Being a solo freelancer doesn't mean you can't adopt the 'EULA approach'. Leave prominent copyright marks on code that is yours, and print the license and let your customer sign it on paper. On the obfuscation side, I wouldn't recommend you invest in this, simply minify the code and pack it in a PHAR, if you want a light and easy to distribute file. Note that if your customer is paying you to create the code, by default this is work-for-hire, and you do not own the copyright to this code, your client does. So any parts that are not produced under the assumption of work-for-hire should be negotiated explicitly and made clear to the client (through said signed license).
DeZender is the software that specially used for to decompile/decode PHP files encoded by Zend Encoder/SafeGuard, ionCube, or SourceGuardian. It mainly use cryptanalysis, decompressing and decompiling technology to decode an encoded PHP file into readable, executable PHP source code.
Anything else means you're basically giving up on your rights over that code. That depends where you live. Also it's likely if they are doing anything non-trivial they are using someone else code or wasting client time re-inventing the wheel, so it's questionable if a single coder should ever seek to stop others from updating their code. What happens if the product becomes a success, or they need someone else to work with? That person would spend much time unpicking their pickled code, unless they source control pre-pickled code.
It all sounds like a PITA and honestly I'm a fan of charging for anything that is a PITA, I can't charge myself so I wouldn't bother. Obfuscation is the most stupid thing ever. And not letting a customer to customize the app is the second. I were such a customer and this thing always drove me crazy. So I'd rather unobfuscate/decode that stupid app rather than submit to a whim of yet another paranoid user. Or just throw it away in favor of a way better free version. In my experience, the encoding/obfuscation is used mostly to cover the utter ugliness of the code.
Ok, if you are so strict, why not to keep the app on a server of your own? Leasing a service is a sane approach. Used all over the net, starting from Gmail.
That's different matter and nobody would complain. It can be a real pain in the ass when you buy a piece of software written for PHP 5.1 that is encoded and realize that you can not run that code on the supported version of PHP because the obfuscation loaders are not compatible (or do not exist for the current version of PHP) and the person/company that sold you the software are long gone (business shut down, people change carriers, die, etc.). Please be responsible and at least let the company that is paying you know and understand what that means for them in the long run. There are solutions like Zend Guard (I think I read somewhere it's discontinued?), Camouflage or SourceGuardian.
I am currently dealing with code that's encrypted by the latter, in that we are replacing an encrypted core framework. From the comments I read the consensus is pretty much 'Don't' and I agree. If your client wants to change configuration, you should let them. You don't want to be bothered for every little config change they do. If they do stupid shit and break something, you charge them to fix it.
![That That](http://websites-img.milonic.com/img-slide/420x257/u/unzend.com.png)
Simple as that. When you give them an encrypted codebase you will just annoy the shit out of them and most likely lose any chance of keeping them as customer or even referring others to you. For instance when they want to upgrade to PHP 7, they probably can't. Another project on the same server requires an extension that conflicts with your encryption stuff, bad luck. A library you use releases a new version, well you better hope it doesn't break BC, because otherwise segfault. They won't see this as necessary evil caused by the encryption solution - and it isn't, it's you intentionally fucking with them - and ask you to choose something else or fix it for them.
They will be pissed at you, see it as shoddy craftmanship and probably never return or recommend you to anyone again. They won't be able to provide you with meaningful errors when something bad happens that is not covered by your exception handling, because the application does not throw a 'fatal at line x' or an exception it will seg-fault (in my experience).
Which is not only bad for you, because you can't just look at the code you painstakingly have to reproduce the bug when you are charged with fixing it, it will frustrate your customer, which will pretty much eliminate any chance of you getting a follow up contract. Even if nothing goes wrong. You have to maintain these things, even when you moved on to other frameworks and other stuff. Ever had a project you really hated and wished people stopped using, but they were to cheap to switch or it was too much of a hassle for them. You did this work for cheap, you can't really raise the price because they will be pissed at you - see no more money from them and their (business) friends, which is most likely how you get jobs as a freelancer - so you have to spend time fixing shit you would rather just throw away.
The only way to get out from it, is going 'hey I'm busy, but I know someone'. Oh wait they can't fix it, because they can't access the source. Other points to consider: What if you lose the unencrypted source (backups crash)? That business might be angry (as in sue you) if they can't modify or add stuff. As already mentioned, the safest bet if you don't want them to get the code and fuck things up, is host it yourself.
If that's not an option and you develop an on-premise product for them, it's theirs. Be professional, deliver good work and they will keep giving you money instead of messing with it and even refer you to their friends. As a freelancer you should probably approach your projects with the current devops mentality: cattle, not pets. I have been freelancing for the past 7 years, with over 150 clients now, and I NEVER had to obfuscate my code. If your client pays for it, they should own the copyright unless you agree otherwise.
If some parts of your code is reusable, I'd rather make it a library and open source it. Then, add that library as a dependency.
Even if you manage to obfuscate, it is pointless because this is PHP we are talking about. SaaS is a better approach. You can automate most of the server provisioning, monitoring, scaling, etc now.
Running a service is not that hard, and you'll have a steady income stream after that. Your client is paying you to write their software. If they want to go in and tinker with something they've purchased, they're perfectly welcome to do that. You're also perfectly welcome to charge them extra (1.5x your normal rate is a good start) to unfuck everything if they take it upon themselves to start changing code around. You're not giving yourself job security by obfuscating the codebase. You're just making it unnecessarily hard on everyone - including yourself - to maintain it.