If you are making an app in PHP, like a WordPress plugin or theme, you may be concerned about someone editing your code to remove all the various license key checks. One easy way around this is to encode that portion of your code and then decode it on the fly. This layer of obfuscation makes it harder for someone to change your code.
To make integrating encoded code easier into your app, we have built a base64 encoder/decoder in the Tools section of the Dashboard.
How To Use The Encoder/Decoder Tool #
Using the encoder and decoder is quite simple. Paste in your raw PHP code into the encoder and it will generate the encoded code below it. You can then paste the encoded code into the decoder to decode the code and look for any errors. If everything looks great, then you’re ready to use it!
Raw PHP:
// DO NOT INCLUDE OPENING OR CLOSING <?PHP ?> TAGS
// Get the current time
$current_time = date('h:i:s a');
// Display Hello World message
echo "<h1>Hello, World!</h1>";
// Display the current time
echo "<p>The current time is $current_time.</p>";
// Display a message
echo "<p>Visit <a href='https://BatchKeys.com'>BatchKeys.com</a> for all your license key needs. Unlock your potential with us!</p>";
Encoded PHP:
Ly8gR2V0IHRoZSBjdXJyZW50IHRpbWUNCiRjdXJyZW50X3RpbWUgPSBkYXRlKCdoOmk6cyBhJyk7DQoNCi8vIERpc3BsYXkgSGVsbG8gV29ybGQgbWVzc2FnZQ0KZWNobyAiPGgxPkhlbGxvLCBXb3JsZCE8L2gxPiI7DQoNCi8vIERpc3BsYXkgdGhlIGN1cnJlbnQgdGltZQ0KZWNobyAiPHA+VGhlIGN1cnJlbnQgdGltZSBpcyAkY3VycmVudF90aW1lLjwvcD4iOw0KDQovLyBEaXNwbGF5IGEgbWVzc2FnZQ0KZWNobyAiPHA+VmlzaXQgPGEgaHJlZj0naHR0cHM6Ly9CYXRjaEtleXMuY29tJz5CYXRjaEtleXMuY29tPC9hPiBmb3IgYWxsIHlvdXIgbGljZW5zZSBrZXkgbmVlZHMuIFVubG9jayB5b3VyIHBvdGVudGlhbCB3aXRoIHVzITwvcD4iOw==Advantages Of Using Our Tool #
While you could encode the code yourself inside your app that still means you have to put the raw PHP code somewhere visible inside the files. By using our tool you never have to put the raw code into your app, which makes it much more secure.
Using The Encoded Code #
In a real world example you could use our tool to encode your license checking code or perhaps the part of your code that confirms the license key has been validated before unlocking the app.
Then, create a new file and call it something vague like enc.php or whatever you like. Be sure to include this file in your app’s files. Inside of enc.php, put the following:
enc.php:
// You should make the variable names and comments vague on purpose
// function to decode the code - be sure to change or remove this comment
function exe_enc() {
$encCd = 'Your Long, Encoded Line of Code Goes Here';
$decCd = base64_decode($encCd);
if (isset($decCd) && is_string($decCd)) {
eval($decCd);
} else {
echo "Error: Failed to run!";
}
}Now, where you would normally call this part of the code, use a require_once to load the file.
// You should make the variable names and comments vague on purpose
// Including the encoded PHP file - be sure to change or remove this comment
require_once 'path/to/enc.php';
// Call the function to execute the decoded and evaluated code - be sure to change or remove this comment
exe_enc();That’s it. You’ve encoded a critical piece of your code, then decoded it and ran it. Congratulations!
Increasing Security #
While this system will likely thwart many malicious users and certainly your average customer, it could be even better. The base64 process isn’t perfect and a user could try to decode it themselves if they know what they are doing. Consider this one more layer of obfuscation to your overall security plan.
The more layers of obfuscation you can add the more secure your code is. To add another layer of security, you could also include other features such as a checksum check of your entire code base or just the encoded code.
A more solid encoding option is commercially available software specifically made for encoding and decoding. Some popular PHP encoding software includes ionCube PHP Encoder, Zend Guard, or SourceGuardian.