Solved

How can I protect my PHP code by scrabbling the source

Posted on 2008-10-30
5
367 Views
Last Modified: 2009-11-02
Hello

I've written a site in PHP and my client is worried that the source code could be accessed/modified by their clients. I suggested that we could scrabble the source code so it still functions the same way but when you look at the code most of the variables, custom function names, etc are changed to prevent a PHP programmer from understanding the code well enough to make changes.

Does anyone know of a way or an existing piece of software to do this.

Regards

Jonathan
0
Comment
Question by:jwfranklin
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
alain34 earned 168 total points
ID: 22842905
Hello jwfranklin,

You should use a php obfuscator. Use your favorite search engine and pick one. Free and commercial obfuscator are available.

http://www.semdesigns.com/Products/Obfuscators/PHPObfuscator.html

Regards,

alain34
0
 
LVL 4

Expert Comment

by:MattKenefick
ID: 22842959
@alain34

Can he find it if he uses his least favorite search engine?

:) Kidding!
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843739
The most fool-proof way to do this is to use Zend Gaurd or IonCube:
   http://www.zend.com/en/products/guard/
   http://www.ioncube.com/

Unfortunatly both these products cost money and require hosting companies to provide support.

All other options can be hacked to some degree.

However you can use a combination of tricks to achieve good protection.

Take a look at PHP's native tokenizer support:
http://www.php.net/tokenizer

This can be used to break your code into such small pieces (very close to compiled) that it would be nearly impossible to get the original source code.

PHP Trasher uses this and other methods to obfuscate code:
http://www.phpclasses.org/browse/file/7000.html
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843897
Also, before you obfuscate your code you should first add something in your code to prevent it from working on unauthorized websites.

The following code will cause your application to fail unless it is run from example.com or any sub-domain of example.com such as:
         www.example.com
         subdomain.example.com
         www2.example.com

If some one tries to run this from www.hacker.com it would fail.

<?php
 
$domainName = "example.com";
if ($domainName != substr($_SERVER['HTTP_HOST'], 0 - (strlen($domainName))))
   {
   echo "This application will not work on this website.";
   exit;
   }
 
?>

Open in new window

0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question