Page 1 of 1

Only allow PHP to run on certain IP addresses

Posted: Sun Jan 22, 2012 6:53 am
by Jeeves
Hi, I have a PHP code which I will be selling at a later date, and I was hoping someone could help me to implement a method of protecting the code from being sold on or otherwise distributed to those I had not sold it to. My idea was to create a .txt file on my web server which had a list of all the IP addresses that I had sold the code to and were thus allowed to run it. I then need to implement something into the script that will send the IP of the server running it to my web server, match it against the .txt file, and if the IP was listed in the .txt file, the rest of the script would continue to run as normal. If the IP wasn't listed in my .txt file then the script would exit at that point and the rest of the code below it would not run. I hope my explanation has been clear as I really have no idea how to write the code for it, so I was hoping that one of you guys could help me out. Alternatively, if there is another method that you know of protecting my script from being run on unregistered IP I would love to hear that as well. Thanks

Re: Only allow PHP to run on certain IP addresses

Posted: Sun Jan 22, 2012 6:58 am
by Celauran
You'd also need to use something like ionCube to prevent people from just removing the code in question.

Re: Only allow PHP to run on certain IP addresses

Posted: Sun Jan 22, 2012 7:00 am
by Jeeves
Yes, I can encode it afterwards, but to encode it on ionCube online is only $0.50, whereas to buy ionCube software and license it to IP addresses is a few hundred dollars, and I don't have that money I'm afraid :/

Re: Only allow PHP to run on certain IP addresses

Posted: Sun Jan 22, 2012 7:45 am
by Jeeves
Please help :)

Re: Only allow PHP to run on certain IP addresses

Posted: Mon Jan 23, 2012 1:41 am
by twinedev
Well, if you can encode it for only $.50, why not code in the IP restriction, and encode it?

There is also the possibility of a call back to your server to verify key parts (ie, when someone logs in, send back to check against your IP list), of course anyone really wanting to rip it, will be able to monitor data sent received, and see the code to use it, again, unless you encode it via ioncube or similar (zend makes one I believe).

-Greg