When you love building everything yourself and dont want to depend on frameworks you most likely came across the need of building a login system that has the capability to let the user stay logged in into your site.

The straight forward way would be to use PHP build in _SESSION System to store login information. But this session system has a garbage collection which cleans the session data from time to time.

STAY LOGGEDIN!

First of all what you can do to lower that effect is to set the garbage interval very high:

session.gc_maxlifetime = 65535

Think this will solve your problem? Nope.

Your users will only log out later but won’t stay logged into your site.

The solution is to use own session handlers for this. I prefare to use MySQL to store session data.

Create a session.php file with this code:

<?php

define("SESSION_LIFETIME", 60*60*24*30);

final class Session
{
 private $db;
 private $lifeTime;
 public function __construct(PDO $db)
 {
  $this->db = $db;
  $this->lifeTime = SESSION_LIFETIME;
 }
 public function db_q($q, array $r)
 {
  try {
   $stmt = $this->db->prepare($q);
   $stmt->execute($r);
   $errInfo = $stmt->errorInfo();
   if($errInfo[2] != "")
   {
    var_dump("DB - qrf - error - errorInfo(): [0]: ".$errInfo[0]."\n[1]: ".$errInfo[1]."\n\n[2]: ".$errInfo[2]." (Query: ".$q."\n");
    return false;
   }
   return true;
  }
  catch(PDOException $e) {
   return false;
  }
 }
 public function db_qrf($q, $r, $f)
 {
  try {
   $stmt = $this->db->prepare($q);
   $stmt->execute($r);
   $errInfo = $stmt->errorInfo();
   if($errInfo[2] != "")
   {
    var_dump("DB - db_qrf - error - errorInfo(): [0]: ".$errInfo[0]."\n[1]: ".$errInfo[1]."\n\n[2]: ".$errInfo[2]." (Query: ".$q."\n");
   }
   return $stmt->fetchColumn($f);
  }
  catch(PDOException $e) {
   return false;
  }
 }
 function open($savePath, $sessName)
 {
  return true;
 }
 function close()
 {
  $this->gc();
  return true;
 }
 function read($sessID)
 {
  return $this->db_qrf("SELECT `session_data` AS d from sessions WHERE session_id=? AND session_expires>".time(), [$sessID], 0);
 }
 function write($sessID,$sessData)
 {
  $newExp = time()+$this->lifeTime;
  if($this->db_qrf("SELECT COUNT(*) from sessions WHERE session_id=?", [$sessID], 0) > 0)
  {
   if($this->db_q("UPDATE sessions SET session_expires=?,session_data=?,IPv4=INET_ATON(?),Useragent=? WHERE session_id=?", [$newExp, $sessData, $_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"], $sessID]))
   {
    return true;
   }
  }
  else
  {
   if($this->db_q("INSERT INTO sessions (session_id,session_expires,session_data,IPv4,Useragent) VALUES (?,?,?,?,?)", [$sessID, $newExp, $sessData, $_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"]]))
   {
    return true;
   }
  }
  return false;
 }
 function destroy($sessID)
 {
  if($this->db_q("DELETE FROM sessions WHERE session_id=?", [$sessID]))
  {
   return true;
  }
  return false;
 }
 function gc()
 {
  $c = $this->db_qrf("SELECT COUNT(*) from sessions WHERE session_expires<".time(), [], 0);
  if($c > 0)
  {
   $this->db_q("DELETE from sessions WHERE session_expires<".time(), []);
  }
  return $c;
 }
}

$db = new PDO("mysql:host=localhost;dbname=test", "root", "");
$session = new Session($db);
session_name("MYSESSION");
session_set_save_handler(array(&$session,"open"), array(&$session,"close"), array(&$session,"read"), array(&$session,"write"), array(&$session,"destroy"), array(&$session,"gc"));
session_start();

if(isset($_GET["l"]) && $_GET["l"] == "1")
{
 session_destroy();
 echo "User logged out! <a href=\"".str_replace("?l=1", "",  $_SERVER["REQUEST_URI"])."\">Login again</a>";
}
elseif(!isset($_SESSION["loggedin"]))
{
 $_SESSION["loggedin"] = true;
echo "Now logged in!";
}
elseif($_SESSION["loggedin"] == true)
{
 echo "User ist already logged in - <a href=\"".$_SERVER["REQUEST_URI"]."?l=1\">logout</a>";
}

In MySQL create DB test and execute this query:

CREATE TABLE IF NOT EXISTS `sessions` (
`session_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '',
`session_expires` int(10) unsigned NOT NULL DEFAULT '0',
`session_data` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
`IPv4` int(16) unsigned NOT NULL,
`Useragent` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

You can also use InnoDB if you want. Pick wisely because this can affect the performance of your application.

What does the code do?

First of all you need to specify a livetime value for your sessions. So if your user clicks on “Stay logged in” you will use the 30 day value (see the first lines).Then we initialize our library for the session handling which holds all functions that describe how to behave with sessions.
After everything is initialized, we start the session with a $db which has a resource that leads to our PDO instance.
After you write session_start() you can use the $_SESSION Superglobal variable as you would do normally in PHP at any position in your code. PHP will use our library which saves data to mysql instead of using PHP’s internal session system.

When executed, you will see a new record in your database:

DEMO

Try the demo: DEMO

The exam

So what can you expect when attending to the certifcate exam? A lot of PHP Questions which can be sometimes very catchy. There will be 70 single choice, multiple choice and free form questions which you will have to answer in 90 minutes. In addition, when you get multiple choice questions, you won’t get any hint that there can be one or more correct answers. You will have to know the exact answers, that makes the exam difficult to pass.

I clearly recommend, that you take the exam only, if you have enough experience in PHP and especially in OOP + the newer Features since PHP 5.3. You also have to know about all security risks which are to avoid when developing a Web App with PHP.

I bought a Voucher in May 2013 for the prior ZCE 5.3 exam and had one year to use it. In December 2013 i got the message that there won’t be any ZCE 5.3 any more and I MUST pass the ZCPE 5.5 exam in order to get my certificate. After a year of preparation, in June 2014 I passed the exam in a Vienna Test center.

And no, I did not prepare myself during the whole year for the exam – only the three weeks before I finally scheduled the exam date. (Under pressure, thanks Zend for making a 1 year Voucher validity, I probably wouldn’t take the exam without this :D)

Give me the questions11!!!!

Now after the usual blabla that you can read in every other blog you want to know how I passed the exam, right? I had the same though that you have right now reading other blog author’s posts: Which resources can help me to learn everything for the exam with the lowest effort?
Or do you rather think: Stop writing this bulls*** tell me the questions and answers or I gonna “$*$§%*% with your *§%**§” and “*%§%§* and *!”$§%*%!? (:D)
Sorry, no can do. And you won’t be able to do this after you pass (or not pass) too, because if you do, you’ll get banned for livetime from their program. And then all effort was for nothing.

1. php.net

Forget everything else. This will be your bible for the next month. You need to (at least) know the syntax while sleeping and all string / array / file / etc functions that are listed in the documentation. They will ask you which arguments does the function xyz() take. And in which order! And if you are lucky like me, you will learn the proper functions which will be asked.

Click through everything you can find on php.net when preparing for the exam, because it’s the gold of the gold you can have for your learning phase. Sometimes its also worth to look into the comment section of the manual. They really write useful stuff.

php.net
You can achieve a good start with these topics: Strings, Arrays, PDO, Streams, File Upload, SPL, Namespaces, Lambda, Traits.

Don’t forget that mysql_* is dead. (Use mysqli_* or PDO!)

2. Zend’s official FAQ

Before you begin to study, create a checklist of topics which you don’t know about and know best.
I opened Excel and created a list of all topics and marked them green, orange and red for the level of skill that I had in these things. I recommend that you do the same.

The best resource for a list of which questions will land on your exam screen can be found here: http://www.zend.com/en/services/certification/php-5-certification

Also don’t miss the FAQ which exactly describes what to do and how to do it: http://www.zend.com/en/services/certification/faq

I also found this interesting Thread from a user during my exam preparations: http://devzone.zend.com/1799/passing-the-zce-php-53-certification-exam/

3. Practice

I know its not a resource, but studing the php.net manual is not enough. I only passed the exam because I installed XAMPP on my local machine and practiced a lot, although I coded almost 12 years long in PHP. In daily business, you wont come to the “hidden” and “dark” features that PHP can provide you. And when looking at them i found out that they can be very cool in every day use too.

So go ahead, install a Web server on your machine. But don’t copy-paste anything from the manual. Write down what you want to do and execute it. And now you likely get a parse error. Pay attention to the exact syntax and you will have a milestone done right ahead.  Practice with different styles of String writing, with the “, the ‘, the HEREDOC and the NOWDOC!

4. Official study guide

The official study guide for ZCE 5.3 from Zend was originally free to download after you purchased a Voucher. They some to offer this now for a charge of $19.95 here: http://shop.zend.com/en/zend-certification/zend-php-certification-guide-pdf.html

It was really cool to have that resource because you could see the style of the exam and how they ask questions. I’m pretty sure that this new guide will offer that kind of style too.

With this guide, you can test your skills and see if you are prepared enough or not. Each topic is good described and you will get questions after every one. The answers are on the bottom of the guide which allow you to compare your results.

5. List of Links

This guy has made an effort to provide you with the links which contain the content to pass the exam: https://ranawd.wordpress.com/2011/01/17/zend-certified-engineer-zce-study-guide-links/

It’s definitely worth to stop by and pick some of these links.

6. Ultimative guide

An older, but still useful guide can be found here: http://zceguide.blogspot.com

It still contains useful links which can help you come further in your learning process.

7. Unofficial study guide

If you have knowledge gaps with the basic functionality of PHP this might be very handy for you: http://php-guide.evercodelab.com/

8. PHP the right way

Take some time, preferably 213 hours and go through http://www.phptherightway.com/ maybe you find something that you did not know before, as I did.

A last tip before you attend to you exam: Don’t stress, go to the test center, fill out the questions gentle, wait for the 90 minutes to pass.
After the 90 minutes you will get a message box which will allow you to see your result. Now your heart will beat so fast and when you see “passed” you will jump out of your seat and shout “YES”.
When you study a lot and have a bright experience in PHP, nothing bad will happen.

So as you can see there is a light at the end of the tunnel which can lead you to your beautiful PHP 5.5 certificate. But hey, if you purchase a Voucher now and wait like me for a year, you might be able to take the PHP 7 exam and become a ZCP7E (or something like that).

Sometimes errors won’t even appear when you set all directives to the right values. For example when writing something before “namespace”. (Exception the “declare” keyword.)

PHP has not only runtime options to omit errors.
But in the most cases the following code will bring them back to you:

error_reporting(E_ALL);
ini_set('display_errors', 1);

An other option is to set a .htaccess directive in the folder of your PHP script in which you want to see errors:

php_flag display_errors 0

When nothing seems to work, you will need to go into your PHP ini settings and search for the error reporting section:

error_reporting
and
display_errors

Also, look out for the following code. When it appears, it will override the error_reporting() settings:

set_error_handler();