These are the phpBB Coding Guidelines for Proteus, all attempts should be made to follow them as closely as possible.

Coding Guidelines


1. Defaults

1.i. Editor Settings

Tabs vs Spaces:

In order to make this as simple as possible, we will be using tabs, not spaces. We enforce 4 (four) spaces for one tab - therefore you need to set your tab width within your editor to 4 spaces. Make sure that when you save the file, it's saving tabs and not spaces. This way, we can each have the code be displayed the way we like it, without breaking the layout of the actual files.

Tabs in front of lines are no problem, but having them within the text can be a problem if you do not set it to the amount of spaces every one of us uses. Here is a short example of how it should look like:

{TAB}$mode{TAB}{TAB}= $request->variable('mode', '');
{TAB}$search_id{TAB}= $request->variable('search_id', '');

If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.

Linefeeds:

Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.

1.ii. File Layout

Standard header for new files:

This template of the header must be included at the start of all phpBB files:

/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/

Please see the File Locations section for the correct package name.

PHP closing tags

A file containg only PHP code should not end with the optional PHP closing tag ?> to avoid issues with whitespace following it.

Newline at end of file

All files should end in a newline so the last line does not appear as modified in diffs, when a line is appended to the file.

Files containing inline code:

For those files you have to put an empty comment directly after the header to prevent the documentor assigning the header to the first code element found.

/**
* {HEADER}
*/

/**
*/
{CODE}

Files containing only functions:

Do not forget to comment the functions (especially the first function following the header). Each function should have at least a comment of what this function does. For more complex functions it is recommended to document the parameters too.

Files containing only classes:

Do not forget to comment the class. Classes need a separate @package definition, it is the same as the header package name. Apart from this special case the above statement for files containing only functions needs to be applied to classes and it's methods too.

Code following the header but only functions/classes file:

If this case is true, the best method to avoid documentation confusions is adding an ignore command, for example:

/**
* {HEADER}
*/

/**
* @ignore
*/
Small code snipped, mostly one or two defines or an if statement

/**
* {DOCUMENTATION}
*/
class ...

1.iii. File Locations

Functions used by more than one page should be placed in functions.php, functions specific to one page should be placed on that page (at the bottom) or within the relevant sections functions file. Some files in /includes are holding functions responsible for special sections, for example uploading files, displaying "things", user related functions and so forth.

The following packages are defined, and related new features/functions should be placed within the mentioned files/locations, as well as specifying the correct package name. The package names are bold within this list:

  • phpBB3
    Core files and all files not assigned to a separate package
  • acm
    /phpbb/cache
    Cache System
  • acp
    /adm, /includes/acp, /includes/functions_admin.php
    Administration Control Panel
  • dbal
    /phpbb/db, /includes/db
    Database Abstraction Layer.
    • /phpbb/db/driver/
      Database Abstraction Layer classes
    • /phpbb/db/migration/
      Migrations are used for updating the database from one release to another
  • diff
    /includes/diff
    Diff Engine
  • docs
    /docs
    phpBB Documentation
  • images
    /images
    All global images not connected to styles
  • install
    /install
    Installation System
  • language
    /language
    All language files
  • login
    /phpbb/auth
    Login Authentication Plugins
  • VC
    /includes/captcha
    CAPTCHA
  • mcp
    mcp.php, /includes/mcp, report.php
    Moderator Control Panel
  • ucp
    ucp.php, /includes/ucp
    User Control Panel
  • utf
    /includes/utf
    UTF8-related functions/classes
  • search
    /phpbb/search, search.php
    Search System
  • styles
    /styles
    phpBB Styles/Templates/Themes

1.iv. Special Constants

There are some special constants application developers are able to utilize to bend some of phpBB's internal functionality to suit their needs.

PHPBB_MSG_HANDLER          (overwrite message handler)
PHPBB_DB_NEW_LINK          (overwrite new_link parameter for sql_connect)
PHPBB_ROOT_PATH            (overwrite $phpbb_root_path)
PHPBB_ADMIN_PATH           (overwrite $phpbb_admin_path)
PHPBB_USE_BOARD_URL_PATH   (use generate_board_url() for image paths instead of $phpbb_root_path)
PHPBB_DISABLE_ACP_EDITOR   (disable ACP style editor for templates)
PHPBB_DISABLE_CONFIG_CHECK (disable ACP config.php writeable check)

PHPBB_ACM_MEMCACHED_PORT     (overwrite memcached port, default is 11211)
PHPBB_ACM_MEMCACHED_COMPRESS (overwrite memcached compress setting, default is disabled)
PHPBB_ACM_MEMCACHED_HOST     (overwrite memcached host name, default is localhost)

PHPBB_ACM_REDIS_HOST        (overwrite redis host name, default is localhost)
PHPBB_ACM_REDIS_PORT        (overwrite redis port, default is 6379)
PHPBB_ACM_REDIS_PASSWORD    (overwrite redis password, default is empty)
PHPBB_ACM_REDIS_DB          (overwrite redis default database)

PHPBB_QA                   (Set board to QA-Mode, which means the updater also checks for RC-releases)

PHPBB_USE_BOARD_URL_PATH

If the PHPBB_USE_BOARD_URL_PATH constant is set to true, phpBB uses generate_board_url() (this will return the boards url with the script path included) on all instances where web-accessible images are loaded. The exact locations are:

  • /phpbb/user.php - \phpbb\user::img()
  • /includes/functions_content.php - smiley_text()

Path locations for the following template variables are affected by this too:

  • {T_ASSETS_PATH} - assets (non-style specific, static resources)
  • {T_THEME_PATH} - styles/xxx/theme
  • {T_TEMPLATE_PATH} - styles/xxx/template
  • {T_SUPER_TEMPLATE_PATH} - styles/xxx/template
  • {T_IMAGES_PATH} - images/
  • {T_SMILIES_PATH} - $config['smilies_path']/
  • {T_AVATAR_PATH} - $config['avatar_path']/
  • {T_AVATAR_GALLERY_PATH} - $config['avatar_gallery_path']/
  • {T_ICONS_PATH} - $config['icons_path']/
  • {T_RANKS_PATH} - $config['ranks_path']/
  • {T_UPLOAD_PATH} - $config['upload_path']/
  • {T_STYLESHEET_LINK} - styles/xxx/theme/stylesheet.css
  • New template variable {BOARD_URL} for the board url + script path.

2. Code Layout/Guidelines

Please note that these guidelines apply to all php, html, javascript and css files.

2.i. Variable/Function/Class Naming

We will not be using any form of hungarian notation in our naming conventions. Many of us believe that hungarian naming is one of the primary code obfuscation techniques currently in use.

Variable Names:

In PHP, variable names should be in all lowercase, with words separated by an underscore, example:

$current_user is right, but $currentuser and $currentUser are not.

In JavaScript, variable names should use camel case:

currentUser is right, but currentuser and current_user are not.

Names should be descriptive, but concise. We don't want huge sentences as our variable names, but typing an extra couple of characters is always better than wondering what exactly a certain variable is for.

Loop Indices:

The only situation where a one-character variable name is allowed is when it's the index for some looping construct. In this case, the index of the outer loop should always be $i. If there's a loop inside that loop, its index should be $j, followed by $k, and so on. If the loop is being indexed by some already-existing variable with a meaningful name, this guideline does not apply, example:

for ($i = 0; $i < $outer_size; $i++)
{
   for ($j = 0; $j < $inner_size; $j++)
   {
      foo($i, $j);
   }
}

Function Names:

Functions should also be named descriptively. We're not programming in C here, we don't want to write functions called things like "stristr()". Again, all lower-case names with words separated by a single underscore character in PHP, and camel caps in JavaScript. Function names should be prefixed with "phpbb_" and preferably have a verb in them somewhere. Good function names are phpbb_print_login_status(), phpbb_get_user_data(), etc. Constructor functions in JavaScript should begin with a capital letter.

Function Arguments:

Arguments are subject to the same guidelines as variable names. We don't want a bunch of functions like: do_stuff($a, $b, $c). In most cases, we'd like to be able to tell how to use a function by just looking at its declaration.

Class Names:

Apart from following the rules for function names, all classes should meet the following conditions:

  • Every class must be defined in a separate file.
  • The classes have to be located in a subdirectory of phpbb/.
  • Classnames must be namespaced with \phpbb\ to avoid name clashes.
  • Class names/namespaces have to reflect the location of the file they are defined in. The namespace must be the directory in which the file is located. So the directory names must not contain any underscores, but the filename may.
  • Directories should typically be a singular noun (e.g. dir in the example below, not dirs.

So given the following example directory structure you would result in the below listed lookups

phpbb/
  class_name.php
  dir/
    class_name.php
      subdir/
        class_name.php
\phpbb\class_name            - phpbb/class_name.php
\phpbb\dir\class_name        - phpbb/dir/class_name.php
\phpbb\dir\subdir\class_name - phpbb/dir/subdir/class_name.php

Summary:

The basic philosophy here is to not hurt code clarity for the sake of laziness. This has to be balanced by a little bit of common sense, though; phpbb_print_login_status_for_a_given_user() goes too far, for example -- that function would be better named phpbb_print_user_login_status(), or just phpbb_print_login_status().

Special Namings:

For all emoticons use the term smiley in singular and smilies in plural. For emails we use the term email (without dash between “e” and “m”).

2.ii. Code Layout

Always include the braces:

This is another case of being too lazy to type 2 extra characters causing problems with code clarity. Even if the body of some construct is only one line long, do not drop the braces. Just don't, examples:

// These are all wrong.

if (condition) do_stuff();

if (condition)
	do_stuff();

while (condition)
	do_stuff();

for ($i = 0; $i < size; $i++)
	do_stuff($i);

// These are all right.

if (condition)
{
	do_stuff();
}

while (condition)
{
	do_stuff();
}

for ($i = 0; $i < size; $i++)
{
	do_stuff();
}

Where to put the braces:

In PHP code, braces always go on their own line. The closing brace should also always be at the same column as the corresponding opening brace, examples:

if (condition)
{
	while (condition2)
	{
		...
	}
}
else
{
	...
}

for ($i = 0; $i < $size; $i++)
{
	...
}

while (condition)
{
	...
}

function do_stuff()
{
	...
}

In JavaScript code, braces always go on the same line:

if (condition) {
	while (condition2) {
		...
	}
} else {
	...
}

for (var i = 0; i < size; i++) {
	...
}

while (condition) {
	...
}

function do_stuff() {
	...
}

Use spaces between tokens:

This is another simple, easy step that helps keep code readable without much effort. Whenever you write an assignment, expression, etc.. Always leave one space between the tokens. Basically, write code as if it was English. Put spaces between variable names and operators. Don't put spaces just after an opening bracket or before a closing bracket. Don't put spaces just before a comma or a semicolon. This is best shown with a few examples, examples:

// Each pair shows the wrong way followed by the right way.

$i=0;
$i = 0;

if($i<7) ...
if ($i < 7) ...

if ( ($i < 7)&&($j > 8) ) ...
if ($i < 7 && $j > 8) ...

do_stuff( $i, 'foo', $b );
do_stuff($i, 'foo', $b);

for($i=0; $i<$size; $i++) ...
for ($i = 0; $i < $size; $i++) ...

$i=($j < $size)?0:1;
$i = ($j < $size) ? 0 : 1;

Operator precedence:

Do you know the exact precedence of all the operators in PHP? Neither do I. Don't guess. Always make it obvious by using brackets to force the precedence of an equation so you know what it does. Remember to not over-use this, as it may harden the readability. Basically, do not enclose single expressions. Examples:

// what's the result? who knows.

$bool = ($i < 7 && $j > 8 || $k == 4);

// now you can be certain what I'm doing here.

$bool = (($i < 7) && (($j < 8) || ($k == 4)));

// But this one is even better, because it is easier on the eye but the intention is preserved

$bool = ($i < 7 && ($j < 8 || $k == 4));

Quoting strings:

There are two different ways to quote strings in PHP - either with single quotes or with double quotes. The main difference is that the parser does variable interpolation in double-quoted strings, but not in single quoted strings. Because of this, you should always use single quotes unless you specifically need variable interpolation to be done on that string. This way, we can save the parser the trouble of parsing a bunch of strings where no interpolation needs to be done.

Also, if you are using a string variable as part of a function call, you do not need to enclose that variable in quotes. Again, this will just make unnecessary work for the parser. Note, however, that nearly all of the escape sequences that exist for double-quoted strings will not work with single-quoted strings. Be careful, and feel free to break this guideline if it's making your code easier to read, examples:

// wrong

$str = "This is a really long string with no variables for the parser to find.";

do_stuff("$str");

// right

$str = 'This is a really long string with no variables for the parser to find.';

do_stuff($str);

// Sometimes single quotes are just not right

$post_url = $phpbb_root_path . 'posting.' . $phpEx . '?mode=' . $mode . '&amp;start=' . $start;

// Double quotes are sometimes needed to not overcrowd the line with concatenations.

$post_url = "{$phpbb_root_path}posting.$phpEx?mode=$mode&amp;start=$start";

In SQL statements mixing single and double quotes is partly allowed (following the guidelines listed here about SQL formatting), else one should try to only use one method - mostly single quotes.

Commas after every array element:

If an array is defined with each element on its own line, you still have to modify the previous line to add a comma when appending a new element. PHP allows for trailing (useless) commas in array definitions. These should always be used so each element including the comma can be appended with a single line. In JavaScript, do not use the trailing comma, as it causes browsers to throw errors.

// wrong

$foo = array(
	'bar' => 42,
	'boo' => 23
);

// right

$foo = array(
	'bar' => 42,
	'boo' => 23,
);

Associative array keys:

In PHP, it's legal to use a literal string as a key to an associative array without quoting that string. We don't want to do this -- the string should always be quoted to avoid confusion. Note that this is only when we're using a literal, not when we're using a variable, examples:

// wrong

$foo = $assoc_array[blah];

// right

$foo = $assoc_array['blah'];

// wrong

$foo = $assoc_array["$var"];

// right

$foo = $assoc_array[$var];

Comments:

Each complex function should be preceded by a comment that tells a programmer everything they need to know to use that function. The meaning of every parameter, the expected input, and the output are required as a minimal comment. The function's behaviour in error conditions (and what those error conditions are) should also be present - but mostly included within the comment about the output.

Especially important to document are any assumptions the code makes, or preconditions for its proper operation. Any one of the developers should be able to look at any part of the application and figure out what's going on in a reasonable amount of time.

Avoid using /* */ comment blocks for one-line comments, // should be used for one/two-liners.

Magic numbers:

Don't use them. Use named constants for any literal value other than obvious special cases. Basically, it's ok to check if an array has 0 elements by using the literal 0. It's not ok to assign some special meaning to a number and then use it everywhere as a literal. This hurts readability AND maintainability. The constants true and false should be used in place of the literals 1 and 0 -- even though they have the same values (but not type!), it's more obvious what the actual logic is when you use the named constants. Typecast variables where it is needed, do not rely on the correct variable type (PHP is currently very loose on typecasting which can lead to security problems if a developer does not keep a very close eye on it).

Shortcut operators:

The only shortcut operators that cause readability problems are the shortcut increment $i++ and decrement $j-- operators. These operators should not be used as part of an expression. They can, however, be used on their own line. Using them in expressions is just not worth the headaches when debugging, examples:

// wrong

$array[++$i] = $j;
$array[$i++] = $k;

// right

$i++;
$array[$i] = $j;

$array[$i] = $k;
$i++;

Inline conditionals:

Inline conditionals should only be used to do very simple things. Preferably, they will only be used to do assignments, and not for function calls or anything complex at all. They can be harmful to readability if used incorrectly, so don't fall in love with saving typing by using them, examples:

// Bad place to use them

($i < $size && $j > $size) ? do_stuff($foo) : do_stuff($bar);

// OK place to use them

$min = ($i < $j) ? $i : $j;

Don't use uninitialized variables.

For phpBB3, we intend to use a higher level of run-time error reporting. This will mean that the use of an uninitialized variable will be reported as a warning. These warnings can be avoided by using the built-in isset() function to check whether a variable has been set - but preferably the variable is always existing. For checking if an array has a key set this can come in handy though, examples:

// Wrong

if ($forum) ...

// Right

if (isset($forum)) ...

// Also possible

if (isset($forum) && $forum == 5)

The empty() function is useful if you want to check if a variable is not set or being empty (an empty string, 0 as an integer or string, NULL, false, an empty array or a variable declared, but without a value in a class). Therefore empty should be used in favor of isset($array) && count($array) > 0 - this can be written in a shorter way as !empty($array).

Switch statements:

Switch/case code blocks can get a bit long sometimes. To have some level of notice and being in-line with the opening/closing brace requirement (where they are on the same line for better readability), this also applies to switch/case code blocks and the breaks. An example:

// Wrong

switch ($mode)
{
	case 'mode1':
		// I am doing something here
		break;
	case 'mode2':
		// I am doing something completely different here
		break;
}

// Good

switch ($mode)
{
	case 'mode1':
		// I am doing something here
	break;

	case 'mode2':
		// I am doing something completely different here
	break;

	default:
		// Always assume that a case was not caught
	break;
}

// Also good, if you have more code between the case and the break

switch ($mode)
{
	case 'mode1':

		// I am doing something here

	break;

	case 'mode2':

		// I am doing something completely different here

	break;

	default:

		// Always assume that a case was not caught

	break;
}

Even if the break for the default case is not needed, it is sometimes better to include it just for readability and completeness.

If no break is intended, please add a comment instead. An example:

// Example with no break

switch ($mode)
{
	case 'mode1':

		// I am doing something here

	// no break here

	case 'mode2':

		// I am doing something completely different here

	break;

	default:

		// Always assume that a case was not caught

	break;
}

Class Members

Use the explicit visibility qualifiers public, private and protected for all properties instead of var.

Place the static qualifier after the visibility qualifiers.

//Wrong

var $x;
static private function f()

// Right

public $x;
private static function f()

Constants

Prefer class constants over global constants created with define().

2.iii. SQL/SQL Layout

Common SQL Guidelines:

All SQL should be cross-DB compatible, if DB specific SQL is used alternatives must be provided which work on all supported DB's (MySQL4/5, MSSQL (7.0 and 2000), PostgreSQL (8.3+), SQLite, Oracle8, ODBC (generalised if possible)).

All SQL commands should utilise the DataBase Abstraction Layer (DBAL)

SQL code layout:

SQL Statements are often unreadable without some formatting, since they tend to be big at times. Though the formatting of sql statements adds a lot to the readability of code. SQL statements should be formatted in the following way, basically writing keywords:

$sql = 'SELECT *
<-one tab->FROM ' . SOME_TABLE . '
<-one tab->WHERE a = 1
<-two tabs->AND (b = 2
<-three tabs->OR b = 3)
<-one tab->ORDER BY b';

Here the example with the tabs applied:

$sql = 'SELECT *
	FROM ' . SOME_TABLE . '
	WHERE a = 1
		AND (b = 2
			OR b = 3)
	ORDER BY b';

SQL Quotes:

Use double quotes where applicable. (The variables in these examples are typecasted to integers beforehand.) Examples:

// These are wrong.

"UPDATE " . SOME_TABLE . " SET something = something_else WHERE a = $b";

'UPDATE ' . SOME_TABLE . ' SET something = ' . $user_id . ' WHERE a = ' . $something;

// These are right.

'UPDATE ' . SOME_TABLE . " SET something = something_else WHERE a = $b";

'UPDATE ' . SOME_TABLE . " SET something = $user_id WHERE a = $something";

In other words use single quotes where no variable substitution is required or where the variable involved shouldn't appear within double quotes. Otherwise use double quotes.

Avoid DB specific SQL:

The "not equals operator", as defined by the SQL:2003 standard, is "<>"

// This is wrong.

$sql = 'SELECT *
	FROM ' . SOME_TABLE . '
	WHERE a != 2';

// This is right.

$sql = 'SELECT *
	FROM ' . SOME_TABLE . '
	WHERE a <> 2';

Common DBAL methods:

sql_escape():

Always use $db->sql_escape() if you need to check for a string within an SQL statement (even if you are sure the variable cannot contain single quotes - never trust your input), for example:

$sql = 'SELECT *
	FROM ' . SOME_TABLE . "
	WHERE username = '" . $db->sql_escape($username) . "'";

sql_query_limit():

We do not add limit statements to the sql query, but instead use $db->sql_query_limit(). You basically pass the query, the total number of lines to retrieve and the offset.

Note: Since Oracle handles limits differently and because of how we implemented this handling you need to take special care if you use sql_query_limit with an sql query retrieving data from more than one table.

Make sure when using something like "SELECT x.*, y.jars" that there is not a column named jars in x; make sure that there is no overlap between an implicit column and the explicit columns.

sql_build_array():

If you need to UPDATE or INSERT data, make use of the $db->sql_build_array() function. This function already escapes strings and checks other types, so there is no need to do this here. The data to be inserted should go into an array - $sql_ary - or directly within the statement if one or two variables needs to be inserted/updated. An example of an insert statement would be:

$sql_ary = array(
	'somedata'		=> $my_string,
	'otherdata'		=> $an_int,
	'moredata'		=> $another_int,
);

$db->sql_query('INSERT INTO ' . SOME_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));

To complete the example, this is how an update statement would look like:

$sql_ary = array(
	'somedata'		=> $my_string,
	'otherdata'		=> $an_int,
	'moredata'		=> $another_int,
);

$sql = 'UPDATE ' . SOME_TABLE . '
	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
	WHERE user_id = ' . (int) $user_id;
$db->sql_query($sql);

The $db->sql_build_array() function supports the following modes: INSERT (example above), INSERT_SELECT (building query for INSERT INTO table (...) SELECT value, column ... statements), UPDATE (example above) and SELECT (for building WHERE statement [AND logic]).

sql_multi_insert():

If you want to insert multiple statements at once, please use the separate sql_multi_insert() method. An example:

$sql_ary = array();

$sql_ary[] = array(
	'somedata'		=> $my_string_1,
	'otherdata'		=> $an_int_1,
	'moredata'		=> $another_int_1,
);

$sql_ary[] = array(
	'somedata'		=> $my_string_2,
	'otherdata'		=> $an_int_2,
	'moredata'		=> $another_int_2,
);

$db->sql_multi_insert(SOME_TABLE, $sql_ary);

sql_in_set():

The $db->sql_in_set() function should be used for building IN () and NOT IN () constructs. Since (specifically) MySQL tend to be faster if for one value to be compared the = and <> operator is used, we let the DBAL decide what to do. A typical example of doing a positive match against a number of values would be:

$sql = 'SELECT *
	FROM ' . FORUMS_TABLE . '
	WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
$db->sql_query($sql);

Based on the number of values in $forum_ids, the query can look differently.

// SQL Statement if $forum_ids = array(1, 2, 3);

SELECT FROM phpbb_forums WHERE forum_id IN (1, 2, 3)

// SQL Statement if $forum_ids = array(1) or $forum_ids = 1

SELECT FROM phpbb_forums WHERE forum_id = 1

Of course the same is possible for doing a negative match against a number of values:

$sql = 'SELECT *
	FROM ' . FORUMS_TABLE . '
	WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
$db->sql_query($sql);

Based on the number of values in $forum_ids, the query can look differently here too.

// SQL Statement if $forum_ids = array(1, 2, 3);

SELECT FROM phpbb_forums WHERE forum_id NOT IN (1, 2, 3)

// SQL Statement if $forum_ids = array(1) or $forum_ids = 1

SELECT FROM phpbb_forums WHERE forum_id <> 1

If the given array is empty, an error will be produced.

sql_build_query():

The $db->sql_build_query() function is responsible for building sql statements for SELECT and SELECT DISTINCT queries if you need to JOIN on more than one table or retrieve data from more than one table while doing a JOIN. This needs to be used to make sure the resulting statement is working on all supported db's. Instead of explaining every possible combination, I will give a short example:

$sql_array = array(
	'SELECT'	=> 'f.*, ft.mark_time',

	'FROM'		=> array(
		FORUMS_WATCH_TABLE	=> 'fw',
		FORUMS_TABLE		=> 'f',
	),

	'LEFT_JOIN'	=> array(
		array(
			'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id',
		),
	),

	'WHERE'		=> 'fw.user_id = ' . $user->data['user_id'] . '
		AND f.forum_id = fw.forum_id',

	'ORDER_BY'	=> 'left_id',
);

$sql = $db->sql_build_query('SELECT', $sql_array);

The possible first parameter for sql_build_query() is SELECT or SELECT_DISTINCT. As you can see, the logic is pretty self-explaining. For the LEFT_JOIN key, just add another array if you want to join on to tables for example. The added benefit of using this construct is that you are able to easily build the query statement based on conditions - for example the above LEFT_JOIN is only necessary if server side topic tracking is enabled; a slight adjustement would be:

$sql_array = array(
	'SELECT'	=> 'f.*',

	'FROM'		=> array(
		FORUMS_WATCH_TABLE	=> 'fw',
		FORUMS_TABLE		=> 'f',
	),

	'WHERE'		=> 'fw.user_id = ' . $user->data['user_id'] . '
		AND f.forum_id = fw.forum_id',

	'ORDER_BY'	=> 'left_id',
);

if ($config['load_db_lastread'])
{
	$sql_array['LEFT_JOIN'] = array(
		array(
			'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id',
		),
	);

	$sql_array['SELECT'] .= ', ft.mark_time ';
}
else
{
	// Here we read the cookie data
}

$sql = $db->sql_build_query('SELECT', $sql_array);

2.iv. Optimizations

Operations in loop definition:

Always try to optimize your loops if operations are going on at the comparing part, since this part is executed every time the loop is parsed through. For assignments a descriptive name should be chosen. Example:

// On every iteration the count function is called

for ($i = 0; $i < count($post_data); $i++)
{
	do_something();
}

// You are able to assign the (not changing) result within the loop itself

for ($i = 0, $size = count($post_data); $i < $size; $i++)
{
	do_something();
}

Use of in_array():

Try to avoid using in_array() on huge arrays, and try to not place them into loops if the array to check consist of more than 20 entries. in_array() can be very time consuming and uses a lot of cpu processing time. For little checks it is not noticeable, but if checked against a huge array within a loop those checks alone can take several seconds. If you need this functionality, try using isset() on the arrays keys instead, actually shifting the values into keys and vice versa. A call to isset($array[$var]) is a lot faster than in_array($var, array_keys($array)) for example.

2.v. General Guidelines

General things:

Never trust user input (this also applies to server variables as well as cookies).

Try to sanitize values returned from a function.

Try to sanitize given function variables within your function.

The auth class should be used for all authorisation checking.

No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to).

Variables:

Make use of the \phpbb\request\request class for everything.

The $request->variable() method determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the variable() method explicitly. Examples:

// Old method, do not use it

$start = (isset($HTTP_GET_VARS['start'])) ? intval($HTTP_GET_VARS['start']) : intval($HTTP_POST_VARS['start']);
$submit = (isset($HTTP_POST_VARS['submit'])) ? true : false;

// Use request var and define a default variable (use the correct type)

$start = $request->variable('start', 0);
$submit = $request->is_set_post('submit');

// $start is an int, the following use of $request->variable() therefore is not allowed

$start = $request->variable('start', '0');

// Getting an array, keys are integers, value defaults to 0

$mark_array = $request->variable('mark', array(0));

// Getting an array, keys are strings, value defaults to 0

$action_ary = $request->variable('action', array('' => 0));

Login checks/redirection:

To show a forum login box use login_forum_box($forum_data), else use the login_box() function.

$forum_data should contain at least the forum_id and forum_password fields. If the field forum_name is available, then it is displayed on the forum login page.

The login_box() function can have a redirect as the first parameter. As a thumb of rule, specify an empty string if you want to redirect to the users current location, else do not add the $SID to the redirect string (for example within the ucp/login we redirect to the board index because else the user would be redirected to the login screen).

Sensitive Operations:

For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the confirm_box() function.

Altering Operations:

For operations altering the state of the database, for instance posting, always verify the form token, unless you are already using confirm_box(). To do so, make use of the add_form_key() and check_form_key() functions.

	add_form_key('my_form');

	if ($submit)
	{
		if (!check_form_key('my_form'))
		{
			trigger_error('FORM_INVALID');
		}
	}

The string passed to add_form_key() needs to match the string passed to check_form_key(). Another requirement for this to work correctly is that all forms include the {S_FORM_TOKEN} template variable.

Sessions:

Sessions should be initiated on each page, as near the top as possible using the following code:

$user->session_begin();
$auth->acl($user->data);
$user->setup();

The $user->setup() call can be used to pass on additional language definition and a custom style (used in viewforum).

Errors and messages:

All messages/errors should be outputted by calling trigger_error() using the appropriate message type and language string. Example:

trigger_error('NO_FORUM');
trigger_error($user->lang['NO_FORUM']);
trigger_error('NO_MODE', E_USER_ERROR);

Url formatting

All urls pointing to internal files need to be prepended by the $phpbb_root_path variable. Within the administration control panel all urls pointing to internal files need to be prepended by the $phpbb_admin_path variable. This makes sure the path is always correct and users being able to just rename the admin folder and the acp still working as intended (though some links will fail and the code need to be slightly adjusted).

The append_sid() function from 2.0.x is available too, though it does not handle url alterations automatically. Please have a look at the code documentation if you want to get more details on how to use append_sid(). A sample call to append_sid() can look like this:

append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id'])

General function usage:

Some of these functions are only chosen over others because of personal preference and have no benefit other than maintaining consistency throughout the code.

  • Use strpos instead of strstr

  • Use else if instead of elseif

  • Use false (lowercase) instead of FALSE

  • Use true (lowercase) instead of TRUE

Exiting

Your page should either call page_footer() in the end to trigger output through the template engine and terminate the script, or alternatively at least call the exit_handler(). That call is necessary because it provides a method for external applications embedding phpBB to be called at the end of the script.

2.vi. Restrictions on the Use of PHP

Dynamic code execution:

Never execute dynamic PHP code (generated or in a constant string) using any of the following PHP functions:

  • eval
  • create_function
  • preg_replace with the e modifier in the pattern

If absolutely necessary a file should be created, and a mechanism for creating this file prior to running phpBB should be provided as a setup process.

The e modifier in preg_replace can be replaced by preg_replace_callback and objects to encapsulate state that is needed in the callback code.

Other functions, operators, statements and keywords:

The following PHP statements should also not be used in phpBB:

  • goto

3. Styling

3.i. Style Config Files

Style cfg files are simple name-value lists with the information necessary for installing a style. The important part of the style configuration file is assigning an unique name.

# General Information about this style
name = prosilver_duplicate
copyright = © phpBB Limited, 2007
style_version = 3.3.0
phpbb_version = 3.3.0

# Defining a different template bitfield
# template_bitfield = lNg=

# Parent style
# Set value to empty or to this style's name if this style does not have a parent style
parent = prosilver

3.2. General Styling Rules

Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the indentation and coding guidelines also apply to templates where possible.

The outer table class forumline has gone and is replaced with tablebg.

When writing <table> the order <table class="" cellspacing="" cellpadding="" border="" align=""> creates consistency and allows everyone to easily see which table produces which "look". The same applies to most other tags for which additional parameters can be set, consistency is the major aim here.

Each block level element should be indented by one tab, same for tabular elements, e.g. <tr> <td> etc., whereby the intendiation of <table> and the following/ending <tr> should be on the same line. This applies not to div elements of course.

Don't use <span> more than is essential ... the CSS is such that text sizes are dependent on the parent class. So writing <span class="gensmall"><span class="gensmall">TEST</span></span> will result in very very small text. Similarly don't use span at all if another element can contain the class definition, e.g.

<td><span class="gensmall">TEST</span></td>

can just as well become:

<td class="gensmall">TEST</td>

Try to match text class types with existing usage, e.g. don't use the nav class where viewtopic uses gensmall for example.

Row colours/classes are now defined by the template, use an IF S_ROW_COUNT switch, see viewtopic or viewforum for an example.

Remember block level ordering is important.

Use a standard cellpadding of 2 and cellspacing of 0 on outer tables. Inner tables can vary from 0 to 3 or even 4 depending on the need.

Use div container/css for styling and table for data representation.

The separate catXXXX and thXXX classes are gone. When defining a header cell just use <th> rather than <th class="thHead"> etc. Similarly for cat, don't use <td class="catLeft"> use <td class="cat"> etc.

Try to retain consistency of basic layout and class usage, i.e. _EXPLAIN text should generally be placed below the title it explains, e.g. {L_POST_USERNAME}<br /><span class="gensmall">{L_POST_USERNAME_EXPLAIN}</span> is the typical way of handling this ... there may be exceptions and this isn't a hard and fast rule.

Try to keep template conditional and other statements tabbed in line with the block to which they refer.

this is correct

<!-- BEGIN test -->
	<tr>
		<td>{test.TEXT}</td>
	</tr>
<!-- END test -->

this is also correct:

<!-- BEGIN test -->
<tr>
	<td>{test.TEXT}</td>
</tr>
<!-- END test -->

it gives immediate feedback on exactly what is looping - decide which way to use based on the readability.


4. Templating

4.i. General Templating

File naming

Firstly templates now take the suffix ".html" rather than ".tpl". This was done simply to make the lives of some people easier wrt syntax highlighting, etc.

Variables

All template variables should be named appropriately (using underscores for spaces), language entries should be prefixed with L_, system data with S_, urls with U_, javascript urls with UA_, language to be put in javascript statements with LA_, all other variables should be presented 'as is'.

L_* template variables are automatically mapped to the corresponding language entry if the code does not set (and therefore overwrite) this variable specifically and if the language entry exists. For example {L_USERNAME} maps to $user->lang['USERNAME']. The LA_* template variables are handled within the same way, but properly escaped so they can be put in javascript code. This should reduce the need to assign loads of new language variables in MODifications.

Blocks/Loops

The basic block level loop remains and takes the form:

<!-- BEGIN loopname -->
	markup, {loopname.X_YYYYY}, etc.
<!-- END loopname -->

A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.

Including files

Something that existed in 2.0.x which no longer exists in 3.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:

<!-- INCLUDE filename -->

You will note in the 3.x templates the major sources start with <!-- INCLUDE overall_header.html --> or <!-- INCLUDE simple_header.html -->, etc. In 2.0.x control of "which" header to use was defined entirely within the code. In 3.x the template designer can output what they like. Note that you can introduce new templates (i.e. other than those in the default set) using this system and include them as you wish ... perhaps useful for a common "menu" bar or some such. No need to modify loads of files as with 2.0.x.

Added in 3.0.6 is the ability to include a file using a template variable to specify the file, this functionality only works for root variables (i.e. not block variables).

<!-- INCLUDE {FILE_VAR} -->

Template defined variables can also be utilised.

<!-- DEFINE $SOME_VAR = 'my_file.html' -->
<!-- INCLUDE {$SOME_VAR} -->

PHP

The use of PHP in HTML files has been deprecated in phpBB 3.3 and will be removed in phpBB 4.0.

A contentious decision has seen the ability to include PHP within the template introduced. This is achieved by enclosing the PHP within relevant tags:

<!-- PHP -->
	echo "hello!";
<!-- ENDPHP -->

You may also include PHP from an external file using:

<!-- INCLUDEPHP somefile.php -->

it will be included and executed inline.

A note, it is very much encouraged that template designers do not include PHP. The ability to include raw PHP was introduced primarily to allow end users to include banner code, etc. without modifying multiple files (as with 2.0.x). It was not intended for general use ... hence www.phpbb.com will not make available template sets which include PHP. And by default templates will have PHP disabled (the admin will need to specifically activate PHP for a template).

Conditionals/Control structures

The most significant addition to 3.x are conditions or control structures, "if something then do this else do that". The system deployed is very similar to Smarty. This may confuse some people at first but it offers great potential and great flexibility with a little imagination. In their most simple form these constructs take the form:

<!-- IF expr -->
	markup
<!-- ENDIF -->

expr can take many forms, for example:

<!-- IF loop.S_ROW_COUNT is even -->
	markup
<!-- ENDIF -->

This will output the markup if the S_ROW_COUNT variable in the current iteration of loop is an even value (i.e. the expr is TRUE). You can use various comparison methods (standard as well as equivalent textual versions noted in square brackets) including (not, or, and, eq, neq, is should be used if possible for better readability):

== [eq]
!= [neq, ne]
<> (same as !=)
!== (not equivalent in value and type)
=== (equivalent in value and type)
> [gt]
< [lt]
>= [gte]
<= [lte]
&& [and]
|| [or]
% [mod]
! [not]
+
-
*
/
,
<< (bitwise shift left)
>> (bitwise shift right)
| (bitwise or)
^ (bitwise xor)
& (bitwise and)
~ (bitwise not)
is (can be used to join comparison operations)

Basic parenthesis can also be used to enforce good old BODMAS rules. Additionally some basic comparison types are defined:

even
odd
div

Beyond the simple use of IF you can also do a sequence of comparisons using the following:

<!-- IF expr1 -->
	markup
<!-- ELSEIF expr2 -->
	markup
	.
	.
	.
<!-- ELSEIF exprN -->
	markup
<!-- ELSE -->
	markup
<!-- ENDIF -->

Each statement will be tested in turn and the relevant output generated when a match (if a match) is found. It is not necessary to always use ELSEIF, ELSE can be used alone to match "everything else".

So what can you do with all this? Well take for example the colouration of rows in viewforum. In 2.0.x row colours were predefined within the source as either row color1, row color2 or row class1, row class2. In 3.x this is moved to the template, it may look a little daunting at first but remember control flows from top to bottom and it's not too difficult:

<table>
	<!-- IF loop.S_ROW_COUNT is even -->
		<tr class="row1">
	<!-- ELSE -->
		<tr class="row2">
	<!-- ENDIF -->
	<td>HELLO!</td>
</tr>
</table>

This will cause the row cell to be output using class row1 when the row count is even, and class row2 otherwise. The S_ROW_COUNT parameter gets assigned to loops by default. Another example would be the following:

<table>
	<!-- IF loop.S_ROW_COUNT > 10 -->
		<tr bgcolor="#FF0000">
	<!-- ELSEIF loop.S_ROW_COUNT > 5 -->
		<tr bgcolor="#00FF00">
	<!-- ELSEIF loop.S_ROW_COUNT > 2 -->
		<tr bgcolor="#0000FF">
	<!-- ELSE -->
		<tr bgcolor="#FF00FF">
	<!-- ENDIF -->
	<td>hello!</td>
</tr>
</table>

This will output the row cell in purple for the first two rows, blue for rows 2 to 5, green for rows 5 to 10 and red for remainder. So, you could produce a "nice" gradient effect, for example.

What else can you do? Well, you could use IF to do common checks on for example the login state of a user:

<!-- IF S_USER_LOGGED_IN -->
	markup
<!-- ENDIF -->

This replaces the existing (fudged) method in 2.0.x using a zero length array and BEGIN/END.

Extended syntax for Blocks/Loops

Back to our loops - they had been extended with the following additions. Firstly you can set the start and end points of the loop. For example:

<!-- BEGIN loopname(2) -->
	markup
<!-- END loopname -->

Will start the loop on the third entry (note that indexes start at zero). Extensions of this are:

loopname(2): Will start the loop on the 3rd entry
loopname(-2): Will start the loop two entries from the end
loopname(3,4): Will start the loop on the fourth entry and end it on the fifth
loopname(3,-4): Will start the loop on the fourth entry and end it four from last

A further extension to begin is BEGINELSE:

<!-- BEGIN loop -->
	markup
<!-- BEGINELSE -->
	markup
<!-- END loop -->

This will cause the markup between BEGINELSE and END to be output if the loop contains no values. This is useful for forums with no topics (for example) ... in some ways it replaces "bits of" the existing "switch_" type control (the rest being replaced by conditionals).

Another way of checking if a loop contains values is by prefixing the loops name with a dot:

<!-- IF .loop -->
	<!-- BEGIN loop -->
		markup
	<!-- END loop -->
<!-- ELSE -->
	markup
<!-- ENDIF -->

You are even able to check the number of items within a loop by comparing it with values within the IF condition:

<!-- IF .loop > 2 -->
	<!-- BEGIN loop -->
		markup
	<!-- END loop -->
<!-- ELSE -->
	markup
<!-- ENDIF -->

Nesting loops cause the conditionals needing prefixed with all loops from the outer one to the inner most. An illustration of this:

<!-- BEGIN firstloop -->
	{firstloop.MY_VARIABLE_FROM_FIRSTLOOP}

	<!-- BEGIN secondloop -->
		{firstloop.secondloop.MY_VARIABLE_FROM_SECONDLOOP}
	<!-- END secondloop -->
<!-- END firstloop -->

Sometimes it is necessary to break out of nested loops to be able to call another loop within the current iteration. This sounds a little bit confusing and it is not used very often. The following (rather complex) example shows this quite good - it also shows how you test for the first and last row in a loop (i will explain the example in detail further down):

<!-- BEGIN l_block1 -->
	<!-- IF l_block1.S_SELECTED -->
		<strong>{l_block1.L_TITLE}</strong>
		<!-- IF S_PRIVMSGS -->

			<!-- the ! at the beginning of the loop name forces the loop to be not a nested one of l_block1 -->
			<!-- BEGIN !folder -->
				<!-- IF folder.S_FIRST_ROW -->
					<ul class="nav">
				<!-- ENDIF -->

				<li><a href="{folder.U_FOLDER}">{folder.FOLDER_NAME}</a></li>

				<!-- IF folder.S_LAST_ROW -->
					</ul>
				<!-- ENDIF -->
			<!-- END !folder -->

		<!-- ENDIF -->

		<ul class="nav">
		<!-- BEGIN l_block2 -->
			<li>
				<!-- IF l_block1.l_block2.S_SELECTED -->
					<strong>{l_block1.l_block2.L_TITLE}</strong>
				<!-- ELSE -->
					<a href="{l_block1.l_block2.U_TITLE}">{l_block1.l_block2.L_TITLE}</a>
				<!-- ENDIF -->
			</li>
		<!-- END l_block2 -->
		</ul>
	<!-- ELSE -->
		<a class="nav" href="{l_block1.U_TITLE}">{l_block1.L_TITLE}</a>
	<!-- ENDIF -->
<!-- END l_block1 -->

Let us first concentrate on this part of the example:

<!-- BEGIN l_block1 -->
	<!-- IF l_block1.S_SELECTED -->
		markup
	<!-- ELSE -->
		<a class="nav" href="{l_block1.U_TITLE}">{l_block1.L_TITLE}</a>
	<!-- ENDIF -->
<!-- END l_block1 -->

Here we open the loop l_block1 and do some things if the value S_SELECTED within the current loop iteration is true, else we write the blocks link and title. Here, you see {l_block1.L_TITLE} referenced - you remember that L_* variables get automatically assigned the corresponding language entry? This is true, but not within loops. The L_TITLE variable within the loop l_block1 is assigned within the code itself.

Let's have a closer look at the markup:

<!-- BEGIN l_block1 -->
.
.
	<!-- IF S_PRIVMSGS -->

		<!-- BEGIN !folder -->
			<!-- IF folder.S_FIRST_ROW -->
				<ul class="nav">
			<!-- ENDIF -->

			<li><a href="{folder.U_FOLDER}">{folder.FOLDER_NAME}</a></li>

			<!-- IF folder.S_LAST_ROW -->
				</ul>
			<!-- ENDIF -->
		<!-- END !folder -->

	<!-- ENDIF -->
.
.
<!-- END l_block1 -->

The <!-- IF S_PRIVMSGS --> statement clearly checks a global variable and not one within the loop, since the loop is not given here. So, if S_PRIVMSGS is true we execute the shown markup. Now, you see the <!-- BEGIN !folder --> statement. The exclamation mark is responsible for instructing the template engine to iterate through the main loop folder. So, we are now within the loop folder - with <!-- BEGIN folder --> we would have been within the loop l_block1.folder automatically as is the case with l_block2:

<!-- BEGIN l_block1 -->
.
.
	<ul class="nav">
	<!-- BEGIN l_block2 -->
		<li>
			<!-- IF l_block1.l_block2.S_SELECTED -->
				<strong>{l_block1.l_block2.L_TITLE}</strong>
			<!-- ELSE -->
				<a href="{l_block1.l_block2.U_TITLE}">{l_block1.l_block2.L_TITLE}</a>
			<!-- ENDIF -->
		</li>
	<!-- END l_block2 -->
	</ul>
.
.
<!-- END l_block1 -->

You see the difference? The loop l_block2 is a member of the loop l_block1 but the loop folder is a main loop.

Now back to our folder loop:

<!-- IF folder.S_FIRST_ROW -->
	<ul class="nav">
<!-- ENDIF -->

<li><a href="{folder.U_FOLDER}">{folder.FOLDER_NAME}</a></li>

<!-- IF folder.S_LAST_ROW -->
	</ul>
<!-- ENDIF -->

You may have wondered what the comparison to S_FIRST_ROW and S_LAST_ROW is about. If you haven't guessed already - it is checking for the first iteration of the loop with S_FIRST_ROW and the last iteration with S_LAST_ROW. This can come in handy quite often if you want to open or close design elements, like the above list. Let us imagine a folder loop build with three iterations, it would go this way:

<ul class="nav"> <!-- written on first iteration -->
	<li>first element</li> <!-- written on first iteration -->
	<li>second element</li> <!-- written on second iteration -->
	<li>third element</li> <!-- written on third iteration -->
</ul> <!-- written on third iteration -->

As you can see, all three elements are written down as well as the markup for the first iteration and the last one. Sometimes you want to omit writing the general markup - for example:

<!-- IF folder.S_FIRST_ROW -->
	<ul class="nav">
<!-- ELSEIF folder.S_LAST_ROW -->
	</ul>
<!-- ELSE -->
	<li><a href="{folder.U_FOLDER}">{folder.FOLDER_NAME}</a></li>
<!-- ENDIF -->

would result in the following markup:

<ul class="nav"> <!-- written on first iteration -->
	<li>second element</li> <!-- written on second iteration -->
</ul> <!-- written on third iteration -->

Just always remember that processing is taking place from top to bottom.

Forms

If a form is used for a non-trivial operation (i.e. more than a jumpbox), then it should include the {S_FORM_TOKEN} template variable.

<form method="post" id="mcp" action="{U_POST_ACTION}">

	<fieldset class="submit-buttons">
		<input type="reset" value="{L_RESET}" name="reset" class="button2" /> 
		<input type="submit" name="action[add_warning]" value="{L_SUBMIT}" class="button1" />
		{S_FORM_TOKEN}
	</fieldset>
</form>
		

4.ii. Styles Tree

When basing a new style on an existing one, it is not necessary to provide all the template files. By declaring the base style name in the parent field in the style configuration file, the style can be set to reuse template files from the parent style.

The effect of doing so is that the template engine will use the template files in the new style where they exist, but fall back to files in the parent style otherwise.

We strongly encourage the use of parent styles for styles based on the bundled styles, as it will ease the update procedure.

# General Information about this style
name = Custom Style
copyright = © phpBB Limited, 2007
style_version = 3.2.0-b1
phpbb_version = 3.2.0-b1

# Defining a different template bitfield
# template_bitfield = lNg=

# Parent style
# Set value to empty or to this style's name if this style does not have a parent style
parent = prosilver
		

4.iii. Template Events

Template events must follow this format: <!-- EVENT event_name -->

Using the above example, files named event_name.html located within extensions will be injected into the location of the event.

Template event naming guidelines:

  • An event name must be all lowercase, with each word separated by an underscore.
  • An event name must briefly describe the location and purpose of the event.
  • An event name must end with one of the following suffixes:
    • _prepend - This event adds an item to the beginning of a block of related items, or adds to the beginning of individual items in a block.
    • _append - This event adds an item to the end of a block of related items, or adds to the end of individual items in a block.
    • _before - This event adds content directly before the specified block
    • _after - This event adds content directly after the specified block

Template event documentation

Events must be documented in phpBB/docs/events.md in alphabetical order based on the event name. The format is as follows:

  • An event found in only one template file:
    event_name
    ===
    * Location: styles/<style_name>/template/filename.html
    * Purpose: A brief description of what this event should be used for.
    This may span multiple lines.
    * Since: Version since when the event was added
    
  • An event found in multiple template files:
    event_name
    ===
    * Locations:
        + first/file/path.html
        + second/file/path.html
    * Purpose: Same as above.
    * Since: 3.2.0-b1
    
  • An event that is found multiple times in a file should have the number of instances in parenthesis next to the filename.
    event_name
    ===
    * Locations:
        + first/file/path.html (2)
        + second/file/path.html
    * Purpose: Same as above.
    * Since: 3.2.0-b1
    
  • An actual example event documentation:
    forumlist_body_last_post_title_prepend
    ====
    * Locations:
        + styles/prosilver/template/forumlist_body.html
        + styles/subsilver2/template/forumlist_body.html
    * Purpose: Add content before the post title of the latest post in a forum on the forum list.
    * Since: 3.2.0-a1
    


5. Character Sets and Encodings

What are Unicode, UCS and UTF-8?

The Universal Character Set (UCS) described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. Unicode - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the Unicode Consortium's website. One of the Unicode encodings is the 8-bit Unicode Transformation Format (UTF-8). It encodes characters with up to four bytes aiming for maximum compatibility with the American Standard Code for Information Interchange which is a 7-bit encoding of a relatively small subset of the UCS.

phpBB's use of Unicode

Unfortunately PHP does not facilitate the use of Unicode prior to version 6. Most functions simply treat strings as sequences of bytes assuming that each character takes up exactly one byte. This behaviour still allows for storing UTF-8 encoded text in PHP strings but many operations on strings have unexpected results. To circumvent this problem we have created some alternative functions to PHP's native string operations which use code points instead of bytes. These functions can be found in /includes/utf/utf_tools.php. They are also covered in the phpBB3 Sourcecode Documentation. A lot of native PHP functions still work with UTF-8 as long as you stick to certain restrictions. For example explode still works as long as the first and the last character of the delimiter string are ASCII characters.

phpBB only uses the ASCII and the UTF-8 character encodings. Still all Strings are UTF-8 encoded because ASCII is a subset of UTF-8. The only exceptions to this rule are code sections which deal with external systems which use other encodings and character sets. Such external data should be converted to UTF-8 using the utf8_recode() function supplied with phpBB. It supports a variety of other character sets and encodings, a full list can be found below.

With $request->variable() you can either allow all UCS characters in user input or restrict user input to ASCII characters. This feature is controlled by the method's third parameter called $multibyte. You should allow multibyte characters in posts, PMs, topic titles, forum names, etc. but it's not necessary for internal uses like a $mode variable which should only hold a predefined list of ASCII strings anyway.

// an input string containing a multibyte character
$_REQUEST['multibyte_string'] = 'Käse';

// print request variable as a UTF-8 string allowing multibyte characters
echo $request->variable('multibyte_string', '', true);
// print request variable as ASCII string
echo $request->variable('multibyte_string', '');

This code snippet will generate the following output:

Käse
K??se

Case Folding

Case insensitive comparison of strings is no longer possible with strtolower or strtoupper as some characters have multiple lower case or multiple upper case forms depending on their position in a word. The utf8_strtolower and the utf8_strtoupper functions suffer from the same problem so they can only be used to display upper/lower case versions of a string but they cannot be used for case insensitive comparisons either. So instead you should use case folding which gives you a case insensitive version of the string which can be used for case insensitive comparisons. An NFC normalized string can be case folded using utf8_case_fold_nfc().

// Bad - The strings might be the same even if strtolower differs

if (strtolower($string1) == strtolower($string2))
{
	echo '$string1 and $string2 are equal or differ in case';
}

// Good - Case folding is really case insensitive

if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
{
	echo '$string1 and $string2 are equal or differ in case';
}

Confusables Detection

phpBB offers a special method utf8_clean_string which can be used to make sure string identifiers are unique. This method uses Normalization Form Compatibility Composition (NFKC) instead of NFC and replaces similarly looking characters with a particular representative of the equivalence class. This method is currently used for usernames and group names to avoid confusion with similarly looking names.


6. Translation (i18n/L10n) Guidelines

6.i. Standardisation

Reason:

phpBB is one of the most translated open-source projects, with the current stable version being available in over 60 localisations. Whilst the ad hoc approach to the naming of language packs has worked, for phpBB3 and beyond we hope to make this process saner which will allow for better interoperation with current and future web browsers.

Encoding:

With phpBB3, the output encoding for the forum in now UTF-8, a Universal Character Encoding by the Unicode Consortium that is by design a superset to US-ASCII and ISO-8859-1. By using one character set which simultaenously supports all scripts which previously would have required different encodings (eg: ISO-8859-1 to ISO-8859-15 (Latin, Greek, Cyrillic, Thai, Hebrew, Arabic); GB2312 (Simplified Chinese); Big5 (Traditional Chinese), EUC-JP (Japanese), EUC-KR (Korean), VISCII (Vietnamese); et cetera), we remove the need to convert between encodings and improves the accessibility of multilingual forums.

The impact is that the language files for phpBB must now also be encoded as UTF-8, with a caveat that the files must not contain a BOM for compatibility reasons with non-Unicode aware versions of PHP. For those with forums using the Latin character set (ie: most European languages), this change is transparent since UTF-8 is superset to US-ASCII and ISO-8859-1.

Language Tag:

The IETF recently published RFC 4646 for tags used to identify languages, which in combination with RFC 4647 obseletes the older RFC 3006 and older-still RFC 1766. RFC 4646 uses ISO 639-1/ISO 639-2, ISO 3166-1 alpha-2, ISO 15924 and UN M.49 to define a language tag. Each complete tag is composed of subtags which are not case sensitive and can also be empty.

Ordering of the subtags in the case that they are all non-empty is: language-script-region-variant-extension-privateuse. Should any subtag be empty, its corresponding hyphen would also be omitted. Thus, the language tag for English will be en and not en-----.

Most language tags consist of a two- or three-letter language subtag (from ISO 639-1/ISO 639-2). Sometimes, this is followed by a two-letter or three-digit region subtag (from ISO 3166-1 alpha-2 or UN M.49). Some examples are:

Examples of various possible language tags as described by RFC 4646 and RFC 4647
Language tag Description Component subtags
en English language
mas Masai language
fr-CA French as used in Canada language+region
en-833 English as used in the Isle of Man language+region
zh-Hans Chinese written with Simplified script language+script
zh-Hant-HK Chinese written with Traditional script as used in Hong Kong language+script+region
de-AT-1996 German as used in Austria with 1996 orthography language+region+variant

The ultimate aim of a language tag is to convey the needed useful distingushing information, whilst keeping it as short as possible. So for example, use en, fr and ja as opposed to en-GB, fr-FR and ja-JP, since we know English, French and Japanese are the native language of Great Britain, France and Japan respectively.

Next is the ISO 15924 language script code and when one should or shouldn't use it. For example, whilst en-Latn is syntaxically correct for describing English written with Latin script, real world English writing is more-or-less exclusively in the Latin script. For such languages like English that are written in a single script, the IANA Language Subtag Registry has a "Suppress-Script" field meaning the script code should be omitted unless a specific language tag requires a specific script code. Some languages are written in more than one script and in such cases, the script code is encouraged since an end-user may be able to read their language in one script, but not the other. Some examples are:

Examples of using a language subtag in combination with a script subtag
Language tag Description Component subtags
en-Brai English written in Braille script language+script
en-Dsrt English written in Deseret (Mormon) script language+script
sr-Latn Serbian written in Latin script language+script
sr-Cyrl Serbian written in Cyrillic script language+script
mn-Mong Mongolian written in Mongolian script language+script
mn-Cyrl Mongolian written in Cyrillic script language+script
mn-Phag Mongolian written in Phags-pa script language+script
az-Cyrl-AZ Azerbaijani written in Cyrillic script as used in Azerbaijan language+script+region
az-Latn-AZ Azerbaijani written in Latin script as used in Azerbaijan language+script+region
az-Arab-IR Azerbaijani written in Arabic script as used in Iran language+script+region

Usage of the three-digit UN M.49 code over the two-letter ISO 3166-1 alpha-2 code should happen if a macro-geographical entity is required and/or the ISO 3166-1 alpha-2 is ambiguous.

Examples of English using marco-geographical regions:

Coding for English using macro-geographical regions (examples for English of ISO 3166-1 alpha-2 vs. UN M.49 code)
ISO 639-1/ISO 639-2 + ISO 3166-1 alpha-2 ISO 639-1/ISO 639-2 + UN M.49 (Example macro regions)
en-AU
English as used in Australia
en-053
English as used in Australia & New Zealand
en-009
English as used in Oceania
en-NZ
English as used in New Zealand
en-FJ
English as used in Fiji
en-054
English as used in Melanesia

Examples of Spanish using marco-geographical regions:

Coding for Spanish macro-geographical regions (examples for Spanish of ISO 3166-1 alpha-2 vs. UN M.49 code)
ISO 639-1/ISO 639-2 + ISO 3166-1 alpha-2 ISO 639-1/ISO 639-2 + UN M.49 (Example macro regions)
es-PR
Spanish as used in Puerto Rico
es-419
Spanish as used in Latin America & the Caribbean
es-019
Spanish as used in the Americas
es-HN
Spanish as used in Honduras
es-AR
Spanish as used in Argentina
es-US
Spanish as used in United States of America
es-021
Spanish as used in North America

Example of where the ISO 3166-1 alpha-2 is ambiguous and why UN M.49 might be preferred:

Coding for ambiguous ISO 3166-1 alpha-2 regions
CS assignment pre-1994 CS assignment post-1994
CS
Czechoslovakia (ISO 3166-1)
200
Czechoslovakia (UN M.49)
CS
Serbian & Montenegro (ISO 3166-1)
891
Serbian & Montenegro (UN M.49)
CZ
Czech Republic (ISO 3166-1)
203
Czech Republic (UN M.49)
SK
Slovakia (ISO 3166-1)
703
Slovakia (UN M.49)
RS
Serbia (ISO 3166-1)
688
Serbia (UN M.49)
ME
Montenegro (ISO 3166-1)
499
Montenegro (UN M.49)

Macro-languages & Topolects:

RFC 4646 anticipates features which shall be available in (currently draft) ISO 639-3 which aims to provide as complete enumeration of languages as possible, including living, extinct, ancient and constructed languages, whether majour, minor or unwritten. A new feature of ISO 639-3 compared to the previous two revisions is the concept of macrolanguages where Arabic and Chinese are two such examples. In such cases, their respective codes of ar and zh is very vague as to which dialect/topolect is used or perhaps some terse classical variant which may be difficult for all but very educated users. For such macrolanguages, it is recommended that the sub-language tag is used as a suffix to the macrolanguage tag, eg:

Macrolanguage subtag + sub-language subtag examples
Language tag Description Component subtags
zh-cmn Mandarin (Putonghau/Guoyu) Chinese macrolanguage+sublanguage
zh-yue Yue (Cantonese) Chinese macrolanguage+sublanguage
zh-cmn-Hans Mandarin (Putonghau/Guoyu) Chinese written in Simplified script macrolanguage+sublanguage+script
zh-cmn-Hant Mandarin (Putonghau/Guoyu) Chinese written in Traditional script macrolanguage+sublanguage+script
zh-nan-Latn-TW Minnan (Hoklo) Chinese written in Latin script (POJ Romanisation) as used in Taiwan macrolanguage+sublanguage+script+region

6.ii. Other considerations

Normalisation of language tags for phpBB:

For phpBB, the language tags are not used in their raw form and instead converted to all lower-case and have the hyphen - replaced with an underscore _ where appropriate, with some examples below:

Language tag normalisation examples
Raw language tag Description Value of USER_LANG
in ./common.php
Language pack directory
name in /language/
en British English en en
de-AT German as used in Austria de-at de_at
es-419 Spanish as used in Latin America & Caribbean en-419 en_419
zh-yue-Hant-HK Cantonese written in Traditional script as used in Hong Kong zh-yue-hant-hk zh_yue_hant_hk

How to use iso.txt:

The iso.txt file is a small UTF-8 encoded plain-text file which consists of three lines:

  1. Language's English name
  2. Language's local name
  3. Authors information

iso.txt is automatically generated by the language pack submission system on phpBB.com. You don't have to create this file yourself if you plan on releasing your language pack on phpBB.com, but do keep in mind that phpBB itself does require this file to be present.

Because language tags themselves are meant to be machine read, they can be rather obtuse to humans and why descriptive strings as provided by iso.txt are needed. Whilst en-US could be fairly easily deduced to be "English as used in the United States", de-CH is more difficult less one happens to know that de is from "Deutsch", German for "German" and CH is the abbreviation of the official Latin name for Switzerland, "Confoederatio Helvetica".

For the English language description, the language name is always first and any additional attributes required to describe the subtags within the language code are then listed in order separated with commas and enclosed within parentheses, eg:

English language description examples for iso.txt
Raw language tag English description within iso.txt
en British English
en-US English (United States)
en-053 English (Australia & New Zealand)
de German
de-CH-1996 German (Switzerland, 1996 orthography)
gws-1996 Swiss German (1996 orthography)
zh-cmn-Hans-CN Mandarin Chinese (Simplified, Mainland China)
zh-yue-Hant-HK Cantonese Chinese (Traditional, Hong Kong)

For the localised language description, just translate the English version though use whatever appropriate punctuation typical for your own locale, assuming the language uses punctuation at all.

Unicode bi-directional considerations:

Because phpBB is now UTF-8, all translators must take into account that certain strings may be shown when the directionality of the document is either opposite to normal or is ambiguous.

The various Unicode control characters for bi-directional text and their HTML enquivalents where appropriate are as follows:

Unicode bidirectional control characters & HTML elements/entities
Unicode character
abbreviation
Unicode
code-point
Unicode character
name
Equivalent HTML
markup/entity
Raw character
(enclosed between '')
LRM U+200E Left-to-Right Mark &lrm; '‎'
RLM U+200F Right-to-Left Mark &rlm; '‏'
LRE U+202A Left-to-Right Embedding dir="ltr" '‪'
RLE U+202B Right-to-Left Embedding dir="rtl" '‫'
PDF U+202C Pop Directional Formatting </bdo> '‬'
LRO U+202D Left-to-Right Override <bdo dir="ltr"> '‭'
RLO U+202E Right-to-Left Override <bdo dir="rtl"> '‮'

For iso.txt, the directionality of the text can be explicitly set using special Unicode characters via any of the three methods provided by left-to-right/right-to-left markers/embeds/overrides, as without them, the ordering of characters will be incorrect, eg:

Unicode bidirectional control characters iso.txt
Directionality Raw character view Display of localised
description in iso.txt
Ordering
dir="ltr" English (Australia & New Zealand) English (Australia & New Zealand) Correct
dir="rtl" English (Australia & New Zealand) English (Australia & New Zealand) Incorrect
dir="rtl" with LRM English (Australia & New Zealand)U+200E English (Australia & New Zealand)‎ Correct
dir="rtl" with LRE & PDF U+202AEnglish (Australia & New Zealand)U+202C ‪English (Australia & New Zealand)‬ Correct
dir="rtl" with LRO & PDF U+202DEnglish (Australia & New Zealand)U+202C ‭English (Australia & New Zealand)‬ Correct

In choosing which of the three methods to use, in the majority of cases, the LRM or RLM to put a "strong" character to fully enclose an ambiguous punctuation character and thus make it inherit the correct directionality is sufficient.

Within some cases, there may be mixed scripts of a left-to-right and right-to-left direction, so using LRE & RLE with PDF may be more appropriate. Lastly, in very rare instances where directionality must be forced, then use LRO & RLO with PDF.

For further information on authoring techniques of bi-directional text, please see the W3C tutorial on authoring techniques for XHTML pages with bi-directional text.

6.iii. Working with placeholders

As phpBB is translated into languages with different ordering rules to that of English, it is possible to show specific values in any order deemed appropriate. Take for example the extremely simple "Page X of Y", whilst in English this could just be coded as:

	...
'PAGE_OF'	=>	'Page %s of %s',
		/* Just grabbing the replacements as they
		come and hope they are in the right order */
	...

… a clearer way to show explicit replacement ordering is to do:

	...
'PAGE_OF'	=>	'Page %1$s of %2$s',
		/* Explicit ordering of the replacements,
		even if they are the same order as English */
	...

Why bother at all? Because some languages, the string transliterated back to English might read something like:

	...
'PAGE_OF'	=>	'Total of %2$s pages, currently on page %1$s',
		/* Explicit ordering of the replacements,
		reversed compared to English as the total comes first */
	...

6.iv. Using plurals

The english language is very simple when it comes to plurals.
You have 0 elephants, 1 elephant, or 2+ elephants. So basically you have 2 different forms: one singular and one plural.
But for some other languages this is quite more difficult. Let's take the Bosnian language as another example:
You have [1/21/31] slon, [2/3/4] slona, [0/5/6] slonova and [7/8/9/11] ... and some more difficult rules.

The plural system takes care of this and can be used as follows:

The PHP code will basically look like this:

	...
	$user->lang('NUMBER_OF_ELEPHANTS', $number_of_elephants);
	...

And the English translation would be:

	...
	'NUMBER_OF_ELEPHANTS'	=> array(
		0	=> 'You have no elephants', // Optional special case for 0
		1	=> 'You have 1 elephant', // Singular
		2	=> 'You have %d elephants', // Plural
	),
	...

While the Bosnian translation can have more cases:

	...
	'NUMBER_OF_ELEPHANTS'	=> array(
		0	=> 'You have no slonova', // Optional special case for 0
		1	=> 'You have %d slon', // Used for 1, 21, 31, ..
		2	=> 'You have %d slona', // Used for 5, 6,
		3	=> ...
	),
	...

NOTE: It is okay to use plurals for an unknown number compared to a single item, when the number is not known and displayed:

	...
	'MODERATOR'	=> 'Moderator',  // Your board has 1 moderator
	'MODERATORS'	=> 'Moderators', // Your board has multiple moderators
	...

6.v. Writing Style

Miscellaneous tips & hints:

As the language files are PHP files, where the various strings for phpBB are stored within an array which in turn are used for display within an HTML page, rules of syntax for both must be considered. Potentially problematic characters are: ' (straight quote/apostrophe), " (straight double quote), < (less-than sign), > (greater-than sign) and & (ampersand).

// Bad - The un-escapsed straight-quote/apostrophe will throw a PHP parse error

	...
'CONV_ERROR_NO_AVATAR_PATH'
	=>	'Note to developer: you must specify $convertor['avatar_path'] to use %s.',
	...

// Good - Literal straight quotes should be escaped with a backslash, ie: \

	...
'CONV_ERROR_NO_AVATAR_PATH'
	=>	'Note to developer: you must specify $convertor[\'avatar_path\'] to use %s.',
	...

However, because phpBB3 now uses UTF-8 as its sole encoding, we can actually use this to our advantage and not have to remember to escape a straight quote when we don't have to:

// Bad - The un-escapsed straight-quote/apostrophe will throw a PHP parse error

	...
'USE_PERMISSIONS'	=>	'Test out user's permissions',
	...

// Okay - However, non-programmers wouldn't type "user\'s" automatically

	...
'USE_PERMISSIONS'	=>	'Test out user\'s permissions',
	...

// Best - Use the Unicode Right-Single-Quotation-Mark character

	...
'USE_PERMISSIONS'	=>	'Test out user’s permissions',
	...

The " (straight double quote), < (less-than sign) and > (greater-than sign) characters can all be used as displayed glyphs or as part of HTML markup, for example:

// Bad - Invalid HTML, as segments not part of elements are not entitised

	...
'FOO_BAR'	=>	'PHP version < 5.3.3.<br />
	Visit "Downloads" at <a href="http://www.php.net/">www.php.net</a>.',
	...

// Okay - No more invalid HTML, but "&quot;" is rather clumsy

	...
'FOO_BAR'	=>	'PHP version &lt; 5.3.3.<br />
	Visit &quot;Downloads&quot; at <a href="http://www.php.net/">www.php.net</a>.',
	...

// Best - No more invalid HTML, and usage of correct typographical quotation marks

	...
'FOO_BAR'	=>	'PHP version &lt; 5.3.3.<br />
	Visit “Downloads” at <a href="http://www.php.net/">www.php.net</a>.',
	...

Lastly, the & (ampersand) must always be entitised regardless of where it is used:

// Bad - Invalid HTML, none of the ampersands are entitised

	...
'FOO_BAR'	=>	'<a href="http://somedomain.tld/?foo=1&bar=2">Foo & Bar</a>.',
	...

// Good - Valid HTML, amperands are correctly entitised in all cases

	...
'FOO_BAR'	=>	'<a href="http://somedomain.tld/?foo=1&amp;bar=2">Foo &amp; Bar</a>.',
	...

As for how these charcters are entered depends very much on choice of Operating System, current language locale/keyboard configuration and native abilities of the text editor used to edit phpBB language files. Please see http://en.wikipedia.org/wiki/Unicode#Input_methods for more information.

Spelling, punctuation, grammar, et cetera:

The default language pack bundled with phpBB is British English using Cambridge University Press spelling and is assigned the language code en. The style and tone of writing tends towards formal and translations should emulate this style, at least for the variant using the most compact language code. Less formal translations or those with colloquialisms must be denoted as such via either an extension or privateuse tag within its language code.


7. Copyright and disclaimer

phpBB is free software, released under the terms of the GNU General Public License, version 2 (GPL-2.0). Copyright © phpBB Limited. For full copyright and license information, please see the docs/CREDITS.txt file.