Have you looked at Zend?

Yeah, but I don't really want/need such an expensive solution.

I'm also interested in learning the theory behind encoding/decoding product keys.

One solution I've thought of is to use the md5 of some information to create the key. Then the script would md5 the same info to see if the keys match...

Or maybe some other sort of hash function that can be reversed or evaluated to a boolean?

Hmmmmmmmm.....

The problem is not the verification of the code. That is simple. You can get an MD5 of the machine information, the code installation, etc. send it to you, and get an activation code. Periodically the code could check to see if it needs updating and also validates itself.

The problem comes in with the fact that PHP, by default is visible code. Anyone with a limited PHP knowledge could circumvent your checking and validation code.

This is why you need to at least pre-process, and somehow "encrypt" the code itself.

I'm planning on at least encoding the main function/class file with ionCube. That file will contain both the key validation code as well as some vital functions which will call the key validation function before working.

I *think* this will solve the problem. Am I missing anything?

Thanks!

if u r providing ready made modules for website then u can place a check on the url when page is called, this is what i had done for one module.

when the page is executed, i check the domain name, if it matches the one for which it was bought then it works otherwise it shows error to get new license for new domain name. write this code on the enterance page of the module and encrypt it also place a check that if the function checking domain name is missing give error that code has been modified illegally so user cant get rid of check even

if u sell online, then when user downloads generate a random key for it send it to customer as activation key and also store it in database with a flag value 0, for the first time when user enters this key update flag value to 1 means USED and delete this product key from your DB.

you can yet another thing, with the above random key thing, make a zip package on fly of your module and place a password on zip file as Random key, when its used its unzipped and and the value is also deleted from YOUR DB so next time no one can use the same key to unzip the file.

Couple of tips re: creating PHP source for distribution:

- Develop your code using error reporting set to E_ALL. Nothing worse than something looking fine on your dev server; only for your customer to install the script and see warning messages right left and <center>.

- If you want to make medling with your script that bit harder; run a distribution copy of the source (not your master copy!) through the cli version of PHP using the -w option. This will remove all comments and white space from the source code. If you do this; you might want to consider assigning your copyright statement to variable in order to preseve it within the distributed code.

I have a web module I would like to protect from copying and using with some sort of activation check or something.

I would like it to not have to depend on a database on my web server, though, so that if my web server went down for some reason, the clients site would still work.

Any ideas?