If you are selling/distributing a PHP script and you want to prevent your clients from using it on other domains, unless you encrypt it you are in tough luck (remember that you are selling the *code*) Otherwise, I didn't understand your question...
encryption or call home. Encryption * someone will try to hack it * buyers can't make changes so you'd better allow plugins Call Home * your package had better be big enough that you can hide the call or people will edit it out * your server had better be fast with fantastic uptime or you'll impact on your customers
Can't you host the scripts yourself and "sell" the service only? This way you won't be distributing your code around. Encryption - good method but, is it worth it? Call home - if your package is big enough (and I mean, BIG) you can avoid this and just bury very very deeply a check on the $_SERVER["HTTP_HOST"] var... Just my .2 €
yeah, you will need to encode it... which unless it is $XXX software isn't worth it AHh the old call home method... you could have one key part on your server, and their script has to access it for the script to work (via unique key) but as sarah said, you need a fast server with %100 uptime
If it's the first of many I would highly recommend phpaudit and ionCube, the bundle is $235 but well worth it in the end ...
I just installed a license system per domain name on my new script I'm selling which goes beyond the normal call to home. Used a few tricks to get around it. Edit: Please PM for details, realised people could break my script if I exposed it here lol.
Encoded script is called for - to do so is fairly easy to do - if it is a reasonably small script use the online ioncube encoder - cost is only a few $ to encode the script.
Another method or variation of the call-home, you could have an encrypted database... which encrypts all the fields every time you hit the CMS (this would be enforced in multiple places). It can encrypt it using a new key every time which you could retrieve from your own server (Home). - Just my 2 centz
That would be insane. Each page view would have hundreds or thousands of queries each second... multiply that byusers. Ughhh definatley not
Kalyse - it's usually restricted to just the admin login script or something similar. So you can have your site up and running but you can't maintain it, or perhaps on the upgrade script, or some special functionality so that by the time you can't live without it you also don't want to change to anything else either and willingly cough up the dollars.
HEHE, did you fully read my post? I said every time you hit the CMS. This would be probably at most a few times a day.
Use Zend Encoder. At least this is what i use. You can encrypt a license into the php scripts to that they can run only into the specified domain/serve rip.
I was offline for a week, and php is no fun offline, so I got out VC++ and a *nix distro and started messing with php_extension modules, they aren't so difficult to build and present a thousand ways to secure your script .... something you could look into maybe .... if u know or know someone that knows c (cpp can be used, but c experienced is required ) at least .... obviously it would mean you would have to compile these modules for every eventual system, but hey ionCube do it, and it works pretty well ....