Do not execute functions in include files

I haven't done this recently, but back in 4.4 era I attempted something similar to this for the install api.

A _lot_ of modifications were required to be able to use (for instance) the theme api without needing to have a database connection active.

It's definately not a simple problem.

For instance.. the db connection needs to be started during bootstrap, and during normal execution.

I think the better idea is to include a DRUPAL_INIT constant we can check before executing the function. (or a DRUPAL_NO_INIT .. i'm not picky).

Well, I have written something to address the issue.

Now you can include everything to your hearts content just include init.inc as well and do an appropriate drupal_bootstrap.

Alas, ATM database and bootstrap is very interwined. This interdependency could be obliterated if we'd not use variable_get('dev_query') in database.*.inc.

cvs diff -u -N -F^f against cvs.drupal.org as CVSROOT failed to include to include the two new files, so I'll include them as followups.

Hm, settings.php changes were ommited.

Following advice from darix I have now created one patch. Still, I'd like to know how could I do this with cvs.

Steef found that I had $$ in settings.php.

He also asked what's this good for. Several things, but most advantages come when you use only parts of Drupal. If you want use, say, only our forms functions then now you can include('common.inc'); without side effects. If you need the database layer, you do a include('init.inc') and call drupal_bootstrap('database')

The database layer is now totally independent of other parts of Drupal.

A very stupid bug related to variable init is fixed and I am sync'd to HEAD, so timer_init('page') is called.

Fixed drupal_bootstrap('database') -- $phase was 0 , and == FALSE fired. === FALSE is used.

Some days before I was studying the Drupal source code and it caused me headaches that it executed code via include calls. I think it is better design to not execute anything automatically in includes.

Added phpdoc and moved drupal_unpack to init.inc thus now session handler can be used independently.

Sorry but the quality of the PHPdoc is not up to standards. Please use proper punctuation, typography, line-wrapping, etc. It should also explain when/why to use this function.

I can't help but think this is ugly code. drupal_bootstrap, for example, can be written more elegantly (not tested):

function drupal_bootstrap($phase) {
  $phases = array('database', 'session', 'bootstrap', 'common');
  foreach ($phases as $step) {
    _drupal_bootstrap($step);
    if ($phase == $step) {
      break;
    }
  }
}

instead of:

function drupal_bootstrap($phase) {
  static $done = -1;

  $phase = array_search($phase, array('database', 'session', 'bootstrap', 'common'));
  if ($phase === FALSE) {
    return;
  }

  for (; $done <= $phase; $done++) {
    _drupal_bootstrap($done);
  }
}

Some code simplification in drupal_bootstrap and better PHPdoc. (Thanks Dries and Steven.)

i did a quick code review and this patch looks quite nice to me. note that it changes some of the same bits that are changed by my 'ban hosts' patch. i'm ok with committing this one first, and i will update accordingly.

- Patch breaks update.php. Might want to double-check cron.php and xmlrpc.php.

- The PHPdoc code wraps at variable width/length. Might want to tidy up that a little.

in the big case statement in drupal_bootstrap(), perhaps use defined constants instead of 0, 1, 2 ...

i think the 4 phase bootstrap is perfect.

perhaps move the code in the drupal_bootstrap('all') section to common.inc under a new function called drupal_bootstrap_all(). that makes the code a bit tidier and keeps a few lines out of init.inc which is useful. saves a bit of parsing on requests that don't use the whole framework. you could do that for the other phases as well although the benefit is smaller.

We were already using named phases (not constants), but I have renamed them now as discussed with moshe. Moved the code for the last phase (now called 'full') to common.inc. Simplified index.php -- much simpler than in previous patch, a bit simpler than pre-patch.

Following Moshe's advice to see http://talks.php.net/show/acc_php/33 , I have added a few dots before the paths.

I love the idea of this. +1 for the last (#8) patch from me. I must mention i did not test it thoroughly, hust saw that it works here! The levelled include looks great to me.

A minor thing , that I thnik would make this even better, is an additional level for feeds. Feeds need not load all the theme, blocks, and other stuff, only the nodes (items) in the feeds.

For reference, my last statistics:

Top 30 of 4679 Total URLs
#       Hits        KBytes    URL
1  22042  11.11%    2  0.00%  /cron.php
2  9418  4.75%      14742  0.60%  /favicon.ico
3  6917  3.49%      56598  2.29%  /misc/drupal.css
...
13  3272  1.65%     31790  1.29%  /node/feed

So my main feeds are the 13th most referenced URL on my sites. (the 4-12 contain a lot of odd deeplinked images, and off course /node and / )

Separating node/feed is not an easy thing, maybe impossible First off, you need most modules as nodeapi is called during this a theme call is possible. I do not see what can be omitted from 'full'.

I think this could be a next patch, if we can (which I doubt) an intermediate between 'page cache' and 'full'.

I figured it would be hard. So lets ignore my post. I will think of a way to cache it better inside node.module and taxonomy.module.

This would make things pretty simple.. When we look at the upcoming install-api, we only have todo:

drupal_bootstrap('database');

to make database access possible and ready for usage..
I cannot see anything inside the code itself which looks not right, but:

+        header('HTTP/1.0 403 Forbidden');
+        print "Sorry, ". $_SERVER['REMOTE_ADDR']. " has been banned.";
+        exit();

Shouldn't that be something like:
<?php
+ header('HTTP/1.0 403 Forbidden');
+ drupal_set_message('error', t('Sorry, %remote-address has been banned.' array('%remote-address' => $_SERVER['REMOTE_ADDR'])));
+ exit();

But, I'm not sure if this function is already known at this point of loading...

+1, I agree that this needs to go into live sooner, or we are not going to be able to get it into the next release.

This is going to require a good shake down to make sure that it is all working.

Stefan, your comment is cut, but even if it were not, that's a different issue -- I moved that code intact. So if you have some concerns over the recent deny patch, please reopen that issue.

Patch no longer works.

thanks killes. xmlrpc and cron patched.

Why do we need a init.inc AND a bootstrap.inc? IMO, these names are somewhat confusing. Can't we merge init.inc into bootstrap.inc (and keep it simple)?

Maybe rename bootstrap to something better? I do not want to merge, on of the good things in this patch that you are not forced to include bootstrap (which is 20K) only init.inc (which is only 4K).

I hate CVS.

The code comments need updating too; they mention init.inc. The documentation starts talking about 'levels' and then switches to use the word 'phases' ... I think we should call it a 'boostrap phase', or 'phase'. Is the check if ($called) return necessary? Who's going to call that function twice?

I do not know, but fix gpc magic is protected as well, so I thought I will protect mine.

CVS delenda est.

I don't think you updated your CVS repository first ...

Why do you think so? The patch applies cleanly. I do not like CVS because it is so hard to use. Can we get back the core SVN readonly mirror please?

jvandyk advised stage instead of phase. So be it.

The patch applies but does not work. For example, drupal_deny() has been renamed to drupal_is_denied(). I'll fix up your patch.

Committed to HEAD.

chx: can you double-check whether the global $conf variable is still secure? That is, make sure it can't be send using the URL or something. I believe we used to unset it explicitely.

During normal code flow, _drupal_bootstrap is called with appropriate stages, and the the first call of _drupal_bootstrap (with 'database') has an unset($conf); in it. If someone writes a helper script which includes bootstrap.inc and calls directly _drupal_bootstrap with another stage then maybe... but I think nothing will work in that case, because the database functions won't be there.

Perfect. Marking this fixed.