If you need to protect some magnificent algorithm you could have the code sitting on your own server with an authenticated API to access it, then distribute programs that use that API and sell credentials to use that API. It would then be possible to control code access as you pleased. This would be a sort of a software as a service type system that can be very effective in combating software piracy.

However this system has many potential flaws, one of which is it will be very difficult to persuade customers to trust this system knowing that if your company removes it’s servers then they also lose theirs along with any investment of time/money into using the service.

Also the cost/maintenance would be substantial considering you would need to be able to support the combined traffic of all your customers received.

It would probably be easier to provide updates/support so people continue to pay for your services. I think it would be worth considering advice given on how to disable copying data from a webpage that any sort of protection that can easily be broken may not be worth the development effort and may annoy legitimate users and instead add value to continuing to pay for a licence.

Any software needed would preferably be open-source.

To the best of my knowledge, you’re out of luck on this one. Making PHP ‘encryption’ is a business, and open sources solutions just won’t/don’t cut it as well (from the ones I found, it took me under 10 minutes to defeat them because all they really did was base64_encode the code, rotate it a few times, then eval the reversed process in order to execute the code. Replacing eval with echo made it trivial to defeat. The best one I saw used magic variables like __LINE__ in order to prevent this kind of thing, but was still pretty easily defeatable for any experienced PHP dev once you noticed this.).

IonCube is still pretty hard to defeat, you have to pay someone upwards of $5 – $8 per file to decrypt it. If you have a lot of files: this is a financial barrier. They also have licensing options so you can prevent the code being copy/pasted onto other servers and just run as-is.

You have two options:-

1. Learn to trust your clients.
2. re-Factor your software in a compiled language (Java, C# will do but they can be reverse engineered with comparative ease, C,C++ are pretty much impossible to reverse engineer but are not very good for WEB applications).

You should also realize that any reasonably competent programmer could probably reproduce your system only by observing its behavior without ever looking at your code.

Take a look at this new opensource project:

http://pecl.php.net/package/BLENC

BLENC is an extension that permit to protect PHP source scripts with Blowfish Encription.
BLENC hooks into the Zend Engine, allowing for transparent execution of PHP scripts previously encoded with BLENC.
It is not designed for complete security (it is still possible to disassemble the script into op codes using a package such as XDebug), however it does keep people out of your code and make reverse engineering difficult.