ansaurus

Question

Answer 1

A:

You need PHP encoding software to do this. There are downsides to doing this of course, the main one being that in order to run your code, the target environment needs the proper decoder set up.

IonCube is one product that accomplishes this. Zend Guard is another. Before you go this route, I'd suggest you learn more about the products and decide if it's worth it for you. There are several threads on SO about using PHP encoders that are full of good information.

zombat 2010-01-24 02:08:38

thanks for totally not answering my question. im aware of the other articles on SO, im just trying to see if anyone might have came up with a similar solution.

John 2010-01-24 02:16:23

No need to be rude. I did answer your question... you asked for a method of distributing your code without it being able to be read by anyone. PHP encoders are your answer.

zombat 2010-01-24 02:25:26

Thanks. With "PHP encoding" in the title of my question I can't even begin to think how you came up with that answer.

John 2010-01-24 04:42:42

Look, the only question mark in your entire question followed the *extremely descriptive* line of "Any ideas?". Other than that, your "question" is an unspecific rambling about remote-key encoding, prefixed with "if possible", not "must use". You didn't mention that you were aware of existing encoders and that you didn't want to use them until much later after you got a bunch of answers all saying the same thing. Clearly the answers aren't the problem, it was your question.

zombat 2010-01-24 05:10:22

Hmm, now a downvote? You're a classy individual.

zombat 2010-01-24 06:05:33

Answer 2

A:

You could do something like this in a file included by all the others:

if (file_get_contents('http://your.domain.com/getKey.php') != 'verySecretCode')
{
    die('pay me');
}

And then you'd have to encode the file with Zend Guard or similar.

Your server needs to be online 24/7 otherwise you'll have problems (or you could code a more robust system). Either way, for every request the server of your client will make a HTTP request to your server.

Zend Guard is the best, but if you don't have any money to spend you could try bcompiler.

Alix Axel 2010-01-24 02:12:45

yeah the files will be available on demand, just can't fork over the money for the encoder.

John 2010-01-24 02:23:50

@John: Check my update.

Alix Axel 2010-01-24 02:32:03

thanks again alix

John 2010-01-24 05:58:33

Why the down-vote?

Alix Axel 2010-01-24 06:45:08

So the correct answer is the one that is specifically what the original poster didn't want to do? Pay for an encryption service?

MidnightLightning 2010-01-24 06:45:36

@MidnightLightning: First, the OP edited is question to reflect is needs after I had answered him. Secondly, have you read my whole answer? Specifically the `bcompiler` part?

Alix Axel 2010-01-24 06:48:06

As someone who also would be interested in a low-cost, secure solution to this question (the solution I've arrived at currently is my answer; splitting the Model/Controller/View and keeping part on the server, and part with the client), and if the above answer's only merit is bcompiler, it could be reduced to "try bcompiler", which is really not a helpful answer (how do you compile on one OS and decode on another? Any scripting frameworks for a bcompiler encode/decode you care to provide?), hence I agree with the down-vote.

MidnightLightning 2010-01-24 21:24:01

Answer 3

A:

Look into something like IONCube encoder. Works like your asking - and its not spinning your own solution (its got support, a good track record, documentation, etc).

IONcube isn't your only choice - google around. Zend offer's something also.

Mr-sk 2010-01-24 02:14:10

thanks, but im looking for the poor mans solution. lol

John 2010-01-24 02:20:36

Answer 4

+1 A:

You could run your own webserver, strip some of the key methods out of your code and refactor them into webservices that you would host on your server. So if they dont pay, you just shut off your server and boom... the app breaks.

a432511 2010-01-24 02:28:04

brilliant, idk why i didn't think of this exactly. - i thought of hosting the entire class, as it's basically a stand alone script that gets crond every night, but it works with an API that restricts the curl requests to one IP, his IP, lol. but never thought of just doing parts of it, smart thinkin ;) thanks

John 2010-01-24 02:36:15

No problem. I love questions like this.

a432511 2010-01-24 17:15:37

Answer 5

+1 A:

Unless you reverse engineer the bytecode encryption that IONCube or Zend Guard does, your code is going to have some form of an "if ($authorized == "mysekritcode")" line somewhere. You can obfuscate that, but a malicious user could just change it to "if (1==1)" and bypass any obfuscation.

Instead, if your code can be separated into Model/View/Controller, and the client can be handed over only the "View" component (and maybe the Model), and have the "Controller" component act as a web service on your server, that gives them the functionality, but needed security.

MidnightLightning 2010-01-24 02:32:16

awesome, but i gotta give the credit to a432511, thanks for taking the time to answer my question though.

John 2010-01-24 02:38:05

ansaurus

tags:

views:

answers:

PHP Encoding with a Remote Key?

related questions