namespace php5 branch

[terrafrost]

I thought it was already namespace'd but looking at it it does not appear to be..

[mpscholten]

👍 good idea. First we need to decide how our namespace should look like, I suggest: Phpseclib\Net\SSH2.
Then we could use https://github.com/ralphschindler/Namespacer to convert this. I've never used this tool myself but maybe this can help us.

[AdamWill]

You should also probably decide if you want to lay things out PSR-0 or PSR-4 style.

Right now, I'm packaging phpseclib into Fedora downstream. What should I consider the current 'canonical' upstream distribution and layout of phpseclib? At present I'm using the PEAR channel and packaging it PEAR-style.

[terrafrost]

phpseclib should already be using PSR-0 style although I don't see anything wrong with the php5 branch using PSR-4 style if it wants to.

And I'd say the master branch is the canonical version. If the php5 branch was the canonical version then it'd be better to have that be master and the current master be a php4 branch.

Besides, all the documentation is for phpseclib without namespaces and updating that would not be fun. Really, I think a complete update of the look and feel and what not of the documentation might be in order but I'm thinking that's a good GSoC (Google Summer of Code) project (I want a free trip to Mountain View for the mentor summit lol)

[AdamWill]

"phpseclib should already be using PSR-0 style"

It isn't, no, it's using PEAR style. PSR-0 requires a minimum of two levels of namespacing. PSR-0 is designed to be inherently backwards compatible with PEAR-style, so any PSR-0 compliant loader will find and load things laid out PEAR-style, but that doesn't actually mean that they're PSR-0 compliant. They're PEAR compliant.

[AdamWill]

oh, sorry, PSR-0 and PSR-4 both require a minimum of one level of namespacing (a vendor name). Neither requires two.

[bantu]

@terrafrost Let's discuss how our namespace should be called. phpseclib or PhpSecLib or ... ?

[terrafrost]

I'd like phpseclib (non camel case) better

[bantu]

So be it. phpBB uses phpbb, btw.

[AdamWill]

lower-casing stuff seems to be the current vogue in phpland, fwiw - composer/packagist recommend lowercase with - separators for module names.

[bantu]

@terrafrost Do we want to keep the phpseclib folder or do we want to rename it to src? I really do not see a reason to rename it.

[bantu]

Actually, this might be a good idea. Will have to give this some more thought.

[terrafrost]

idk.. either work lol.

[bantu]

For the record: The decision whether to use "phpseclib" or "PhpSecLib" is kind of a marketing decision. The decision to use "phpseclib" has the benefit of being compatible to what is currently in use. Also, that is the name of the project and repository on github.

afischer@leonard:~/code/phpseclib (master) phpseclib $ grep "phpseclib" . -Ri
./File/ASN1.php: * @link      http://phpseclib.sourceforge.net
./File/ANSI.php: * @link      http://phpseclib.sourceforge.net
./File/X509.php: * @link      http://phpseclib.sourceforge.net
./File/X509.php:            // the following are X.509 extensions not supported by phpseclib
./File/X509.php:     * Reformats a public key to a format supported by phpseclib (if applicable)
./Net/SSH2.php: * @link      http://phpseclib.sourceforge.net
./Net/SSH2.php:        $identifier = 'SSH-2.0-phpseclib_0.3';
./Net/SSH2.php:                // maybe phpseclib should force close the connection after x request / responses?  unless something like that is done
./Net/SSH2.php:        // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway.
./Net/SFTP/Stream.php: * @link      http://phpseclib.sourceforge.net
./Net/SSH1.php: * @link      http://phpseclib.sourceforge.net
./Net/SSH1.php:    var $identifier = 'SSH-1.5-phpseclib';
./Net/SCP.php: * @link      http://phpseclib.sourceforge.net
./Net/SFTP.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Rijndael.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Rijndael.php:    var $password_default_salt = 'phpseclib';
./Crypt/Rijndael.php:     * Note: phpseclib extends Rijndael (and AES) for using 160- and 224-bit keys but they are officially not defined
./Crypt/Rijndael.php:     * Additional: In case of 160- and 224-bit keys, phpseclib will/can, for that reason, not use
./Crypt/TripleDES.php: * @link      http://phpseclib.sourceforge.net
./Crypt/TripleDES.php:    var $password_default_salt = 'phpseclib';
./Crypt/AES.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Hash.php: * @link      http://phpseclib.sourceforge.net
./Crypt/RSA.php: * @link      http://phpseclib.sourceforge.net
./Crypt/RSA.php:    var $comment = 'phpseclib-generated-key';
./Crypt/Blowfish.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Base.php: * Internally for phpseclib developers:
./Crypt/Base.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Base.php:     * is broken, so phpseclib implements the CFB mode by it self,
./Crypt/Base.php:     * In order to do the CFB-mode work (fast) phpseclib
./Crypt/Base.php:     * @link http://phpseclib.sourceforge.net/cfb-demo.phps
./Crypt/Base.php:    var $password_default_salt = 'phpseclib/salt';
./Crypt/Base.php:            // re: {@link http://phpseclib.sourceforge.net/cfb-demo.phps}
./Crypt/Base.php:            // using mcrypt's default handing of CFB the above would output two different things.  using phpseclib's
./Crypt/Base.php:            // see: {@link http://phpseclib.sourceforge.net/cfb-demo.phps}
./Crypt/Base.php:     * Internally for phpseclib developers:
./Crypt/Base.php:     * Internally for phpseclib developers:
./Crypt/DES.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Twofish.php: * @link      http://phpseclib.sourceforge.net
./Crypt/RC2.php: * @link     http://phpseclib.sourceforge.net
./Crypt/RC4.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Random.php: * @link      http://phpseclib.sourceforge.net
./Crypt/Random.php:        // ANSI X9.31 recommends ciphers be used and phpseclib does use them if they're available (see
./openssl.cnf:# minimalist openssl.cnf file for use with phpseclib
./Math/BigInteger.php:            phpseclib works around this using the technique described here:

[bantu]

The autoloading shall be PSR-4 and it should just map the "phpseclib" namespace to the "phpseclib/" directory. No renaming or addition of directory levels required as far as I can see.

composer.json:

...
    "autoload": {
        "psr-4": {
            "phpseclib\\": "phpseclib/"
        }
    },
...

[AdamWill]

If it helps, based on my dive into the whole autoloading topic, I believe you're right there, but note that PSR-4 autoloading, unlike PSR-0, is not backwards-compatible with the PEAR 'underscores in class names translate to directory separators' convention:

"Underscores have no special meaning in any portion of the fully qualified class name."

So if you go with PSR-4, you'd have to fully namespace the code - you could keep the directory structure, but you'd need to convert all the class definitions to use namespacing. It sounds like that's what you are planning anyway, but I just thought I'd state it explicitly in case :)

[bantu]

Yes, we do want everything under the phpseclib namespace in the php5 branch.

[cnelissen]

Here are some example directory structures based on each style:

PSR-0 or PSR-4 with no composer support (pretty much the same thing)

- phpseclib
    - Crypt
        -AES.php
    - File
    - ...etc

PSR-0 with composer support (Composer requires the vendor name and package name in the directory structure. Can be shortened by one directory by referring to subfolders (Crypt, File, Net, etc) as their own "package", but for full compliance this is correct.)

- /vendor
    - phpseclib
        - phpseclib
            -src
                - phpseclib
                    - phpseclib
                        - Crypt
                            -AES.php
                        - File
                        - ...etc

PSR-4 with composer support (also requires the vendor name and package name in the directory structure)

- /vendor
    - phpseclib
        - phpseclib
            -src
                - Crypt
                    -AES.php
                - File
                - ...etc

PSR-4 is obviously the newer standard which allows for a slightly more compact directory structure when using a package management system such as composer, which can be seem as a benefit to some. However as stated by @AdamWill PSR-4 will not allow pseudo namespaced class names i.e. Crypt_AES, NET_SSH2 etc. You could plan to migrate over to PSR-0 right now with the eventual goal of PSR-4 to happen after all the proper namespaces are created. The only other hangup is that there are a good number of calls to global constants (which are defined in each classes file) throughout the code which will NOT trigger an __autoload call, so this would need to be addressed at the same time.

To go with PSR-4 right now, you would have to complete proper namespacing and migrate to class constants at the same time or find an alternate location to define the global variables until the class changes can be made.

[Esysteme]

I need this lib fully support with psr standard, I will fork and make upgrade to be compatible with
PSR-0
PSR-1
PSR-2
PSR-4

[bantu]

@Esysteme Hey. There is a pull request for PSR4. If you want to contribute please make sure you read related discussions. Otherwise you are probably going to waste your time and your changes won't be accepted upstream.

[Esysteme]

lol I mostly converted all code :p

[Esysteme]

you mean this fork ?

https://github.com/cnelissen/phpseclib/tree/php5

[bantu]

@Esysteme #277 and the whole dependency tree behind it.

[Esysteme]

@bantu what is the good one then?

[bantu]

@Esysteme ?_?

I guess you've been meaning to post #191 (comment) to this ticket instead.

[jslegers]

@terrafrost & @cnelissen :

PSR-4 is obviously the newer standard which allows for a slightly more compact directory structure when using a package management system such as composer, which can be seem as a benefit to some. However as stated by @AdamWill PSR-4 will not allow pseudo namespaced class names i.e. Crypt_AES, NET_SSH2 etc.

... which IMO makes PSR-4 a very poor standard.

Not only does it break backwards compatibility, but it reduces one's ability to write efficient code.

With PSR-0, I could do the following :

• Define one class \Vendor\Package\ComponentOne_Coolclass in file Vendor/Package/ComponentOne/Coolclass/Segment.php
• Define another class \Vendor\Package\ComponentTwo_Funclass in file Vendor/Package/ComponentOne/Coolclass/Funclass.php
• Have either class reference the other without the need for namespaces
• Take advantage of easy autoloading
• Use namespaces only for what they're intended for: referencing third party packages

As a bonus, you get elegant, readable code that's mostly compatibly with old school PEAR-style naming conventions.

phpseclib should already be using PSR-0 style although I don't see anything wrong with the php5 branch using PSR-4 style if it wants to.

PSR-0 implements namespaces the way namespaces are meant to be used. It allows you to :

• avoid naming conflicts by always using a namespace for any third party code
• use PHP4-style naming conventions (with a _ as path separator) for any part of your hierarchy within the same namespace
• never use namespaces to reference any class that's part of the same package/library/framework

Not only is this a lot more elegant than the horrible PSR-4 standard, but it also makes it a lot easier to keep the main fork of PHPSecLib in sync with the PHP5 fork.

Earlier today, I created a version of PHPSecLib that's fully compatible with PSR-0 and includes a PSR-0 autoloader. It required but minimal changes to the PHP5 fork of PHPSecLib. See #369

I won't bother to submit it, though, as long as @bantu sticks with his decision to keep the PSR-4 standard.

[jslegers]

See #374 for the code.

[nVitius]

For what it's worth, I think PSR-4 is the way to go. If anyone really needs to use this with PHP4, they'll have to use a previous release.

[GrahamCampbell]

👍 for psr-4.

[cordoval]

👍

[virgofx]

PSR-4 👍

[joe-meyer]

new to using phpseclib but for what it's worth +1 to PSR-4

[bantu]

The php5 branch is now PSR-4 namespaced thanks to the fantastic work of @cnelissen (#508 #509 #510 #523 #524 #532 #548 #554 #555 #567 #569). Furthermore, some of the PSR-4 goals are witnessed by Code Sniffer rules (#551).

[ArjandeV]

Could this branch be tagged with a version so we can use it as a dependency in other composer packages?