tzlee.com/blog

Tag: PHP

  • The end of an era, start of a new

    The end of an era, start of a new

    WhyMobile launched the 3rd major revision of its website earlier this morning. But instead of talking about the new site, this is a little journal to reminisce how far it has come.

    A proof-of-concept site was first built in April 2004. It was nothing more than a static site with an order mailer form that sends an email. The first version launched two months later in June 2004. It was written in PHP 4.

    WhyMobile, therefore, was formally incorporated, and a lot of crazy things happened in the years that followed – including operating an outdoor push-cart in front of Plaza Singapura, to an outlet next to the durian stores in Geylang with “interesting” customers.

    The second version (cover image above) was built circa June 2008. It was written in PHP 5 and deployed as a single CentOS 5 VM. It was nothing fancy – no frameworks, no 3-tier architecture, no design patterns, nothing. Just plain old Apache, PHP, and a local instance of MySQL.

    WhyMobile ran on a Sun Fire X2100 server (2nd from top) as a single Virtual Machine.
    Photo taken Apr 2008.

    The Sun Fire X2100 server where it ran as a VM also had other VMs. The WhyMobile VM was only allocated 512MB of RAM out of the 4GB total on the entire server.

    (Noteworthy mention: The server ran VMware Server 1.0 on CentOS 5 + Software RAID.

    The crummy old Sun server ran and ran and survived a disk failure/upgrade or two, until a time when Cloud services became more efficient and cost-effective. It was eventually wheeled out of the datacenter in August 2014.

    The old Sun server (middle) was still working when it was pulled out.
    Photo taken August 2014.

    So sometime in June 2014, the website moved to DigitalOcean. It ran on a base Ubuntu 14 instance with 1GB of RAM and remained that way for the next 6 years. Minor tweaks and adjustments were made as the business demands changed but never was it upgraded to a newer version of Ubuntu or PHP.

    Sometime between 2010 and 2018, there were also two “mobile” versions. The first version was based on a very early version of iUI, and the second version based also on a very early version of jQuery mobile. The mobile version was meant to be a super lightweight product catalog since the predominant connectivity was only 3G back then.

    “Mobile” version, circa 2011-2016 based on jQuery Mobile.

    But it was all written in PHP 5, and people have given me weird looks.

    “Really? PHP 5? Isn’t PHP slow?”

    No, sir. At its peak, the website was serving around a million page views a month. Remember: it had only 512MB RAM and was sharing it with a MySQL server. It never flinched.

    CPU barely inched past 4% while serving on average of 400k pageviews/mth.
    CPU chart from DigitalOcean, 17th November 2020.

    Remember – no bloatware, no frameworks, no nothing. It is a good reference for KISS.

    Still, I am amused that it ran for 12 years (2008-2020). Time flies.

    But by around 2017 I knew the website wouldn’t last much longer. Not because it wouldn’t continue to run (there were fair concerns on security, the evolving PDPA laws, and all that) but because many competitors had “upgraded” their websites, albeit sloppily, and I have been receiving feedback that the site looks dated.

    I had embarked on several attempts to revamp the website between 2017-2019 but failed. I spent quite a fair bit of time evaluating various PHP frameworks (CI3, Laravel). I was mucking around and having a war with the ORM, and eventually arriving back at square one.

    Building the site has always been a one-man-show. A small business like WhyMobile will never be able to afford the skyrocketing salaries of Software Developers in Singapore. I was essentially paying myself over the years, and I “owe” the business an overdue revamp.

    With kids and a hectic work schedule, the revamp never happened… until 2020.

    2020 came. COVID-19 came. I would be kidding if I said the business wasn’t affected.

    During the Circuit Breaker, it wasn’t too bad. Then the trickle-down effect started to become apparent in Q3 2020.

    Barely any foot traffic in Far East Plaza.
    Photo taken 12th October 2020.

    I knew we had to do something to embrace the new work-from-home, shop-from-home, stay-at-home, die-at-home culture. I bit the bullet, picked a framework, committed to it, and then spent almost every single weekend of my spare time working on the code. Son’s at a class? I’m coding. Son’s taking a nap? I’m coding. Son taking a poop? Coding.

    The launch of version 3 was intended to be past midnight on Monday 16th November 2020, but AWS was giving me grief about getting SES going in production mode.

    It was resolved the next day, and here we are, Tuesday 17th November 2020 at 01:00 hrs.

    Home page of WhyMobile 3.0, launched 17th November 2020.

    And for the record…

    # cat /etc/issue.net 
Ubuntu 14.04.5 LTS

# php -v
PHP 5.5.9-1ubuntu4.26 (cli) (built: Sep 17 2018 13:46:30) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies

# mysql -V
mysql  Ver 14.14 Distrib 5.5.62, for debian-linux-gnu (x86_64) using readline 6.3

# uptime
 07:09:19 up 973 days,  8:02,  1 user,  load average: 0.00, 0.01, 0.05

# shutdown -h now

  • Oppa PHP Style

    It’s been some time ever since I’ve done much serious coding and decided to get myself updated… with Korean music.

    Just joking.

    I’ve been doing some research on PHP frameworks. My primary requirements were that the framework supported MVC (most do), is capable of friendly URLs, is simple/easy to use, provides basic wrappers around security (such as XSS and SQL Injection) and most importantly it must have good online support and resources.

    I pay particular attention to documentation as it plays an important part to help developers quickly learn/adopt a new framework.

    I spent many hours over the weekend reading documentation, installation guides and watching tutorials and eventually settled for CodeIgniter. I found it quite complete and particularly easy to learn. It is well documented, has a good tutorials and did not require that I learn a new template syntax. Above all it deploys really quickly with minimal configuration.

    I would like to bring your attention to the Style Guide in the CodeIgniter User Guide. It is very detailed and contains a lot of good coding practices, especially on how braces should be (opening on a new line instead of on the same line) and how PHP tags should be opened (and not necessarily closed). I suggest that PHP developers follow this style guide.

    There’s also an add-on to CodeIgniter that I would recommend and that is Grocery CRUD (Create, Retrieve, Update, Delete). Grocery CRUD makes it extremely easy to create a simple maintenance screen for back-end data, especially for short-term projects. It’s certainly better than sending users to phpMyAdmin.

    Finally, just to share, here’s my version of .htaccess file that I use to remove index.php from the URL. It is largely similar to the example by CodeIgniter with an additional exception for CSS and JavaScript files.

    RewriteEngine on
RewriteCond $1 !^(index\.php|images|user_guide|robots\.txt|(.*)\.css|(.*)\.js)
RewriteRule ^(.*)$ /projects/ci201210/index.php/$1 [L]

    That said, I have only done research and not actually used the framework on a full project yet. I’d love to hear any comments and/or recommendations you have.

  • MVC Quick Hack in PHP, Tips on Web Development

    Unlike Java, PHP wasn’t designed with MVC in mind, but with bigger projects MVC becomes important to keep code clean and readable. I’m sure a lot of crazy people in the class would have figured out their own MVC quick hack, but I’ll just share mine here.

    • The Model shall remain as MySQL. I’m not going to spend waste time creating beans-like objects because I personally believe beans are inefficient things for retrieving even the simplest of things. In PHP, theĀ mysql_fetch_assoc() function is really all that you need. The web is a stateless thing, let’s keep it that way.
    • The Controller shall be the direct PHP file that gets called, i.e. your URL links to the controller, your form submits to the controller. The controller contains purely logic.
    • The View shall be a PHP file that sits in another directory and gets called using the include() or include_once() function and contains HTML/CSS/JS and some bits of PHP such as loops for displaying content.

    Also, here’s some of my personal tips when developing public-facing web applications.

    • Do create an error handling routine. You may implement this in any way you want, but I typically use an array and use the array_push() function to push errors into the array stack. If the array is empty, we know there’s no errors. But a simple array can be quite ugly, so you might want to create a data structure to take care of where exactly the error message shows.
    • Always end your files with .php. Don’t end it with .inc or .somethingelse because you will be vulnerable to expose your source code, unless you configured Apache to parse .inc files as PHP. Even so, I’d still advise to keep the suffix as .php in an event the files get deployed on another server with missing Apache config. The lesser moving parts, the better.
    • Always escape your string using mysql_escape_string() before querying the database to prevent SQL Injection.
    • Always take care of integer parsing. I like to use intval() because it doesn’t throw a fatal error. If it sees a string, it returns 0. This also prevents SQL Injection.
    • Always clean up output using htmlspecialchars() to prevent Cross-Site Scripting.
    • Never put filenames as parameters as you can be vulnerable to Path Traversal. Try to use other methods if you need to have filenames passed around, such as server-side sessions or constants.