gizmola

The general principles involved in mac_gyver's valuable comments to you, when applied to classes, include the idea of dependency injection (aka "inversion of control"). If you consider your function, what are the dependencies? The first thing to look for would be objects you are creating internally using new keyword. In your code that is this line: $conn = new PDO(DB_CONNECTION_STR, MYSQL_DB_USER, MYSQL_DB_PASSWORD, MYSQL_DB_PDO_OPTIONS); Rather than creating objects inside the function, you should pass them as parameters. Objects and resources are automatically passed by reference, so you are able to use the class inside the function without limitation, including calling methods that mutate the object. Here's a short video that explains Dependency Injection further. While Dependency injection is an OOP specific design pattern, the philosophy can still be applied to your functional code in most cases. You won't have a DI Container, but you can work around that as long as you understand the idea. So to begin to address many of the things brought up by mac_gyver, I'd expect your function signature to look more like this: function calculateResults(PDO $conn, Poll $pollObj, Array &$resultsCalcArray) { // implementation } You are also using the $_SESSION superglobal. A strong argument can be made that you should also pass the superglobal into your function, rather than simply relying on it's superglobal property. Most frameworks have their own session wrapping class, but you could simply use a parameter like $session, and pass $_SESSION into your function. One reason to do that, is that you can then create unit tests for your function, which would not be possible normally, because $_SESSION only exists in the web context and doesn't exist in the CLI environment. So an alternative would be to do this: function calculateResults(PDO $conn, Poll $pollObj, Array &$session, Array &$resultsCalcArray) { // implementation //... at some point $session['total'] = $total; } Here's a small test script you should be sure you understand now and in the future: <?php /* Illustrating PHP Function parameters. */ class o { private $v = 0; public function inc() { $this->v++; } public function getV() { return $this->v; } } function testParams(o $obj) { for ($x=0; $x < 10; $x++) { $obj->inc(); } return $obj->getV(); } function testParams2($fp, $text) { $text = "1." . $text . PHP_EOL; fwrite($fp, $text); } // Pass Array by Reference function testParams3(Array &$globArray) { array_push($globArray, 'grape'); } // Globally scoped variables $globArray = ['apple', 'banana', 'peach']; $obj = new o(); $r = fopen("/tmp/resource.txt", "w+"); $text = "This is some text."; // $retVal = testParams($obj); echo $retVal . PHP_EOL; echo $obj->getV() . PHP_EOL; echo PHP_EOL; echo "text before testParams2: \n"; echo "\t$text" . PHP_EOL; testParams2($r, $text); rewind($r); $fileData = fgets($r, 4096); echo "File Data:\n"; echo "\t$fileData"; echo "text After testParams2::\n"; echo "\t$text" . PHP_EOL; echo PHP_EOL; echo "Array Before testParams3:\n"; var_dump($globArray); echo PHP_EOL; testParams3($globArray); echo "Array After testParams3:\n"; var_dump($globArray); I posted it to 3v4l so you could experiment with it if you choose.

@LeonLatex This is one of the reasons it is highly advisable that you have scripts that are called via ajax, return json data rather than html markup in most cases. It allows you to separate the data from the markup (which remains in the calling script with the rest of the markup). It also makes it much easier to modify and test your application, as you can focus the php script on returning the data in a structured format that the calling site requires, which can be tested easily with api testing tools like Postman. These days many editors have support for these types of tests through plugins like Thunder client

Right, so the error is telling you that the CA is untrusted. Aside from that, you should not be using the same cert for the client and the server. You need to generate a client cert for the client, and the CN's for each cert should be different. The MySQL manual has a walk through of process: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html

This is a problem you will encounter when you have code in production and need to update it. You'll need some way to "cache bust" files that users have already cached locally or they will continue to use the old version. For development, if you develop using Chrome, you can install an extension. I have used this one for a long time and it is safe and reliable: https://chromewebstore.google.com/detail/clear-cache/cppjkneekbjaeellbfkmgnhonkkjfpdn Make sure you set it up to pin the button to the extension window, and then when you need to test, you can click it will clear cached items for the site you are working on.

You can specify either the width or the height for an image, and it will size to that. Generally speaking you want to pick one or the other, and allow the other dimension to be sized relative to the one you specify, otherwise the browser will attempt to fit the image which if the ratio of width/height doesn't match will cause the image to skew. What maxxd pointed out, is that the browser will download the full image either way, so if the image is much larger than the place where you are using it, clients will still have to pull down the full size image, which makes things slower and eats up more of your bandwidth. One very useful css property to be aware of is object-fit. I frequently use object-fit: cover in styles for images, although there are other options that might be better for your particular use cases. It's also very useful for backgrounds, as you can do things like this: .canvas__bg-img { height: 100%; width: 100%; object-fit: cover; opacity: 0.15; }

Not according to what you originally stated. You stated that for every request you wanted to "issue a reply quickly and start a timer." It was never clear if this was just a means to an end or not, because you didn't explain the problem you are trying to solve. What it does sound like at this point, is that you are trying to create your own home grown IDS or WAF, and you already got a suggestion from me, and a suggestion from requinix. For the most part people use fail2ban to drop annoying ssh bots and other similar port based traffic by bots and script kiddies trying brute force password attacks. It's written in Python, so it's not exactly light weight either, but it also has a simpler job in practice -- just count a small number of bad attempts and block the IP. That isn't going to work for something more sophisticated. This is why I suggested looking at OSSEC, and if it's more a WAF you want there are bunch of self hosted ones that also have FOSS versions like Safeline, Modsecurity and Bunkerweb.

It appears that writing PHP event handlers is simple and works well, and people have been using fullcalendar with PHP for some years now without issue. It's a fairly standard approach to wiring together js UI with PHP backend. Hopefully it's clear that you send and receive data in json format.

But what is the 1st task, and how is it connected to this? My kneejerk reaction is that there are FOSS IDS tools like OSSEC you should look into. Even if you continue to go forward, an asynchronous approach is going to be better. When your site is inevitably accessed by bots/spiders, the overhead of spawnng a php process for every request is likely one that you will regret.

What is the application or problem you are trying to solve? This has all the hallmarks of an X/Y problem. What I can deduce: Some event occurs and some action is taken A 2nd action should be taken some time later (60 seconds in your case) However you don't want action 2 to occur in some circumstances for reasons undisclosed You've used the phrase: From your description, every request is immediately handled. Without knowing the purpose of this 2nd action, it's difficult to provide advice, but the obvious problem is that you want the 2nd action to be aware of the first action. Rather than a dumb process blocking for 60 seconds, it appears you want a process that will be created with a future event datetiime (1 minute in the future) If before it completes, a new event #1 comes in, you modify the expiration datetime and set it to 1 minute from the event Another possible low tech way of handling this would be to have process 2 implement a semaphore/lock file that is checked for when process 2 is run. Shared memory and IPC semaphores can be helpful for something like this. With that said, anytime you utilize a mechanism that relies on a single server architecture the scheme is inherently non scalable. This is where things like queues or databases typically come into play. Using some in memory server like redis is often a better platform.

That wasn't the point of the example code, and ... it's meaningless example code. The point was to clarify how ticks function. Without enclosing the code in a block, the results will probably not be what is expected. Hope this has helped you. If you are doing something interesting with this, it would be great to get a follow up.

For your first question, make the tables relationally correct to 3rd normal form. The opposite of normalization is de-normalization, and you have no reason to create anything that is de-normalized. So a list is a collection of songs, that can also have associated "categories" or "tags" from the sound of it. It does seem like you misunderstood the question I posed. It's understood that lists are entites with 1 -< Many songs. The question is the relationship from a list to an event. Can an event have mulitple playlists? If so, then the relationship between an Event and a Playlist is Many >----< Many. You would probably want a way to order those playlists in the many to many. I don't know if you understand how to handle a logical many to many relationship between 2 entities, so I'll just tell you the answer: You create a table that relates to each. Often people will use the names of the related entites for the table name: event playlist So you create a table named event_playlist. In many cases it is convenient to give that table its own auto_increment key, but you can also just use the combined foreign keys by making the relationship "Dependent". Dependent relationships become part of that table's primary key. So one way of doing this is to create this table. event_playlist -------------- id (primary key auto increment) event_id (fk from id of event table) playlist_id (fk from id of playlist table) start_time datetime From the database design standpoint, when you have relationships between tables, with mysql you need to add "declarative referential integrity" statements that enforce the relationships. You also need to use (assuming mysql) an engine that supports them, which is typically InnoDB. You can define the relationships in the table create statements, but typically it is better to add the constraint separately using "alter table". Here's examples out of the MySQL manual. Database design has to match requirements, and there are many questions you should ask, including what is the purpose of this database, that will have to be maintained, and what are the functions an application needs to have. Here's one small example: Can playlists be changed over time, and if they are, how does that effect the use of the playlist within the application? If the answer is, that a playlist, once it was part of an event, is meant to be a historic record, then you need to add some sophistication to the database in regards to changes to a playlist. I'd call this "playlist versioning". There's no way to know if you need to design in playlist versioning or not, but these are the sorts of questions that need to be answered before you complete design of the database and start coding.

If you have specific refactoring questions or want some advice, consider making new threads. The community here is full of experienced professional developers who are generous with their time and knowledge.

I'm going to jump in here, and clarify some things about (twitter) bootstrap. It doesn't do anything secretively. It's css with a sprinkling of jquery (at least in the old days) in places where there was no good way of adding functionality without a bit of js. Much of that is non-essential, or has a workaround. As jquery fell out of favor, this became a knock on Bootstrap, and at this point they have decoupled and removed the jquery dependency. It was also designed to make it simple for people to make a responsive website with it's "mobile first" philosophy, and to take advantage of flexbox and css grid without knowing how to do that, at a time when techniques for that were not well understood by many developers or established. It made it easy for novices to implement a lot of sophisticated css techniques without understanding them, and It certainly influenced and set the stage for many other css frameworks that have emerged since then like tailwind. When you look at it with an understanding of all those underlying concepts and the techniques you would use if you were creating all your css from scratch, it makes a lot more sense, although at that point, most UI developers wouldn't use it. It's still a great foundation for getting decent looking UI together when you are more focused on serverside development. If you are already in the practice of using scss/sass then it's even better, but many people never got to that level of proficiency, so it did lead to a proliferation of vanilla looking "bootstrap" websites for a time. I would rather see someone learn to use bootstrap effectively to build a responsive website (which btw, shouldn't all sites be responsive now?) rather than flounder or skip that entirely. I do think there is a misunderstanding amongst many people, both in how you should apply it, and how it should be used. I think a lot of people who don't know how to build components like modals, navbars and accordians thought of bootstrap as a quick way to get one of these UI elements working, using cut/paste from the documentation, and without going beyond that. It's sort of a catch-22 that you really have to understand css layout, and the things that go into responsiveness in order to see how best to use bootstrap, and a lot of novice developers struggle to get those fundamentals, and see the whole framework as magic.

Personally, I would have used an MVC framework so that I'd have separation of routing from Models/DAOs and Views/Templates/Markup. I'd most likely have some "services" and would be making use of quality component libraries whenever possible. Everything I create would be implemented in a way consistent with Dependency Injection, which would allow for use of a Dependency Injection Container. I prefer Symfony, so if it's my choice that is what I'd start with, which is going to dictate basic structure, and have a front controller pattern implementation. What you've done could be broken up into pieces and ported into an MVC framework, which would also help you see where you have reinvented the wheel, and you might also find that that framework has capabilities that could be handle some things you are doing in a more robust or elegant fashion. I also tend to make use of PHP Oop and if you do have classes stuffed inside your one giant script, then that's a dubious practice. While there is no fast rule on this, given PHP's page scope you are clearly having to load lots of unused code for every page request, but I don't want to overstate what currently even at 1500 lines of code, is not by any means overly large.

mac_gyver as usual provided you with a clear answer. HTTP protocol is request/response. Without some other streaming protocol, once a client has received a response, the tcp connection(s) required to get all the assets for the page, and the building of that page are close and the rendering of the page and any interactivity is entirely client side. New requests can be initiated, or you can have some javascript (ajax) that makes requests using javascript that can then be used to update the page without having an entirely new HTTP request (GET/POST/PUT/DELETE). There are ways to have a client poll ajax calls, or alternatively to use websocket protocol. You often see websockets used to provide more real time functionality. Regardless, for every Request sent to the server, checking for authorization of the client must be done. In other words, it should not matter if someone has their browser open to your site, as a logged in user who has now had their account deleted/suspended etc. All that matters is that the deletion/suspension/logout is enforced on the CURRENT HTTP request.