Although there are not any visible changes in this update, this is the biggest update yet. As of last week this site was riddled with many security, functionality, and structural flaws. Instead of continuing to pile on more features that would inevitably worsen the current state of the website, a new home-brewed framework has been implemented to tighten up the loose ends of the site and keep the server in control of the user experience.

What was wrong
The previous version of the site had too many major security flaws that inevitably lead to an attack. Yes that’s right, someone did make their way into our database, but thankfully no harm was done. (There wasn’t a lot of harm to be done at this point anyway). The problem was that the database connections and functions were available on the front-end of the site, which could lead to some clever XSS and Javascript based attacks. Another major flaw was the timing of specific functions when a page loaded. Often times, the whole page would not load (this happened with the comments section a lot) and the user would have to refresh one or two times before certain elements became available. Lastly, many of the sites functions were crowding each other making some functions not work properly (Javascript functions specifically). The main problem here is that the site would just load the files with out any order or control. To fix this, the whole site has been merged to a new framework model that keeps the server in control of what the end-user see on screen by building the page one element at a time.

Introducing the Slalom Framework
The “Slalom Framework” is a classless model view controller (a.k.a MVC) that builds each page based on what is in the address bar. Unlike other MVCs, this framework uses a procedural style of operation rather than object oriented programming (OOP). This style allows for each element of the page to be built one step at a time rather than all at once (this does not by any means that it is now slower). Every page is put together with three elements, a model, view, and controller. The model is the means of getting data from the database via prepared statements. These prepared statements keep control of what goes in and out of the database without any unwanted interference in the data. The controller puts the the page elements together based on the parameters set by the url and creates the view.

The main thing about this framework is that every page is put together on the index page, so in retrospect this site is only one page. The process begins with the URL. The server (Apache) rewrites the URL and sets three parameters (page, sub-page, and link). Then, the index page loads the site configuration and main controller. Next, the main controller loads the pages sub-controller, model, and view based on the parameters provide by the URL. Finally, the view is put together by the main controller along with the specific scripts for the page. Some pages have scripts that dynamically add and remove content without refreshing the page. This done by using loaders that interact with the Javascript functions on the page. Although it seems like a lot for a website, it is absolutely necessary for running a site as complex as this one. Also, with the amount of potential visitors that could be navigating to this site, it is ideal to remain in control of every aspect to ensure a safe and functional user experience.