While PHP is often used as a programming language for custom written or open source applications that is not its only use. PHP can also be effectively used for commercial application distribution. There’s a slight drawback to doing that, since PHP is an interpreted language. This means that the source code you wrote is effectively open to the world. Given that this is an application that you have spent considerable time and money developing you may not be inclined to allow others to see the code that you have written as this may make available intellectual property that you intend to keep secret.
The way around this is a technique called obfuscation. What it does is take the source code and encodes it in a manner that makes it unreadable to humans. The code can then be safely distributed with your intellectual property intact.
One of the applications that can be used to obfuscate and license your code is a combination of products called Iono and PHP Encoder by IonCube. Iono acts as a front end to your licensing through a shopping cart built into it and the PHP Encoder secures the licensing code without your application. Customers can create their own licenses, you can have resellers license it for you or you can restrict licensing to yourself alone.
Setting up PHP with the Ioncube loaders installed was a little difficult. This, however, seemed to be because of the setup I was using. Working for Zend I tend to default to using Zend Core. However, it turned out that the IonCube loaders, which are what handles the de-obfuscation, were not compiled with thread safety disabled on Windows. This means that the Ioncube loaders do not seem to work with Zend Core 2.0, which is what I was using.
To rectify the situation I downloaded and installed the community version of PHP 5.2.1 which is compiled with thread safety enabled. Afterwards, I just used the php.ini from my Zend Core installation and I was able to continue.
Setting up Ioncube requires
- PHP 4.3 or higher
- MySQL 4.0 or higher
- cURL or fsockopen() enabled
- Zend Optimizer or the ionCube loaders installed
The actual Iono installation process is relatively easy. You enter your license code (a free 200 customer limited version is available), enter in your database and your administrative username and password. When entering the database information make sure that you have created the database before finishing the installation.
When logging in go to the URL http://SITE/admin.php. This URL must be a publicly accessible website so that the application that you’re distributing can check back to validate itself.
The Iono frontend actually runs as a type of shopping cart where your customers can log in to purchase licenses from you. So, instead of spending your money on both a licensing application AND shopping cart, you can use the shopping cart included in Iono to handle distributing your licenses.
Speaking of the shopping cart, the cart provided in Iono is pretty full featured. It contains interfaces into 7 different payment networks, allows for reseller accounts, handles taxes and vouchers.
The first step in setting up a product is to create a Product Group. Once you’ve created a Product Group you can then start adding products. After adding the product you can create the license for the product. Once you’ve created the license you can license your application by integrating the license. Which brings us to integration.
Integration is a 2 step process. The first step is to integrate the licensing code into your application. This is done by copying code for one of the 5 different license types into your application. The license types are
The second part of integrating the licensing into your software is adding the Iono code to your application. You need to integrate some code from the Iono administrative application that handles the remote calls to your Iono licensing server.
The drawback to this is that users can easily remove the licensing protection. That’s where the PHP Encoder application steps in. It secures your source code so you can distribute your application in a manner where the licensing code cannot be removed.
Take, for example the following code:
echo 'This is some arbitrary code';
When it’s been encoded it looks like
Which is essentially a base64 encoded string of binary data. That binary data is your PHP code that has been obfuscated. The obfuscated code is essentially compiled PHP byte code with several encoding layers on top. Since it is the byte code and not the source code that is obfuscated you are given a higher level of protection than simple source encoding.
Installation difficulties notwithstanding the combination of the Iono licensing with the PHP Encoder software provided a solid platform for protecting your application when distributing it to known or unknown end users. Some of the licensing methods are a little over the top and susceptible to performance and potential network problems. But the recommended licensing method should be sufficient for most installations.