Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Automatic check on new cpg version  (Read 18293 times)

0 Members and 1 Guest are viewing this topic.

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Automatic check on new cpg version
« on: September 27, 2007, 11:51:33 am »

Hi there,

I see a lot of tickets posted on this board with people asking for advice or support and a lot of them are told to update first to the newest release because they are running 1.4.12 instead of 1.4.13 (as an example).

I know we have versioncheck.php but for most users that is to much info and too much work. It would be easier to have just one button to click which produces a result like "You are running 1.4.13. Congratulations, you have the latest stable version of cpg" or "You are running 1.4.12 while 1.4.13 is the latest stable version. Update now!"

Would it be possible to either build in a button in the config menu to check wheter there is a newer cpg version avaible or to build in a option that wil check automaticly if there is a new version (which could be set by the user) ?

Hope this makes sense or if this has been asked already tell me to drink coffee first and then ask questions ;)

Hein
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9096
  • aka Frantz
    • Ma galerie
Re: Automatic check on new cpg version
« Reply #1 on: September 27, 2007, 01:19:27 pm »

yes, I agree with Hein suggestion. most peopel who are running a coppermine gallery are not regular users from the forum  and are not informed when a new version of copperminea is released.
an automatic version check would be usefull
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Automatic check on new cpg version
« Reply #2 on: September 27, 2007, 03:43:50 pm »

Did you per chance take a look at cpg1.5.x lately: it features a news block from coppermine-gallery.net for the admin to alert users of news (e.g. maintenance releases)? Additionally, I have started the redesign of versioncheck. It should now generate a slimmer output (less data, less stuff to wonder about). The main problem though is: most webhosts disabled URL_fopen for security reasons, as many badly-written scripts have mis-used this feature in the past. Subsequently, it's hard to come up with code that checks against a central repository (and that's what you'd need to do to make sure users are aware of product updates and maintenance releases) that works under all circumstances.
We're aware that we need an easy method to alert users of new versions without molesting them with unwanted newsletters and such stuff.
If you have any suggestions how the allow_url_fopen issue could be circumvented, I'm all ears.
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9096
  • aka Frantz
    • Ma galerie
Re: Automatic check on new cpg version
« Reply #3 on: September 27, 2007, 03:55:15 pm »

Quote
Did you per chance take a look at cpg1.5.x lately: it features a news block from coppermine-gallery.net for the admin to alert users of news (e.g. maintenance releases)?
oh yes, i have seen it but I did not have the intelligence to think that that could be used for that  :D
sorry it was my mistake  :-\
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Automatic check on new cpg version
« Reply #4 on: September 27, 2007, 04:03:11 pm »

oh yes, i have seen it but I did not have the intelligence to think that that could be used for that  :D
sorry it was my mistake  :-\

Same here  ::)

Thanks clearifying this GauGau. It makes sense the way you put it.
Logged

Nibbler

  • Guest
Re: Automatic check on new cpg version
« Reply #5 on: September 27, 2007, 04:16:00 pm »

If you have any suggestions how the allow_url_fopen issue could be circumvented, I'm all ears.

Make a wrapper function eg. get_url() that attempts fopen, fsockopen and curl. Maybe even FTP. I would think at least one of them will work in 90-95% of cases.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Automatic check on new cpg version
« Reply #6 on: September 27, 2007, 07:52:50 pm »

If all that fails, how about falling back on iframes or some rss feed reader?
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Automatic check on new cpg version
« Reply #7 on: September 28, 2007, 01:50:57 pm »

I'm not a code wizard, as most of you know  ;D so i am just thinking simple here.
Would it be possible to have a page or piece of code on a page check the content or name of a file placed at the location where you can also download cpg ?
If you name the file cpg1413.chk for example can a piece of php code recognize the name and report back to the user that the correct or outdated version is in use by the user ?
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: Automatic check on new cpg version
« Reply #8 on: September 30, 2007, 11:07:32 pm »

I don't know if it's any help but PHPBB shows what version you are using and whether a new version is available whenever you are logged in to the admin page.

They also have an advanced version check mod which not only checks the latest version of the main app but any other mod/plugin in it's list. Here is a link to the mods thread. Much of the code in the download is for the plugin system (easymod) so that can be ignored.

http://www.phpbb.com/community/viewtopic.php?t=277654

Might be worth a look to see how they achieve it.
« Last Edit: October 01, 2007, 12:10:21 am by phill104 »
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Automatic check on new cpg version
« Reply #9 on: October 01, 2007, 07:47:30 am »

Make a wrapper function eg. get_url() that attempts fopen, fsockopen and curl. Maybe even FTP. I would think at least one of them will work in 90-95% of cases.
Great idea - I'll look into it.

If all that fails, how about falling back on iframes or some rss feed reader?
Iframes is being used in cpg1.5.x as fail-safe method to display the news from coppermine-gallery.net. However, you can't use the content in the iframe easily on the server the coppermine install is on and look stuff up. As RSS feeds are not built into the PHP core, you have to use a library that reads the feeds at basic PHP level - which is again fopen, fsockopen or whatever, so you're back to step one. Your suggestion works to display information from somewhere else, but you can not use that content logically, i.e. use it to determine version differences.

I'm not a code wizard, as most of you know  ;D so i am just thinking simple here.
Would it be possible to have a page or piece of code on a page check the content or name of a file placed at the location where you can also download cpg ?
If you name the file cpg1413.chk for example can a piece of php code recognize the name and report back to the user that the correct or outdated version is in use by the user ?
That's basically how versioncheck works right now. Will not help though with webhosts blocking access to external content by turning off all means of external communication (fopen e.a.).

I don't know if it's any help but PHPBB shows what version you are using and whether a new version is available whenever you are logged in to the admin page.

They also have an advanced version check mod which not only checks the latest version of the main app but any other mod/plugin in it's list. Here is a link to the mods thread. Much of the code in the download is for the plugin system (easymod) so that can be ignored.

http://www.phpbb.com/community/viewtopic.php?t=277654

Might be worth a look to see how they achieve it.
The new versioncheck that currently exists in cpg1.5.x will check wether files have been modified (using an MD5-hash for the original file), however it will not check if this has been done deliberately (by applying a mod) or by accident (e.g. by using an improper FTP mode when uploading the files).
I'm aware that software like phpBB or SMF use an advanced package manager. However I don't think that we should focus on this: versioncheck has basically been designed to help users who upgraded to check if the upgrade went OK. What we're doing right now is to find a method to alert users that a new version exists without making them check the coppermine homepage regularly. Coming up with an even more advanced version check tool that takes into account mods is currently beyond the scope of development. This being said, I would like to point out why I don't think that we should focus on developing a package manager: in my opinion, the approach of coppermine is different to the approach of a forum application - you can change the visual approach (design) by overriding core functionality using your custom theme/template. You can add functionality using coppermine's plugin API. This way, the number of core hacks should be reduced to an absolute minimum. As a result, coppermine users should always have unmodified core files at all times. We just have to make sure that users apply fixes as soon as they are released.

Joachim

Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: Automatic check on new cpg version
« Reply #10 on: October 01, 2007, 08:20:19 pm »

I was more interested in how other forums get round the restrictions to see if similar could be done here.

Looking at phpbb as an example they use the FSOCKET function. Basically there's a plain text file on the phpbb.com server with the current version number in it. The function grabs that file and reads it, and checks it against the board database. But as you say, the restrictions are high with some hosts but phpbb seem to get round it somehow.

Thanks for your explanation
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Automatic check on new cpg version
« Reply #11 on: October 02, 2007, 08:50:08 am »

We'll try to use a similar approach (see Nibbler's suggestion to use a wrapper function that will try to come up with a fallback mechanism that will try all possible methods to grab the file from the coppermine-gallery.net server)
Logged
Pages: [1]   Go Up
 

Page created in 0.023 seconds with 19 queries.