I want to secure my PHP scripts.

Discussion in 'PHP' started by verymodest, Aug 20, 2007.

Thread Status:
Not open for further replies.
0
  1. #1
    HI,

    I wanted to know how to secure my php scripts. I have wrote a good script for web hosting billing. Its almost over :) Now to carry out the last step, i.e., i want to make a license for each script! only when the user enters license key during the installation, then only he can run the script. I tried ZEND and IONCUBE. They are pretty expensive for a novice like me.. :( So please can you guys suggest me a method to implement a license key system. Would it be better to check it from a mysql database or a simple text file?
     
    verymodest, Aug 20, 2007 IP
  2. adamjblakey

    adamjblakey Active Member

    Messages:
    1,121
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    80
    #2
    adamjblakey, Aug 20, 2007 IP
  3. verymodest

    verymodest Banned

    Messages:
    218
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    But the site, doesnt accept file size more than 2kb.. :( any other solution?
     
    verymodest, Aug 20, 2007 IP
  4. Wildhoney

    Wildhoney Active Member

    Messages:
    192
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #5
    Best way is to generate a random license key and then check it against the key on the central server for that domain. But for anyone competent with PHP, cracking that system would be easy enough without any encryption such as Ioncube.
     
    Wildhoney, Aug 20, 2007 IP
  5. verymodest

    verymodest Banned

    Messages:
    218
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #6
    How to generate randon license key and check it on central server?
     
    verymodest, Aug 20, 2007 IP
  6. Wildhoney

    Wildhoney Active Member

    Messages:
    192
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #7
    What you would do is generate a random license for every person that downloads your product. This will sit alongside the files in the file license.txt, then on every request, or for speed issues once a day, this will be checked if it is valid against the central server - the server that they downloaded your script from. This is the most simple way to go about it, check the license against the domain which can be accessed from the following pre-defined array:

    $_SERVER
    PHP:
    So the packet may look like:

    
Key = 5fe5611da36
Domain = WiredFlame.com
    Code (markup):
    Then the server would check this data and look for the following row in your database:

    WiredFlame.com - 5fe5611da36
    Code (markup):
    If it is found then the script will continue to work. If not then you will have to implement your own way to prevent this script from running - such as storing some core files on your server and preventing access to them if the license key is wrong. This way all the files aren't on the client-side and you are semi-protected against any intermediate PHPers from finding a way around it.
     
    Wildhoney, Aug 20, 2007 IP
  7. verymodest

    verymodest Banned

    Messages:
    218
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #8
    thanks for the awesome tip.
     
    verymodest, Aug 20, 2007 IP
  8. crazyryan

    crazyryan Well-Known Member

    Messages:
    3,087
    Likes Received:
    165
    Best Answers:
    0
    Trophy Points:
    175
    #9
    I need something like this for a project I'm working on and came accross www.phpaudit.com, should help you out
     
    crazyryan, Aug 20, 2007 IP
  9. picobello

    picobello Well-Known Member

    Messages:
    572
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    110
    #10
    This one is very easy to crack
     
    picobello, Aug 20, 2007 IP
Thread Status:
Not open for further replies.