phpied.com

Let's go ahead and optimize our phpBB installation for front-end performance. I'll follow Yahoo's 14 optimization rules, but only implement the ones that apply for phpBB. During this short workshop there will be no changes to the phpBB code, we'll create a new template instead, so that in case something bad happens, your board will continue to work normally. As an example, I'll use the bgcanada.com/phpBB2, the board I volunteer to administrate.

The plan

1. creating two subdomains to host assets - images and css, maximizing parallel downloads (also following rule #9)
2. creating a new template (theme) based on the default subSilver template
3. moving CSS to an external file (rule #8), merging the two css files (rule #1)
4. copying images and css to the new subdomains
5. making sure css is served gzipped (rule #4) and also making sure php pages are served gzipped)
6. turning ETags off (rule #13)
7. setting the Expires header (rule #3)
There will be no explanations on the reasoning why these rules exists, but only how to implement the applicable ones in phpBB. It's a good idea though to go through the links above and read the detailed description of the rules. Maybe you'll find something that can be done in addition to the plan above. The suggested implementations were done and tested on a normal $60/year shared host, working around the limitations of such hosting. I'll speculate that at least 90% of the phpBB installations out there use shared host so I hope my implementation will be relevant to your phpBB install as well.

New subdomains

Typically, shared hosts allow subdomains and have their admin interface for doing so. In case your host is an exception, alternatively you can buy one or two extra domains to use for the same purpose - storing page assets.

So in my case, for the domain bgcanada.com I create two sub-domains - i1.bgcanada.com and i2.bgcanada.com (i as in image). Now the question would be how to divide assets between the two domains. I decided that more or less half of the images are multilingual (they don't contain text) so these go to i2. i1 will have all the rest - translatable images found in subSilver/images/lang_english, smilies and the stylesheet.

creating a new template

Let's go ahead and create a new template (theme), based on the default subSilver template. I'll call mine "sso" as in "subSilver optimized" (or the longer mirror-like version "ssoss" as in "stoyan stefanov, oh, so smart" )

For this purpose, just take the contents of path/to/phpbb/templates/subSilver and copy it under the name "sso", so you'll have /templates/sso, an exact subSilver copy.

Now go ahead and modify templates/sso/subSilver.cfg, the theme configuration. First rename it to sso.cfg. Then at the top of the document, replace the line:

$current_template_images = $current_template_path . "/images";

with

//$current_template_images = $current_template_path . "/images";
$i1 = "http://i1.bgcanada.com/sso"; // language and smilies
$i2 = "http://i2.bgcanada.com/sso"; // the rest

use your domain, of course.

Then do a search/replace. All occurrences of:

$current_template_images/{LANG}/

should become

$i1/{LANG}/

And all occurrences of

$current_template_images/

become

$i2/

At the end of the file, just before ?> add a new line:

$board_config['smilies_path'] = 'http://i1.bgcanada.com/smilies';

This will overwrite the path to the smilies you set in the admin interface. This is optional, you can achieve the same by using the admin panel, but we said we wanted to have the board unaffected by the changes.

Now open templates/sso/theme_info.cfg and replace all occurrences of "subSilver" with "sso".

Now the bad news is that some of the template files (.tpl) still contain relative paths to images, we need to make these absolute and pointing to the subdomians. Since these paths are hardcoded in the templates we're sure that they are language independent, so they'll all go to the i2 subdomain. If you have a good text editor that can search/replace in multiple files, go ahead. Alternatively, use the php script I came up with. Download it, copy it to your /templates/sso folder, rename to replace.php and use it like:
C:\path\to\phpbb\templates\sso> php replace.php
It will report what it replaced.
It only searches for templates/subSilver/images and replaces with http://i2.bgcanada.com/sso

Yep, almost done with the template, one last step - the css.

Moving CSS to an external file, merging

In the default subSilver there are style definitions in overall_header.tpl. Remove them, the whole thing between the <style> tags and replace with:

<link rel="stylesheet" href="http://i1.bgcanada.com/sso.css" type="text/css">

Now rename subSilver.css to sso.css. Copy the contents of formIE.css and append it to the end of sso.css. Optionally, you can walk through the new file and strip all comments and white space. Or use my stripped version.

Note that as a side effect, the font of the board will look somewhat different, because the definitions in subSilver.css are not exactly the same as those in the overall_header.tpl. It's not a big difference, but if it's important to you, just ignore the original subSilver.css and create sso.css copying the styles from overall_header.tpl and formIE.css.

We're done with the files, the rest is sysadmin stuff.

copying files to the new subdomains

That's easy, just take everything from templates/sso/images (leave the lang_english or any other language folders) and copy to http://i2.bgcanada.com/sso

Than take all lang_* folders and copy to http://i1.bgcanada.com/sso, so you'll have http://i1.bgcanada.com/sso/lang_english/

Now copy all smilies from phpbbroot/images/smilies to http://i1.bgcanada.com/smilies/

Now take the sso.css you created and copy to http://i1.bgcanada.com/sso.css

Last, take the whole sso directory and copy to the main domain - http://www.bgcanada.com/phpBB2/templates/ so that it's in the same folder next to subSilver.

Login to the admin panel and activate the new theme as usual. Login to your account and change your theme preference to sso. You still want to test before making it a default theme for everyone.

At this point you should be able to browse your forum with the new theme and everything should look like as if you were using subSilver.

Serving gzipped content

The rule is that all served files should be gzipped, with exception for images, because gifs, jpgs, pngs are already compressed.

To serve the normal html (php) pages gzipped, just use the built-in phpBB feature, log on to the admin panel and enable gzip compression.

To serve sso.css gzipped, ideally you should only create an .htaccess file and have Apache do it for you (more info). Unfortunately my host won't allow it, so I took the alternative path - have PHP gzip and serve the css file. To do so I created an .htaccess file http://i1.bgcanada.com/.htaccess and put in it:

AddHandler application/x-httpd-php .css

This affects all CSS files (but we have only one) and makes them php scripts. If your host allows you to use php_value in .htaccess, you can do the rest of the job by only using .htaccess. Otherwise create a http://i1.bgcanada.com/php.ini file and put in it:

[PHP]
default_mimetype = "text/css"
zlib.output_compression = On
zlib.output_compression_level = 6
expose_php = Off
auto_prepend_file = "pre.php"

The first line makes php send text/css header instead of the default text/html. Some browsers won't like CSS files served with text/html header. The second line enables compression and the next line sets the compression level (could be up to 9). 4th line is absolutely optional, just removes an extra header that PHP sends. The last line sets that all served php files should include the file pre.php as if you used include "pre.php" inside every PHP script. This is actually used later for the Expires header.

turning ETags off

That's super easy. Just add .htaccess rules in both i1 and i2 to say:
FileETag none

Expires header

To set the expires header, add these lines to .htaccess on both i1 and i2

ExpiresActive On
ExpiresDefault "access plus 2 years"

This makes all files - images and CSS - on i1 and i2 expire in 2 years, if that's too much/not enough, feel free to change.

If it doesn't work for you (it didn't for me, because of the host), you can go the php auto_prepend route described above and add in the pre.php file
header('Expires: ' .gmdate("D, d M Y H:i:s",time() + (60 * 60)) . ' GMT');
Feel free to set 60 * 60 to whatever you think makes sense for you. Note that this will only affect the CSS file, images will be served "normally". You can also have PHP serve all the images, like we did for CSS, but I think it's probably too much.

Sysadmin summary

There was a lot of if-then above so let me summarize what worked for me, but try your other options first to see how "liberal" your host is in order to do a better job than me.

http://i1.bgcanada.com/.htaccess

AddHandler application/x-httpd-php .css
FileETag none

http://i1.bgcanada.com/php.ini

[PHP]
default_mimetype = "text/css"
zlib.output_compression = On
zlib.output_compression_level = 6
expose_php = Off
auto_prepend_file = "pre.php"

http://i1.bgcanada.com/pre.php

<?php
header('Expires: ' .gmdate("D, d M Y H:i:s",time() + (60 * 60)) . ' GMT');
?>

Done!

We're done! Did it take more than an hour? Hope not, although with these computers and stuff, everything takes more time than expected.

Do you see anything missing? Or something that can be improved? Or something didn't work for you? Please post a comment. The whole posting is a bit fast-paced and written in a rush (I really need to go to bed), so if there's something unclear please ask.

Recently I decided to clean up all the spam from an abandoned phpBB forum of mine, there was a lot to delete. In the phpBB version that I use there is no option to "check all" topics you want to moderate. So I came up with a little bookmarklet to do this for me. Here it is, only improved to work within frames and toggle (check if not checked, uncheck otherwise) all checkboxes in sight. Tested in FF and IE6/7.

To install, add this to your bookmarks/favourites:

The reading friendly code:

javascript:(function(){
function checkFrames(w) {

  try {
    var inputs = w.document.getElementsByTagName('input');
    for (var i = 0; i < inputs.length; i++) {
      if (inputs[i].type && inputs[i].type == 'checkbox'){
        inputs[i].checked = !inputs[i].checked;
      }
    }
  } catch (e){}
  if(w.frames && w.frames.length>0){

    for(var i = 0; i < w.frames.length;i++){
      var fr = w.frames[i];
      checkFrames(fr);
    }
  }
}
checkFrames(window);
})()

Following from here, I'm proud to announce an update to HiLiteMe.com. With two custom renderers for Text_Highlighter, the service now offers you:
- BB code for your source, so you can post beautiful code to bulletin boards and others that use BB code for formatting
- simple HTML code - the formatting is using only the tags b, i and u, this is for devices such as iPod that can understand only tiny amount of HTML code. So you highlight some code and take it on the road, sweet.

In addition to that there is Simple HTML preview, CSS styles that are used for the "rich" HTML highlighting and also the code for the rich HTML formatting, so no need to view->source->copy

Other additions - tabsize setting (how many spaces for a tab, if you paste code with tabs in it) and line numbers setting (yes/no) to specify whether you want lines to be numbered in your code.

Test drive?

Note on the BB code highlighting - I tested on:
- vBulletin - works beautifully and
- phpBB - the current out-of-the-box version will not work, becuase it's not allowing [color] BB tags inside [code] tags. Buuut, there is a MOD to enable this

Man, do I have a lot of todos! I was going through my posting drafts on this blog and found this 1 year old piece (from Aug 10th, 2005). I remember I was responding to this blog posting, but at some point I desided that I don't have the time to finish it, so I saved it as a draft. Well, one year was not enough to finish it, so here is the a draft as part of my postings cleanup.

--

Nice posting, thanks! I just want to add something on the phpBB part of it. OK, PHP is the most popular, compared to the other web languages, hence the most security issues with it. Well, I can apply the same logic to phpBB and phpMyAdmin. Everybody uses phpMyAdmin and phpBB is probably the most popular BB package out there. phpBB is an open (therefore exposed) source package and being also a bulletin board package makes it a nice target. Any BB site out there has has its kids that hate it and want it hacked, defaced, DB-emptied, userbase-exposed or otherwise dead. So they start digging every single regexp looking for a "door". And they find it, one after the other. It's normal, we all know that there's no such thing as a secure or bug-free software.

I don't say that phpBB's code is perfect (is there a perfect code?!), but I don't think phpBB should pay for all the sins of all PHP devs out there. We all make mistakes, that's nature. And it's not nice to call each other names in such situations. Two examples - PEAR's recent XML_RPC expliot (you cannot say that Stig Bakken can't hack in PHP) and a blog posting about some omissions in this PHP security guide!

--

Update from Aug 31st, 2006:
I really like this piece Harry Fuecks wrote ovet at SitePont. Hopefully the "war" is over and people no longer point fingers at each other, but learn from each other's mistakes instead.

Being able to see many shades of grey rather than black and white could be another point to add to the ideal profile. PHP (and security) is a good case in point—what strikes you as a smarter response: screaming PHP sucks or understanding that it’s popular and doing something to improve the situation?

Just finished setting up my Amazon Connect profile and posted one message to the blog Amazon create for you when you set your profile up.

Here's the blog.

Amazon Connect is an initiative where book authors can post messages directly to their books pages. So my smiling face is exposed on Amazon now when you browse one of the two phpBB books. Pretty nice. I mean the Connect idea, not so much the face

BTW, Amazon really have to work on those URLs to make them friendlier. Every time I post an Amazon link anywhere, it's just waaay too long and usually messes things up.

Today my blog turns 1 year, hence a few hiccups with the DNS change and the migration to a new server (thanks, Eric Gruber for the heads-up).

Blog stats: 85 posts and 183 comments(thanks everyone!), contained within 19 categories. Actually this post's ID is 100, but I have a few drafts lying around...

I started this blog as a diary while preparing for the Zend PHP exam, hoping that others will benefit. Now it's more like a little bit of this, a little bit of that, web-dev stuff. Anyway, hoping I'll post more this next year. Actually 85 posts is about once a 4 days, hmm, not bad, I thought I was lazier than this.

So celebrating the blog's first day I treated it to a nice new theme, designed by Marco and ported to WordPress by Christoph. Nice, thanks guys for you work!... I also updated to WordPress 2, very slick.
(Marco has also published a post about my blog, that's very, very flattering...)

And as another present, I saw that the second phpBB book is out! It's a scaled down version of the first, basically without the more advanced programming chapters and it comes at a much lower price.

I had this request to implement a feature on a phpBB board whereby topics older than one month to get deleted. A quick search on phpbbhacks.com revealed a result - Auto Lock hack, but it had a disturbing note saying that it's not recommended for larger boards, although I couldn't figure out why. Anyway, the hack looked too involved, with DB changes, new Admin Panel options, etc., so I decided to hack something together quickly. Turned out to be pretty easy. Here' s the result.

The SQL query

UPDATE phpbb_posts AS p, phpbb_topics AS t
  SET t.topic_status = 1
WHERE p.post_id = t.topic_last_post_id
  AND FROM_UNIXTIME(p.post_time) + INTERVAL 1 MONTH < NOW()
  AND t.topic_status = 0

Basically the logic is so simple that it can be done in one query. The topics table contains the id of the last post. I join the posts table to figure out the date/time of the last post. And if it's old enough, I set the topic status to 1 (locked).

I like the INTERVAL MySQL thing so I used it here, converting the Unix timestamps to human dates. It makes it much more easier to see at a glance that the period is one month and quickly change it afterwards if need be, without starting the old and tired calculation: "OK, 60 seconds times 60 minutes times 24 hours... Wait a sec! Is it seconds or milliseconds?"

The common.php

Instead of dealing with cron jobs, I decided to execute the query in common.php, a script that is always loaded on every page. I execute the query and send myself an email of something wrong happens.

<?php
$sql = 'UPDATE phpbb_posts AS p, phpbb_topics AS t
            SET t.topic_status = 1
        WHERE p.post_id = t.topic_last_post_id
            AND FROM_UNIXTIME(p.post_time) + INTERVAL 3 MONTH < NOW()
            AND t.topic_status = 0';
if (!$db->sql_query($sql))
{

    @mail('me@example.org',
          '[thesite] Locker',
          'Error while locking old topics',
          'From: meagain@example.org'
         );
}
?>

A probabilistic touch

Now, executing this query is not necessary on every page load. So I added a touch of probability.

<?php
if (mt_rand(1, 10) == 5) { //chance one in ten to run
    // do the stuff
}
?>

That means that this code has a chance one in ten of being executed on a page load. Even this is a bit high, but can always be changed to 1 in a 100 for example.

Distribution?

This was done only for internal purposes, not designed to be made available to the larger phpBB community. Otherwise it would be better if it doesn't hard-code the "phpbb_" table prefix, as well as the table names in general and the topic status value. Instead, phpBB constants must be used - like POSTS_TABLE, TOPICS_TABLE and TOPIC_LOCKED.

Since this monday (May 16th) the book I've been working on is now out! It's pretty exciting, I can't wait for my copy to arrive so that I can touch it. I have to admit, although I consider myself being pretty web-savvy, doing the daily readings, banking, communication and whatnot online, sometimes the tangibility of the material world is ... hmm, well, tangible

Okie, back to the book...

• My previous posting about the book, containing some background information about it and its collaborators, here »
• The book's official page »
• The publisher - [Packt] Publishing »
• phpbb.com »
• The book on Amazon »
• phpBBHacks.com's forum announcement and a special book page »

Good news today! I got an email from my editor saying that the phpBB book will be published soon.

Yes, I've been working on a phpBB book for some time, it's written and completed now and undergoing final proofreading. So it means that in a few weeks it will be published! It's pretty exciting...

Here's some more about the book. The publisher is Packt Publishing, great guys, publishers of books such as the phpMyAdmin book, the one about eZ publish, Typo3 and other great titles.

I'm not the only author; there are two other great guys. Jeremy is a team member of phpbbhacks.com. He's known as Thoul in phpbbhack's forums (if you didn't know it, phpbbhacks.com is a great site), he has written a lot of great tutorials for the phpBB community. He wrote two chapters and a few appendices for the phpBB book and was really helpful reviewing my chapters.

The other author is Mike. He wrote the chapter about designing your own phpBB theme, which is probably my favourite. It starts from coming up with the idea about the design and goes through all the steps. Check out his phpBB templates - Ad Infinitum, Conundrum, NoseBleed (the one that the his chapter is based on) and NoseBleed2, which powers his own community.

Here I should also mention Mr. Patrick O'Keefe. He is the creator of phpbbhacks.com and other sites that are part of his iFroggy network. He's a SitePoint author (just like myself, only with greater number of articles and experience) and SP forums Advisor. He did a great job reviewing our work and he also wrote an intro to the book.

So, the book will be out soon, meanwhile you can see its page, download a sample chapter and preorder with 25% off. There's also another nice surprise about the book coming up but ... it's a surprise, isn't it?

Finally, did I mention that my publisher is great? Yes, and if you're thinking about becoming an author yourself, check them out as a potential publisher. The details are here.

Some time ago I've created a phpBB mod/hack to use on a bulletin board I manage. Recently I decided to make it available for anyone interested to install it on their boards.

I've posted it some time ago on phpbb.com but it takes a while for the phpBB team to review all the mods/hacks they receive.

Yesterday I posted the hack on phpbbhacks.com and today I noticed it was approved and published. Here it is: the lat2cyr transliterator.

Good job, phpbbhacks.com!

Just a suggestion to phpbbhacks.com - consider sending an email to the author when their download is approved.

» More info and a demo of the hack is available here.

A new version was just released, containing a security patch.

Unfortunately Kredor, the company providing the transliteration service I was using for this hack, is no longer providing the service (either that or they have changed its URL without announcing the new one), so the hack is currently unusable. Let's hope that they'll release a new version.