Facebook PHP Code Leak Analysis
It came to my attention over the weekend the PHP code to the Facebook homepage has been posted online. To avoid legal difficulties, I will not post the code on this website but you may find the code here. As a PHP programmer, I felt like I was given a great treat. Facebook is one of the highest profile websites that use PHP and I was excited to see how such a powerful company writes its code.
After analyzing the code, I have a few thoughts.
Many Includes & The Use Of Include_Once()
The homepage itself includes a whopping 24 files including a main configuration file, as to be expected. Facebook uses include_once() as its selected method which I like because it prevents including a file multiple times and over-riding of changed setting files. I do wonder how many files get included within the primarily included files and how much work loading the homepage does to their server. Being a picky PHP programmer, I hate it when programmers don't use parenthesis with include/require functions , even though they aren't required.
Lack Of / Inconsistent Commenting
Facebook programmers know the purpose code better than I, but I would have expected better commenting within the page. I assume that Facebook has a large programming contingent -- wouldn't commenting be essential in allowing that many programmers to keep a file working properly? Apparently not, so kudos to them. My favorite comments:
//We special case the network not recognized error here, because affil_retval_msg is retarded. //Make sure big tunas haven't moved around
Less Than 500 Lines
With the amount of processing the page is responsible for, I'm pretty impressed with the file size (17.2 KB, ~450 lines). Removing blank lines, the file could be much shorter.
Free-Floating Functions
My definition of a free-floating function is a function that isn't native to PHP and isn't a function within a class. I dislike free-floating functions because they make the code seem unorganized. For example, I prefer creating a js class with a require function:
require_js('js/bludice.js'); // Boo!
$js->require('js/bludice.js'); // Yes!
Facebook uses exclusively free-floating functions -- no PHP classes in sight. Yuck.
In the end, I found the code somehow not as magical as I would have assumed it to be. Without peeking into the supporting library files, it's hard to get a good picture of how Facebook's infrastructure works. I'd bet that Facebook would like to keep it that way too.
To no one’s surprise, the page containing Facebook’s code was taken down. Before it was taken down, the Facebook “search.php” was also posted. If anyone has new links, please share.
You do realize that the blank lines do not matter at all…. white space is for readability, your retarded if you think compressing your script manually will do anything, its obviously compiled into opcode… facebooks code looked horrible IMO
TJ, I generally delete disrespectful comments but you said something I found humorous:
“…your retarded if you think compressing your script manually will do anything…”
Before you call someone retarded, learn the different uses of “there,” “their,” and “they’re.”
Wow, Tj, you completely missed the point and made “your”self look like an idiot. It’s obvious that David meant the number of lines of actual code is less than 450 lines and not that it would make things faster if you removed empty lines.
Hey there,
has anyone the code to share?
I am not able to find it anywhere!!!
Have a nice Day.
Dominik
What’s your beef with no parentheses on include/include_once/require/require_once?
I believe the code you’re talking about is fake, it contains errors and wouldn’t run if loaded with PHP.
Even so, I think they wouldn’t put comments directly in the code and would possibly have a specification document somewhere explaining everything.
also this code goes directly into a PHP > C++ converter so this isn’t the resulting code they use on the site, this could explain the free-floating functions (if this code is even legit).