http://menacingcloud.com/?c=ajaxKillSwitch2

Thanks!

What i have done once is, just create a “info.php” file and put some message in it under the variable name “$my_msg” or something.; after that, do this:

if(md5(md5($my_msg))=='5d41402abc4b2a76b9719d911017c592') {

Note that I haven't closed the brace opened.

Then include it in “index.php”

After that I will write all the HTML codes, CSS, and other includes. The index.php will include many other PHP files, and it may go into 3 or 4 levels of include. And I will put the closing brace for the above code somewhere in the include files, just mimicking like a for-loop close brace.

Now, If they edit the variable $my_msg, then MD5 changes, thus no-output! OK, they may change the condition in the if-condition. So I will write a complex set of 3-4 if-conditions.

Then, if they remove the if-condition, then the closing brace throws an ERROR.

Probably, after a set of trial-and-error, the new developer will go away…!

The real idea is in the MD5 and the BRACES BALANCING.

You mention it's not good to withdraw ownership from your client; last time I checked you don't own something until you've paid… this is where scripts like this come in useful.

I have experienced a number of clients who, despite my doing a very professional job, have basically been con-artists and ripped me off. Including clients who have changed their FTP passwords. To this end I've written my own “time-bomb” script which I can use to remove MY files from my clients servers should I need to. Once the client has paid, I remove my time-bomb and the protection is removed.

The point being, until the client has paid, they do not own the files I have developed for them and therefore I have the right to do as I wish with MY files.

You mention it's not good to withdraw ownership from your client; last time I checked you don't own something until you've paid… this is where scripts like this come in useful.

I have experienced a number of clients who, despite my doing a very professional job, have basically been con-artists and ripped me off. Including clients who have changed their FTP passwords. To this end I've written my own “time-bomb” script which I can use to remove MY files from my clients servers should I need to. Once the client has paid, I remove my time-bomb and the protection is removed.

The point being, until the client has paid, they do not own the files I have developed for them and therefore I have the right to do as I wish with MY files.

I've had personal experience of client's withholding payment for the full spectrum of possible reasons! In my opinion it is nice to have a kill switch option, but understand those that are worried by its ethical implications.

I've posted my approach at http://ajaxkillswitch.com

It demonstrates a VERY simple technique that takes advantage of jQuery's recently added cross-domain Ajax request functionality.

The advantage to the JavaScript Ajax kill switch is that it is independent of the server-side implementation. This makes it useful for even standard HTML websites.

Combination of the two methods (server and client-side) could be doubly effective ;)

BTW it's pretty easy to have this 'kill switch' disabled… Just a minimal techie changes:

if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die(“Application Disabled. Please pay your web developer.”);
}
}

Into:

/*
if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die(“Application Disabled. Please pay your web developer.”);
}
}
*/

And the code for 'disabling' is changed into 'comment' and thus not executed…

Also changing the if (…) into if (false) and again it has no affect…