I wrote PHP without any frameworks and I enjoyed it

So, on a whim of a creativity burst, I have decided to make a yet another go at making an enigmatic puzzle collection. Enigmatic puzzles are puzzles where you aren't given the rules of the puzzle directly – you have to deduce them from the clues provided. One of the most well known puzzle sets like this is Notpron, and it is definitely one of the inspirations for what I want to create, even though I don't like a lot of design decisions there.

My first attempt at making such collection was in form of a static website placed in a private repo on Gitlab – you can check it out here. I think I stopped making this at puzzle number 28, and the furthest I've seen someone get was puzzle 21. I even got some positive feedback – but there were some hardcore roadblocks.

So what were the reasons for me to want to start over? Well, there are a few reasons. The difficulty curve is honestly hard to mantain, the repo is annoying to use because it is hard to keep track of which filename corresponds to which puzzle... and I wanted to put my current VPS and domain name to a fun use. Yes, yes, I should start by setting up my main page, but still.

So, I thought about what I want to implement using the power of my own computing space. And I thought, a cloud save system. And some nicer UI than literally writing the answers into the URL bar.

Why not a client-side approach with js? Well, in this kind of puzzle sets, viewing the source of the website is traditionally considered a fair game. I don't really want people to be directly spoiled with answers just because they thought to use a tool that is normally available to them as per genre convention.

So, I know what I want, time for the technology selection. I took a look at the good old MVC frameworks... and I realized that they are an overkill. They will eat more of the limited server resources of my small VPS than it is necessary. So what do I want to use then? A more lightweight framework? No. I went with the goddamn frameworkless PHP.

”...the fuck you mean frameworkless PHP?”

Well... PHP without Laravel. Or any other backend framework for that matter. Just a basic PHP CGI server and a few modules from the Ubuntu repo so that I can use a database to store the save data and use yaml files to define puzzles with. Literally just this.

I'd like to stress though – if I needed a little bit more stuff or if a threat model I used was even a bit more stringent – using a framework would be a far better option. Here I don't even have a login screen, all you get is a token stored in a cookie that you can import on another device... or even share with friends to solve the stuff in co-op. There is literally zero personal information, zero user data stored in the database, and https provides enough security against man in the middle attacks to make things work. You get your token compromised? The worst thing the attacker can do is to solve puzzles for you. You lose your token? Just solve this stuff again, should be easy enough. The only user input that is touching a database query is the savegame token, meaning that the attack vector for any potential SQL injections or other weird database effects is tiny.

And I'll be honest – I had fun shitting out those PHP scripts. I had fun achieving the effect I wanted in a way reminiscent of web development from 15-20 years ago. Granted, PHP itself is much less of a mess than it was back then, but still. This reminded me of the times when I first touched programming, when things were simpler. When I coded and things were happening. When I didn't care about learning shitton of frameworks and working within projects spanning millions of lines of code. When I didn't know about scrum, kanban, and the corporate perversions of these project management methods. When I just enjoyed doing things.

“Maybe I should try going with frameworkless PHP?”

Most likely not. Frameworks exist for a myriad of reasons, both when it comes to security and efficiency – especially when you are working in a team with someone. Without frameworks you have to do more stuff by hand – and it will be more difficult to mantain a reasonable code structure. Not only that, but frameworks do have a lot of bells and whistles, for example to abstract away the more annoying parts of the development. It also makes session management way easier – and if you aren't experienced, just by using a mature framework and following its tutorial stuff you can avoid a shitton of security issues.

That being said, it may be a fun experience to go back to the basics here, especially for someone who uses like five different frameworks on a daily basis – just make sure to think of a small enough project that doesn't need much to get going.

I will be sharing my new puzzle collection more widely sometime in the future, I do want to make a few more puzzles beforehand though – and preferably test the early game ones on my friend beforehand.