Web Development

Top 10 reasons why webdesign, web development and programming in general really suck

The longer I program or do anything with webdesign the more I absolutely hate it with a passion. Here is why.

  1. Nothing works
  2. Nothing works
  3. Nothing is documented worth the shit so it takes forever to figure out how the hell the idiot authors system works. Nothing but hours of frustrating trial and error. But their marketing sounds so damn awesome that everyone just has to learn and use it.
  4. Bugs galore and then more bugs. NOTHING WORKS
  5. Nothing works
  6. Browsers really suck at CSS/Javascript each does it’s own thing, how and when it wants. Screw you if you know how it should work the team at browser x has different ideas. NOTHING WORKS
  7. The tools suck and the industry jumps ship to new tools monthly, tools that do the same shit in a different fail ass bug filled way NOTHING WORKS
  8. Too many clueless amateurs pumping out shitty undocumented spaghetti code… NOTHING WORKS!!!
  9. Most tools are dysfunctional chaos at best NOTHING WORKS!!!
  10. You learn the same shit over and over and over every time a new Library or framework comes out or some new Amateur has a great idea that other Amateurs think sounds great.. NOTHING WORKS!
Programming sucks because nothing works

I swear if a mechanic had to deal with the same shit developers deal with then their day would go like this

  1. Get to work 1/3 the tools are broken  and you must order new tools and learn to use them. But these tools even with the same name and function are a new version and work totally different. And you must learn how to use them through trial and error because the docs are totally  off and missing steps.
  2. Some of the tools that worked one way the other day now work totally different today. Got to learn the changes before work begins
  3.  Another 1/3 of all the tools were stolen got to order new tools and well some of those new tools changed so you got to re-learn how to use them. and about 1/3 of the new tools you ordered will be totally fubar broken and never function
  4. You finally got all your tools ordered and relearned now you have enough time to remove 1 bolt
  5. Manufacturer can’t write steps of how to use their product. It requires 10 steps, but lame brain in doc department leaves out 4 so you get 6 steps and are left saying WTF!!!

Next day you start all over again and get bolt 2 off.

Seriously what other industry do you have people just intelligent enough to create things but not intelligent enough to explain how the hell their invention works? NONE NO OTHER DAMN INDUSTRY. There is no other industry full of so much time wasting bullshit and chaos. NONE NOT ONE.

It is like trying to put together furniture where the manufacturer gives you 1 picture of the final product which takes 20 steps to complete and they decide you only need to know 11 of them FFS.

The more people who start web development and programming the worse the industry gets. This shit takes knowledge and organization. At the current rate I predict soon computers won’t even start in 10 years.

Web Development

How to get the user id in a service in Symfony 5

You might try UserInterface but I know that Security will work. You type hint aka Dependency Inject your service constructor with Security but not just any Security will do there is also one by Sensio labs and another. You want this Security

use Symfony\Component\Security\Core\Security;

Then your id wont show it or will warn something about a polymorphic call blah blah, but apparently there is a getId() method of the user returned from Security and you can get a user id like this.

 $userId = $this->security->getUser()->getId();

That is how you can get the current logged in users user id; My IDE PHPStorm doesn’t even know getId() exists so I had to do some digging.

Resources Web Development

How does login and authentication work in Symfony 5.*

This is mostly for myself as a reminder, as the info is scattered to hell wont have it, because that is the dysfunctional symfony way.   The most frustrating part of Symfony is Authentication because the information is scattered all over between articles, symfonycasts etc. just all over, like you couldn’t scatter it more all over, all, all over like a unicorn farting out rainbow sprinkles.You won’t find shittier documentation on any subject anywhere on the internet.

There are two versions of authentication an old one and a new one. The old one uses Authentication providers the new one users just Authetincators. No one but the authors of Symfony know WTF the difference is though.

Note : to add confusion Symfony refers to what you usually call Sessions as Tokens FFS.

First off a list of files involved in the login process :

  1. The login form obviously app/templates/security/login.html.twig
  2. A security controller app/src/Controller/SecurityController.php
  3. A user Provider aka the User entity class app/src/Entity/User.php
  4. An Authenticator app/src/Security/LoginFormAuthenticator.php

When a user requests /login Symfony first calls LoginFormAuthenticator.php to check to see if the user is logged in/authenticated so the work is not done in the controller like most other actions. To change, add, remove anything from the authentication process you make changes in the LoginFormAuthenticator.php methods.

There is a new experimental Authentication system it still uses authenticators but a slightly different process.

This authenticator is listed in the app/config/packages/security.yaml file under firewalls:main:guard:athenticators as

- App\Security\LoginFormAuthenticator

symfony firewall authenticator section

Every time a request is made the firewall will use the authenticator listed to try to authenticate the user. If authentication fails Symfony secretly behind the scenes tries other ways to authenticate the user as you can see in the image below.

symfony guards
Secret guards attack

As you can see in the image above Symfony will try your guard you listed in the configuration file, but it also tries it’s own secret list of default authenticators.

For information about the login form see this article in the scatterdocs. A little more info about the login form and process from the Symfony Spaghetti docs.

Resources Web Development

Symfony Session resources list

Plain session docs – This is the symfony documentation page about Sessions alone. This link shows the basic configuration and use of Sessions in Symfony. This also mentions not starting a session for Anonymous users and has links to other info about sessions.

Configuring Sessions and Save handlers – Symfony documentation link. This covers more about how to configure sessions and their Save Handlers. This is some of the better information about Sessions and how they work in Symfony. It covers the save handlers and more of the configuration information.

Session proxy examples – Symfony Documentation link. This covers how to create your own session handler. It also discusses how to encrypt session data with an example.

Framework configuration – Symfony documentation link. This covers many of the options for the security component of Symfony.

Store sessions in a database – Symfony documentation link that describes how to store session data in a database or Redis.

Session Management – Symfony documentation link. Explains how sessions are managed in symfony. Gives a good overview and important information about how symfony functions. It covers the functions symfony uses to replace PHP session functions and how to use them. This also covers the ways to work with sessions in Symfony. Oddly this covers Flash messages too.


Software Development Web Development Web Security

Authentication vs Authorization what is the difference?

Authentication/Authorization these terms are often confused. Here I will clarify them.

Authentication — Login, proving who a user is one way or another. After a user is logged into a system a session cookie is usually created to re-authenticate the user so they don’t have to login every single page view.

Authorization — Can a user view or access something once Authenticated? Authorization includes things like administration panel access, viewing a users profile or post or media etc.

Resources Web Development

Symfony errors and exception handling resources

How to customize error pages – Documentation page about how to create custom error pages.
How to Customize Access Denied Responses – specifically about how to customize access denied responses. This is useful for when you use voters to authorize a users access to content.

Resources Web Development

Symfony caching resource list and information

Once I started digging into Symfony caching I found all kinds of information all over. I’ll use this page to catalog it all for myself and others. This way I can quickly find what I am looking for.

Cache – From the docs. This is the overall plain documentation about Symfony cache. It covers the following

Configuring Cache with FrameworkBundle
Creating Custom (Namespaced) Pools
Custom Provider Options
Creating a Cache Chain
Using Cache Tags
Clearing the Cache
Encrypting the Cache

The Symfony Cache component – This is the actual caching component documentation. It covers the following.

Cache Contracts versus PSR-6
Cache Contracts
Available Cache Adapters
Generic Caching (PSR-6)
Basic Usage (PSR-6)
Advanced Usage

Cache pools and Adapters – from the documentation. This covers cache adapters such as Redis and Memcached. It covers the following information.

Creating Cache Pools
Using the Cache Contracts
Using PSR-6
Looking for Cache Items
Saving Cache Items
Removing Cache Items
Pruning Cache Items

Cache items – from the documentation. You need ItemInterface and cache items in order to set expire information on cached items. This link covers the following :

Cache Item Keys and Values
Creating Cache Items
Cache Item Expiration
Cache Item Hits and Misses

Resources Web Development

How to install and configure Redis in Symfony 5+ for local testing

Installing and configuring Redis for Symfony takes quite a few steps. So many I’d never remember them all. This article is for myself at a later date as well as anyone else who finds it useful. I’ll be updating this article as I learn more.
This article covers installing and configuring Redis for use for both Session storage and Application cache.

First you need Redis the program itself running. I suggest using Docker so you can quickly spin up Redis containers for experimenting. If you are not familiar with Docker I suggest you start with this getting started guide.

If you are using docker once you have started a Redis instance test it by trying to use the cli like so


You should see something similar to this.

This means redis is running on (localhost) on port 6379 which is the default port.
With redis-cli running you can further test with the following.

//set a key and value
set someKey "some value for the key"
//get the value for the key
get someKey
//view a list of all keys in redis storage
keys "*"

In production you need to install Redis or have access to a server running Redis, I’ll cover that in another article.

Install phpredis extension

You will need to install phpredis php extension and configure it. Before you can even do that though, you will need to install another php module php-dev I am using php 7.4 and Ubuntu so to install that I do this.

apt-get install php7.4-dev

This is needed because phpredis use phpize and phpize is included in php-dev.

If you are using another version of php you can search apt repository for this package like this:

apt search php-dev
or for version specific like this apt search phpver-dev
apt search php7.4-dev

Change the version number to match yours.

Next you install the phpredis extension from pecl.

pecl install redis

This is just the extension for the client to interact with your Redis server wherever it is, either local or remote.

Configure PHP

Now you must configure PHP  to use this extension.
You could add the needed config values to the php.ini config, but the problem is there are two. Yeah one for the cli and one for fpm. I have an easier solution. Create one file and symlink for both cli and fpm.

You can do it…

You will need both configured. As I found out if you configure only fpm your app will work, but when you go to composer install/update/require etc. you will get a cli error about missing such and blah Redis extension blah blah.

If you are running PHP 7.4 on Linux you will want to create a file in the following /etc/php/7.4/mods-available directory  named phpredis.ini  with the following
session.save_handler = redis
session.save_path = "tcp://localhost:6379?timeout=3&read_timeout=3"

You can find more info here in the phpredis docs.

Once you have created that file you need to symlink to the fpm and cli to let them know the configuration exists.

Run the following commands to symlink.

ln -s /etc/php/7.4/mods-available/phpredis.ini /etc/php/7.4/cli/conf.d/phpredis.ini
ln -s /etc/php/7.4/mods-available/phpredis.ini /etc/php/7.4/fpm/conf.d/phpredis.ini

The way this works is php after it reads the php.ini reads in all of the configuration files ( those with .ini extension) from the conf.d directory for either cli if you are using the command line or from fpm for your app. This makes configuring anything you need for php easier than having to open the giant php.ini file, plus you don’t have to worry about ruining one, which I have done easily.  Here is a link to the php docs on configuring and .ini files

Now you must restart php fpm for your app to work. On Ubuntu you can do this.

service php7.4-fpm restart

Configure Symfony for Redis Sessions

Now you must configure some things in Symfony. Part of the following can be found in the docs about caching in a Redis Database here.
From the docs you can see you need set these values inside services.yaml which is in the config directory of your app.

    # ...
        # you can also use \RedisArray, \RedisCluster or \Predis\Client classes
        class: Redis
            - connect:
                - '%env(REDIS_HOST)%'
                - '%env(int:REDIS_PORT)%'

            # uncomment the following if your Redis server requires a password
            # - auth:
            #     - '%env(REDIS_PASSWORD)%'
         - '@Redis'

The values for REDIS_HOST, REDIS_PORT and REDIS_PASSWORD should be defined in environmental variables on your system or in .env or in the secrets vault. For testing .env.test.local works.

I told you there were lots of steps, there is still more

Now there is still a little more configuring as the docs show in the link above. You need to configure the framework to use Redis for session storage. Open framework.yaml located in config/packages/ and change the handler_id and comment out the save_path file location info like so.

        enabled: true
        handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
        #save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
        cookie_secure: auto
        cookie_samesite: lax

Configure Symfony Cache to use Redis

You also need to configure the cache now in cache.yaml if you want to use Redis as a cache for your app.  You could configure everything in framework.yaml but it becomes a mess if you do that. Symfony reads all the files recursively located in the config directory, just make sure your yaml structure is correct.

If you open /yourapp/config/packages/cache.yaml you should see something similar already there.

        # Unique name of your app: used to compute stable namespaces for cache keys.
        prefix_seed: sogizmo

        # The "app" cache stores to the filesystem by default.
        # The data in this cache should persist between deploys.
        # Other options include:

        # Redis
        app: cache.adapter.redis
        default_redis_provider: 'redis://%env(REDIS_HOST)%:%env(REDIS_PORT)%'
        #default_redis_provider: redis://localhost:6379
        # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
        #app: cache.adapter.apcu

        # Namespaced pools use the above "app" backend by default
            #my.dedicated.cache: null

Un-comment the lines shown under Redis section. You will notice a special syntax I am using. I kept messing around until it worked. You might not need to configure the default_redis_provider I need to do more research on that because it seems like that should be covered from the configs above, seems redundant.

default_redis_provider: 'redis://%env(REDIS_HOST)%:%env(REDIS_PORT)%'

That builds the string needed for the configuration basically this ‘redis://localhost:6379’  More about caching here in this Symfonycast.  that entire symfony cast is a great explanation of how the environmental system and cache works. More info about the string to connect to a redis provider here in the docs.

Using Symfony Cache in Controllers

This is actually the easy part, but instead of explaining it here I’ll write another article and link to it here, this article is too long already.


Configuring symfony – link to the docs about configuring symfony .env file etc.

Symfony secrets vault – link to the docs about the secrets vault and keeping sensitive information safe in symfony.
Docker getting started guide.

phpredis extension and how to install and use docs

Symfony docs store sessions in a database -> includes Redis example

CacheInterface Symfony docs about caching items you need ItemInterface when you want to set an expires time for an item.

PSR6 CacheItemInterface documentation explaining this cache interface which Syfony ItemInterface uses.

Redis cache adapter docs – the documentation about configuring the redis cache adapter.

Resources Web Development

Symfony 5+ check if user is logged in inside a twig template

Often you may need to know whether a user is logged in or not inside a template to show or not show something. For example you might want to show links to login or register if a user is not logged in but show a link to logout if the user is logged in.

To do this you use is_granted() within a template with one of the following.


<div class="modal-body">
<ul class="nav flex-column">
{% if is_granted('ROLE_SUPER_ADMIN_1') %}
<a class="nav-link" href="{{ path('show_dash') }}">Dashboard</a>
{% endif %}
{% if is_granted('ROLE_USER') %}
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a> {% else %}
<a class="nav-link" href="{{ path('app_login') }}">Login</a> or <a class="nav-link" href="{{ path('app_register') }}">Signup</a> {% endif %}

Using ROLE_SUPER_ADMIN_1 which is something I made up for my own app to check what type of admin the user is. I don’t really like the IS_AUTHENTICATED_* methods, read more about them in the link below if you want.

Link to more information about IS_AUTHENTICATED_* here in  a really old symfony cast I found via google.

Resources Web Development

PHP resource links

What’s New in PHP 8 (Features, Improvements, and the JIT Compiler)