Script locking options (full version only)

 Top  Previous  Next

--expire [dd/mm/yyyy]            

 

With this option you can set an expiration date for the script. The script will not run on and after the specified date and comes with the error message: "script has expired". This option will override any previous lock set with the --days option.

 

 

--days [nn]                      

 

You can set the script to expire in a number of days (from today). The script will not run after nn days from today and comes with the error message: "script has expired". This option will override any previous lock set with --expire option.

 

 

Getting the world time for expiration date checking

 

If you use a time lock option for your scripts you may wish to let the script get the world time from the online time service for expiry checks rather than using the server time. You may specify a list of time services during encoding. 

 

Use --time-server option to specify time servers. You may specify multiple servers IP addresses or domain names separated with "," or ";"

 

The "time" protocol is used, tcp/ip to port 37 on the server.

 

If you have used a time-server option then your script will *require* an internet connection to run. Time servers will be checked in the specified order. If no server from the list can be accessed an error message will be displayed and the script will stop execution:

 

"script requires an internet connection to run [20]"

 

It's a good idea to specify 2-3 time servers which will let your script to work even if some of the time servers will be temporary down.

 

If you have multiple scripts included from each other and some of them were encoded with a time-server option then the script will access the time server only once for the first script for better performance and will use the time value from the time-server for other included scripts.

 

The list of available time servers may be found here.

 

 

* Locking the script to work only online

 

You may also use the time-server option to lock your script to run only online. Use time-server option as usual for this but don't specify an expiration date for the script. The script will try to access the online time service and will fail if it's not possible.

 

 

--domain [domain]                

 

You can bind the script to a domain name. The Encoder will lock the script to run only from the specified domain and all sub domains. If an attempt is made to run the script on a non-authorised domain, the following error message will be displayed: "script cannot run on this machine". You may use this option more than once to specify multiple domains. This option may not be used with the --domain-encrypt option.

 

Hint: use the name of the main domain in this option, not the name of any sub domain until you are sure you need to lock to a sub domain.

 

Example 1: --domain mydomain.com   

 

The script will run from mydomain.com, www.mydomain.com, myname.mydomain.com etc but will NOT run from otherdomain.com, www.otherdomain.com, otherdomain.net etc.

 

Example 2: --domain www.mydomain.com   

 

Script will run ONLY from www.mydomain.com. It will not run on the Main domain mydomain.com and all other sub domains like myname.mydomain.com as well as other domains like otherdomain.com, www.otherdomain.com, otherdomain.net etc.

 

 

--domain-encrypt [domain]        

 

Bind and encrypt to domain name. The encoder will lock the script to run only from the specified domain. The encoder will use a specified domain name as a part of the key for encryption for the maximum protection. The loader will not be able even to decrypt a script from the wrong domain and will display the error message: "script checksum error". You may use this option ONLY ONCE in a command line. This option may not be used with the --domain option.

 

Be careful when using this option if you may possibly need to run your protected script from a sub domain. Example: --domain-encrypt mydomain.com will allow to run script ONLY from mydomain.com not even from www.mydomain.com and vice versa.

 

Domain name locking supports wildcards. You may lock to *.site.com and so the script (or external license) will work for aa.site.com, bb.site.com etc. ? and * symbols are supported in the same manner as for specifying file masks.

 

--ip [x.x.x.x{/y.y.y.y}]         

 

Bind script to an ip/mask. The encoder will lock the script to run only from the specified IP address. The specified IP address mask will be applied to the real IP address before comparing. So you may use this option to lock the script to a multiple IP if mask is specified. If run from not allowed IP script will come with the error message: "script cannot run on this machine" You may use this option more than once to specify multiple ip/mask pairs. IP address mask 255.255.255.255 is used by default if not specified. This option may not be used with --ip-encrypt option.

 

 

--ip-encrypt [x.x.x.x{/y.y.y.y}] 

 

Bind and encrypt to ip/mask. The encoder will lock the script to run only from the specified IP address. The encoder will use a specified IP address with applied mask as a part of the key for encryption for the maximum protection. The Loader will not be able to even decrypt a script from the wrong ip address and will display the error message: "script checksum error". You may use this option ONLY ONCE in a command line. IP address mask 255.255.255.255 is used by default if not specified. This option may not be used with --ip option.

 

 

--mac [x:x:x:x:x:x]              

 

You can bind a script to LAN hardware (MAC) address. This address is unique for a networking adapter and so it may be easily used to identify a machine. A MAC address is 6 bytes long, with each byte represented in hex and separated with ':' The encoder will lock a script to run only from the machine which has a networking adapter with the specified MAC address. If there is more than one LAN adapter installed then script will check all of them. If an attempt is made to run a script from a machine without the correct adapter, then the script will display the error message: "script cannot run on this machine" You may use this option more than once to specify multiple MAC addresses.

 

Hint: you may use 'ifconfig' command under Linux or 'route print' under Windows to get a list of installed networking adapters and known MAC addresses.

 

 

--external [filename]            

 

Script will require external license file to run. This file may be distributed with the script or separately from it. This option gives you an opportunity to encode your script once and distribute to users with different licenses. Each license may have a different number of locks. You should specify only an external license file name here. Example: --external script.lic  No real license file will be created for now. You should use licgen tool for creating a license file for the script or you may do it via GUI if under Windows. When running protected scripts, and no specified license file is found, the script will come with the error message: "script requires ... file to run" You may use this option only ONCE in a command line. This option may not be used with any other binding options.

 

--projid

 

Allows you to specify Project ID to identify your project. To be used with --external option. You should use licgen tool for creating a license file for the script with the same Project ID.

 

--conj                           

 

Script will work only with other encoded files. This option makes sense only when encoding multiple files. All scripts encoded with this option will work only with other encoded files and will NOT work if any of the included files or top files are substituted with an unencoded one or encoded by another installation of SourceGuardian™ for PHP. This gives you the ultimate protection for your projects when multiple PHP scripts are used together.

 

Example: If you have a password in a.php and then b.php includes a.php and calls c.php for any action. No one can substitute c.php with their own code and do 'echo $password' to know your password if this option was used during the encoding of all files. Also no one can create d.php which will include protected a.php and then do 'echo $password'.

 

NOTE: Since SourceGuardian 5.0 this option was changed to allow including and executing only scripts from the same project (with the same Project Id value). This lets you develop and encode parts of your project on multiple machines (with multiple SourceGuardian licenses) and keep the "conjunction" option on for maximum protection.

 

We recommend to always use this feature if your project has any secure data embedded in scripts such as usernames, password, database names etc.

 

Since SourceGuardian 5.0 the "conjunction" option is always applied to the script during encoding and not to the external script license.