Ready Fire Aim - Latest Comments in PHP: Remote Kill Switch – Make Sure You Get Paid

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Brad Metcalf — Mon, 16 Sep 2013 20:13:42 -0000

I have had a major chain (300 plus stores) reject final payments once we handed over the project. Obviously we accepted money to start the project and some money during development. But the bulk of it was rejected as soon as they got the working build of the system. We, the development firm, were timely and professional. But for an established company they had some shady division head try to take advantage. (Which is more unethical than us using scripts to ensure agreed upon payment.)

Had we not put in custom in-house obfuscated code that verified timestamp of an overdue payment and server IP we might of lost thousands of dollars worth of man hours we put into the project. Luckily doing a process like this got the client to pay up and we updated the system to not include this code. They claimed they simply lost contact and we rejected payments. Yet, this is not what happened and we were notified same day the code took their system off-line to the same phone number we been telling them to contact us at.

So yes, this type of thing DOES happen. Not all the time. But it does weather the client is big or small and has no baring on how "right" we do things.

In the end such code is removed upon successful payment. But we have recovered thousands of dollars and many meals for our families by putting in such a safety net.

It's like providing someone a car. If you do not pay for it. The loaner tries to recover. It is not ethical to keep the car you did not pay for. And it is unfair to the loaner. This is no different. Especially considering the hours developers can put into a project.

I feel much better putting in such code and not going broke over such abuse. However, it is clearly stated in our contractual agreement our services and products could be revoked / suspended due to non-payment.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Joshua Micheal — Fri, 19 Jul 2013 22:03:50 -0000

Or you could just keep the code on your own server until they pay.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Bill DAlessandro — Mon, 08 Oct 2012 13:50:18 -0000

So glad to hear it Ilya, way to stand strong. This is exactly the situation this code should be used for - when the client refuses to pay. Glad I could help!

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Ilya — Fri, 05 Oct 2012 18:10:22 -0000

Bill, you are the man, your trick just saved me $500. As a web designer, I find the bulk of my business on craigslist, though most people are ethical and all, there are a sizable amount of bad apples who spoil it for the rest. In this particular case, A client called me off of my ad on craigslist, we talked over the phone and agreed on $600 for the project. I of course took $100 as a deposit, and then began my work. The site was finished and up within a few days. I called the client, and they said they liked it, but they needed to run it by their partner, and they would call me back. They didn't (surprise - surprise). I then started pummeling them with phone calls, no answer. I then called from Google voice, they said they were in a meeting and would call me back, they didn't. So then I sent them an email telling them if I did not receive payment within 3 days, they site would be shut down (they changed the passwords btw). So after 4 days (I am a nice person, so I thought I would give them a grace period), I hit the kill switch. 3 hours after hitting the kill switch, the guy called me and started cursing me out. Speaking calmly, I first reminded him of our agreement that he would pay $100 up front, and $500 upon completion. Then I reminded him of 20 or so times I called him and got ignored, plus I mentioned the email. He then told me what I was doing was unethical, then I reminded him that a thief is one to talk about ethics. In the end I simply told him, "The site will be back up the minute I get paid", of course he kept bickering, but I just stuck to the bottom line. and after 5 or so times of repeating myself, I told him, "I think I made myself perfectly clear, you know what you need to do to get your site back up, goodbye", and hung up. I saw $500 in my bank account later that night :)

For those who see something wrong with this, you need to remember, until your client fulfills his/her contractual obligations (mainly paying for the freaking site), the site is YOURS. Once they pay, you can just remove the code. Plus, what is worse, putting in a code to safeguard against non-payment, or screwing hard working individuals out of their money?

P.S. I do keep this method as a last resort, and absolutely HATE doing this. But if they want to play hard, I am more than capable of playing harder.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Adedayo Adeniyi — Wed, 07 Mar 2012 11:34:42 -0000

Well, Melbourne web design, what will be your next step when the law sides with the moneybags, and not you the web designer? This is common in my country, Nigeria.

Despite excellent project management, on-time delivery, signed agreements, some companies just love to owe.Bill, this killswitch is the answer to my worries. Thank you very much for sharing.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Bryan — Tue, 06 Mar 2012 07:20:03 -0000

I know this is a long time ago, but thanks for that! I couldn't figure it out either but that did it.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Bill DAlessandro — Fri, 20 Jan 2012 15:19:04 -0000

Robert - obviously you shouldn't remove the code until you have the funds secured. Still, you can never be fully protected if someone is actively trying to defraud you - in that case, you should take it up with your credit card processor.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Robert — Thu, 19 Jan 2012 13:08:20 -0000

Hi, what if they live in China and pay their bill with a credit card, but then they do a charge back? If you remove the code after they pay, then what is the use if they do a charge back?

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Ben Duffin — Mon, 12 Dec 2011 11:40:06 -0000

Excellent! I had already written something similar myself several years ago that also incorporates unique serial key checking and application / module updates and version control.

My new employer is using it to handle User Authentication over the new CMS I have written for them - although many other PHP developers are looking down on me for attempting to lock down the 'Open Source' PHP!

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Bill DAlessandro — Thu, 13 Jan 2011 13:52:29 -0000

Thanks for the kind words - glad I was able to help :)

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Logged1065 — Wed, 12 Jan 2011 19:43:30 -0000

Thank you for taking the time to create this! I've got a situation where I am writing code on a client's server and there is a chance that once I'm done, he may change the passwords(I don't know him well, and the project is comission based), so this is perfect for my situation. I know you have come under fire for this, but I wanted to express my appreciation for your time :D

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Bill DAlessandro — Thu, 11 Nov 2010 13:35:27 -0000

Yes, you can also accomplish this with CSS. Checkout the tutorial here: http://csskillswitch.com/

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

web design miami — Thu, 11 Nov 2010 11:02:37 -0000

doesnt CSS have a killswitch like this too?

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

visitor23 — Wed, 18 Aug 2010 17:52:56 -0000

One suggestion:

The action which happens once the app is enabled is determined on the client side:

die("Application Disabled. Please pay your web developer.");

I think this action should be moved to the server side. It would give the developer more control over the action.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

visitor23 — Wed, 18 Aug 2010 17:48:17 -0000

It took me a long time to get this to work successfully. The only way it would function is if I remove the exclamation mark in the client code on line 4:

Before:
if (!$client->query...
After:
if ($client->query...

I am not sure why this works. Could you please advise if this a suitable fix?

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Karri — Mon, 24 May 2010 17:20:40 -0000

Instead of selling your code you should consider providing a license. With a license you can maintain full control over your work and ability to revoke, suspend it at will.

After many years of coding I have managed to accumulate a sizable code library. I always provide a software license. If asked, I tell them my many years of experience, the library and why I license. By reusing code I can also work faster, cheaper with solid results.

As more time passes, the less inclined someone is to pay. There is nothing unethical about suspending a site as long as it is part of the contract. I am currently dealing with a client that is 2-weeks late on his bill. Not all clients are honest so I prefer to be prepared just in case. 30 days overdue is my limit.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Sir_Tanly — Sun, 09 May 2010 16:59:51 -0000

It seems that the existence of this code should be a part of your 'standard' agreement ... agreed to by the client ... before work begins. If they won't agree to it, either don't start or take the chance and don't include the code. Business is about managing risks. Use good judgment and manage this one.

In this case, you'll have to more finely arrange the deliverable / payment schedule so there is a dramatically reduced possibility of you being left to flap in the breeze.

The reason I say this is because of the legalities concerning disabling code on some else's computer. I'm pretty certain that this is frowned on. If they simply change your password and this code fires off, you have circumvented their security. Right?

In fact, that is the precise purpose of this code.

I can see a web developer or two doing a slow roast on the spit of justice.

Document, document, document, sue.

But don't break the law or you'll not only end up not getting paid for this work, but you'll lose out on future work while you are in the can and for a long time afterward.

Be careful, kids; it's a jungle out there.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Omer — Tue, 02 Mar 2010 14:46:33 -0000

GENIUSSSSSSSSSSSSSSSSSSSSSS! thank youuuuu!!!!

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Edward — Fri, 19 Feb 2010 07:19:10 -0000

Hi, just an update on my previous Ajax killswitch post. Version 2, which is a bit smarter is now written up.

http://menacingcloud.com/?c...

Thanks!

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Vishnu Haridas — Fri, 19 Feb 2010 05:32:07 -0000

Yes, This is sometimes really needed one!
But, if the client approaches some other PHP developer, then he/she can locate this code and possibly remove the code.

What i have done once is, just create a "info.php" file and put some message in it under the variable name "$my_msg" or something.; after that, do this:

if(md5(md5($my_msg))=='5d41402abc4b2a76b9719d911017c592') {

Note that I haven't closed the brace opened.

Then include it in "index.php"

After that I will write all the HTML codes, CSS, and other includes. The index.php will include many other PHP files, and it may go into 3 or 4 levels of include. And I will put the closing brace for the above code somewhere in the include files, just mimicking like a for-loop close brace.

Now, If they edit the variable $my_msg, then MD5 changes, thus no-output! OK, they may change the condition in the if-condition. So I will write a complex set of 3-4 if-conditions.

Then, if they remove the if-condition, then the closing brace throws an ERROR.

Probably, after a set of trial-and-error, the new developer will go away...!

The real idea is in the MD5 and the BRACES BALANCING.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Kurt — Mon, 18 Jan 2010 21:21:09 -0000

Something like this could be very handy if you have developed a digital product, such as a php application that is for sale, and the purchase was made, the application downloaded after payment, then the payment was charged back as a result of credit card fraud or other reason some weeks later. You could then disable the application for the fraudulent purchasers server, provided you collected the relevant details at the time of purchase. They shouldn't get to use the application if they haven't paid for it.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Chris — Thu, 17 Dec 2009 04:38:49 -0000

Niek,

You mention it's not good to withdraw ownership from your client; last time I checked you don't own something until you've paid... this is where scripts like this come in useful.

I have experienced a number of clients who, despite my doing a very professional job, have basically been con-artists and ripped me off. Including clients who have changed their FTP passwords. To this end I've written my own "time-bomb" script which I can use to remove MY files from my clients servers should I need to. Once the client has paid, I remove my time-bomb and the protection is removed.

The point being, until the client has paid, they do not own the files I have developed for them and therefore I have the right to do as I wish with MY files.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Michael — Fri, 25 Sep 2009 07:05:39 -0000

Hello, this seems usefull, but what about if the client gives de code source on his side to a developer that removes from the system the client code? Then our switch will loose the effect?
Thank you.

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Edward — Mon, 07 Sep 2009 01:25:23 -0000

Thanks! As a freelance web developer I've been looking for something like this for some time.

I've had personal experience of client's withholding payment for the full spectrum of possible reasons! In my opinion it is nice to have a kill switch option, but understand those that are worried by its ethical implications.

I've posted my approach at http://ajaxkillswitch.com

It demonstrates a VERY simple technique that takes advantage of jQuery's recently added cross-domain Ajax request functionality.

The advantage to the JavaScript Ajax kill switch is that it is independent of the server-side implementation. This makes it useful for even standard HTML websites.

Combination of the two methods (server and client-side) could be doubly effective ;)

Re: PHP: Remote Kill Switch – Make Sure You Get Paid

Name — Fri, 04 Sep 2009 04:52:00 -0000

I'm looking for a simular thing, only... I'd like to reverse it. The client 'activates' the application and than is able to use it. (The activation code is only send when the payment is done)

BTW it's pretty easy to have this 'kill switch' disabled... Just a minimal techie changes:

if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die("Application Disabled. Please pay your web developer.");
}
}

Into:

/*
if (!$client->query('activation.checkapp', $appname)) {
if($client->getResponse() ) {
die("Application Disabled. Please pay your web developer.");
}
}
*/

And the code for 'disabling' is changed into 'comment' and thus not executed...

Also changing the if (...) into if (false) and again it has no affect...