Viewed   134 times

I use Haxe to generate PHP code. (This means you write you code in the Haxe language and get a bunch of php files after compiling.) Today a customer told me that he needs a new feature on a old project made with Haxe. He also told me that he altered some small things on the code for his own needs. Now I first have port his changes to my Haxe code and then add the new feature, because otherwise his changes will be overwritten by the next time I compile the project.

To prevent that this happens again I am looking for some kind of program that minifies / obfuscates the PHP code. The goal is to make the code unreadable / uneditable as possible.
The ideal tool would run under Linux and could process whole folders and all it containing files.

Anybody any suggestions?



I agree with the comment, what you are doing is very underhanded, but after 10 years in this biz I can attest to one thing: Half the code you get is so convoluted it might as well have been minified, and really function/var names are so often completely arbitrary, i've edited minified js and it wasn't much more of a hassle than some unminified code.

I couldn't find any such script/program, most likely because this is kind of against the PHP spirit and a bit underhanded, never the less.

First: Php isn't white space sensitive, so step one is to remove all newlines and whitespace outside of string.

That would make it difficult to mess with for the average tinkerer, an intermediate programmer would just find and replace all ;{} with $1n or something to that effect.

The next step would be to get_defined_functions and save that array (The 'user' key in the returned array), you'll need to include all of the files to do this.

If it's oo code, you'll need get_defined_classes as well. Save that array.

Essentially, you need to get the variables, methods, and class instances, you'll have to instantiate the class and get_object_vars on it, and you can poke around and see that you can get alot of other info, like Constants and class vars etc.

Then you take those lists, loop through them, create a unique name for each thing, and then preg_replace, or str_replace that in all of the files.

Make sure you do this on a test copy, and see what errors you get.

Though, just to be clear, there is a special place in hell reserved for people who obfuscate for obfuscation's sake.

Check out: get_defined_functions get_declared_classes and just follow the links around to see what you can do.

Saturday, November 26, 2022

I put together the following list a ways back - don't know if they are all current, or how many are now free, but you should find something useful here:


  1. Wikipedia article: PHP Accelerator
  2. Comparison of APC, Zend, xCache, & the Zend Framework


  1. Safeyar (Best)
  2. PHP's APC (PECL page)
  3. RoadSend
  4. Turck-mmcache
  5. eAccelerator
  6. PHP-Accelerator
  7. SourceGuardian
  8. NuSphere Nu-coder
  9. Gridinsoft
  10. IonCube SA-Encoder.php

Another thread on SO that adds a few more (check it out):

Can I encrypt PHP source or compile it so others can't see it? and how?

  1. Zend Guard
  2. BCompiler (PECL page)
  3. PHC
Monday, December 5, 2022

If I'm not mistaken uses token_get_all() and then rewrites the stream. It uses heaps of methods like t_else and t_close_brace to output each token. Maybe you can hijack this for simplicity.

Friday, November 18, 2022

Symfony does this (at least the 1.x series I am used to). I should think version 2.0 also does, under either Doctrine or Propel (and both of those will work with MySQL).

Sunday, November 20, 2022

Under Windows it seems that files in vendor/bin are actually batch files, invoking the original file (and not php files which phpdbg will understand).

In this case:

dir=$(d=${0%[/\]*}; cd "$d"; cd "../phpunit/phpunit" && pwd)
"${dir}/phpunit" "$@"

i.e. ../phpunit/phpunit/phpunit (this path is relative to vendor/bin); thus the actual file is at vendor/phpunit/phpunit/phpunit.

And you can invoke it directly via phpdbg -qrr vendor/phpunit/phpunit/phpunit then.

Friday, December 23, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :