The web gallery phTagr is written on top of the great MVC framework CakePHP and deals with lots of photos. Its photo explorer displays by default 12 photos at once (see demo page). Therefore the CakePHP framework is called 13 times. The first request handles the authorized and the selection of the 12 photos. Then each photo is requested by the client to fetch it and to display it into the page. These requests check again the authorization and correctness of the user for each photo and requires a lot of time since it traverses again the whole MVC stack.

time = 1 x explorer page + 12 x image request = 13 x CakePHP stack = 13 x ~0.40s = 3,40s

Since the first request already checked the authorization of the photos the following 12 requests and checks are redundant and can be omitted. The user session can be used to store these authorization information for the 12 media requests and the photos could be send immediately before the CakePHP stack is called.

time = 1 x explorer page + 12 x fast image request = 1 x CakePHP stack = 0.45s

To do so a Fast File Responder component adds the file information to the session. It adds for each photo request the filename of the preview and an expiration date for safety.

<?php
 
class FastFileResponderComponent extens Object {
  var $controller = null;
  var $components = array('Session', 'FileCache');
  var $sessionKey = 'fastFile.items';
  var $expireOffset = 10; // seconds
 
  function initialize(&$controller) {
    $this->controller = $controller;
  }
 
  function add($key, $filename) {
    if (!is_readable($filename)) {
      return false;
    }
    $files = (array) $this->Session->read($this->sessionKey);
    $files[$key] = array('expires' => time() + $this->expireOffset, 'file' => $filename);
    $this->Session->write($this->sessionKey, $files);
    return true;
  }
 
  function addAll($data) {
    foreach ($data as $key => $filename) {
      $this->add($key, $filename);
    }
  }
}
?>

Than the app/webroot/index.php is modified to check for fast files before the MVC stack is called.

  // ...
  if (!defined('CORE_PATH')) {
    // ...
  }
  // Check the request URI if it matches the URI for photos
  if (isset($_GET['url']) && preg_match('/media\/\w+\/\d+/', $_GET['url'])) {
    require ROOT . DS . APP_DIR . DS . 'fast_file_responder.php';
 
    $fileResponder = new FastFileResponder();
    if ($fileResponder->exists()) {
      $fileResponder->send();
    } else {
      $fileResponder->close();
      unset($fileResponder);
    }
  }
  if (!include(CORE_PATH . 'cake' . DS . 'bootstrap.php')) {
    // ...
  }
  // ...

Finally the Fast File Responder itself located in app/fast_file_responder.php

<?php
 
/** This class enables a fast file response without the framework stack of
 * CakePHP. It checks the session and the URL and returns a valid file */
class FastFileResponder {
  /** Should be same as in app/config/core.php Session.cookie */
  var $sessionCookie = 'CAKEPHP';
  var $sessionKey = 'fastFile';
  var $items = array();
 
  function __construct() {
    $this->startSession();
  }
 
  /** Starts the session if the session sessionCookie is set */
  function startSession() {
    if (!isset($_COOKIE[$this->sessionCookie])) {
      return;
    }
    session_id($_COOKIE[$this->sessionCookie]);
    session_start();
    if (isset($_SESSION[$this->sessionKey])) {
      $this->items = (array) $_SESSION[$this->sessionKey]['items'];
      $this->deleteExpiredItems();
    }
  }
 
  /** Deletes expired itemes from the session list */
  function deleteExpiredItems() {
    if (!count($this->items)) {
      return;
    }
    $now = time();
    foreach ($this->items as $key => $item) {
      if ($item['expires'] < $now) {
        unset($_SESSION[$this->sessionKey][$key]);
      }
    }
  }
 
  /** Simple log function for debug purpos */
  function log($msg) {
    $h = @fopen(dirname(__FILE__) . DS . 'fast_file_responder.log', 'a');
    @fwrite($h, sprintf("%s %s\n", date('Y-M-d h:i:s', time()), $msg));
    @fclose($h);
  }
 
  /** Extracts the item key from the url and returns it. Returns false if no
   * key could be found. This function must be adapted for others */
  function getItemKey() {
    if (!isset($_GET['url'])) {
      return false;
    }
    $url = $_GET['url'];
    if (!preg_match('/media\/(\w+)\/(\d+)/', $url, $matches)) {
      return false;
    }
    return $matches[1] . '-' . $matches[2];
  }
 
  /** Returns the file of the media request */
  function getFilename() {
    $key = $this->getItemKey();
    if (!$key || !isset($this->items[$key])) {
      return false;
    }
    $item = $this->items[$key];
    if ($item['expires'] < time() || !is_readable($item['file'])) {
      return false;
    }
    return $item['file'];
  }
 
  /** Returns an array of request headers */
  function getRequestHeaders() {
    $headers = array();
    if (function_exists('apache_request_headers')) {
      $headers = apache_request_headers();
      foreach($headers as $h => $v) {
        $headers[strtolower($h)] = $v;
      }
    } else {
      $headers = array();
      foreach($_SERVER as $h => $v) {
        if(ereg('HTTP_(.+)', $h, $hp)) {
          $headers[strtolower($hp[1])] = $v;
        }
      }
    }
    return $headers;
  }
 
  /** Evaluates the client file cache and response if the client has still a
   * valid file
   * @param filename Current cache file */
  function checkClientCache($filename) {
    $cacheTime = filemtime($filename);
    $headers = $this->getRequestHeaders();
    if (isset($headers['if-modified-since']) &&
        (strtotime($headers['if-modified-since']) == $cacheTime)) {
      header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $cacheTime).' GMT', true, 304);
      // Allow further caching for 30 days
      header('Cache-Control: max-age=2592000, must-revalidate');
      exit;
    }
  }
 
  function sendResponseHeaders($file) {
    $fileSize = @filesize($file);
    header('Content-Type: image/jpg');
    header('Content-Length: ' . $fileSize);
    header('Cache-Control: max-age=2592000, must-revalidate');
    header('Pragma: cache');
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($file)));
  }
 
  /** Evaluates if a valid cache file exists */
  function exists() {
    return $this->getFilename() != false;
  }
 
  /** Sends the cache file if it exists and exit. If it returns an error
    * occured */
  function send() {
    $filename = $this->getFilename();
    if (!$filename) {
      return false;
    }
    $this->checkClientCache($filename);
    $this->sendResponseHeaders($filename);
 
    $chunkSize = 1024;
    $buffer = '';
    $handle = fopen($filename, 'rb');
    while (!feof($handle)) {
      $buffer = fread($handle, $chunkSize);
      echo $buffer;
    }
    fclose($handle);
    //$this->log("File send: $filename");
    exit(0);
  }
 
  /** Closes the session */
  function close() {
    session_write_close();
  }
}
?>

Now the requested images are shown almost simultaneously with the explorer photo page. Awesome!

Please leave a comment if you liked this proposal.

The behavior could be configured simple for your needs. By default the behavior ciphers the password Model property.

The Behavior

First of all the PEAR package of BlowFish must be installed. This packages comes with an PHP implementation of BlowFish and does not required the MCrypt PHP extension. If the MCrypt extension is installed, the PEAR library will use it.

Usage

As mentioned above, the behavior ciphers the password property (table column) by default.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array());

}

Following example saves the User model. Submit your login data via a formular. The $this->data might looks like:

Array
(
    [User] => Array
        (
            [id] => 1
            [username] => admin
            [password] => MySecret
        )
)

In the controller you save your submitted data:

Controller:

$this->User->save($this->data);

Now every time a User is saved, the password will be ciphered. The behavior only ciphers the properties, if the values do not start with the ciphered prefix $E$.

The ciphered data looks now like:

Array
(
    [User] => Array
        (
            [id] => 1
            [username] => admin
            [password] => $E$fIOGYbF6jQMXOOa5umzgXGWBfo7roAuk
        )
)

By default the behavior does not decrypt the properties and the decryption must be called explicitly:

Controller:

$user = $this->User->findByUsername($this->data['User']['username']);
$this->User->decrypt(&$user);
if ($user['User']['password'] == $this->data['User']['password']) {
// successful login
}

Configuration

Automatic Decryption

If you want to decrpyt all data automatically (might cost some CPU cycles and slows down your requests), you can configure the cipher behavior:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('autoDecypt' => true));
}

Model Properties

By default, the cipher behavior encrypts and decrypts the model property (table column) password. Other fields are also possible.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('cipher' => array('password', 'email', 'creditnumber')));
}

Custom Key

By default, the cipher behavior uses the Security.salt as cipher key. If you require a custom key, you can set in on the configuration:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('key' => 'MySuperSecureCipherKey'));
}

Note: Since the Security.salt is used from your configuration config/core.php and cipher key, it is very important to change the default value of Security.salt! Otherwise the encryption is not secure!

 /**
  * A random string used in security hashing methods.
  */
      Configure::write('Security.salt', 'NewSecureAndUnknownSecuritySaltForCake');

Salt and Padding

Before a value is encrypted it will be packed and padded. The clear text before the value is ciphered is surrounded by a salt and padded to a specific length block to $salt.$value.$padding.$salt.

The salt is used to avoid same encrypted results of same values. It is also used to discover the correct decryption. The padding is used to hide the original value lengths. By default, the salt and padding have the length of 4. This could be changed in the behavior configuration.

Note: The salt should be at least 2 characters long. Otherwise the successful decryption could not be detected well (apart of the diversity of the ciphered value).

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('saltLen' => 6, 'padding' => 8));
}

Prefix

To distinguish between ciphered value and a clear text value, the ciphered value has a prefix. The default prefix is $E$ but could be change in the configuration.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('prefix' => '$ciphered$'));
}

Debug

The behavior dumps log message to the standard log if something goes wrong. Please watch these entries while developing with the cipher behavior.

Changing Security.salt

If you using this behavior and some data is already ciphered but have to change the Security.salt, you need to decrypt all the data with the old Security.salt, save the clear text and encrypt all values with the new Security.salt.

Decrypt all values with the old Security.salt value:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('noEncrypt' => true, 'autoDecrypt' => true));

  function clearCipher() {
    $users = $this->findAll();
    foreach ($users as $user) {
      $this->id = $user['User']['id'];
      $this->save($user);
    }
  }
}

Controller:

$this->User->clearCipher();

Encrypt now all values with the new Security.salt.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array());

  function cipherAll() {
    $users = $this->findAll();
    foreach ($users as $user) {
      $this->id = $user['User']['id'];
      $this->save($user);
    }
  }
}

Controller:

$this->User->cipherAll();