file_get_contents a bad idea?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • AaronL
    New Member
    • Jan 2007
    • 99
    #1

    file_get_contents a bad idea?

    Hello,

    I'm writing a sophisticated e-commerce software suite in PHP. What I want to be able to do is have customers use my software but not have access to the source code of my PHP so they can't copy it etc... So, I figured I'd use the file_get_conten ts(); function to get the data I need from my software to display it on their custom store page. I created the following script to do it.
    Code:
    <?php
  
  // eCommPHP Pro Store script v. 1.0 By. Aaron Lambert
  
  // NOTE: LAMBERT SOFTWARE MUST KNOW THE EXACT URL AND NAME OF THIS FILE TO UPDATE
  // YOUR RECORDS SO THAT ECOMMPHPPRO WORKS PROPERLY.  THE DOMAIN NAME NEEDS TO MATCH
  // THE DOMAIN WE HAVE ON FILE OR YOU WILL BE CHARGED A NEW LICENSE FEE.  
  
  // IF YOU PERSONALLY MODIFY THIS FILE AND IT DOESN'T MATCH THE FILE WE HAVE ON 
  // RECORD FOR YOU, THE CODE WILL NOT BE SUPPORTED BY OUR TEAM.
  
  // If you would like customization to your layout, we offer a great layout customization
  // package for only $49.99 per layout!
  
  // Set up the company code to match what was given to you by Lambert Software.
  // If this is changed, your store will not work!
  $companycode = 'bobspancakes';
  
  // *** REQUIRED CODE BY LAMBERT SOFTWARE ***
  $ecommfetch = 'http://www.ecommphppro.com/' . $companycode . '/';
  
  // Get the function parameter
  if ($_GET["fct"]!='')
  { $function = $_GET["fct"]; }
  else
  { $function = 'catalog'; }
  
  // Determine which function we need from eCommPHP Pro
  switch ($function)
  {
    case 'catalog':
      $ecommfetch .= 'catalog.php';
      break;
    
    case 'viewitem':
      $ecommfetch .= 'viewitem.php';
      break;
      
    case 'viewcart':
      $ecommfetch .= 'cart.php';
      break;
    
    case 'addcart':
      $ecommfetch .= 'cart.php';
      $parameters = 'fct=add';
      break;
    
    case 'delcartitem':
      $ecommfetch .= 'cart.php';
      $parameters = 'fct=delitem';
      break;
    
    case 'cancelorder':
      $ecommfetch .= 'cart.php';
      $parameters = 'fct=co';
      break;
  }
  
  // Now that we have the function, lets process the parameters passed.
  if ($_GET["scat"]!='')
  { $parameters .= '&scat=' . $_GET["scat"]; }
  
  if ($_GET["pg"]!='')
  { $parameters .= '&pg=' . $_GET["pg"]; }
  
  if ($_GET["ppg"]!='')
  { $parameters .= '&ppg=' . $_GET["ppg"]; }
  
  if ($_GET["srt"]!='')
  { $parameters .= '&srt=' . $_GET["srt"]; }
  
  if ($_GET["srch"]!='')
  { $parameters .= '&srch=' . $_GET["srch"]; }
  
  if ($_GET["inum"]!='')
  { $parameters .= '&inum=' . $_GET["inum"]; }
  
  if ($_GET["qty"]!='')
  { $parameters .= '&qty=' . $_GET["qty"]; }
  
  if ($_GET["vimgnum"]!='')
  { $parameters .= '&vimgnum=' . $_GET["vimgnum"]; }
  
  // Now lets make sure the right delimiter is in place for the function
  if (substr($parameters, 0, 1)=='&')
  { $parameters = '?' . substr($parameters, 1); }
  else
  { 
    if ($parameters!='')
    { $parameters = '?' . $parameters; }
  }
  
  // Add the parameters to the fetch URL
  $ecommfetch .= $parameters;
  
  // Replace spaces with +
  $ecommfetch = str_replace(" ", "+", $ecommfetch);
  
  
  // Go ahead and fetch the page now.
  session_start();
  echo $ecommfetch;
  echo file_get_contents($ecommfetch);
  
  // *** END OF REQUIRED CODE ***
                     
?>
    While doing this, I came across a big show stopper, $_SESSION variables. When I add an item to my shopping cart, it creates a session variable with the new order number. If I use the script above, of course the session variables will not get sent over because file_get_conten ts(); only gets HTML content, so the SESSION variables I imagine are only being created on my server side and not on the customers web site...

    I was then thinking of just redirecting to my cart software on my server, but that negates the idea of having the customers clients log in themselves and have the feature of customers logging in to their store.

    I'm extremely confused... How should I approach developing my software so it can't be stolen?? I put a lot of work into this.

    Thanks!
    Tags: None
    • Dormilich
      Recognized Expert Expert
      • Aug 2008
      • 8694
      #2
      IMO, you should provide the access to your cart software through an API and forbid access to your code files (but not the API files), e.g. by .htaccess

      this may require a programme on the client’s side to ease API usage (like jQuery does for JavaScript)

        Comment

        • AaronL
          New Member
          • Jan 2007
          • 99
          #3
          I'm very inexperienced with API's etc... know of any good resources where I can learn those type of things?

            Comment

            • Dormilich
              Recognized Expert Expert
              • Aug 2008
              • 8694
              #4
              an API is simply a set of methods, that can be accessed publicly (take the DOM for example)

                Comment

                • AaronL
                  New Member
                  • Jan 2007
                  • 99
                  #5
                  Yeah I kinda know how API's work, I know how they work with visual basic, but I don't know they work on the web or how to design one, I'm not very smart like that.

                    Comment

                    • Dormilich
                      Recognized Expert Expert
                      • Aug 2008
                      • 8694
                      #6
                      an API is language independent. all you need to know is what the client needs to do by your "hidden" code and provide the hooks to do it.

                        Comment

                        • dlite922
                          Recognized Expert Top Contributor
                          • Dec 2007
                          • 1586
                          #7
                          Furthermore...

                          Application Program Interface.

                          The key word there is "interface" . All you have to do is provide some kind of way (any standard way is fine) for external applications to talk to your program.


                          Dan

                            Comment

                            Previous template Next
                            Working...