Just a couple of questions for the more knowledgeable of you guys.

a) (PHP) Is it worthwhile using a custom session handler.. ever? I recently purchased a PHP security book (Fairly cheaply somehow) since web guides seemed fairly limited and it sort of implied that it's good as if it uses a database then other applications on the server wouldn't be able to look at your sessions and hijack them, it also seems good because you can build stuff like IP, header etc. verification right into the session handler - however some posts I've read online say that the performance hit isn't worthwhile but since for a lot of my scripts I have to pull down a lot of stuff from mysql anyway I don't see the issue.

b) I've been planning on expanding my coding horizons beyond web languages for a while and whilst I do the occasional LUA coding on garry's mod I feel like one of the C languages is more worthwhile. Is it more advisable to learn C, C++ or C#. I'm leaning towards C++ as C# has a heavy windows focus and since C doesn't have classes. I could learn something like Java but it feels like such a cheat and an excuse for sloppy coding, it's also really inconvenient if people don't already have Java installed. Thoughts?

b) I've been planning on expanding my coding horizons beyond web languages for a while and whilst I do the occasional LUA coding on garry's mod I feel like one of the C languages is more worthwhile. Is it more advisable to learn C, C++ or C#. I'm leaning towards C++ as C# has a heavy windows focus and since C doesn't have classes. I could learn something like Java but it feels like such a cheat and an excuse for sloppy coding, it's also really inconvenient if people don't already have Java installed. Thoughts?

I always read that it's more worthwhile to learn C++ because it's more advanced or something. If you are new (which I don't think you are), they recommend learning Java first and then move onto a "proper" language, ala C++ :)

In terms of the session handler there are some situations where you would want or rather have to use it. For example if you ran a cluster of web servers you'd need to be able to access the session data regardless of what server handles the request and by default PHP persists session data on the local file system. I don't really do much PHP anymore (Moved on to other languages for web development after having the revelation of how crap PHP can be :P) but in a current non-PHP project I'm working on I have a cluster of a few web servers and I store session data in Infinispan (www.jboss.org/infinispan/) which allows it to be available to all the servers in the cluster. However, I believe PHP has allowed you to use custom session handler extensions in later versions so it is not needed to implement it in PHP anymore.

I'd disagree with everything Blinger has said. C++ is not any more of a "proper" language than Java. You'll find that even VERY large enterprises will use Java/Java EE for critical, large scale systems and is not just some language for education. It is also not some "cheat" and does not lend itself to sloppy coding any more so than other languages. Plus at the end of the day I don't decide to use some language because it it complex or difficult but I use it because it matches the requirements for the project I'm working on and minimises the amount of time spent. Again a good example of this is the project I mentioned previously. It is written in Ruby with RoR because it is very quick and easy to develop web applications with, however, it uses JRuby to allow it to run on the JVM so I can deploy it to a Java EE application server (JBoss AS) which meets the requirements for scalability and performance. Sure I could of written it in another language (e.g Java or even C++) because it was more "complex" or "proper" but why waste time? I would not attempt to write an OS in Ruby. Why? Because it is not the appropriate language for the project.

Also the reason Java is used in education is because it gives you a good grasp of the concepts that can apply across different "traditional" programming languages (data types, OOP, etc.) without all the difficulty associated with people running different OS/configurations that could apply if you used something like C++. e.g Student A was running linux with gcc, Student B was using Windows with Visual C++, etc. Hence the "write once, run anywhere" slogan.

In response to what to learn, I'd start by asking what you want to achieve. It seems you're looking to build some kind of desktop application. At first glance C++ may seem a good choice for cross platform programming but it is not as simple as it may first appear. At the moment C# does seem a good choice. You can make use of the .Net framework on Windows and practically all of the .net framework is supported on Linux using Mono (http://www.mono-project.com/Compatibility).

Anyway my point is that there is no language that is "the language" to learn as every language has strengths and weaknesses and you should pick what seems like the best one for what you aim to achieve.

Just a couple of questions for the more knowledgeable of you guys.

a) (PHP) Is it worthwhile using a custom session handler.. ever? I recently purchased a PHP security book (Fairly cheaply somehow) since web guides seemed fairly limited and it sort of implied that it's good as if it uses a database then other applications on the server wouldn't be able to look at your sessions and hijack them, it also seems good because you can build stuff like IP, header etc. verification right into the session handler - however some posts I've read online say that the performance hit isn't worthwhile but since for a lot of my scripts I have to pull down a lot of stuff from mysql anyway I don't see the issue.

Move to Python and Django, PHP is horrific.

Yeah PHP is bad. I started with PHP mainly because it was easy to find hosting for it. Although when you use other language you soon see how bad some of the practices in PHP are.

http://phpsadness.com/
https://bugs.php.net/bug.php?id=54547
http://www.securityweek.com/official-fix-php-flaw-easily-bypassed-researchers-say
http://gcov.php.net/viewer.php?version=PHP_5_4 "Test Failures: 86"
http://i.imgur.com/PFJz8.jpg


Move to Python and Django, PHP is horrific.

Move to Python and Django, PHP is horrific.
I'm already well aware of the problems with PHP. But let's pretend for a second that I'm not yet in a position to pick up new languages on a whim and that 90% of the code running websites on the internet is PHP. Could you give reasonable help?

Also I'd rather pick up C++ and then .. (http://garry.tv/post/21045656653/coding-website-in-cplusplus)

I'm already well aware of the problems with PHP. But let's pretend for a second that I'm not yet in a position to pick up new languages on a whim and that 90% of the code running websites on the internet is PHP. Could you give reasonable help?

Also I'd rather pick up C++ and then .. (http://garry.tv/post/21045656653/coding-website-in-cplusplus)

If you're thinking of picking up C++, then honestly Python is a piece of piss to pick up and will get you out of all of PHP's bad habits. You could learn it in under a day easy.

It's such a broad, easy and useful language that's used for everything from server administration, to website design.

I'm done, I don't have a clue about third party PHP session handlers :P

If you're thinking of picking up C++, then honestly Python is a piece of piss to pick up and will get you out of all of PHP's bad habits. You could learn it in under a day easy.

It's such a broad, easy and useful language that's used for everything from server administration, to website design.
I'll stick to PHP for now and once I've got my head around C++ I'll take a peek at python ;)

I'd not bother with that. The advantages he listed are not very convincing. "More Control" is false, I can do all what he listed in many other languages. "Obviously faster" is debatable as unless you're some kind of master at creating high performance HTTP servers then it is highly unlikely that you're going to be able to get it as fast and efficient as off the shelf HTTP servers. "If you code it right" contradicts the "obviously faster" statement. Again it goes back to my point about picking the right language for the project and unless you are Google then writing your website in C++ is quite silly as the benefits massively outweigh the costs of doing so.

If you want to write desktop applications but also look at also creating websites then I'd strongly recommend Java. Java EE and frameworks like Spring power some of the websites for some of the largest companies in the world. The world of Java EE is quite complex but is also very powerful.


I'm already well aware of the problems with PHP. But let's pretend for a second that I'm not yet in a position to pick up new languages on a whim and that 90% of the code running websites on the internet is PHP. Could you give reasonable help?

Also I'd rather pick up C++ and then .. (http://garry.tv/post/21045656653/coding-website-in-cplusplus)

didn't get the sarcasm..

but point taken.

I was thinking about writing a modular script (For fun/practise) and was thinking about how it is best to allow modules to affect the core-code. I have some ideas on how to do it but I'm unsure how secure it is / whether it's the best/most efficient way to do it.

Hooks:
If I have a variable (or property) with an array where the key is a describing name and is set to a function name:

$hook_<hookname>['<function description>'] = '<function name>';

And then whenever is appropriate for the hook to be called I foreach through the array and execute each function in turn, passing through appropriate variables for the hook.

Class Overriding:
I figure that at some point or another I'll need to override a class from a module, naturally I can extend the class, however that doesn't change the class objects are created from. So I could try two strategies..
Use a hook right after an object has been created, rename the object and create a new object from the new class with the same properties or whatever. I'm not sure if there's an easy way of moving across the properties to an object with a different class. The problem with this method is that if two modules use the same hook to override the class then only one module will be working.

The other method involves having classes register themselves on a global array on initialisation (likely via a function), then modules can override classes using a function which will handle errors and replace the value in the array for the class it's overriding if there isn't a problem, this has the benefit of allowing modules to not just fail and allows for error handling to make them "shutdown" so to speak. The array would probably then be stored as a protected property so that it's difficult for malicious code (Either user-injected or otherwise) to override it after initialisation then whenever the main class is needed you can use something like:

$object = new $classregister->getClass('superclass')(); //Perhaps a second variable for the function could always return the original function?

This still has the problem of two modules wanting to override the same class but at least this way there won't just be errors because only one of the modules classes didn't run, there's also the potential that the overriding class can have built in error-handling, recognise that the class that previously overrode the main class does not conflict and then extend and override that instead.

For the class thing I'm fairly certain there's a better way of doing it but I can't think of anything.

Does Java not use much more memory than other languages for the same tasks?

Does Java not use much more memory than other languages for the same tasks?
It probably wouldn't be on par if you coded it perfectly, because at that point you may as well do everything in assembler, but for most applications it's going to ease problems enough that the increased efficiency is going to counter-act the (Slightly) larger footprint.

I was thinking about writing a modular script (For fun/practise) and was thinking about how it is best to allow modules to affect the core-code. I have some ideas on how to do it but I'm unsure how secure it is / whether it's the best/most efficient way to do it.

Hooks:
If I have a variable (or property) with an array where the key is a describing name and is set to a function name:

$hook_<hookname>['<function description>'] = '<function name>';

And then whenever is appropriate for the hook to be called I foreach through the array and execute each function in turn, passing through appropriate variables for the hook.

Class Overriding:
I figure that at some point or another I'll need to override a class from a module, naturally I can extend the class, however that doesn't change the class objects are created from. So I could try two strategies..
Use a hook right after an object has been created, rename the object and create a new object from the new class with the same properties or whatever. I'm not sure if there's an easy way of moving across the properties to an object with a different class. The problem with this method is that if two modules use the same hook to override the class then only one module will be working.

The other method involves having classes register themselves on a global array on initialisation (likely via a function), then modules can override classes using a function which will handle errors and replace the value in the array for the class it's overriding if there isn't a problem, this has the benefit of allowing modules to not just fail and allows for error handling to make them "shutdown" so to speak. The array would probably then be stored as a protected property so that it's difficult for malicious code (Either user-injected or otherwise) to override it after initialisation then whenever the main class is needed you can use something like:

$object = new $classregister->getClass('superclass')(); //Perhaps a second variable for the function could always return the original function?

This still has the problem of two modules wanting to override the same class but at least this way there won't just be errors because only one of the modules classes didn't run, there's also the potential that the overriding class can have built in error-handling, recognise that the class that previously overrode the main class does not conflict and then extend and override that instead.

For the class thing I'm fairly certain there's a better way of doing it but I can't think of anything.

Really couldn't be bothered to read that massive essay, but it looks like you're seriously over complicating things.

I may have interpreted this wrong, but if you're looking to allow user customization by hooks, what's wrong with just doing Hook::get('name'); and then fetching said hook from a cache/the database?

User customisation? No, modular extension of the code.

For what though? If you're setting the custom hooks, why don't you just put the code in instead of calling for a hook? :S

Because I'm creating a modular system, if I just put the code in the core then it defeats the point.

What's the point though if it's only you setting the code..

What's the point though if it's only you setting the code..


I was thinking about writing a modular script (For fun/practise)
Srsly?

Read posts properly in future, I'd already explained every query you've made.

Srsly?

Read posts properly in future, I'd already explained every query you've made.

Practice generally means in an attempt to get better, else you wouldn't be practicing, correct? Sorry for attempting to help you out with better methods to do things. Honestly, I'm sorry - I didn't realize it was illegal to offer advice, how dare I.

Sorry for attempting to help you out with better methods to do things.
Being able to load modules for a system is hardly useless, so I don't see how telling me not to do it is a better method.

If I'm taking this the right way.... (aimed at froobe)

It doesn't matter who is reading your code or where it's implemented, it should ALWAYS be modular. When you end up with pages and pages of code in one or two files you're doing something terribly wrong...

I don't think he means modules in the sense of Python, Ruby, etc. modules but rather he has the standard implementation of some code and then people can install addons that modify the original implementation. If I were doing this I'd use the observer pattern and use the factory pattern to create the appropriate observable classes and add the observers from the addons (could parse some xml file or something to get what observers in an addon need to be added to what class)


If I'm taking this the right way.... (aimed at froobe)

It doesn't matter who is reading your code or where it's implemented, it should ALWAYS be modular. When you end up with pages and pages of code in one or two files you're doing something terribly wrong...

Hmm, I think I need to read in this a little, thankfully I just got a book on classes and objects and it's got a massive section(s) on design patterns.

From what I comprehend he wants a "modular" system which is similar to the way vBulletin does hooks. Yes, you should code modular systems but when you're loading your own code into your own code why not just put the normal code there? Who says the core can't be edited?

jesus ******* christ, I've already said TWICE

(For fun/practise)

I'm hardly practising adding hooks and stuff if I don't actually add hooks. because "just edit the core".

I didn't realise people got so stressed about other people trying to help. Wasn't like I was insulting you, only just a different way to do it? Jesus Christ.

It wasn't a different way of doing it, you were basically telling me not to do it.

It wasn't a different way of doing it, you were basically telling me not to do it.

I'm pretty sure in there I did suggest a different method as well? ;)

I'm pretty sure in there I did suggest a different method as well? ;)
yes, the method was telling me not to do what I was trying to specifically achieve. COMPLETELY USELESS.

You're so ignorant, you say you don't know "whether it's the best/most efficient way to do it" yet you have a go at people for helping you? My suggestion was a static method which makes more sense as it means not only do you have to keep track of what variable you have assigned a new class to, you also don't have to initiate a new class.

I think I'll pass in replying to your regular expressions thread, just purely because you're naive and ignorant.

Srsly?

Read posts properly in future, I'd already explained every query you've made.
Seriously? He's trying to help you and you're being a ****?

I'm already well aware of the problems with PHP. But let's pretend for a second that I'm not yet in a position to pick up new languages on a whim and that 90% of the code running websites on the internet is PHP. Could you give reasonable help?

Also I'd rather pick up C++ and then .. (http://garry.tv/post/21045656653/coding-website-in-cplusplus)

I hope to God that you were joking about the 90% thing...

I hope to God that you were joking about the 90% thing...
Exaggeration slightly, but it's certainly the majority.

---------- Post added 16-05-2012 at 10:06 PM ----------


yet you have a go at people for helping you?
The overall aim is to add a way to add hooks and override classes in the script and your fantastic help is to tell me not to add hooks or override classes. How is that even meant to be helpful?

Slightly? Basically what you're saying is 90% of the web is PHP which leaves 10% for these:

ASP
ColdFusion
CGI
Groovy
Java, e.g. Java EE or WebObjects
Perl
Python
Ruby
Smalltalk
SSJS
WebDNA
Websphere
.NET

You classify all of the web usage of those as 10%? Look at the most popular websites... what do you see them running on? Other than a few (Facebook uses PHP compiled down to C++, Youtube migrated over to Python in most instances), PHP is definitely not 90% out of all the websites that are in operation today.

It may be a popular language, but saying something like that is ignorant.

The overall aim is to add a way to add hooks and override classes in the script and your fantastic help is to tell me not to add hooks or override classes. How is that even meant to be helpful?


My suggestion was a static method which makes more sense as it means not only do you have to keep track of what variable you have assigned a new class to, you also don't have to initiate a new class.

And you said I didn't read.

Slightly? Basically what you're saying is 90% of the web is PHP which leaves 10% for these:

http://w3techs.com/technologies/history_overview/programming_language

Ten percentage points extra, sue me.

The funny thing is:

http://w3techs.com/diagram/market/programming_language

PHP is used by many sites with low level traffic vs. fewer sites with high level traffic. This takes into account every grandmother's site who installs Wordpress on it as well as any site using things like MediaWiki and Magento. Facebook uses PHP but it's compiled down to C++. That's the #1 on the PHP statistics so that's kinda wrong.

I'd like to see statistics for sites that are custom and not a package solution, remove all of those (for all languages) and those statistics would be interesting.

-snip-
I'm fully aware of that, but that's not what I said. I said 90% of the websites, not 90% of the custom code.

I'm very aware that popular sites running custom code tend not to use PHP.