hello, i want to ask about licence system for scripts example: you buy the script then when you want to install it you must enter the licence code given to you when you bought the script for real example: like vBulletin thankyou
When they buy the software, have them give you the domain it will be used with. Then, in your scripts, have it request a php page from your server that has the code on it that checks the referrer domain, and it is on the list of customers, return a 1, if not, return a 0 then, back in your script, if it gets a 1 back, run normally, if it gets a 0, say something like "please purchase this script at www.yourdomain.com" or just die() or if you wanna get nasty, a php redirection kinda depends what language your scripts are in
How do you prevent the user from just removing the checking part of the script? This seems like the biggest problem in any licensing situation. You can always use Zend encoder, or Sourceguardian, but these cause a lot of extra work for the person buying the script if they don't have these installed, and these scripts can almost always be reverse engineered.
Yes, you are correct. They can just remove that section of code, but that is why you make it difficult to find. And to solve this, zend would work out by encoding all of your php code, but I never liked people that encoded their work. If you want to encode your work, go use asp or something There is just a point where you must say to yourself, i know this may get stolen and im just going to have to live with that. The only software that gets stolen is large scale software, you will not have to worry much about your smaller scripts getting stolen, because its not like they are going to be talking about it on these large warez websites, so nobody will be able to find it. Hope this info helps.
thankyou all for your replies, so i have to encode my scripts? i dont like this option very much any solution with out encoding? do you know a free software encode php scripts and its safe? waiting you,
I think that you will get many less customers if you encode, because it requires them to install services such as ZEND. If you are still interested, research php zend.
Hello! Licensescript is here! Licensescript is a software which helps protect your software, If the url isnt on the database, the script wont run! Its a very good secure system which runs on OUR side You can try a demo account www.licensescript.com/client user: demo pass: demo Please tell me if your interested in purchasing a account!
You don't have to encode the software, just make it an absolute nightmare for people to try and hack it out. Never use a simple 1/0 method of verifying a license, it's too easy to hack. Instead use some sort of encryption like MD5 or serialized code that passes back an encrypted message to the software. What I've done in the past is for every customer they get a license key what is an MD5-encrypted code that unlocks the software. Their email address is the key to the MD5 encyption (but you could easily make it their domain). That way the only way to validate the key is for them to enter their email address. You then setup a basic security include that takes their code (email address), and sends it to your authentication server, which then passes back an MD5 string that can only be decrypted by the software. If the encoded string that gets passed back is returned, you set a session variable declaring it. Then make every function and include file check for that specific session string (which you could also encode to make it even more secure). Now with this type of setup people usually say "well why don't they just add a $_SESSION['whatever'] = ..." to bypass it. Well there's alot more to it, especially if you make it a dynamic code that changes every time they login. I didn't do a very good job at explaining it here and there's way more involved, but you can do it all yourself and it works very well and is nearly hacker-proof if approached properly. Usually you have to setup the security modules before any coding work is done and integrate it's login into everything though. That way the only way to really hack it is to have the user edit every single function and file in your software (which can easily be thousands of files and not worth the time). Another fun way we tried once was to have the software do a simple validation and then set a session variable that was 3-5 characters long. Then the software would set 10-20 other session variables that looked almost identify just to screw with hackers. The session codes were dynamic, so they would be completely different whenever you started the software. It worked really well, but it's very hard to setup properly. Anybody trying to hack the session data would see a random number of 11-21 different session variables that were very similiar at any given time, and the value assigned to each was completely random so it was almost impossible to hack.
Christian Little can you send your messenger id to me with pm please i want to understand the idea from you more i think i liked the first way im waiting for you
Ultimately you have to encode atleast one file Values of session variables can be easily read and by printing the values one can easily seperate that module from your script You just need to make your code unreadable by a programmer by changing names of functions and variables to some sort of random names,Also Divide the whole code in as much as files you can and do md5 encryption on each file I must say its not a simple task But if you are able to do licensing with some sort of public and private key thing on your server Then it will be the best solution and cannot be broken Regards Alex