Results 1 to 8 of 8

Thread: looking for php code to protect footer

  1. #1
    Join Date
    Dec 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default looking for php code to protect footer

    Looking for something to add to footer, that if removed will give a site php error.

    Currently using a footer.inc.php file that only has footer link back to me, If I encode it now, one could simply remove it and add there own html/php.

    Wondering if there is anything I could add " before" I encode it, this way, if if removed and they add their own, the script would then be null.

    Is this possible?

    Thank you in advance.

    EasyWeb

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    there are things you could do, of course. You could define code in the footer and check for it elsewhere in your script, and die() if it's not found. This might be more complex depending on how you add your footer to the site, and how you handle your output.

    What I can tell you is that you will spend more time and effort trying to "protect" your footer than is worthwhile, and, in the end, people will still be able to circumvent your precautions (likely with far less effort than you spent). What you're trying to do is largely impractical.

    You mentioned "encoding" your script: I would highly recommend against that approach, for several reasons:
    • Encoding a php script will typically involve using the eval() function. eval is evil. eval presents security and stability problems in that it allows arbitrary execution of php code. Relying on this function is a sign that you've done something wrong in your program.
    • Encoding a script (and so "hiding" its contents from the end-user) is suspicious. I always recommend that people avoid scripts that have been obfuscated, simply because that's the first thing malicious coders do to try and hide whatever they're sneaking onto your server. Your users deserve transparency.
    • Obfuscation is ineffective anyway. It's not like you're creating a binary file that the average coder has no hope of deciphering. You must provide the PHP interpreter a way to decode the script - from there, it's a simple matter to look at the resulting code instead of executing it.


    Your efforts would be better spent drafting a license that requires your clients to maintain your footer. Often times, a letter is all it takes. If not, you can contact their hosting provider with the complaint.
    Last edited by traq; 01-01-2013 at 04:29 PM.

  3. #3
    Join Date
    Jan 2011
    Location
    Southeastern CT
    Posts
    612
    Thanks
    46
    Thanked 32 Times in 32 Posts

    Default

    Not being a php guru by any means causes me to agree with Adrian regarding the license.

    It also seems the best,least amount of work ,and also should be quite a bit professional too.To add a license regarding the footer sounds and will also look good to me.

    Writing a php code to make the footer a required part of the page/script seems like a lot of work too.

    But this is just me opinion,if you are interested.
    Thanks,

    Bud

  4. #4
    Join Date
    Jul 2008
    Location
    Derbyshire, UK
    Posts
    3,033
    Thanks
    25
    Thanked 599 Times in 575 Posts
    Blog Entries
    40

    Default

    I totally agree with traq.

    Several years ago I installed a (what I thought at the time) was a convenient and nifty auction package on a convention website. I spent hours customising the html template, but in a hacky CSS way due to the bulk obfuscated code.
    Anyway, all seemed well for a week and off I travelled to the US to attend the convention in question.

    Next thing I know is that I'm getting ready one morning in my hotel room and loads of panicky con-goers and desperate staff are banging down my door, the phone is ringing and I get manhandled into another suite with a laptop.

    Turned out that the auction software had been doing some really nasty stuff on the server - the web host had been trying to contact me ask me to stop what was doing, but I hadn't checked emails/replied as I was on holiday, so they deleted the website!!! So that left dozens and dozens of stranded convention attendees who were in transit and yet to arrive at the hotel, unable to login and check their details because the website was gone!!! AAARGGHH! Nightmare! But a valuable lesson learned.

    I spent a full day and night of my vacation on the phone with the web host, re-uploading the website/dbs from a flash drive (lucky that I'd taken it on holiday - I hadn't taken my laptop) while also uninstalling the dodgy scripts and cleaning up after it all.

    That WAS a fun holiday experience! I got everything fixed but needless to say, I will NEVER use obfuscated code again. It just can't be trusted.
    Focus on Function Web Design
    Fast Edit (A flat file, PHP web page editor & CMS. Small, FREE, no database!) | Fast Edit BE (Snippet Manager) (Web content editor for multiple editable regions!) | Fast Apps

  5. #5
    Join Date
    Dec 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thank you for all your advice.

    This looks interesting here: http://www.scriptomart.com/view-item...on-Script.html

    However, to most points, it dose suggest to encript one part of the code.

    I created an ebay clone some years ago, and now being resold all over the net and ebay it'sself.

    Now creating other scripts, and just dident want to see the same thing happening all over again.

    Thank you everyone for your feedback.

  6. #6
    Join Date
    Dec 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    And of course, cannot get the free script at the:

    http://www.scriptomart.com/view-item...on-Script.html

    to work???

    On their front page it states:

    You can now download all our dynamic scripts for Free, Budget & Premium Scripts for FREE. No Licence is required for any script, just enter any charactors for the license key.

    However,,, takes you too the No lic key page

    If anyone wants to look and can get it to work, this would be helpful.

    Thanks again....

  7. #7
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    I didn't try to download it, but from the description, it looks like you'll be making your scripts dependent on verification of a license key (i.e., verified by your website). Consider, then, that you're making your scripts dependent on the presence of your website. That could mean longer load times for your clients, plus it legally obligates you to keep your site and licensing software operational in the long term - at least as long as you have any unexpired licenses.

    A lot of effort...

    -----------------
    if I can get it to download, I'll have a look at it and give you my opinion.

  8. #8
    Join Date
    Jan 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    They will always be able to reverse engineer the code to remove any protections you add. UNLESS you encode the entire project using something like ioncube. I've used that in the past and to be honest, it works very well. If you had encoded it using ioncube, removing the footer would result in a corruption error!

Similar Threads

  1. Protect My Pictures
    By Clayf700 in forum JavaScript
    Replies: 7
    Last Post: 09-02-2010, 10:37 PM
  2. Why you cannot protect your source code and files
    By traq in forum Coding tips & tutorials threads
    Replies: 7
    Last Post: 10-15-2009, 02:07 AM
  3. Replies: 0
    Last Post: 07-21-2009, 08:25 AM
  4. Flood protect
    By why not in forum PHP
    Replies: 0
    Last Post: 06-02-2008, 08:43 PM
  5. Protect Code
    By Mary in forum PHP
    Replies: 3
    Last Post: 11-16-2006, 10:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •