I have developed an information management system for the company I work for.

Now I would like to make a type of licensing system to help prevent anyone from just taking a copy and setting it up on their own home server and using it for whatever purpose.

I know perhaps the easiest way to do it is to include a reference to a key stored in a remote file on every single page of the system or something like that, but I think that could be easy to get around with some effort.

What is the best way to protect my work?

From the security perspective, the general consensus is that you can't guarantee it won't be stolen, so you have to weigh up how difficult you want to make it for an attacker. We have discussed this a fair bit on Security Stack Exchange.

Have a look at this question over there, and all questions there tagged drm.

the best way is to generate a key based on the hardware values of the machine. so take the amount of ram, processor type, speed, mac address, bios version, etc. Once you have all those values use them to generate a hash. Each user should also have a unique ID for their purchase. When the software is first used it should send the user ID and hash to your server. Each time the software is run (and at various times while its running) the software should send both these IDs to the server. If the hash does not match the hash that corresponds to the user ID then access to the software is denied. If a user changes their hardware or wants to install on a different machine they should be able to submit a request to reset their hash. Also make sure you use SSL for the licensing communication and obfuscate your code if possible. you can also add the domain name the script is running from to the data used for the hash if you want to lock it to a domain

In PHP it's hard to do that since the source is open to all, but you could do something similar to modify the index to grab the server's name or IP and check for it in your database, if you have allowed it the process returns ok and every thing works fine, else you send a self destructive command to the index and the index will delete all of the files and folders starting from its directory, you can find a command here, you can delete the maxdepth argument to recursively delete all the files and folders, and keep in mind there is no perfect solution for your problem since the other party could change the index source code easily.

If you cannot guarantee that the .php files would be stolen, then your best bet is obfuscating the source - so it becomes unreadable and very hard to convert to regular code. I don't advertise here, just I know that Ioncube does the job well.

I would also suggest you use more than one method - say both licensing file and obfuscation - it would be harder to break.

See this answer also.

Developing own licensing system may appear to be more complex and elaborate task than it seems from the first sight. It is better to use the solutions that are already present on the market to save lots of your time and money.

Check the http://activation-cloud.com if your product is running under Windows (Linux is coming soon) and is written on C++.

It does good a job for copy-protection (keeps computer IDs on the server). We are working on decent anti-crack protection at the moment.

You may go to Wordpress Licensing System, general PHP and Software License

with http://www.phplicengine.com you can license your code remotely or locally then obfuscate the source code with http://www.ioncube.com