To do this requires a solid separation of custom vs core code. You would want to make sure users have a seperate set of pages to hook into your code from. Perhaps you should run an MD5 check remotely on the pages before carrying out the update.
The easiest solution to this is to have your script (on customer side) run a SOAp/REST command sending its version and serial to your home server. In turn your server can send back a message with the new version.
If the user clicks the link, the customer side script would need to send another SOAP/REST command with information (FTP info for instance) to allow your server to connect and overwrite the core files.
Keep in mind, this requires the users to set correct chmod and chgrp/chown permissions on the files so that you can actually connect and overwrite the files.
Many scripts have this functionality however it is a large security risk. Think hard on if the effort to implement this correctly is worth it...Sometimes simply sending a tar/zip is easier.
By remotely updating, you are running into huge liability and security issues...
updater.php 必须解压缩(例如使用 php 的 zip 扩展名)到 ./temp/files
updater.php 必须使用 ./temp/files/manifest 以便
在替换之前查找和替换文件,并进行一些文件完整性检查和确保文件没有被更改(比较校验和)。
在进行任何更改之前也要检查数据库。
如果一切正常,则提交更改。
删除临时数据。
就这样。
您可以添加备份支持以在工作副本失败时恢复工作副本。
Does this realy need a tutorial ? just bring your editor and start coding, if i were you, here's the way i'll be doing it:
In order to manipulate them, all your files need to be chmoded 777 (if unix).
create a file, say updater.php
that file will connect to your website (through curl for example) and check whether an update is available.
server side, consider making a manifest file with paths to files to be replaced + an SQL file with database changes + the replacing files and package all that in a tar (or zip).
make your updater.php script download that archive and store it in a local directory say 'temp'.
updater.php will have to uncompress (using php's zip extension for example) to ./temp/files
updater.php will have to use ./temp/files/manifest in order to find and replace files
before replacing do some file integrity checks and be sure the files have not been changed (compare checksums).
check database too, before making any changes.
if all is OK, commit changes.
remove temp data.
that's all.
you can add backup support to restore working copy if it fails.
发布评论
评论(2)
要做到这一点,需要将自定义代码与核心代码完全分离。您需要确保用户有一组单独的页面可以连接到您的代码。也许您应该在执行更新之前在页面上远程运行 MD5 检查。
最简单的解决方案是让您的脚本(在客户端)运行 SOAp/REST 命令,将其版本和序列发送到您的家庭服务器。反过来,您的服务器可以发回带有新版本的消息。
如果用户单击该链接,客户端脚本将需要发送另一个包含信息(例如 FTP 信息)的 SOAP/REST 命令,以允许您的服务器连接并覆盖核心文件。
请记住,这需要用户对文件设置正确的 chmod 和 chgrp/chown 权限,以便您可以实际连接并覆盖文件。
许多脚本都有此功能,但存在很大的安全风险。认真思考一下正确实现的努力是否值得……有时,简单地发送 tar/zip 会更容易。
通过远程更新,您将遇到巨大的责任和安全问题......
To do this requires a solid separation of custom vs core code. You would want to make sure users have a seperate set of pages to hook into your code from. Perhaps you should run an MD5 check remotely on the pages before carrying out the update.
The easiest solution to this is to have your script (on customer side) run a SOAp/REST command sending its version and serial to your home server. In turn your server can send back a message with the new version.
If the user clicks the link, the customer side script would need to send another SOAP/REST command with information (FTP info for instance) to allow your server to connect and overwrite the core files.
Keep in mind, this requires the users to set correct chmod and chgrp/chown permissions on the files so that you can actually connect and overwrite the files.
Many scripts have this functionality however it is a large security risk. Think hard on if the effort to implement this correctly is worth it...Sometimes simply sending a tar/zip is easier.
By remotely updating, you are running into huge liability and security issues...
这真的需要教程吗?只要带上你的编辑器并开始编码,如果我是你,我将这样做:
您可以添加备份支持以在工作副本失败时恢复工作副本。
Does this realy need a tutorial ? just bring your editor and start coding, if i were you, here's the way i'll be doing it:
you can add backup support to restore working copy if it fails.