Hello,
I am wondering if it is possible in someway, to secretly embed information such as the purchase id in a file, so that if a file is being distributed, I know which purchase id it is. Something like MD5 + I don't know what.
Something like steganography.
Thank you for your time.
Something I did once:
I used the the empty lines in file to save a unique code.
In each empty line I would put X spaces, when combined, they create the code. Example:
Hello, I am a file
[ ][ ]
[ ][ ][ ]
and this is another paragraph
[ ][ ]
[ ]
And so is this.
Code is 2321
Obviously, it isn't "protected" but the best place to hide stuff is in plain site, where nobody looks for it (until now :-) )
That will depend on the type of file first and foremost... if the file format does not have any non-functional space in it (meta-data slots), or space that can be re-purposed as such (low-order bits of image data), then you may be out of luck.
Also note that although you can come up with some scheme to encode this kind of information into files of certain types, there is no way to be absolutely certain that it cannot be taken out again by someone that knows what they are looking for (that is: I wouldn't bet the house on it being a fool-proof watermark).
If all you care about is having something that works most of the time, for a file format that has the space available, do something like you suggested, take a hash of the information so it is not immediately recognisable, and then put it into an available space inside your file format.
If you have images in your packages you can embed some information in images, there are PHP classes for that.
If you have an executable windows/linux file you can embed encrypted information in that file even without changing the file size! That approach was presented at DefCon '04, more info here: http://crazyboy.com/hydan/
If you want to mark PHP source code, whitespace steganography should be an easy and hopefully quite efficient technique. There are existing tools like SNOW.
As such steganography is not that hard to discover if the "attacker" has the least bit of perseverance in its search (or is lucky enough to stumble by accident on the fact that there are a bunch of different whitespace characters after the seemingly end of lines, which is not that improbable), you should make it so that once she has figured out how to change the mark, she won't be able to forge an another valid one.
Worst thing you could do would be to use a humanly readable name, for example. If you watermark your source code with "Alice J. Smith" and she wants to frame up Bob, all she has to do is watermark the source code "Bob C. Richardson" and leak it... Using some UUID seems like a good solution to me.