The following sections discuss the installation, verification and layout of PHPLIB: How to install PHPLIB? Which functionality and class definitions are contained in which files? How do you layout a web server with PHPLIB installed? Which installation options are available and how do these affect performance?
PHPLIB contains a set of core classes and functions that offer session tracking, per-session and per-user persistent variables, user authentication and permission checking. Building upon this core functionality, PHPLIB offers a set of commonly needed "background" classes and a set of "HTML widgets", classes that allow you to quickly generate HTML based user interfaces.
All PHPLIB definitions are designed that you don't need to
change any of these files. Your customization of PHPLIB can be
contained in two or three files, depending on the setup:
setup.inc and, in some cases,
prepend.php3. You NEVER need to change any other file
with PHPLIB. Details are outlined below.
The following three files are the only files from PHPLIB that require changes in normal PHPLIB applications.
Your application will almost certainly not work with the default values supplied by the above classes. You are supposed to extend the classes described below as you see fit.
In your subclasses, you only have to specify what is different in your application. These are things like database host names, database names, table names and username/password combinations. You need to provide login screen definitions (HTML) and user validation functions (SQL) to make the example work.
The distribution provides a
local.inc to illustrate
a typical setup. These definitions are also needed to get
the administration and testing scripts provided with the
distribution to run.
The file is required and you must change it for your setup.
Session class provides the ability to execute
initialization code at session setup. See the class
description for instructions on how to set this up.
Per convention, we store such code in
in the include directory. The code is being executed
whenever a new user connection to out application and
a new session is started.
The file is optional. No default is provided.
prepend.php3 determines which code is being
loaded for all PHP3 interpreted pages. Normally, we include
the class definitions for all core classes in this file:
user.inc, then your local customizations
local.inc and the page management functions from
You must change
prepend.php3 to reflect the database
interface that you are using: Change the
If you are not using some core features from PHPLIB in your
application or if you want some other features to be present
on all your pages, you can delete or add
statements for their respective include files here.
The file is required. You must change it for your setup, unless you are using MySQL.
The following files are included from
provide definitions for the core classes of PHPLIB. We recommend
that you always include all of them, as they are a tightly
integrated set of classes with many dependencies among them.
DB_Sqldefined in exactly one of
A database access class for your database server. PHPLIB
depends on the presence of a SQL database server. Depending
on the type of your database server, you have to select the
appropriate include file. The file contains the definition of
DB_Sql suitable for your database server.
The class manages a database connection (connection setup is implicit) and result memory is managed automatically.
An independent class.
Manages an arbitrary amount of arbitrarily named session
variables of scalar, array and object types (Object support
requires that you implement two instance variables in your
classes). Tracks sessions via cookies or a
appended to each URL.
Manages session authentication. Sessions are authenticated against usernames and passwords in a database. Authentication can be time limited.
Manages permission checks on authenticated session pages. Protected pages are only accessible to users with the specified rights.
Manages user dependent variables. Unlike session variables these are bound to a user id, not to a session id. They are persistent over multiple sessions, but are only available after a user has been authenticated.
Setup and Shutdown functions, must be present on any session page.
The extended functionality classes offer GUI-less background features that are commonly needed in HTML-applications. They may make use of core functionality (indicated for each class below).
Manages a simple shopping cart. Items can be put into the cart, taken out of the cart and the carts contents can be enumerated.
Session to be useful. Requires that you add the
Manages templates and variable replacement. Templates can be stored in files. They are loaded on demand and variables are replaced in these files.
An independent class. Requires that you add the statement
prepend.php3 or that
you include it manually on each page where you want to use it.
HTML widgets are classes that generate some HTML-code (often forms or tables) to display GUI-elements. We try to provide functionality commonly used in applications, in a way that the actual look of the GUI-elements can be easily customized.
Creates a dump of a two dimensional array or a query result in CSV format, suitable for loading into a database or a spreadsheet program.
Table, extension of
Create a selection widget that allows a user to choose arbitrary conditions on one or more table columns. SQL is being created from these selections that can be used in the where-clause of a larger SQL select statement.
DB_Sql. Requires that
you add the statement
Creates HTML tables from two dimensional arrays or from database query results. The class can either filter out the desired columns from an array or you can explicitly name which columns to show. A heading can be turned on if desired. All generated HTML elements are tagged with a classname you specify for stylesheet support, if needed. When used in a form tag, each table row can be prefixed with a checkbox input element to allow for row selection.
An independent class.
An independent class.
The base library is supplied at the PHP Base Library download location. Two different formats are provided: A tar.gz version and a shar version.
If you are on a windows system, you can use phplib.tar.gz, if you have WinZIP installed. Current versions of WinZIP know how to handle compressed tar archives. The uncompressed files may be installed on your windows system or transferred to your Unix system.
If you can't handle binary files, you may download phplib.shar.
This is a pure ASCII file containing a self extracting shell
script. Just save the file, make it executable and feed it to
your Unix shell (for example, by typing
PHPLIB support mailing list is available should you run into problems
with the library. To subscribe send the command
the mailing list subscription address.
The PHP base library requires a working web server with CGI
capability and the CGI version of PHP 3.0.12 or higher
installed. Alternatively mod_php can be used. Lower
versions of PHP do not work at all: The session class uses the
functions which are known to be buggy in lower versions (up to
3.0.7) of the library. Also, the OOH Forms classes are using
constructor syntax, which has been introduced into the PHP
language in 3.0.5 and later versions. An issue with the
$PHP_SELF variable and CGI PHP has been resolved with
version 3.0.5 and later. Perl regular expression functions are
being used in the
Template class and these are not really
avilable up to 3.0.12.
Note: If you are using CGI PHP, it must have been
compiled with the
--enable-force-cgi-redirect switch for
$PHP_SELF to have the correct value.
Basically, if PHP_SELF is the exact local part of your $URL, all is well. If it instead contains the modified URL with /your cgi-bin/php prefixed, you have a buggy version of CGI PHP. Either upgrade your version of PHP or replace all occurrences of $PHP_SELF with $PATH_INFO in PHPLIB.
Note: PHPLIB requires that you have
compiled in and enabled.
Note: PHPLIB does not require
short_open_tag to be enabled. The library
<?php as the PHP command introducer.
Note: PHPLIB does not require
magic_quotes_gpc to be enabled. The library
addslashes() when necessary.
The PHP base library requires a database connection in the default setup for storage of session variables, but this can be circumvented by selection another storage container type at installation time. Currently, storage containers are available for SQL databases (the default), SQL databases with limited string length (ct_split_sql.inc), System V shared memory (requires a PHP interpreter with SYSVSHM and SYSVSEM support), LDAP servers (requires a PHP interpreter with LDAP support), flat files, and DBM files.
Using SQL, currently MySQL is fully supported and PostgreSQL, mSQL, Sybase, Microsoft SQL Server, ODBC and Oracle have limited support (the limitation is only relevant if you intend to access metadata information, i.e. table definitions and the like). Database interfaces are not difficult to write and you can easily write your own interface.
You need a database server connection with
delete privileges from your
CGI environment. You need
from an administrative account outside your CGI environment as
PHPLIB core functionality requires two tables as part of your
application table name space:
insert, update and delete privilege required for the application
auth_user (select privilege required for the
application user. insert, update and delete privilege required
for the application user if user management is to be done from
within the application).
Extended functionality may require additional tables.
PHPLIB tries to be as name space neutral as possible with its
core features. Is issues no HTML by default and it occupies only
few names in the global name space. These are the class names
for the classes defined:
User. Additionally, the classnames
defined by the sample setup in
local.inc, but these names
can and shall be customized by the application developer. PHPLIB
defines the function names
sess_save() for the page management functions. The
global variable $_PHPLIB (a hash) is taken. Only if
page_open() is being used, globals are defined by
the library by default, but one global for each "feature"
requested in the
page_open() statement is taken.
These are at most
Including extension functionality or HTML widgets may occupy additional classnames, function names or variables in the global name space.
PHPLIB uses date fields within the column
changed in the
active_sessions in your database. The
changed field is used in garbage collection, that is, to
clean out abandoned sessions. The date field is a 14 character
field of the format
YYYYMMDDhhmmss, that is, the date field
has four digit years and will cope properly with the new
PHPLIB sets cookies in the client browser. These cookies by default have session lifetime, that is, they do not expire but are not written to disk. Date calculations are not involved.
It is possible to have PHPLIB set cookies with a limited lifetime by defining the $lifetime slot of the Session class. If this is done, it depends on the date handling of the client browser and client operating system, if the result is Y2K compliant. There are known issues with longterm cookies and any browser on MS-DOS/Windows 3.11 systems.
PHPLIB does some date arithmetic internally that involves mktime() and date() functions of the PHP3 language and Unix time_t data types. The signed 32 bit Unix time_t data type counts seconds since 01-Jan-1970 Midnight GMT and will overflow sometime in the year 2038.
PHPLIB itself will function up to 2038 and longer, if the Unix time_t is being extended in time. PHPLIB does not protect you from date and Y2K issues in your PHPLIB application, the PHP3 interpreter, the server operating system oder server software, the client browser, the client operating system or other parts of your installation.
mod_php note: The following instructions apply
to the CGI version of PHP as well as to the module version. If
you are working with
mod_php, you must restart your
web server to force a reload of the
php3.ini file, though.
If you are using
mod_php, you have additional
configuration options: See the section below on using PHPLIB
Create a directory php next to your cgi:
/home/www/servers/phplib.netuse.de/pages <- document root cgi <- php binary php <- includes and prepends
Make this php directory your php include directory: Put
include_path = /home/www/servers/phplib.netuse.de/php
cgi/php3.ini. If you already have an include path
defined in your setup, add the PHPLIB include path to the
existing include path using the separator character applicable
for your operating system (":" on UNIX, ";" on Windows).
Defining an include path will not actually include code on your
pages; it only tells the PHP interpreter in which directories to
look for files referenced in
php directory go all the files from the
directory of the distribution. Into documentroot, put all the
files and directories from the
pages directory of the
documentation.txt handy and read it.
The following information applies to MySQL only. No information is provided for other database servers as of now. You are encouraged to copy this section, adapt it for your database server and submit it to the authors. It will be included in further releases of PHPLIB.
prepend.php3. Change the first
require("db_mysql.inc");. This will
include the MySQL database interface (Interfaces for other
databases are provided in
statement has to be adapted to reflect this).
Assuming your database server is named
and your CGI user is
webuser and you are accessing the
mysql -h database -u webuser myapp
If it does not work, connect your database as administrator and
create the proper mysql access permissions. Adapt and run
create_database.mysql from the
subdirectory of the distribution to create the databases
auth_user as well as
the sample user
kris with password
test. Try again to
connect like shown above. Can you do
select * from
active_sessions values ("1", "2", "3", "") as well as
delete from active_sessions? Can you
Note: Additional database creation scripts are provided for
several different databases in the
stuff directory of the
Decide if you want to use
auto_prepend_file. We do use
here and we add the statement
/home/www/servers/phplib.netuse.de/php/prepend.php3 to our
Not all classes are included/required by
core functionality files are:
page.inc. The library provides other, less essential
classes that can be included manually on a page-by-page basis.
Some classes make themselves persistent, if used. These classes
require that you include their definitions in the
prepend.php3 file where indicated to function correctly.
See the usage instructions for these classes for details.
Having done this, access
/index.php3. The counter
should increment when that page is being reloaded. Also, checking
active_sessions in the database should reflect that
Subscribe to the mailing list
email@example.com. Do so by sending a mail body of
firstname.lastname@example.org and follow instructions. Share your
If you do not want to use
auto_prepend_file to load the
PHPLIB core functionality, you can load the class definitions
for the core manually on each page that requires them.
You will have to define a valid
include_path=-statement in your
as outlined previously to reflect the location of the
files. Then, all core functionality can be loaded with
include("prepend.php3") as the first statement at the top
of each page.
To further optimize performance, you can minimize the contents
of the prepend file, if you do not need all core functionality.
You may leave out
user.inc, if you do not require these features (note that
there are dependencies among these classes!).
Installing PHPLIB onto a web server that has PHP3 as a module
(actually Apache) mainly differs in where you can set up runtime
settings for PHP3 itself. PHP3 can be compiled with a wealth of
parameters (see the PHP section in
phpinfo()), most of which can
get overridden by the
php3.ini file. The location of this
file is shows as part of the output of
With PHP3 as a module you have a wider choice on placing these
settings: they are overridden, in this order, by what is defined
httpd.conf and in your per-directory
file. Directives in these files are identical to their
php3.ini brothers, but are prefixed with
to avoid clashes with Apache configuration keywords. Also, as
they are Apache configuration keywords, they have no equals
("=") sign in them. If
x=y is a configuration directive
php3.ini, you should be using
within the Apache configuration instead. That is, you should
php3_ to the keyword and omit the equals
sign. If you misspell a configuration directive, you will get an
error 500 from your webserver and find more details about the
error in the logfile you configured with
ErrorLog in your
Example: If below we talk about setting in your
php3.ini the configuration
include_path = "/bla"
mod_php users may alternatively configure in their
httpd.conf the following:
<Directory /home/www/servers/phplib.netuse.de/pages> php3_include_path "/bla" </Directory>
Of special interest to PHPLIB users are the following directives:
;;;;;;;;;;;;;;;;; ; Data Handling ; ;;;;;;;;;;;;;;;;; magic_quotes_gpc = Off ; magic quotes for incoming ; GET/POST/Cookie data magic_quotes_runtime = Off; magic quotes for runtime-generated data, ; e.g. data from SQL, from exec(), etc. magic_quotes_sybase = Off ; Use Sybase-style magic quotes ; (escape ' with '' instead of \') track_vars = On ; enable $PHP_GET_VARS, $PHP_POST_VARS ; and $PHP_COOKIE_VARS arrays ; automatically add files before or after any PHP 3.0 document auto_prepend_file = (add path to prepend.php3 here) auto_append_file = ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; include_path = (add path to the directory with all .inc files)
All of this comes very handy when you have multiple virtual
hosts (e.g. you are an ISP). In this case you can comfortably
place the php3 directives in the
or in an
.htaccess file in the client directory.