How SMF works

horseatingweeds · February 28, 2008, 01:22:37 PM

Does anyone know of a good explanation, beyond the simple code comments, that will explain how the SMF code basically works? I've been studying it but I'm not good enough with php to see how it's all coming together. I think if I did I'd start understanding everything better.

For example, I see that the whole thing runs on index.php with and action from an array but I don't see how things are referenced. Like where does the variable $sourcedir come from at the beginning of index.php? - and so on....

Shean · February 28, 2008, 01:41:21 PM

A file at the forum while actually becoming model 1.1.4 harmonious sadece

horseatingweeds · February 28, 2008, 02:28:35 PM

What??

jamesk · February 28, 2008, 03:24:34 PM

Well, I'm no expert, but the index.php file is pretty much executed in order. I think the most important thing that you may not be understanding is the require_once() function.

QuoteLike where does the variable $sourcedir come from at the beginning of index.php?

If you see the first require_once, you'll see:

Code Select

require_once(dirname(__FILE__) . '/Settings.php');

which gets all your relevant data (like database name, password, paths, etc...). So, then it has your $sourcedir...

For the most part, the template files "display" the forum and contains most of the HTML and the corresponding non-template file (located in the /Sources folder) has all the main functions including the database queries.

For example, if you wanted to change the way the memberlist looks, you'd fool around with the Memberlist.template.php file but if you wanted to change/add the way it sorts, you'd have to open Memberlist.php file (in the sources folder)...

I guess that's a starting point (as I too am still learning the "way it works")...

horseatingweeds · February 28, 2008, 04:14:03 PM

Thanks jamesk,

That knocks a chip off the WTF block.

lureah21 · February 28, 2008, 04:31:08 PM

I'm gonna stick with FrondaL's explanation since it sounds so much more mystical.

horseatingweeds · February 28, 2008, 04:43:50 PM

I was a little worried about that actually. I read it about 8 or 10 times until it felt like I was casting a spell. I even looked up "harmonious sadece". I think it's Turkish.

jamesk · February 28, 2008, 06:23:45 PM

I think he said the same thing I said, but in a more eloquent way

Anyways, just to follow up a little, all the require_once() functions

Code Select

// And important includes.
require_once($sourcedir . '/QueryString.php');
require_once($sourcedir . '/Subs.php');
require_once($sourcedir . '/Errors.php');
require_once($sourcedir . '/Load.php');
require_once($sourcedir . '/Security.php');

pretty much load up all the necessary functions. I guess, theoretically, all the functions could have been placed in one HUGE index.php file but the way it's done makes more sense.

So, now that all the functions are available, the index.php calls whichever function it needs and loads all the user's info (like username (if logged in), avatar, unread posts, etc, etc...) by calling the smf_main() function.

I'm guessing that's where the user's theme is loaded and the relevant index.template.php file is called (I believe through load.php).

There's a list of templates as well: http://docs.simplemachines.org/index.php?topic=219

So, if anyone is else wants to elaborate (without using phrases above my level of understanding such as "harmonious sadece") I'm willing to listen/learn as well...

I'm especially interested in the how the actions/sub-actions are coded and called...

I'd like a further explanation of

horseatingweeds · February 28, 2008, 08:05:08 PM

Yeah, the load.php file. I'm starting to understand the basics now but it's pretty vast. One thing I can't figure out is where the $context variable is being created or set. It's dealing with everything and I just can't find it.

Another thing I'm trying to understand is how SMF uses sessions. It's a cookie but from there I get lost.

Here is a question. You can only look at the index.php page with a browser because of the

Code Select

if (!defined('SMF'))
	die('Hacking attempt...');

on the included pages. How does this stop hackers? Does it just keep them from seeing how your code is set up?

capabmx · February 28, 2008, 08:09:11 PM

I'm pretty sure that stops them frmo beign able to access the file directly. Like if they tried putting the url to specific files like source files it would see it as a hacking attempt and now allow them permission. I might be wrong though...

horseatingweeds · February 28, 2008, 08:22:36 PM

So should I put something like that on my other applications? I need to learn more about security before I'm taught.....

jamesk · February 28, 2008, 09:11:03 PM

Now I'm acting like I know what I'm talking about when I don't

I believe the $context array is loaded (mostly) in Load.php but not all in one function. If you look within the Load.php file, you'll see various $context['something']['somethingelse'] assignments. I'm not sure if this is where it begins... It's kind of hard to follow since PHP doesn't require variable initialization and since the $context array is declared as global almost everywhere...

As for your question on:

QuoteHere is a question. You can only look at the index.php page with a browser because of the

Code Select Expand
if (!defined('SMF')) die('Hacking attempt...'); on the included pages. How does this stop hackers? Does it just keep them from seeing how your code is set up?

I don't think it has anything to do with allowing viewing by browsers. I think it has more to do with (as capabmx stated) allowing a user to directly access the file and/or accessing the file prior to the index.php file. The index.php, once loaded, has:

Code Select

define('SMF', 1);

One thing I'm not sure of is how it differs from the isset() function, but this may/may not have something to do with it:

http://us.php.net/manual/en/security.globals.php

capabmx · February 28, 2008, 10:14:47 PM

Yay, haha I feel a little smart now

Dannii · February 28, 2008, 10:23:07 PM

index.php makes sure that all of the inputs are sanitised etc, to stop injections. If you accessed the files directly this would not be the case.

Panzer- · February 29, 2008, 12:43:31 PM

As you said above, everything is based around index.php

$context is sorta hard to describe. Its anywhere, everywhere and does everything. Thankfully the developers have made it easy by sort of making it plain english $context['logged']['guest'] (I know thats not one but you get the idea). Most mods add to the $context array.

horseatingweeds · February 29, 2008, 06:58:49 PM

I wish someone would write a walk through of SMF's code. If I ever find one I'll click the hell out of their ads.

Dannii · February 29, 2008, 07:54:57 PM

There's no point writing a general walk through. If you need help with something specific, well that's different.

horseatingweeds · March 01, 2008, 01:13:13 PM

Perhaps not for someone who could write one, someone who knows what all the monkeys are trained to do and where all the vacuum tubes go. Anyway, the comments are just short of what I'm thinking of as a "walk through". I've only recently graduated from the WTF stage of my self-tutoring of php-mysql-Apache. I think such an explanation would prevent many questions and confusions for me.

News:

How SMF works