The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. October 16, 2019, 03:28:36 PM

Login with username, password and session length


Pages: [1] 2
  Print  
Author Topic: self updating php file  (Read 4701 times)
KaptainKrayola
Keeper of Pie
Global Moderator
Lifer
*****
Offline Offline

Posts: 994



View Profile WWW
« on: October 09, 2009, 10:21:25 PM »

I have an idea for a self updating app that is little more than a dummy file that calls home for jobs to execute and code to use to do it.  I want to be able to distribute the code across lots of servers and eliminate the need to actually update the code file.  I'd like to do it w/o having to write the PHP i send down from the server to a separate file either just in case i don't have write privs on the remote machine.

any ideas?
Logged

We can't stop here, this is bat country.
lamontagne
Journeyman
***
Offline Offline

Posts: 89


View Profile
« Reply #1 on: October 09, 2009, 11:39:13 PM »

Two ways I can think to do it...

1. The php file sent is basically just a stub that phones home, grabs the code and does an eval() on whatever it gets back...
2. Since the code is loaded into memory just write over the file, include it, and exit... using a variable to determine whether it is in overwrite mode or execution mode... here's a simple code sample:

Code:
<?php
if(isset(
$update)) {
$checkcode=0;
} else {
$checkcode=1;
}
if($checkcode==1) {
$fhand=fopen('tworm.php','w+');
fwrite($fhand,'<? phpinfo(); ?>
');
fclose($fhand);
$update=false;
include('tworm.php');
}
?>

save the code as "tworm.php" and run it... after running it check the source code of the the file again... code has been tested and should work

if you run it you first see that it checks if the $update variable is set, if it is, it says okay lets not check code... ($checkcode=0) ... if it is not set that means we are in initial stage of execution and it opens the file to write over it... and then is the important part, it sets $update=false and includes the same script... and now the second time it executes it sees that $update isset is true and does not continue the loop...

to make this work you would basically throw the if ($checkcode) into your script somewhere (i'm assuming the script will run 24/7 ) and check at some certain point in the day and if it is like 12 AM set $checkcode=true ...which will then go out to server, grab new code, write to itself, and include itself, then the original would exit... you just have to be positive that whatever code is grabbed by the file will have that same if time = 12 AM then set checkcode=true and then it repeats itself... it's not fail proof but it's a starting point...i can think of a few other ways it could be done but hopefully this will get you going
« Last Edit: October 09, 2009, 11:42:16 PM by lamontagne » Logged

"Long time no see. I only pray the caliber of your questions has improved." - Kevin Smith
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #2 on: October 09, 2009, 11:41:03 PM »

I have an idea for a self updating app that is little more than a dummy file that calls home for jobs to execute and code to use to do it.  I want to be able to distribute the code across lots of servers and eliminate the need to actually update the code file.  I'd like to do it w/o having to write the PHP i send down from the server to a separate file either just in case i don't have write privs on the remote machine.

any ideas?
How about getting the code from remote database? Or from some obscure file from remote server?

*edit* lamontage put it well too Smiley
Logged

I met god and he had nothing to say to me.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #3 on: October 10, 2009, 07:39:14 AM »

I will share my method at some point today. I will even post code Smiley
but no time right now
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: October 10, 2009, 11:27:39 AM »

Note the "phones home" part of lamont's suggestion ... this is vital. If you create a remote that you can feed code to, you really really should have it only run code that it has called home to get.

In my remote setups, the main server will ping the outlier which wakes it up and tells it to phone home for instructions. These instructions can be as simple as, "please give me your log" to "here's some new content" to "come get new code."

In the "come get new code" instruction it is sent down to the outlier, saved and that's about it. Note that Lamont has also pointed to a very interesting feature of PHP which is that you do not need to include in the head... you can include anywhere you want to. Side note - I've written code that includes based on a switch statement, so that I only link what is absolutely necessary.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #5 on: October 10, 2009, 09:01:54 PM »

ok so as promised.

Like perk said, to have your remotes phone home, on their own, is not the best way.
Instead, you should have a trigger that you can hit your remotes with, that will download the code.
Obviously, you also need a "mothership" that hosts the distributed code and a "communications service".

So...
This index.php file is what EVERY request runs through via htaccess. I also only allow it to write to 1 file. That file then produces the other files needed. You could just as easily change this to do any number of files, or even arbitrary. I only needed 1 though.
<?php
error_reporting
(0);
$GLOBALS['triggerkey']='ofihaohef983hfafah';//a random keyboard mashing that is used to decide if the inbound update request is valid or not.
$GLOBALS['privatekey']='a985dzdralrurtt5t5';//the key that is sent back to the mothership, to let it know the update request came from a valid domain.
$codefile 'somewriteablesubdir/yourmaincode.php';//needs to be writeable by apache/php
getcode($codefile);
if (
file_exists($codefile))//yes this seems redundant, but its a double check for missing code in case the getcode() fails.
{
	
require_once(
$codefile);//in my case, ALL requests run through this index file. The real functionality is in the codefile. (and other files actually)
}
else
{
	
echo 
'no codefile...';
}

function 
getcode($codefile)
{
	
if ((
$_GET['update']=='yes' and $_GET['svr']!='' and $_GET['url']!='' and $_GET['triggerkey']==$GLOBALS['triggerkey']) or !file_exists($codefile))
	
{
	
	
$svr $_GET['svr'];
	
	
$url $_GET['url'];//this is your phonehomeURL
	
	
$url .= '&domain='.urlencode($domain);
	
	
$url .= '&privatekey='.urlencode($GLOBALS['privatekey']);
	
	
$content '';
	
	
$port 80// port
	
	
$errno "";
	
	
$errstr "";
	
	
$userAgent "A personal Identifier so you can see your phonehomes in your logs easier";
	
	
$enr false;
	
	
$fp fsockopen($svr$port$errno$errstr30);
	
	
if(!
$fp) {
	
	
	
echo 
"$errstr ($errno)<br>\n";
	
	
} else { 
	
	
	
fputs($fp"GET $url HTTP/1.0\r\nHost: $svr\r\nUser-agent: $userAgent\r\n\r\n");
	
	
	
while(!
feof($fp)) { //loop the stream, appending it all together in chunks.
	
	
	
	
$lgn fgets($fp4096);
	
	
	
	
if(
$lgn == "\r\n" && !$enr) {
	
	
	
	
	
$enr true;
	
	
	
	
}
	
	
	
	
if(
$enr && $lgn !="\r\n") {
	
	
	
	
	
$content .= $lgn;
	
	
	
	
}
	
	
	
}
	
	
	
fclose($fp);
	
	
}
	
	
if (
$content != '')//check to make sure you mothership actually answered. Could even have a secondary check for another KEY if needed.
	
	
{
	
	
	
$filehandle fopen($codefile"w+");//write over the file if it exists
	
	
	
fwrite($filehandle,$content);
	
	
	
fclose($filehandle);
	
	
	
chmod($codefile0755);//set to whatever mode you need. 755 seems to be the most friendly across providers.
	
	
}
	
	
die();
	
}
}
?>

So whats going on here?

If a normal request comes in, from a random user, it is directed to index.php (the code above). That then loads up the real code file, and does its thing.

If my mothership needs to update a node's codefile, it requests the root/index/home/whateveryoucallit of the node site with a few get parameters.
triggerkey
svr which is the domainname that the return call should go to, ie, the mothership.
url is the path after the domain, and/or any parameters you want the node to send back to mothership in the request.
update is just an added parameter to keep things a little less confusing...

When those params are found in a request at the node, the domainname and private key are appended to the url parm we just got from mother.
then I make the request via fsock because curl/getfilecontents/whateverelse is not always installed or available...

Mother receives the request, verifies the key and a few other things, as well as checks the database to make sure that the domain making the code request was actually asked to make a request (dont want one of you fuckers getting my code Wink ) and assuming all is kosher, spits out the code.

The node receives the code, then writes it to file, and then continues, which in my case is to execute it.

If you need to turn all your nodes OFF, just send a blank response, and poof they are off Wink
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« Reply #6 on: October 11, 2009, 04:36:30 AM »

completely balls fucking awesome.

  Jackoff

:changing recently gizzed techno shorts and adding gizzed to spell checker dictionary:
Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #7 on: October 11, 2009, 12:05:30 PM »

That's really nicely implemented nuts, both strong and secure. Well done mate.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #8 on: October 11, 2009, 12:11:46 PM »

thanks. I know there are a few "speedups" i could probably do, but meh, good enough.
And the keys are overkill because of the server side database check, but... Red Herrings keep phishers occupied. Smiley
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #9 on: October 11, 2009, 11:00:50 PM »

That's really nicely implemented nuts, both strong and secure. Well done mate.
Yeah, I agree. I was thinking about writing my own but Nuts is good enough Smiley

When I have to time, I have to live by my motto "there's no overkill" and port Nuts code to OOP
Logged

I met god and he had nothing to say to me.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #10 on: October 12, 2009, 07:25:49 AM »

Since this is a single purpose file, I saw no reason to OOP it, but if you do, post it here so we have a rounded out answer for future.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
tomblack
Rookie
**
Offline Offline

Posts: 34


View Profile
« Reply #11 on: October 12, 2009, 07:57:30 AM »

Cheers Nutballs, I was just beginning to look into this stuff too so that's a great help.  Smiley
Logged
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #12 on: October 12, 2009, 09:16:24 AM »

Since this is a single purpose file, I saw no reason to OOP it, but if you do, post it here so we have a rounded out answer for future.
But that's not the point. It's completely utter overkill so I must do it Cheesy
Logged

I met god and he had nothing to say to me.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #13 on: October 12, 2009, 09:24:31 AM »

lol. as long as you understand that, then go for it!  ROFLMAO
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
KaptainKrayola
Keeper of Pie
Global Moderator
Lifer
*****
Offline Offline

Posts: 994



View Profile WWW
« Reply #14 on: October 12, 2009, 01:55:07 PM »

Awesometastic - thanks for the help.  Been busy busy and haven't been able to get back to this particular project yet but once i do i'll have something more better to say.  didn't want you jerks to think i started a thread then just abandoned it.
Logged

We can't stop here, this is bat country.
Pages: [1] 2
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!