+<p>These are the phpBB Coding Guidelines for Olympus, all attempts should be made to follow it as closely as possible. This document is (c) 2006 phpBB Group, copying or redistribution is not allowed without permission.</p>

+ <li><a href="#changes">Guidelines Changelog</a></li>

+ <p>Additionally please check your editor for the indent size. If tabs are set to 4 spaces for example, the indent size needs to be 4 too:</p>

+

+ <blockquote><pre>

+$mode{TAB}{TAB}= request_var('mode', '');

+$search_id{TAB}= request_var('search_id', '');

+ </blockquote></pre>

+

+ <p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>

+* @copyright (c) 2006 phpBB Group

+ <li><b>acm_main</b><br /><code>/includes/acm/acm_main.php</code><br />Base caching class. All functions obtaining cached data should be placed into this file</li>

+ <li><b>acp</b><br /><code>/adm</code>, <code>/includes/acp</code>, <code>/includes/functions_admin.php</code><br />Administration Control Panel</li>

+ <li><b>dbal</b><br /><code>/includes/db</code><br />Database Abstraction Layer.<br />Base class is <code>dbal</code>

+ <li><b>dbal_mssql_odbc</b><br /><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL<br />Minimum Requirement is Version 2000+</li>

+ <li><b>dbal_mysql4</b><br /><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer<br />Minimum Requirement is 4.0+/4.1+/5.0+</li>

+ <li><b>dbal_mysqli</b><br /><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer<br />Minimum Requirement is MySQLi extension with MySQL 4.1+/5.0+</li>

+ <li><b>docs</b><br /><code>/docs</code><br />phpBB Documentation</li>

+ <li><b>images</b><br /><code>/images</code><br />All global images not connected to styles</li>

+ <li><b>install</b><br /><code>/install</code><br />Installation System</li>

+ <li><b>language</b><br /><code>/language</code><br />All language files</li>

+ <li><b>mcp</b><br /><code>mcp.php</code>, <code>/includes/mcp</code>, <code>report.php</code><br />Moderator Control Panel</li>

+ <li><b>search</b><br /><code>/includes/search</code>, <code>search.php</code><br />Search System</li>

+ <li><b>styles</b><br /><code>/styles</code>, <code>style.php</code><br />phpBB Styles/Templates/Themes/Imagesets</li>

+ <p>Please note that these Guidelines also applies to js code.</p>

+

+for ($i = 0; $i &lt; $size; $i++) ...

+$bool = (($i &lt; 7) &amp;&amp; (($j &lt; 8) || ($k == 4)));

+$bool = ($i &lt; 7 &amp;&amp; ($j &lt; 8 || $k == 4));

+ <h3>Switch statements:</h3>

+ <p>Switch/case code blocks can get a bit long sometimes. To have some level of notice and being in-line with the opening/closing brace requirement (where they are on the same line for better readability), this also applies to switch/case code blocks and the breaks. An example:</p>

+

+ <p class="bad">// Wrong </p>

+ <blockquote><pre>

+switch ($mode)

+{

+ case 'mode1':

+ // I am doing something here

+ break;

+ case 'mode2':

+ // I am doing something completely different here

+ break;

+}

+ </pre></blockquote>

+

+ <p class="good">// Good </p>

+ <blockquote><pre>

+switch ($mode)

+{

+ case 'mode1':

+ // I am doing something here

+ break;

+

+ case 'mode2':

+ // I am doing something completely different here

+ break;

+

+ default:

+ // Always assume that the case got not catched

+ break;

+}

+ </pre></blockquote>

+

+ <p class="good">// Also good, if you have more code between the case and the break </p>

+ <blockquote><pre>

+switch ($mode)

+{

+ case 'mode1':

+

+ // I am doing something here

+

+ break;

+

+ case 'mode2':

+

+ // I am doing something completely different here

+

+ break;

+

+ default:

+

+ // Always assume that the case got not catched

+

+ break;

+}

+ </pre></blockquote>

+

+ <p>Even if the break for the default case is not needed, it is sometimes better to include it just for readability and completeness.</p>

+

+ <p>If no break is intended, please add a comment instead. An example:</p>

+

+ <p class="good">// Example with no break </p>

+ <blockquote><pre>

+switch ($mode)

+{

+ case 'mode1':

+

+ // I am doing something here

+

+ // no break here

+

+ case 'mode2':

+

+ // I am doing something completely different here

+

+ break;

+

+ default:

+

+ // Always assume that the case got not catched

+

+ break;

+}

+ </pre></blockquote>

+

+ <p>SQL Statements are often unreadable without some formatting, since they tend to be big at times. Though the formatting of sql statements adds a lot to the readability of code. SQL statements should be formatted in the following way, basically writing keywords: </p>

+ <p>Always use <code>$db-&gt;sql_escape()</code> if you need to check for a string within an SQL statement (even if you are sure the variable can not contain single quotes - never trust your input), for example:</p>

+ <p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>

+

+ <p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params. </p>

+ <p>The request_var function determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the request_var function explicitly. Examples:</p>

+ <p class="good">// Getting an array, keys are integers, value defaults to 0

+ <blockquote><pre>

+$mark_array = request_var('mark', array(0));

+ </blockquote></pre>

+

+ <p class="good">// Getting an array, keys are strings, value defaults to 0

+ <blockquote><pre>

+$action_ary = request_var('action', array('' => 0));

+ </blockquote></pre>

+

+ <h3>Sensitive Operations: </h3>

+ <h3>Url formatting</h3>

+

+ <p>All urls pointing to internal files need to be prepended by the <code>$phpbb_root_path</code> variable. Within the administration control panel all urls pointing to internal files need to be prepended by the <code>$phpbb_admin_path</code> variable. This makes sure the path is always correct and users being able to just rename the admin folder and the acp still working as intended.</p>

+

+ <p>Use <code>sizeof</code> instead of <code>count</code>, this is just a general preference and guideline and has no other benefit than to be consistent.</p>

+<br /><br />

+

+<a name="changes"></a><h1>5. Guidelines Changelog</h1>

+<div class="paragraph">

+

+<h2>Revision 1.7</h2>

+

+<ul class="menu">

+ <li>Updated <a href="#locations">1.iii. File Locations</a> to reflect recent updates</li>

+ <li>Added paragraph about switch statements to <a href="#codelayout">2.ii. Code Layout</a></li>

+ <li>Updated <a href="#sql">2.iii. SQL/SQL Layout</a></li>

+ <li>Added paragraph about url formatting to <a href="#general">2.v. General Guidelines</a></li>

+</ul>

+

+<h2>Revision 1.6</h2>

+

+<ul class="menu">

+ <li>Added more information to Tabs vs. Spaces paragraph</li>

+</ul>

+

+<h2>Revision 1.5</h2>

+

+<ul class="menu">

+ <li>$user->start now $user->session_begin</li>

+</ul>

+

+<h2>Revision 1.3</h2>

+

+<ul class="menu">

+ <li>Updated Section 1.iii. - dbal layout</li>

+ <li>Extended Section 2.v. - usage of request_var()</li>

+</ul>

+

+</div>

+<a href="#top">Top</a>

+

+ redirect($config['upload_path'] . '/' . $attachment['physical_filename']);

+ 'send_encoding' => array('lang' => 'SEND_ENCODING', 'type' => 'radio:yes_no', 'explain' => true),

+ 'ranks_path' => array('lang' => 'RANKS_PATH', 'type' => 'text:20:255', 'explain' => true),

+

+ 'legend3' => 'SERVER_URL_SETTINGS',

+ 'force_server_vars' => array('lang' => 'FORCE_SERVER_VARS', 'type' => 'radio:yes_no', 'explain' => true),

+ 'server_protocol' => array('lang' => 'SERVER_PROTOCOL', 'type' => 'text:10:10', 'explain' => true),

+ 'server_name' => array('lang' => 'SERVER_NAME', 'type' => 'text:40:255', 'explain' => true),

+ 'server_port' => array('lang' => 'SERVER_PORT', 'type' => 'text:5:5', 'explain' => true),

+// 'script_path' => array('lang' => 'SCRIPT_PATH', 'type' => 'text::255', 'explain' => true),

+

+ $action = key(request_var('action', array('' => 0)));

+

+* Generate board url (example: http://www.foo.bar/phpBB)

+ global $config, $user;

+

+ $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');

+ $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');

+

+ $url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name;

+ // Forcing server vars is the only way to specify/override the protocol

+ if ($config['force_server_vars'] || !$server_name)

+ {

+ $server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://');

+ $server_name = $config['server_name'];

+ $server_port = (int) $config['server_port'];

+

+ $url = $server_protocol . $server_name;

+ }

+ if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))

+ {

+ $url .= ':' . $server_port;

+ }

+

+ $url .= $user->page['root_script_path'];

+

+ return $url;

+* Do not prepend url with $phpbb_root_path

+* If not prefixed by / or full url given the board url will be prefixed

+ $url = generate_board_url() . '/' . $url;

+ /**

+ * Make sure no HTTP Response Splitting attacks are possible

+ */

+

+ // re-add $SID / transform & to &amp; for user->page (user->page is always using &)

+ $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&amp;', $user->page['page']);

+ $u_action = (strpos($use_page, 'sid=') === false) ? ((strpos($use_page, '?') !== false) ? str_replace('?', $SID . '&amp;', $use_page) : $use_page . '?' . str_replace('?', '', $SID)) : $use_page;

+ $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;

+ // We just use what the session code determined...

+ $redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']);

+ 'SCRIPT_NAME' => str_replace($phpEx, '', $user->page['page_name']),

+

+ // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)

+ $this->root_path = str_replace('\\', '/', $this->root_path);

+ global $user;

+

+ return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $user->page['root_script_path'], 'port' => 21, 'timeout' => 10);

+ $db->sql_freeresult($result);

+ $db->sql_freeresult($result);

+ $redirect = request_var('redirect', "index.$phpEx$SID");

+ trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $phpbb_root_path . $redirect . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&amp;f=" . $forum_id . '">', '</a>'));

+ $redirect = request_var('redirect', "index.$phpEx$SID");

+ if (preg_match('#' . preg_quote(generate_board_url(), '#') . '/([^ \t\n\r<"\']+)#i', $url) ||

+ $this->magic_url(generate_board_url());

+ function magic_url($server_url)

+ $match[] = '#(^|[\n ]|\()(' . preg_quote($server_url, '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i';

+ global $config, $auth, $user, $phpbb_root_path, $phpEx;

+ include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

+

+ var $page = array();

+ * Extract current session page

+ */

+ function extract_current_page($root_path)

+ {

+ $page_array = array();

+

+ // First of all, get the request uri...

+ $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');

+ $args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING'));

+

+ // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...

+ if (!$script_name)

+ {

+ $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');

+ $page['failover'] = 1;

+ }

+

+ // Replace backslashes and doubled slashes (could happen on some proxy setups)

+ $script_name = str_replace(array('\\', '//'), '/', $script_name);

+

+ // Now, remove the sid and let us get a clean query string...

+ foreach ($args as $key => $argument)

+ {

+ if (strpos($argument, 'sid=') === 0)

+ {

+ unset($args[$key]);

+ break;

+ }

+ }

+

+ // The current query string

+ $query_string = trim(implode('&', $args));

+

+ // basenamed page name (for example: index.php)

+ $page_name = htmlspecialchars(basename($script_name));

+

+ // current directory within the phpBB root (for example: adm)

+ $page_dir = substr(str_replace(str_replace('\\', '/', realpath($root_path)), '', str_replace('\\', '/', realpath('./'))), 1);

+

+ // Current page from phpBB root (for example: adm/index.php?i=10)

+ $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : '');

+

+ // The script path from the webroot to the current directory (for example: /phpBB2/adm) : always prefixed with /

+ $script_path = trim(str_replace('\\', '/', dirname($script_name)));

+

+ // The script path from the webroot to the phpBB root (for example: /phpBB2)

+ $root_script_path = ($page_dir) ? str_replace('/' . $page_dir, '', $script_path) : $script_path;

+

+ // We are on the base level (phpBB root == webroot), lets adjust the variables a bit...

+ if (!$root_script_path)

+ {

+ $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;;

+ }

+

+ $page_array += array(

+ 'page_name' => $page_name,

+ 'page_dir' => $page_dir,

+

+ 'query_string' => $query_string,

+ 'script_path' => htmlspecialchars($script_path),

+ 'root_script_path' => htmlspecialchars($root_script_path),

+

+ 'page' => $page

+ );

+

+ return $page_array;

+ }

+

+ /**

+ global $phpEx, $SID, $db, $config, $phpbb_root_path;

+ $this->page = $this->extract_current_page($phpbb_root_path);

+ $this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : '';

+ if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page'])

+ SET session_time = $this->time_now, session_page = '" . $db->sql_escape($this->page['page']) . "'

+ 'session_page' => (string) $this->page['page'],

+ if (strpos($this->page['page_query'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx")

+ redirect("ucp.$phpEx$SID&i=pm&mode=view&action=view_message" . (($msg_id) ? "&p=$msg_id" : ''));

+ redirect("ucp.$phpEx$SID&amp;i=pm&amp;mode=$mode");

+INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0');

+INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_protocol', '');

+ 'FORCE_SERVER_VARS' => 'Force server url settings',

+ 'FORCE_SERVER_VARS_EXPLAIN' => 'If set to yes the server settings defined here will be used in favor of the automatically determined values',

+ 'SERVER_NAME_EXPLAIN' => 'The domain name this board runs from (for example: www.foo.bar)',

+// 'SCRIPT_PATH' => 'Script path',

+// 'SCRIPT_PATH_EXPLAIN' => 'The path where phpBB2 is located relative to the domain name',

+ 'SERVER_PROTOCOL' => 'Server Protocol',

+ 'SERVER_PROTOCOL_EXPLAIN' => 'This is used as the server protocol if these settings are forced. If empty or not forced the protocol is determined by the cookie secure settings (http:// or https://)',

+ 'SERVER_URL_SETTINGS' => 'Server URL Settings',

+ 'DOWNLOADING_FILE' => 'Downloading file',

+ 'REPORTING_POST' => 'Reporting post',

+ 'UNKNOWN_BROWSER' => 'Unknown Browser',

+ 'UNMARK_ALL' => 'Unmark all',

+ 'UNREAD_MESSAGES' => 'Unread Messages',

+ 'UNREAD_PM' => '<b>%d</b> unread message',

+ 'UNREAD_PMS' => '<b>%d</b> unread messages',

+ 'UNWATCHED_FORUMS' => 'You are no longer watching the selected forums.',

+ 'UNWATCHED_TOPICS' => 'You are no longer watching the selected topics.',

+ 'UPLOAD_IN_PROGRESS' => 'The upload is currently in progress',

+ 'URL_REDIRECT' => 'If your browser does not support meta redirection please click %sHERE%s to be redirected.',

+ 'USERGROUPS' => 'Groups',

+ 'USERNAME' => 'Username',

+ 'USERNAMES' => 'Usernames',

+ 'USER_POST' => '%d Post',

+ 'USER_POSTS' => '%d Posts',

+ 'USERS' => 'Users',

+ 'VIEWING_PROFILE' => 'Viewing member profile',

+ // Get user...

+ $sql = 'SELECT username, user_id, user_type, user_colour, group_id, user_permissions, user_sig, user_sig_bbcode_uid, user_sig_bbcode_bitfield, user_allow_viewemail, user_allow_viewonline, user_posts, user_warnings, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_avatar, user_avatar_width, user_avatar_height, user_avatar_type, user_lastvisit

+ FROM ' . USERS_TABLE . "

+ WHERE user_id = $user_id

+ AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';

+ $result = $db->sql_query($sql);

+

+ if (!($member = $db->sql_fetchrow($result)))

+ {

+ trigger_error('NO_USER');

+ }

+ $db->sql_freeresult($result);

+

+ AND g.group_id = ug.group_id" . ((!$auth->acl_get('a_group')) ? ' AND group_type <> ' . GROUP_HIDDEN : '') . '

+ $group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';

+

+

+

+ redirect($forum_data['forum_link']);

+ preg_match('#^([a-z/]+)#i', $row['session_page'], $on_page);

+ break;

+

+ case 'adm/index':

+ $location = $user->lang['ACP'];

+ $location_url = "index.$phpEx$SID";

+ break;

+ $forum_id = (sizeof($forum_id)) ? (int) $forum_id[1] : 0;

+ if ($forum_id && $auth->acl_get('f_list', $forum_id))

+ break;

+

+ break;

+ break;

+ break;

+ break;

+ break;

+ break;

+ break;

+ break;

+ $location = (strpos($row['session_page'], 'mode=viewprofile') !== false) ? $user->lang['VIEWING_PROFILE'] : $user->lang['VIEWING_MEMBERS'];

+ break;

+ case 'mcp':

+

+ /**

+ * @todo getting module/mode for ucp and mcp

+ */

+/* if (strpos($row['session_page'], 'i=pm&mode=compose') !== false)

+ {

+ $location = 'Composing PM';

+ }*/

+

+ $location_url = "index.$phpEx$SID";

+ break;

+

+ case 'download':

+ $location = $user->lang['DOWNLOADING_FILE'];

+ $location_url = "index.$phpEx$SID";

+ break;

+

+ case 'report':

+ $location = $user->lang['REPORTING_POST'];

+ $location_url = "index.$phpEx$SID";

+ break;

+ break;

+ 'USERNAME' => $row['username'],

+ 'LASTUPDATE' => $user->format_date($row['session_time']),

+ 'FORUM_LOCATION' => $location,

+ 'USER_IP' => ($auth->acl_get('a_')) ? (($mode == 'lookup' && $session_id == $row['session_id']) ? gethostbyaddr($row['session_ip']) : $row['session_ip']) : '',

+ $redirect_url = "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id";

+ login_box("{$phpbb_root_path}$redirect_url&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);