Hiding copyright info via php to deter removal

iKwak · #1 (**permalink**) 03-15-05, 04:18 PM

Hello,

I need some advice on how to insert a copyright info on the footer so that other webmasters would not remove the copyright info at a later time.
In order to do this, you would need to hide the code using php, I think.

A perfect example is Invision Board pages. Webmasters can not remove their copyright footer (unless you pay a hefty fee) and I like to do something similar to that effect.

Any idea on how to approach this little project? Thank you in advance.

ben.periton · #2 (**permalink**) 03-16-05, 06:26 AM

You could set the copyright code into a file that is needed to run your program, then encode that single file using IonCube (http://www.ioncube.com/online_encoder.php). That way if they remove the include the program wont work, but they wont be able to edit the file either.

moronovich · #3 (**permalink**) 03-16-05, 08:03 AM

easy solution: encrypt your code using multiple levels of encryption. (code is still able to be reverse-engineered by advanced developers)
corporate solution: php encoder (zend encoder, ioncube, etc)

Trevor · #4 (**permalink**) 03-16-05, 08:34 AM

The cheap and easy, though not 100% solution...

Many methods of functions return something. Typically this is a single value. Try putting your copyright into a base64_encoded string inside of a common function. Return the value, or property, of that function as an array. Use the "real" value ($response[0]) as you would normally use it. Set aside the copyright tag in either a session, cookie, or icky global variable. When you get to the end of the page, or where ever you want to display it, bust out a echo(base64_decode($response[1])). This will make "Copyright Me" un-detectable in a global code search. You can set-up a funky ereg or preg match to test the encoded string prior to use to make sure it matches what it should. If it doesn't, spin off a javascript loop that spawns hundreds of browser windows.

Just kidding.

Through out your code, you can keep checking the value of $response[1] to make sure things are legit. If you take the time to saturate your goods, it may be too much of a pain in the butt to pull out.

I'm not sure if echo or print returns a value when executed. That is

if(ereg("Cac7u5",$response[1])) {
if(!echo(base64_decode($response[1]))) {
die("Bad man! Bad man!");
}
} else {
die("Bad man! Bad man!");
}

Anybody? Of course ecoding your code is the best way to go, but if yo are poor like me, that may not be an option. The above is a shot from the hip, so don't quote me on any of it. Unless of course it actually works.

moronovich · #5 (**permalink**) 03-16-05, 09:46 AM

consider i were the webmaster. since the script is open source (or i can still view the source, i'll change the following):

PHP Code:


			
if(ereg("Cac7u5",$response[1])) {

if(!echo(base64_decode($response[1]))) { //this actually won't work, but i'm not to give a shot as you said :D

die("Bad man! Bad man!"); // not necessary

} 

} else {

die("Bad man! Bad man!");

}

into

PHP Code:


			
$response[1] = 'Cac7u5';

if(ereg("Cac7u5",$response[1])) {

   echo 'Copyright by Me not the Author';

} else {

die("Bad man! Bad man!");

}

of course it's rough, but it works (you can even delete the code, since you have the php source).

as i mentioned before, if you don't want to buy any encoder, you can obfuscate the code, maybe something like

PHP Code:


			
class crypt {

     var $string;

     function encode_level_1(&$param) {

        //first level encoding

     }

     function encode_level_2(&$param) {

        //2nd level encoding

     }

      function encode_level_3(&$param) {

        //3rd level encoding

      }

      function decode_level_3(&$param) {

        //first decode

      }

      function decode_level_2(&$param) {

        //next decode

      }

      function decode_level_1(&$param) {

         //last decode

      }

}

however, you may end up with "eval". nah, it's easy for some developers out there to reverse-engineer the code. (first, change eval with echo and print, and then break the encoding).

unlike obfuscator, php encoder works in different way. the encoder converts php file into php bytecodes. as a result, the original php script is very difficult to retrieve (it's not a trivial task). if you find obfuscated code in first solution to run slower than its original, php bytecodes can run faster in your system because your php code is not parsed anymore.

mobiuz · #6 (**permalink**) 03-16-05, 11:14 AM

A very good idea yes if one has no monies to work with, however, Base64 encoding would ultimately backfire to advanced developers. Definitely try Zend if you are that worried about it. But do remember this, that no matter what you do people will find a way around it. If there is a way to do something there is a way to undo something. Believe it or not you will come across honest people who will leave the copyright notices intact. Better yet for those whom you can prove have removed your copyright notice in direct violation of whatever license you have in place whether a mere GPL, Click-Wrap license, or shrink wrap license - you will be able to sue for hefty amount. So in the long run I personally don't think you need to concern yourself with "embedded" copyright notices.

Quote:

Originally Posted by Trevor

The cheap and easy, though not 100% solution...

Many methods of functions return something. Typically this is a single value. Try putting your copyright into a base64_encoded string inside of a common function. Return the value, or property, of that function as an array. Use the "real" value ($response[0]) as you would normally use it. Set aside the copyright tag in either a session, cookie, or icky global variable. When you get to the end of the page, or where ever you want to display it, bust out a echo(base64_decode($response[1])). This will make "Copyright Me" un-detectable in a global code search. You can set-up a funky ereg or preg match to test the encoded string prior to use to make sure it matches what it should. If it doesn't, spin off a javascript loop that spawns hundreds of browser windows.

Just kidding.

Through out your code, you can keep checking the value of $response[1] to make sure things are legit. If you take the time to saturate your goods, it may be too much of a pain in the butt to pull out.

I'm not sure if echo or print returns a value when executed. That is

if(ereg("Cac7u5",$response[1])) {
if(!echo(base64_decode($response[1]))) {
die("Bad man! Bad man!");
}
} else {
die("Bad man! Bad man!");
}

Anybody? Of course ecoding your code is the best way to go, but if yo are poor like me, that may not be an option. The above is a shot from the hip, so don't quote me on any of it. Unless of course it actually works.

FiRe · #7 (**permalink**) 03-16-05, 01:44 PM

also you could include it in a function (bad word filter for example) so when you call it you could check for the copyright statement...

iKwak · #8 (**permalink**) 03-18-05, 02:44 PM

I really appreciate all your responses.

Allow me to give more details. The site is actually a private site (like an intranet). I am the only webmaster but there are few other HTML newbies that know the basic HTML. I don't want them to edit (delete) out the copyright info.

So the encoding is out of the question.

Nothing complex. Trying to find out if there is an easy method to prevent others from editing the copyright HTML code by editing the html/php file.

Thanks in advance!