Jump to content

How to code a patch for a PHP application?


Go to solution Solved by ignace,

Recommended Posts

Hi,

 

I have developed a small PHP and MySQL application that people can download from my website and install on their websites.

 

Obviously I will be improving this application with more features and bug fixes. My question is how do I go about updating others applications installed on their websites, by offering them "new updates available" link?

 

I was thinking to ask them to download the whole application again and upload it to their server. This new version will include an 
"update script" thorugh which database updates (table structure changes etc.) can be performed.

 

Whats the best way of doing it?

 

Appreciated..

 

Edited by akrashdi

so basically you are asking how to put a backdoor into the application? why on earth would you want to do this? 

 

basically off the top of my head (pseudo code)

 

insert this line into whatever error div you have, say its called $e

$current_ver = "1.0.1.9";

if (new_ver_available($current_ver) === true) {

echo '<div id="e"> a new version is available. click <a href="">here.</a> to upgrade.</div>';
}

function private new_ver_available($current_ver,$external_ver){

$dbOptions = array(
	'db_host' => 'ip of db you want to connect to',
	'db_user' => 'user for the db',
	'db_pass' => 'password',
	'db_name' => 'name of db'
);

your db connect script goes here(eg mysqli_connect ....)

your iteration logic here eg. (for int=0 $i...)

if ($current_ver === $external_ver)//absolute match of boolean
{
return false;
}else{
return true;
}

 

Actually the title of this post went with a little typo. It should be 

How to code a patch for a PHP application?

 

People who install my PHP application on their websites, how can I update that application with new version?

 

In other words, how should I create patches for my (PHP+MySQL) application that people have installed on their websites.

Basically your script would call a script on your server, passing the version number. Something like:

 

$latest_version = file_get_contents('http://yourdomain.top/get-latest-version.php?version=' . $current_version);

switch (version_compare($latest_version, $current_version)) {
  case 0: // equal
    echo 'You have the latest version';
    break;
  case 1: // newer
    echo 'Update to version ' . $latest_version;
    break;
}
To get the update patch is a little more difficult. Assuming you use git and tag your releases with the version numbers you can:

 

$version = $_GET['from_version'];
$filename = $_GET['filename'];

// validate $version and $filename

exec('git diff --name-only ' . $version . ' HEAD', $output);

// iterate over $output to get all $changed_files
$temp = tempnam('/tmp', 'zip_');

$zip = new ZipArchive();
if ($zip->open($temp)) {
  foreach ($changed_files as $file) {
    $zip->addLocalFile($file);
  }
  $zip->close();
}

// send it as a download
header('Cache-Control: private');
header('Content-Disposition: attachment; filename=' . $filename . '.zip');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . filesize($tempnam));
header('Content-Transfer-Encoding: binary');
readfile($tempnam);
The calling script then unzips the file and overwrites all files. Updating the database is a little more tricky. Your script would need to know how the database "should" look to be able to generate the alter table statements, you can do this using Doctrine's DBAL which allows you to define your tables in PHP code and then run a diff against the actual database to get the needed changes or you can try write it yourself:

 

$tables = array(
  'table1' => array(
    'fields' => array(
      'field1' => array('mysql' => 'INTEGER UNSIGNED NOT NULL AUTO_INCREMENT', 'sqlite' => '..', ..),
      ..
    ),
    'indexes' => array(
      'index1' => array('..')
    ),
  ),
  'table2' => array(
    ..
  )
);
then iterate over each table, does it exist? if not, create the table and the fields and it's indexes otherwise iterate over all fields and indexes.

 

If you come across a field that does not exist in the fields array then delete it, if the field is not in the database, create it, if it exists check if the definition matches. update if it doesnt.

Edited by ignace

Nicely explained, 

 

So, someone else's website running my application will get a ZIP file of the new version from my website. A script within the application will UNZIP that file and overwrite existing application files with it. Then the database script will run SQL queries that will modify table structure of the database as needed.

 

Please correct me if I misunderstood it. 

Edited by akrashdi
  • Solution

That's correct. Of course there are some things to consider when doing this, like you should block all incoming traffic and refer them to a maintenance page. You should keep track of changed files and the changes to the database should be possible to be reversed.

 

So it's best to leave the decision of updating to the user and deleting database fields should be avoided.

Edited by ignace
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.