this is what my page looks like. i've filled in the key and username, but not sure why this is like this, using apache2 if that helps

also not using the specified monitor thing, was just intending to use the tv my pi's hooked up to.

that screenshot was firefox, but other browsers just show the entire index.php

Hi, maybe a seperate file for recent tracks requesting would be a nice idea. This way, the API key isn't leaked to the public via the HTTP request.

For example, just by creating a seperate file (recents.php) with this content:

<?php 
$user     = 'xxxxxxx';
$key      = 'xxxxxxx';
$status   = 'Last Played';
$endpoint = 'https://ws.audioscrobbler.com/2.0/?method=user.getrecenttracks&user=' . $user . '&limit=2&api_key=' . $key . '&format=json';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); // 0 for indefinite
curl_setopt($ch, CURLOPT_TIMEOUT, 10); // 10 second attempt before timing out
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
$response = curl_exec($ch);
$lastfm[] = json_decode($response, true);
curl_close($ch);

header('Content-Type: application/json; charset=utf-8');
echo $response;

One could then replace the link in the requestUpdate() JavaScript function. I think this would be a nice addition to this really cool project!