I have a script, and I sell it to some people. I need a way to make sure that my script won't work on any website that not in my clients list.
First of all, I am using IonCube to encrypt my PHP code.
I have all my clients in my server database.
Each Client has a domain name, email, name, phone.
What is the best method to avoid making people from stealing my script?
I read about making a license key in the script, so any script without license won't work. However, there are many ways to generate a license key without taking my permission right?
All I need is to not activate any script in any domain name, unless I have it in my clients list.
Your question is very interesting because way too many php developers wonder the same thing. How can I protect my product from being stolen and copied?
Some of the comment talk about not being greedy, but the truth is that many people program for a living, so it isn't a matter of just some software you built as a hobby, it is your work and you deserve to get paid for it, just like any other profession.
Sadly, PHP is a language that is very hard to protect, but I will give you a few pointers:
1) Don't trust encryption: I have seen way too many tools for un-encrypting code, even some tools that I used to trust like Zend Guard, are also vulnerable. The most advanced tools I have seen can reveal your code in minutes.
EDIT: Another thing I forgot to mention about encryption. It will require the server to have certain special modules installed in order for your code to work and this is a deal-breaker for all the people who use shared hosting and can't install the unencryption module.
2) Try obfuscation: Even though your code will be still readable, if the obfuscator does a good job at mixing variables, adding nonsense and making functions within functions, the code itself will become almost non-modificable, so it will be useless to try to modify it.
3) Take advantage of obfuscation to insert domain-lock code within your software itself: Instead of a license file, just sell the software to a certain customer with some domain verification code within the software itself, that approach combined with obfuscation, will make it very hard to figure out what to change to make it work in some other domain, so you will probably achieve your goal.
4) Make a great software: This is the most important part, build an outstanding software that people will be willing to pay for, create a proper website for it, get the word out there.
I hope I have helped you.
There's a reason Adobe, Microsoft, and others don't over actively pursue pirates (not saying they don't, just not at epic, absolutism levels) - they make most of their money from business to business sales and support. A simple license and support structure is typically enough to posture yourself for profit from legitimate businesses and parties who want your product.
Technical protection is a losing battle if you're going to give anyone the code. That's why SaaS is so popular.
The only true way to lock down script-based code that you give away, is to keep a core part of that code executing on a server you control -- and have the code you've given to your client 'call home' to your server on each execution. Then all you have to do is block access to this 'call home' script based on the requesting ip.
Also, in this 'call home' mechanism it is no good just performing a simple connection test or handshake because this can be worked around -- the script on your server has to do something integral to the system as a whole so that the client would have to rewrite that missing part in order to use your code elsewhere without you knowing. This could be some key calculation or data provision.
Obviously this is not ideal as many clients will not like a script calling a remote server, plus you'd have to make sure your network and server could handle the number of requests -- otherwise you'll slow or timeout your clients own systems.
All I need is to not activate any script in any domain name, unless I have it in my clients list.
Ok you narrowed it enough.
create your openssl certificate, hardcode public part to checking code, when issuing license sign domain.name string with your private key, issue sign part as license, in your license:
$lic=<<<EOL
LICENSE CODE HERE - SIGNATURE of string contained domain name
EOL;
in your code to check license:
include 'license.php';
$cert=<<<EOK
PUBLIC KEY DATA HERE
EOK;
$pub_key=openssl_get_publickey($cert);
$ok = openssl_verify($_SERVER['SERVER_NAME'], $lic, $pub_key);
if ($ok !== 1) {die ('bad license!')}
O'c all should be encrypted as much as possible.
this probably vulnerable for special crafted libopenssl binaries but I hope it will help you.
to avoid running of such code every you can add condition like this:
if (int(random()*100))==6) {check_license();}
but it depends on which part is should be protected.
also, in all parts of the code you should check md5summ of file that contain license check code.
You can use http://www.ioncube.com to obfuscate your source code or http://www.phplicengine.com to license your php code remotely or locally.
My thoughts are that you can't successfully save code from to be nulled. I really don't like way the Non-Free apps are created, but I won't judge you. Best solution to protect code is sometimes not worth of it, because many people (read websites) have very restricted hosting, where they cant install ioncube... Best protection is to join many types of protections (ex. IonCube + injected licence connection to your data server in different places with different code+if site NEED to use some ssl, you can try to make some protection with to sell also ssl with public key check on your data server), or many, many, other ways, just be creative)
But however as I said, If you want very high protection, you will get loss of money for creating it, and loss of money of loosing your customers, because they use some cheap hosting...
You need to think about everything...
Forgot to say: Hosting on your server is best protection, but have disadvantages: you need to add possibility for 'templating' site, access to be created some plugins, and similar stuff... But sometimes Clients just don't like to keep all data on your hosted server.
I think I helped somehow...
There are some good comments from other posters to this. Depending on the edition of the ionCube Encoder that you're using the features that you need are there already (in Pro and Cerberus), including features to allow you to craft your own layers of licensing if you wish, though this shouldn't be necessary. Some basic steps give the biggest wins, and as others have said, it's not generally worth going over the top with a massive licensing infrastructure. Keep in mind too that a main benefit to licensing comes not so much from stopping those who are intent on cheating and not paying, but from keeping the paying customers in line.
Say that you have a fee for each domain where your software is used. If you mention this somewhere but do nothing to enforce it, then when an honest customers tries your scripts on a second domain and finds that it works, chances are that they'll simply use it without even realising that they should have paid. In contrast, if your software alerts them to the fact that a new license is needed, it's likely that they'll purchase for the second domain.
Realistically it's impossible to stop the most determined thieves, and as one poster eluded to it may even be beneficial in the long term to have cheaters using software for free rather than not at all, but licensing can definitely lock in revenue from the honest majority who are happy to purchase good software (plus support, bug fixes, upgrades etc.), and it's foolish not to do that.
I am building a project assuming that there is a method for intercepting incoming and outgoing mail from a mailserver. If it is not possible please let me know, I am new working with mail servers, so any material that you could provide would be greatly appreciated.
I am building a project to manage contacts and the organization's interaction with them throughout a broad range of services. I would like the creation of the contacts be as automatic as possible. In this sense, what I had thought would be interesting was to create a page that would intercept all incoming and outgoing message from the org.'s mailserver. The intercepted data would be stored on a MySQL database.
Is this possible in PHP? Would this be the correct way of going about it?
What I'm looking for is a place to start looking and learning. Reading materials, tutorials, case-studies, etc. Whatever you can send over to help me get closer to my goal. Also, if the method I've described above is flawed, or you can recommend a better method, I'd be willing to hear your thoughts on that as well.
If so have a look at PHP's IMAP functions as they provide everything you need to be able to do this quite easily.
Have a look at http://www.php.net/manual/en/ref.imap.php and ask any specific questions about the functions used you may have.
I am developing an intranet application in PHP with the Zend Framework. One of the features the client would like to have is the ability to click a link and have Outlook open a new message window addressed to everyone in a specific group.
So far I have been using a mailto link and comma separating the addresses, but this doesn't work if the combined length of the email addresses is too long.
I could use a mailto link addressed to an alias and have another program or script intercept the email, read the database and forward the email to everyone in that group. I'm not sure how I could achieve this though.
What I have always ended up doing for that is create a get addreses button and that outputs exactly what the user needs to paste inside outlook.
There will always be a scenario where there are way to many links in a mailto:. And they where really not designed for that.
Maybe there is soem other solution involving javascript.Maybe a button that places in the clipboard the adresses so the user has one step less (copying).
Hope someone gives you a better answer!
Also I have to say it there is always the option of convincing the users to use a webform of somesort to send emails.
I think the only workaround I can think of is to use InterOp, if you must open the clients email program (Outlook), but that's not really a viable option with PHP is it? :)
I had a similar requirement in a recent project, so I guess I would try to determine why opening Outlook is necessary, and design another solution based around their answer.
We are building a daily newsletter based on member preferences. The member can choose a city and some categories among a list of 10. Basically each email will be different. Each email is generated by our server.
We are unable to find a provider with an API that can do that. Would you have any solution that ensure a 99% delivery.
Thank you
Damien
Seems to me like you don't need a third party solution. Your question is vague, maybe i'm misunderstanding.
You can build a custom webapp/webpage in PHP for example that would issue a request to the DB, fetch out member data, and construct emails to send out. In the simplest of scenarios this can be done in about an hour. Delivery is basically guaranteed assuming email addresses are correct and the server and network have decent uptime.
I built a similar service that emails users customized content based on preferences. I used a service called Triggermail, by Sailthru. I assemble the body html of the email on my server and then make an API call to them to actually send the mail to user.
They provide a control panel where you can define templates, upload lists of emails, and find out a (growing) number of statistics related to delivery, clickthrough, and they also handle opt-outs. They have excellent delivery rates, integrate with Google Analytics by just ticking a checkbox, and have a pretty fair cpm.
http://sailthru.com/
I know the owner, and can provide an introduction, if you'd like.
From the perspective of an email service provider, this is not dynamic content but static content, as you're assembling each copy yourself.
You should ask providers for "triggered" or "real time" messaging via an API, and indicate you provide each copy. You'll most commonly find APIS with facilities where you set up a template and only pass in the variables that drive the personalization. From your use case, you should also be able to work with that (same result, different implementation). Both definitely exist on the marketplace, but whether you're an interesting client depends of how many of these you plan to deploy (and of course what the origin of your list, your privacy practices etc are).
Hey guys. I need help for a project for school. Essentially, I need to write a program that sends newsletters. I can send the newsletters and stuff, but the main issue I'm having is that the newsletter needs to contain things that are contained in a database. How exactly do I draw those things and put them into a newsletter? The bulk of it needs to be in PHP, but Java and stuff can be used, if needed. Also, I cant install anything on my portion of the schools server, so I cant use any CMS's and stuff.
Unless you are writing this for fun and learning, don't do it.
You will get your IP blacklisted and have lots of problems. there are regulations (CAN SPAM etc) and best practices (SPF, domain keys etc) you need to follow if you want this to be successful. Otherwise you will not get any of your mail delivered, and possibly a call form your ISP.
How do you handle unsubscribes? How are you going to handle bounces? Mail loops? Blacklisting of problem addresses? This is not a simple topic.
You would be better off purchasing a email management system;.
Lyris makes one that you can install. There are other free/open source projects as well (majordomo, mailman etc).
Heed these words intrepid e-mailer!
Hey, do you have basic problems with querying your content from your database?