I am looking for recommendations for the best PHP copy protection. The key feature in the copy protection is to able to be able give people UNIQUE serial numbers so that I can control who installs or uses the scripts on their web host. This way unauthorized users won't be able to install or run the program. Someone suggested this program: codelock.co.nz/tracker.html but am wondering if there are any other solutions. What I need to happen... i.e. 1. Jimmy uploads the php files to his website 2. Jimmy runs the program and then it asks for a serial number 3. We give jimmy serial number and to unlock it so that the script will work 4 If Jimmy tries to give the script to his friend Teddy, Teddy won't be able to use the script since he needs the serial number which is unique for each person and can only be used one.
I think there is something called "IONO". It check back with the server for a key. But...I don't personally liked a script which has this function since if the server goes down, it really pain in the ass for buyers.
I suggest you look at something like ionCube to encode your script. You can basically build in that functionality into your script with PHP.
PHP script is always "in source" and can be easily "hacked" unless its functionality requires frequent "updates" of some sort from the developer. You can just track these updates. Don't loose your time protecting PHP script. Spend this time on functionality
Do what people would do with PC applications. Get a fingerprint of the server the script is on. Make a hash out of it, send that hash to you where you create a key from that.. Send the key back to Jimmy where it will only work on the server/domain that is running the script. If you can afford it, have the script call home to do some verification. On top of that you would need to encrypt and obfuscate everything. Beezzee might be right, but if the php script is encrypted, it will at least slow down the "hacker". Only the most determined person will attempt to decode any of this encrypted stuff.
1) In your install.php file, add a text field asking the user for their unique serial # 2) When they submit, the script should connect back to your server and find that serial number in your database. It should check what domain name is registered under that serial #. If the referer domain matches the domain, then continue. If user has tried running that serial from some other domain, end the installation script at that point and get an email notification to the admin saying "Potential unauthorized use for serial # ..". This way you can see what's going on as well 3) Protect your script using Zend/ioncube so no one can remove your serial protection/callbacks!!!!
I too had thought of such protection mechanism. But finally I ended up providing "hosted" applications to my clients. Initially, they were reluctant but I had to explain them the upside like 'no technical worries, or about updates, etc.' $USD 379 was too much for IonCube, also I found some reverse-engineering services being offered for $10 per file. So I dropped the idea of
If you use the method where it checks back to another server for the serial, they can easily just use their hosts file and trick the script... I'd recommend using ioncube to encode it.
Obfuscate and encode it using Ioncube, but remember nothing unbreakable We only can make it harder for cracker..
Hello Davey Crocket, 1) You can design your own callback system to check for the serial no. and domain where it is installed. But, this again can be patch or hack. 2) IonCube, Zend are PHP encoders and from this you can encrypt your PHP scripts and distribute them, they even have a basic licensing system inbuild in them. If you are ready to shed some money then this will give you a maximum peace of mind but not 100%, they too can again be nulled. 3) There is a complete PHP licensing system by the company named PHPAudit, you can use it for your complete licensing system. But again its not 100% assured that it wont be nulled. 4) Host all your clients scripts on your server, not very fexible option but safe enough to keep you worry free. Based on your requirements, decide and move ahead. Remember there is no solution which is 100% secured. Those who claims it are just fooling you. Regards, Gonzo
Or, maybe you offer a self-hosted application with DNS forwarding cluster. For example, www.client-1361663.server.s3.livechatservices.com DNS to lc.myhost4u.com Looks authentic, and does the same job. You'd need good servers though.
well i have very good idea, u can make licensing in very easy way and its really secure.. firslty encode ur php files with zend or ioncube or any similar proggy, then create a website that has register+login interface which the register for buying ur software and login for existence users who purchased ur proggy or webapp.. username/pass will be given only to the users who purchased the license lets say: -jimmy purchased ur software, jimmy will get username/pass to login on ur site... -jimmy will be asked to login on ur site first then he can use the purchased software otherwise he cannot use it.. -if jimmy tried to give the username and pass to teddy, teddy will not be able to use it as long as jimmy is logged in.. -if the server detect jimmy and teddy using at same time from same account, the server will block those ip addresses or whatever, then jimmy will be warned.. i used this technique with my php windows GUI applications...and its really fuckin good..i think its un-hackable
Extending on the login to an account option mentioned by linkinpark2014, an option would be to use Zend Guard on the web server where the files will be downloaded to create the Zend encoded files for each request. By building the download package dynamically per user, you can take advantage of the Zend Guard License Manager feature to provide flexible licensing options: Number of concurrent users Time limited (great for allowing free time-limited trials) Specific Server / Host By having this run on the web server side, the process can be automated. Otherwise, you would need to build the package for each user - pretty counter productive. The process is not trivial as it will need some custom coding and privileged access to the web server (VPS or Dedicated), but will give you the most flexibility. Zend Guard isn't cheap. Then again, the cost of lost revenue could be quite a bit more expensive. Bing