Selling a PHP application

Question

I wanted to get some thoughts on selling a PHP application (CMS). I intend on offering a free version that may include ads or be limited in some way. My main concern is how to detect if the user has purchased a license or the paid version or not.

My idea is to have a file (license.php) which will check a variable against one on my database and make sure it matches the domain purchased for. Is this a good idea if the client's server maybe does not have curl enabled or is there another method to do this?

Also once I have set that $licensed = true, how would I make sure that continues change other things throughout the application. For example, if I had something like this:

if(!$licensed){
showads();
}

I guess there is no way to prevent them from just commenting out that section or modifying it.

I don't have too much of a problem in general with this, but wanted to see if there were any better ways people may have come up with. Thanks!

Answer 1

The only technical solution (well... not really a solution, but something good to have) to protect a PHP application sold to the client is to have it obfuscated. Other than that you can't do much to protect you code and/or enforce a license.

Also your question is similar to this: http://stackoverflow.com/questions/232736/code-obfuscator-for-php

I recommend some obfuscation + license agreement + trust.

Answer 2

ZendGuard is pretty much the standard when it comes to this: http://www.zend.com/en/products/guard/downloads

Answer 3

Since php is a script language you can't protect the code very well unless you host it yourself. The source is open so people can change it easily. If you want to sell it as license you can offer it as a hosting package where you maintain the hosting of the site yourself or change to a language which can be compiled (although this can be hacked as well but it is a lot harder).

You can protect it with licenses but people don't always care about that.

Answer 4

You'll be looking for a PHP encoder. I've heard good things about IonCube. Of course there might be a trade off - definitely in the area of maintenance for you (although it's not so different from compiling from a process point of view).

Obfuscation will only get you so far - it'll make it harder for observers to understand, but not impossible for them to comment out your above line in source.

Answer 5

Being in the app business, with a focus on CMS, I offer you good luck. There's SO many good, mature solutions out there already that you're going to be selling into a saturated market. Any more, it seems, the only money in CMS development is one-offs that are specially customized to the user. But I digress.

There are several companies that are using the "open" code concept to their advantage such as Interspire. I like their model--they openly sell it as open, so the code can be modified as a client might wish, which in my mind is a huge selling point. There is some sort of a code system to ensure only a certain amount of users is on the system at a time, and I'm honestly not sure how that works. thought I bet at some point that a competent developer could get in and get around it....but honestly, who has that kind of time? Microsoft is a great example of the futility of locking down code--if you can build it, someone else can hack it. Why not take the high road and offer great code that the user can openly manipulate to their needs?

You're entering a market where re-branding is a huge concern. If a CMS can't be rebranded, and the code is locked down, does rebranding become impossible? If I was in a position where I had to buy a CMS for my web firm, that would be an immediate deal breaker.