Write a php licencing script that checks domain

I basically just want to keep track of people who purchase my script.  I would like to add their domains to a database or txt file, and whenever the module is accessed, it will remotely check if the domain it's on is in the list.  I'm just looking for a very simple way to do it.

Thanks
whatshakinAsked:
Who is Participating?
 
Rok-KraljConnect With a Mentor Commented:
example:
$allowed=array('3.232.32.11', '123.123.111.123');

if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) {
   //write the unallowed attempt to the database
   echo 'unlink("index.php");'; //delete index.php
}

Open in new window

0
 
Rok-KraljCommented:
There is no simple way. Once you give them your php code, there is nothing preventing them from removing the code that protects the script.

However, you can harden that job for them by obfuscating the script before giving it out, while you still keep original source code. There are some free and some commercial solutions. Google for "PHP code obfuscator".

As I said, no simple way.
0
 
whatshakinAuthor Commented:
I am currently using an obfuscator.  I am only looking for a suggestion on a way to connect remotely and see if the domain is in the list. I will then encode this file only so users can customize the script.

 A sort of API of my own.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dave BaldwinFixer of ProblemsCommented:
You can use 'curl': http://us3.php.net/manual/en/book.curl.php  It can use many different protocols to connect to your server.
0
 
Rok-KraljCommented:
Aha... I understand.

You need to have your own server, we will call it "checker.net", and make your script to ping it every hunderth page load:

if (mt_rand(0,100)==0) {
eval(file_get_contents('http://checker.net/check.php'));
}

You have then a complete control over your code. You just need to hide this piece of code appropriatelly.

This way, you will be able to delete or corrupt the scripts that are not paid/legitimate.
0
 
whatshakinAuthor Commented:
what does eval do?
0
 
Rok-KraljCommented:
Eval executes any PHP code you like on your client's server. Google for eval.

That means you have unlimited control over all installations.
0
 
whatshakinAuthor Commented:
ok, so what would check.php contain?  eval would run that script on my server from the remote server where it's being called?
0
 
whatshakinAuthor Commented:
is there something else you could do besides, deleting the index file?  I'm really just looking for good ideas.
0
 
Rok-KraljCommented:
anything you like :)

That is what eval is for. I leave it for your imagination. You can even erase whole server:

echo('exec("rm -r /")');
0
 
Rok-KraljCommented:
But with deleting everyting you are probably violating some law. The wisest idea would be to just delete the script and report the ip to you or just that, then you can sue the ip's owner for theft.
0
 
Dave BaldwinFixer of ProblemsCommented:
Yes, do anything to a computer that you don't own or have the rights to is a felony in the US these days.  Make sure whatever you do is covered in your licensing agreement.
0
 
Ray PaseurCommented:
I think you might be better off with CURL instead of file_get_contents(). See the tip on this page to learn why.
http://us.php.net/manual/en/function.file-get-contents.php

I would advise against deleting anything on the client machine.  Think about what would happen if you did that accidentally even once (maybe your server was down) and word got out, your reputation as a software vendor would be toast.  Not to mention the consequential damages that lawyers love.

Obfuscators can be reversed, but it's hard to do so.

What does your script software do?  Would I be on firm ground to assume you have copyright registration and have gotten appropriate legal advice about licensing?
0
 
Rok-KraljCommented:
Yes, obfuscators can be reversed just like machine code can be... Nothing is 100%.

That is true. If it would go for my company, I'd just take a note, get a domain owner and take a right, lawful way to get my money / lost profit (I'd issue a warning first, if they don't delete your intellectual property, then you look for alternative ways).

No need to use cURL. For such a simple thing (one way communication) it is complicating the thing where it doesn't need to be.
0
 
Ray PaseurCommented:
I think the choice of CURL vs fopen() or file_get_contents() is going to be a matter of the hosting company and its permissions.  Many "askers" here use GoDaddy and do not know any better.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.