License an Application

You could use Ioncube with a license check. Something like http://kbeezie.com/generating-ioncube-licenses/

I have my own licensing system, I just need to know if there is a way to implement it into Laravel.

@Hulu How are we meant to know if you can implement your own licensing system into Laravel?!

@martinbean He is asking generically. But I do agree with you. We really cannot know how to implement your own system into laravel. Maybe make a GitHub repository or something similar so we can look through it ourselves.

I haven't even started it... I'm trying to see if it would be possible to do. Let me try to give a better example.

When a client purchases the application from me I generate them a license key. When the user is setting up the application they will be prompted to input a license key. After they submit it, based on the key, it will retrieve what tables need to be created and create them accordingly.

Maybe I'm trying to do something that Laravel can't do since its installed with composer?

As far as I know, Laravel does not have this feature readily available. You'd have to get a new package to do so. Here is something that you may want to take a look at: https://packagist.org/packages/yoast/license-manager

This isn't for Laravel is it?

You could make the migrations externally and then fetch them using file_get_contents()? While fetching the migrations you could save them in the database folder and then run them after.

We are also just releasing a commercial web app where users pay a one-off license fee for access and support, so have been thinking about the same thing.

Initially I was going to use Bitbucket and give access to users based on their username, but this became a bit problematic.

Instead, we now use the Satis private repository manager on our server (https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md), protected by a basic auth htaccess / htpasswd.

When the user tries to composer install or composer update their repository (pulling in our app as a dependency), the Get

  - Installing doorstep/framework (dev-master 5e8766c)
    Authentication required (get.doorstepapp.com):
      Username: 
      Password:

In the background, when they buy a license we fill their license key as the username and password on the htpasswd, so effectively it should be instant access. If we need to revoke a license, they no longer get updates.

Hope that helps. Happy to give more info

@davidrushton That seems like a good way to tackle it, but how do you make that work? What does your dependency consist of?

Is this how Oktober cms does their plug-in downloads and install?

@Hulu

I'm having trouble following what you want. You say you have done this but keep asking questions which make me even more confused.

To help clear up @davidrushton 's answer:

1. install satis (link and information provided above)

2. manage your htpasswd file with your users ID and their license

A. when user install your software using composer or when they get updates the htpasswd will verify and then allow then to proceed.

B. He did not say how to create your own htpasswd managment system

C. his dependency consists of: what he created and added to his composer.json file. You would just do the same.

        "hulu/package1": "dev-master",
        "hulu/package2": "dev-master",
        "hulu/package3": "dev-master",

Note: This means that your user will have to know how to use composer or your application will need to use composer to install.

It sounds like you are not familiar with laravel, there are many projects on github that you can look at and learn from. I hope that you understand that laravel is a framework and that you will need to create many solutions by yourself. There are many packages available but they are not like wordpress plugins that basically work by changing some settings. Laravel packages give you the ability to save time creating things but you still need to write code and html to pull that functiionality into your application.

@andy I did the licensing with a different framework, I want to remake it with laravel. I've only messed with laravel for about 2 weeks so I'm extremely new to it. I was trying to find out exactly what he put in his dependencies to have the application require them.

What if they removed one of the dependencies? Would it still work?

Just going to leave this here and be realistic: whatever you come up with, prepare for it to be circumvented. If you’re letting customers install your code on their server, then they have your code. Even if you use something like ionCube—ionCube’s got to decrypt the encrypted source code. A customer can just run the same routine to decrypt the source code and view it.

Plan on only giving database migrations to ‘licensed’ customers via a HTTP call? There’s nothing stopping that customer setting up a HTTP proxy and inspecting the traffic. But what’s the point? Once you’ve sent them database migrations, they’ve got them.

Unfortunately this is the downside of digital products like web applications. Once you give it to a third party, they’ll do what they like with it.

@Hulu

The dependencies are what you decide for your application. As an example:

    "require": {
        "laravel/framework": "4.0.*",
        "way/generators": "dev-master",
        "laravelbook/ardent": "dev-master",
        "bllim/datatables": "*",
        "ccovey/ldap-auth": "dev-develop",
        "anahkiasen/former": "dev-agnostic",
        "zizaco/entrust": "dev-master",
        "endroid/qrcode": "dev-master"
    },

No, that isn't from anything I using.

Anyway, if you remove a dependency, the application will still run. IF you notice, in my previous post, I used your laracast name. those are packages are on your server and that is a way to check against the application is still under license or not. IF you are trying to block the appliation from running or you want it to "phone home" then I totally with @martinbean .

IonCube also slows your application down. Besides there are sites out there that will offer your software as null'ed ;-)

If you don't want people to have your software, then just offer it as a hosted service.

If the software that you made doesn't need any special "other framework" functions. Then you can pretty much use it with laravel. laravel is very flexible with how you do things.

@Hulu

The dependencies are what you decide for your application. As an example:

    "require": {
        "laravel/framework": "4.0.*",
        "way/generators": "dev-master",
        "laravelbook/ardent": "dev-master",
        "bllim/datatables": "*",
        "ccovey/ldap-auth": "dev-develop",
        "anahkiasen/former": "dev-agnostic",
        "zizaco/entrust": "dev-master",
        "endroid/qrcode": "dev-master"
    },

No, that isn't from anything I using.

Anyway, if you remove a dependency, the application will still run. IF you notice, in my previous post, I used your laracast name. those are packages are on your server and that is a way to check against the application is still under license or not. IF you are trying to block the appliation from running or you want it to "phone home" then I totally with @martinbean .

IonCube also slows your application down. Besides there are sites out there that will offer your software as null'ed ;-)

If you don't want people to have your software, then just offer it as a hosted service.

If the software that you made doesn't need any special "other framework" functions. Then you can pretty much use it with laravel. laravel is very flexible with how you do things.

I appreciate all the feedback! If I figure something out I'll let you guys know!

Anything not in your server could not be secure :) I tried all possible ways (composer repo, licence files, codes) they are only different in term of how much time a coder needs to break the licence, not wether or not this will be secure.

@andy @Hulu

Just catching up on your replies. The method we use is a simple htaccess protecting our self-hosted Satis repository which has archive downloads enabled.

The customer (who we intend to be a developer with composer knowledge) clones our Github repo and when then run composer install and it gets to our framework package, they are asked for a Username + Password. You can see our composer.json file at https://github.com/doorstepapp/doorstep/blob/master/composer.json

We're not in favour of encoding software, and as everyone else has said, this method clones our source code, migrations, etc to the vendor folder and we are then trusting the client not to re-sell or pirate.

Good luck with your project.

@andy @Hulu @davidrushton : Checking if someone got a good solution?

@nikhil_webfosters We are still using a private Satis repository with a htpasswd auth (in nginx / apache) on the /web directory. When a client uses one of our proprietary packages, composer asks them for a username and password which we set up manually for them.

Hope that helps.

In other words if someone wants to sell licenses so clients can use the service, this service must be hosted by the developer? Otherwise, there is a possibility that the client can get your source code.