wyDay blog  |  Downloads  |  Buy
Support forum
wyDay blog
wyDay Home

How to prevent or limit updates

You can prevent certain users from receiving updates by using the %urlargs% variable in wyBuild, the "-urlargs" commandline parameter for wyUpdate, and by conditionally sending the update from your server.

We have an example showing how to use LimeLM to limit updates with full server-side source code for PHP and ASP.NET (C# and VB.NET). See the article SaaS and time-limited licensing. Or you can read on for a quick example.

Passing product key or other unique info to the server

The typical design for limit updates is to deliver the *.wys file unimpeded and deliver the *.wyu files conditionally (whether the user has an up-to-date contract, etc.). You can do this by adding 2 download sites to your wyBuild project. Add one for the server file and another for the update files.

You can do this by right clicking the added download site and choosing whether it's a server site or an update site:

Site types

The update site will actually be a server-side script that will conditionally deliver the update files based on the %urlargs% data you pass. In the SaaS and time-limited licensing article we show how you can pass a product key and the script will either deliver the file or throw a 403 error.

After you've added both the download sites, it should look something like this:

Limit updates in wyBuild

Normally when you add a download site to wyBuild you just specify where your site location and upload the *.wys file and the *.wyu files to the same folder. However, in this example we have 2 separate download sites:

The "server file" site looks like a regular download site that you would normally add. That is, the *.wys file will be downloaded from your server without being verified. You want this behavior because your users will be able to see if updates are available (and what changes are made by the updates) without needing special permission.

The "update files" site looks a little bit odd if you don't have much experience with server-side languages. In this example we're saying the download site is the index script file ("index.php", or "index.aspx", etc.) inside the "limit-updates" folder on your server. Not only that, but we're passing in 2 "parameters" to the script file:

  1. update=%file%
  2. pkey=%urlargs%

This script file will be the "gate keeper" to your updates. That is, the script will read in the "pkey", verify the user still has access to updates, and if they do have access then the script will deliver the update file passed into the script in the "update" parameter. There are many, many ways you can go about this.

The first step is to upload your updates to a folder that doesn't allow downloads (by either explicitly disallowing downloads or by being outside the reach of your HTTP server). The second step is to write a script in your favorite server-side scripting language that does 2 things:

  1. Reads the "pkey" parameter and verifies the user can download your updates.
  2. Either shows an error message (if the "pkey" is rejected) or downloads the update file passed in the "update" parameter.

Fully written example

If you're a LimeLM customer (or want to give LimeLM a try for free) then you can download the LimeLM Web API pack (on your API page) and inside you'll find the "limit updates" example project for PHP and ASP.NET (C# & VB.NET).

After you've downloaded and extracted the LimeLM Web API pack you can find the limit updates folder in one of the following places:

Build it yourself

If you don't want to use LimeLM you can still build it yourself. Below are 2 partial examples — a PHP example and a C# example. We left out the part where you verify the "pkey" parameter is valid and we left out the part where you verify the "update" parameter is valid (and that the file actually exists in your secure update folder).

These snippets just show one way to deliver the file after you've verified the validity of the product key and the update file.

PHP example:

//TODO: verify the product key is valid, if not show an error and bail out

//TODO: get the full filename
//      and verify it is actually in your updates folder.
$updateFile = ...;

//if the pkey is valid, deliver the latest installer:
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.$installerFilename.';');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($updateFile));

C# example:

//TODO: verify the product key is valid, if not show an error and bail out

//TODO: get the full filename
//      and verify it is actually in your updates folder.
string updateFile = ...;

//if the pkey is valid, deliver the latest installer:

// download the file and bail
Response.AddHeader("Content-Description", "File Transfer");
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(updateFile));
Response.AddHeader("Content-Transfer-Encoding", "binary");
Response.AddHeader("Expires", "0");
Response.AddHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
Response.AddHeader("Pragma", "public");
Response.AddHeader("Content-Length", new FileInfo(updateFile).Length.ToString());

// output the file