Laravel with ioncube and encoding

Question

I work on Laravel framework for a short time, after finishing the website, I willing to encode it using Ioncube - but I face the problem where Ioncube can't translate the blade template engine code to PHP code before encoding and output the code as HTML normal text.

Answer 1

Laravel's blade template files are not real PHP code, therefore the ionCube Encoder cannot encode them properly; however, the Encoder also offers file encryption which might help in your case, but it does require a bit of a setup:

1. In Laravel, modify the module that reads in the Blade template files, replacing file_get_contents(<blade template files>) with ioncube_read_file(<blade template_files>).

   In my Laravel 4 installation, it seems like the file responsible for loading and compiling Blade Templates can be found in vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php, line 62: $contents = $this->compileString($this->files->get($path));.

   Here, $this->files->get($path) is 'just' a file_get_contents($path) with some error handling - you may find this function in bootstrap/compiled.php. However, you should be able to replace the line in BladeCompiler.php with:

   $contents = $this->compileString(ioncube_read_file($path));
   

   or (if you used a passphrase):

   $passphrase = "<my passphrase>";
   $contents = $this->compileString(ioncube_read_file($path, $is_encrypted, $passphrase));
   

   Please do note that you might want to make sure that the passphrase is secure within the file. You can find more information on these functions in the User Guide on page 54.

2. To get ioncube_read_file working, you will need to encode the modified module. Furthermore, encode the rest of your application with the exception of your Blade template files.

3. Encrypt (not encode!) your Blade template files, typically ending in .blade.php, and - if you use a passphrase - make sure it matches the one used for ioncube_read_file.

Please also keep in mind that this will generate standard PHP files from your encrypted ones, since the file is compiled and written back to the cache as plain text. If you want to change that it might be worth looking into the User Guide, p. 54 and override / extend the appropriate methods bootstrap/compiled.php such as get and put to detect if a file is encrypted, and to write an encrypted file if needed.

I should also mention, as this question is regularly asked on the ionCube HelpDesk: Despite all the encoding and encrypting, the HTML and JavaScript code will be displayed raw for all clients to see. I only mention this because it is a lot of effort to protect your Template files, which do consist in most cases mostly of HTML code. It does make any modification really hard (such as logo removal), but such things may also be achieved with some custom CSS.