Iono Review

August 10, 2007


Iono Review

While PHP is often used as a programming language for custom written or open source applications that is not its only use. PHP can also be effectively used for commercial application distribution. There’s a slight drawback to doing that, since PHP is an interpreted language. This means that the source code you wrote is effectively open to the world. Given that this is an application that you have spent considerable time and money developing you may not be inclined to allow others to see the code that you have written as this may make available intellectual property that you intend to keep secret.

The way around this is a technique called obfuscation. What it does is take the source code and encodes it in a manner that makes it unreadable to humans. The code can then be safely distributed with your intellectual property intact.

One of the applications that can be used to obfuscate and license your code is a combination of products called Iono and PHP Encoder by IonCube. Iono acts as a front end to your licensing through a shopping cart built into it and the PHP Encoder secures the licensing code without your application. Customers can create their own licenses, you can have resellers license it for you or you can restrict licensing to yourself alone.

Iono Setup

Setting up PHP with the Ioncube loaders installed was a little difficult. This, however, seemed to be because of the setup I was using. Working for Zend I tend to default to using Zend Core. However, it turned out that the IonCube loaders, which are what handles the de-obfuscation, were not compiled with thread safety disabled on Windows. This means that the Ioncube loaders do not seem to work with Zend Core 2.0, which is what I was using.

To rectify the situation I downloaded and installed the community version of PHP 5.2.1 which is compiled with thread safety enabled. Afterwards, I just used the php.ini from my Zend Core installation and I was able to continue.

Setting up Ioncube requires

  • PHP 4.3 or higher
  • MySQL 4.0 or higher
  • cURL or fsockopen() enabled
  • Zend Optimizer or the ionCube loaders installed

The actual Iono installation process is relatively easy. You enter your license code (a free 200 customer limited version is available), enter in your database and your administrative username and password. When entering the database information make sure that you have created the database before finishing the installation.

When logging in go to the URL http://SITE/admin.php. This URL must be a publicly accessible website so that the application that you’re distributing can check back to validate itself.

The Iono frontend actually runs as a type of shopping cart where your customers can log in to purchase licenses from you. So, instead of spending your money on both a licensing application AND shopping cart, you can use the shopping cart included in Iono to handle distributing your licenses.

Speaking of the shopping cart, the cart provided in Iono is pretty full featured. It contains interfaces into 7 different payment networks, allows for reseller accounts, handles taxes and vouchers.

The first step in setting up a product is to create a Product Group. Once you’ve created a Product Group you can then start adding products. After adding the product you can create the license for the product. Once you’ve created the license you can license your application by integrating the license. Which brings us to integration.


Integration is a 2 step process. The first step is to integrate the licensing code into your application. This is done by copying code for one of the 5 different license types into your application. The license types are

Per Page

In this type, the application checks the validity of the installation against your server for each request that comes in. While this offers you the most protection it generally should not be used since it will drastically slow down performance of the customer’s application. It could also shut down your customer’s site if your server is down, or if your customer has a lot of traffic it could easily overwhelm your server.

Per Page Bind

This license type is the same as the Per Page license except that it binds the IP address to the license for the first request. However, it still suffers from the same performance and reliability constraints as the Per Page license.


The Installation license type integrates into your installation program. Then when the program is installed the installation counter is incremented in your Iono installation. If the license exceeds the number of installs specified for the license, the user is given an error and cannot proceed with that license.

Installation Bind

Similar to the Installation license, this method binds the IP address to the license. It’s intended application is to be used in conjunction with the Per Page license type so you can verify that the license is not being used on another machine.

Local License

This is the recommended license type. The first time a request is made the license is downloaded to an encrypted local file and verified every 15 days. This method does not suffer the performance issues or the limitations of the other methods.

The second part of integrating the licensing into your software is adding the Iono code to your application. You need to integrate some code from the Iono administrative application that handles the remote calls to your Iono licensing server.

The drawback to this is that users can easily remove the licensing protection. That’s where the PHP Encoder application steps in. It secures your source code so you can distribute your application in a manner where the licensing code cannot be removed.

Take, for example the following code:


echo 'This is some arbitrary code';

When it’s been encoded it looks like


Which is essentially a base64 encoded string of binary data. That binary data is your PHP code that has been obfuscated. The obfuscated code is essentially compiled PHP byte code with several encoding layers on top. Since it is the byte code and not the source code that is obfuscated you are given a higher level of protection than simple source encoding.


Installation difficulties notwithstanding the combination of the Iono licensing with the PHP Encoder software provided a solid platform for protecting your application when distributing it to known or unknown end users. Some of the licensing methods are a little over the top and susceptible to performance and potential network problems. But the recommended licensing method should be sufficient for most installations.

3 Responses to “Iono Review”

  1. kkempfer Says:

    Note that IonCube Loader is not compatible with Zend Debugger. Hency, debugging an IonCube-protected application isn’t possible.

  2. _____anonymous_____ Says:

    I didn’t really understand your review. It seemed to focus on Ioncube but the product Iono has nothing to do with Ioncube php’s encoder other then that the Iono program you downloaded was compiled by it. It also has a Zend compiled version.

    The encoding you showed has nothing to do with Ioncube either, it was not produced by Ioncube’s PHP encoder. The code was obviously their attempt at obfuscation for when you don’t have either Ioncube’s or Zend’s PHP encoder.

    The Ioncube files you had to install were only the loaders, which are available free. The PHP encoder is a separate product that you must purchase and does not come with the Iono product. Iono is from a different company than Ioncube. The name Iono has nothing to do with Ioncube other that to obviously play off it.

    Iono is merely a download manager for online software sales. It only recommends you buy the Ioncube PHP encoder or the Zend PHP encoder to protect the files.

  3. jcharles7272 Says:

    Nice explanation of license types in the Iono product.

    There have been non threaded Loaders for Windows listed on the ionCube Loaders page for a few months now, so they would probably work with your first setup.