From Mahara Wiki

Revision as of 11:46, 22 January 2014 by Robertl (talk | contribs) (Template for files you expect to be hit by visitors)

These are the templates for all new PHP files. There is a different template depending on whether you file is able to be publicly hittable or not.

This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see ).

Template for files you expect to be hit by visitors

 * @package    mahara
 * @subpackage core or plugintype/pluginname
 * @author     Firstname Lastname
 * @license GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.

 define('INTERNAL', 1);

 // Your code here :)

Template for files you do NOT want to be hit by visitors

  * Mahara: Electronic portfolio, weblog, resume builder and social networking
  * Copyright (C) 2011 Copyright Holder
  * (rest of the GPL statement)
  * @package    mahara
  * @subpackage core or plugintype/pluginname
  * @author     Firstname Lastname

 defined('INTERNAL') || die();

 // Your code here :)


  • Omit the closing php tag "?>"
  • Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
  • The author field should always be a person (or more than one), not a company

Sample page using pieforms and dwoo


define('INTERNAL', 1);

// Get data from the user by using the param_ functions, which will whitelist
// the input
$userint = param_integer('int',0);
// If none of the whitelisting options is acceptable, you can use param_variable,
// but be careful not to print the results to the screen without cleaning them
// first. That's a XSS vulnerability.
$userraw = param_variable('raw', 'no user input provided');

// Generate page content
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
// they can be internationalized with get_string()
$hardcoded = "This is a hard-coded string";

// See
// Normally you'd populate the default values with values from the DB
$form = array(
    'name' => 'testform',
    'method' => 'post',
    'action' => , // self
    'successcallback' => 'testform_submit', // defaults to name_submit
    'validatecallback' => 'testform_validate', // defaults to name_validate
    'elements' => array(
        'fullname' => array(
            'type' => 'fieldset',
            'legend' => "Your name", // should use get_string()...
            'elements' => array(
                'firstname' => array(
                    'type' => 'text',
                    'title' => "First name", // should use get_string()
                    'description' => "Your first, or given name", // get_string()
                    'help' => "Surely you know your own first name.", // get_string()
                    'defaultvalue' => 'Joe',
                    'rules' => array(
                        'required' => true
                'lastname' => array(
                    'type' => 'text',
                    'title' => "Last name", // get_string()
                    'defaultvalue' => 'Schmoe',
                    'description' => "Your last, or family name", // get_string()
        'submitbtn' => array(
            'type' => 'submit',
            'value' => "Submit" // get_string()

function testform_validate(Pieform $form, $values) {
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()

function testform_submit(Pieform $form, $values) {
    global $SESSION;
    // Normally here you would save the submitted values into the database

    // If you set this up as a JS form, use json_reply()
    if (!empty($values['lastname'])) {
        $name = "{$values['firstname']} {$values['lastname']}";
    } else {
        $name = $values['firstname'];
    $SESSION->add_ok_msg("Kia ora, {$name}!");
    redirect(get_config('wwwroot') . 'test.php');

// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
// It checks whether the form was submitted, and if so calls the form's validate
// and/or submit callback functions, which usually results in a call to redirect(), ending
// the page load.
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
// HTML to print it on the page.
// IMPORTANT: all pieform rendering needs to happen before calling smarty() for javascript
// to be added to the page correctly
$formhtml = pieform($form);

// Instantiate the smarty object.
$smarty = smarty();
// Variables you assign to the smarty become accessible in the template
$smarty->assign('hard_coded', $hardcoded);
$smarty->assign('user_raw', $userraw);

$smarty->assign('form', $formhtml);

// Specify the template file path, relative to htdocs/theme/raw/templates/

/* The contents of htdocs/theme/raw/templates/test.tpl should look like this:
{include file="header.tpl"}
<!-- Stuff in here is HTML except for the bits in curly braces -->

<!-- All variables printed here are run through an HTML escaping process, unless
they have the "|safe" tag. -->

<!-- Uncleaned user data shouldn't be considered safe -->

<!-- Any function in the calling PHP file's namespace can be invoked by adding
it after a "|" in the curly brackets -->

<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
{include file="footer.tpl"}