This was an article I wrote for Web Hosting Talk back in April 2004. I’ve made a few revisions to it and felt it would be worthwhile to share here as well.
This guide is intended for programmers who frequently take on freelance projects, those contracted over the internet by strangers to make a PHP script. Due to the nature of the web, it’s very easy to get scammed in this exchange, and there usually isn’t much you can do about it if it happens. Luckily for you, you’re 1 step ahead of the scammers by reading this guide before you sent them your script (hopefully).
Scenario: You are paid $1,500 to write a PHP script for Joe Montana. Joe pays you, you send him the script, all is well, until Joe reverses the charges, leaves you out in the cold while you just wasted several weeks and he gets a free script. Now you have to stress yourself with tracking him down to press charges, which most of the time never happens. Debating intangibles over the internet is a sticky situation for the seller, aka service provider, aka you. I just read the same story on another forum, which is all too common, and this prompted me to share this with hopes of protecting your time and profit.
Step 1
Open the file that is critical to the script’s operation and won’t require modifications by the client at any point in time. You’ll want to pick a file that if you take it out of the picture, it will cripple the operation of his script.
Step 2
Paste this snippet at the top of the file, before the script’s operations are run.
$lines = file('http://www.example.com/joemontana.txt');
foreach ($lines as $line_num => $line) {
$license = htmlspecialchars($line);
if ($license == "invalid") {
exit("License Invalid - Please contact THECOMPANY");
}
}
Now do the following:
- Create a .txt file, call it something unique, preferably the name of the project/client.
- Upload the .txt file somewhere accessible from the web, preferably on your server where only you can write to it.
- On Line 1 of the code above: Change example.com/joemontana.txt to your website and path to the text file you uploaded.
- On Line 5 of the code above: Change YOURCOMPANY to its respective variable. You can edit this message to say whatever you want.
Now if at any time you have a reason to disable his script, all you need to do is open that text file, and type the word: invalid
After you save that file, his script will not function. This method is safe for your client; if your server is down, the file doesn’t exist, or anything other than the word “invalid” is in the document, it will function properly.
Step 3
Now you’re thinking, “That’s good Matt, but what if the client isn’t an idiot and he goes in and deletes my protection”. This is where encoding comes into play. Pick your favorite one, if you don’t have one in mind, I suggest IonCube. Encrypting a file with them through their Online Encoder costs 50 cents, which is peanuts when you consider the sheer satisfaction you’ll receive if a client does scam you and you’re able to pull the rug from under them.
After your file is encrypted, open it up in a text editor, you should see a bunch of nonsensical data in there. Pack it up and ship it to your client! It’s important to remember that you’re not safe from being scammed, always exercise caution when doing business over the Internet. You’ll at least have a lot more control over the situation using these methods.
I suggest that you inform your client that you will be encrypting the file. Include instructions and offer to install the IonCube loaders on their server. Make sure to tell them to upload the encrypted file in BINARY mode, as it will not work otherwise. You should send them the unencrypted file after a couple months from their payment (or whenever you feel it has fully cleared and you’re safe) for their convenience, people don’t like being under the gun forever.
These instructions are provided without warranty. Any damage or loss, yadda yadda yadda *insert long disclaimer here*, is your own fault.