How to prohibit copying of commercial software (library in PHP)?

V

vostotskiy2016-02-01 22:36:38

PHP

vostotskiy, 2016-02-01 22:36:38

Hello.
There is a small library, presented in the form of server and client scripts, written in PHP + JS, which is used to build data from a CSV file.
It is sold for a certain amount of money and I would like to do it so that it can be uploaded to the hosting (or locally) to the client who bought it, but if the client copies this script to someone, then it did not start and gave some errors or did not work generally.
It is assumed that the library can be run locally (cases of a complete lack of Internet are likely) and the license server option does not work here.
The option of third-party software (of the ioncube type) in the library is also not acceptable, we need pure source codes and a maximum of additional PHP modules (well, plus some files into which, for example, you can encode some additional configurations).
The library does not involve the use of a database, only CSV files that are created by the client himself.
Please advise how you can protect this kind of library from unauthorized copying, so that you can make as much effort as possible to hack it (so that it would be cheaper to buy than to hack or hire a hack specialist.).
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

My joy, 2016-02-01
@t-alexashka

Rewrite it to Zephyr ( zephir-lang.com ) as a php-extension (so, dll)
only you will need to recompile for each buyer, entering some secret information there, for example server_name, or ip or password (well, yourself come up with). then it will be quite problematic to pull data from the extension, since it is already compiled. As a result, the extension will not work if it was not launched for the one it was intended for.

Y

Yuri, 2016-02-02
@riky

if there is no Internet, then the binding can only be to the hardware (the serial code of the motherboard).
in order to get them in php, you need to write your extension for php in C.
but to be honest, even so it will be easy to hack it, just by removing the check in php. to make it more difficult to remove, you need a file with a function that checks to encrypt with any php encryptor, this file must contain the working functions necessary for normal work, otherwise you can simply delete the include of this file.
I doubt that you will bother with writing a php extension, although it is simple in terms of functionality, you need to deal with the zend engine api.
also a similar but simpler option is to write a simple C++ program, for example, you can use a console program,which extracts this serial maternal .
any compiled language will do (C, C++, C#, probably even pascal or basic), the program will be simple
https://www.google.ru/webhp?q=get+motherboard+serial (add any PL)
then the encrypted function will also run it through exec, with special parameters and get the output from it (it is desirable to make their communication confusing so that it would be difficult to write a similar program that simply returns what php wants).
php file with the function must be encoded. just obfuscate php - foolproof, more or less literate will easily open it.
ps While writing, I came up with another option - to use the mac address of the network card.
You don't have to write a C program, because you can use the built-in OS console commands,
you need to parse the output of
exec ('ipconfig / all')
at least look for the desired poppy address.