Modifications to PHP driven website code needed.
- Posted:
- Proposals: 1
- Remote
- #2280
- Archived
has already sent a proposal. Description
Experience Level: Intermediate
Modifications to PHP driven website code needed.
Background
This is one of the first building blocks of a much wider PHP/MySQL driven website project. If you win this task and perform well at it, you will be in a very strong position to be awarded further business.
The source code was purchased off-the-shelf so is clean and well structured. Part of it initially came compiled which I later discovered causes security risks and complicates development work.
The code has now been fully decompiled and the need in the first place is to remove the obstacles explained below, in order to facilitate development work and protect customer privacy.
Secret backdoor
The software vendor included a secret backdoor, whereby they could call a page with a query string to have the administrator password emailed to them. The fix for this is as easy as removing an “if” statement so consider it done already, it was worth mentioning for background knowledge only.
Domain License
When a page from the site is called, be it customer facing or back office, the site currently connects to the software vendor’s server to validate the license with them, which only works for one domain at a time. If you want to switch domains, you first need to login to the vendor’s site and inform them.
Although the intention is to have the site running on one domain only, this restriction even blocks running different versions of the site on subdomains within the same domain, for example a development and a staging version in addition to the live one. This also makes it difficult to install and run on localhost with no domain name.
Requirements
We need to be able to install and run the site on any server and any domain, without the site ever connecting to the vendor’s sever and without them being able to fetch our password and access our customers’ data.
As a minimum, you will need to locate the function(s) that validate the license serial number and/or reach for the vendor’s server both at install and run time.
Once these functions have been identified, the simplest option is for you to modify them in such a way that they return the positive response needed to allow the software to run without making any checks.
Ideally, you will also remove the calls to unnecessary functions altogether so that the site can run faster.
Installer .php
Installing the software currently works by first loading the code onto your server and calling the install php file on a browser. It then takes you through a couple of web forms that collect information such as the domain name on which you will run the site, the serial number and information to connect to a blank database you would have manually created in advance. After that, it connects to the database and creates the necessary tables and populates some of them with data.
The software comes in the form of a base package plus an upgrade. You first install the base package and then need to upload some small upgrade code, some of which overrides older files and you then run the installer for the upgrade.
The install should work by just loading the finalised and customised files onto the web server and separately creating the database already populated with the necessary data without having to upload and use the installer php provided by the software vendor. This would allow making changes on a development server and simply loading the files onto the live server when ready to launch.
Delivery format I shall send you the source code via email in zipped format and the URL to the vendor’s support site and install guide. I will not provide the serial number (although I have it) as the need is to use the site without need for that.
In return, you will need to email me the modified source code.
Your work will need to be neat and well structured and deadlines need to be honoured so please promise what you can deliver.
As you can probably tell, I have some knowledge of PHP myself but I need to remain focused on managing the project and need the modifications to be done in a professional manner, including comments in understandable English wherever changes are made. If parts of the code need to be removed, please comment them out instead of deleting. If a file is not needed altogether, please state it in a readme text file.
The advantage of working for me is that I know exactly what is needed and can easily communicate it to you. I can also appreciate your work as a programmer.
Future work
Again, this is just the beginning, and you can expect a lot more related work in the future i.e additional functionality, integration via APIs to things such as payment providers, SMS gateways and maps, design changes, search engine optimisation, etc. Please bear this in mind when bidding.
I’m open to any questions you may have.
Background
This is one of the first building blocks of a much wider PHP/MySQL driven website project. If you win this task and perform well at it, you will be in a very strong position to be awarded further business.
The source code was purchased off-the-shelf so is clean and well structured. Part of it initially came compiled which I later discovered causes security risks and complicates development work.
The code has now been fully decompiled and the need in the first place is to remove the obstacles explained below, in order to facilitate development work and protect customer privacy.
Secret backdoor
The software vendor included a secret backdoor, whereby they could call a page with a query string to have the administrator password emailed to them. The fix for this is as easy as removing an “if” statement so consider it done already, it was worth mentioning for background knowledge only.
Domain License
When a page from the site is called, be it customer facing or back office, the site currently connects to the software vendor’s server to validate the license with them, which only works for one domain at a time. If you want to switch domains, you first need to login to the vendor’s site and inform them.
Although the intention is to have the site running on one domain only, this restriction even blocks running different versions of the site on subdomains within the same domain, for example a development and a staging version in addition to the live one. This also makes it difficult to install and run on localhost with no domain name.
Requirements
We need to be able to install and run the site on any server and any domain, without the site ever connecting to the vendor’s sever and without them being able to fetch our password and access our customers’ data.
As a minimum, you will need to locate the function(s) that validate the license serial number and/or reach for the vendor’s server both at install and run time.
Once these functions have been identified, the simplest option is for you to modify them in such a way that they return the positive response needed to allow the software to run without making any checks.
Ideally, you will also remove the calls to unnecessary functions altogether so that the site can run faster.
Installer .php
Installing the software currently works by first loading the code onto your server and calling the install php file on a browser. It then takes you through a couple of web forms that collect information such as the domain name on which you will run the site, the serial number and information to connect to a blank database you would have manually created in advance. After that, it connects to the database and creates the necessary tables and populates some of them with data.
The software comes in the form of a base package plus an upgrade. You first install the base package and then need to upload some small upgrade code, some of which overrides older files and you then run the installer for the upgrade.
The install should work by just loading the finalised and customised files onto the web server and separately creating the database already populated with the necessary data without having to upload and use the installer php provided by the software vendor. This would allow making changes on a development server and simply loading the files onto the live server when ready to launch.
Delivery format I shall send you the source code via email in zipped format and the URL to the vendor’s support site and install guide. I will not provide the serial number (although I have it) as the need is to use the site without need for that.
In return, you will need to email me the modified source code.
Your work will need to be neat and well structured and deadlines need to be honoured so please promise what you can deliver.
As you can probably tell, I have some knowledge of PHP myself but I need to remain focused on managing the project and need the modifications to be done in a professional manner, including comments in understandable English wherever changes are made. If parts of the code need to be removed, please comment them out instead of deleting. If a file is not needed altogether, please state it in a readme text file.
The advantage of working for me is that I know exactly what is needed and can easily communicate it to you. I can also appreciate your work as a programmer.
Future work
Again, this is just the beginning, and you can expect a lot more related work in the future i.e additional functionality, integration via APIs to things such as payment providers, SMS gateways and maps, design changes, search engine optimisation, etc. Please bear this in mind when bidding.
I’m open to any questions you may have.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.