What's the best way to code and distribute free trial license?

I sell a webscript which is written in the php language. What I want to do is create a license for each user and limit the script installation to one domain only.

Also, I want to distribute this same script as a free trial for 15 days. After that the user must upgrade. The script will call home to verify if the user has valid record in our server or not.

What’s the best and “hard to crack” way to distribute license in that way

I think another popular one is ionCube. However, I want my script to be self contained. That means the user should not need to install something extra to run my script.

I am not sure but I think Zend have requirement to install something extra to run the script.

Also, I want the license to be terminated remotely. For example, let’s say someone bought my script and immediately asked for the refund. I want the script to be stop functioning after I refund them.

I mentioned Zend Guard, which is commonly used for those purposes. I’m sure there are other encoders / obfuscators out there in the wild. Regarding activation status, you should distribute your script with a file that holds it. The status should be stored using encryption so it would be impossible to tell by looking at it what it means (active or not). Your script should be able to read (and write to) it and understand / modify the activation status. Once the script is active, you can stop polling the server once a day.

No I’m not talking regarding the legal aspects. I just want to make the license (“activation code”) hard to crack.

Ok, what’s the best software to do the encryption? Also, let’s say, my script check for the activation code and found the activation code valid then how should I activate the script? I mean where should I store the data something like: Activated =1

Storing it in the database/file will make it too easy for others to crack.

If you are talking about the legal aspects, I recently wrote an article about software licensing which you might find relevant.

Regrading your “hard to crack” requirement - there are some basic actions you can take, but keep in mind that they will make it hard for clients to modify and adapt your script (if you want to allow them to do so). First, you can encrypt your script using something Zend Guard, which creates an obfuscated version of the script (no longer readable in a normal manner). Second, you can have the script make a check when it runs and at a certain time once a day check back with your server to see if expiration has expired.

I would use ioncube for this, if security is not foremost, you can use base64 encode/decode but this is not security.
You will have to have a validate script running or something to trigger it.
get the md5 hash on that file.
Take your core functions that are vital to making it work but will not take away from leaving a majority of code intact.

then with file_get_contents, compare that to the md5 hash of your validate script

If your validate script has been altered the md5 will not match and do exit;
In your function script you can do a file_get_contents of your validate script (which will call your sever every time) and respond Y or N, just like your md5 comparison you can do
if $resp != ‘Y’

This will neuter your script by killing the functions script.

You will need to encrypt at least your function script or anyone could comment out // exit;

There must be other ideas out there also.