Jaslabs: High performance Software

By Justin Silverton 

The following tips can help in optimizing object-orientated PHP.

1. Initialise all variables before use.

2. Dereference all global/property variables that are frequently used in a method and put the values in local variables if you plan to access the value more than twice.

3. Try placing frequently used methods in the derived classes.

Warning: as PHP is going through a continuous improvement process, things might change in the future.

More Details

I have found that calling object methods (functions defined in a class) are about twice as slow as a normal function calls. To me that’s quite acceptable and comparable to other OOP languages.

Inside a method (the following ratios are approximate only):

1. Incrementing a local variable in a method is the fastest. Nearly the same as calling a local variable in a function.
2. Incrementing a global variable is 2 times slow than a local var.
3. Incrementing a object property (eg. $this->prop++) is 3 times slower than a local variable.
4. Incrementing an undefined local variable is 9-10 times slower than a pre-initialized one.
5. Just declaring a global variable without using it in a function also slows things down (by about the same amount as incrementing a local var). PHP probably does a check to see if the global exists.
6. Method invocation appears to be independent of the number of methods defined in the class because I added 10 more methods to the test class (before and after the test method) with no change in performance.
7. Methods in derived classes run faster than ones defined in the base class.
8. A function call with one parameter and an empty function body takes about the same time as doing 7-8 $localvar++ operations. A similar method call is of course about 15 $localvar++ operations.

By Justin Silverton

Introduction

A client of mine approached me today and was interested in releasing a PHP based product, but didn’t want his source code to be viewed, in plaintext, by the people purchasing it (mainly because competitors can could easily just purchase a copy and integrate his source code into their product). So, I researched the different options available to protect source code.

What doesn’t work

The various encoders available do not work. These companies/products should just release these products as accelerators (which can improve speed by up to 10X) and not a secure and reliable way of hiding source code.

http://www.phprecovery.com is a website that charges money to decode the following types of encoded files (it is just an example site that I found. There are many more just like it):

• Zend
• Ioncube
• SourceGuardian
• TurckMM
  
• SourceCop
• ScopBin
• Zend (Gaspra)
• Ioncube (last)
• CodeLock
  

This site has been tested and it does work. Most people would not bother with the hassle of paying someone to decode your application, but if you offer a more expensive version that includes the full source (and the price is more than it would cost to decode it), then it might just be a better solution.

What works

The best solution is code obfuscation. It may not be perfect, and in some instances, you may have to change your code around a little bit, but it will make it very difficult to re-use your source code.

I prefer a free program called POBS, available Here

How it works:

Replace namesPOBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters. (It doesn’t use MD5 keys of 32 bytes, which is standard, since that would increase the size of your sourcecode). 8 bytes seems enough to give each functions or variable its unique name. MD5 is not reversible.POBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters. (It doesn’t use MD5 keys of 32 bytes, which is standard, since that would increase the size of your sourcecode). 8 bytes seems enough to give each functions or variable its unique name. MD5 is not reversible.The first letter of the new functionname is a “F”, of a variable a “V” and of a constant a “C”POBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters. (It doesn’t use MD5 keys of 32 bytes, which is standard, since that would increase the size of your sourcecode). 8 bytes seems enough to give each functions or variable its unique name. MD5 is not reversible.The first letter of the new functionname is a “F”, of a variable a “V” and of a constant a “C”The function with name MakeImageHtml is replaced by Fee2c1bdc
The variable $ImgText is replaced by $V1d9d94a6
The constant USERDIR is replaced by C389a367e

POBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters. (It doesn’t use MD5 keys of 32 bytes, which is standard, since that would increase the size of your sourcecode). 8 bytes seems enough to give each functions or variable its unique name. MD5 is not reversible.The first letter of the new functionname is a “F”, of a variable a “V” and of a constant a “C”The function with name MakeImageHtml is replaced by Fee2c1bdcThe variable $ImgText is replaced by $V1d9d94a6The constant USERDIR is replaced by C389a367eFuther obscuring

In addition, POBS can be instructed to concatenate lines and remove comments and indents. These are not irreversible since a person can write a program to add indents and returns. But it really makes a mess of your code and therefore furtherly discourages many wouldbe hackers from trying to reverse-engineer your code.

Exclude stuff

POBS allows you to indicate which user-defined variables, constants and functions need to be excluded from replacing. In the settings file “pobs-ini.inc” you can add these names to the arrays $UdExVarArray, $UdExcConstArray and $UdExcFuncArray. Do NOT use dollarsigns here.

In $UdExVarArray you are allowed to use wildcards in the form of an asterix (*) at the end of each variablename. I.e. params_* will exclude params_type, params_address and params_name. So if you name your variables to a certain convention you can easily and securely exclude them by group. This way you don’t have to be afraid you forgot to add it to the array in case you added a new variable to your code.

ProcessPOBS consists of 2 major processes.POBS consists of 2 major processes.1. POBS first scans all the files with the file-extensions allowed in the sourcedirectory. While scanning, it makes a list of userdefined variables, functions and constants it has located in your sourcecodePOBS consists of 2 major processes.1. POBS first scans all the files with the file-extensions allowed in the sourcedirectory. While scanning, it makes a list of userdefined variables, functions and constants it has located in your sourcecode2. POBS now knows which ones it should replace and starts writing new files in the target directory

POBS consists of 2 major processes.1. POBS first scans all the files with the file-extensions allowed in the sourcedirectory. While scanning, it makes a list of userdefined variables, functions and constants it has located in your sourcecode2. POBS now knows which ones it should replace and starts writing new files in the target directory

By Justin Silverton

A French Translation can be found here: http://www.vecteur-renaissance.com/vhoen/index.php/2006/04/15/27-10-conseils-pour-accelerer-des-scripts-php

1. A PHP script will be served at least 5-10 times slower than a static HTML page by Apache. Try to use more static HTML pages and fewer scripts. 
2. Enable the compression of HTML by putting in your php.ini:output_handler = ob_gzhandler 
3. Install a PHP caching suite. I have personally used zend (commercial), turck mmcache, and ioncube, and they all work very well. 
4. Switch from file based sessions to shared memory sessions. Compile PHP with the –with-mm option and set session.save_handler=mm in php.ini. This can drastically improve session management performance.
5. Another caching technique that can be used when you have pages that don’t change too often is to cache the HTML output of your PHP pages. (a list of template solutions is posted within one of my previous articles).
6. Use output buffering (See ob_start). This will speed up your PHP code by 5-15% if you frequently print or echo in your code. 
7. On Windows, FastCGI is the highest performance way of running PHP with Apache. 
8. In PHP4, objects and arrays should be passed to functions by reference (with &), and everything else by value. In PHP5, objects are already passed by reference.
9. Don’t use images when text will do. Reduce your image sizes with a software like MacroMedia Fireworks or imagemagick. 
10. If possible, Run your database server on a different machine. If all static content is served from another server, then you can turn off KeepAlives in httpd.conf to speed up client disconnects. 

By Justin Silverton

Digg This StoryI recently came across the following message when I tried to run a flash program on a client’s machine:I recently came across the following message when I tried to run a flash program on a client’s machine:

I recently came across the following message when I tried to run a flash program on a client’s machine:The security dialog comes up because when you fire getURL() with Local Playback Security set to
“Access Local Files only” it sees the getURL call as a request for network resource (and pops up the
security dialog).

If you then set Local Playback Security set to “Access Network”…. Normally that would allow the
call access to the network. But the requested communication is actually between a local SWF and a
local HTML file, so it sees that as a local file accessing a local file, which is outside of what’s
allowed when LPS is set to “Access Network”. Which results in a Flash Player 8 Security Sandbox dialog .

For Developers, there are three ways to solve the above issue:

1. The end user has to use the Settings Manager to set local file security to “Always Allow” AND
they have to add the path to the file as a trusted path.
The direct path to this section of the online Settings Manager is
(http://www.macromedia.com/support/documentation/
en/flashplayer/help/s…).
The default is ‘always ask’. Change that to ‘Always Allow’.
Then add the path to your local content to the trusted locations. For example, if your content
is on a CD-ROM then you’d add the path to the CD (for example, “F:/”).

Doing these two things is essentially enabling a local Trust File. Settings manager then
writes the trust file settings for you, to the #SharedObjects (which is obfuscated so nobody can
crack it)
So that’s how you can do it if your users are internet-connected and you feel they’re savvy
enough to handle the steps.

What if your users are not internet connected? In that case you have to manually add the trust file
to one of two locations:

2. You can create a trust file in C:\Documents and Settings\\Application
Data\Macromedia\Flash Player\#Security\FlashPlayerTrust.
The name of the file can be whatever you want.
The only minimum thing in the file is one line of text that’s the path you want to trust.
Additional paths can be one per line.
Do this if you just want to set up trust for one unique user account on that machine.

3. You can create a trust file in C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust.
This is the same trust file as step #2, but sets it for all the users on this machine.
The catch here is that you have to be an admin on the machine to create this trust file. Options #2 and #3 are obviously also available to end users who do have internet connections but
whom you might not want to direct to the Flash Player Settings Manager. 

By Justin Silverton

Below is a list of the top 10 frameworks for PHP:

10) Mobius

The Moebius PHP Library is a project that concentrates on building a set of classes that wraps around the built-in php functions. The idea behind the creation of this library is to create an object framework to work on PHP, going from mySQL management to Table manipulation. The site is powered in fact by the moebius library.

9) Blueshoes

BlueShoes provides developers with real-world solutions for common system components such as User Management, Session Handling, Closed User Groups, Exception Handling and Logging, Object Persisting as well as Form building and Handling.

8) Phrame

Phrame is a web development platform for PHP based on the design of Jakarta Struts. Phrame provides your basic Model-View-Controller architecture, and also takes a step further adding standard components such as: HashMap, ArrayList, Stack, etc…

7) Fusebox

Fusebox is the most popular framework for building ColdFusion and PHP web applications. “Fuseboxers” find that the framework releases them from much of the drudgery of writing applications and enables them to focus their efforts on creating great, customer-focused software.

6) Seagull

Seagull is an object oriented framework written in PHP that focuses on best practices, clean code and reusable components.

5) EZ Publish

eZ publish gives you control of your content. Create, handle, sort and store documents, files and images. Publish them in the format, channel or media you prefer.

4) Krill

Krill is a php Framework based on the MVC2 paradigm.

3) php-booba

Simple PHP framework for developing web applications.

2) edit-x

Edit-X CMS features enhanced tools for larger content management environments and offers support for multiple sites and unlimited authorized users. Users have an intuitive WYSIWYG (What You See Is What You Get) editorial interface that makes adding and updating content as easy as using a word processor. Edit-X CMS is designed to give organizations of all sizes a scalable solution for managing online information.

1) Binary Cloud

binarycloud is a web application framework for the PHP language. It provides a set of services that are frequently used when writing web applications and helps to improve reuseability by providing a modular application infrastructure.