio + Zend Guard for $450/$395
    New small business program: 40% discount off Zend Guard & x% off Platform
    Right. So instead of paying the full $995 per year, at 40% off the annual price is $597 as per http://www.zend.com/store/software/z...siness_program

    Even with that discount it's still quite a large investment, particularly if you are only just starting and you want to encode with the ionCube encoder as well. Plus you have to pay annually with Zend:

    Quote Originally Posted by Zend
    Zend Guard is available for an annual subscription of $995 per year. The license includes the ability to encode and license an unlimited number of PHP applications during the term of the subscription. PHP applications encoded or licensed during the term of the subscription will continue to run after the subscription has expired. When the subscription has expired, new applications will not be able to be encoded or licensed.
    Whereas with ionCube you can continue to use it forever, just the support and upgrades expire.

    Quote Originally Posted by ionCube
    An initial 12 months of support and product upgrades are included for FREE, with a guaranteed entitlement to one FREE upgrade when available should no upgrade be released within that period. Support and upgrade entitlement may be renewed for a further 12 months at a discounted price of $95 if purchased within 14 days expiry of an existing support entitlement.
    From a customer perspective, I much prefer the way ionCube handle it - the same way we do our software sales. Means you can continue to encode without having to pay a subscription.
    David

  23. #23
    Join Date
    Jun 2002
    Posts
    1,874
    I think the OP does not care much about the different products on the market, he's just interested in how to achieve the protection.

    I wanted similar protection for StyleSmooth (our cPanel and Direct Admin skin). It's sold on a license basis and I did not want people downloading the skin and installing on multiple servers or even distributing the product on warez networks.

    We basically used the Snoopy class (PHP net client script) in a custom script which was encoded into the header of our skin. The script sent the client's server IP to our check script which verifies and returns error codes if the IP is not found/or is inactive in the database.

    You can download Snoopy from here: http://www.weberdev.com/get_example-1347.html

    It's been effective for us

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •