is there a way to protect .phar files from viewing the Main.php file ? like this plugin https://imgcl.co/plugins/pvp-level-rpg.634/ sorry for bad english
The best you can do is write your own obfuscator. If that's not an option, you can use any of several available online, but they are all easily reversed by online deobfuscators...
SOFE messed up the formating either ways, it's impossible to hide your code while allowing it to run it's like being able to allow you to read the book without copying it there's some languages like python which generates a compiled bytecode("citation needed") which seem hard to read at first but if you are really determined you can still reverse engineer it you can try something like compression but they can unphar and they will get the same thing anyways
Also, guys keep a note that if you are to success obfuscate your plugin, you should really have a licence on it that allows modification. For example that imagicalmine link above added that license. It’s kinda stupid. You are giving them permission to modify your plugin, but you don’t want them to see your code. Best to find a licence that denies modification, or stick to standard copyright. (Standard copyright is when you don’t add a license.)
OK, please decode this for me. Spoiler Inspired by this xkcd: My point is, as long as your plugin is complicated enough, it is difficult to restore it to a human-readable source. The FOPO thing forces the server to decode, inflate, decompress, process and otherwise twist the piece of mess multiple times to get the final code to evaluate. Meanwhile, the Google.com one was merely optimized code (without trying to compress or otherwise encode the code) and it's already virtually impossible to figure out how it works. Honestly, if your plugin is complicated enough, only professional programmers could understand your code, and these are usually people who don't bother to read your source code because they can write much better and faster than you.
There are 2 php encryption tools that may help. I use “phpencode.org” or “fopo.com.ar” if you have an Android device you can download Phar from the play store. In this way when people open your phar, it won’t show the code. They would have to extract it with eather dev tools or “pmt.haniokasai.com” I highly recommend “fopo.com.ar” because it’s very secure in encryption. Unlike “phpencode.org” having decoding websites. Fopo does not. I hope this helped
it's called obfuscation, or else the server need the key to decrypt the plugin to run it, which the decryption key also reveals the source anyways, if anyone have any suspicious obfuscated code just make a thread/profile post and you can be sure someone, at least someone will be willing to help you uncover what lies beneath obfuscation is making it hard to reverse, while still allowing the code to execute encryption is to make it impossible to reverse OR to execute unless the user knows the secret