Lately, I've come across quite some PHP scripts that are "encrypted". At least that is, the developers think they are encrypted. However, I can easily "decrypt" them and see the actual code... Does anybody know if there's any way of protecting your PHP code, without having to resort to placing it on your private server and just let the people call the script? BTW: with "encryption", i mean something like the following: eval(gzinflate(str_rot13(base64_decode('FZrHDoTIGYRfxbfdFQdlGDmsyDl0LhYM ... /v3vP/76669//uPv//zr7/8B')))); PHP: Any ideas are welcome!
The only decent systems I know which do encoding among other things are ioncube and zend guard. They are not free by any means so keep that in mind.
Thanks for the suggestions I will try the eval of Zend and ioncube. Apparently the latter also offers online coding, which is quite affortable... Anyone experience with that? Online Encoding @ Ioncube kajol: thanks for the link! Apparently, that's exactly the encoding that I was able to decode. Therefore, I don't think it'll offer much, if any protection...
Because the code has been decrypted somehow in order to work, it's generally a losing battle to encrypt a scripted language. That type of thing would only work with non-programmers who just want to run your script and don't know much about programming. If you really don't want people to steal your code, you quite simply just can't put it out there. Looking at ioncube they basically change your code to byte code and do obfuscation. But, they require a PHP extension to run the obfuscated versions of your files. So, if your client can't install that extension, they wouldn't be able to use your product.
Please don't use the base64_ encoded 5 times eval crap method. It really pisses webmasters off, and they will decode it on purpose every time. I would never run a script on my server with a single piece of eval(base64 information on it, because I have no idea what the script is doing. it wouldn't matter where it was from. Honestly it is very unlikely that you are doing something so innovative that you need to encrypt it at all. If it is really that unique, then ioncube or zend encoder are what I would be looking to use. Depending on whether you are distributing it as paid or free you can release it with a license that requires a link back to you, or that it can't be modified. Obviously people can still change it, but an honest programmer wont do it without permission, and a dishonest one is going to figure the script out anyway.
Jestep, that's exactly my point too I came accross this eval stuff, and the first thing i did was decode it, just because I could not have it running that way on my server. I don't have any scripts that need encoding either So at the moment, i don't have use of either encoding methods... I also read that with Zend, the PHP code is optimized, and will even run faster if encoded... Hard to believe that, i find
The Zend (and ionCube) engines will make the code run faster as it's already compiled to bytecode... hence, your code doesn't have to go through that bytecode compilation stage each time it's run.