CMS Made Simple Forums

Hi All,

I have about 10 web sites using CMSMS of different versions, from 0.13 to 1.6.6 The server is Linux with PHP ver 5.1.6 running as an Apache module.

I need to install CMSMS for a new website and, naturally, I would like to use the latest version. This requires PHP 5.2.12 or better.

How will the existing websites behave if I upgrade the PHP from 5.1.6 to 5.2.12 or newer?

Thank you,
Laurentiu

0.13 ?
Its a huge security risk for your server!
Why you not upgrade them to 1.7.1? ....its only the two latest versions of core that is supported...

I'm not aware of anyone that tested 0.13 on php 5.2.12....

Thank you for your reply.

It it not up to me to decide to upgrade. Each website belongs to a diferent customer. Their financial situation dictates if "ain't broken don't fix it" applies or not. A lot of the older ones have custom programming I did to over come limitations in the respective CMS version. An upgrade of these ones would require revisiting and redoing a lot of the customization that may interfere with the newer version of CMS.

Short of upgrading all of them, what problems am I looking at if I upgrade the PHP version?

reneh wrote: I'm not aware of anyone that tested 0.13 on php 5.2.12....

it installs without issues on 5.3.1 but there are some errors in the back-end.

but imho, OP is NOT doing his clients any favors by not insisting upon keeping the software updated... it's cheaper to do now than it is to clean up the whole mess if and when hackers find the holes. maintenance and updates should be part of the contract.

it's cheaper to do now than it is to clean up the whole mess if and when hackers find the holes.

and it IS many holes fixed since 0.13!

The solution I opted for is to upgrade the PHP to version 5.2.13 since kermit's post suggests that the actual websites will work OK and only the back end may be affected. So far non of my customers complained but only time will tell.

Concerning kermit's comment that "it's cheaper to do now than it is to clean up ..." I am not so sure it is so since I just went through the upgrade of one website from version 1.5.2 to 1.7.1

For me it was a lengthy process since I had to do it on a parallel installation by duplicating both the folders and the database (first time I did these tasks). Then, I had to upgrade in steps,
- from version 1.5.x to 1.6 and test,
- next, diff from 1.6 to 1.6.5 and diff to 1.6.6, and diff to 1.6.7 and test,
- then, diff from 1.6.7 to 1.7 and test,
- and finally, diff to 1.7.1 and test.

BTW, all it is described in the wiki Upgrade instructions titled "specific procedure for upgrading from 1.5.x to 1.7" at http://wiki.cmsmadesimple.org/index.php/User_Handbook/Installation/Upgrading .

Based on the above upgrade path I might as well start from scratch for the older websites, it will take less time and a better resulting product. But why would someone pay for a redesign of a website to look the same as the old one just because there is a newer version of the software?

I decided to hold the upgrading to version 1.8 since it is too new and I don't want to potentially add problems to a major functionality upgrade for the website I am working on now ( I am adding the e-commerce suite).

As far as putting the cost in the original contract ... I did as an optional (and reasonable) annual expense. None of my customers wanted to consider it, all decided to take their chances and pay later if they need and wanted to. Only one said yes so far. The second one is still thinking ...

Thank you again for all your support and answers.

neis wrote:
Based on the above upgrade path I might as well start from scratch for the older websites, it will take less time and a better resulting product. But why would someone pay for a redesign of a website to look the same as the old one just because there is a newer version of the software?

if you're only updating the software, it's not a 'redesign'.. it's a 'software update'..    if you 'start over' from scratch in that process, because you decide it'd be easier, faster and/or cheaper since the software has been neglected for so long, that's your call.. but it's still a software update.. just one that'll take longer and cost a little more due to the huge jump in version.

may need to (re)educate the clients as to what is 'free' (e.g. the cmsms gpl source; a 'free domain with paid hosting package', etc.) and what costs money (everything else, including labor to apply updates/patches to said free software).

That's ridiculous that you can "educate" customers like that.

My customers are morons about the web, and why should they want to learn?  They run their businesses - that's what they know.  I don't know how to run a flower shop or how to run a food bank, they don't know how to build websites.  That's why we do business!

I do it all... I register their domain name, I arrange hosting, I build their site, I set up their email, etc.  If anything goes wrong, they call me... sometimes they've been known to call me when their ISP is out.  These are small businesses with no IT, or maybe a part-time networking guy who comes in and sets up their new computer on their internal network. 

They've no idea whether their site is on Apache or IIS, if I handcoded the whole site or used a CMS, and most of them wouldn't know what "open source" meant if it bit them on the leg. 

They know hosting and domain name registration are ongoing costs cause my proposal says so.  But to them "maintenance" means I changed something on the site they can't do themselves. 

And no, they would not understand if I told them I had to do more work on their site, that wouldn't change anything they could see, cause of a security problem.  To them, that sounds like I'm trying to charge them for *my* mistake. 

Doesn't matter if the mistake was Microsoft's or an open-source CMS... they already "paid" for the web site and do not understand "paying" for it again to do the same thing it was doing yesterday.

Customers should not have to learn our jobs just to buy a web site. 

I *will* upgrade eventually.  But some of these sites are small and obscure and there's no point in hurrying.  They've got a tiny group of a couple hundred visitors to whom the site is very important and no one else knows it's there. 

I'll *never* use Installtron or something like that which does auto-upgrades though, cause I don't need to have hundreds of websites upgraded all at once and I now have to go test all the plugins and such immediately.  Customers do *not* notice a theoretical security risk, but they *do* notice functionality breaking. 

And no, it's not more expensive to fix *if* a hacker finds an obscure web site and defaces it.  Because *that* is something the customer understands paying for.  It's the difference between going to the grocery store and leaving with a full versus an empty sack - they understand paying for one, but not the other. 

You have to be realistic.  That does not include expecting a customer who doesn't even know how to make file extensions show on their computer to have any idea what "your site runs on an open-source CMS" even means. 

Security risks?  Windows Update fixes those!  You don't have to *do* anything, it's automatic! 

jpatti wrote: That's ridiculous that you can "educate" customers like that.

it's easy.. especially when it's the only way you've ever done things... 

Kermit, you have very different customers than I do. 

Some of them have to be taught how to populate a spreadsheet in order to get me data for their backend databases cause Excel is too confusing for them, I have to write a spreadsheet template, and go in and teach them Excel.  And if they accidentally scroll to an empty bit of the spreadsheet, they think they've lost their data!

The site I'm building right now is for a chick who buys a new laptop every year cause it "breaks" (meaning it get filled up with adware and spyware and winds up slow as molasses).  She's not local or I'd charge her to "fix" her laptop every few months and quit buying new ones all the time.  So... yes she's a complete moron about computers, but... her business also made ten times what mine did last year, so... she's not a complete moron about everything. 

In person, if you try to explain things to them, their eyes glaze over and you can tell they're not listening.  So... I save my explanations for when they tell me to do something stupid.  I explain why it is stupid *and* what they should do instead to accomplish the same thing.  And then if they insist on the stupidity, I do it - cause it's their site. 

However, even when I explain... OK, here's a specific example... a site for a United Way that has it's site map in a form select.  With JavaScript on, it just goes to the page when you choose from the drop-down and for users with JavaScript off, there's a "submit" button.  Every year or so for a decade, they ask me why that submit button is there since they don't need it and I explain about accessibility.  But... I've explained this like 5 or 6 times now, they just forget.  They remember SOME things, they remember and tell each other never to link the words "click here" when they're using the "CMS" I wrote for them, but they don't remember WHY.  And this is one of my relatively clueful customers. 

It's like... when hubby explains something terribly clever he figured out about physical construction, or I tell him something terribly amazing I learned about biochemistry.  The explanation is understood *as* it's given and forgotten ten minutes later cause we don't store that information - I don't have a "building construction" directory in my brain and he doesn't have a "biochemistry" one - so it's only in memory and never gets written to a file...

My customers do not have a "how computers work" directory and even when I explain and they understand, they don't know it 10 minutes later. 

It *really* comes down to they trust me. 

And I think that trust would be eroded by me charging for doing *invisible* security upgrades, cause it looks the same to them whether I do them or not.