PHP: Remote Kill Switch – Make Sure You Get Paid

Web Developers: Have you ever gotten to the end of a project, and had a client withhold the last of your fee to exact additional changes or features that were not in the original plan? Perhaps a client that decided your work “wasn’t what we expected” and tried to withhold payment?

Well worry no more. Put the power back in your hands with a Remote Kill Switch. The idea is this: you build into their website a small function that checks with a server you control to make sure the client’s account is in good standing. If it is, the site loads as normal. If not, their site doesn’t load, and they get a message asking for payment.

We’ll accomplish this with a little PHP and a protocol called XML-RPC (remote procedure call). Your client’s server will transmit an XML encoded, unique string identifying itself to your server. Your server will check to see if that unique string is one you’ve specified as disabled. If there is a match, it responds with a XML encoded string telling the client’s server to disable the application.

Sound like something you’d want to implement? Here’s how it breaks down:

Part One: Your server. You’ll need a fairly reliable host, and a fast one at that. You don’t want to slow down the remote application load with requests to your server. However, the below code is set to continue loading the remote application even if it does not receive a response from your server, ensuring that downtime on your end does not cause downtime on their end.

Part Two: The code on your end. Also known as the RPC server. Create a new file and paste the following:

	require('XMLRPC.inc.php');
	function checkapp($the_app)
	{
		$deactivateMe = ""; // to disable a webapp, enter it's short code here
		if (isset($the_app) && $the_app == $deactivateMe)
			return true; // Application Disabled
		else
			return false; // All systems go
	}
	$server = new IXR_Server(array('activation.checkapp' => 'checkapp'));

You’ll also need to download XMLRPC.inc.php and upload it to your webserver in the same directory as the file you created above. You will need to change the file extension from .phpp to .php.

Part Three: The client code. Also known as the RPC client. Insert this code in your client’s site, preferably toward the beginning of execution:

	require('XMLRPC.inc.php');
	$appname = "UNIQUE_APP_SHORTCODE";
	$client = new IXR_Client('http://path_to_file_created_earlier.php');
	if (!$client->query('activation.checkapp', $appname)) {
		if($client->getResponse() )
		{
			die("Application Disabled. Please pay your web developer.");
		}
	}

Again, download XMLRPC.inc.php and upload it to the server in the same directory as the file you created above. This library is required both by the client to make the request, and the server to respond to it.

That’s it! If the client ever doesn’t pay you, and you want to shutdown the site you developed for them, just set $deactivateMe in Step 1 to the “UNIQUE_APP_SHORTCODE” you entered in the code in Step 3.

You can see that the above setup allows you to protect multiple web apps at once, just remember what shortcodes you assigned at what sites! I recommend keeping them in comments at the top of your XML-RPC server PHP file. However, a limitation of my code is that you can only disable one remote site at a time. I’m sure my code could be expanded to use an array that would allow you to disable multiple sites at once.

I realize that this is significantly more technical than my typical fare (which I will return to next post), but I hope it’s helpful to some people, if only as a demonstration. Feel free to rip my code apart in the comments, I’m sure I’ve left something out.

Disclaimers and warnings: You use the above code at your own risk. It is probably buggy and insecure (though it does work). I take no liability for any harm that should befall your data, your bank account, or your person as a result of implementing this idea. You should obviously remove the activation check as soon as the client has paid you for your work. It’s definitely unethical (and insecure) to leave this backdoor in place after you have finished the project. Also, this kind of system won’t work against someone who knows anything about how their site is programmed. But then again, those people probably wouldn’t be hiring freelance web developers would they?

About this entry

Title: “PHP: Remote Kill Switch – Make Sure You Get Paid”

Published:: 11.06.07 / 11pm

Category:: Projects, Technology, Web Design

Possibly Related Posts:

Comments RSS:

Trackback URI:: click

Other Links

Online Payday Loan

Imran

The file attached is undownloadable. I am quite interested to see this code in action. I think you have to name the name .phps or .txt or something else for people to download the file, and not execute it like a .php file. Thanks.

Bill DAlessandro

Imran,

Thanks for saying something. The file should be good to go now. Let me know if you have any further problems.

- Bill

John Deszell

Any ideas for an ASP application?

Bill DAlessandro

John I don't know ASP, but if you had access to a PHP host, you could leave
the "server" module unchanged, and you'd only have to rewrite the "client"
bit in ASP and work it into whatever final code you have...the HTTP
responses can still be understood by ASP I believe...

Niek

I've been in this bussines for 6 years now and I've never met any clients who did not pay(and yes I had some major disagreements with them). It is simply a matter of doing your job well and thoroughly. When you have a disagreement with a client you settle it, like adults, not with some nifty remote killswitch trick. I find this unethical.

Assuming you've probably documented the project scope, the clients needs and you gave regular updates to them about the project on which you received feedback(you communicate clearly and regularly with them). You also will have a legal agreement/sales contact or whatsoever which states scope, deadlines, mutual expectations and prices/payment.

This will avoid any "kill switch" constructions, backdoors and unethical control of clients property(the switch will still be in placeeven when a client has paid his bills). I personally find this bad webdevelopment practice.

Bill DAlessandro

Nick,

I agree - everyone would prefer not to resort to things like this. The unfortunate reality though is that some clients don't pay - I'm glad you haven't personally experienced it.

As I mentioned in the disclaimer in the post, any and all backdoor code should be removed as soon as a client has paid his final bill, and certainly before the site goes live.

Any technical measures are a safety net in case normal methods of recourse break down.

bcamp1973

Niek, you're very naive. I've been at this twice as long as you have and guess what, one day you'll understand. No matter how brilliant you think you are at handling a client, sometimes they're just a loser and nothing you do will help. Services are withheld for lack of payment every day. Try stopping payment on your phone bill and see what happens. This is no different.

eddy was here

the idea of this killswitch is pretty nifty.
Nice job.

although you'll probably have their ftp info
and can just remove the unpaid for content.

any laws/regulations on digital content that is on a clients server?
that would be interesting to read up on

Michael Little

I have to admit I have often thought about implementing a "fail safe" policy like this but fortunately never really felt I had a need.

There is of course a number of obvious issues with having this sort of thing in your code:

1. Unless you "kill switch" actually removes some critical part (or all) of the application it could easily be enabled by anyone that was slightly tech-savy.

2. Implementing the "kill switch" to prevent it being enabled again could potentially leave a big security hole (there's ways around this of course).

2. If your client ever found out about the "malicious" code (whether it was used or not) it would cause massive problems.

Melbourne web design

Agreed with the comments about this being unethical behaviour. If a client doesn't pay, it's probably due to bad project management, if it's not, then it's a matter for the law.

down

So if your server is down for some reason, all your clients's websites are down as well, asking for payment? way the go :)

Niek

Naive, maybe. I've had bussines conflicts with clients, I've had difficulties with getting my money but I still got paid within a couple of months.

I still maintain the opinion that when you do your stuff right and check your clients financial situation especially when you're talking about large amounts of money. You won't need something as unethical as this. Backdoors are bad programming practice. It's comparable to rootkits or DRM. You can't withdraw ownership from your client. It's a matter of bussiness and people skill. I'm not saying that the chances are zero to encounter lousy clients. You can always ultimately resort to legal action (that is if you have legal proof, which also helps with negotiating payment ;))

trs21219

i dont personally agree with a killswitch but i understand why. what i do is i only host the site on my servers until the payment is in full. then i move it over.

on another note. the code should default to allowing the site to run if it takes too long to contact your site or the site is not available.

Bill DAlessandro

If you'll read in "Part One" of the tutorial, you'll notice that the code is configured such that if it does not receive a response from your server, it will default to allowing the web app to run. It has to specifically receive the "halt" signal in order to disable the app. Thus, downtime on your end does not cause downtime on the client's end.

Again I'd like to reiterate - the killswitch is a safety net in case negotiations with the client break down. You should remove it as soon as you've been paid.

Dave

So far I've had two instances where I had problems with the client paying me. Not because I didn't do my job well enough, not because I didn't deliver in time, but simply because said client changed his mind and demanded me to 'obey' him, or I wouldn't get my money. I have a similar piece of code (somewhat obfuscated in a file that appears and is in fact part of the rest of the website) that achieves this remote kill switch also. I normally never implement it, but for these two instances I added the code after the problems occurred, and I felt like I was going to loose the money *and* the work already delivered.

I hate to go this far, and luckily I never actually had to disable any website (the threat alone worked), but to me in these 'worst case scenarios' it makes me a feel a bit better knowing that they can't just change their FTP info and call it a day, without ever paying me.

That said, you might want to change the warning message to display a more general warning. Even though you only save this as a last resort, it would be much better if possible visitors don't see this warning of the client having to pay you (which could ruin their business), but instead show a more general, please contact support or the like message.

Oh, and it would also help to not let the code talk with your server at *every* load. Maybe do it like wordpress does it's version checks; only 2 times a day (and in wordpress' case, only the admin panel does the checks).

Thanks for the post!

-Dave

Damon

(1) PHP is uncompiled. (2) the code, such as it is, would disable the site in the event that YOUR server is unreachable. Not cool, not ethical and not terribly clever, either. How about a simple DDOS attack. Much more fun to engineer, anyway. :)

Van

Interesting article. In order to protect yourself you may want to look into the legal issues more closely. At the very least I would suggest modifying your EULA or services agreement. to state that for licensing purposes software will validate itself against a license server to ensure that license is valid. In the event that license is not valid software may cease to function.

Enes

hahaha... that's really genius man :D
thanks for that

Rafyta

@Van: That's SO slick!

Paul

if the site has flash on the homepage, and top of every subpage, then you can simply have it load a swf from your server. If the swf isn't there, then nothing happens at all. If you have a client problem you can make the swf be whatever you want. It could be a link to your site, it could have a warning message, it could be just a few pixels for the client to notice.

adam

I tried it, but it did not work.
The site continued to run!

seye kuyinu

I think this is nice! For those who disagree with this. I believe this is just a tutorail meant to highlight some of the uses of XML RPC. And of course there are different types of clients AND THERE ARE DIFFERENT TYPES OF SERVICES THAT CAN BE RENDERED WHICH COULD MAKE THIS INVALUABLE!

Name

I'm looking for a simular thing, only... I'd like to reverse it. The client 'activates' the application and than is able to use it. (The activation code is only send when the payment is done)

BTW it's pretty easy to have this 'kill switch' disabled... Just a minimal techie changes:

if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die("Application Disabled. Please pay your web developer.");
}
}

Into:

/*
if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die("Application Disabled. Please pay your web developer.");
}
}
*/

And the code for 'disabling' is changed into 'comment' and thus not executed...

Also changing the if (...) into if (false) and again it has no affect...

dedcenter

Thanks! As a freelance web developer I've been looking for something like this for some time.

I've had personal experience of client's withholding payment for the full spectrum of possible reasons! In my opinion it is nice to have a kill switch option, but understand those that are worried by its ethical implications.

I've posted my approach at http://ajaxkillswitch.com

It demonstrates a VERY simple technique that takes advantage of jQuery's recently added cross-domain Ajax request functionality.

The advantage to the JavaScript Ajax kill switch is that it is independent of the server-side implementation. This makes it useful for even standard HTML websites.

Combination of the two methods (server and client-side) could be doubly effective ;)

Michael

Hello, this seems usefull, but what about if the client gives de code source on his side to a developer that removes from the system the client code? Then our switch will loose the effect?
Thank you.

Chris

Niek,

You mention it's not good to withdraw ownership from your client; last time I checked you don't own something until you've paid... this is where scripts like this come in useful.

I have experienced a number of clients who, despite my doing a very professional job, have basically been con-artists and ripped me off. Including clients who have changed their FTP passwords. To this end I've written my own "time-bomb" script which I can use to remove MY files from my clients servers should I need to. Once the client has paid, I remove my time-bomb and the protection is removed.

The point being, until the client has paid, they do not own the files I have developed for them and therefore I have the right to do as I wish with MY files.

Kurt

Something like this could be very handy if you have developed a digital product, such as a php application that is for sale, and the purchase was made, the application downloaded after payment, then the payment was charged back as a result of credit card fraud or other reason some weeks later. You could then disable the application for the fraudulent purchasers server, provided you collected the relevant details at the time of purchase. They shouldn't get to use the application if they haven't paid for it.

Ready Fire Aim

PHP: Remote Kill Switch – Make Sure You Get Paid

About this entry

Other Links

Comments

Most Popular

Newest Del.icio.us Links

Ready Fire Aim

PHP: Remote Kill Switch – Make Sure You Get Paid

About this entry

Other Links

<a href="http://billda.disqus.com/?url=http://www.billda.com/php-remote-kill-switch">View comments</a>Comments

Most Popular

Newest Del.icio.us Links

Favorite Links

Comments