Solved

How can I protect my PHP code by scrabbling the source

Posted on 2008-10-30
5
360 Views
Last Modified: 2009-11-02
Hello

I've written a site in PHP and my client is worried that the source code could be accessed/modified by their clients. I suggested that we could scrabble the source code so it still functions the same way but when you look at the code most of the variables, custom function names, etc are changed to prevent a PHP programmer from understanding the code well enough to make changes.

Does anyone know of a way or an existing piece of software to do this.

Regards

Jonathan
0
Comment
Question by:jwfranklin
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
alain34 earned 168 total points
Comment Utility
Hello jwfranklin,

You should use a php obfuscator. Use your favorite search engine and pick one. Free and commercial obfuscator are available.

http://www.semdesigns.com/Products/Obfuscators/PHPObfuscator.html

Regards,

alain34
0
 
LVL 4

Expert Comment

by:MattKenefick
Comment Utility
@alain34

Can he find it if he uses his least favorite search engine?

:) Kidding!
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
Comment Utility
The most fool-proof way to do this is to use Zend Gaurd or IonCube:
   http://www.zend.com/en/products/guard/
   http://www.ioncube.com/

Unfortunatly both these products cost money and require hosting companies to provide support.

All other options can be hacked to some degree.

However you can use a combination of tricks to achieve good protection.

Take a look at PHP's native tokenizer support:
http://www.php.net/tokenizer

This can be used to break your code into such small pieces (very close to compiled) that it would be nearly impossible to get the original source code.

PHP Trasher uses this and other methods to obfuscate code:
http://www.phpclasses.org/browse/file/7000.html
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
Comment Utility
Also, before you obfuscate your code you should first add something in your code to prevent it from working on unauthorized websites.

The following code will cause your application to fail unless it is run from example.com or any sub-domain of example.com such as:
         www.example.com
         subdomain.example.com
         www2.example.com

If some one tries to run this from www.hacker.com it would fail.

<?php
 

$domainName = "example.com";

if ($domainName != substr($_SERVER['HTTP_HOST'], 0 - (strlen($domainName))))

   {

   echo "This application will not work on this website.";

   exit;

   }
 

?>

Open in new window

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now