Quick question, I'm currently making a license system for my private plugins... **I know, Code can always be cracked... But I'm trying to make it hard for the thieves to just re-sell my plugins.*** Any methods or factors to check / differ a server from one another? I once used ServerUUID (Which PocketMine generates on startup based on Server Specs and IP) but I've had problems with it when the server is hosted on MultiCraft (since the server specs will change on every restart based on the Host's available resources.. It wouldn't work.) I can't use the server's IP as a way to validate it as MultiCraft hosts often have a lot of servers hosted in one IP but with a different port... Port and IP? No... The owner might change the port then they'll just make their license invalid... A License file? Idk... Doing that will make it easy-as-downloading-an-extra-file to crack the plugin. Any other way to validate plugin licenses?
Plugin licenses are valid from when they set the license. Any change to the plugin will still fall under the license. Any changes made BEFORE the was added, those changes are not licensed. If you want help on choosing a license, https://choosealicense.com is a good website to look at. https://opensource.guide/legal/ is also a good website to get simple help on the legal side of Open sourced code. (Linked by GitHub)
i think it would be considered to be in offtopic he meant licensing solutions to prevent unauthorized copies of your plugin to run, if you never make a commissions or sell a plugin before, you probably wont get it
i think you should consider to: not resell plugins, do commissions as on paid for work basis; explanation: basically they are paying for your work, ownership and copyright for said plugin, once you are done with the plugin, and both parties are happy with how the plugin is, you just officially transfer everything to their name, after that you can be worry free to do your next offer you can also charge more with the reason that they now fully own said plugin and can resell, opensource or claim it as their own most likely bigger clients already offer bout 40$+(i mean unless something changed there) and should be enough for you, and probably worth enough to be worry free about resellers tho that still leave a gap, for cheaper plugins like 10$< probably dont worth giving rights to said person and lost the ability to resell it
That's the problem, Some thieves just resell the plugin w/o any permission whatsoever.... >> That's why they're called thieves xD I don't know any thief who asks for permission before stealing something lmao
well, you should say like, you cannot resell this plugin, some people dont know that; often times ez kids get scared if you can put a legal threat also you can try device MAC, but it rekt multicraft like servers same for ip and port fails for ppl who host by their own pc it's hard to do such things without wasting more money then you can ever earn back to lowend commissions
I think you should make a User Agreement (or maybe Terms and Conditions). If they break the agreement by violating the copyright or license, you can take action. Most common action is a DMCA Takedown if they have shared it on GitHub, or anywhere online that's accessible. With private plugins, I suggest not using a license at all. Instead, use a standard copyright. Spoiler: tl;dr warning As GitHub states: If it was me, I wouldn't do plugin commissions at all unless you will accept that your work will be shared. With stuff like Plugin development, Since it is simple files, files can easily be copied and redistributed. Possibly even sold again. Unfortunately there is very little you can do to stop it. If it is not on GitHub, any other Open Source services or file hosting services, then most likely you would have to pay to get it removed from the internet. Use this as a example: http://www.dmca.com is a service that you have to pay for. And it is not a pretty price. It costs a lot more than the plugin's worth to submit a DMCA complaint. You can also sue the offender. In some cases, I've seen people get sued for trying to re-sell content that is not their right to sell, or even claim as their own. (Not PocketMine related, but it could happen)
Suing someone will take time and money (which is more than what you've earned)... Usual cases aren't worth spending large amounts of money for... http://www.eurogamer.net/articles/2017-08-25-darkwood-developer-releases-its-own-game-on-pirate-bay
Turn on the Internet firewall to prevent auto-reporting (whoever bothers setting a report server to automatically notify his lawyer) Try the redistributed version. Not working? Look for strange code in the source code. Or just search for words like "disablePlugin", "throw", "die", "exit", etc. Source code obfuscated? Get a deobfuscator, or just hire someone to help deobfuscate the plugin. (If anyone asks me to do it when I'm in a good mood and bored, I'd happily do it, and I won't care whoever wrote the plugin or whatever they want to do with the deobfuscated version, because I'm not a user, I'm not given a license and I am only creating a program that works on a bunch of bytes, and what people do with this program has nothing to do with me because I will already have disclaimed any responsibility in the deobfuscator's license)
maybe you could make a diffrent version for each person who buy the plugin and than check if that version is running on another server (maybe MySqli) if its you can disable it on both of them
if you gave direct mysql access, someone will just go in and mess your db up well it's impossible to defend against actual developers the best you can do is to defend against these not knowledgeable people who make a living my reselling things they dont even know what it does also you could encode things on the PHAR metadata, should confuse most of the newbies straight out the bat
Like I said, Code can always be cracked... You just gotta make it harder for the thieves to do that (usually people who doesn't even know how to decompile plugins or know what it does). PHP Cannot be obfuscated/encoded to machine code/binary without an additional Extension to run it... :/ (Which will suck since people usually just want installation to be as easy as possible...)
extensions can be dumped to bytecode, and reverse engineered from there if people REALLY want to do it, they WILL do it and i bet ya some dude will be like RE "your obfuscated plugin", there here's a unobfuscated version and here's also a unobfuscator for anything that uses that extension lolololololol get rekt!!!
http://web.bojidar.com/online-tools/php-zend-decoder-and-free-online-decompiler.html idk if "Zend Guard" encoded files can really be decoded on this site tho...
try source guardian, some spinoff chinese plugin maker uses that one too bad i cant dump bytecode so they won, for now....