Automatic check on new cpg version Automatic check on new cpg version
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Automatic check on new cpg version

Started by Hein Traag, September 27, 2007, 11:51:33 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Hein Traag

Hi there,

I see a lot of tickets posted on this board with people asking for advice or support and a lot of them are told to update first to the newest release because they are running 1.4.12 instead of 1.4.13 (as an example).

I know we have versioncheck.php but for most users that is to much info and too much work. It would be easier to have just one button to click which produces a result like "You are running 1.4.13. Congratulations, you have the latest stable version of cpg" or "You are running 1.4.12 while 1.4.13 is the latest stable version. Update now!"

Would it be possible to either build in a button in the config menu to check wheter there is a newer cpg version avaible or to build in a option that wil check automaticly if there is a new version (which could be set by the user) ?

Hope this makes sense or if this has been asked already tell me to drink coffee first and then ask questions ;)

Hein

François Keller

yes, I agree with Hein suggestion. most peopel who are running a coppermine gallery are not regular users from the forum  and are not informed when a new version of copperminea is released.
an automatic version check would be usefull
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Joachim Müller

Did you per chance take a look at cpg1.5.x lately: it features a news block from coppermine-gallery.net for the admin to alert users of news (e.g. maintenance releases)? Additionally, I have started the redesign of versioncheck. It should now generate a slimmer output (less data, less stuff to wonder about). The main problem though is: most webhosts disabled URL_fopen for security reasons, as many badly-written scripts have mis-used this feature in the past. Subsequently, it's hard to come up with code that checks against a central repository (and that's what you'd need to do to make sure users are aware of product updates and maintenance releases) that works under all circumstances.
We're aware that we need an easy method to alert users of new versions without molesting them with unwanted newsletters and such stuff.
If you have any suggestions how the allow_url_fopen issue could be circumvented, I'm all ears.

François Keller

QuoteDid you per chance take a look at cpg1.5.x lately: it features a news block from coppermine-gallery.net for the admin to alert users of news (e.g. maintenance releases)?
oh yes, i have seen it but I did not have the intelligence to think that that could be used for that  :D
sorry it was my mistake  :-\
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Hein Traag

Quote from: Frantz on September 27, 2007, 03:55:15 PM
oh yes, i have seen it but I did not have the intelligence to think that that could be used for that  :D
sorry it was my mistake  :-\

Same here  ::)

Thanks clearifying this GauGau. It makes sense the way you put it.

Nibbler

Quote from: GauGau on September 27, 2007, 03:43:50 PM
If you have any suggestions how the allow_url_fopen issue could be circumvented, I'm all ears.

Make a wrapper function eg. get_url() that attempts fopen, fsockopen and curl. Maybe even FTP. I would think at least one of them will work in 90-95% of cases.

Tranz

If all that fails, how about falling back on iframes or some rss feed reader?

Hein Traag

I'm not a code wizard, as most of you know  ;D so i am just thinking simple here.
Would it be possible to have a page or piece of code on a page check the content or name of a file placed at the location where you can also download cpg ?
If you name the file cpg1413.chk for example can a piece of php code recognize the name and report back to the user that the correct or outdated version is in use by the user ?

phill104

#8
I don't know if it's any help but PHPBB shows what version you are using and whether a new version is available whenever you are logged in to the admin page.

They also have an advanced version check mod which not only checks the latest version of the main app but any other mod/plugin in it's list. Here is a link to the mods thread. Much of the code in the download is for the plugin system (easymod) so that can be ignored.

http://www.phpbb.com/community/viewtopic.php?t=277654

Might be worth a look to see how they achieve it.
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

Quote from: Nibbler on September 27, 2007, 04:16:00 PM
Make a wrapper function eg. get_url() that attempts fopen, fsockopen and curl. Maybe even FTP. I would think at least one of them will work in 90-95% of cases.
Great idea - I'll look into it.

Quote from: TranzNDance on September 27, 2007, 07:52:50 PM
If all that fails, how about falling back on iframes or some rss feed reader?
Iframes is being used in cpg1.5.x as fail-safe method to display the news from coppermine-gallery.net. However, you can't use the content in the iframe easily on the server the coppermine install is on and look stuff up. As RSS feeds are not built into the PHP core, you have to use a library that reads the feeds at basic PHP level - which is again fopen, fsockopen or whatever, so you're back to step one. Your suggestion works to display information from somewhere else, but you can not use that content logically, i.e. use it to determine version differences.

Quote from: Hein on September 28, 2007, 01:50:57 PM
I'm not a code wizard, as most of you know  ;D so i am just thinking simple here.
Would it be possible to have a page or piece of code on a page check the content or name of a file placed at the location where you can also download cpg ?
If you name the file cpg1413.chk for example can a piece of php code recognize the name and report back to the user that the correct or outdated version is in use by the user ?
That's basically how versioncheck works right now. Will not help though with webhosts blocking access to external content by turning off all means of external communication (fopen e.a.).

Quote from: phill104 on September 30, 2007, 11:07:32 PM
I don't know if it's any help but PHPBB shows what version you are using and whether a new version is available whenever you are logged in to the admin page.

They also have an advanced version check mod which not only checks the latest version of the main app but any other mod/plugin in it's list. Here is a link to the mods thread. Much of the code in the download is for the plugin system (easymod) so that can be ignored.

http://www.phpbb.com/community/viewtopic.php?t=277654

Might be worth a look to see how they achieve it.
The new versioncheck that currently exists in cpg1.5.x will check wether files have been modified (using an MD5-hash for the original file), however it will not check if this has been done deliberately (by applying a mod) or by accident (e.g. by using an improper FTP mode when uploading the files).
I'm aware that software like phpBB or SMF use an advanced package manager. However I don't think that we should focus on this: versioncheck has basically been designed to help users who upgraded to check if the upgrade went OK. What we're doing right now is to find a method to alert users that a new version exists without making them check the coppermine homepage regularly. Coming up with an even more advanced version check tool that takes into account mods is currently beyond the scope of development. This being said, I would like to point out why I don't think that we should focus on developing a package manager: in my opinion, the approach of coppermine is different to the approach of a forum application - you can change the visual approach (design) by overriding core functionality using your custom theme/template. You can add functionality using coppermine's plugin API. This way, the number of core hacks should be reduced to an absolute minimum. As a result, coppermine users should always have unmodified core files at all times. We just have to make sure that users apply fixes as soon as they are released.

Joachim


phill104

I was more interested in how other forums get round the restrictions to see if similar could be done here.

Looking at phpbb as an example they use the FSOCKET function. Basically there's a plain text file on the phpbb.com server with the current version number in it. The function grabs that file and reads it, and checks it against the board database. But as you say, the restrictions are high with some hosts but phpbb seem to get round it somehow.

Thanks for your explanation
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

We'll try to use a similar approach (see Nibbler's suggestion to use a wrapper function that will try to come up with a fallback mechanism that will try all possible methods to grab the file from the coppermine-gallery.net server)