PHP Uploads: Difference between revisions

From Cumulus Wiki
Jump to navigationJump to search
mNo edit summary
(First attempt to flesh out the page and add some structure)
Line 1: Line 1:
== What is it? ==
In february 2023 for version 3.24.0 a PHP upload was introduced.


In February 2023 for version 3.24.0 a PHP upload was introduced.
Although this is not over FTP (it uses the HTTP(S) protocol with SSL) for file transfer it is has its settings under CMX Cumulus.ini [FTP site] section. <br/>
If the ''Upload.php'' is installed for CMX and the protocol works for CMX then it will also work for CUtils and the file locations will be relative to the location of the ''Upload.php'' procedure (which therefore will be the rootlocation of your website).


The PHP upload mechanism has been introduced as an alternative to using FTP, FTPS, or SFTP (FTP over SSH).
It is adamant to understand the relative paths used by ''Upload.php'' as this is very different from FTP configurations where sometimes full paths are required (SFTP) or paths from the FTP root (which may differ when full ownership or shared hosting). All files will be transferred relative to that location. You can go deeper and sideways into the directory tree but not up.


It uses the HTTPS or HTTP protocol for transferring file data. It requires that you have a PHP enabled web server (most are), and that you upload a small PHP file to the root folder of your web site.
The ''Upload.php'' procedure file can be copied to any location you wish but the following ''CMX inifile parameters'' determine its operation and need to reflect its true location and CMX configuration (in case you are running more than one instance):
PHP-URL=<URL>
PHP-Secret=<key as configured in CMX>


Cumulus MX then communicates with that script to transfer the data, and the script saves the data to a file on your web site.
The PHP upload procedure makes use of compression (''zip'' or ''deflate'') and will upload data incrementally. It therefore is secure, faster and uses much less bandwidth than true FTP and SFTP protocols.

It can transfer both text and binary files.

If the ''upload.php''file is installed for CMX and the protocol works for CMX then it will also work for CUtils and the file locations will be relative to the location of the ''upload.php'' file (which therefore will be the root location of your website).

== Is it secure? ==

Yes! It uses a shared secret generated by MX (or you can enter your own). This secret is entered into the PHP upload file before you upload it to your web site.

The secret is used by MX to create an encrypted hash of the upload. The upload script on your server generates its own hash and compares it with the one sent by MX with the data. If they do not match the upload is not allowed.

In addition to this, timestamps are used to ensure that an upload cannot be repeated by replaying the same upload.

Because no sensitive information is sent in the request, the PHP upload mechanism can be safely used with the plain old HTTP protocol

== What are the advantages? ==

* It is fast!
:* It is much faster than using FTP(S).
:* It uses gzip compression of the data across the network (web server support required)

* It is reliable
:* If your web site is up then it should work, it removes the reliance on your web providers FTP server working.

* It reduces bandwidth.
:* Unlike FTP which uploads the whole file each time, the PHP upload can send incremental data. For the default web site, most the data is the graph files and every update each entire file is sent over FTP every time just to add one new data point. Using the PHP upload, just that new data point is sent for each file, and the PHP script appends it to the existing file on your server.
:* It uses data compression over the network

== Configuration ==

In Cumulus MX Internet Settings just select PHP Upload instead of FTP etc.

<TODO> Add more detailed config here

It is important to understand the relative paths used by ''upload.php'' as this is quite different from FTP configurations where sometimes full paths are required (SFTP) or paths from the FTP root (which may differ when full ownership or shared hosting). All files will be transferred relative to that location. You can go deeper and sideways into the directory tree but not up.


=== Migrating your FTP settings ===
<TODO>

- NOAA Reports
- Extra Files
- ????


NOTE: When the PHP-URL is configured you will need to set the ''Extra Webfiles'' paths and the ''NOAA'' path as well. And yes, not only when you use ''CMX'' but also for ''CumulusUtils''!
NOTE: When the PHP-URL is configured you will need to set the ''Extra Webfiles'' paths and the ''NOAA'' path as well. And yes, not only when you use ''CMX'' but also for ''CumulusUtils''!


== Cumulus.ini ==
it is has its settings under CMX Cumulus.ini [FTP site] section.



The ''Upload.php'' procedure file can be copied to any location you wish but the following ''CMX inifile parameters'' determine its operation and need to reflect its true location and CMX configuration (in case you are running more than one instance):
PHP-URL=<URL>
PHP-Secret=<key as configured in CMX>





Revision as of 13:44, 22 February 2023

What is it?

In February 2023 for version 3.24.0 a PHP upload was introduced.

The PHP upload mechanism has been introduced as an alternative to using FTP, FTPS, or SFTP (FTP over SSH).

It uses the HTTPS or HTTP protocol for transferring file data. It requires that you have a PHP enabled web server (most are), and that you upload a small PHP file to the root folder of your web site.

Cumulus MX then communicates with that script to transfer the data, and the script saves the data to a file on your web site.

It can transfer both text and binary files.

If the upload.phpfile is installed for CMX and the protocol works for CMX then it will also work for CUtils and the file locations will be relative to the location of the upload.php file (which therefore will be the root location of your website).

Is it secure?

Yes! It uses a shared secret generated by MX (or you can enter your own). This secret is entered into the PHP upload file before you upload it to your web site.

The secret is used by MX to create an encrypted hash of the upload. The upload script on your server generates its own hash and compares it with the one sent by MX with the data. If they do not match the upload is not allowed.

In addition to this, timestamps are used to ensure that an upload cannot be repeated by replaying the same upload.

Because no sensitive information is sent in the request, the PHP upload mechanism can be safely used with the plain old HTTP protocol

What are the advantages?

  • It is fast!
  • It is much faster than using FTP(S).
  • It uses gzip compression of the data across the network (web server support required)
  • It is reliable
  • If your web site is up then it should work, it removes the reliance on your web providers FTP server working.
  • It reduces bandwidth.
  • Unlike FTP which uploads the whole file each time, the PHP upload can send incremental data. For the default web site, most the data is the graph files and every update each entire file is sent over FTP every time just to add one new data point. Using the PHP upload, just that new data point is sent for each file, and the PHP script appends it to the existing file on your server.
  • It uses data compression over the network

Configuration

In Cumulus MX Internet Settings just select PHP Upload instead of FTP etc.

<TODO> Add more detailed config here

It is important to understand the relative paths used by upload.php as this is quite different from FTP configurations where sometimes full paths are required (SFTP) or paths from the FTP root (which may differ when full ownership or shared hosting). All files will be transferred relative to that location. You can go deeper and sideways into the directory tree but not up.


Migrating your FTP settings

<TODO>

- NOAA Reports - Extra Files - ????

NOTE: When the PHP-URL is configured you will need to set the Extra Webfiles paths and the NOAA path as well. And yes, not only when you use CMX but also for CumulusUtils!


Cumulus.ini

it is has its settings under CMX Cumulus.ini [FTP site] section.


The Upload.php procedure file can be copied to any location you wish but the following CMX inifile parameters determine its operation and need to reflect its true location and CMX configuration (in case you are running more than one instance):

 PHP-URL=<URL>
 PHP-Secret=<key as configured in CMX>