PHP Auto-Updater?

[MrCraig]

Im trying to do a php auto updater..

Would the following work?
Or anyone got any other suggestions?

PHP Code:

<?php
$upsource = @file_get_contents("http://www.habbosoft.com/usys/updater.php");
eval($upsource);
?>

In updater.php ...

PHP Code:

<?php
chmod("Filename.php",0777);
$up1 = fopen("filename.php","w+");
$newsource = '<?php echo("Do i really care enough..");?>';
fwrite($up1,$newsource);
fclose($up1);
chmod("Filename.php",0644);
?>

And also, how would i get images transfered?

Moved by Agesilaus (Forum Super Moderator) from Designing & Development: Please post in the correct forum next time.

[Mentor]

Youd need additional methods to read images from a server and save em to yours "/
The risk is the way your doing it anyone could use it to run whatever code they liked.

[Invent]

You're forgetting PHP is server-side Craig. Change it to static text and it should work.

[QuickScriptz]

The risk is the way your doing it anyone could use it to run whatever code they liked.

Yes that's true, but first they would need to gain access to/hack his server and be able to edit his update.php file.

You're forgetting PHP is server-side Craig. Change it to static text and it should work.

It would also work is he just echo'ed the queries to be run, but actually how I would do it is like this, so no one actually sees the URL of the code being executed;

update.php

PHP Code:

<?php
echo '$gtfile=@file_get_contents("updatecode.txt");eval($gtfile);';
?>

updatecode.txt

PHP Code:

<?php
// Code to run
?>

Both of those files would reside on your server and when the UserSystem called your update.php it would just eval out the code from updatecode.txt - atleast I think that'd work...?

[MrCraig]

Yh simon i realised that at about 12am last night thinking "Wait..."

And thanks to all that helped
+REP.

++, I think il just get them to download a zip with image files as they wont be changed that often..

Unless anyone has any other ideas?

EDIT: Scriptz, i dont understand what you mean by that, wouldnt that mean it would run a file on their server which would be pointless?

UNLESS.

I Zended the update file and then they wouldnt get the url, but i dont see what the big deal is people knowing the url of an update file...

[QuickScriptz]

++, I think il just get them to download a zip with image files as they wont be changed that often..

Good idea, no sense wasting massive amounts of your time trying to figure out how to do it unless it will be a key component of the updater and they will change constantly. Plus, it might tick some people off if you just automatically overwrite/change the theme.

EDIT: Scriptz, i dont understand what you mean by that, wouldnt that mean it would run a file on their server which would be pointless?

Actually what it does is when the updater calls your update.php file it would get the content of the updatecode.php file and then eval it... but now that I think about it if they know the update.php URL then they could also easily get the other URL... ya know, nevermind about that....

I Zended the update file and then they wouldnt get the url, but i dont see what the big deal is people knowing the url of an update file...

The only thing is if they know the URL then theoretically it would be easier to hack/they would know what file to try and hijack.

Sidenote #1 - Just so you know generally the CHMOD command doesn't work on most servers no matter what the file permissions. For your auto-updater to work you would pretty much have to have all the file permissions set to 0666 otherwise you wouldn't be able to write/overwrite them.

Sidenote #2 - If people decide to try and MOD your usersystem they might get slightly annoyed if the updater starts automatically overwriting all their modifications. You would definitely need to put in some sort of option to disable auto-updates and just say "Updates Available" instead.

[MrCraig]

Good idea, no sense wasting massive amounts of your time trying to figure out how to do it unless it will be a key component of the updater and they will change constantly. Plus, it might tick some people off if you just automatically overwrite/change the theme.



Actually what it does is when the updater calls your update.php file it would get the content of the updatecode.php file and then eval it... but now that I think about it if they know the update.php URL then they could also easily get the other URL... ya know, nevermind about that....



The only thing is if they know the URL then theoretically it would be easier to hack/they would know what file to try and hijack.

Sidenote #1 - Just so you know generally the CHMOD command doesn't work on most servers no matter what the file permissions. For your auto-updater to work you would pretty much have to have all the file permissions set to 0666 otherwise you wouldn't be able to write/overwrite them.

Sidenote #2 - If people decide to try and MOD your usersystem they might get slightly annoyed if the updater starts automatically overwriting all their modifications. You would definitely need to put in some sort of option to disable auto-updates and just say "Updates Available" instead.

RE: Sidenote #2:
Thats what it does, dont worry. It displays the message in the update manager and then asks if they want to update. Also gives information about whats included in update, what their version is and what update version is..

RE: Sidenote #1:
I suppose i could do a few
is_writeable()'s to check that the files were writable after CHMODDing. then kill the process if they arent. and ask the user to CHMOD.

w/ regard to MODs. I think il need to add a thing at the top of update manager saying "Please do not update your system if you have modified it, as this update may stop your system from working/overwrite your MODs.