I think, perhaps, you've done your business planning all the wrong way around. This is the sort of thing you should have figured out before doing something that "took ages." In general you've picked up a particularly hard problem. The short answer (which is all I'm inclined to write right now) is that you have a choice - either encrypt the program and don't allow access to it without a key or just put some technical barriers in place but nothing that ultimately prevents access.

Before going on I want to note that your PHP code isn't encrypted - it's just compiled. This distinction is important because the rest of this note relies on this information. Its like the difference between a novel published in two languages. You may only be able to read one copy but that doesn't mean that someone else can't read both.

The first choice - encryption looks like this: your customer may download the program but it is unuseable without the key. Once you give your customer the key then you've allowed them to unlock a "safe" and get a novel out (of whatever language). At this point the user may or may not futz with their copy or do whatever they want. The point is once a program is useable it is also readable and modifiable.

The other way to go acknowledges that security is impossible and just attempts to make life hard on the potential user. I'm not inclined to help you with this part but I will give you a pointer to the ACME:: namespace on CPAN. There are a few modules that may help with your source-code-obfuscation endeavor there.

Seeking Green geeks in Minnesota