spBackup Technical Details

Release notes
Installation instructions
Backing up with spBackup
Configuring spBackup
spBackup security

Release notes

You must install spBackup into your web site's root directory (aka "web root") so that the dobackup.php file and the spbackup directory are both within your root directory.

Directories that differ only in the case of their names will be merged in the archive file! We're working on fixing this. However, if you have, for example, two directories named folder and Folder, their contents will be merged into a single folder (normally "folder") in the archive file. If you need to back up such a directory structure, we suggest you create separate backup sets for each of these directories.

The current release does not support the following MySQL column types: BINARY, VARBINARY, ENUM, and SET. Additionally, BLOB (TINYBLOB, MEDIUMBLOB, etc.) columns are dumped as string values (there is no equivalent to --hex-blob to convert them to hex notation as there is with mysqldump).

String column types are escaped with mysql_escape_string() before dumping. This means that if your data is already escaped (e.g. single quotes replaced with \'), it will be doubly so (e.g. \' will end up as \\\' from this script).

spBackup relies on MySQL's default locking behavior to ensure table-level data consistency. By default, MySQL blocks writes during a read operation but permits other reads--on a table level for MyISAM tables and on a row level for InnoDB tables. That behavior is well suited for databases, even actively used ones that have predominately read operations. If you have an active database with lots of *writes* and rely on data consistency between tables, you would be better off with mysqlhotcopy. (You'll need shell access for that, though.)

There is no restore function in this version of spBackup. To restore, you'd need to grant 777 permissions on your web root folder (not a good idea), upload and install spBackup, and so forth. If you can handle those tasks, you should be capable of unzipping the archive produced by spBackup and uploading its contents to your site. I can see a need for restoring a database through spBackup, so that functionality might be added in a future release.

spBackup attempts to use your web server's temp folder (typically /tmp on Linux systems; C:\Windows\temp on Windows systems) to store all temporary archive and working files. This saves on your disk space allocation (in case your host sets a disk quota limit). Your server's configuration might not permit you to save and read files from the system temp folder. In those cases, spBackup will save files to the spbackuptemp folder.

Version history

1.2.1: Changes since version 1.2
----------------------------------------------------------
FIX: Update Zip creation code to prevent errors on some hosts (incorrectly tried to include
the . and .. directory entries on some hosts). This change ensures that a valid zip archive is
created on those hosts that were including the dot entries.
FIX: Update Zip creation code to ensure database is included in the archive file. This change
eliminates the need to save files outside the system temp folder
ADD: Additional debug output has been added during backup


1.2: Changes since version 1.1
----------------------------------------------------------
FIX: Update code to be compatible with PHP 5 (developed on 5.1.4)
FIX: Update TempDirectory to better determine system temp folder (prevent incorrectly
selecting '/' as temp folder)
FIX: Updated config.php to include all variables (to prevent errors)
CHANGE: Minor copyright footer changes

1.1: CHANGES since version 1.0b
----------------------------------------------------------
CHANGE: !! Back up files and subdirectories without backing up the entire directory chain !!
CHANGE: Configuration data stored in core/config.php file rather than in dobackup.php and
other files
CHANGE: Replaced ss_zip_class.php (Zip file creation code) with PEAR classes
CHANGE: Temporary files now saved to system temp directory, if it's available and writeable,
otherwise to spbackuptemp (or whatever you configure). However, due to limitations in the PEAR
Zip class, database backups require a temp file to be written to the spbackuptemp folder
CHANGE: Replace mailer code with PEAR mail classes to support SMTP Auth (when required).
CHANGE: Minor UI changes, like consistent footers on all the pages, etc.
ADD: Added ability to save archive as zip, tar, tar/gz, or tar/bz2
ADD: New installer does all the configuration for you, no editing files
ADD: Configurator, like the installer, does the configuration for you, no editing files
ADD: New debug mode (set on config screens) outputs messages during back up operation
FIX: Fixed error you got if you perform a back up that includes no files
FIX: Fixed error you got if you edited a back up set, removing all files from the backup set
FIX: FTP now works to save a backup set, in both active and passive mode


1.0b: CHANGES since version 1.0a
----------------------------------------------------------
2006-02-24 supressed display of php informational messages (warnings), errors should still
output.
2006-02-27 Fixed the improper handling of NULL values in the database, quoting issues,
removed
html encoding of db content


1.0a: CHANGES since version 1.0
----------------------------------------------------------
Uh, I didn't record that and I don't remember but there was something that I fixed almost
immediately out of the gate...

Installation instructions

1. Download spBackup and unzip the files to an empty directory on your computer.
2. Use your favorite FTP client to upload all the files to your server's web root directory (the dobackup.php file must be put into your web root directory; the spbackup and spbackuptemp folders must also be in your web root directory)
3. (UNIX/Linux systems) Set file permissions: chmod the following files and folders to 777 permissions:
   • /spbackup/spbackup.ini.php
   • /spbackup/core/sppassword.php
   • /spbackup/core/config.php
   • /spbackuptemp
4. Use your browser to open http://yourwebsite.com/spinstall.php. Follow the install wizard's prompts to configure spBackup.
5. Make sure that the spinstall.php file is deleted when you're done. The script will do it for you if it can. You should check anyway so that no one can run it later and overwrite your configuration.
6. When prompted, log in using the password you set during the installation.
7. Create a back up set (see below) and back up your data!
8. (Optional) For greater security, after you have defined all your backup sets, set your configuration, and tested your backups, chmod the following files and folders to 644 permissions:
   • /spbackup/spbackup.ini.php
   • /spbackup/core/sppassword.php
   • /spbackup/core/config.php
   
   ** You won't be able to create additional backup sets, modify your configuration, or change your password, with these files set to 644 permission.

You're ready to go.

Backing up with spBackup

1. Log in
2. Click Create a Backup Set
3. Step through the wizard to:
   • give your backup set a name
   • select the files to back up (if you check a folder, all its contents will be backed up; just check the files and subfolders within to back up a subset of files within a folder)
   • (optional) specify database log on credentials and then select the databases and tables to backup
   • specify what to do with the resulting archive (email it to yourself, ftp it to another server, or save it to your web server)
4. Return to the spBackup main page
5. Click Backup Now
6. Next to the backup set you want to run, click the Backup Now button. Your backup set will be processed and the archive file handled the way you specified.

You can define as many backup sets as you want. They can overlap (back up the same files or databases as other sets). Using the info on the scheduling page, you can schedule your backups to run automatically.

Configuring spBackup

In many cases, the default configuration of spBackup will meet your needs. However, after logging in, you can configure the following options, should you need them.

spBackup and security

Security of your data is of paramount importance. General users or visitors of your page must not be able to gain access to the archive files created by spBackup or access your spBackup administration pages.

Archive security

There is no way to obtain an immediate download of the backup archive file. Backup files are always handled according to the rules you define in the backup sets. Thus, no one can call the dobackup.php page (which must run without passwords, yet have full access to all your information) and download a zip file of your site.

The archive file exists on your server for a brief period when you use the email and FTP handling options. The file must be written to disk so that it can be sent via FTP or emailed. It is deleted once those operations are complete. Thus, someone could get your archive file if they knew you were in the process of running a backup, and if they knew your backup set name, and if they could hit your server with an HTTP request for the file in that brief period between when the file is written to disk and when the FTP or email operation is complete. The duration of this insecurity interval is determined somewhat by how big an archive file your backup set creates.

To counter this potential problem, you can specify where to store the temporary file—that location can be outside your web root folder, assuming you have write permissions to such locations. You can also store the archive file outside your web root folder when using the "save local" archive file handling option. Files outside the web root are not browser accessible.

Password security

spBackup must store database and FTP passwords in order to provide for unattended backups of your web site. These passwords must be presented to the respective servers in plain text. Thus, we cannot store them as MD5 hashes or in some otherwise secure manner.

We have taken these precautions to protect the database and FTP passwords you enter when configuring backup sets in spBackup:

• Your spBackup administrative password is stored as an MD5 hash. There is no way to decrypt it.
• All configuration data, including passwords, is stored in a .php file surrounded by PHP comment tags (/* ... */). Any user who loads the config file with their browser should receive no output: PHP will interpret and strip out all the PHP code, which is the entire file, returning an empty page to the user.
• FTP and database passwords are encrypted so as to be obscured to any casual inspection. Of course, by looking through our code, a determined malcontent could figure out our encryption scheme and decrypt the passwords. But, they would still need to figure out how to get the config file from the server without its PHP being interpreted (see previous item).

Log in security

spBackup uses various techniques to protect access to the configuration screens.

• You must provide a password to log in. As mentioned above, your spBackup administrative password is stored as an MD5 hash. There is no way to decrypt it or recover it.
• The login processing script must be accessed by clicking the login button on the login form page on your site—it cannot be loaded from a bookmark or other "off site" script.
• Your log in session expires after a time period (that you can configure) to prevent access should you leave your computer and forget to log off.

Click here to

Click to buy spBackup for just $20 USD per domain—one-time fee, not per month! (license agreement).

Screenshots and more details about spBackup. Download the demo today!

Back to the spBackup page