Commercializing a php application?

Question

Say I have developed a php webapp and would like to distribute it for others to use as proprietary software. Is there anything I can do short of some sort of licence or just trusting the customer to avoid having to provide a hosted solution? Clearly if I just distribute the application to paying customers to host independently, I run the risk of them leaking the code.

Update:

Some of the responses so far suggest obfuscation. However, this won't prevent another user from simply plopping the leaked obfuscated code onto their servers and reusing it. Granted they won't be able to modify it..but I am looking for something more complete. Any ideas?

Answer 1

Obfuscating it can go a long way. Many users won't try to figure out the logic.

You can also add a registration key -- something that calls the mothership and acts like a dongle.

Edit: What I was going for with the registration: You can sell licenses by the domain, and require users to register their domain at your website after they buy.

One script I bought requires activation at their website. (The script is obfuscated as well.) Don't enter the domain, the software ceases working after a certain period of time. Transfer domains, and the software ceases to work.

I don't know the mechanics but the basic idea is that you want to guarantee that the script is running at the domain the purchaser said it was running at.

Answer 2

http://www.google.com/search?q=php+code+obfuscator&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla%3Aen-US%3Aofficial&client=firefox-a

Have at it...

This obfuscation usually consists of stripping comments and whitespace, base64 encoding, and sometimes other little tricks like completely renaming every variable and such to make it next to impossible to understand by humans

Answer 3

Can you elaborate please on the registration key? Will their be some logic in the code preventing it from running unless a valid registration key is obtained from another server?

To do this, you would have to generate a key for the user when they purchased the application. The application would then communicate with a master server which in turn looks up the key and checks the domain the key is coming from and sends back a simple true or false reading. If the response is true, the application would then continue its operation, otherwise it would shutdown.

The only problem with this method is that if your master server were to ever go down, all of your clients would be locked out (unless you created a condition where if the master server was down, the default response would be true).

Answer 4

Zend has a product "Zend Guard" (http://shop.zend.com/en/zend-guard.html) that may offer something more than obfuscation.

With its key components of Encoding, Obfuscating and Licensing, Zend Guard protects your PHP applications from reverse engineering, unauthorized customization, unlicensed use and redistribution

Answer 5

There's also ionCube. Generally these solutions require a server side extension to be loaded but most hosts will have them loaded already I find.

ionCube allows you to license to a particular domain if you like, and also allows you to put time limits on the script (to require license renewal).

Although by default ionCube is a system that requires you to actually create the licenses yourself, there is a system that you can buy to automatically manage this stuff for you (I thought it was PHP-Audit, though that site seems to have gone through a redesign and so I can't tell anymore).