I have some very good news to share with everyone (especially software developers). An update for Little Software Stats has finally been released. Some probably were starting to wondering about the future of Little Software Stats, as it’s been quite a while since any update has been released (which there hasn’t been any update until now). I’ve been busy with other things and have been meaning to make time to update Little Software, but didn’t until now.
Little Software Stats was first released over two and a half years ago. It is the first free and open source application that allows software developers to keep track of how their software is used. It is developed using PHP and MySQL allowing it to run on most web servers.
Since this update has been in the making since March of 2013, there are many improvements and fixes. So, I’ve listed the notable changes below.
- Split events table into multiple tables, improving query performance
- Updated GeekMail to PHPMailer
- Added Session class for storing and getting session data
- Added Config class for reading config.php file
- Configuration is now returned as array by config.php file instead of defines
- Classes are called via static method instead of global variables
- Added support in API for IPv6 addresses
- Uses built-in (in PHP v5.5+) or user-defined (in PHP v5.3.7+ and v5.4.x) password_hash() and password_verify() for password hashing
- Fixed cross-site scripting (XSS) vulnerabilities
- Fixed vulnerability allowing an attacking with the the username to reset the password
If you want to see a list of all of the changes, then take a look at the change log.
At the bottom of the list above, you will see that some vulnerabilities were fixed. I’m not going into detail about how these threats, but there are probably hackers out there that will try to exploit them. Therefore, it is highly recommended that you update your version of Little Software Stats.
How do you update Little Software Stats?
The first step is making a backup of the folder Little Software Stats is installed in and also of the MySQL database. Once that is done, download v0.2 of Little Software Stats and extract it to the Little Software Stats directory on the web server (overwriting all of the files). During this time, your Little Software Stats installation will be out of order.
You will need to navigate to the update.php file located in the install folder. So, if Little Software Stats is installed at http://example.com, then you will need to navigate to http://example.com/install/update.php. There will be a pre-upgrade and the actual upgrade. Before the pre-upgrade, please review that the configuration options are correct. It also recommended that you enter a secure password to ensure compatibility and security with this version.
When the pre-upgrade is complete, you can do the actual upgrade. If the upgrade completes successfully, it will automatically redirect you to the login page. Before you do anything else, I highly recommend that you remove the install directory or make it inaccessible to others. If it is not removed, an attacker can alter (or even destroy) the installation of Little Software Stats.
What can you expect from future versions of Little Software Stats?
First and foremost, a better template. The current template that Little Software Stats uses for the admin dashboard is dreadful. The dropdown menus are improper, it’s dark and not at all responsive (viewable on mobile devices). The second is cleaner code (especially in the HTML, CSS, and jQuery). I’m looking at a PHP template engine (like Smarty) so Little Software Stats can be changed to a different template without having to decipher and manipulate the code. The other major thing is to do away with the MySQL PHP extension, in favor of the more secure MySQL Improved extension. And later on down the line, have it work with MySQL PDO extension (and possibly other PDO drivers).
What do you do if you found a bug, have an issue, or want to make a suggestion?
If you find any bugs for Little Software Stats, then you see if it was already reported (and if not, report it) on the Little Apps Bug Tracker. If the bug is related to the website (where you view the statistics), please report it in the “Website” sub-project, and if the bug is related to the API, please report it in the “API” sub-project. If you have any issues, suggestions (or anything else) about Little Software Stats, you can post them to the Little Software Stats forum.