Page 1 of 1
inline code updating
Posted: Thu Sep 27, 2007 4:52 pm
by shylor
I am not really even sure where to start to look up this information, because well, I am not even sure what to call it.
Anyways on topic. I just started to write my own scripts, and I would like to be able to update the pages without having to replace the whole page.
I have seen this with other bigger scripts, where a guide file will tell the updater what line to add the new line of code.
Code: Select all
$mysql_location = 'localhost';
>> add line $mysql_user = 'user';
$mysql_password = 'password';
The biggest reason I would need this would be if I needed to update the config file. I can not just replace all the users information and make them retype it. So what happens when I just need to add one line of code, well I have to do that.
So all I am asking for if someone could point me in the way of what this would be called, and even better if someone has a tutorial on how to create something like this. This would also be used for an auto installer for mods too!
Thanks
Shylor
you need a database
Posted: Thu Sep 27, 2007 7:24 pm
by yacahuma
I dont know what is your skill level, but you need a database to save all the user information. You should mentions what is that you are trying to do, and maybe someone here can point you in the right direction.
Posted: Thu Sep 27, 2007 7:34 pm
by shylor
Ok, I will go a little bit more detail with this, I would say I am a medium php programmer, I still can not do a lot of the really really advanced stuff, but I feel I have a good foot hold.
Ok, you get a web script, its a webportal its version 1.00.00. The next week a new patch comes out, but it adds more info into the config file, so it replaces your current one with a new one, an empty one. So now you have to go and refill in all the data. Well, you find out that there was only one line added.
You download a mod for a new script you just got, but it has like 10 pages how to install it. However you find out that there is a system that allows you to just upload the zip file, it opens and install the new mod and updates all the code with out added an updated page, instead it goes to line 55 and adds a line, then moves to 62 and adds another line of code it. I have seen this system with phpbb easy mod, there is a file in the mod pack that tells the sytems to find a line of code on the page then add a line under it or above it.
I hope you can understand this a bit better now!
Posted: Thu Sep 27, 2007 8:13 pm
by EricS
It seems you are referring to a patching system.
This can be as simple as writing a series of patching blocks to update files.
Code: Select all
$log = array();
// PATCH BLOCK BEGINS - ./user/new.php
// Start by opening the file for this block of patches.
if ($file_contents = @file_get_contents('./user/new.php')) {
// fix sql injection attack vector (patch 156)
$old_code = 'INSERT INTO `user` SET `name` = \''.$user_name.'\'';
$new_code = 'INSERT INTO `user` SET `name` = \''.mysql_real_escape_string($user_name).'\'';
if (stripos($file_contents, $out_code) !== false) {
$file_contents = str_ireplace ($old_code, $new_code, $file_contents);
} else {
// Log that you could not completely patch this file
$log[] = 'Could not apply patch 156 to ./user/new.php';
}
// Apply other patches to this file here.
// Save patches to this file.
if (file_put_contents('./user/new.php', $file_contents) === false) {
// Log that none of the patches to this file could be applied.
$log[] = 'Could not apply any of the patches to ./user/new.php';
}
} else {
// Log that none of the patches to this file could be applied.
$log[] = 'Could not apply any of the patches to ./user/new.php';
}
// PATCH BLOCK ENDS - ./user/new.php
// Start the next patch block for the next file to be patched.
// Rinse and repeat.
Name this file patch_to_version_1_0_1.php and run it.
This is not a real rebust example, but it should give you a good place to start.
Posted: Thu Sep 27, 2007 8:47 pm
by shylor
you mean old code, where you put out code? Oh and what about a new line, how would I add a new line between 79 and 80?
Posted: Thu Sep 27, 2007 9:30 pm
by EricS
Code: Select all
$log = array();
// PATCH BLOCK BEGINS - ./user/new.php
// Start by opening the file for this block of patches.
if ($file_contents = @file_get_contents('./user/new.php')) {
// fix sql injection attack vector (patch 156)
$old_code = 'INSERT INTO `user` SET `name` = \''.$user_name.'\'';
$new_code = 'INSERT INTO `user` SET `name` = \''.mysql_real_escape_string($user_name).'\'';
if (stripos($file_contents, $old_code) !== false) {
$file_contents = str_ireplace ($old_code, $new_code, $file_contents);
} else {
// Log that you could not completely patch this file
$log[] = 'Could not apply patch 156 to ./user/new.php';
}
// fix cross-site scripting flaw with $user_name (patch 157)
$old_code = '$user_name = $_POST[\'user_name\']'."\n";
$new_code = '$user_name = $_POST[\'user_name\']'."\n";
$new_code .= 'if (detect_potential_xss($user_name)) die("Adios Amigos!");'."\n"
if (stripos($file_contents, $old_code) !== false) {
$file_contents = str_ireplace ($old_code, $new_code, $file_contents);
} else {
// Log that you could not completely patch this file
$log[] = 'Could not apply patch 157 to ./user/new.php';
}
// Apply other patches to this file here.
// Save patches to this file.
if (file_put_contents('./user/new.php', $file_contents) === false) {
// Log that none of the patches to this file could be applied.
$log[] = 'Could not apply any of the patches to ./user/new.php';
}
} else {
// Log that none of the patches to this file could be applied.
$log[] = 'Could not apply any of the patches to ./user/new.php';
}
// PATCH BLOCK ENDS - ./user/new.php
// Start the next patch block for the next file to be patched.
// Rinse and repeat.
Posted: Thu Sep 27, 2007 11:41 pm
by shylor
Ok, stripos and str_ireplace are new to me, well I run dream weaver cs3 and for some reason it will not show the case sensitive ones to show up.
Code: Select all
<?php
if($file_contains = @file_get_contents('index.php')) {
$code_1 = '$server = \'test one two three\'';
$patch_1 = '$server = \'test three two one\'';
if(strpos($file_contains, $code_1) !== false) {
$file_contains = str_replace($code_1, $patch_1, $file_contains);
}
}
?>
^ that is what I tried and it did not change it. Also a few things I have never seen: The @, !==, and .=
I fell I understand php a bit, but I taught myself so can you please explain those

Posted: Fri Sep 28, 2007 12:09 am
by EricS
Lets start with stripos() and str_ireplace(). They are basically identical to strpos() and str_replace() except they are case-insensitive. This is probably not gonna be a concern for you so substituting in strpos() and str_replace() should still be fine.
Now for the @. This will suppress any php errors that the function it's in front of might trying to throw. It's best not to use @ in front of code you haven't throughly tested first and the php errors being suppressed make debugging more difficult. So you can remove all them you find while your developing and testing.
"!==" is a very strict "!=". Review this page for details on this
http://us.php.net/manual/en/language.op ... arison.php But basically != and == allow some wiggle room when they are evaluating equality. I use !== against the return of stripos() because != will give you an incorrect equality check for that function.
Finally ".=". This is nothing more than a short cut for concatenation.
Code: Select all
$string = $string . " something new";
// is the same as
$string .= " something new";
Now if you are having problems getting something based on the code I wrote above to work. Remove all the @'s you find and run the scripts then. They are no doubt hiding the problem. Also keep in mind, I just through that out in the least amount of time I could. It's just meant to guide you in the right direction. So it could very well have some mistakes and I can guarantee it's not the most well thought out procedure for doing this.
Posted: Sat Sep 29, 2007 12:13 am
by shylor
Code: Select all
$file_contents = str_ireplace ($old_code, $new_code, $file_contents)
Would I need to add % around the old code?
edit: ok I told my script to echo $file_contains and it echoed nothing. I seen there was a warning with php below 6 on php.net.
update: ok, I found out that for some reason it can not read php. This will make it hard to update my site, since most of it is php.
Any other ways?