Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

How to Encrypt PHP scripts for distribution

1:15 am on Sep 4, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Nov 19, 2003
votes: 0


I have seen a couple of scripts that are "encrypted". Basically the script runs like normal php, but to the human eye, it just looks like a mess.

Can anyone refer me to the function that is used to do this (or if this isn't something native to PHP, some software recomendations for doing so).


2:36 am on Sept 4, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2003
votes: 0

Zend Encoder [zend.com]
8:52 am on Sept 4, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 24, 2002
votes: 0

try Googling for "turck mmcache"

Also check out ioncube and codelock
Codelock is not secure though.
But it takes a PHP geek to decrypt the source (I had one of em decrypted mine!).

It is safer to go for ioncube or zend.

[edited by: jatar_k at 3:22 pm (utc) on Sep. 4, 2004]

11:18 am on Sept 7, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
votes: 0

Has anyone tried one of these? I'm looking into putting a number of customers on a shared codebase CMS, and had thought of elaborate measures to protect the php code, like using non-php file templates and only allowing them to upload to directories with an .htaccess file that prevents php file parsing. However, first version is likely to be on a WHM reseller's account to keep initial costs down, and since I don't have enough knowledge at the moment to consider myself competent in server management (and that's on a shared server), so in the beginning stages, anyone who wanted to could just find someone with an account on the same server and do some directory traversal.

I'd like also to be able to have some config files pulled in - I guess I could make them non-php and parse them, but that's just more overhead.



2:53 pm on Sept 8, 2004 (gmt 0)

Inactive Member
Account Expired


I just set a php_include_path in http.conf and store any code libraries there. They're "included" in each site as if they were local but the actual files are outside the web-space and user-space.
1:38 am on Sept 12, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 1, 2004
votes: 0

You could use ioncube to encode the portion of your script that sets the base URI (domain name) so that your installation only works with theoriginal domain name.

I hate it when vendors do that, but I must admit that it works well as a copy guard. There are cases where a customer should be able to change the domain name.... so you would need to accommodate that with support.