How to encrypt PHP source code and require "Activation Key"

tickedon · December 14, 2005, 6:37am

Certainly not (imo anyway). The reason it doesn’t require anything extra is that it’ll just be using standard PHP functions for encrypting and decrypting - the most it can do is hide/obfuscate the functions with other php functions, and so it’d be relatively simple to follow them back and get at your source code.

Ideally, you’d have a Zend and ionCube license. If a user’s server has the Zend optimiser installed they’d pick the Zend encoded version of your product. If they don’t have Zend, they’d choose ionCube which should work fine in 99% of cases with the ionCube run-time loaders.

dreamscape · December 14, 2005, 2:34pm

Both ionCube and SourceGuardian support dynamic loaders. This means that the person doesn’t have to install any additional server software. You just package the loaders are part of your application, and the encoded script will search for them and load them so it can run the script. There is nothing for them to install beyond your application.

The majority of people should not have any problems with dynamic loaders on their hosting account.

triexa · December 14, 2005, 4:40pm

I never heard of this/was aware of the possibility!

Why don’t they do this 100% of the time, making the ionsube or zend optimizer/etc. software not required, at all?

Luke_Redpath · December 15, 2005, 12:57am

I’m speculating completely here, but I’d imagine there is a performance hit with the dynamic loaders. Just a hunch.

cianuro · December 15, 2005, 1:21am

Of course, but only if the application is huge. In most cases, it is not.

33degrees · December 15, 2005, 2:20am

Some (maybe most?) hosts have dynamic loading disabled, because it’s possible to exploit it to inject code into apache.

hstraf · February 10, 2006, 10:54am

Some hosts have php safe_mode turned on, which does not allow dynamic loading of the runtime module needed to decrypt the code.

In that case, you’re limited to using zend, since it’s installed by default by almost every php install.

(Or, if the host is nice, they will modify their php.ini file to load the required loader files for sourceguardian/ioncube.)

ioncube · February 12, 2006, 4:42pm

In that case, you’re limited to using zend, since it’s installed by default by almost every php install.

From both our observations and from what we are told by end users, the opposite is typically the case. Many hosts have neither Zend Optimiser nor the Loader installed, and it’s never installed “by default” on any PHP install. ZO is a proprietary product from Zend technologies, and not part of the PHP distribution. A host has to make a conscious decision to install either ZO or the Loader, dependng on which encoding technology someone has used. Most hosts are receptive to customer requirements and respond positively to such requests, but tend not to blindly install extensions prior to there being such a request, not least because it simplifies the PHP upgrade process for their servers, and because there is no good reason or positive benefit to install ZO or the Loader unless supporting a customer with encoded files.

So in general, provided that a user chooses one of the mainstream encoding systems such as Zend or ourselves that have a long history and proven track record, having enoded files one run way or another is not typically a problem.