Current Year

Time flies.

2020 has been called many things, but in the simplest of terms... it has been a year.

We are finally coming out of the other side COVID-19 pandemic wildfire as people have finally started getting their acts together in Victoria. Having been in isolation effectively since March, this means that it has been 8 months trying to avoid the pandemic.

With a 14-day rolling average in regional Victoria of 0.0, we've done the hard yard and are seeing the rewards of our efforts.

It won't be long now until most things will be able to resume, like Swordcraft!

Everyone in the community is looking very much forward to resuming and finally planning for next year's event will be able to make decent headway.

On top of that, D&D are releasing their new book Tasha's Cauldron of Everything on the 17th which will bring the much needed character customisations to the game. Finally... the campaigns will get really interesting!

For now, it's the waiting game until Nov 23!

PHP Developers are still stuck in the stone age

Unfortunately, I feel that the title of this article is all too accurate for the state of some developers in the PHP community today. We have just recently seen the release of PHP7 and the removal of PHP's MySQL functions with it. However, much to my amazement, there are still PHP developers out there who are using exceptionally old methods of coding simple systems which have been not only vulnerable but also insanely difficult to maintain.

Today I read an article posted to the PHP Developers community on Google+ entitled "Script For Register,Login,Logout Using PHP, MySQL and Bootstrap" and decided that I would take a look to see how things are being done with all the changes that have been taking place.

I will let you read the article for yourself, however the key points to take away from this article are:

• Using procedurally written files
• Calling Database functions directly inside views
• Using unfiltered data in SQL queries

Any PHP developer should see the inherent problems with what I have just stated above.

Using procedurally written files

While this particular point is not always in the wrong under certain conditions, using this style of coding for achieving things such as authentication and user management is just plain wrong (especially with the later points). There are significantly easier ways of of handling which page should be displayed and what functions should occur on those pages. This is precisely the reason why we have Routing.

One of my personal favourites for handling routing in PHP is Flight which can also be installed and deployed using composer:

composer require mikecao/flight

This is a very simple and powerful example of how you can utilize Flight to perform routing while utilising a database object.

require 'flight/Flight.php';

$db = new Database($config);

Flight::route('GET /users(/@account)', function($account) use ($db){
    $user = new User($db);
    if( !empty($account) && $db->check( ['id'=>$account], 'users') ) {
        // Display display specific user account
        $user->displayAccount($account);
    } else {
        // Display list of all users
        $user->listAccounts();
    }
});

Flight::route('POST /delete/@account', function($account) use ($db){
    if( !empty($account) && $db->check( ['id'=>$account], 'users') ) {
        $user = new User($db);
        if( $user->deleteAccount($account) ) {
            header('Content-Type: application/json');
            echo json_encode(['status'=>'success']);
        }
    } else {
        header("HTTP/1.0 401 Unauthorized");
        exit;
    }
});

Flight::start();

The above script in a nutshell does 2 things, it will show user accounts and it will allow you to delete an account. What should be quite apparent though, is the flexibility this micro-framework provides. In this particualr example, I have excluded including any form of external template and have directly chosen to output the results. However, once you start using the concept of a MVC and using the controller to handle specifics, the flexibility is really quite amazing.

Calling Database functions directly inside views

Now this point, in my eyes, should always be a big stopping point for any project. There should be absolutely no reason to be calling these functions directly within a template or view, even in the world of procedural programming. Not only is it smelly code, but when you have a large system that utilises this sort of coding style, debugging can be an absolute nightmare. If there was ever a reason to code procedurally (ie. PHP <5), then you should be looking at upgrading your code to PHP 5.3 at very least to make use of Objects and start to seriously think about starting a redevelopment plan.

Using unfiltered data in SQL queries

Finally, don't trust user input. If you are still wondering what that means, then I suggest you go and read up on SQL Injection.

This is possibly the largest bane of any PHP developers existence, especially those who have to deal with this problem due to the poor judgement of other developers.

In simple terms, ANY PHP application is vulnerable if the SQL queries are unfiltered. Example:

$check_user="select * from users WHERE user_email='$user_email' AND user_pass='$user_pass'";

Both of these types of queries can be EASILY exploited into doing something that you had not intended. Lets start off with the above example, maybe we would like to login without having an account on the system?

Login Screen:
  Email:     ' OR '1'='1' --
  Password:  somerandompassword

Once the above has been entered into the login form, PHP will automatically insert the SQL injection into the SQL query which will then execute. So what the query will look like afterwards is:

$check_user="select * from users WHERE user_email='' OR '1'='1' --' AND user_pass='somerandompassword'";

Anyone who is farmiliar with MySQL will see the problem here. The -- in a MySQL query means that anything that follows is a comment, not part of the actual query itself. Not only that, but we can see that the query will check to see if the user_email = '' which shouldn't return anything... OR if '1'='1' which is correct, 1 does equal 1. This means the query will return every user account in the table.

Now just imagine what would happen if they were to include some extra MySQL commands in that query to say... drop your entire database?

Kodi AirPlay working with iOS 9.x devices

Recently i had to rebuild my HTPC as it was getting rather cluttered and slow. At the time, we were still running an older version of XBMC "Gotham" before it was renamed to Kodi "Helix". We were also running our iPads a little behind on iOS 8.x because while updates are nice, sometimes it takes a little while for the bugs to be worked out with most updates. This is especially the case when dealing with open-source software as things tend to take a while to be compatible with whatever changes companies like Apple make.

After quite a lot of Google searching to try and find some answers (there was quite a lot of "iOS 9 AirPlay broken with Kodi" posts) without much in the way of fixes for the problem. There was a very visible post on the Kodi forums when researching the problem which you can read here which detailed quite a bit about the problems with having AirPlay working in Kodi.

I came accross the latest changelog for Kodi "Jarvis" with some iOS/AirPlay specific changes. These changes included:

• Added support for iOS 9.0 by adding support for compiling Kodi with Xcode 7 IDE and iOS SDK 9.0
• Added initial support for AirPlay from iOS 9 music streaming capability
• Improved AirPlay compatibility suppor for iOS 8 (via updated libshairplay)

These changes started to look promising as they were implementing changes specifically for iOS 9. However Kodi is currently stable on "Helix" and "Jarvis" is currently in beta 5.

Knowing this, i decided that upgrading Kodi to the latest beta would probably be the best idea.

There are 2 options you have when upgrading Kodi to a development build, xbmc-nightly (Alpha) and unstable (Beta).

I opted in for the xbmc-nightly which is currently Kodi "Krypton".

sudo add-apt-repository ppa:team-xbmc/xbmc-nightly
sudo apt-get update
sudo apt-get install kodi

I also stumbled upon this Reddit post

You may have to switch to 'Expert' settings in Kodi and hit 'iOS8 compatibility mode' on/off. Worked for me. Experiment! -- maxxdreddit

After finding this comment i realized that there was actually an 'Expert' settings mode on top of the 'Advanced' settings.

Once the Expert settings were enabled in Kodi, there was no "iOS8 compatibility" settings. However after reading a lot of posts on the Kodi forums explaining that Kodi no longer supported Pictures and Videos from AirPlay because of the changes Apple made last year.

Knowing this, i tested what would happen if i actually went to change the 'Enable AirPlay "Videos" and "Pictures" support' and found that there was a description of this particular setting down the bottom.

disable when using iOS 9 or later clients to restore music streaming via AirPlay. "Videos" and "Pictures" are only supported for iOS clients using iOS 8.x and older.

Immediately after switching this setting off, our iOS 9.x devices were able to use AirPlay again.

Note: Using AirPlay from Mac OSX El Capitan did work before turning off the expert only setting for Kodi's AirPlay service. I'm unsure whether this is simply a bugged bug, or whether OSX deals with AirPlay slightly differently.

Switching to PHP7

Recently PHP7.0 was released much to the delight of myself. Along with a slew of new features, PHP7 integrated the php-ng project into the fold which resulted in much quicker execution time for most PHP applications due the amount of refactoring in the main code base.

In order to get a better understanding of what sort of speed improvements can be achieved by some simple changes to both the code base as well as PHP versions, I ran 3 different versions of php and measured the differences between each. For the sake of this post, i have only included PHP5.3 and PHP7.0. My PHP5.6 tests were over multiple machines giving different results at the time while still under heavy development.

But first, here are the major changes in the versions:

[v1] - Built using OOP classes and require statements
[v2] - Partial PSR-4 implementation on existing system
[v3] - Rebuilt full system with full PSR-4 autoloading
[v4] - Minor Tweaks and adjustments

Now you might be wondering why i haven't included any graph points for v1. Well this is for a very simple reason... It majorly skews the graph. The results observed for v1 was 0.04 seconds, which in the scale of 7ms to 0.5ms makes everything look REALLY small.

Ok, so the actual reason was because v1 was still built using a require_once and include_once system without any form of autoloading. This is inherently taxing and causes a massive amount of overhead when running an application because every possible file will be loaded at any given time. The benefit of running an autoloader, is so that you're only loading the files that are absolutely necissary at runtime.

So here is a basic timescale for the results:

v1 PHP 5.3 - 0.04   seconds = 40.0 ms
v2 PHP 5.3 - 0.007  seconds =  7.0 ms
v2 PHP 7.0 - 0.0025 seconds =  2.5 ms -nightly build
v3 PHP 5.3 - 0.004  seconds =  4.0 ms
v3 PHP 7.0 - 0.0005 seconds =  0.5 ms
v4 PHP 7.0 - 0.0008 seconds =  0.8 ms

As you can see from the results, PHP 7 actually decreases the processing time quite dramatically without any real optimisations on my end. I have had people ask me questions like:

Where did you get your improvments? Was it in scalar type hinting, optimisations etc?

I guess the answer to the questions is... no. I actually did very little in terms of optimising specifically for PHP7. The only sort of changes i made were making things easier to read and understand with the process.

A large portion of the processing time was converting to PHP FIG's PSR-4, but literally just switching out PHP versions is what really made the difference.

In actual fact, this is my script i was using to switch versions for just testing PHP timings.

#!/bin/bash
ARG="$1"
ENMOD=/usr/sbin/a2enmod
DISMOD=/usr/sbin/a2dismod

if [ "$ARG" = "" ]; then
    echo -e "\tUsage ./switchphp (php5|php7)";
    exit 0;
fi;

if [ "$ARG" = "php7" ]; then
    $DISMOD php5;
    $ENMOD php7;
else
    $DISMOD php7;
    $ENMOD php5;
fi;
/etc/init.d/apache2 restart

Final Thoughts

I guess what has really opened my eye, is the fact that PHP has undergone a very rigorous shakedown, has lost a few kilos of bloat and is now ready to compete again in the modern web.

I have been very pleased with not only the performance boost, but some features such as the scalar type hinting (which have been desperately needed for some time) and the deprecation of strict standards from fatal errors to warnings.

While it's not the most perfect scripting language around, i hope that this will give people another option for a lightweight application/scripting option for servers using a very versatile language.

New Website

It has been a decent time investment, but the new website is finally up and running. The software running the website is inspired by Jekyll but built from scratch by myself (mostly), so it has been a labour of love and tears.

Eventually i will release the source code for the software, but not just yet. It is still quite messy and there are a number of things that i need to do in order to clean up the code. Once i have streamlined a few things, i will open it up so that others can use it and make some suggestions.

One thing that i will point out, is that yes, i could have used an existing CMS system but like most programmers, i do things to challenge myself and to see what is possible.

I must also apologise for the lacking template of the website. Currently the template was ripped from the original version of this CMS which i used for the MonkeyPack Website which served it's purpose very well. I will try to get something a little fresh up as soon as i have time!

But enough about the website, no doubt i will do a write up when i release the source code!

For now, enjoy and let me know your thoughts!