license key for php script

Solution 1

There's a reason Adobe, Microsoft, and others don't over actively pursue pirates (not saying they don't, just not at epic, absolutism levels) - they make most of their money from business to business sales and support. A simple license and support structure is typically enough to posture yourself for profit from legitimate businesses and parties who want your product.

Technical protection is a losing battle if you're going to give anyone the code. That's why SaaS is so popular.

Solution 2

Your question is very interesting because way too many php developers wonder the same thing. How can I protect my product from being stolen and copied?

Some of the comment talk about not being greedy, but the truth is that many people program for a living, so it isn't a matter of just some software you built as a hobby, it is your work and you deserve to get paid for it, just like any other profession.

Sadly, PHP is a language that is very hard to protect, but I will give you a few pointers:

1) Don't trust encryption: I have seen way too many tools for un-encrypting code, even some tools that I used to trust like Zend Guard, are also vulnerable. The most advanced tools I have seen can reveal your code in minutes.

EDIT: Another thing I forgot to mention about encryption. It will require the server to have certain special modules installed in order for your code to work and this is a deal-breaker for all the people who use shared hosting and can't install the unencryption module.

2) Try obfuscation: Even though your code will be still readable, if the obfuscator does a good job at mixing variables, adding nonsense and making functions within functions, the code itself will become almost non-modificable, so it will be useless to try to modify it.

3) Take advantage of obfuscation to insert domain-lock code within your software itself: Instead of a license file, just sell the software to a certain customer with some domain verification code within the software itself, that approach combined with obfuscation, will make it very hard to figure out what to change to make it work in some other domain, so you will probably achieve your goal.

4) Make a great software: This is the most important part, build an outstanding software that people will be willing to pay for, create a proper website for it, get the word out there.

I hope I have helped you.

Solution 3

The only true way to lock down script-based code that you give away, is to keep a core part of that code executing on a server you control -- and have the code you've given to your client 'call home' to your server on each execution. Then all you have to do is block access to this 'call home' script based on the requesting ip.

Also, in this 'call home' mechanism it is no good just performing a simple connection test or handshake because this can be worked around -- the script on your server has to do something integral to the system as a whole so that the client would have to rewrite that missing part in order to use your code elsewhere without you knowing. This could be some key calculation or data provision.

Obviously this is not ideal as many clients will not like a script calling a remote server, plus you'd have to make sure your network and server could handle the number of requests -- otherwise you'll slow or timeout your clients own systems.

$lic=<<<EOL
LICENSE CODE HERE - SIGNATURE of string contained domain name
EOL;

include 'license.php';
$cert=<<<EOK
PUBLIC KEY DATA HERE
EOK;
$pub_key=openssl_get_publickey($cert);
$ok = openssl_verify($_SERVER['SERVER_NAME'], $lic, $pub_key);
if ($ok !== 1) {die ('bad license!')}

if (int(random()*100))==6) {check_license();}

Author by

Othman

nothing to say. Try to help as much as getting help.

Updated on June 18, 2022