license key for php script

Othman picture Othman · Dec 16, 2012 · Viewed 14k times · Source

I have a script, and I sell it to some people. I need a way to make sure that my script won't work on any website that not in my clients list.

  • First of all, I am using IonCube to encrypt my PHP code.
  • I have all my clients in my server database.
  • Each Client has a domain name, email, name, phone.

What is the best method to avoid making people from stealing my script?

I read about making a license key in the script, so any script without license won't work. However, there are many ways to generate a license key without taking my permission right?

All I need is to not activate any script in any domain name, unless I have it in my clients list.

Answer

Mickle Foretic picture Mickle Foretic · Dec 16, 2012

Your question is very interesting because way too many php developers wonder the same thing. How can I protect my product from being stolen and copied?

Some of the comment talk about not being greedy, but the truth is that many people program for a living, so it isn't a matter of just some software you built as a hobby, it is your work and you deserve to get paid for it, just like any other profession.

Sadly, PHP is a language that is very hard to protect, but I will give you a few pointers:

1) Don't trust encryption: I have seen way too many tools for un-encrypting code, even some tools that I used to trust like Zend Guard, are also vulnerable. The most advanced tools I have seen can reveal your code in minutes.

EDIT: Another thing I forgot to mention about encryption. It will require the server to have certain special modules installed in order for your code to work and this is a deal-breaker for all the people who use shared hosting and can't install the unencryption module.

2) Try obfuscation: Even though your code will be still readable, if the obfuscator does a good job at mixing variables, adding nonsense and making functions within functions, the code itself will become almost non-modificable, so it will be useless to try to modify it.

3) Take advantage of obfuscation to insert domain-lock code within your software itself: Instead of a license file, just sell the software to a certain customer with some domain verification code within the software itself, that approach combined with obfuscation, will make it very hard to figure out what to change to make it work in some other domain, so you will probably achieve your goal.

4) Make a great software: This is the most important part, build an outstanding software that people will be willing to pay for, create a proper website for it, get the word out there.

I hope I have helped you.