any idea about protect php script using licence key !

shyaminayesh

hey friends, i'm making small script for support ticket system using PHP. i want to protect my script using licence key. but i have no idea how to do it. can anyone have idea for it. how boxbilling WHMCS and so many scripts are using licence keys ... ?

alex

1. generate random key and store it in database
2. write procedure to call home and check the key provided against the one stored
3. check if only one IP using the same key, and if so - validate
4. encrypt the file with the procedure with IONcube or similar

and remember: no method is 100% hacker proof

Makkesk8

What ever you do. Don`t encrypt anything with ioncube. On multiple forums they offer decoding for $1 per file, and bulk prices are also available. SO never encode anything with this horrible encoder.

Best option would be to host the script on your webserver and just make a subdomain for their use.

vRozenSch00n

@shyaminayesh Do you mean you want to encrypt your script and people who wants to use it have to enter a license key?

Jono20201

@Makkesk8 said: Best option would be to host the script on your webserver and just make a subdomain for their use.

Many companies wouldn't buy this due to trust issues and there are likely some legislation preventing it.

Corey

@Jono20201 said: Many companies wouldn't buy this due to trust issues and there are likely some legislation preventing it.

BULL - we use virtpanel... this is what they do...
@jarland also uses virtpanel.

joepie91

The short answer: don't bother.

No methods are going to be foolproof if it runs on someones server, and things like Ioncube are only going to inconvenience legitimate users. Just don't do it.

Awmusic12635

Or you could always buy whmcs and their license addon module which lets you do just that.

Rallias

@Jono20201 said: likely some legislation preventing it.

HIPPA comes to mind.

@joepie91 said: No methods are going to be foolproof if it runs on someones server, and things like Ioncube are only going to inconvenience legitimate users. Just don't do it.

Unlike you, not everyone wants to license their code WTFPL.

shyaminayesh

hi friends i make a simple API to validate licence keys, but now i need to encrypt my index.php file.

@Makkesk8 said: Don`t encrypt anything with ioncube. On multiple forums they offer decoding for $1 per file, and bulk prices are also available.

oopz ... any other method to encode my index.php file ...

shyaminayesh

oh shit ... they give free option to try decode ioncube ...

http://www.decry.pt/packages/

marcm

@shyaminayesh

I am sorry to burst your bubble, however you are focusing on the wrong thing. For example for $21 you can purchase an Open Source support ticket system on CodeCanyon.net: http://codecanyon.net/item/responsive-bootstrap-support-ticket-system/3343447?WT.ac=search_thumb&WT.seg_1=search_thumb&WT.z_author=tahadaf

Heck, for $105 you can get an extended license, modify and resell it. Don't worry so much about encrypting it, it's not exactly the sort of product that is in high demand, neither does anyone need to look at your source code.

My advice, sell it with an owned license for something like $50 and then charge $15 every year. Or you pick your prices, I'm just giving you an example.

shyaminayesh

@marcm : just $1 per month is my plan ...

marcm

@shyaminayesh - so you will struggle to make a profit yet you want to encrypt it and keep your customers on a leash. Doesn't make much sense. Anyway, look at PHP Live!, they don't encrypt their PHP code, yet no one is trying to steal it.

shyaminayesh

@marcm said: Anyway, look at PHP Live!, they don't encrypt their PHP code, yet no one is trying to steal it.

so finally i'm going with ioncube ...

superpilesos

Create an apache module that downloads encrypted php code from your own webserver (with appropriate authentication) and decrypts+passes it over to the php handler. it suddenly becomes a lot harder to crack to someone without experience in reverse engineering.

shyaminayesh

@superpilesos said: it suddenly becomes a lot harder to crack to someone without experience in reverse engineering.

oopz ... thank you very much for the idea ...

hey friends if you have any idea for a name to support ticket system ... ?

marcm

@shyaminayesh said: hey friends if you have any idea for a name to support ticket system ... ?

@shyaminayesh - Here is a suggestion: "DollarDesk".

joepie91

@Rallias said: Unlike you, not everyone wants to license their code WTFPL.

Or you could, like, read the argument I gave for not doing it, rather than trying to turn this into a personal attack.

@shyaminayesh said: so finally i'm going with ioncube ...

Why even post if you're not going to listen to responses anyway?

@superpilesos said: Create an apache module that downloads encrypted php code from your own webserver (with appropriate authentication) and decrypts+passes it over to the php handler. it suddenly becomes a lot harder to crack to someone without experience in reverse engineering.

That is an absolutely terrible idea and probably one of the most insecure and dangerous suggestions I've seen on here in a while.

lbft

@superpilesos said: Create an apache module that downloads encrypted php code from your own webserver (with appropriate authentication) and decrypts+passes it over to the php handler. it suddenly becomes a lot harder to crack to someone without experience in reverse engineering.

If you do that, breaking into the master server doesn't just mean license fails, but remote code execution on however many webservers are actually using your product. Wow.

All for no real protection (bearing in mind that PHP still has to be able to read the code to execute it).

shyaminayesh

hey hey ... i don't thing anyone try to nulled my script ... so i finally suggest to use my system with simple API and ioncube ...

raindog308

@Rallias said: HIPPA comes to mind.

How many hospitals read LET? :-)

shyaminayesh

Noerman

Encrypt the naked code on client and server side -> I use PHP LockIt! (I can't afford the others)

Use license code, callback to home, lock by IP (on client and server side), lock by domain and many more.

shyaminayesh

@Noerman : yeah ...

Raymii

@raindog308 said: How many hospitals read LET? :-)

Me :P

Intcs

If it's a serious project I'd do what vBulletin does since it's one of the most widely used paid php software. And even though next to every release a nulled/pirated version that doesn't tell vBulletin about your site, is being released, however for several reasons you still hardly see any forum hosted on a nulled version of it, so obviously their strategy works.

Wintereise

vBulletin's strategy is threatening to sue -> lawsuits, it works amazingly well, no surprises there :P

Intcs

@Wintereise said: vBulletin's strategy is threatening to sue -> lawsuits, it works amazingly well, no surprises there :P

:P Do they have an army of lawyers? they collect tons of money anyways
But it might be as well due to they offering single lifetime licence, lifetime updates bundle. And maybe it's use as well, since I don't believe someone wants to host a community on a pirated version, when anyone feels bad might send your site url to vbulletin..

superpilesos

vbulletin's "anti piracy" does not work at all.
They send this to the host

Hello,

We have noticed that you are using vBulletin on your website "" and are unable to locate a license for you in our records. If you currently have a vBulletin license, we would greatly appreciate your providing it to us, along with your contact information, so that we may update our records. You can send this information to us via email at [email protected] or give us a call at 1-877-326-6444.

If you do not have a license, we would invite you to visit www.vbulletin.com and purchase a license to use on your website.

If for any reason you do not have a license and do not wish to purchase one, we would ask that you discontinue using vBulletin at this time. Utilizing an unlicensed version of vBulletin is illegal and we sincerely hope that is not the case in this instance.

Thank you and we look forward to hearing from you.

.. and nothing else.

Intcs

@superpilesos said: vbulletin's "anti piracy" does not work at all.

They send this to the host
.. and nothing else.

@Wintereise said: vBulletin's strategy is threatening to sue -> lawsuits, it works amazingly well, no surprises there :P

Well, there could be some further action? since even if you're out of US/EU they can report you to the host, or the host himself might figure soon or later and send a warning->ban, especially if that host was located in US/EU which is inevitable, also do you have updates/hotfixs with nulled? Since afaik you can't update regularly, which isn't safe. Also, I'd prefer a member sending some DDOS over trouble with vbulletin/host