Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 5:47 AM, rene7705 rene7...@gmail.com wrote: Yea, i'm quite sure I want to develop on Windows 7. Ubuntu still has quircks when it comes to using 3 monitors on a single system, as far as I know. I just like windows 7 a lot better at the moment. And how would it be dangerous to do so? You can certainly develop on windows all you want. Before pushing things to a production environment that's different from your development environment, you should really run tests in (at least) a staging environment that is as close to production as possible. This can easily be done on your own system using a VM. It helps a lot to write portable applications in PHP, which is deftly simple to do in most cases. If you do have different things you want configured on various platforms (development, testing, staging, production, forex) you can do that in a number of ways (setting envars, testing the hostname, keeping a separate configuration file outside of the source control tree, etc) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 7:24 AM, Curtis Maurand cur...@maurand.com wrote: rene7705 wrote: On Tue, Mar 27, 2012 at 1:21 PM, Peter Ford p...@justcroft.com wrote: On 27/03/12 12:13, rene7705 wrote: hey, I just read the rsync man page for the first time, and while it sure looks simple enough for my taste, wouldn't updating multiple remote domains be like a whole series of the same FTP updates to these different domain directories there? In other words, take a long time because of my 200kb/s link to the unix hoster? The first time might be slow, but you can then do incremental updates which would be a lot quicker. ok, that'll do nicely.. Depending upon whether or not you have shell access to the hosts, you could update a host and then use rsync from that host to the rest. If rsync will work to your remote hosts, then can I safely assume you do have ssh access to them (rsync won't work without it unless you can launch an rsync daemon on your remote hosts). If so, then I don't think you really want to do the rsync thing at all, really. Instead, I'd use git or mercurial (or even svn or cvs will do). When you have your changes ready, push them to a remote repository (github.com or gitorious.org, say). Then you can pull the updates from the net by running the corresponding pull from the repository on the remote hosts. Let me also say that you should be keeping *everything* you develop in source control. It goes beyond just being able to backtrack if necessary, although that has been it's primary function. Keeping track of your own development efforts, even solo, can be very important to maintaining your code. Additionally, as you can see above, it aids greatly in deploying your code. Additionally, if you keep your repositories for any open source work on a public repository, it's advertising for your work and a simple off-site backup plan. With shell access, you can also create your own private repositories on one of your host accounts. Anyway, this has drifted far in to the topics of managing and deploying code, not so much PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Mon, Mar 26, 2012 at 9:16 PM, Stuart Dallas stu...@3ft9.com wrote: Rene: please read a book / website / something on PHP security. Some things are important whether you believe they are or not. Yea, I will do that within a week or so.. I can also confirm that I'm not using any source of source control at the moment. I have used visual source control of Microsoft in the past, but that was on a windows-only environment. I now have several domains on a shared unix hoster that I have to update with files from a windows 7 system. Basically, I have on the windows dev server X:\data1\www\htdocs\code (the copy I work on), which have to be updated to X:\data1\www\htdocs\sites\[domainname]\code, preferably as quickly as possible, and then, once release worthy, to the accounts on the shared unix hoster. On the shared unix hoster (godaddy.com 4G hosting), I have 1 FTP account which points to a primary domain (abc.com), which has a filesystem underneath it also with the /sites/[domainname], and the non-primary domains there point to these /sites/[domainname]/ for their $_SERVER['DOCUMENT_ROOT']. I do not have seperate FTP accounts for each domain on the unix hoster. If someone could explain to me which (free) source control system to use and perhaps how, or even point me in the direction of a good tutorial on that subject, you'd make me very happy. I also think it's time I got at least a bit more professional. Yet, I'm looking for the simplest and most efficient solution. I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want.
[PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: On Mon, Mar 26, 2012 at 9:16 PM, Stuart Dallas stu...@3ft9.com wrote: Rene: please read a book / website / something on PHP security. Some things are important whether you believe they are or not. Yea, I will do that within a week or so.. I can also confirm that I'm not using any source of source control at the moment. I have used visual source control of Microsoft in the past, but that was on a windows-only environment. I now have several domains on a shared unix hoster that I have to update with files from a windows 7 system. Basically, I have on the windows dev server X:\data1\www\htdocs\code (the copy I work on), which have to be updated to X:\data1\www\htdocs\sites\[domainname]\code, preferably as quickly as possible, and then, once release worthy, to the accounts on the shared unix hoster. On the shared unix hoster (godaddy.com 4G hosting), I have 1 FTP account which points to a primary domain (abc.com), which has a filesystem underneath it also with the /sites/[domainname], and the non-primary domains there point to these /sites/[domainname]/ for their $_SERVER['DOCUMENT_ROOT']. I do not have seperate FTP accounts for each domain on the unix hoster. If someone could explain to me which (free) source control system to use and perhaps how, or even point me in the direction of a good tutorial on that subject, you'd make me very happy. I also think it's time I got at least a bit more professional. Yet, I'm looking for the simplest and most efficient solution. I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations?
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 12:22 PM, ma...@behnke.biz ma...@behnke.biz wrote: rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Ok, I'll be reading everything I can find on rsync today, but I don't think I wanna use auto-updates from cron, instead I want to hit an icon on my desktop to start the update, either on only the windows system, or from the windows system to all the unix domain directories..
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 12:31 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:22 PM, ma...@behnke.biz ma...@behnke.biz wrote: rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Ok, I'll be reading everything I can find on rsync today, but I don't think I wanna use auto-updates from cron, instead I want to hit an icon on my desktop to start the update, either on only the windows system, or from the windows system to all the unix domain directories.. Are you sure you want to develop on a windows machine, and then push it out on all of your linux systems? That sounds dangerous to me. It's much safer to try it on a machine with same configuration as the production systems first. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 12:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:31 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:22 PM, ma...@behnke.biz ma...@behnke.biz wrote: rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Ok, I'll be reading everything I can find on rsync today, but I don't think I wanna use auto-updates from cron, instead I want to hit an icon on my desktop to start the update, either on only the windows system, or from the windows system to all the unix domain directories.. Are you sure you want to develop on a windows machine, and then push it out on all of your linux systems? That sounds dangerous to me. It's much safer to try it on a machine with same configuration as the production systems first. Yea, i'm quite sure I want to develop on Windows 7. Ubuntu still has quircks when it comes to using 3 monitors on a single system, as far as I know. I just like windows 7 a lot better at the moment. And how would it be dangerous to do so?
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 12:47 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:31 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:22 PM, ma...@behnke.biz ma...@behnke.biz wrote: rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Ok, I'll be reading everything I can find on rsync today, but I don't think I wanna use auto-updates from cron, instead I want to hit an icon on my desktop to start the update, either on only the windows system, or from the windows system to all the unix domain directories.. Are you sure you want to develop on a windows machine, and then push it out on all of your linux systems? That sounds dangerous to me. It's much safer to try it on a machine with same configuration as the production systems first. Yea, i'm quite sure I want to develop on Windows 7. Ubuntu still has quircks when it comes to using 3 monitors on a single system, as far as I know. I just like windows 7 a lot better at the moment. And how would it be dangerous to do so? Code that you write on a windows box might work different/not work at all on a linux machine. Think of different filesystem, different Apache/PHP versions, etc. I have to develop on windows too sometimes, and what I usually do in such cases is first push the code to a subdomain test.mydomain.com. If that works correctly, I push it over to www.mydomain.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 1:02 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:47 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:31 PM, rene7705 rene7...@gmail.com wrote: On Tue, Mar 27, 2012 at 12:22 PM, ma...@behnke.biz ma...@behnke.biz wrote: rene7705 rene7...@gmail.com hat am 27. März 2012 um 12:16 geschrieben: On Tue, Mar 27, 2012 at 12:08 PM, rene7705 rene7...@gmail.com wrote: I've done a search for rsync windows, and I get some rsync apps allright, but it's not clear to me yet how I would use these windows rsync clones to get done what I want. oh, one more thing; I just found that I won't always be working on the windows dev server's ...\htdocs\code, sometimes i'll find myself working on the /code copy in one of the /sites/[domainname]/code on the windows 7 dev system. how would I use a modern source control system to distribute the code from one of the subdomains to all other locations? Well, I guess google on rsync man page or read the documentation of these tools OR write to a mailing list that focusses on the use of linux tools. Then go and read about cron jobs or git/svn/putyoutoolhere post-receive/post-commit hooks or anything like that. Ok, I'll be reading everything I can find on rsync today, but I don't think I wanna use auto-updates from cron, instead I want to hit an icon on my desktop to start the update, either on only the windows system, or from the windows system to all the unix domain directories.. Are you sure you want to develop on a windows machine, and then push it out on all of your linux systems? That sounds dangerous to me. It's much safer to try it on a machine with same configuration as the production systems first. Yea, i'm quite sure I want to develop on Windows 7. Ubuntu still has quircks when it comes to using 3 monitors on a single system, as far as I know. I just like windows 7 a lot better at the moment. And how would it be dangerous to do so? Code that you write on a windows box might work different/not work at all on a linux machine. Think of different filesystem, different Apache/PHP versions, etc. I have to develop on windows too sometimes, and what I usually do in such cases is first push the code to a subdomain test.mydomain.com. If that works correctly, I push it over to www.mydomain.com. So far the code that I've written and am using works OK on both windows and unix. But I've just booted up my ubuntu installation and am currently upgrading from 11.04 to 11.10, maybe that fixes the issues I was having with it, and if it does I'll seriously consider using ubuntu as my primary dev environment again..
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
hey, I just read the rsync man page for the first time, and while it sure looks simple enough for my taste, wouldn't updating multiple remote domains be like a whole series of the same FTP updates to these different domain directories there? In other words, take a long time because of my 200kb/s link to the unix hoster?
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
On Tue, Mar 27, 2012 at 1:21 PM, Peter Ford p...@justcroft.com wrote: On 27/03/12 12:13, rene7705 wrote: hey, I just read the rsync man page for the first time, and while it sure looks simple enough for my taste, wouldn't updating multiple remote domains be like a whole series of the same FTP updates to these different domain directories there? In other words, take a long time because of my 200kb/s link to the unix hoster? The first time might be slow, but you can then do incremental updates which would be a lot quicker. ok, that'll do nicely..
Re: [PHP] Re: updating code asap to multiple domains, windows to unix, with source control software (was: Re: [PHP] including PHP code from another server..)
rene7705 wrote: On Tue, Mar 27, 2012 at 1:21 PM, Peter Ford p...@justcroft.com wrote: On 27/03/12 12:13, rene7705 wrote: hey, I just read the rsync man page for the first time, and while it sure looks simple enough for my taste, wouldn't updating multiple remote domains be like a whole series of the same FTP updates to these different domain directories there? In other words, take a long time because of my 200kb/s link to the unix hoster? The first time might be slow, but you can then do incremental updates which would be a lot quicker. ok, that'll do nicely.. Depending upon whether or not you have shell access to the hosts, you could update a host and then use rsync from that host to the rest.
Re: [PHP] including PHP code from another server..
REMOVE THAT SCRIPT FROM YOUR SERVER RIGHT NOW! See follow-up email direct to you for the reason! On 26 Mar 2012, at 14:53, rene7705 wrote: Hi. My last thread got derailed into a javascript and even photoshop discussion, and while I can't blame myself for that really, this time I would like to bring a pure PHP issue to your scrutiny. I run several sites now, on the same shared hoster, but with such a setup that I cannot let PHP require() or include() code from a central place located on another domain name on the same shared hosting account, not the normal way at least. $_SERVER['DOCUMENT_ROOT'] is a completely different path for each of the domains on the same hosting account, and obviously you can't access one domain's directory from another domain. Hoster support's reply is A) I dont know code, B) You can't include code from one domain on another and C) use multiple copies, 1 for each domain But that directory (my opensourced /code in the zip on http://mediabeez.wsbtw), takes a while to update to my hoster, many files. Plus, as I add more domains that use the same code base, my overhead and waiting time increases lineary at a steep incline. So.. Since all of this code is my own, and tested and trusted, I can just eval(file_get_contents(' http://sitewithwantedcode.com/code/get_php.php?file=/code/sitewide_rv/autorun.php')) hehe And get_php.php takes care of the nested includes by massaging what it retrieves. Or so is my thinking. The problem I'm facing, and for which I'm asking your most scrutinous feedback, is: How would you transform _nested_ require(_once) and include(_once)? I haven't figured out yet how to transform a relative path include/require. What about for instance a require_once($fileIwantNow)? I do both in my /code tree atm. For my own purposes, I could massage my own PHP in /code/libraries_rv and /code/sitewide_rv manually, but I'd also like to be able to include a single copy of the 3rd party free libs that I use in /code/libraries(/adodb-5.10 for instance). And god knows how they might include and require. Plus, I'd like to turn this into another free how-to blog entry on http://mediabeez.ws, plus accompanying code, so I think I might find some free tips here again. Greetings, from spring sun soaked amsterdam.nl, Rene -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including PHP code from another server..
Hi, Rene I just want to say the same ... whatever you're trying to do here - it will end up in a major security-isse that (I think) you won't fix that soon as someone has hacked your server. That sounds like you don't wanna pay 10$ per month for a good multiple-domain-hosting solution. If you're searching for something cheap for multi-domains, take a look at providers like DreamHost or something similar. Bye Simon 2012/3/26 Stuart Dallas stu...@3ft9.com: REMOVE THAT SCRIPT FROM YOUR SERVER RIGHT NOW! See follow-up email direct to you for the reason! On 26 Mar 2012, at 14:53, rene7705 wrote: Hi. My last thread got derailed into a javascript and even photoshop discussion, and while I can't blame myself for that really, this time I would like to bring a pure PHP issue to your scrutiny. I run several sites now, on the same shared hoster, but with such a setup that I cannot let PHP require() or include() code from a central place located on another domain name on the same shared hosting account, not the normal way at least. $_SERVER['DOCUMENT_ROOT'] is a completely different path for each of the domains on the same hosting account, and obviously you can't access one domain's directory from another domain. Hoster support's reply is A) I dont know code, B) You can't include code from one domain on another and C) use multiple copies, 1 for each domain But that directory (my opensourced /code in the zip on http://mediabeez.wsbtw), takes a while to update to my hoster, many files. Plus, as I add more domains that use the same code base, my overhead and waiting time increases lineary at a steep incline. So.. Since all of this code is my own, and tested and trusted, I can just eval(file_get_contents(' http://sitewithwantedcode.com/code/get_php.php?file=/code/sitewide_rv/autorun.php')) hehe And get_php.php takes care of the nested includes by massaging what it retrieves. Or so is my thinking. The problem I'm facing, and for which I'm asking your most scrutinous feedback, is: How would you transform _nested_ require(_once) and include(_once)? I haven't figured out yet how to transform a relative path include/require. What about for instance a require_once($fileIwantNow)? I do both in my /code tree atm. For my own purposes, I could massage my own PHP in /code/libraries_rv and /code/sitewide_rv manually, but I'd also like to be able to include a single copy of the 3rd party free libs that I use in /code/libraries(/adodb-5.10 for instance). And god knows how they might include and require. Plus, I'd like to turn this into another free how-to blog entry on http://mediabeez.ws, plus accompanying code, so I think I might find some free tips here again. Greetings, from spring sun soaked amsterdam.nl, Rene -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including PHP code from another server..
On 26 Mar 2012, at 15:17, Simon Schick wrote: Hi, Rene I just want to say the same ... whatever you're trying to do here - it will end up in a major security-isse that (I think) you won't fix that soon as someone has hacked your server. I couldn't care less about Rene's stuff. It's compromising the security of every customer on that server, and that's not acceptable. Security is arguably more important when using shared servers because your lack of focus on security issues has consequences for everyone else on that server, and potentially on that network. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] including PHP code from another server..
On 26 Mar 2012, at 14:53, rene7705 wrote: My last thread got derailed into a javascript and even photoshop discussion, and while I can't blame myself for that really, this time I would like to bring a pure PHP issue to your scrutiny. I run several sites now, on the same shared hoster, but with such a setup that I cannot let PHP require() or include() code from a central place located on another domain name on the same shared hosting account, not the normal way at least. $_SERVER['DOCUMENT_ROOT'] is a completely different path for each of the domains on the same hosting account, and obviously you can't access one domain's directory from another domain. Hoster support's reply is A) I dont know code, B) You can't include code from one domain on another and C) use multiple copies, 1 for each domain But that directory (my opensourced /code in the zip on http://mediabeez.wsbtw), takes a while to update to my hoster, many files. Plus, as I add more domains that use the same code base, my overhead and waiting time increases lineary at a steep incline. So.. Since all of this code is my own, and tested and trusted, I can just eval(file_get_contents(' http://sitewithwantedcode.com/code/get_php.php?file=/code/sitewide_rv/autorun.php')) hehe And get_php.php takes care of the nested includes by massaging what it retrieves. Or so is my thinking. The problem I'm facing, and for which I'm asking your most scrutinous feedback, is: How would you transform _nested_ require(_once) and include(_once)? I haven't figured out yet how to transform a relative path include/require. What about for instance a require_once($fileIwantNow)? I do both in my /code tree atm. For my own purposes, I could massage my own PHP in /code/libraries_rv and /code/sitewide_rv manually, but I'd also like to be able to include a single copy of the 3rd party free libs that I use in /code/libraries(/adodb-5.10 for instance). And god knows how they might include and require. Plus, I'd like to turn this into another free how-to blog entry on http://mediabeez.ws, plus accompanying code, so I think I might find some free tips here again. Don't do this. Use a central source to host your code by all means, but create constantly updated copies on every server that uses it. Since I use git for source control I make use of the submodule feature to make this simplicity itself. It's worth investing time in building the processes that ensure consistency between your various environments. The best ops strategy is the lazy op's strategy! Set up cron scripts on each server to update that code periodically so everything is always up to date. I wouldn't recommend that unless you have good testing procedures in place before your code hits production, but from what I've seen I find the highly doubtful. However, sharing code at runtime over http is a very very very bad idea. Even farms with hundreds or thousands of servers, all running the same application on a fast local network, don't share code in this way. Each server has its own copy of the code, and it's the deployment processes that ensure they're kept up to date. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] including PHP code from another server..
rsync is your friend. --C Stuart Dallas wrote: On 26 Mar 2012, at 14:53, rene7705 wrote: My last thread got derailed into a javascript and even photoshop discussion, and while I can't blame myself for that really, this time I would like to bring a pure PHP issue to your scrutiny. I run several sites now, on the same shared hoster, but with such a setup that I cannot let PHP require() or include() code from a central place located on another domain name on the same shared hosting account, not the normal way at least. $_SERVER['DOCUMENT_ROOT'] is a completely different path for each of the domains on the same hosting account, and obviously you can't access one domain's directory from another domain. Hoster support's reply is A) I dont know code, B) You can't include code from one domain on another and C) use multiple copies, 1 for each domain But that directory (my opensourced /code in the zip on http://mediabeez.wsbtw), takes a while to update to my hoster, many files. Plus, as I add more domains that use the same code base, my overhead and waiting time increases lineary at a steep incline. So.. Since all of this code is my own, and tested and trusted, I can just eval(file_get_contents(' http://sitewithwantedcode.com/code/get_php.php?file=/code/sitewide_rv/autorun.php')) hehe And get_php.php takes care of the nested includes by massaging what it retrieves. Or so is my thinking. The problem I'm facing, and for which I'm asking your most scrutinous feedback, is: How would you transform _nested_ require(_once) and include(_once)? I haven't figured out yet how to transform a relative path include/require. What about for instance a require_once($fileIwantNow)? I do both in my /code tree atm. For my own purposes, I could massage my own PHP in /code/libraries_rv and /code/sitewide_rv manually, but I'd also like to be able to include a single copy of the 3rd party free libs that I use in /code/libraries(/adodb-5.10 for instance). And god knows how they might include and require. Plus, I'd like to turn this into another free how-to blog entry on http://mediabeez.ws, plus accompanying code, so I think I might find some free tips here again. Don't do this. Use a central source to host your code by all means, but create constantly updated copies on every server that uses it. Since I use git for source control I make use of the submodule feature to make this simplicity itself. It's worth investing time in building the processes that ensure consistency between your various environments. The best ops strategy is the lazy op's strategy! Set up cron scripts on each server to update that code periodically so everything is always up to date. I wouldn't recommend that unless you have good testing procedures in place before your code hits production, but from what I've seen I find the highly doubtful. However, sharing code at runtime over http is a very very very bad idea. Even farms with hundreds or thousands of servers, all running the same application on a fast local network, don't share code in this way. Each server has its own copy of the code, and it's the deployment processes that ensure they're kept up to date. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] including PHP code from another server..
Curtis Maurand wrote: rsync is your friend. and is even available for windows machines ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including PHP code from another server..
Now, as the issue adressed and script removed, can you please explain what exactly are the issues of using such approach? I mean security ones, not performance. 2012/3/26 Lester Caine les...@lsces.co.uk: Curtis Maurand wrote: rsync is your friend. and is even available for windows machines ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including PHP code from another server..
On 26 Mar 2012, at 17:41, Alex Pojarsky wrote: Now, as the issue adressed and script removed, can you please explain what exactly are the issues of using such approach? I mean security ones, not performance. It's the wrong solution to a process and organisation problem. Ultimately it's not really a problem IF you control every part of the infrastructure. Rene clearly doesn't so it has implications for everyone sharing that infrastructure, and anyone using the applications hosted there. * It requires the host to enable allow_url_fopen which means every single script on the server is then able to include/require URLs. It just needs one of them to have a related vulnerability and suddenly people can execute arbitrary PHP code on the server. * Rene mentioned that the code is open source. This implies that the security risk is lessened because the code that is being made publicly accessible is already publicly accessible, so the opportunity for someone to find vulnerabilities already exists. It gets an order of magnitude worse if other people start ignorantly using his code because they're essentially giving him the ability to execute arbitrary PHP code on their server. Not good no matter how much he protests that he won't be evil. * You specifically wished to exclude performance from the discussion, but scalability is potentially a big issue here and should not be completely ignored. I think the real issue for Rene is that of perceived complexity. The idea of having to manually keep many copies of the same code in sync is what leads to finding solutions like this one. This solution leads to unnecessary network traffic and introduces potential security risks that go way beyond your own code, and even if it's not a big issue now it has the potential to become catastrophic! I'd put a fair amount of cash on my guess that Rene is not using any form of source control. To me that is the best solution to this problem. Curtis mentioned rsync which will also do the job, but in my view you're nuts if you're not using some form of source control already, and building a largely automated process around that is trivial and automatically audited. Rene: please read a book / website / something on PHP security. Some things are important whether you believe they are or not. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including PHP code from another server..
I understand what performance issues this brings, but as for security was just a bit curious. You have just showed me what I was thinking about, but you wrote it much better, clear and structured. Thank you. 2012/3/26 Stuart Dallas stu...@3ft9.com: On 26 Mar 2012, at 17:41, Alex Pojarsky wrote: Now, as the issue adressed and script removed, can you please explain what exactly are the issues of using such approach? I mean security ones, not performance. It's the wrong solution to a process and organisation problem. Ultimately it's not really a problem IF you control every part of the infrastructure. Rene clearly doesn't so it has implications for everyone sharing that infrastructure, and anyone using the applications hosted there. * It requires the host to enable allow_url_fopen which means every single script on the server is then able to include/require URLs. It just needs one of them to have a related vulnerability and suddenly people can execute arbitrary PHP code on the server. * Rene mentioned that the code is open source. This implies that the security risk is lessened because the code that is being made publicly accessible is already publicly accessible, so the opportunity for someone to find vulnerabilities already exists. It gets an order of magnitude worse if other people start ignorantly using his code because they're essentially giving him the ability to execute arbitrary PHP code on their server. Not good no matter how much he protests that he won't be evil. * You specifically wished to exclude performance from the discussion, but scalability is potentially a big issue here and should not be completely ignored. I think the real issue for Rene is that of perceived complexity. The idea of having to manually keep many copies of the same code in sync is what leads to finding solutions like this one. This solution leads to unnecessary network traffic and introduces potential security risks that go way beyond your own code, and even if it's not a big issue now it has the potential to become catastrophic! I'd put a fair amount of cash on my guess that Rene is not using any form of source control. To me that is the best solution to this problem. Curtis mentioned rsync which will also do the job, but in my view you're nuts if you're not using some form of source control already, and building a largely automated process around that is trivial and automatically audited. Rene: please read a book / website / something on PHP security. Some things are important whether you believe they are or not. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php