Protecting PHP code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mangosta
Forum Newbie
Posts: 3
Joined: Mon Apr 05, 2004 10:31 am

Protecting PHP code

Post by mangosta »

I need to know what can I do to protect my PHP code from being seen(better understood) by other users in the server. I have written a rather big aplication in PHP for the school I work for, and I have noticed that someone else is using my files for his software company and even deleting mine.
I thing that some type of encriptation would help me and I want to know if this is possible. I have browsed and found that something related to zend technologies could help me, but I saw this would cost money, and I do not have this resource.
The other solution would be to "compile" all my php scripts, so they are just executables files and use them as C cgis, but I do not know how to accomplish this or if it is even possible. Any information can be of help. Thank You.
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

For as i know to get the source code of php, they will need to hack youre computer or server.

However are they deleting youre code on the server ?

There are applications around , on the web ( for which you need to pay) that will encrypt youre php code

You might wanna look around on how you can protect youre computer instead of looking around to protect the src code if you dont have money resources.
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

If the user can hack the server to get at the source code, you have bigger problems than just having your code stolen/hacked/deleted...

Always keep a backup of your code in another (secure) location, that way if something happens, be it server failure or hackers, you can recover. Back up procedures for both code and data [if any] should be a mandatory part of the application planning
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

I think hes on a public server or something - is that right? Then good luck! you got to get yourself a private location
mangosta
Forum Newbie
Posts: 3
Joined: Mon Apr 05, 2004 10:31 am

Post by mangosta »

You are right. It is like a public server. Windows.
There is no way I can avoid other users to do the operations I mentioned. I obviously have a backup of all data and scripts, so there is really no problem with the guy deleting the things, except the time I have to spend putting things OK again, and I accept my destiny in this sense. What really matters is that I do not want my code being understood neither used by a third party in this unacceptable way. All sugestions about the operational system and that stuff can not be used because it's not my computer I am just an employee and I have to use it that way... Please help!
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

I guess you could do something like this.. to protect the pages ..
not very hardcore but.. ohwell. you could make youre own variables of this ofcourse... make it as hard as you want or.... dificult

Atleast you can do is make it a living hell to edit all the pages.

Code: Select all

$version ='1';
$author = 'you';

if ($author !='you' && $version !='1') {
   // do something nasty like deleting the page... 
 
}
else 
{
 //ran out of ideas
}
User avatar
werlop
Forum Commoner
Posts: 68
Joined: Sat Mar 22, 2003 2:50 am
Location: /dev/null

Post by werlop »

Have you talked to the guy that's doing this to you? You should point out how much of a f**ker he's being and make sure they know that they are so untalented that they have to steal your hard work.

As your in a school, have you not got the power to speak to someone in the hierarchy above you, eg head teacher or principal and have them deal with the situation.

I would be furious if this was hapenning to me!

Hope you can resolve this situation amicably.
mangosta
Forum Newbie
Posts: 3
Joined: Mon Apr 05, 2004 10:31 am

Post by mangosta »

I have decided to talk to my boss and try to solve the situation in this way. I hope this can help me.
I have also chenged a lot of variable names and functions so they ar not clear, but this is thing is a little absurd for myself in the development.
Anyway I am thinking of using a C function inside all my files which decripts the code even do I am not clear of how I am really going to do this. Thank everyone for the help...
User avatar
llanitedave
Forum Commoner
Posts: 78
Joined: Thu Jan 15, 2004 11:24 am
Location: Las Vegas, NV.

Post by llanitedave »

Trying to make your code confusing will only hurt you in the long run. Remember, whether anyone is stealing, borrowing it or using it, YOU will have to be the one maintaining it.

I think your best bet is what you're trying to do now -- talk with your administration about getting a more secure setup.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Havn't heard of any either, as if someone can see the actual files (you are sharing server/ftp account) there is little to do. The only thing I can think of is to put some verification system deep within the code as hidden as possible, fetch variables set from other parts of the script (can be anything, even a database field) and verifies that using a decifer:

Code: Select all

<?php
 $something = 'Hi and welcome to my page.';
 echo $scrambled = base64_encode(serialize($something)) . '<br />'; // hard to spot
 echo $unscrambled = unserialize(base64_decode($scrambled)); // original
?>
Result:

Code: Select all

czoyNjoiSGkgYW5kIHdlbGNvbWUgdG8gbXkgcGFnZS4iOw==
Hi and welcome to my page.
http://www.ioncube.com/online_encoder.php
Is something abit cheaper than the Zend Encoder, but not entirely free. Worth mentioning tho.

In addition; http://codelock.co.nz/ is not nearly cheap, but I'd like to mention it also for the sake of other forum users reading this thread.

Good luck to you. Hope it works out okay.
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Could always write a little C program to go through all your files you want to publish and exchange variable names to babble - $hytwjn753jd6f = 'blah' - so then people wouldnt want to use your code then anyway as it would look messy, then you just have the program reverse what it did to your code when you want to add/edit it.

Code: Select all

<?php
   function blah($var1, &$var2, $var3 = 0){
      //do something here
     //and here
     return $var;
   }
   $hmm = 'hello';
   $john = 1;
   echo "hello".blah($hmm, $john);
?>
to

Code: Select all

<?php function blah($kyr764hstd4hd74, &$fjye5g3gstfdunfds, $d7yh5jwdtdnegcswgs = 0){return $sss74hdsbhfder;}$htydhe875jg63w = 'hello';$jjtyhteydhsg743hs6d = 1;echo "hello".blah($htydhe875jg63w, $jjtyhteydhsg743hs6d);?>
I wouldnt even want to try and mess about wasting my time to see what the second bit of code did, and on bigger real apps it would make it unbariable to go through it. And all this has done is remove any comments and changed all var names - im sure you could make it do more things as well - like move functions about, switch class/function names so it calls like logout() to login etc.

People dont really want to steal code that will hinder them :)
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

This isn't cheap, but it will do EXACTLY what you need.

http://www.sourceguardian.com/

Have fun!
Post Reply