Hide And Unhide Code With PHP

If you are selling a system the last thing you want is for people to copy the system and pass it on for free. There are numerous ways to implement parts of the system that will stop this from happening.

By far the easiest is to create a section of code that is hidden, the removal of which will cause the application to fall over. It could even be as simple as a link back to your site so that even if you give you application away for free, you will always have that link present.

This method involves the use of a function called eval(), which takes PHP code as a string and interprets it to produce output. Here is an example that prints a link to #! code.

$code = "echo \"<a href='http://www.hashbangcode.com/' title'#! code'>#! code</a>\";";
eval($code);

So let's use some code to hide this from anyone who might be reading our source code. First we pass this string through our hiding function to produce non-human readable text. This function is called obfuscate() and works by taking each character in turn and converting it into the ascii equivalent.

function obfuscate($text) {
    $length = strlen($text);
    $scrambled = '';
    
    for ($i = 0; $i < $length; ++$i) {
        $scrambled .= ord($text[$i]). ' ';
    }
    
    return $scrambled;
}
$code = "echo \"<a href='http://www.hashbangcode.com/' title'#! code'> #! code</a>\";";
 
$obf = obfuscate($code);
echo $obf;

This will print out the following:

101 99 104 111 32 34 60 97 32 104 114 101 102 61 39 104 116 116 112 58 47 47 119 119 119 46 104 97 115 104 98 97 110 103 99 111 100 101 46 99 111 109 47 39 32 116 105 116 108 101 39 35 33 32 99 111 100 101 39 62 32 35 33 32 99 111 100 101 60 47 97 62 34 59

We can store this as a variable until we next need it. In order to run this code we need to convert it into something that eval() can understand, to do this we use the opposite of the obfuscate(), called unobfuscate(). This function works by taking a set of ascii values and converting them into their character equivalents, note that we also trim the text to remove the last space from the end of the code.

function unobfuscate($scrambled) {
    $text = '';
 
    $bits = explode(' ',$scrambled);
    
    foreach ( $bits as $bit ) {
        $text .= chr($bit);
    }
 
    return trim($text);
}

We can then transform our hidden code into PHP code, which is then passed to the eval() function and run.

$code = '101 99 104 111 32 34 60 97 32 104 114 101 102 61 39 104 116 116 112 58 47 47 119 119 119 46 104 97 115 104 98 97 110 103 99 111 100 101 46 99 111 109 47 39 32 116 105 116 108 101 39 35 33 32 99 111 100 101 39 62 32 35 33 32 99 111 100 101 60 47 97 62 34 59';
$code = unobfuscate($code);
eval($code);

This produces the following output.

<a href='http://www.hashbangcode.com/' title='#! code'> #! code</a>

Beware that doing this sort of thing will probably slow down your application, especially if you try to eval() a large block of code. A single link like this is probably as far as I would personally go as there are much better ways of verifying that a piece of software is properly licensed.