osCommerce Blog

With our recent announcement of optimizing the osCommerce Online Merchant v3.0 release for PHP 5, I will begin blogging about the changes performed here for the v3.0 Alpha 5 and v3.0 Alpha 6 releases to serve as a guide for our community developers. This should help in understanding how the v3.0 framework is designed and how add-ons can take advantage of the optimized framework.

Our decision to optimize the v3.0 framework for PHP 5 is based on the end of life support cycle for PHP 4 which ends at the end of this year. The announcement the PHP Group made regarding this coincides with the efforts of the GoPHP5 initiative whom which we are also supporting.

This allows us to concentrate on a PHP 5 optimized framework for future releases in the v3.x release series without the need to spend resources on PHP 4 compatibility past its end of life cycle.

The first PHP 5 optimized commits have already been performed in our development repository which reflects the classes and Object Oriented design of the framework. The new Object Model of PHP 5 allows us to tighten the design of the framework with the use of “object visibility”, and will be the first step in optimizing the framework for PHP 5.

Object visibility is in regard to defining class members and methods into three different visibility levels: public, protected, and private, which reflect how they can be accessed from outside the class, within the class, and within its inherited children.

The three levels function as:

public - this element can be accessed from inside and outside the class object
protected - this element can be accessed from inside the class object and its inherited children
private - this element can only be accessed from inside the class object

We’ll take a look at a shortened version of the session class to describe how each three visibility levels work.

<?php
  class osC_Session {
    protected $_id = null;
    protected $_name = 'osCsid';
 
    public function __construct($name = null) {
      $this->setName($name);
      $this->_setCookieParameters(SERVICE_SESSION_EXPIRATION_TIME);
    }
 
    public function getID() {
      return $this->_id;
    }
 
    public function getName() {
      return $this->_name;
    }
 
    public function setName($name) {
      session_name($name);
 
      $this->_name = session_name();
    }
 
    protected function _setCookieParameters($lifetime = 0, $path = null, $domain = null, $secure = false, $httponly = false) {
      return session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
    }
  }
?>

The class members $_id and $_name are both protected and allow only to be accessed from within the class and its inherited children. This disallows accessing these members from outside the class as shown in the following example:

<?php
  $osC_Session = new osC_Session();
 
  echo $osC_Session->_id; // not allowed
  $osC_Session->_name = 'test'; // not allowed
?>

To allow access to these members from outside the class they must be defined with the public visibility level. As we don’t allow this as part of our coding standards, get and set methods are defined in the class that allow public access to the class members, as shown in the following example:

<?php
  $osC_Session = new osC_Session();
 
  echo $osC_Session->getID(); // allowed
  $osC_Session->setName('test'); // allowed
?>

Accessing the getID() and setName() class methods from outside the class object is allowed as these have been defined with the public visibility level.

On the other hand, the _setCookieParameters() class method is defined with a protected visibility level and cannot be accessed from outside the class object. The _setCookieParameters() class method can therefore only be accessed from within the class and its inherited children, as is being done in the class constructor.

The session implementation in v3.0 (Alpha 5) has been impoved to allow modules to be loaded that define how the storage of the session data is accessed. An example session module is the database module that stores the session data in the database. Each session module is an extension to the osC_Session class and therefore inherits its class members and methods.

This allows the database session module, named osC_Session_database, to access the public and protected class members and methods from the main osC_Session class.

If there were class members and methods defined in the osC_Session class with the private visibility level, its inherited children such as the osC_Session_database class would not be allowed to access it.

The default behaviour in PHP 4 is to allow full public access to all class members and methods. By using the visibility levels PHP 5 provides, it is possible to disallow public access to class members and methods to keep certain functionality for internal use by the framework only.

Further information regarding object visibility levels can be read at the PHP Manual.

As each class is being updated in the framework, phpDocumentation is also being written to provide a developers API guide with the v3.0 release, that describes each class member and method. This documentation will be completed during v3.0 Alpha 5 and v3.0 Alpha 6.

There’s a posix related bug in PHP 5.2.1 that affects BSD systems. The closest bug report is 40410 which was reported for 5.2.1 RC 4 and is marked as closed.

Although 40410 fixed a posix related compilation error, usage of the PHP function posix_getgrgid() in PHP 5.2.1 returns the following fatal error:

Fatal error: Out of memory (allocated 2097152) (tried to allocate -1 bytes) in /tmp/test.php

This was reported to Anthony Dovgal, who took care of 40410, and confirmed that this problem was fixed in 5.2.2-dev (php5.2-200702281330).

I came across this problem today while working on the Administration Tool -> Tools -> File Manager section, which uses the posix_getgrgid() function to display the group owner name of the files and directories. As Mac OS X is based on BSD, it also affected my development environment.

PHP 5.2.0 was recently released which “includes a large number of new features, bug fixes and security enhancements” to the PHP 5.x series. The PHP Group also published an upgrade guide for existing PHP 5 users that documents the (incompatibility) changes the new release brings.

osCommerce 2.2 Milestone 2 Update 060817 works fine with PHP 5.2.0 (with register_globals and register_long_arrays enabled).

There is however one change that 5.2.0 brings in that causes osCommerce 3.0 Alpha 3 to produce a PHP FATAL error in the sessions implementation, specifically when the session data is stored in the database (by default for osCommerce 3.0).

This is due to a change in session_set_save_handler() where the “write” and “close” handlers are called after objects have been destructed.

As the sessions implementation in osCommerce 3.0 is done in a class/object, writing session data and closing the session are no longer possible as the registered object would be destructed and no longer exist to perform those duties.

The proper solution here is to use session_write_close() in the destructor of the osC_Session class:

class osC_Session {
  ...
 
  function __destruct() {
    session_write_close();
  }
}

As __destruct() is a PHP 5 feature only, an alternative solution is needed for PHP 4 compatibility (the minimum requirement for osCommerce 3.0 will be PHP 4.1), and that is to register session_write_close() as a shutdown function:

session_set_save_handler(array(&$this, '_open'),
                         array(&$this, '_close'),
                         array(&$this, '_read'),
                         array(&$this, '_write'),
                         array(&$this, '_destroy'),
                         array(&$this, '_gc'));
 
register_shutdown_function('session_write_close');

This has already been reported at our new Issue Tracker and has been fixed at r1107.

I just experienced another nasty PHP4 / PHP5 compatibility issue that plagued the logging features of the support site administration tool (which is planned to be introduced in the 3.0 Alpha 4 release).

The implementation uses the strrpos() function to grab the end of a string from a string searched starting point. The opposite function is strpos() that searches from the start of the string instead from the end.

The string to search for, the needle, can be a character or a string for the normal strpos() function in both PHP 4 and PHP 5.

There is however a difference with the strrpos() function where PHP 4 accepts the needle as a character only, and can first be a string from PHP 5 onwards.

This took some time to debug where my local server is running on PHP 5 with the logging features working fine, and the support site running PHP 4 where the issue was first evident.

There is a warning about this on the documentation page which I overlooked during the implementation phase. Such incompatibility warnings should be marked with the infamous <blink> tag so they stand out better

The positive side to this is the valuable user comments on the php documentation pages where numerous functions are provided to workaround the problem.

Workaround functions are obviously not elegant solutions to use, and will look at improving the logic further for the 3.0 Alpha 4 release.

It looks like we have to use another compatibility function due to inconsistencies between PHP versions.

For PHP versions below 4.3.5, defined() returns an integer (1 or 0), whereas from 4.3.5 onwards it returns a boolean (true or false).

This makes it impossible for us to use the following:

if (defined('CONSTANT') === true) {
  ...
}

A note has been added to the PHP documentation page to warn others of this inconsistency.

Relevant bug report:

http://bugs.php.net/bug.php?id=27443