what is file verification system for php project or licence checking the configuration files

StackOverflow https://stackoverflow.com/questions/4544637

Question

My colleague asked me a question like "license check to config file".

when i searched i got this

http://www.google.com/search?q=file+verification+system&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

and in the result i got this http://integrit.sourceforge.net/texinfo/integrit.html but could not grasp much of its idea.

Here is my thoughts...

Our project is written in codeigniter. The project owner is providing it to their customer. The owner is a business partner with that concept. Besides, the owner needs control of the project code so that the customer will not break rules with him like changing the code or moving it go another server or validity.

So the owner needs a system to enable disable the site. Let me give an example...

owner.com will have an admin panel where he can either disable or enable the client.com.

when he disables the client.com should display a custom message instead of loading the files.

client.com is written i a way that i will process requests from owner.com and also the other way round.

so, here i want a list of the concepts with which we can implement the ownership and control over client.com

any suggestions, links, references, answers will be helpful.

If i am missing something in my question i will update my question according to your comments if any so that the users can give in their idea without confusing of what i had asked.

THX

Was it helpful?

Solution

Most of your Problems can be solved with ioncube. http://www.ioncube.com

Ioncube allows you to encrypt php code and has a quite powerfull license managment system. You will however have to implement the admin console yourself.

OTHER TIPS

Zend Guard would allow you to encode the source and require the licenses for running the files. The license may contain expiration dates, feature lists, etc.

Since the app is written in php , i don't think there is any way you can secure it to one server alone since php is plain text anybody can modify the part of the code where you test if the key is valid or not ( not eaven if you test it on you're own server eg: when the app is runned you make a curl request to one of you're own servers and test if the key is valid or not , based on the response the app shuts down or continue to run , but as i sayd since this is plain php you can't make it work couse anybody can edit a few lines of code and make everithing run perfectly without any tests for a key at all ) , you could probably use some external binary file but again since the app code is plain text ... looking forward to see if there is any way of securing an php app to run on a server alone

p.s. ah , forgot about hiphop php witch turns you're php project into a c ( or is it c++ ? ) program and that can be secured better , but i don't know how it handles large frameworks ...

Edit

HipHop-PHP if you can use it , you're app will turn from php into a binary program , this way nobody has access to you're php code + it will run faster than just plain php , worth a try

Update

Oki so as the last reply suggested , you can use ioncube or anyother php code encription , i did a fast test with ioncube evaluation , using this you need to load a php extension on the client side witch in some cases might not be viable since clients hosts may not allow this , you need to concider the environment in witch you're app will run and it should be as wide as possible ( eg. would anybody buy an app if they have to change they'r web hosting plan/company , to allow the ioncube php extenstion to be loaded ? ) , plus decripting a whole framework like codeigniter whont be fast witch in turn raises more problems eg. caching ...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top