Vbulletin isnt free. And to the guy above me. They arent encoded. I think they have call backs but people just Null them anyway. To be honest I think now, if you want to protect your code, your in the wrong game. *shrugs* shame.
There is no commercial encoder/obfuscator currently for php scripts that cannot be broken. Waste of time really. I would suggest focusing in quality for the most part and your sales will come. Have a good business strategy and then try to have a good customer base. No matter what happens there's always genuine users.
... just as 'code' no matter the language can't be compromised. It's all to do with your cost-benefit curve. If you insist on protecting your code, I would suggest that you obfuscate no matter what for the simple fact that at the end of the day, it will require man hours to 'crack'. Having a memory dump doesn't help as it's still ridiculously difficult code to understand. That's the key difference between obfuscated code and encrypted code: encrypted code gets decrypted to its original state in memory. Obfuscated code has the code rewritten to an ugly state in the first place.
What is an ugly state exactly? Just renaming variables? Or does it completely rewrite it from head to two and change it all around?
well you should use ioncube or zend.Ioncube is better than zend.BUT BUT if i were you, i would go for open source.Null groups doesnt like encoded scripts especially if its free
The one I use renames variables, functions, class names and constants. It also removes any comments and any unnecessary whitespace. Finally, it reformats the code by removing enough EOLs such that each line is about 250 characters long. Thankfully, I can also say 'obfuscate all functions except ones that match *api*' (for any function with the letters 'api' in it, for example, so that people can still rewrite code that uses these 'public' functions if that makes sense). It doesn't rearrange code, though the effect on all but the most trivial of files is fairly ghastly. As a bonus, the file sizes are normally reduced. For me, it was a necessity due to the memread attacks on encryptors. I think I mentioned somewhere else that now a number of the encryptors also obfuscate pre-encryption which is cool, but by the time I started using this, I didn't feel like adding the extra server requirements.
Here's where I guess I have to make a small confession: I wrote the majority of the one I use. I don't believe it gives me much of a bias, but I'm just telling you! Anyway: I call it YAPHPO and you can read the blurb at http://www.asistechnologies.com/home/products/yaphpo/yaphpo-information.html . From there, there's a download link. There hasn't been much development on it in a while but when I get a chance, I'm actually going to overhaul it a fair bit and add what are essentially going to be like C / C++ preprocessor commands plus some more tweaks. Anyway, let me know what you think and feel free to ask me questions directly or (preferably) in the forum over there. Eeek. I hope my money is where my mouth is on this