License mode:
Embedded - means that all binding information will be inside each encoded script. This is how SourceGuardian 2.x worked.
External - allows you to use the Script License Generator for specifying binding options for your project.
The Script License Generator is an external tool for creating script license files. A Script license file is required to run protected scripts encoded with this option.
Using the script license is the best way of encoding if you need to distribute one script or an entire project between different users, but need to use different restriction options for each user.
Scripts encoded with this option will require an external license file to run. Protected scripts will search for the license file in the current directory and all parent directories. So you may have one license file for an entire protected project located in the top project directory.
If the protected script cannot find the specified license file it will display the error message: "script requires ... file to run"
After encoding is finished you will be prompted to create a license for your encoded scripts if you set 'Automatically open External License generator' option in application settings.
File name
You need to specify license file name that your project will use. Specify exactly the same file name in license generator when you generate license for this project.
Project ID
This allows you to assign ID to your project to identify what license it should accept. Specify the same Project ID in license generator when you generate license for this project. This option is useful when you want to ship several products that uses external license so that each license would work only with its Project ID.
Project Key
This is used in pair with Project ID - required if you plan to use external license mode. Introduced in 5.0
New algorithm in 5.0 uses the idea of two keys. The first key (Project Id) is stored in the encrypted area of protected script and used to decrypt an external license file. The second key (Project Key) is stored in the license file and used to decrypt the bytecode from the protected script.
Using the new algorithm protects your product from creating a full working copy from the demo version by some people who may be interested in this. As to decrypt and run a protected script a true license file for the full version of your product is required. Otherwise it's impossible to decrypt and run a bytecode.
Project Id and Project Key values are required if external license protection method is selected.
Expiry date
'Scripts will timeout on' - click on calendar icon to choose the date you wish the script to expire. At the left side you will see the hint showing how many days are left from today's date.
The script will not run on and after the specified date and displays the error message: "script has expired".
Use atomic clock servers
If you use a time lock option for your scripts you may wish to let the script to get the world time from the online time service for expiry checks than using the server time. You may specify a list of time services in SourceGuardian settings.
Lock the scripts to work only online
If you do not use time lock option you still able to lock the scripts to work only online. Do to so, select this option. SourceGuardian will check if it is working online by accessing to atomic clock servers.
Binding
'Bind to IP(s)' - bind script to an ip/mask. The encoder will lock the script to run only from the specified IP address(es). The specified IP address mask will be applied to the real IP address before comparing. So you may use this option to lock the script to a multiple IP if mask is specified. If run from not allowed IP script will come with the error message: "script cannot run on this machine" You may add as many IP address/mask pairs as you want using editor. Press '+' button if you need to add another IP/Mask pair (or press down arrow on keyboard while in editor). Press '-' button if you want to delete current IP/Mask pair.
IP address mask 255.255.255.255 is used by default if not specified.
Encrypt to IP - bind and encrypt to ip/mask. The encoder will lock the script to run only from the specified IP address. The encoder will use a specified IP address with applied mask as a part of the key for encryption for the maximum protection. The Loader will not be able to even decrypt a script from the wrong ip address and will display the error message: "script checksum error". IP address mask 255.255.255.255 is used by default if not specified. If you choose this option then the Bind to IP(s) option become inactive (and vice versa).
Bind to hostname: - you can bind the script to a domain name. The Encoder will lock the script to run only from the specified domain and all sub domains. If an attempt is made to run the script on a non-authorised domain, the following error message will be displayed: "script cannot run on this machine". You may add as many domain names as you want.
Hint: use the name of the main domain in this option, not the name of any sub domain until you are sure you need to lock to a sub domain.
Example 1: mydomain.com
The script will run from mydomain.com, www.mydomain.com, myname.mydomain.com etc but will NOT run from otherdomain.com, www.otherdomain.com, otherdomain.net etc.
Example 2: www.mydomain.com
Script will run ONLY from www.mydomain.com. It will not run on the Main domain mydomain.com and all other subdomains like myname.mydomain.com as well as other domains like otherdomain.com, www.otherdomain.com, otherdomain.net etc.
Bind to MAC - You can bind a script to LAN hardware (MAC) addresses. This address is unique for each networking adapter and so it may be easily used to identify a machine. A MAC address is 6 bytes long, with each byte represented in hex and separated with ':' or '-'.The encoder will lock a script to run only from the machine which has a networking adapter with the specified MAC address. If there is more than one LAN adapter installed then script will check all of them. If an attempt is made to run a script from a machine without the correct adapter, then the script will display the error message: "script cannot run on this machine" You may use this option more than once to specify multiple MAC addresses.
Hint: you may use 'ifconfig' command under Linux or 'route print' under Windows to get a list of installed networking adapters and known MAC addresses.
Encoded scripts security
Work only with other files encoded with your copy of SourceGuardian™ - script will work only with other encoded files. This option makes sense only when encoding multiple files. All scripts encoded with this option will work only with other encoded files and will NOT work if any of the included files or top files are substituted with an unencoded one or encoded by another installation of SourceGuardian™ 5.0 for PHP. This gives you the ultimate protection for your projects when multiple PHP scripts are used together.
Example: If you have a password in a.php and then b.php includes a.php and calls c.php for any action. No one can substitute c.php with their own code and do 'echo $password' to know your password if this option was used during the encoding of all files. Also no one can create d.php which will include protected a.php and then do 'echo $password'.