Next Previous Contents

2. Overview and Installation

The following sections discuss the installation, verification and layout of PHPLIB: How to install PHPLIB? Which functionality and class definitions are contained in which files? How do you layout a web server with PHPLIB installed? Which installation options are available and how do these affect performance?

2.1 Files, classes and functions

PHPLIB contains a set of core classes and functions that offer session tracking, per-session and per-user persistent variables, user authentication and permission checking. Building upon this core functionality, PHPLIB offers a set of commonly needed "background" classes and a set of "HTML widgets", classes that allow you to quickly generate HTML based user interfaces.

All PHPLIB definitions are designed that you don't need to change any of these files. Your customization of PHPLIB can be contained in two or three files, depending on the setup:, and, in some cases, prepend.php3. You NEVER need to change any other file with PHPLIB. Details are outlined below.


The following three files are the only files from PHPLIB that require changes in normal PHPLIB applications.

Application configuration in

Your application will almost certainly not work with the default values supplied by the above classes. You are supposed to extend the classes described below as you see fit.

In your subclasses, you only have to specify what is different in your application. These are things like database host names, database names, table names and username/password combinations. You need to provide login screen definitions (HTML) and user validation functions (SQL) to make the example work.

The distribution provides a to illustrate a typical setup. These definitions are also needed to get the administration and testing scripts provided with the distribution to run.

The file is required and you must change it for your setup.

Application setup in

The Session class provides the ability to execute initialization code at session setup. See the class description for instructions on how to set this up.

Per convention, we store such code in in the include directory. The code is being executed whenever a new user connection to out application and a new session is started.

The file is optional. No default is provided.

Selection of automatically loaded classes in prepend.php3

The file prepend.php3 determines which code is being loaded for all PHP3 interpreted pages. Normally, we include the class definitions for all core classes in this file:,,,,, then your local customizations from and the page management functions from

You must change prepend.php3 to reflect the database interface that you are using: Change the require statement for appropriately.

If you are not using some core features from PHPLIB in your application or if you want some other features to be present on all your pages, you can delete or add require statements for their respective include files here.

The file is required. You must change it for your setup, unless you are using MySQL.

Core functionality

The following files are included from prepend.php3 and provide definitions for the core classes of PHPLIB. We recommend that you always include all of them, as they are a tightly integrated set of classes with many dependencies among them.

Class DB_Sql defined in exactly one of,,,,,, or

A database access class for your database server. PHPLIB depends on the presence of a SQL database server. Depending on the type of your database server, you have to select the appropriate include file. The file contains the definition of a class DB_Sql suitable for your database server.

The class manages a database connection (connection setup is implicit) and result memory is managed automatically.

An independent class.

Class Session defined in

Manages an arbitrary amount of arbitrarily named session variables of scalar, array and object types (Object support requires that you implement two instance variables in your classes). Tracks sessions via cookies or a get-variable appended to each URL.

Depends on DB_Sql.

Class Auth defined in

Manages session authentication. Sessions are authenticated against usernames and passwords in a database. Authentication can be time limited.

Depends on Session and DB_Sql.

Class Perm defined in

Manages permission checks on authenticated session pages. Protected pages are only accessible to users with the specified rights.

Depends on Auth, Session and DB_Sql.

Class User defined in

Manages user dependent variables. Unlike session variables these are bound to a user id, not to a session id. They are persistent over multiple sessions, but are only available after a user has been authenticated.

Depends on Auth, Session and DB_Sql, extension of Session.

functions page_open() and page_close() defined in

Setup and Shutdown functions, must be present on any session page.

Depend on Session.

Extended functionality

The extended functionality classes offer GUI-less background features that are commonly needed in HTML-applications. They may make use of core functionality (indicated for each class below).

Cart in

Manages a simple shopping cart. Items can be put into the cart, taken out of the cart and the carts contents can be enumerated.

Depends on Session to be useful. Requires that you add the statement require("") to prepend.php3.

Template in

Manages templates and variable replacement. Templates can be stored in files. They are loaded on demand and variables are replaced in these files.

An independent class. Requires that you add the statement require("") to prepend.php3 or that you include it manually on each page where you want to use it.

HTML widgets

HTML widgets are classes that generate some HTML-code (often forms or tables) to display GUI-elements. We try to provide functionality commonly used in applications, in a way that the actual look of the GUI-elements can be easily customized.

CSV_Table in

Creates a dump of a two dimensional array or a query result in CSV format, suitable for loading into a database or a spreadsheet program.

Depends on Table, extension of Table.

Sql_Query in

Create a selection widget that allows a user to choose arbitrary conditions on one or more table columns. SQL is being created from these selections that can be used in the where-clause of a larger SQL select statement.

Depends on Session and DB_Sql. Requires that you add the statement require("") to prepend.php3.

Table in

Creates HTML tables from two dimensional arrays or from database query results. The class can either filter out the desired columns from an array or you can explicitly name which columns to show. A heading can be turned on if desired. All generated HTML elements are tagged with a classname you specify for stylesheet support, if needed. When used in a form tag, each table row can be prefixed with a checkbox input element to allow for row selection.

An independent class.

Form in

Creates HTML forms from feature->value arrays. This provides a single syntax for creating all of the different types of form elements. The class provides easy access to Javascript and server side validation, and supports 'freezing' some or all of the form elements to display static data. In addition, the library relies on object oriented implementations for the various form elements and these can easily be extended and customized.

An independent class.

2.2 Downloading and unpacking the distribution

The base library is supplied at the PHP Base Library download location. Two different formats are provided: A tar.gz version and a shar version.

If you are on a windows system, you can use phplib.tar.gz, if you have WinZIP installed. Current versions of WinZIP know how to handle compressed tar archives. The uncompressed files may be installed on your windows system or transferred to your Unix system.

If you can't handle binary files, you may download phplib.shar. This is a pure ASCII file containing a self extracting shell script. Just save the file, make it executable and feed it to your Unix shell (for example, by typing sh phplib.shar).

The PHPLIB support mailing list is available should you run into problems with the library. To subscribe send the command subscribe to the mailing list subscription address.

2.3 Requirements and things to check for

Interpreter requirements

The PHP base library requires a working web server with CGI capability and the CGI version of PHP 3.0.12 or higher installed. Alternatively mod_php can be used. Lower versions of PHP do not work at all: The session class uses the base64_encode() and base64_decode() functions which are known to be buggy in lower versions (up to 3.0.7) of the library. Also, the OOH Forms classes are using constructor syntax, which has been introduced into the PHP language in 3.0.5 and later versions. An issue with the $PHP_SELF variable and CGI PHP has been resolved with version 3.0.5 and later. Perl regular expression functions are being used in the Template class and these are not really avilable up to 3.0.12.

Note: If you are using CGI PHP, it must have been compiled with the --enable-force-cgi-redirect switch for $PHP_SELF to have the correct value.

Basically, if PHP_SELF is the exact local part of your $URL, all is well. If it instead contains the modified URL with /your cgi-bin/php prefixed, you have a buggy version of CGI PHP. Either upgrade your version of PHP or replace all occurrences of $PHP_SELF with $PATH_INFO in PHPLIB.

Note: PHPLIB requires that you have track_vars compiled in and enabled.

Note: PHPLIB does not require short_open_tag to be enabled. The library always uses <?php as the PHP command introducer.

Note: PHPLIB does not require magic_quotes_gpc to be enabled. The library always uses addslashes() when necessary.

Database requirements

The PHP base library requires a database connection in the default setup for storage of session variables, but this can be circumvented by selection another storage container type at installation time. Currently, storage containers are available for SQL databases (the default), SQL databases with limited string length (, System V shared memory (requires a PHP interpreter with SYSVSHM and SYSVSEM support), LDAP servers (requires a PHP interpreter with LDAP support), flat files, and DBM files.

Using SQL, currently MySQL is fully supported and PostgreSQL, mSQL, Sybase, Microsoft SQL Server, ODBC and Oracle have limited support (the limitation is only relevant if you intend to access metadata information, i.e. table definitions and the like). Database interfaces are not difficult to write and you can easily write your own interface.

You need a database server connection with select, insert, update and delete privileges from your CGI environment. You need create and drop privileges from an administrative account outside your CGI environment as well.

PHPLIB core functionality requires two tables as part of your application table name space: active_sessions (select, insert, update and delete privilege required for the application user) and auth_user (select privilege required for the application user. insert, update and delete privilege required for the application user if user management is to be done from within the application).

Extended functionality may require additional tables.

Name space requirements

PHPLIB tries to be as name space neutral as possible with its core features. Is issues no HTML by default and it occupies only few names in the global name space. These are the class names for the classes defined: DB_Sql, DB_SAM, CT_Sql, Session, Auth, Perm, User. Additionally, the classnames DB_Example, Example_CT_Sql, Example_Session, Example_Auth, Example_Challenge_Auth, Example_Perm and Example_User are defined by the sample setup in, but these names can and shall be customized by the application developer. PHPLIB defines the function names page_open(), page_close, sess_load() and sess_save() for the page management functions. The global variable $_PHPLIB (a hash) is taken. Only if page_open() is being used, globals are defined by the library by default, but one global for each "feature" requested in the page_open() statement is taken. These are at most $sess, $user, $auth and $perm.

Including extension functionality or HTML widgets may occupy additional classnames, function names or variables in the global name space.

Year 2000 compliance statement

PHPLIB uses date fields within the column changed in the table active_sessions in your database. The changed field is used in garbage collection, that is, to clean out abandoned sessions. The date field is a 14 character field of the format YYYYMMDDhhmmss, that is, the date field has four digit years and will cope properly with the new millennium.

PHPLIB sets cookies in the client browser. These cookies by default have session lifetime, that is, they do not expire but are not written to disk. Date calculations are not involved.

It is possible to have PHPLIB set cookies with a limited lifetime by defining the $lifetime slot of the Session class. If this is done, it depends on the date handling of the client browser and client operating system, if the result is Y2K compliant. There are known issues with longterm cookies and any browser on MS-DOS/Windows 3.11 systems.

PHPLIB does some date arithmetic internally that involves mktime() and date() functions of the PHP3 language and Unix time_t data types. The signed 32 bit Unix time_t data type counts seconds since 01-Jan-1970 Midnight GMT and will overflow sometime in the year 2038.

PHPLIB itself will function up to 2038 and longer, if the Unix time_t is being extended in time. PHPLIB does not protect you from date and Y2K issues in your PHPLIB application, the PHP3 interpreter, the server operating system oder server software, the client browser, the client operating system or other parts of your installation.

2.4 Installation procedure

mod_php note: The following instructions apply to the CGI version of PHP as well as to the module version. If you are working with mod_php, you must restart your web server to force a reload of the php3.ini file, though.

If you are using mod_php, you have additional configuration options: See the section below on using PHPLIB mit mod_php.

Library Setup

Create a directory php next to your cgi:

/home/www/servers/   <- document root
                                   cgi     <- php binary
                                   php     <- includes and prepends

Make this php directory your php include directory: Put include_path = /home/www/servers/ into cgi/php3.ini. If you already have an include path defined in your setup, add the PHPLIB include path to the existing include path using the separator character applicable for your operating system (":" on UNIX, ";" on Windows). Defining an include path will not actually include code on your pages; it only tells the PHP interpreter in which directories to look for files referenced in require() and include() statements.

Into the php directory go all the files from the php directory of the distribution. Into documentroot, put all the files and directories from the pages directory of the distribution.

Have documentation.txt handy and read it.

Database access with MySQL

The following information applies to MySQL only. No information is provided for other database servers as of now. You are encouraged to copy this section, adapt it for your database server and submit it to the authors. It will be included in further releases of PHPLIB.

Edit prepend.php3. Change the first require() statement to require("");. This will include the MySQL database interface (Interfaces for other databases are provided in db_<databasename>.inc. The require() statement has to be adapted to reflect this).

Assuming your database server is named and your CGI user is webuser and you are accessing the database myapp, do

mysql -h database -u webuser myapp

If it does not work, connect your database as administrator and create the proper mysql access permissions. Adapt and run create_database.mysql from the stuff subdirectory of the distribution to create the databases active_sessions and auth_user as well as the sample user kris with password test. Try again to connect like shown above. Can you do select * from active_sessions? and insert into active_sessions values ("1", "2", "3", "") as well as delete from active_sessions? Can you select * from auth_user?

Note: Additional database creation scripts are provided for several different databases in the stuff directory of the distribution.

Merging the library with your PHP files

Decide if you want to use include or auto_prepend_file. We do use auto_prepend_file here and we add the statement auto_prepend_file = /home/www/servers/ to our php3.ini.

Not all classes are included/required by prepend.php3, only core functionality files are:,,,,,, and The library provides other, less essential classes that can be included manually on a page-by-page basis. Some classes make themselves persistent, if used. These classes require that you include their definitions in the prepend.php3 file where indicated to function correctly. See the usage instructions for these classes for details.

Having done this, access /index.php3. The counter should increment when that page is being reloaded. Also, checking active_sessions in the database should reflect that session.

Subscribe for support

Subscribe to the mailing list Do so by sending a mail body of subscribe to and follow instructions. Share your experiences.

2.5 Using include() instead of auto_prepend_file=

If you do not want to use auto_prepend_file to load the PHPLIB core functionality, you can load the class definitions for the core manually on each page that requires them.

You will have to define a valid include_path=-statement in your php3.ini file as outlined previously to reflect the location of the *.inc files. Then, all core functionality can be loaded with include("prepend.php3") as the first statement at the top of each page.

To further optimize performance, you can minimize the contents of the prepend file, if you do not need all core functionality. You may leave out, and, if you do not require these features (note that there are dependencies among these classes!).

2.6 PHPLIB with mod_php (Apache module)

Installing PHPLIB onto a web server that has PHP3 as a module (actually Apache) mainly differs in where you can set up runtime settings for PHP3 itself. PHP3 can be compiled with a wealth of parameters (see the PHP section in phpinfo()), most of which can get overridden by the php3.ini file. The location of this file is shows as part of the output of phpinfo().

With PHP3 as a module you have a wider choice on placing these settings: they are overridden, in this order, by what is defined in httpd.conf and in your per-directory .htaccess file. Directives in these files are identical to their php3.ini brothers, but are prefixed with php_ to avoid clashes with Apache configuration keywords. Also, as they are Apache configuration keywords, they have no equals ("=") sign in them. If x=y is a configuration directive from php3.ini, you should be using php3_x y within the Apache configuration instead. That is, you should prepend php3_ to the keyword and omit the equals sign. If you misspell a configuration directive, you will get an error 500 from your webserver and find more details about the error in the logfile you configured with ErrorLog in your webserver setup.

Example: If below we talk about setting in your php3.ini the configuration

include_path = "/bla"

mod_php users may alternatively configure in their httpd.conf the following:

<Directory /home/www/servers/>
php3_include_path "/bla"

Of special interest to PHPLIB users are the following directives:

; Data Handling ;
magic_quotes_gpc = Off    ; magic quotes for incoming 
                          ; GET/POST/Cookie data
magic_quotes_runtime = Off; magic quotes for runtime-generated data,
                          ; e.g. data from SQL, from exec(), etc.
magic_quotes_sybase = Off ; Use Sybase-style magic quotes 
                          ; (escape ' with '' instead of \')
track_vars = On           ; enable $PHP_GET_VARS[], $PHP_POST_VARS[] 
                          ; and $PHP_COOKIE_VARS[] arrays

; automatically add files before or after any PHP 3.0 document
auto_prepend_file = (add path to prepend.php3 here)
auto_append_file  =

; Paths and Directories ;
include_path      = (add path to the directory with all .inc files)

All of this comes very handy when you have multiple virtual hosts (e.g. you are an ISP). In this case you can comfortably place the php3 directives in the <VirtualHost> block or in an .htaccess file in the client directory.

Next Previous Contents