1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-25 13:46:50 +02:00
Files
php-phpbb/phpBB/docs/coding-guidelines.html
Meik Sievertsen 01b4145381 - fixed a few bugs
- added user_add() function
- check posted images ([img]) for same domain/scipt and php files
- auth_api.html updated to the coding guidelines look&feel
- introduced ability to force non page-updates (cron is using it)
- correctly resend coppa email


git-svn-id: file:///svn/phpbb/trunk@6048 89ea8834-ac86-4346-8a33-228a782c2dd0
2006-06-11 18:13:52 +00:00

1191 lines
45 KiB
HTML

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Coding Guidelines</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="resource-type" content="document" />
<meta name="description" lang="en" content="Olympus coding guidelines document" />
<meta name="keywords" lang="en" content="" />
<meta name="author" content="phpBB Group" />
<meta name="copyright" content="phpBB Group" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<link rel="shortcut icon" href="" />
<style type="text/css">
<!--
/*
The original "subSilver" theme for phpBB2
Created by subBlue design :: http://www.subBlue.com
*/
body {
background-color: white;
font-family: Verdana, Arial, Helvetica, sans-serif;
margin: 0px;
border: 0px;
padding: 0px;
}
img {
border: 0;
}
p {
font-size: 8pt;
}
hr {
height: 0px;
border: solid #D1D7DC 0px;
border-top-width: 1px;
}
#title, h1 {
font: bold 18pt 'Trebuchet MS', Verdana, sans-serif;
text-decoration: none;
line-height: 120%;
}
h2 {
font: bold 12pt Arial, Helvetica, sans-serif;
text-decoration: none;
line-height: 120%;
}
h3 {
font: bold 10pt Arial, Helvetica, sans-serif;
text-decoration: none;
line-height: 120%;
}
.paragraph {
margin-left: 20px;
}
/*
Structure
*/
#logo {
background: #fff url(header_bg.jpg) repeat-x top right;
height: 60px;
}
#title {
color: #12749b;
float: right;
margin: 10px 10px 0;
}
#main {
margin-left: 25px;
margin-right: 25px;
}
.good {
color: green;
}
.bad {
color: red;
}
#footer {
margin-left: 75px;
font-size: 70%;
color: #006600;
}
code {
color: #006600;
font-weight: normal;
font-family: 'Courier New', monospace;
border-color: #D1D7DC;
border-width: 1px;
border-style: solid;
background-color: #FAFAFA;
}
.indent p {
padding-left: 20px;
font-size: 90%;
}
/*
Anchors
*/
a {
font-size: 70%;
}
a:link, a:active, a:visited {
color: #006699;
text-decoration: none;
}
a:hover {
color: #DD6900;
text-decoration: underline;
}
a.nav {
color: #006699;
text-decoration: none;
}
a.nav:hover {
text-decoration: underline;
}
p a {
font-size: 100%;
}
.menu {
font-size: 80%;
}
.menu li a {
font-size: 100%;
}
//-->
</style>
<!--[if IE]>
<style type="text/css">
body {
scrollbar-face-color: #DEE3E7;
scrollbar-highlight-color: white;
scrollbar-shadow-color: #DEE3E7;
scrollbar-3dlight-color: #D1D7DC;
scrollbar-arrow-color: #006699;
scrollbar-track-color: #EFEFEF;
scrollbar-darkshadow-color: #98AAB1;
}
</style>
<![endif]-->
</head>
<body>
<div id="logo">
<div id="title">Coding Guidelines</div>
<a href="index.php"><img src="header_left.jpg" alt="phpBB Logo" /></a>
</div>
<a name="top"></a><div id="main">
<p>These are the phpBB Coding Guidelines for Olympus, all attempts should be made to follow it as closely as possible. This document is (c) 2006 phpBB Group, copying or redistribution is not allowed without permission.</p>
<h1>Coding Guidelines</h1>
<ol class="menu">
<li><a href="#defaults">Defaults</a>
<ol type="i">
<li><a href="#editorsettings">Editor Settings</a></li>
<li><a href="#fileheader">File Header</a></li>
<li><a href="#locations">File Locations</a></li>
</ol>
</li>
<li><a href="#code">Code Layout/Guidelines</a>
<ol type="i">
<li><a href="#namingvars">Variable/Function Naming</a></li>
<li><a href="#codelayout">Code Layout</a></li>
<li><a href="#sql">SQL/SQL Layout</a></li>
<li><a href="#optimizing">Optimizations</a></li>
<li><a href="#general">General Guidelines</a></li>
</ol>
</li>
<li><a href="#styling">Styling</a></li>
<li><a href="#templating">Templating</a></li>
<li><a href="#changes">Guidelines Changelog</a></li>
</ol>
<hr />
<a name="defaults"></a><h1>1. Defaults</h1>
<a name="editorsettings"></a><b>1.i. Editor Settings</b>
<br /><br />
<div class="paragraph">
<h3>Tabs vs Spaces:</h3>
<p>In order to make this as simple as possible, we will be using tabs, not spaces. Feel free to set how many spaces your editor uses when it <b>displays</b> tabs, but make sure that when you <b>save</b> the file, it's saving tabs and not spaces. This way, we can each have the code be displayed the way we like it, without breaking the layout of the actual files.</p>
<p>Additionally please check your editor for the indent size. If tabs are set to 4 spaces for example, the indent size needs to be 4 too:</p>
<blockquote><pre>
$mode{TAB}{TAB}= request_var('mode', '');
$search_id{TAB}= request_var('search_id', '');
</pre></blockquote>
<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
<h3>Linefeeds:</h3>
<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="fileheader"></a><b>1.ii. File Header</b>
<br /><br />
<div class="paragraph">
<h3>Standard header for new files:</h3>
<p>This template of the header must be included at the start of all phpBB files: </p>
<blockquote><pre>
/**
*
* @package {PACKAGENAME}
* @version &#36;Id: &#36;
* @copyright (c) 2006 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
</pre></blockquote>
<p>Please see the <a href="#locations">File Locations section</a> for the correct package name.</p>
<h3>Files containing inline code:</h3>
<p>For those files you have to put an empty comment directly after the header to prevent the documentor assigning the header to the first code element found.</p>
<blockquote><pre>
/**
* {HEADER}
*/
/**
*/
{CODE}
</pre></blockquote>
<h3>Files containing only functions:</h3>
<p>Do not forget to comment the functions (especially the first function following the header). Each function should have at least a comment of what this function does. For more complex functions it is recommended to document the parameters too.</p>
<h3>Files containing only classes:</h3>
<p>Do not forget to comment the class. Classes need a seperate @package definition, it is the same as the header package name. Apart from this special case the above statement for files containing only functions needs to be applied to classes and it's methods too.</p>
<h3>Code following the header but only functions/classes file:</h3>
<p>If this case is true, the best method to avoid documentation confusions is adding an ignore command, for example:</p>
<blockquote><pre>
/**
*
* {HEADER}
*
*/
/**
* @ignore
*/
Small code snipped, mostly one or two defines or an if statement
/**
* {DOCUMENTATION}
*/
class ...
</pre></blockquote>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="locations"></a><b>1.iii. File Locations</b>
<br /><br />
<div class="paragraph">
<p>Functions used by more than one page should be placed in functions.php, functions specific to one page should be placed on that page (at the bottom) or within the relevant sections functions file.</p>
<p>The following packages are defined, and related new features/functions should be placed within the mentioned files/locations, as well as specifying the correct package name. The package names are bold within this list:</p>
<ul class="menu">
<li><b>phpBB3</b><br />Core files and all files not assigned to a seperate package</li>
<li><b>acm</b><br /><code>/includes/acm</code><br />Cache System, seperated because of equal class names
<ul>
<li><b>acm_main</b><br /><code>/includes/acm/acm_main.php</code><br />Base caching class. All functions obtaining cached data should be placed into this file</li>
<li><b>acm_db</b><br /><code>/includes/acm/acm_db.php</code><br />Database based caching</li>
<li><b>acm_file</b><br /><code>/includes/acm/acm_file.php</code><br />File based caching</li>
</ul>
</li>
<li><b>acp</b><br /><code>/adm</code>, <code>/includes/acp</code>, <code>/includes/functions_admin.php</code><br />Administration Control Panel</li>
<li><b>dbal</b><br /><code>/includes/db</code><br />Database Abstraction Layer.<br />Base class is <code>dbal</code>
<ul>
<li><b>dbal_firebird</b><br /><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer<br />Minimum Requirement is Firebird 1.5+/Interbase 7.1+</li>
<li><b>dbal_mssql</b><br /><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer<br />Minimum Requirement is MSSQL 2000+</li>
<li><b>dbal_mssql_odbc</b><br /><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL<br />Minimum Requirement is Version 2000+</li>
<li><b>dbal_mysql</b><br /><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer<br />Minimum Requirement is 3.23+/4.0+/4.1+</li>
<li><b>dbal_mysql4</b><br /><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer<br />Minimum Requirement is 4.0+/4.1+/5.0+</li>
<li><b>dbal_mysqli</b><br /><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer<br />Minimum Requirement is MySQLi extension with MySQL 4.1+/5.0+</li>
<li><b>dbal_oracle</b><br /><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li>
<li><b>dbal_postgres</b><br /><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer<br />Minimum Requirement is Version 7.3+</li>
<li><b>dbal_sqlite</b><br /><code>/includes/db/sqlite.php</code><br />Sqlite Database Abstraction Layer</li>
</ul>
</li>
<li><b>docs</b><br /><code>/docs</code><br />phpBB Documentation</li>
<li><b>images</b><br /><code>/images</code><br />All global images not connected to styles</li>
<li><b>install</b><br /><code>/install</code><br />Installation System</li>
<li><b>language</b><br /><code>/language</code><br />All language files</li>
<li><b>login</b><br /><code>/includes/auth</code><br />Login Authentication Plugins</li>
<li><b>mcp</b><br /><code>mcp.php</code>, <code>/includes/mcp</code>, <code>report.php</code><br />Moderator Control Panel</li>
<li><b>ucp</b><br /><code>ucp.php</code>, <code>/includes/ucp</code><br />User Control Panel</li>
<li><b>search</b><br /><code>/includes/search</code>, <code>search.php</code><br />Search System</li>
<li><b>styles</b><br /><code>/styles</code>, <code>style.php</code><br />phpBB Styles/Templates/Themes/Imagesets</li>
</ul>
</div>
<a href="#top">Top</a>
<br /><br />
<hr />
<a name="code"></a><h1>2. Code Layout/Guidelines</h1>
<p>Please note that these Guidelines also applies to javascript code.</p>
<a name="namingvars"></a><b>2.i. Variable/Function Naming</b>
<br /><br />
<div class="paragraph">
<p>We will not be using any form of hungarian notation in our naming conventions. Many of us believe that hungarian naming is one of the primary code obfuscation techniques currently in use.</p>
<h3>Variable Names:</h3>
<p>Variable names should be in all lowercase, with words separated by an underscore, example:</p>
<div class="indent">
<p><code>$current_user</code> is right, but <code>$currentuser</code> and <code> $currentUser</code> are not.</p>
</div>
<p>Names should be descriptive, but concise. We don't want huge sentences as our variable names, but typing an extra couple of characters is always better than wondering what exactly a certain variable is for. </p>
<h3>Loop Indices:</h3>
<p>The <em>only</em> situation where a one-character variable name is allowed is when it's the index for some looping construct. In this case, the index of the outer loop should always be $i. If there's a loop inside that loop, its index should be $j, followed by $k, and so on. If the loop is being indexed by some already-existing variable with a meaningful name, this guideline does not apply, example:</p>
<blockquote><pre>
for ($i = 0; $i &lt; $outer_size; $i++)
{
for ($j = 0; $j &lt; $inner_size; $j++)
{
foo($i, $j);
}
}
</pre></blockquote>
<h3>Function Names:</h3>
<p>Functions should also be named descriptively. We're not programming in C here, we don't want to write functions called things like "stristr()". Again, all lower-case names with words separated by a single underscore character. Function names should preferably have a verb in them somewhere. Good function names are <code>print_login_status()</code>, <code>get_user_data()</code>, etc. </p>
<h3>Function Arguments:</h3>
<p>Arguments are subject to the same guidelines as variable names. We don't want a bunch of functions like: <code>do_stuff($a, $b, $c)</code>. In most cases, we'd like to be able to tell how to use a function by just looking at its declaration. </p>
<h3>Summary:</h3>
<p>The basic philosophy here is to not hurt code clarity for the sake of laziness. This has to be balanced by a little bit of common sense, though; <code>print_login_status_for_a_given_user()</code> goes too far, for example -- that function would be better named <code>print_user_login_status()</code>, or just <code>print_login_status()</code>.</p>
<h3>Special Namings: </h3>
<p>For all emoticons use the term <code>smiley</code> in singular and <code>smilies</code> in plural.</p>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="codelayout"></a><b>2.ii. Code Layout</b>
<br /><br />
<div class="paragraph">
<h3>Always include the braces:</h3>
<p>This is another case of being too lazy to type 2 extra characters causing problems with code clarity. Even if the body of some construct is only one line long, do <em>not</em> drop the braces. Just don't, examples:</p>
<p class="bad">// These are all wrong. </p>
<blockquote><pre>
if (condition) do_stuff();
if (condition)
do_stuff();
while (condition)
do_stuff();
for ($i = 0; $i &lt; size; $i++)
do_stuff($i);
</pre></blockquote>
<p class="good">// These are all right. </p>
<blockquote><pre>
if (condition)
{
do_stuff();
}
while (condition)
{
do_stuff();
}
for ($i = 0; $i &lt; size; $i++)
{
do_stuff();
}
</pre></blockquote>
<h3>Where to put the braces:</h3>
<p>This one is a bit of a holy war, but we're going to use a style that can be summed up in one sentence: Braces always go on their own line. The closing brace should also always be at the same column as the corresponding opening brace, examples:</p>
<blockquote><pre>
if (condition)
{
while (condition2)
{
...
}
}
else
{
...
}
for ($i = 0; $i &lt; $size; $i++)
{
...
}
while (condition)
{
...
}
function do_stuff()
{
...
}
</pre></blockquote>
<h3>Use spaces between tokens:</h3>
<p>This is another simple, easy step that helps keep code readable without much effort. Whenever you write an assignment, expression, etc.. Always leave <em>one</em> space between the tokens. Basically, write code as if it was English. Put spaces between variable names and operators. Don't put spaces just after an opening bracket or before a closing bracket. Don't put spaces just before a comma or a semicolon. This is best shown with a few examples, examples:</p>
<p>// Each pair shows the wrong way followed by the right way. </p>
<blockquote><pre>
$i=0;
$i = 0;
if($i&lt;7) ...
if ($i &lt; 7) ...
if ( ($i &lt; 7)&amp;&amp;($j &gt; 8) ) ...
if ($i &lt; 7 &amp;&amp; $j &gt; 8) ...
do_stuff( $i, "foo", $b );
do_stuff($i, "foo", $b);
for($i=0; $i&lt;$size; $i++) ...
for ($i = 0; $i &lt; $size; $i++) ...
$i=($j &lt; $size)?0:1;
$i = ($j &lt; $size) ? 0 : 1;
</pre></blockquote>
<h3>Operator precedence:</h3>
<p>Do you know the exact precedence of all the operators in PHP? Neither do I. Don't guess. Always make it obvious by using brackets to force the precedence of an equation so you know what it does. Remember to not over-use this, as it may harden the readability. Basically, do not enclose single expressions. Examples:</p>
<p class="bad">// what's the result? who knows. </p>
<blockquote><pre>
$bool = ($i &lt; 7 &amp;&amp; $j &gt; 8 || $k == 4);
</pre></blockquote>
<p class="bad">// now you can be certain what I'm doing here.</p>
<blockquote><pre>
$bool = (($i &lt; 7) &amp;&amp; (($j &lt; 8) || ($k == 4)));
</pre></blockquote>
<p class="good">// But this one is even better, because it is easier on the eye but the intention is preserved</p>
<blockquote><pre>
$bool = ($i &lt; 7 &amp;&amp; ($j &lt; 8 || $k == 4));
</pre></blockquote>
<h3>Quoting strings:</h3>
<p>There are two different ways to quote strings in PHP - either with single quotes or with double quotes. The main difference is that the parser does variable interpolation in double-quoted strings, but not in single quoted strings. Because of this, you should <em>always</em> use single quotes <em>unless</em> you specifically need variable interpolation to be done on that string. This way, we can save the parser the trouble of parsing a bunch of strings where no interpolation needs to be done.</p>
<p>Also, if you are using a string variable as part of a function call, you do not need to enclose that variable in quotes. Again, this will just make unnecessary work for the parser. Note, however, that nearly all of the escape sequences that exist for double-quoted strings will not work with single-quoted strings. Be careful, and feel free to break this guideline if it's making your code easier to read, examples:</p>
<p class="bad">// wrong </p>
<blockquote><pre>
$str = "This is a really long string with no variables for the parser to find.";
do_stuff("$str");
</pre></blockquote>
<p class="good">// right</p>
<blockquote><pre>
$str = 'This is a really long string with no variables for the parser to find.';
do_stuff($str);
</pre></blockquote>
<p class="bad">// Sometimes single quotes are just not right</p>
<blockquote><pre>
$post_url = $phpbb_root_path . 'posting.' . $phpEx . '?mode=' . $mode . '&amp;amp;start=' . $start;
</pre></blockquote>
<p class="good">// Double quotes are sometimes needed to not overcroud the line with concentinations</p>
<blockquote><pre>
$post_url = "{$phpbb_root_path}posting.$phpEx?mode=$mode&amp;amp;start=$start";
</pre></blockquote>
<p>In SQL Statements mixing single and double quotes is partly allowed (following the guidelines listed here about SQL Formatting), else it should be tryed to only use one method - mostly single quotes.</p>
<h3>Associative array keys:</h3>
<p>In PHP, it's legal to use a literal string as a key to an associative array without quoting that string. We don't want to do this -- the string should always be quoted to avoid confusion. Note that this is only when we're using a literal, not when we're using a variable, examples:</p>
<p class="bad">// wrong</p>
<blockquote><pre>
$foo = $assoc_array[blah];
</pre></blockquote>
<p class="good">// right </p>
<blockquote><pre>
$foo = $assoc_array['blah'];
</pre></blockquote>
<h3>Comments:</h3>
<p>Each complex function should be preceded by a comment that tells a programmer everything they need to know to use that function. The meaning of every parameter, the expected input, and the output are required as a minimal comment. The function's behaviour in error conditions (and what those error conditions are) should also be present.<br /><br />Especially important to document are any assumptions the code makes, or preconditions for its proper operation. Any one of the developers should be able to look at any part of the application and figure out what's going on in a reasonable amount of time. Avoid using <code>/* */</code> comment blocks for one-line comments, <code>//</code> should be used for one/two-liners.</p>
<h3>Magic numbers:</h3>
<p>Don't use them. Use named constants for any literal value other than obvious special cases. Basically, it's ok to check if an array has 0 elements by using the literal 0. It's not ok to assign some special meaning to a number and then use it everywhere as a literal. This hurts readability AND maintainability. The constants <code>true</code> and <code>false</code> should be used in place of the literals 1 and 0 -- even though they have the same values (but not type!), it's more obvious what the actual logic is when you use the named constants. Typecast variables where it is needed, do not rely on the correct variable type (PHP is currently very loose on typecasting which can lead to security problems if a developer does not have a very close eye to it).</p>
<h3>Shortcut operators:</h3>
<p>The only shortcut operators that cause readability problems are the shortcut increment <code>$i++</code> and decrement <code>$j--</code> operators. These operators should not be used as part of an expression. They can, however, be used on their own line. Using them in expressions is just not worth the headaches when debugging, examples:</p>
<p class="bad">// wrong </p>
<blockquote><pre>
$array[++$i] = $j;
$array[$i++] = $k;
</pre></blockquote>
<p class="good">// right </p>
<blockquote><pre>
$i++;
$array[$i] = $j;
$array[$i] = $k;
$i++;
</pre></blockquote>
<h3>Inline conditionals:</h3>
<p>Inline conditionals should only be used to do very simple things. Preferably, they will only be used to do assignments, and not for function calls or anything complex at all. They can be harmful to readability if used incorrectly, so don't fall in love with saving typing by using them, examples:</p>
<p class="bad">// Bad place to use them</p>
<blockquote><pre>
($i &lt; $size &amp;&amp; $j &gt; $size) ? do_stuff($foo) : do_stuff($bar);
</pre></blockquote>
<p class="good">// OK place to use them </p>
<blockquote><pre>
$min = ($i &lt; $j) ? $i : $j;
</pre></blockquote>
<h3>Don't use uninitialized variables.</h3>
<p>For phpBB3, we intend to use a higher level of run-time error reporting. This will mean that the use of an uninitialized variable will be reported as a warning. These warnings can be avoided by using the built-in isset() function to check whether a variable has been set, examples:</p>
<p class="bad">// Wrong </p>
<blockquote><pre>
if ($forum) ...
</pre></blockquote>
<p class="good">// Right </p>
<blockquote><pre>
if (isset($forum)) ...
</pre></blockquote>
<p class="good">// Also possible</p>
<blockquote><pre>
if (isset($forum) &amp;&amp; $forum == 5)
</pre></blockquote>
<h3>Switch statements:</h3>
<p>Switch/case code blocks can get a bit long sometimes. To have some level of notice and being in-line with the opening/closing brace requirement (where they are on the same line for better readability), this also applies to switch/case code blocks and the breaks. An example:</p>
<p class="bad">// Wrong </p>
<blockquote><pre>
switch ($mode)
{
case 'mode1':
// I am doing something here
break;
case 'mode2':
// I am doing something completely different here
break;
}
</pre></blockquote>
<p class="good">// Good </p>
<blockquote><pre>
switch ($mode)
{
case 'mode1':
// I am doing something here
break;
case 'mode2':
// I am doing something completely different here
break;
default:
// Always assume that the case got not catched
break;
}
</pre></blockquote>
<p class="good">// Also good, if you have more code between the case and the break </p>
<blockquote><pre>
switch ($mode)
{
case 'mode1':
// I am doing something here
break;
case 'mode2':
// I am doing something completely different here
break;
default:
// Always assume that the case got not catched
break;
}
</pre></blockquote>
<p>Even if the break for the default case is not needed, it is sometimes better to include it just for readability and completeness.</p>
<p>If no break is intended, please add a comment instead. An example:</p>
<p class="good">// Example with no break </p>
<blockquote><pre>
switch ($mode)
{
case 'mode1':
// I am doing something here
// no break here
case 'mode2':
// I am doing something completely different here
break;
default:
// Always assume that the case got not catched
break;
}
</pre></blockquote>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="sql"></a><b>2.iii. SQL/SQL Layout</b>
<br /><br />
<div class="paragraph">
<h3>Common SQL Guidelines: </h3>
<p>All SQL should be cross-DB compatible, if DB specific SQL is used alternatives must be provided which work on all supported DB's (MySQL3/4/5, MSSQL (7.0 and 2000), PostgreSQL (7.0+), Firebird, SQLite, Oracle8, ODBC (generalised if possible, otherwise DB2)).</p>
<p>All SQL commands should utilise the DataBase Abstraction Layer (DBAL)</p>
<h3>SQL code layout:</h3>
<p>SQL Statements are often unreadable without some formatting, since they tend to be big at times. Though the formatting of sql statements adds a lot to the readability of code. SQL statements should be formatted in the following way, basically writing keywords: </p>
<blockquote><pre>
$sql = 'SELECT *
&lt;-one tab-&gt;FROM ' . SOME_TABLE . '
&lt;-one tab-&gt;WHERE a = 1
&lt;-two tabs-&gt;AND (b = 2
&lt;-three tabs-&gt;OR b = 3)
&lt;-one tab-&gt;ORDER BY b';
</pre></blockquote>
<p>Here the example with the tabs applied:</p>
<blockquote><pre>
$sql = 'SELECT *
FROM ' . SOME_TABLE . '
WHERE a = 1
AND (b = 2
OR b = 3)
ORDER BY b';
</pre></blockquote>
<h3>SQL Quotes: </h3>
<p>Double quotes where applicable ... examples: </p>
<p class="bad">// These are wrong.</p>
<blockquote><pre>
"UPDATE " . SOME_TABLE . " SET something = something_else WHERE a = $b";
'UPDATE ' . SOME_TABLE . ' SET something = ' . $user_id . ' WHERE a = ' . $something;
</pre></blockquote>
<p class="good">// These are right. </p>
<blockquote><pre>
'UPDATE ' . SOME_TABLE . " SET something = something_else WHERE a = $b";
'UPDATE ' . SOME_TABLE . " SET something = $user_id WHERE a = $something";
</pre></blockquote>
<p>In other words use single quotes where no variable substitution is required or where the variable involved shouldn't appear within double quotes. Otherwise use double quotes.</p>
<h3>Common DBAL methods: </h3>
<p>Always use <code>$db-&gt;sql_escape()</code> if you need to check for a string within an SQL statement (even if you are sure the variable can not contain single quotes - never trust your input), for example:</p>
<blockquote><pre>
$sql = 'SELECT *
FROM ' . SOME_TABLE . "
WHERE username = '" . $db-&gt;sql_escape($username) . "'";
</pre></blockquote>
<p>If you need to UPDATE or INSERT data, make use of the <code>$db-&gt;sql_build_array()</code> function. This function already escapes strings and checkes other types, so there is no need to do this here. The data to be inserted should go into an array - <code>$sql_ary</code> - or directly within the statement if one one or two variables needs to be inserted/updated. An example of an insert statement would be:</p>
<blockquote><pre>
$sql_ary = array(
'somedata' => $my_string,
'otherdata' => $an_int,
'moredata' => $another_int
);
$db-&gt;sql_query('INSERT INTO ' . SOME_TABLE . ' ' . $db-&gt;sql_build_array('INSERT', $sql_ary));
</pre></blockquote>
<p>To complete the example, this is how an update statement would look like:</p>
<blockquote><pre>
$sql_ary = array(
'somedata' => $my_string,
'otherdata' => $an_int,
'moredata' => $another_int
);
$sql = 'UPDATE ' . SOME_TABLE . '
SET ' . $db-&gt;sql_build_array('UPDATE', $sql_ary) . "
WHERE user_id = $user_id";
$db-&gt;sql_query($sql);
</pre></blockquote>
<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="optimizing"></a><b>2.iv. Optimizations</b>
<br /><br />
<div class="paragraph">
<h3>Operations in loop definition: </h3>
<p>Always try to optimize your loops if operations are going on at the comparing part, since this part is executed every time the loop is parsed through. For assignments a descriptive name should be chosen. Example:</p>
<p class="bad">// On every iteration the sizeof function is called</p>
<blockquote><pre>
for ($i = 0; $i &lt; sizeof($post_data); $i++)
{
do_something();
}
</pre></blockquote>
<p class="good">// You are able to assign the (not changing) result within the loop itself</p>
<blockquote><pre>
for ($i = 0, $size = sizeof($post_data); $i &lt; $size; $i++)
{
do_something();
}
</pre></blockquote>
<h3>Use of in_array(): </h3>
<p>Try to avoid using in_array() on huge arrays, and try to not place them into loops if the array to check consist of more than 20 entries. in_array() can be very time consuming and uses a lot of cpu processing time. For little checks it is not noticable, but if checked against a huge array within a loop those checks alone can be a bunch of seconds.</p>
</div>
<a href="#top">Top</a>
<br /><br />
<a name="general"></a><b>2.v. General Guidelines</b>
<br /><br />
<div class="paragraph">
<h3>General things:</h3>
<p>Never trust user input.</p>
<p>The auth class should be used for all authorisation checking</p>
<p>No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to)</p>
<h3>Variables: </h3>
<p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params. </p>
<p>The request_var function determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the request_var function explicitly. Examples:</p>
<p class="bad">// Old method, do not use it</p>
<blockquote><pre>
$start = (isset($HTTP_GET_VARS['start'])) ? intval($HTTP_GET_VARS['start']) : intval($HTTP_POST_VARS['start']);
$submit = (isset($HTTP_POST_VARS['submit'])) ? true : false;
</pre></blockquote>
<p class="good">// Use request var and define a default variable (use the correct type)</p>
<blockquote><pre>
$start = request_var('start', 0);
$submit = (isset($_POST['submit'])) ? true : false;
</pre></blockquote>
<p class="bad">// $start is an int, the following use of request_var therefore is not allowed</p>
<blockquote><pre>
$start = request_var('start', '0');
</pre></blockquote>
<p class="good">// Getting an array, keys are integers, value defaults to 0</p>
<blockquote><pre>
$mark_array = request_var('mark', array(0));
</pre></blockquote>
<p class="good">// Getting an array, keys are strings, value defaults to 0</p>
<blockquote><pre>
$action_ary = request_var('action', array('' => 0));
</pre></blockquote>
<h3>Login checks/redirection: </h3>
<p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p>
<p>The <code>login_box()</code> function could have a redirect as the first parameter. As a thumb of rule, specify an empty string if you want to redirect to the users current location, else do not add the <code>$SID</code> to the redirect string (for example within the ucp/login we redirect to the board index because else the user would be redirected to the login screen).</p>
<h3>Sensitive Operations: </h3>
<p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p>
<h3>Sessions: </h3>
<p>Sessions should be initiated on each page, as near the top as possible using the following code:</p>
<blockquote><pre>
$user->session_begin();
$auth->acl($user->data);
$user->setup();
</pre></blockquote>
<p>The <code>$user->setup()</code> call can be used to pass on additional language definitions and a custom style (used in viewforum).</p>
<h3>Errors and messages: </h3>
<p>All messages/errors should be output by calling <code>trigger_error()</code> using the appropriate message type and language string. Example:</p>
<blockquote><pre>
trigger_error('NO_FORUM');
</pre></blockquote>
<h3>Url formatting</h3>
<p>All urls pointing to internal files need to be prepended by the <code>$phpbb_root_path</code> variable. Within the administration control panel all urls pointing to internal files need to be prepended by the <code>$phpbb_admin_path</code> variable. This makes sure the path is always correct and users being able to just rename the admin folder and the acp still working as intended.</p>
<h3>General function usage: </h3>
<p>Some of these functions are only chosen over others because of a personal preference and are having no other benefit than to be consistant over the code.</p>
<ul>
<li>
<p>Use <code>sizeof</code> instead of <code>count</code></p>
</li>
<li>
<p>Use <code>strpos</code> instead of <code>strstr</code></p>
</li>
<li>
<p>Use <code>else if</code> instead of <code>elseif</code></p>
</li>
</ul>
</div>
<a href="#top">Top</a>
<br /><br />
<hr />
<a name="styling"></a><h1>3. Styling</h1>
<div class="paragraph">
<h3>General things</h3>
<p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms).</p>
<p>The outer table class <code>forumline</code> has gone and is replaced with <code>tablebg</code>.</p>
<p>When writing <code>&lt;table&gt;</code> the order <code>&lt;table class="" cellspacing="" cellpadding="" border="" align=""&gt;</code> creates consistency and allows everyone to easily see which table produces which "look". The same applies to most other tags for which additional parameters can be set, consistency is the major aim here.</p>
<p>Each block level element should be indented by one tab, same for tabular elements, e.g. <code>&lt;tr&gt;</code> <code>&lt;td&gt;</code> etc., whereby the intendiation of <code>&lt;table&gt;</code> and the following/ending <code>&lt;tr&gt;</code> should be on the same line. This applies not to div elements of course.</p>
<p>Don't use <code>&lt;span&gt;</code> more than is essential ... the CSS is such that text sizes are dependent on the parent class. So writing <code>&lt;span class="gensmall"&gt;&lt;span class="gensmall"&gt;TEST&lt;/span&gt;&lt;/span&gt;</code> will result in very very small text. Similarly don't use span at all if another element can contain the class definition, e.g.</p>
<blockquote><pre>
&lt;td&gt;&lt;span class=&quot;gensmall&quot;&gt;TEST&lt;/span&gt;&lt;/td&gt;
</pre></blockquote>
<p>can just as well become:</p>
<blockquote><pre>
&lt;td class=&quot;gensmall&quot;&gt;TEST&lt;/td&gt;
</pre></blockquote>
<p>Try to match text class types with existing useage, e.g. don't use the nav class where viewtopic uses gensmall for example.</p>
<p>Row colours/classes are now defined by the template, use an <code>IF S_ROW_COUNT</code> switch, see viewtopic or viewforum for an example.</p>
<p>Remember block level ordering is important ... while not all pages validate as XHTML 1.0 Strict compliant it is something we're trying to work too.</p>
<p>Use a standard cellpadding of 2 and cellspacing of 0 on outer tables. Inner tables can vary from 0 to 3 or even 4 depending on the need.</p>
<p>Use div container for styling and table for data representation</p>
<p>The seperate catXXXX and thXXX classes are gone. When defining a header cell just use <code>&lt;th&gt;</code> rather than <code>&lt;th class="thHead"&gt;</code> etc. Similarly for cat, don't use <code>&lt;td class="catLeft"&gt;</code> use <code>&lt;td class="cat"&gt;</code> etc.</p>
<p>Try to retain consistency of basic layout and class useage, i.e. _EXPLAIN text should generally be placed below the title it explains, e.g. <code>{L_POST_USERNAME}&lt;br /&gt;&lt;span class="gensmall"&gt;{L_POST_USERNAME_EXPLAIN}&lt;/span&gt;</code> is the typical way of handling this ... there may be exceptions and this isn't a hard and fast rule</p>
<p>Try to keep template conditional and other statements tabbed in line with the block to which they refer.</p>
<p class="bad">this is incorrect</p>
<blockquote><pre>
&lt;!-- BEGIN test --&gt;
&lt;tr&gt;
&lt;td&gt;&#123;test.TEXT&#125;&lt;/td&gt;
&lt;/tr&gt;
&lt;!-- END test --&gt;
</pre></blockquote>
<p class="good">this is correct:</p>
<blockquote><pre>
&lt;!-- BEGIN test --&gt;
&lt;tr&gt;
&lt;td&gt;&#123;test.TEXT&#125;&lt;/td&gt;
&lt;/tr&gt;
&lt;!-- END test --&gt;
</pre></blockquote>
<p>it gives immediate feedback on exactly what is looping.</p>
</div>
<a href="#top">Top</a>
<br /><br />
<hr />
<a name="templating"></a><h1>4. Templating</h1>
<div class="paragraph">
<h3>File naming</h3>
<p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lifes of some people easier wrt syntax highlighting, etc.</p>
<h3>Variables</h3>
<p>All template variables should be named appropriately (using underscores for spaces), language entries should be prefixed with L_, system data with S_, urls with U_, all other variables should be presented 'as is'.</p>
<p>Note that unlike 2.0.x most language strings are not assigned from the source. When a language variable is found {L_YYYYYY} phpBB first looks if an assigned variable exists with that name. If it does, it uses that. If not it looks if an exsting string defined in the language file exists. This should reduce the need to assign loads of new lang vars in Mods.</p>
<h3>Blocks</h3>
<p>The basic block level loop remains and takes the form:</p>
<blockquote><pre>
&lt;!-- BEGIN loopname --&gt;
markup, {loopname&#46;X_YYYYY}, etc&#46;
&lt;!-- END loopname --&gt;
</pre></blockquote>
<p>However this has now been extended with the following additions. Firstly you can set the start and end points of the loop. For example:</p>
<blockquote><pre>
&lt;!-- BEGIN loopname(2) --&gt;
markup
&lt;!-- END loopname --&gt;
</pre></blockquote>
<p>Will start the loop on the third entry (note that indexes start at zero). Extensions of this are:
<br /><br />
<code>loopname(2,4)</code>: Starts loop on third values, ends on fourth<br />
<code>loopname(-4)</code>: Starts loop fourth from last value<br />
<code>loopname(2, -4)</code>: Starts loop on third value, ends four from end<br />
<br />Note that the indexing method may change since it's not really consistent at this time :)</p>
<p>A further extension to begin is BEGINELSE:</p>
<blockquote><pre>
&lt;!-- BEGIN loop --&gt;
markup
&lt;!-- BEGINELSE --&gt;
markup
&lt;!-- END loop --&gt;
</pre></blockquote>
<p>This will cause the markup between <code>BEGINELSE</code> and <code>END</code> to be output if the loop contains no values. This is useful for forums with no topics (for example) ... in some ways it replaces &quot;bits of&quot; the existing &quot;switch_&quot; type control (the rest being replaced by conditionals, see below).</p>
<h3>Including files</h3>
<p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>
<blockquote><pre>
&lt;!-- INCLUDE filename --&gt;
</pre></blockquote>
<p>You will note in the 3.0 templates the major sources start with <code>&lt;!-- INCLUDE overall_header.html --&gt;</code> or <code>&lt;!-- INCLUDE simple_header.html --&gt;</code>, etc. In 2.0.x control of &quot;which&quot; header to use was defined entirely within the code. In 3.0.x the template designer can output what they like. Note that you can introduce new templates (i.e. other than those in the default set) using this system and include them as you wish ... perhaps useful for a common &quot;menu&quot; bar or some such. No need to modify loads of files as with 2.0.x.</p>
<h3>PHP</h3>
<p>A contentious decision has seen the ability to include PHP within the template introduced. This is achieved by enclosing the PHP within relevant tags:</p>
<blockquote><pre>
&lt;!-- PHP --&gt;
echo &quot;hello!&quot;;
&lt;!-- ENDPHP --&gt;
</pre></blockquote>
<p>You may also include PHP from an external file using:</p>
<blockquote><pre>
&lt;!-- INCLUDEPHP somefile&#46;php --&gt;
</pre></blockquote>
<p>it will be included and executed inline.<br /><br />A note, it is very much encouraged that template designers do not include PHP. The ability to include raw PHP was introduced primarily to allow end users to include banner code, etc. without modifying multiple files (as with 2.0.x). It was not intended for general use ... hence <!-- w --><a href="http://www.phpbb.com">www.phpbb.com</a><!-- w --> will <strong>not</strong> make available template sets which include PHP. And by default templates will have PHP disabled (the admin will need to specifically activate PHP for a template).</p>
<h3>Conditionals/Control structures</h3>
<p>The most significant addition to 3.0.x are conditions or control structures, &quot;if something then do this else do that&quot;. The system deployed is very similar to Smarty. This may confuse some people at first but it offers great potential and great flexibility with a little imagination. In their most simple form these constructs take the form:</p>
<blockquote><pre>
&lt;!-- IF expr --&gt;<br />markup<br />&lt;!-- ENDIF --&gt;
</pre></blockquote>
<p>expr can take many forms, for example:</p>
<blockquote><pre>
&lt;!-- IF loop&#46;S_ROW_COUNT is even --&gt;
markup
&lt;!-- ENDIF --&gt;
</pre></blockquote>
<p>This will output the markup if the S_ROW_COUNT variable in the current iteration of loop is an even value (i.e. the expr is TRUE). You can use various comparison methods (standard as well as equivalent textual versions noted in square brackets) including:</p>
<blockquote><pre>
== [eq]
!= [neq, ne]
&lt;&gt; (same as !=)
!== (not equivalent in value and type)
=== (equivalent in value and type)
&gt; [gt]
&lt; [lt]
&gt;= [gte]
&lt;= [lte]
&amp;&amp; [and]
|| [or]
% [mod]
! [not]
+
-
*
/
&lt;&lt; (bitwise shift left)
&gt;&gt; (bitwise shift right)
| (bitwise or)
^ (bitwise xor)
&amp; (bitwise and)
~ (bitwise not)
is (can be used to join comparison operations)
</pre></blockquote>
<p>Basic parenthesis can also be used to enforce good old BODMAS rules. Additionally some basic comparison types are defined:</p>
<blockquote><pre>
even
odd
div
</pre></blockquote>
<p>Beyond the simple use of IF you can also do a sequence of comparisons using the following:</p>
<blockquote><pre>
&lt;!-- IF expr1 --&gt;
markup
&lt;!-- ELSEIF expr2 --&gt;
markup
&#46;
&#46;
&#46;
&lt;!-- ELSEIF exprN --&gt;
markup
&lt;!-- ELSE --&gt;
markup
&lt;!-- ENDIF --&gt;
</pre></blockquote>
<p>Each statement will be tested in turn and the relevant output generated when a match (if a match) is found. It is not necessary to always use ELSEIF, ELSE can be used alone to match &quot;everything else&quot;.<br /><br />So what can you do with all this? Well take for example the colouration of rows in viewforum. In 2.0.x row colours were predefined within the source as either row color1, row color2 or row class1, row class2. In 3.0.x this is moved to the template, it may look a little daunting at first but remember control flows from top to bottom and it's not too difficult:</p>
<blockquote><pre>
&lt;table&gt;
&lt;!-- IF loop&#46;S_ROW_COUNT is even --&gt;
&lt;tr class=&quot;row1&quot;&gt;
&lt;!-- ELSE --&gt;
&lt;tr class=&quot;row2&quot;&gt;
&lt;!-- ENDIF --&gt;
&lt;td&gt;HELLO!&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
</pre></blockquote>
<p>This will cause the row cell to be output using class row1 when the row count is even, and class row2 otherwise. The S_ROW_COUNT parameter gets assigned to loops by default. Another example would be the following: </p>
<blockquote><pre>
&lt;table&gt;
&lt;!-- IF loop&#46;S_ROW_COUNT &gt; 10 --&gt;
&lt;tr bgcolor=&quot;#FF0000&quot;&gt;
&lt;!-- ELSEIF loop&#46;S_ROW_COUNT &gt; 5 --&gt;
&lt;tr bgcolor=&quot;#00FF00&quot;&gt;
&lt;!-- ELSEIF loop&#46;S_ROW_COUNT &gt; 2 --&gt;
&lt;tr bgcolor=&quot;#0000FF&quot;&gt;
&lt;!-- ELSE --&gt;
&lt;tr bgcolor=&quot;#FF00FF&quot;&gt;
&lt;!-- ENDIF --&gt;
&lt;td&gt;hello!&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
</pre></blockquote>
<p>This will output the row cell in purple for the first two rows, blue for rows 2 to 5, green for rows 5 to 10 and red for remainder. So, you could produce a &quot;nice&quot; gradient effect, for example.<br /><br />What else can you do? Well, you could use IF to do common checks on for example the login state of a user:</p>
<blockquote><pre>
&lt;!-- IF S_USER_LOGGED_IN --&gt;
markup
&lt;!-- ENDIF --&gt;
</pre></blockquote>
<p>This replaces the existing (fudged) method in 2.0.x using a zero length array and BEGIN/END.</p>
</div>
<a href="#top">Top</a>
<br /><br />
<hr />
<a name="changes"></a><h1>5. Guidelines Changelog</h1>
<div class="paragraph">
<h2>Revision 1.5</h2>
<ul class="menu">
<li>Changed General function usage paragraph in <a href="#general">2.v. General Guidelines</a></li>
</ul>
</div>
<a href="#top">Top</a>
</div>
<div id="footer"> $Id$
<br /><br />
</div>
</body>
</html>