|Encrypt PHP file and run encrypted fi...
|Request new recommendation
by karthikeyan - 9 years ago (2014-12-15)
How can I encrypt a PHP script file and run the encrypted code on browser without decrypting it first?
4. by Mat Jung - 1 year ago (2022-10-05) Reply
A PHP script file is running on a server, not on a browser.
3. by re - 3 years ago (2020-10-30) Reply
2. by Wildan Izzudin - 6 years ago (2018-02-11) Reply
1. by Ojo Joseph Oluwaseun - 6 years ago (2017-10-18) Reply
I've published a library which should perform exactly what you need https://www.phpclasses.org/package/9923-PHP-Obfuscate-PHP-code-using-base64-and-compression.html
Minifying and obfuscating the PHP source code in enough in many cases to protect the code from unauthorized use. Try PackApp.php for this.
with this you don't need to manually decrypt the code before execution you just need to run the self decrypting code. but as Manuel said it slows the code execution for very long script...
There are several classes to obfuscate PHP code, if that is what you mean.
Anyway, this class here actually does what you ask, encrypt PHP source code and decrypt it with a given password key.
However, I would not advise using it for performance sensitive applications because decryting code every time you execute takes a good time.
Maybe you want to PHP opcode encoder program. Those are usually commercial but they hide their encoding algorithms. They are not impossible to break but they give a reasonable difficulty to people that want to sneak and steal original source code.
A simple alternative that does not cause performance problems is to create PHP phar archives from your code. You need to have the PHP PHAR extension to use them though.
1. by Gerry Danen - 9 years ago (2014-12-16) Reply
I guess the question is what is the reason to encrypt. Unless you release the source code (encrypted or not), is there a need to worry? Take inspire.gerrydanen.com for example. You can get the JS easy enough, but the PHP?
2. by Manuel Lemos - 9 years ago (2014-12-23) in reply to comment 1 by Gerry Danen Reply
Yes, sometimes developers just want to obfuscate the enough to prevent that nosy customers change the scripts easily.
In that case the right action is not encryption but obfuscation or maybe binary encoding like what is done with PHAR archives.
Encryption is often an heavy task. If you need to decrypt a script every time you need to run it, it will slow down your script execution.
Furthermore encryption done in PHP code requires that the decryption code has the encryption key, so it is not much of a protection because the whoever wants to recover the original code can do it easily.
3. by Ilias Elkor - 6 years ago (2017-07-21) Reply
PHP scripts are never sent to the browser..PHP is a server-side language which means the users by definition will never be able to see the code (unless you got some serious security issues going on in the server).
Therefore i assume what is meant is to "protect" the code? perhaps from modification by people that you give your code to or something? in which case you must mean obfuscation..which is generally not recommended as it only really serves to make your code a bit harder to read (and maybe get rid of a few lines in the process).
The server needs to be able to read your php scripts in order to execute them, and therefore anyone with access to the server can read/use your code, so even if you encrypt it you still need to give the server the key to be able to decrypt it before running it. And again, anyone with access to the server will be able to do the same.
Finally, there is no reason for you to 'encrypt' your php code, you should focus on securing your server instead (alongside the occasional security measures against user inputs that would cause XSS attacks or SQL injection, etc).
4. by Remiya - 6 years ago (2017-10-05) Reply
Uses mcrypt external extension - DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.
5. by Cy Door - 6 years ago (2018-02-25) in reply to comment 3 by Ilias Elkor Reply
Thats not true. Imagine someone is selling his products