Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

back doors for non payers

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

back doors for non payers

Postby ChrisSkidmore » Thu Mar 06, 2003 1:06 am

Hi,

I've been developing my first php sites as a freelancer and have a slight payment problem. I would like to give the client the site, as more work is promised, but I'm not over convinced he's going to pay!
I want to build a back door that will allow me to delete the database tables. Probably not ethical, but neither is not paying!

Only the admin area has a log in (htaccess) which can clearly be changed denying me access.

Can anyone please suggest the best method. Something that would not be noticable looking at the code (although they are not programmers), not make the site vunerable to attack from others until the point comes when I can remove it (when they have paid)

But grateful for suggestions[/quote]
ChrisSkidmore
New php-forum User
New php-forum User
 
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

Postby pootergeist » Thu Mar 06, 2003 2:55 am

personally I'd advise against removing db data unless you actually added the data yourself. even though you wrote the scripting behind the app, if they entered the data and you destroy that, the ball will be in their court when you get to court.

just knockout one of the main files (one that you wrote and own until paid for) if possible.

$killswitch = (time() > 12341323) ? rename('db_access.php','db_axess.php') : '';
// untested, should work tho. just renames the file whenever the page is called if a certain date has passed.

where 12341323 is the unix timestamp of the 'payment by...' date.

might want to call it something other than $here_be_the_kill_switch and just subtely rename an important file which you have script permissions for.
pootergeist
New php-forum User
New php-forum User
 
Posts: 191
Joined: Wed Jan 29, 2003 7:11 am
Location: UK

Postby ChrisSkidmore » Thu Mar 06, 2003 6:51 am

Many thanks for your suggestion and warning.
ChrisSkidmore
New php-forum User
New php-forum User
 
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

Postby azteck » Thu Mar 06, 2003 12:10 pm

I suggest you use an escrow payment system .So you can see if the webmaster paid you or not.If you put the script on his server an he knows a little php than a look over the code will ruin your efforts :(
azteck
New php-forum User
New php-forum User
 
Posts: 12
Joined: Sun Dec 15, 2002 3:54 pm

Postby ChrisSkidmore » Thu Mar 06, 2003 2:11 pm

Again thanks for the idea.
In Germany credit cards are not the norm - hence you can still buy things on the internet and be billed after delivery!
Putting these sorts of barriers between me and the client would probably result in me not having the client.
I come from UK where the idea of these payment systems would be easilly accepted, but here unfortunately not.
ChrisSkidmore
New php-forum User
New php-forum User
 
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

Postby Redcircle » Sat Mar 08, 2003 10:35 am

what I would do is develop the site on one of your servers and only upload finished product to his server once he has paid.
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Postby Unknown » Sat Mar 08, 2003 12:24 pm

Redcircle wrote:what I would do is develop the site on one of your servers and only upload finished product to his server once he has paid.


agreed then you have total control to kill it or let it live 8)
Unknown
New php-forum User
New php-forum User
 
Posts: 9
Joined: Mon Jan 13, 2003 10:33 am


Return to PHP coding => General

Who is online

Users browsing this forum: Google [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron