如何使PHP应用程序需要一个键才能工作? [英] How can you make a PHP application require a key to work?
问题描述
脚本使用ioncube http:// www .ioncube.com / sa_encoder.php ,以防止非付费用户使用该脚本,它要求您注册该脚本将被使用的域,然后给予一个键,以输入该文件将使系统/脚本工作。
现在我想知道如何做这样的任务,我知道ioncube编码器只是让我们很难看到代码,在我提到的脚本中,他们只会在包含页面的1的tp中有一小部分被加密,没有那部分代码将会中断,另外如果脚本的所有者没有将您的域名放在列表中并给出一个有效的密钥将不起作用,如果您尝试在不同的域使用该脚本将不起作用。
我意识到,加密代码中的某个地方必须向您发送钥匙到那里服务器,并检查它对其所在的域名是有效的,或者可能甚至没有这样做,也许关键只是验证它是否与脚本所在的域匹配,这更可能是什么。
这里是真正的问题所在,你如何使脚本需要加密的部分?如果我做了一个脚本,并在顶部加了一个小的加密部分,似乎一个用户将能够轻松地删除加密的部分,并找出非加密部分正在做什么,并解决它的工作。任何想法?
发烧有一个类似的模型,你注册,下载软件(也是PHP),然后获得一个激活密钥。您可以在演示视频(到最后)看到它的工作原理。
如果你放弃了源代码,没有办法可以防止有编程知识的人修补你放置的任何副本保护/安全性。
我可以想到的一件事是分发一个C / C ++编译的程序或PHP应用程序调用的扩展来验证许可证。那个编辑的部分可以打电话回家等等。尽管如此,尽管这样可以很容易地绕过。
您可以在这些类似的问题中看到其他一些想法:
基本上,如果你放弃代码,你正在进行越来越多的军备竞赛复杂的复制保护,最终总是会被打破。你必须决定多少努力是值得的。我个人不会投入太多精力。
About 4 years ago I used a php product called amember pro, it is a membership script which has plugins for lie 30 different payment processors, it was an easy way to set up an automated membership site where users would pay a payment and get access to a certain area.
The script used ioncube http://www.ioncube.com/sa_encoder.php to prevent non-paying users from using the script, it requered that you register the domain that the script would be used on, you were then given a key to enter into the file that would make the system/script work.
Now I am wanting to know how to do such a task, I know ioncube encoder just makes it hard to see the code, in the script I mention, they would just have a small section at the tp of 1 of the included pages that was encrypted and without that part of the code it would break and in addition if the owner of the script did not put you domain in the list and give you a valid key it would not work, also if you tried to use the script on a different domain it would not work.
I realize that somewhere in the encrypted code that is must of sent you key to there server and checked that it was valid for the domain name it is on, or possibly it did not even do that, maybe the key would just verify that it matched the domain the script was on, that more likely what it did.
Here is where the real question is, How would you make a script require the portion that is encrypted? If I made a script and had a small encrypted part at the top, it would seem a user would be able to easily just remove the encrypted part and figure out what the non encrypted part is doing and fix it to work. Any ideas?
fever has a similar model, you sign up, download the software (also PHP), then get an activation key. You can see how it works in the demo video (towards the end).
If you're giving away the source code, there's no way you can prevent someone with programming knowledge from patching out whatever copy protection / security you put in.
One thing I can think of is distributing a C/C++ compiled program or extension that the PHP app calls in to to verify the license. That compiled part could then phone home, etc. Even that could be easily circumvented though.
You can see some other ideas in these similar questions:
Basically if you're giving away the code you're in an arms race with putting increasingly complex copy protection, which can always be broken in the end. You'll have to decide how much effort is worth it. I personally wouldn't invest much effort.
这篇关于如何使PHP应用程序需要一个键才能工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
