• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 390
  • Last Modified:

How can I protect my PHP code by scrabbling the source

Hello

I've written a site in PHP and my client is worried that the source code could be accessed/modified by their clients. I suggested that we could scrabble the source code so it still functions the same way but when you look at the code most of the variables, custom function names, etc are changed to prevent a PHP programmer from understanding the code well enough to make changes.

Does anyone know of a way or an existing piece of software to do this.

Regards

Jonathan
0
jwfranklin
Asked:
jwfranklin
  • 2
3 Solutions
 
alain34Commented:
Hello jwfranklin,

You should use a php obfuscator. Use your favorite search engine and pick one. Free and commercial obfuscator are available.

http://www.semdesigns.com/Products/Obfuscators/PHPObfuscator.html

Regards,

alain34
0
 
MattKenefickCommented:
@alain34

Can he find it if he uses his least favorite search engine?

:) Kidding!
0
 
hankknightCommented:
The most fool-proof way to do this is to use Zend Gaurd or IonCube:
   http://www.zend.com/en/products/guard/
   http://www.ioncube.com/

Unfortunatly both these products cost money and require hosting companies to provide support.

All other options can be hacked to some degree.

However you can use a combination of tricks to achieve good protection.

Take a look at PHP's native tokenizer support:
http://www.php.net/tokenizer

This can be used to break your code into such small pieces (very close to compiled) that it would be nearly impossible to get the original source code.

PHP Trasher uses this and other methods to obfuscate code:
http://www.phpclasses.org/browse/file/7000.html
0
 
hankknightCommented:
Also, before you obfuscate your code you should first add something in your code to prevent it from working on unauthorized websites.

The following code will cause your application to fail unless it is run from example.com or any sub-domain of example.com such as:
         www.example.com
         subdomain.example.com
         www2.example.com

If some one tries to run this from www.hacker.com it would fail.

<?php
 
$domainName = "example.com";
if ($domainName != substr($_SERVER['HTTP_HOST'], 0 - (strlen($domainName))))
   {
   echo "This application will not work on this website.";
   exit;
   }
 
?>

Open in new window

0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now