When to keep your PHP code logic secret?

Whenever you need to pass a script to a client, but you are afraid that it will get copied and reused elsewhere without your permission.

How to protect your PHP code?

You could implement code “blockers”. Provide a licence key that allows the script to run for a given period of time with in a certain domain. Whenever application licence expires, your code should stop working.

Microservices architecture.

You could embed an API that accepts or reject the request with given licence key. It is also a good idea to move core functionality and provide it as a service. So you need to maintain a client and server side code. Such architecture allow you to keep your code logic protected from third party. Sure, this is not always possible. You might not want to kill the fly with a hammer. Instead, we can simply make our code less readable.

If all the code have to be passed to the client, and you want to stay in control over it source. You can make it harder to understand and work with by obfuscating the code. In a lot of cases, this will be a good enough level of protection.

This solution is not bulletproof. If they put a lot of effort (which often comes with time and cost) they will be able to continue the project on their own. However, this solution might also disparage the potential thiefs.

Protecting PHP source code using obfuscators.

Now let’s see some example output:

goto FxqO6; ZcSnO: echo PHP_EOL; goto nMkdt; cx9HF: echo $cG57M; goto WYI6h; aqhio: goto ZA3h_; goto FwkOV; Cim0A: $pV3Rh = "\167\x6f\x72\154\x64\40"; goto znUqw; oT7JK: echo $F0hKP; goto Qi0pF; FwkOV: Whs9W: goto iIvvV; tETnK: if (!($PLCNw <= 7)) { goto Whs9W; } goto oT7JK; IJlO2: echo $VpbPY; goto vS68p; AAQAJ: $cG57M = "\141\x20"; goto k6rF7; nMkdt: echo $ziV95; goto cx9HF; rkcaP: blLhv: goto MPm4d; y2M7d: $VpbPY = "\x64\x61\171\40"; goto XZvGp; WYI6h: echo $zkJ6w; goto IJlO2; k6rF7: $zkJ6w = "\x62\145\x61\x75\x74\x69\x66\x75\x6c\x20"; goto y2M7d; Qi0pF: echo $pV3Rh; goto ZcSnO; vS68p: echo PHP_EOL; goto rkcaP; znUqw: $ziV95 = "\x77\150\141\x74\x20"; goto AAQAJ; MPm4d: ++$PLCNw; goto aqhio; FxqO6: $F0hKP = "\150\x65\x6c\154\x6f\x20"; goto Cim0A; QO25P: ZA3h_: goto tETnK; XZvGp: $PLCNw = 0; goto QO25P; iIvvV: echo "\164\x68\141\x74\x27\163\x20\151\x74\x21" . PHP_EOL;

Can you read this code?

The sorce code for the above obfuscated code would look like this:

    simple test program !
$hello      = "hello ";
$world      = "world ";
$what       = "what ";
$a          = "a ";
$beautiful  = "beautiful ";
$day        = "day ";

for($i=0;$i<=7;++$i)        // small loop!
    echo $hello;    echo $world;                                echo PHP_EOL;
    echo $what;     echo $a;    echo $beautiful;    echo $day;  echo PHP_EOL;
echo "that's it!".PHP_EOL;

Both scripts will output same data:

PHP code obfuscator demo


Read also:

Would love your thoughts, please comment.x