how to identify whether my PHP script is hosted by others
https://stackoverflow.com/questions/3872418
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am selling PHP script online at 35$ for a individual user
Is there any way to identify whether , my script is hosted by more than one user ..
Should i use any logic in my script to find his identity?
Is there an easy way to find the pirator
Please help me. (sorry for grammatical mistakes)
Solution
For example, somewhere in your script:
<?php
file_get_contents('http://yourserver.com/tranck_script_users.php?site='.url_encode($_SERVER['HTTP_HOST']));
?>
This way you will see which hosts use your script. Of course, anyone can remove this line from your script, there is no 100% way to know for sure.
OTHER TIPS
If you can, try to make simple calls to a server of yours to track the script usage, you should send the domain name and the IP. Use cURL for this. If your business logic permits this you can go as far as disabling the script functionality if tracking is not successful.
Because PHP is just plain text anyone can remove your tracking code portion. Try to obfuscate the code.
There is no reliable way in PHP to prevent someone else using your script. Because PHP uses just-in-time compilation, the source code can be read by anyone with access to the files. This means that any call-home logic you put into your script can easily be disabled. The best you can do is obfuscate it, but the code can still be edited by anyone with sufficient determination.
Your best solution is to use a good licence, or to develop in a language that can be distributed already compiled. With PHP, there is not a reliable way to prevent re-use of your source code.
I would urge you not to put any kind of call-home functionality into your script. First, it can be disabled, so is essentially useless. Second, it will cause significant delays even for legitimate users of your script. Finally, if you must put it in, it is vital that you tell your users that you are doing so.
There isn't much you can do to negate piracy with non-compiled scripts. Anybody can modify the source to remove whatever protections you have in place. You can, however, try to run the script through some sort of obfuscation tool, or otherwise try to manually "encode" the file, in much the same way a lot of PHP malware does. Obfuscation and this type of encoding can and will be beaten by somebody with enough time on their hands, though.
If you're willing to invest some money into the problem, you could check out IonCube Encoder or Zend Guard. Both of which will secure your script, and I know at least Zend Guard allows for per-server licensing. These solutions would require your end-users to have either the IonCube or Zend loaders installed, though.
There is no way to do this without (IMO) impacting the security/privacy of your users.
The only "clean" way to do this is to encode your scripts with a tool like IonCube (there are many others but never used them) and restrict the execution on a specific domain. The downside (you can also see this as a plus depending of your license scheme) is that the users can't see/modify your code.
