Jump to content

Recommended Posts

Hi all

I'm currently in the process of actually finishing off a back-end recruitment package for a client. The problem is, my main job is being the owner of a competing recruitment company, so I am limited to how much of the scripts/data/passwords etc I can access once I 'hand over' the full system. So I can't just keep an FTP account for me to do the updates - once I've handed over the package and they start inputting their data, that's it.

However, my client is still going to need updates to the scripts now and again, as I'll be developing the package further for other clients.

So my questions (and apologies for not posting code to pick apart, as I'm firstly after a little guidance) - what would be the best way to offer script updates to my clients? Remember, the people I deal with aren't necessarily going to be computer literate, so aren't going to want to deal with FTP/uploading, etc. The process ideally will be an option within the web application that says 'Update', which will automatically deal with the uploading and overwriting of the relevent files, etc.

1) is this possible?
2) has anyone here actually done anything like this before?
3) is there an easier way?

However complex it may be for me to implement, the MOST important thing is my client can just 'click and update'. A few pointers in the right direction would be fantastic.

Cheers

Mark
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/
Share on other sites

I personally would crate an updater in the package that you supply.

Have a link to check for updates that connects to your site. Pass the root url of the customers site to a script on your site that checks against a databse of the last time they updated. If there are new updates pass back an array of files that are to be updated and allow their server access to teh folders on yoru server to copy teh files over directly.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19039
Share on other sites

[!--quoteo(post=356656:date=Mar 20 2006, 03:52 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Mar 20 2006, 03:52 PM) [snapback]356656[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I personally would crate an updater in the package that you supply.

Have a link to check for updates that connects to your site. Pass the root url of the customers site to a script on your site that checks against a databse of the last time they updated. If there are new updates pass back an array of files that are to be updated and allow their server access to teh folders on yoru server to copy teh files over directly.
[/quote]

hmm ok, so would it be best that i sent the guy an 'update' package and for him to use a HTTP upload script to upload and let the installer script deal with it? or is their a way that i can securely pass PHP files directly from my server to his, directly overwriting the old files? and just dealing with the permissions as it goes along?
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19041
Share on other sites

[!--quoteo(post=356672:date=Mar 20 2006, 04:57 PM:name=ober)--][div class=\'quotetop\']QUOTE(ober @ Mar 20 2006, 04:57 PM) [snapback]356672[/snapback][/div][div class=\'quotemain\'][!--quotec--]
There are a few options to consider...

FTP, Sockets... Both would probably do what you want.
[/quote]

which would be the best way without either his site having my passwords to access my files or vice versa? do you have a php function that i could look up that would be a start?

like i say, i can't have his ftp passwords and he can't have mine, but ultimately the scripts on his server will need to be updated. if i can find a non-password way of exchanging files, then i'm sure i can do the rest in terms of securing it so other people can't get my scripts.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19055
Share on other sites

If your host allows you to setup multiple FTP accounts, I don't see how having your "secondary" FTP account info on his server would be a problem. You could setup a subdomain on your hosting or a seperate area where the secondary FTP can only access that area.

I wouldn't keep his info on your site, but I'd have no problem keeping "update ftp info" on his site.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19062
Share on other sites

[!--quoteo(post=356680:date=Mar 20 2006, 05:47 PM:name=ober)--][div class=\'quotetop\']QUOTE(ober @ Mar 20 2006, 05:47 PM) [snapback]356680[/snapback][/div][div class=\'quotemain\'][!--quotec--]
If your host allows you to setup multiple FTP accounts, I don't see how having your "secondary" FTP account info on his server would be a problem. You could setup a subdomain on your hosting or a seperate area where the secondary FTP can only access that area.

I wouldn't keep his info on your site, but I'd have no problem keeping "update ftp info" on his site.
[/quote]

hmm ok so there's definitely one way to explore. noted.

you mentioned sockets. if i opened a socket to my 'updates' area on my site, how would i return a pure php script file? the way i'm thinking would be to have a script on his site that would open a socket to a script on my site, which in turn opens a php file and returns it 'as is'. on the script on my site, do i need to use functions such as fopen, fgets, etc to get my php file ready, or is their a better way?
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19066
Share on other sites

[!--quoteo(post=356700:date=Mar 20 2006, 06:35 PM:name=ober)--][div class=\'quotetop\']QUOTE(ober @ Mar 20 2006, 06:35 PM) [snapback]356700[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'm not sure, to be completely honest. I've never used sockets.
[/quote]

no problem at all. ftp it is then...
unless someone can explain how i can do this with sockets?
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19086
Share on other sites

Setup a free php isp account and use a ftp program.

send zip files acroos the net via a update link.

have a update folder so the user can just drop the nessary files in.

use a link within a email message then send file to them.

setup a website for updates and links for updates.

email user files and zips.

setup a script on your site that has a password protected area for downloads via password for updates.

I tried

good luck

ps. what you relly want is a webpage with news of updates for the packages and dispalyed via date then on click password protected info for download.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19093
Share on other sites

cheers redarrow

the problem is i need it to carry out the update task automatically. just like windows does.

1) user is notified 'updates are available'
2) user clicks link that says 'get updates'
3) updates (both PHP text files, images, etc - anything that might need doing) are automatically read from my site and replace the out of date versions on their site AUTOMATICALLY.

believe me, i've thought of these download this, do this, do that, etc, but if i was someone with only a basic knowledge of computers, i'd be stuck already.

these are the ways i've tried/thought about. if anyone can elaborate on any of them or suggest that one way is going to work the best, please feel free to do so.

- i've tried using fopen with a URL to my update site, but (as expected) the update site parses the php first.
- i've (partially successfully) used fopen, as above, to load a remote script on my update site from my test site that literally opens the required file and uses fgets and 'echo' to display all the lines in my script. this seems to work, but i'm sure there are probably flaws (aside from the security aspect to make sure its only the site that needs the updates getting them and not some TomDickandHarry chancer trying to nick my code)
- not tried yet, but maybe the files that need updating could be stored in my mysql database (as blobs) with info as to where the file belongs. their site connects remotely to the update site's mysql database and gets the stuff it needs.

out of the 3 methods, which would be the best? i'm really not keen on going down the road of FTP, and this has got to be as simple for the client as possible. if there's a 4th method, let me know...
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19108
Share on other sites

There are a few options that you may use.

First, your clients are going to have some kind of administration panel correct?

Well, set up a seperate mysql database at your site. When the user logs in to the administration panel, make a script to read the mysql database (on your site) to see if there was an update. If you have recoreded in your database that there is an update to the software, then it should show a link in your clients admin panel. When the link is present, I would have the user click the link, wich would in return to to your site where your installation scrypt is located. Make your installation scrypt. In the first part of your installation script, make your clients enter there own ftp details in the installation script. When there ftp details are entered, you can use php to over write there old files, and if needed update mysql tables etc. I hope this has given you some helpfull information. And YES this has been done.

unenergizer
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19110
Share on other sites

unenergizer, thats not a bad idea at all. at least i wouldnt need to keep their ftp details.

their whole system is an 'admin panel' in effect. only employees will be able to access it.

but (me being fussy and all that lol) i want to take this to its extreme. when you click on windows update, it doesnt ask you for any usernames/passwords/keys, etc. it just does it. i'm through with expecting clients to have any computer literacy about them, as i've found that (even with my personal sites) that the best way of dealing with things like this is to think about the end user being a newb, and not a upload/download ftp genius.
i've gotten some good feedback by simplifying things and targetting the non-computer literate.

so - how can i do it WITHOUT the user having to type ftp details? and without me having to store them?

1) user clicks 'update'
2) their system 'talks' to mine to find out what's out of date
3) my system sends the php/txt/whatever files to their system
4) their system installs it automatically.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19126
Share on other sites

Have them do it the first time (hell, store it as an input when they run your initial install script) and then just fill in the form for the update with the details. If the details change, just update the settings. That way, they only have to enter it once, but it gives them access to change it as needed.
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19128
Share on other sites

There is really no way for them to update with out them entering there ftp details. If you, as an individual were to create a script that could overwrite peoples php files on different servers, while not knowing there ftp infromation, then you would have just started a hacking revolution. Think about it. If anyone could just creat a script that could overwrite files, then you would see websites being constantly destroyed or worse. So with alittle bit of new found logic under our belt, we know its not going to be as simple as Microsofts GUI's.

Though think about this. The way I suggested, you would only have to remember 3 thinks.
[ol type=\'1\'][*]Domain[*]FTP Username[*]FTP Password[/ol]
And you could load the clients url into the login scrypt. So what now? Just an FTP username and password? Think about this. What all do you know that would require a username and/or password?

Your Bank Account, Debit Card, ATM Cards, maybe your cell phone, etc.

So basicly what I am getting at, is most people wont have trouble remembering a simle ftp username and password. That my friend, is the simplest way.


********Wow.

Something just came to mind. Also, you could make your script so that, when the user/client first runs it, it will ask them for there ftp username and password. When they have this enterend, it will save in there (your clients) database. And when they click update, the ftp login information could be sent from there database to your update/installation script allowing your installation to have an easy "one click install."
But you may think that, what if the ftp username and password change. Well, yes if a change was made, it wouldnt show up in there mysql databse. However you should make it so that, when a user updates this information (such as there ftp info in there cpanel), and they dont reconfigure there ftp info on your script, have your script check to see if it can open up the ftp. And if the ftp doesnt open, then the script should display a msg saying that there ftp details are incorrect.

Sorry, I am not the best at explaining my logic when it comes to programming. I kind of just know, and then write it. But explaining it in words is difficult for me. So if you do not understand what im getting at, then I will rephrase my wording.

Anyhow, hopes this helps you.

-unenergizer
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19145
Share on other sites

unenergizer, thanks for your help. you've made me think a little harder and come up with a few solutions, anyway. for the benefit of anyone that's interested, these are the ways i've got working or partially working, both off my own bat and from suggestions here:

1, ftp. their ftp credentials are programmed into their database and when an update is required are posted to my server (without me being able to get access to them) to check for the files needed. my scripts on my server interract with their server and give them the required files.

this appeared to be the best method. however, because of a few reasons (i'm stubborn, wanted to stretch my knowledge a bit, was determined to do it without passwords, etc) i have come up with this:

2, on my server, i have a file which prepares a file ready to send. literally by sending the php file to the browser in it's actual state, without the server parsing it first. this done with fopen, fgets, echo (i'd post the code, but for some reason phpfreaks doesn't like it, with or without the [CODE] tag. either way, the script on their server is almost identical, using fopen to read this file, and saves a local copy on their server.

3, mysql. possibly the most likely way i'll end up going with, if i can set up a remote connection from their site. but if they can connect to my 'updates' database from their site, then they can literally download the required files, which will be stored as BLOB type (it would be TEXT, but sometimes the files will be images and other filetypes, etc). their server sends a request to mine for the latest login credentials, which mine responds back with. their server uses these to access the updates database, downlaods the relevent file, and then puts it in the correct place.


obviously my biggest fear is that of security, but i think that i can make either of these 3 quite watertight as i would with a login/membership system. if anyone has any thoughts on any of these, or could elaborate on why/why not to use any of them, then please feel free to comment.

Cheers
Mark
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19264
Share on other sites

redbullmarky, if I was you, suggestion 1 would be my choice. You say that the ftp login information is going to be changed correct? Well, if they chage it, then it should be hard to remember when the first initial install is being made. So, when they are installing the scrypts, have there ftp info a requirement. This would make it easy on you and your clients, and would prevent confusion with later updates. But you should do what you feel is best. Enjoy, and let us know how everything turns out! :)

-unenergizer
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19374
Share on other sites

[!--quoteo(post=357001:date=Mar 21 2006, 04:22 PM:name=unenergizer)--][div class=\'quotetop\']QUOTE(unenergizer @ Mar 21 2006, 04:22 PM) [snapback]357001[/snapback][/div][div class=\'quotemain\'][!--quotec--]
redbullmarky, if I was you, suggestion 1 would be my choice. You say that the ftp login information is going to be changed correct? Well, if they chage it, then it should be hard to remember when the first initial install is being made. So, when they are installing the scrypts, have there ftp info a requirement. This would make it easy on you and your clients, and would prevent confusion with later updates. But you should do what you feel is best. Enjoy, and let us know how everything turns out! :)

-unenergizer
[/quote]

go into the offices of your average recruitment consultant and mention the words 'FTP' and 'Installation'. they'll be screaming 'TECH SUPPORT!!!' before you know it. i'm not disregarding your suggestion, as it really may be the best one. but whilst there's a way to do it WITHOUT them having additional installation and passwords to deal with, i'll probably keep plugging away to find the solution. looking at FTP, it would probably be MY easiest option, and as you say it wouldnt even need to be that complex for them. but this has got to be something so braindead-easy for them it's untrue. and i think my client, and countless other future clients, would respect how easy it is just to 'click and play' without getting into problems.

thanks though, and yes - unless anyone else has any further thoughts or would care to elaborate on unenergizers comments, i'll post my results when i get it working.

cheers
Mark
Link to comment
https://forums.phpfreaks.com/topic/5348-installer-script/#findComment-19390
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.