[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

inherited website in MySQL/PHP - update or rewrite in newer technologies ?

Posted on 2008-11-08
7
Medium Priority
?
361 Views
Last Modified: 2013-12-13
18mths ago a staff member wrote our website in PHP/MySQL, and hosted it with a 3rd party hoster, who uses H-sphere for configuration. The staff member left just after this.

The website runs, well 98% of it runs. We need to fix the 2% that doesn't - which amounts to about 33% of its business value, as well as update it.

Trouble is, I have no experience with PHP, MySQL (apart from installing it and doing the tutorial), and very little with H-sphere (only for setting up email and DNS, not for PHP and MySQL)

I can learn what needs to be learned, but am looking for the quick routes here as I have many other things to do. I used to be a programmer, so hopefully once I get the principles, I should be ok.

H-sphere is down quite often (like now) and our hosters want to migrate us to cpanel, which is another posting in itself.

I thought best to get our own local webserver up and running so we can load the site up on it, and then tweak/add functionality in an environment where we can test things quickly, and are not at the effect of the 2x issues in last paragraph.

Is this going to be a wise approach, or will I end up scratching my head for days trying to set up said local environment, and maybe I'd be better just migrating to cpanel and doing everything that way.

Locally, we run SBS 2003, and I've just discovered IIS on there.
I've added a new website under IIS, but would need to buy an IIS book to actually get anything displayed, then get the MySQL database linked in.
Maybe I'd be better installing Apache - is it free?
But, can it coexist on the same machine as IIS (this is the only machine I'll be able to install a webserver on, I think), and IIS needs to be on the SBS server as it provides a lot of useful functions for SBS, so I've read, not least Remote Web Workspace which I rely on !!

If push came to shove I could install Apache on my personal work PC I suppose...

Eventually I see us redesigning the whole thing anyway, is it likely that a webdesigner will want to use Visual Studio / IIS etc (in which case we'll end up going the microsoft way, so maybe may as well start with IIS, as that will be what we're  using anyhow) ?

sorry lots of questions - all help appreciated !

0
Comment
Question by:zorba111
  • 3
  • 2
  • 2
7 Comments
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22914303
For php:
>>Maybe I'd be better installing Apache - is it free?

definitely...A bundled solution can be useful...www.apachefriends.org/en/xampp.html
But before using it, learn the server side specification of php version they are using...simply write:

<?
phpinfo();
?>

to a test.php file and upload it to www root folder...And adjust your xampp or wampp solution you are going to install...

You can use mysql gui tools or SQLYOG to view your database of remote server...

0
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22914308
If you are happy with coding, you may continue to use...
0
 
LVL 12

Accepted Solution

by:
Hugh Fraser earned 2000 total points
ID: 22914428
if that 33% of the business value represents a significant portion of your business, I'd suggest the incremental work needed to correct that 2% is a better investment of time and money (even if it means contracting someone to do it since you're not well versed in PHP). There's more to managing a business-critical web server than setting it up on your own server. Hosted services do (or should do) all of the infrastructure work to meet the SLA you've contracted for, including backups, high-availability, 24x7 support personnel, ... I don't know what your justification was for a hosted service, but make sure you're doing an apples/apples comparison before you decide to move it in-house.

if a re-design is in the works, consider one of the content management systems such as Joomla or Mambo. They buy you a lot of functionality without ever having to develop code. You may find that much of what you want to do is already there, and what's not may be available as an addon developed by their active 3rd party communities.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:zorba111
ID: 23052773
I got the existing PHP site installed on our SBS version of IIS ok (whew, a lot of work to get PHP to work - see my other posts!) and started testing / hacking at it.

Only got so far though, as compiled flash .SWF files had embedded URLs for live site, and I didn't have the source files to rebuild, and decompiling didn't work (see other post if interested...)

Ended up having to do the hacking/fixes directly work on the live site. Luckily had devoured just enough of my PHP and MySQL book to fix that 2% problem - turns out original author had hijacked a button to redirect back to his site and present a 401 error and a cheeky message. Reinstated original funcitonality. (As an aside, considering legal / police action - anyone ever had any success with this sort of thing?)

Now site is running ok, apart from there seems to be a cron job running that is calling into our site, but I can't work out where its being called from as we have no cron jobs installed.. I think the orginal author is running it from his server (this can be done remotely can't it, as long as he fires .php requests at my webserver in his cron file).

I am just very nervous about their newly apparent malicious intentions and the sooner we get the thing secured the better. They know the code and all the entry points. Will take ages to strip out all the non-essential php files, as he developed it from a code template and left lots of redundant stuff in (4000 files, though a lot of it seems to be .html and .txt for SEO / analytics purposes). Real spaghetti.

Might be just as well to do a 100% rewrite.
Considering Joomla - see my last question though!
0
 

Author Closing Comment

by:zorba111
ID: 31514745
your advice ended up constituting at least 50% of what i ended up doing
ta v. much!
0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 23053465
When you say a cron job is running, what are the symptoms you're seeing that make you think this? Certainly, if the developer's built some back door functionality into the web site, he/she could be triggering activity on your site. I'd suggest checking the IS log files to see what requests are coming in and looking for anything suspicious, occurring at a fixed interval, or in repeating patterns that might indicate some kind of scheduled activity.

Good luck with the re-write. It sounds like this in a business relationship that's best terminated as soon as possible.
0
 

Author Comment

by:zorba111
ID: 23054969
some period things are happening eg.
something is causing "weekly jobmail" emails to be sent out.
Also database records get tidied up - out of date jobs get archived into the archive jobs table etc.

I can see the code on the site, but nothing is calling it from any events (buttons, links etc.)
so I'm assuming its being called externally, probably from cron scripts still running on this guys development server
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses
Course of the Month18 days, 19 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question