The 7 Things I Know About Cyber Security After 25 Years | April 2024
So gelingt der Umstieg von PHP4 auf PHP5: Erneuerung von Geschäftsanwendungen unter Qualitätsaspekten
1. So gelingt der Umstieg von PHP4 auf
PHP5: Erneuerung von
Geschäftsanwendungen unter
Qualitätsaspekten
Lars Jankowfsky, CTO, swoodoo GmbH
2. Lars Jankowfsky?
• Software Architect, CTO seit 1992
• PHP seit 1998
• Viele erfolgreiche Projekte von 2 bis 20
Entwickler.
• CTO and (Co)Founder swoodoo.com
• (Co)Founder of OXID eSales. Refactored
OXID eShop during 1.5 years with 10
developers.
Lars Jankowfsky, swoodoo.com
3. What about your projects?
- What‘s your average project lifetime?
- Is there PHP code more than 5 years old?
- How many lines of code?
- How many change requests per year?
- Has there been a specification?
- Were all features in the first released version
implemented like they‘re specified in the
specification?
Lars Jankowfsky, swoodoo.com
4. Legacy Code?
Wikipedia says „Legacy code is source code that
relates to a no-longer supported or
manufactured operating system or other
computer technology. The term can also mean
code inserted into modern software for the
purpose of maintaining an older or previously
supported feature“
Jankowfsky, Rinne – Mayflower/swoodoo
5. Why upgrade?
• MySQL 4 support will end
• Active support already ended by the end of 2006
• Only extended support until 2008 for MySQL 4.0 and
2009 for MySQL 4.1
• MySQL 5 has more and advanced features like stored
procedures, trigger, better SQL support
• PHP 4 support did end
• PHP 4 is dead, dead, dead
• Only security relevant fixes until 2008-08-08
• PHP 5.2 is faster and more stable than every PHP 4
version
• PHP 5.3 upcoming
Lars Jankowfsky, swoodoo.com
6. Why upgrade?
- change requests get more and more expensive
- bug rate is increasing
- clearly a dead-end street!
- team motivation decreases
- hard to bring in new members into the team
- deprecated functions cause problems in future
PHP releases
Lars Jankowfsky, swoodoo.com
7. Typical problems?
- Typical legacy applications
- Started some years ago with PHP 4
- written in Spaghetti code
- half procedual, half object-orientated
- „PHP 4“ OOP
- using old, unmaintained libraries like PEAR::DB
Lars Jankowfsky, swoodoo.com
8. PHP, made in 2000
- no coding standards
- no PHPDoc
- no Design Patterns
- few separation of concerns
- has been changed a lot
- no refactoring, because „it worked“
- updated to run with php 4 in 2003
- updated to run with php 5 in ... ?
Lars Jankowfsky, swoodoo.com
9. PHP 4 OOP - strategy
- Maybe you‘re lucky and there are no problems.
Maybe.
- If you see problems, they are fatal errors like
- Objects are referenced by value
- $foo =& new Foo();
- Solution:
- Use standard APIs
- Fix the PHP 5 problems
Lars Jankowfsky, swoodoo.com
10. „Half procedual –halb
object-orientated“
- Code with different quality
- Just a few documentation
- Maybe some tests ... maybe ...
- „the typical current PHP 4 project“
- Found everywhere! Really everywhere!
Lars Jankowfsky, swoodoo.com
11. „Half procedual –half object-
orientated“ - strategy
- Add inline documentation for all classes and
methods
- Improve the re-using of duplicate code
- Improve every code part with PHP 5 functions,
for example using file_put_contents()
instead of fopen(), fwrite(), and
fclose().
Lars Jankowfsky, swoodoo.com
12. Spaghetti Code?
- Very old code, maybe developed in the last PHP 3 century
- a lot of redundant copy-paste code
- missing separation of concerns
- No or just minor separation of code and layout
- No use of libraries like PEAR, Zend Framework or eZ
components
- No or outdated documentation
- No tests at all
Lars Jankowfsky, swoodoo.com
13. Spaghetti Code - strategy
- Identify recurring code parts and implement
classes
- Use of standard libraries like Zend Framework
or eZ components
- Add inline documentation
- Fix your coding styles!
Lars Jankowfsky, swoodoo.com
14. Requirements
- No new features
- No technical changes like new database layer
or new template engine
- No influences for productive services like
External systems
- Minimization of time and effort
Lars Jankowfsky, swoodoo.com
15. What you should never do!
Please don‘t try a complete rewrite!
- Too expensive
- Takes too long
- the old codebase is used, tested & bugfixed
- Developers love to rewrite:
new code is more fun, code is easier to write
than to read
Lars Jankowfsky, swoodoo.com
16. Remember?
Netscape 6? Rewrite....
dBase for Windows? Rewrite....
Quattro Pro? Rewrite....
Access refatored...
Excel
Jankowfsky, Rinne – Mayflower/swoodoo
18. What is porting?
Innovation potential
ve
iti
Rewrite
s
po
Reengineering
e
tiv
ga
ne
Porting
complexity
Lars Jankowfsky, swoodoo.com
19. What is porting?
• Reasons
• Most simple form of migration
• Manageble risks
• Small complexity because of the lack of
qualitive and technical changes
• Requirement
• Minor differences between current and future
application platform
Lars Jankowfsky, swoodoo.com
21. Refactoring?
- Modifying code without changing it‘s behaviour
- „cleaning up“
“Refactoring is the process of changing a software system
in such a way that it does not alter the external behavior of
the code yet improves its internal structure.” (Martin Fowler)
Lars Jankowfsky, swoodoo.com
22. Modifying without... ?????
- if you refactor you need tests to proove that
you did not break any functionality
- Have tests first. Then change code.
- legacy code ? There are no tests!!
Lars Jankowfsky, swoodoo.com
23. And now ?
- Write tests first.
- You will need to refactor your application while
writing tests.
- Write selenium tests for
your application. - no :(
Lars Jankowfsky, swoodoo.com
24. Preparations
• Targets
• Porting without any technical or qualitative
changes
• Recovery of support (MySQL/PHP)
• Minimizing the interferences of services and
reduction of change times
• Interferences
• Porting problems between MySQL and PHP
versions
• Application complexity
• missing documentation and missing contact
persons
• Communication between all team members
Lars Jankowfsky, swoodoo.com
25. Process model
- Reducing of complexity with a planned
procedure
- Coverage of the complete porting
- Methodical description of the process
Lars Jankowfsky, swoodoo.com
26. How do we start?
- Identify the nastiest, ugliest and...
- probably most important piece of code and
let‘s start with this one.
- if you take the easy files you won‘t solve the
critical issues and...
- move the risk to the end.
Lars Jankowfsky, swoodoo.com
27. While porting ...
- adjust coding style
- add missing documentation
- remove redundant code / copy & paste-code
- remove unused(!) code
- maintain a list of future todos with priorities
Lars Jankowfsky, swoodoo.com
28. PHP and Unit Testing
- Layout & UI code is hard to unit-test,
acceptance-test instead
- test maintenance costs:
- unit test work fine with stable APIs
- high change rate in PHP results in API changes
- tests need to be changed, too
- slows down development, increases initial
development costs
- ... but your software survives more than 4 years
Lars Jankowfsky, swoodoo.com
29. Test Driven Adoption
1. Unit tests for existing code with PHPUnit
2. experience of confidence in own code
3. Insight: Tests are easier if written before
software
4. Insight: Tests help documenting the code
5. Insight: Tests define the real API
Lars Jankowfsky, swoodoo.com
30. Tools?
- CruiseControl for continous integration
- PHPUnit
- SeleniumRC and SeleniumIDE
- PHP Code Sniffer
- PHP CodeBrowser
Lars Jankowfsky, swoodoo.com
31. Golden rules
- know your budget: what are your maintenance
costs? What are the things you can‘t do now?
- there is no silver bullet. It takes time.
- Confident developers are efficient developers
- There is no way around proper coding style and
documentation
Lars Jankowfsky, swoodoo.com