Creating a "calling home" php license key script?

Creating a “calling home” php license key script?

Does anyone know how to create a “calling home” php license script? I’ve been developing a PHP CMS for my company’s clients and want to protect the CMS from being used somewhere else without my knowledge.

I’ve been looking around Sitepoint about licensing issues and how to protect code you have written. I think instead of full out encryption, I want to go the route of using license keys that check to see if a domain is authorized to use the script. A pretty good description for a “calling home” license key script is here:

Does anyone know how to begin with this? Or is there a solution somewhere else I can grab? Can someone point me in the right direction?

Thanks for your help.

I think any “home-made” protection isn’t worth the time you spend on it.
You have to pay for a quality licensing / protection solution:

Zend looks like the way to go for the pro software distributor / developer. It’s a little advanced for my needs. What do you think of phpAudit ? It looks proffesional and more in the price range of a beginner software distributor / developer.

There a couple of cheaper tools out there: ionCube, source guardian etc

But seriously,

I’d be only happy if my software were widely used… PHP is open source and there is nothing you can do about this. Just change the point of view: dont try to protect the sources, get more customers and get paid for support, not for typing the code.

What about PHP Lock It ? I am using the demo and it seems it is working fine. :aparty:

And the price is only $30.00, I do not know if it offers good protection, anyone?


I’m not that worried about code being stolen. Just some way to say to clients, you are using a licensed product. Also to prove the cms exists (so some client’s nephew’s friends dog won’t come by, swipe the code, license it themselves, and prevent us from using it).

Another reason is to know who is using our software in case we decide to make the app some flavor of open source.

As no software is required to be installed on the target server, it falls into a class of systems that rely on hiding source and restoring it at runtime. This is fine as far as it goes, but the source can easily be exposed by making a minor change (one line) to the PHP source and rebuilding PHP. Exposing the code is easy as those solutions rely on passing restored source to the eval() function in PHP, and internally, calling a C function that parses a string with the source code in it before execution. Simply putting a printf() statement into the compile string function then exposes the source.

Solutions such as Zend and ionCube encode optimised compiled source. The difference is that the data being encoded has already been transformed from source into binary data before encoding, and so when restored at runtime, it’s the obscure binary data rather than source that is decoded from the files. That process happens inside a closed source component, and in those soilutions, the code is also executed inside the closed source component to keep the compiled code substantially away from the main PHP engine. The precompilation during encoding time, coupled with restoring of bytecodes rather than source, is a technque that delivers the ideal combination of both excellent security and runtime performance. For trivial scripts, where little value is at stake and hackers are unlikely to be interested, then frankly any encoding system may do, but for other cases, a bytecode system is the direction to look at.

Hope this fills in some blanks and helps.

Good luck!


I don’t know if you have found a solution to this but as a developer, there is always the option of creating your own system to do just what you need it to do. Whatever code you write you will need to communicate with your central server so you would need to ensure it is up and running. Another point to consider is whether your users have the ability to access URLs using the fopen functions since they are the most common ways of communicating through a PHP script. Have a look at the link in my signature for the system I develop (released today) :slight_smile:

I have a friend using PHP Audit and he totally recommends it. Check it out as it would definitely be a good investment for any web developer.

From what I heard PHP Audit kicks ****. If only there were enough hours in the day to pursue it. I’ll get around to looking into it. Definitely looks awesome.

Although it has only just been released, you should also try out iono which Olate develops. I’ve used the 30 day trial and is even better than PHP Audit!