What would be the easiest way to protect a php script so it can only be run on one domain. I'm looking for a very simple solution that would be easy to implement for selling 1 domain licences. Some sample code and examples would be appreciated, thanks!
Give the client a "key" and somewhere in the important part of the code make it have to send that key to you for processing. You then return a string that can be executed and allows the code to continue. Or if the key isn't unique there's a big banner over the top of the settings/admin page. Which ever way you run it, you'll get someone who thinks its worth his time and effort to bypass your security. Factor that into your business plan and find a way around it. Premium plugins or support won't work if any one of the modules/plugins/components isn't legit.
The easiest way is to not bother, because if you not going to do something like encrypt the files then your wasting your time. But if you insist on doing it then what I would do is make the user enter in specific information when they download the script from you including the domain name that the script will be running on. Use this information to generate a key that is stored on your server. When they activate the script on their server the script would gather the required information and generate the key on the server end then "call home" to your server and compare the keys. If the keys match then the script can run. If not then it locks up and will not run. An extended version of this would be the double call home, where you use a dynamically created salt when creating the key. Then the users server would first call home for the salt, use it to generate the key and call home again with the key. One question to ask is if you want this to be only done when the script is first activated or should it be done on every page load, or once a day, or once a week.. month etc.
You can force the script to do a API call to your server with a key which would have some encrypted settings, so if the API call were to be removed the script wouldn't work. You can simply hard code everything to begin with but if you wanted to add reporting all you would need to add is changes to your own server, to find out where the call came from how many times it calls etc. There really is no "easy" way of making it work as any good PHP dev would be able to write a work around no mater what solution you have. But an API call will show you when a website stops calling the API at which point you can contact them asking them why etc.
Thing is that if it's just asking for a key you can edit the source to stop asking for it. The host server has to do something that can't be replicated
Could you expand on that or link me where its explained in more details how to implement? Basically at this stage I just want to protect the script from people who don't know any coding or have much motivation to crack it, but just so they can't set it up on additional domains easily without buying another licence. I'd like the script to be tied to a specific domain.
If you're looking for a low tech solution I'd give them a key which is actually a hash of their domain name and perhaps a salt you supply from your site. If they don't match then the script degrades nicely - you don't want them to be pissed off, you want them to come to you and buy. So in one part of the script, maybe the init I'd create a variable called something unremarkable with "digitialpoint.com" (for example) Then in another part of the script I'd do an fgets to your server for the salt value, md5 them together (not sophisticated but that's ok) and if it matches the license number they've entered into the admin panel then they're good to go, otherwise they need to buy. I'd tend to make the admin panel shutdown but leave the public site unaffected but how heavy handed you want to be is up to you.
All this talk of 'keys' is a bunch of BS, as is the mere CONCEPT of copy protection on an INTERPRETED language. Even the big expensive packages are fairly easily slapped aside by anyone who knows what they are doing. Lemme put it this way: Think about "copy protected" games -- the game industry has put how many programmers and how many millions of dollars into things like Starfarce, suckurom, etc,etc, only to have them slapped aside quite often before the product is even on shelves in stores? We are talking about COMPILED programs without source code... You really think in a interpreted language where the source code IS the distribution method you're gonna come up with a proper answer? PLEASE... ... and honestly, if you were to 'sell licences' on obfuscated/pre-compressed/encrypted code, I'd tell you where to shove your software, just on philosophical grounds given we're talking about PHP - and encourage others to do the same! See that 'ioncube' bull for moron deploying software... and I do mean moron.