The following sections discuss the installation, verification and layout of PHPLIB: How to install PHPLIB? Which functionality and class definitions are contained in which files? How do you layout a web server with PHPLIB installed? Which installation options are available and how do these affect performance?
PHPLIB contains a set of core classes and functions that offer session tracking, per-session and per-user persistent variables, user authentication and permission checking. Building upon this core functionality, PHPLIB offers a set of commonly needed "background" classes and a set of "HTML widgets", classes that allow you to quickly generate HTML based user interfaces.
All PHPLIB definitions are designed that you don't need to
change any of these files. Your customization of PHPLIB can be
contained in two or three files, depending on the setup:
local.inc, setup.inc and, in some cases,
prepend.php3. You NEVER need to change any other file
with PHPLIB. Details are outlined below.
The following three files are the only files from PHPLIB that require changes in normal PHPLIB applications.
local.inc:Your application will almost certainly not work with the default values supplied by the above classes. You are supposed to extend the classes described below as you see fit.
In your subclasses, you only have to specify what is different in your application. These are things like database host names, database names, table names and username/password combinations. You need to provide login screen definitions (HTML) and user validation functions (SQL) to make the example work.
The distribution provides a local.inc to illustrate
a typical setup. These definitions are also needed to get
the administration and testing scripts provided with the
distribution to run.
The file is required and you must change it for your setup.
setup.inc:The Session class provides the ability to execute
initialization code at session setup. See the class
description for instructions on how to set this up.
Per convention, we store such code in setup.inc
in the include directory. The code is being executed
whenever a new user connection to out application and
a new session is started.
The file is optional. No default is provided.
prepend.php3The file prepend.php3 determines which code is being
loaded for all PHP3 interpreted pages. Normally, we include
the class definitions for all core classes in this file:
db_mysql.inc, session.inc, auth.inc,
perm.inc, user.inc, then your local customizations
from local.inc and the page management functions from
page.inc.
You must change prepend.php3 to reflect the database
interface that you are using: Change the require
statement for db_mysql.inc appropriately.
If you are not using some core features from PHPLIB in your
application or if you want some other features to be present
on all your pages, you can delete or add require
statements for their respective include files here.
The file is required. You must change it for your setup, unless you are using MySQL.
The following files are included from prepend.php3 and
provide definitions for the core classes of PHPLIB. We recommend
that you always include all of them, as they are a tightly
integrated set of classes with many dependencies among them.
DB_Sql defined in exactly one of
db_mysql.inc, db_msql.inc, db_pgsql.inc,
db_odbc.inc, db_sybase.inc, db_mssql.inc,
db_oracle.inc or db_oci8.inc:
A database access class for your database server. PHPLIB
depends on the presence of a SQL database server. Depending
on the type of your database server, you have to select the
appropriate include file. The file contains the definition of
a class DB_Sql suitable for your database server.
The class manages a database connection (connection setup is implicit) and result memory is managed automatically.
An independent class.
Session defined in session.inc:Manages an arbitrary amount of arbitrarily named session
variables of scalar, array and object types (Object support
requires that you implement two instance variables in your
classes). Tracks sessions via cookies or a get-variable
appended to each URL.
Depends on DB_Sql.
Auth defined in auth.inc:Manages session authentication. Sessions are authenticated against usernames and passwords in a database. Authentication can be time limited.
Depends on Session and DB_Sql.
Perm defined in perm.inc:Manages permission checks on authenticated session pages. Protected pages are only accessible to users with the specified rights.
Depends on Auth, Session and DB_Sql.
User defined in user.inc:Manages user dependent variables. Unlike session variables these are bound to a user id, not to a session id. They are persistent over multiple sessions, but are only available after a user has been authenticated.
Depends on Auth, Session and DB_Sql,
extension of Session.
page_open() and page_close()
defined in page.inc:Setup and Shutdown functions, must be present on any session page.
Depend on Session.
The extended functionality classes offer GUI-less background features that are commonly needed in HTML-applications. They may make use of core functionality (indicated for each class below).
Cart in cart.inc:Manages a simple shopping cart. Items can be put into the cart, taken out of the cart and the carts contents can be enumerated.
Depends on Session to be useful. Requires that you add the
statement require("cart.inc") to prepend.php3.
Template in template.inc:Manages templates and variable replacement. Templates can be stored in files. They are loaded on demand and variables are replaced in these files.
An independent class. Requires that you add the statement
require("template.inc") to prepend.php3 or that
you include it manually on each page where you want to use it.
HTML widgets are classes that generate some HTML-code (often forms or tables) to display GUI-elements. We try to provide functionality commonly used in applications, in a way that the actual look of the GUI-elements can be easily customized.
CSV_Table in csv_table.inc:Creates a dump of a two dimensional array or a query result in CSV format, suitable for loading into a database or a spreadsheet program.
Depends on Table, extension of Table.
Sql_Query in sql_query.inc:Create a selection widget that allows a user to choose arbitrary conditions on one or more table columns. SQL is being created from these selections that can be used in the where-clause of a larger SQL select statement.
Depends on Session and DB_Sql. Requires that
you add the statement require("sqlquery.inc") to
prepend.php3.
Table in table.inc:Creates HTML tables from two dimensional arrays or from database query results. The class can either filter out the desired columns from an array or you can explicitly name which columns to show. A heading can be turned on if desired. All generated HTML elements are tagged with a classname you specify for stylesheet support, if needed. When used in a form tag, each table row can be prefixed with a checkbox input element to allow for row selection.
An independent class.
Form in oohforms.inc:Creates HTML forms from feature->value arrays. This provides a single syntax for creating all of the different types of form elements. The class provides easy access to Javascript and server side validation, and supports 'freezing' some or all of the form elements to display static data. In addition, the library relies on object oriented implementations for the various form elements and these can easily be extended and customized.
An independent class.
The base library is supplied at the PHP Base Library download location. Two different formats are provided: A tar.gz version and a shar version.
If you are on a windows system, you can use phplib.tar.gz, if you have WinZIP installed. Current versions of WinZIP know how to handle compressed tar archives. The uncompressed files may be installed on your windows system or transferred to your Unix system.
If you can't handle binary files, you may download phplib.shar.
This is a pure ASCII file containing a self extracting shell
script. Just save the file, make it executable and feed it to
your Unix shell (for example, by typing sh phplib.shar).
The
PHPLIB support mailing list is available should you run into problems
with the library. To subscribe send the command subscribe
to
the mailing list subscription address.
The PHP base library requires a working web server with CGI
capability and the CGI version of PHP 3.0.12 or higher
installed. Alternatively mod_php can be used. Lower
versions of PHP do not work at all: The session class uses the
base64_encode() and base64_decode()
functions which are known to be buggy in lower versions (up to
3.0.7) of the library. Also, the OOH Forms classes are using
constructor syntax, which has been introduced into the PHP
language in 3.0.5 and later versions. An issue with the
$PHP_SELF variable and CGI PHP has been resolved with
version 3.0.5 and later. Perl regular expression functions are
being used in the Template class and these are not really
avilable up to 3.0.12.
Note: If you are using CGI PHP, it must have been
compiled with the --enable-force-cgi-redirect switch for
$PHP_SELF to have the correct value.
Basically, if PHP_SELF is the exact local part of your $URL, all is well. If it instead contains the modified URL with /your cgi-bin/php prefixed, you have a buggy version of CGI PHP. Either upgrade your version of PHP or replace all occurrences of $PHP_SELF with $PATH_INFO in PHPLIB.
Note: PHPLIB requires that you have track_vars
compiled in and enabled.
Note: PHPLIB does not require
short_open_tag to be enabled. The library
always uses <?php as the PHP command introducer.
Note: PHPLIB does not require
magic_quotes_gpc to be enabled. The library
always uses addslashes() when necessary.
The PHP base library requires a database connection in the default setup for storage of session variables, but this can be circumvented by selection another storage container type at installation time. Currently, storage containers are available for SQL databases (the default), SQL databases with limited string length (ct_split_sql.inc), System V shared memory (requires a PHP interpreter with SYSVSHM and SYSVSEM support), LDAP servers (requires a PHP interpreter with LDAP support), flat files, and DBM files.
Using SQL, currently MySQL is fully supported and PostgreSQL, mSQL, Sybase, Microsoft SQL Server, ODBC and Oracle have limited support (the limitation is only relevant if you intend to access metadata information, i.e. table definitions and the like). Database interfaces are not difficult to write and you can easily write your own interface.
You need a database server connection with select,
insert, update and delete privileges from your
CGI environment. You need create and drop privileges
from an administrative account outside your CGI environment as
well.
PHPLIB core functionality requires two tables as part of your
application table name space: active_sessions (select,
insert, update and delete privilege required for the application
user) and auth_user (select privilege required for the
application user. insert, update and delete privilege required
for the application user if user management is to be done from
within the application).
Extended functionality may require additional tables.
PHPLIB tries to be as name space neutral as possible with its
core features. Is issues no HTML by default and it occupies only
few names in the global name space. These are the class names
for the classes defined: DB_Sql, DB_SAM,
CT_Sql, Session, Auth, Perm,
User. Additionally, the classnames DB_Example,
Example_CT_Sql, Example_Session,
Example_Auth,
Example_Challenge_Auth,
Example_Perm and Example_User are
defined by the sample setup in local.inc, but these names
can and shall be customized by the application developer. PHPLIB
defines the function names page_open(),
page_close, sess_load() and
sess_save() for the page management functions. The
global variable $_PHPLIB (a hash) is taken. Only if
page_open() is being used, globals are defined by
the library by default, but one global for each "feature"
requested in the page_open() statement is taken.
These are at most $sess, $user, $auth and
$perm.
Including extension functionality or HTML widgets may occupy additional classnames, function names or variables in the global name space.
PHPLIB uses date fields within the column changed in the
table active_sessions in your database. The
changed field is used in garbage collection, that is, to
clean out abandoned sessions. The date field is a 14 character
field of the format YYYYMMDDhhmmss, that is, the date field
has four digit years and will cope properly with the new
millennium.
PHPLIB sets cookies in the client browser. These cookies by default have session lifetime, that is, they do not expire but are not written to disk. Date calculations are not involved.
It is possible to have PHPLIB set cookies with a limited lifetime by defining the $lifetime slot of the Session class. If this is done, it depends on the date handling of the client browser and client operating system, if the result is Y2K compliant. There are known issues with longterm cookies and any browser on MS-DOS/Windows 3.11 systems.
PHPLIB does some date arithmetic internally that involves mktime() and date() functions of the PHP3 language and Unix time_t data types. The signed 32 bit Unix time_t data type counts seconds since 01-Jan-1970 Midnight GMT and will overflow sometime in the year 2038.
PHPLIB itself will function up to 2038 and longer, if the Unix time_t is being extended in time. PHPLIB does not protect you from date and Y2K issues in your PHPLIB application, the PHP3 interpreter, the server operating system oder server software, the client browser, the client operating system or other parts of your installation.
mod_php note: The following instructions apply
to the CGI version of PHP as well as to the module version. If
you are working with mod_php, you must restart your
web server to force a reload of the php3.ini file, though.
If you are using mod_php, you have additional
configuration options: See the section below on using PHPLIB
mit mod_php.
Create a directory php next to your cgi:
/home/www/servers/phplib.netuse.de/pages <- document root
cgi <- php binary
php <- includes and prepends
Make this php directory your php include directory: Put
include_path = /home/www/servers/phplib.netuse.de/php
into cgi/php3.ini. If you already have an include path
defined in your setup, add the PHPLIB include path to the
existing include path using the separator character applicable
for your operating system (":" on UNIX, ";" on Windows).
Defining an include path will not actually include code on your
pages; it only tells the PHP interpreter in which directories to
look for files referenced in require() and include()
statements.
Into the php directory go all the files from the php
directory of the distribution. Into documentroot, put all the
files and directories from the pages directory of the
distribution.
Have documentation.txt handy and read it.
The following information applies to MySQL only. No information is provided for other database servers as of now. You are encouraged to copy this section, adapt it for your database server and submit it to the authors. It will be included in further releases of PHPLIB.
Edit prepend.php3. Change the first require()
statement to require("db_mysql.inc");. This will
include the MySQL database interface (Interfaces for other
databases are provided in
db_<databasename>.inc. The require()
statement has to be adapted to reflect this).
Assuming your database server is named database.netuse.de
and your CGI user is webuser and you are accessing the
database myapp, do
mysql -h database -u webuser myapp
If it does not work, connect your database as administrator and
create the proper mysql access permissions. Adapt and run
create_database.mysql from the stuff
subdirectory of the distribution to create the databases
active_sessions and auth_user as well as
the sample user kris with password test. Try again to
connect like shown above. Can you do select * from
active_sessions? and insert into
active_sessions values ("1", "2", "3", "") as well as
delete from active_sessions? Can you select *
from auth_user?
Note: Additional database creation scripts are provided for
several different databases in the stuff directory of the
distribution.
Decide if you want to use include or
auto_prepend_file. We do use
auto_prepend_file
here and we add the statement
auto_prepend_file =
/home/www/servers/phplib.netuse.de/php/prepend.php3 to our
php3.ini.
Not all classes are included/required by prepend.php3, only
core functionality files are: db_xxx.inc,
ct_sql.inc, session.inc,
auth.inc, perm.inc, user.inc, local.inc and
page.inc. The library provides other, less essential
classes that can be included manually on a page-by-page basis.
Some classes make themselves persistent, if used. These classes
require that you include their definitions in the
prepend.php3 file where indicated to function correctly.
See the usage instructions for these classes for details.
Having done this, access /index.php3. The counter
should increment when that page is being reloaded. Also, checking
active_sessions in the database should reflect that
session.
Subscribe to the mailing list
phplib@lists.netuse.de. Do so by sending a mail body of subscribe
to
phplib-request@lists.netuse.de and follow instructions. Share your
experiences.
include() instead of auto_prepend_file=
If you do not want to use auto_prepend_file to load the
PHPLIB core functionality, you can load the class definitions
for the core manually on each page that requires them.
You will have to define a valid
include_path=-statement in your php3.ini file
as outlined previously to reflect the location of the *.inc
files. Then, all core functionality can be loaded with
include("prepend.php3") as the first statement at the top
of each page.
To further optimize performance, you can minimize the contents
of the prepend file, if you do not need all core functionality.
You may leave out auth.inc, perm.inc and
user.inc, if you do not require these features (note that
there are dependencies among these classes!).
Installing PHPLIB onto a web server that has PHP3 as a module
(actually Apache) mainly differs in where you can set up runtime
settings for PHP3 itself. PHP3 can be compiled with a wealth of
parameters (see the PHP section in phpinfo()), most of which can
get overridden by the php3.ini file. The location of this
file is shows as part of the output of phpinfo().
With PHP3 as a module you have a wider choice on placing these
settings: they are overridden, in this order, by what is defined
in httpd.conf and in your per-directory .htaccess
file. Directives in these files are identical to their
php3.ini brothers, but are prefixed with php_
to avoid clashes with Apache configuration keywords. Also, as
they are Apache configuration keywords, they have no equals
("=") sign in them. If x=y is a configuration directive
from php3.ini, you should be using php3_x y
within the Apache configuration instead. That is, you should
prepend php3_ to the keyword and omit the equals
sign. If you misspell a configuration directive, you will get an
error 500 from your webserver and find more details about the
error in the logfile you configured with ErrorLog in your
webserver setup.
Example: If below we talk about setting in your
php3.ini the configuration
include_path = "/bla"
mod_php users may alternatively configure in their
httpd.conf the following:
<Directory /home/www/servers/phplib.netuse.de/pages>
php3_include_path "/bla"
</Directory>
Of special interest to PHPLIB users are the following directives:
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
magic_quotes_gpc = Off ; magic quotes for incoming
; GET/POST/Cookie data
magic_quotes_runtime = Off; magic quotes for runtime-generated data,
; e.g. data from SQL, from exec(), etc.
magic_quotes_sybase = Off ; Use Sybase-style magic quotes
; (escape ' with '' instead of \')
track_vars = On ; enable $PHP_GET_VARS[], $PHP_POST_VARS[]
; and $PHP_COOKIE_VARS[] arrays
; automatically add files before or after any PHP 3.0 document
auto_prepend_file = (add path to prepend.php3 here)
auto_append_file =
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
include_path = (add path to the directory with all .inc files)
All of this comes very handy when you have multiple virtual
hosts (e.g. you are an ISP). In this case you can comfortably
place the php3 directives in the <VirtualHost> block
or in an .htaccess file in the client directory.