oo7ml
asked on
Secure PHP Code
Hi, i have created a new web template with an integrated CMS... i am selling the package to small clients for a very small fee.
I am worried that a client could copy the template and database give it to someone else...
Is there a way to stop this, such as securing the code by referencing php include files from my server or any other method... thanks in advance
I am worried that a client could copy the template and database give it to someone else...
Is there a way to stop this, such as securing the code by referencing php include files from my server or any other method... thanks in advance
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
The problem is that any script can either be replaced or the call to it disabled. With an interpreted script like PHP, there really is very little code security.
One option might be to use obsfucation where the code is altered to make it very hard to follow or modify but is still executable. For instance this code
becomes this code
You always keep a copy of the original code and always work on that. These things can be reverse engineered to an extent, but I think you get the point. Obfuscators are available on some IDEs or at source forge.
One option might be to use obsfucation where the code is altered to make it very hard to follow or modify but is still executable. For instance this code
<?php
// Output the main stories
//
if ( $mainNews > 0 ) {
$keys = array_keys( $idCodes );
$t .= noEcho("<div class='mainNews'>");
for ( $i=0; $i < $mainNews; $i++ ) {
$pageId = ( $stories[$i]->getNeCategory() == 1 ) ? $cat2 : $cat1;
$url->addParameter("news", $storyIds[$i] );
$url->addParameter("pageId", $pageId );
$link = "<a href='{$url->rtvAmpUrl()}'>";
$t .= "<div class='popularNewsTitle'>".$link . $stories[$i]->getNeTitle()."</a></div>";
// 002 $t .= "<p>" . $idCodes[$keys[$i] ] . " views</p>";
$t .= "<p></p>"; // 002
}
$t .= noEcho("</div>");
}
becomes this code
<?php
/*******************************************\
| Source code obfuscated by Code Eclipse |
| http://www.codeeclipse.com/ |
| Complete protection, total compatibility! |
\*******************************************/
$x17="ar\x72a\171\x5f\153\145\x79s";
if ( $x0b > 0 ) { $x0c = $x17( $x0d ); $x0e .= noEcho("\x3c\x64\151\x76 c\154\141s\x73\x3d'\155a\151\156\x4e\x65\167\163'>"); for ( $x0f=0; $x0f < $x0b; $x0f++ ) {$x10 = ( $x11[$x0f]->getNeCategory() == 1 ) ? $x12 : $x13;$x14->addParameter("\156e\167s", $x15[$x0f] );$x14->addParameter("\160\x61g\145\111d", $x10 );$x16 = "\074\x61 \150\x72\145\146\075'\x7b$x14->rtvAmpUrl\050\051\x7d'\076";$x0e .= "<\144\151v\x20\143l\141ss\075'\x70\157p\x75la\x72\x4eews\x54\151\x74le'\x3e".$x16 . $x11[$x0f]->getNeTitle()."</a>\074\x2f\x64\151v\076"; $x0e .= "<p\x3e\074\x2f\x70>";} $x0e .= noEcho("</\144\x69v\x3e");}
You always keep a copy of the original code and always work on that. These things can be reverse engineered to an extent, but I think you get the point. Obfuscators are available on some IDEs or at source forge.
ASKER
Thanks, i will try this
Just remember to use the obfuscator on a COPY of your code and not on the original version.
then the easiest way would be to use php encoding
one online tool is this:
http://www.byterun.com/free-php-encoder.php
it will encode the code into hex like string.
one online tool is this:
http://www.byterun.com/free-php-encoder.php
it will encode the code into hex like string.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
PHP
PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.
125K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
If the basename does not match the key, then the site won't load...
I know a programmer could find this script / coding in my code but i could try make it hidden as best i can