I want to sell plugin to my friend, but I think he send it to other people free or post on poggit.. Can I add some license or something else to allow using people plugin only if I allow them?
yes you can but you cant stop them doing so, even if you did have license they can break/ignore them anyways you can TRY to stop it using DRM obfuscations but it can be easily evaded even if you have a license, do you have the resource to file a sue? even if you did the damage has been done before you are able to stop it, see LBSG core leak incident
That's true. If he does do so, then he's definitely not really your friend. @HimbeersaftLP how do you have likes on that post? This is the off topic section, and I don't see a like button. I want to like that post too!
I thought of something quick, which could work, but this would require your own custom-made plugin shop server and other things, and it may still hackable. This ideology bases on making your plugin activated by IDs. The steps would be: User buys your plugin off your custom-made website, then afterwards receives a 'plugin activation id' or whatever you would wanna call it. The website would save the 'id' and the full plugin code into a private database table. The user would run a command to activate this 'id', example: "/pluginactivate <your given id>". Once activation is complete, the ID would be saved into the database, so it cannot be activated more than once on another server. Next, your plugin would send a GET request to the website, using the 'id', the website check if the 'id' is valid and if true, it would send the full code as socket data. Finally, the plugin would "catch" the socket data and run it as code. I'm sorry if this is incorrect, I'm only trying to give new ideas.
seems doable but with enough reverse engineering any devs could bypass that only problem is that plugin would be a one time use, since if you try to do it again the code is now invalidated... if it's not invalidated on the GET endpoint they devs could bypass that and just call wherever the get is, assuming you save it into file, that would destroy the purpose of it, not good enough to throw off novice developers, but good enough to throw off normal customers, code copying developers...
Or only one IP address to download from per code. But you can still edit the plugin and let the plugin dump the downloaded data somewhere. Or even easier, use Wireshark to intercept data downloaded from the shop server. (Doesn't work with SSL though)
only one ip also meant you have to implement something like a website for customers to update their IP, either ways they wouldnt like that...
in this given context, i am assuming the developer is happy to do everything in their power to protect their plugins regardless of how much complication or effort it would take when i say "they wouldnt like that..." i meant they, the customer wouldn't like to have to update their IP everytime it changes, especially when they are on dynamic IP There's also an issue i just noticed, if you use IP verification, some/most host share a server IP thus all servers using the same IP could hitch a ride on using that plugin
I think your best bet is to decide that you will only sell the plugin once, as if they had commissioned it from you. What they chose to do with it is then their problem. Of course this approach means you'll only get paid once, like a painter does for a painting... So it's up to you fix a price that makes you happy. If the plugin took you 10 hours to make, and you think you are worth 10$ an hour, then charge 100$ (and include after sales service, 1 year of updates or whatever). One downside of this, however, is that your plugin will probably not be shared and enjoyed by thousands... Unless you've sold it to a large network. If you want to write and sell software that cannot be easily copied... Don't use PHP!
Not really, some people may just downsell/resell it with a lower price to multiple people, so it's still possible not like we care what they do to our plugin because it's now fully theirs... but downside to the reseller is, they are sometimes shady and you wont get direct support or mostlikely they wont even care to support pretty much TLDR of the whole conversation...
Another method (in the condition that your plugin is complicated enough) is, refactor all plugin-declared symbols (classes, methods and variables) and shuffle them, and occasionally zlib-encode and base64-encode some strings and some code. This will make it really difficult to remove the license-checking code from the plugin. If your plugin is too simple that the license-checking code is even longer than the plugin itself, it isn't worth buying anyway
That's why you need a good obfuscator. Again, if your plugin is too simple to be obfuscated, there is no point in selling it anyway.
If they use your plugin on a server that you didn't authorize to use it you can write to the host and they will shut down their server
depends... how can you tell anyways? do you really want to join all the servers in existed in the world and then try to tell if they used your plugin? what if it's a self hosted one? what if it's a dedicated one? what if it's a offshore host? do you really have THAT much time manually submitting these request
It's been proven many times that software is somewhat easy to pirate. You can take every precaution available, but from what I know people will always find a way around that.