inherited website in MySQL/PHP - update or rewrite in newer technologies ?

18mths ago a staff member wrote our website in PHP/MySQL, and hosted it with a 3rd party hoster, who uses H-sphere for configuration. The staff member left just after this.

The website runs, well 98% of it runs. We need to fix the 2% that doesn't - which amounts to about 33% of its business value, as well as update it.

Trouble is, I have no experience with PHP, MySQL (apart from installing it and doing the tutorial), and very little with H-sphere (only for setting up email and DNS, not for PHP and MySQL)

I can learn what needs to be learned, but am looking for the quick routes here as I have many other things to do. I used to be a programmer, so hopefully once I get the principles, I should be ok.

H-sphere is down quite often (like now) and our hosters want to migrate us to cpanel, which is another posting in itself.

I thought best to get our own local webserver up and running so we can load the site up on it, and then tweak/add functionality in an environment where we can test things quickly, and are not at the effect of the 2x issues in last paragraph.

Is this going to be a wise approach, or will I end up scratching my head for days trying to set up said local environment, and maybe I'd be better just migrating to cpanel and doing everything that way.

Locally, we run SBS 2003, and I've just discovered IIS on there.
I've added a new website under IIS, but would need to buy an IIS book to actually get anything displayed, then get the MySQL database linked in.
Maybe I'd be better installing Apache - is it free?
But, can it coexist on the same machine as IIS (this is the only machine I'll be able to install a webserver on, I think), and IIS needs to be on the SBS server as it provides a lot of useful functions for SBS, so I've read, not least Remote Web Workspace which I rely on !!

If push came to shove I could install Apache on my personal work PC I suppose...

Eventually I see us redesigning the whole thing anyway, is it likely that a webdesigner will want to use Visual Studio / IIS etc (in which case we'll end up going the microsoft way, so maybe may as well start with IIS, as that will be what we're  using anyhow) ?

sorry lots of questions - all help appreciated !

zorba111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jazzIIIloveCommented:
For php:
>>Maybe I'd be better installing Apache - is it free?

definitely...A bundled solution can be useful...www.apachefriends.org/en/xampp.html
But before using it, learn the server side specification of php version they are using...simply write:

<?
phpinfo();
?>

to a test.php file and upload it to www root folder...And adjust your xampp or wampp solution you are going to install...

You can use mysql gui tools or SQLYOG to view your database of remote server...

0
jazzIIIloveCommented:
If you are happy with coding, you may continue to use...
0
Hugh FraserConsultantCommented:
if that 33% of the business value represents a significant portion of your business, I'd suggest the incremental work needed to correct that 2% is a better investment of time and money (even if it means contracting someone to do it since you're not well versed in PHP). There's more to managing a business-critical web server than setting it up on your own server. Hosted services do (or should do) all of the infrastructure work to meet the SLA you've contracted for, including backups, high-availability, 24x7 support personnel, ... I don't know what your justification was for a hosted service, but make sure you're doing an apples/apples comparison before you decide to move it in-house.

if a re-design is in the works, consider one of the content management systems such as Joomla or Mambo. They buy you a lot of functionality without ever having to develop code. You may find that much of what you want to do is already there, and what's not may be available as an addon developed by their active 3rd party communities.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

zorba111Author Commented:
I got the existing PHP site installed on our SBS version of IIS ok (whew, a lot of work to get PHP to work - see my other posts!) and started testing / hacking at it.

Only got so far though, as compiled flash .SWF files had embedded URLs for live site, and I didn't have the source files to rebuild, and decompiling didn't work (see other post if interested...)

Ended up having to do the hacking/fixes directly work on the live site. Luckily had devoured just enough of my PHP and MySQL book to fix that 2% problem - turns out original author had hijacked a button to redirect back to his site and present a 401 error and a cheeky message. Reinstated original funcitonality. (As an aside, considering legal / police action - anyone ever had any success with this sort of thing?)

Now site is running ok, apart from there seems to be a cron job running that is calling into our site, but I can't work out where its being called from as we have no cron jobs installed.. I think the orginal author is running it from his server (this can be done remotely can't it, as long as he fires .php requests at my webserver in his cron file).

I am just very nervous about their newly apparent malicious intentions and the sooner we get the thing secured the better. They know the code and all the entry points. Will take ages to strip out all the non-essential php files, as he developed it from a code template and left lots of redundant stuff in (4000 files, though a lot of it seems to be .html and .txt for SEO / analytics purposes). Real spaghetti.

Might be just as well to do a 100% rewrite.
Considering Joomla - see my last question though!
0
zorba111Author Commented:
your advice ended up constituting at least 50% of what i ended up doing
ta v. much!
0
Hugh FraserConsultantCommented:
When you say a cron job is running, what are the symptoms you're seeing that make you think this? Certainly, if the developer's built some back door functionality into the web site, he/she could be triggering activity on your site. I'd suggest checking the IS log files to see what requests are coming in and looking for anything suspicious, occurring at a fixed interval, or in repeating patterns that might indicate some kind of scheduled activity.

Good luck with the re-write. It sounds like this in a business relationship that's best terminated as soon as possible.
0
zorba111Author Commented:
some period things are happening eg.
something is causing "weekly jobmail" emails to be sent out.
Also database records get tidied up - out of date jobs get archived into the archive jobs table etc.

I can see the code on the site, but nothing is calling it from any events (buttons, links etc.)
so I'm assuming its being called externally, probably from cron scripts still running on this guys development server
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.