Asked  7 Months ago    Answers:  5   Viewed   36 times

I create software using PHP. I'm going to sell this software so I need to protect my source code so that nobody can view it. How can I protect my PHP code so that the software still functions the same?

I also need to bind the software to a particular, authorized PC. It should not run on any other PC. How can I do that? Should I encrypt using LAN MAC address? Does anyone have any other ideas?



I put together the following list a ways back - don't know if they are all current, or how many are now free, but you should find something useful here:


  1. Wikipedia article: PHP Accelerator
  2. Comparison of APC, Zend, xCache, & the Zend Framework


  1. Safeyar (Best)
  2. PHP's APC (PECL page)
  3. RoadSend
  4. Turck-mmcache
  5. eAccelerator
  6. PHP-Accelerator
  7. SourceGuardian
  8. NuSphere Nu-coder
  9. Gridinsoft
  10. IonCube SA-Encoder.php

Another thread on SO that adds a few more (check it out):

Can I encrypt PHP source or compile it so others can't see it? and how?

  1. Zend Guard
  2. BCompiler (PECL page)
  3. PHC
Wednesday, March 31, 2021
answered 7 Months ago

I agree with the comment, what you are doing is very underhanded, but after 10 years in this biz I can attest to one thing: Half the code you get is so convoluted it might as well have been minified, and really function/var names are so often completely arbitrary, i've edited minified js and it wasn't much more of a hassle than some unminified code.

I couldn't find any such script/program, most likely because this is kind of against the PHP spirit and a bit underhanded, never the less.

First: Php isn't white space sensitive, so step one is to remove all newlines and whitespace outside of string.

That would make it difficult to mess with for the average tinkerer, an intermediate programmer would just find and replace all ;{} with $1n or something to that effect.

The next step would be to get_defined_functions and save that array (The 'user' key in the returned array), you'll need to include all of the files to do this.

If it's oo code, you'll need get_defined_classes as well. Save that array.

Essentially, you need to get the variables, methods, and class instances, you'll have to instantiate the class and get_object_vars on it, and you can poke around and see that you can get alot of other info, like Constants and class vars etc.

Then you take those lists, loop through them, create a unique name for each thing, and then preg_replace, or str_replace that in all of the files.

Make sure you do this on a test copy, and see what errors you get.

Though, just to be clear, there is a special place in hell reserved for people who obfuscate for obfuscation's sake.

Check out: get_defined_functions get_declared_classes and just follow the links around to see what you can do.

Wednesday, March 31, 2021
answered 7 Months ago

Don't use include(), read the contents of the file and print them instead (don't forget to escape).

In your case $path is user input, you should make sure that no sensitive informatin can be accessed. Using basename($path); makes sure that no directory traversal is possible.

    // $path = basename($path);
    $html = file_get_contents("files/".$path);
    echo htmlspecialchars($html);
Saturday, May 29, 2021
answered 5 Months ago

There's a bunch of PHP obfuscators. Probably several of them can do something like this.

Our Thicket PHP Obfuscator will obfuscate literal strings exactly this way, and will preserve system function identifiers such as "session_start" in this fashion, so it could be ours.

Saturday, May 29, 2021
answered 5 Months ago

Found a solution on the CI forums.

Exchange Email Class Patch

It is initiating TLS after SMTP server has been connected.

Worked for me. Jeff

Saturday, May 29, 2021
answered 5 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :