I'm stuck as to how I can effectively protect my work from being illegally distributed. I don't wanna completely mash the code up into variables like $_12551 because I still want the owners of the license to be able to easily modify it. And I can't just do a check on every load, and if they fail the check it won't run, because they can just delete the check. Same with any files included to notify me of illegal installations. Im wondering how big names like vB do it, and I don't want my hard work being passed around freely Any help would be greatly appreciated.
Firstly, I think 'the big names' basically do it the 'easiest' way: make the product worth purchasing. As far as I'm aware, they don't do anything too tricky. Other than the normal things like pinging your server on installation and so on, you could also do things like showing latest release information in the admin pages, for example. That is to say, when the admin logs in there's a sidebar that shows the latest release news from your product. Because it's so obviously there and actually useful, a lot of people forget the fact that it's grabbing data from your server that you can track. Alternatively, depending on your code structure, you could do a partial obfuscation. if your code has a bit of an API to it you could obfuscate the 'internal workings' while not obfuscating certain functions and variables that will allow the users to modify the layout and other aspects for example. So yeah, back to your original question: I don't think 'the big guys' do anything special... they just make it a product that people are actually willing to fork cash out for. Obviously there will be people out there using the code illegally, but even friends of mine that are big fans of the 'pay for nothing, crack everything' mantra pay for vB. Go figure...
You could always encrypt the "check". Then somewhere in the unencrypted (through obscurity so it doesn't look like its doing what it is) code check to make sure the crypted code still exists. :Shrug: I like the idea of displaying data that pulls from the main server in the admin for instance the current version. Of course when it pulls that version do a little authenication as well like sending the domain the script is curently residing on and do a check. This way it only runs when the user logs into the admin panel.
If your program is worth it, people will buy it. Yes, there are some who will use it freely, but you can never ever stop a program from being stolen if someone is determined. Peace,
Thanks Twist I thought of obfuscating some important things like the connection page and login or something, and I was planning on having the latest support news on the admin panel, i'll just have to figure out how to log where it gets pulled to. I know I can't ever completely stop it being stolen but i'll do my best to ensure I cut down the chance as much as possible. Thinking about the 'if its worth it they'll buy it', all I can really do is hope it will be
The easiest way to protect your program is to have the PHP program check your customer database during either 1) installation or 2) running. Your database can store an number of variables including how many times the software has been installed, or ip addresses. Or better yet, have your program send an email to the registared email address with an activation code. This will stop a lot of the "mass-sharing" of PHP programs.
You can put in a unique identifier in each copy you send out. If that identifier is not there or you find it used in violation of the license you sue the person who violated the license or stole you product. You personally have to keep track of all the license keys and make it easy for you to find installations of your product. If it's not worth your time to track down pirated copies of your product then it's probably not worth protecting in the first place.