I develloped a standalone flatfile based cms. Now in order to protect my code from being stolen by clients, i've been looking arround but didn't find much usefull to protect my code. I have found ioncube, but i don't really like that...
I am wondering if it is possible to create a file within the cms, a php file, with a unique ID for every sale i made. That file transmits a signal to a webserver with that ID. So i can tract the online versions of my cms. If it gets copied i will see 2 or more versions with that ID online and i know which company or user distributed my code. But is it possible to make a cms dependable on that file... if a user erases the ID transmitting file no code is send out...How can i make that file so it can't be deleted or make that file CMS dependable. Anybody idea's?
I am wondering if it is possible to create a file within the cms, a php file, with a unique ID for every sale i made.
Yes, it's pretty easy to do it. Just create a file and include it in your php code.
That file transmits a signal to a webserver with that ID.
No! That file will transmit an ID in http header to YOUR webserver. Not a webserver.
So i can track the online versions of my cms.
Yes you can, until sysadmin check the log and see that their new cms is transmiting ID to your server. Then someone might ask why didn't you warn them, what else are you sending to your server, etc.
But is it possible to make a cms dependable on that file... if a user erases the ID transmitting file no code is send out...
Yes, that's fairly easy. Just put some if (file) work, if (no_file) {dont work}. And be prepared to obfuscate that code AS MUCH AS YOU CAN.
You are delivering PHP as source code and any descent programmer will deobfuscate almost any code.
How can i make that file so it can't be deleted or make that file CMS dependable. Anybody idea's?
As far as I know, you can't. Almost anything can be deleted.
One idea is to create some nasty pgp public keys with some hashes that are calculated and recalculated all over your cms. But that will make your code hard to maintain and it will put some additional load to server...
Other solution is to put your code to your server. That's the only way to keep it safe.
p.s.
It would not be fair if I didn't mention that reading and editing (adding new features to someone's php code) if hard. It's really hard if code is bad (speaking from experience here). It's extremely hard if it's very, very bad code!
Many 'programmers' wouldn't touch core code of some app. 'Just gimme my framework...'
Obfuscated code is next to impossible to change if you don't have excellent coding skills + experience + lots of time.
Provided you really created your own cms (that's not an easy task) you will be able to create ok protection :) Some guide lines: