Protecting PHP apps

neoserver

macrumors 6502
Original poster
Apr 24, 2003
335
0
I am building a calendaring/time-keeping product that I will eventually want to sell. I cannot afford Zend Encoder and i want to try and keep the product as a visible-source product, similar to vBulletin. I am thinking of using Licensing but how would i go about stopping someone from purchasing a license and removing all the license code in my product and repackaging it? There has to be a way otherwise companies like Invision and Jelsoft wouldn't make money?
 

superbovine

macrumors 68030
Nov 7, 2003
2,872
0
neoserver said:
I am building a calendaring/time-keeping product that I will eventually want to sell. I cannot afford Zend Encoder and i want to try and keep the product as a visible-source product, similar to vBulletin. I am thinking of using Licensing but how would i go about stopping someone from purchasing a license and removing all the license code in my product and repackaging it? There has to be a way otherwise companies like Invision and Jelsoft wouldn't make money?

you sue them. you won't be able to stop them from doing it. basically invision makes there money from support. people buy the license because they don't want to hire an "invision board expert" they can just pay a certain amount and they get tech support whenever someonething goes wrong. i am not sure about jelsoft. either way, the most expensive part of the software development cycle is support, so you might as well milk that that anyways.
 

neoserver

macrumors 6502
Original poster
Apr 24, 2003
335
0
superbovine said:
you sue them. you won't be able to stop them from doing it. basically invision makes there money from support. people buy the license because they don't want to hire an "invision board expert" they can just pay a certain amount and they get tech support whenever someonething goes wrong. i am not sure about jelsoft. either way, the most expensive part of the software development cycle is support, so you might as well milk that that anyways.
I see, I've been thinking about that... I guess that makes sense... I don't know why that didn't come to my mind in the first place... Thanks! :)
 

Makosuke

macrumors 603
Aug 15, 2001
6,154
343
The Cool Part of CA, USA
To give a similar example of a way to make money (or at least try to) off of a visible-source PHP project, there's SimpleMachines; it's completely visible source, and in fact free, but the developers at least try to make money by offering annual paid "charter memberships" that include priority support, access to betas, and installation of the software. You obviously need a moderately large userbase for that model to work, but someone at least is trying it.
 

neoserver

macrumors 6502
Original poster
Apr 24, 2003
335
0
Makosuke said:
To give a similar example of a way to make money (or at least try to) off of a visible-source PHP project, there's SimpleMachines; it's completely visible source, and in fact free, but the developers at least try to make money by offering annual paid "charter memberships" that include priority support, access to betas, and installation of the software. You obviously need a moderately large userbase for that model to work, but someone at least is trying it.
I'll have to watch to see how that goes as I work on my app... There are many options now that i have to think about. Thanks guys.
 

tideshark

macrumors newbie
Jul 19, 2005
15
0
Although I have never created a commerical script to sell to multiple clients, I am a PHP developer and there are several ways you could accomplish this:

Zend Encoder (which was already mentioned) is the most expensive, but also the fastest and compatible with the vast majority of web servers with PHP (since the "decoder" is the free Zend Engine, found on standard PHP installations). It's the nicest product since the top folks at Zend are the founders of PHP.

IonCube Encoder is very similar to Zend's product. Although it's less expensive, it's much less compatible with most servers because it's not on the standard installation. You need a server admin to install the IonCube loader, so you really cut your number of potential clients down. Even if they do have the loader, they might get confused/frustrated and choose a competitor's script.

Keep in mind with either Zend or IonCube, most developers only encode their "core" functions/processes, so it allows the end-user to edit/mod the code without being able to easily replicate the backend. The pluses to these is to the best of my knowledge, they've never been cracked and won't be soon.

Other solutions:

You could add a "phone home" portion to your script that sends a XML-RPC message or something of the sort. Just make sure you turn error-checking off in case someone's using your script on localhost, etc. Then you can manually see the site and make sure the license checks up with your database of users.

You can make parts of your "core" almost unreadable by man (it makes it look like gibberish and would make it difficult to mod). There are free programs out there that will do this for you. Although your users might not appreciate this.

In conclusion, people who have every intent of buying your script will and everyone who doesn't or won't pay to use it will either try to crack it or give up and use something else. Either way, it doesn't really matter - you're not getting the money. So, it's usually best not to make the encoding/licensing your primary concern. Focus on your clients, they've got the money, not the kiddies.
 

yg17

macrumors G5
Aug 1, 2004
14,888
2,480
St. Louis, MO
Unless you buy an encoder, there isn't much you can do. You can add some sort of license and protection in there and hide it in files, base64_encode the PHP code then pass it to eval. But all you're doing is making some script kiddie spend an extra 10 minutes to bypass whatever protection you have in there.

Thats why, as others have said, sell the actual script for cheap and charge for support. You can't pirate a good support staff that know what they're doing
 

neoserver

macrumors 6502
Original poster
Apr 24, 2003
335
0
yg17 said:
Thats why, as others have said, sell the actual script for cheap and charge for support. You can't pirate a good support staff that know what they're doing
Thats very true. :) I may just use a simple license file so that I can keep track of the users who want support and that i can verify that they are legitimate users.