Download the PHP package omarelgabry/miniphp without Composer

On this page you can find all versions of the php package omarelgabry/miniphp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of omarelgabry/miniphp

Informations about the package miniphp

miniPHP

miniPHP

Build Status Scrutinizer Code Quality Code Climate Dependency Status

Latest Stable Version License

A small, simple PHP MVC framework skeleton that encapsulates a lot of features surrounded with powerful security layers.

miniPHP is a very simple application, useful for small projects, helps to understand the PHP MVC skeleton, know how to authenticate and authorize, encrypt data and apply security concepts, sanitization and validation, make ajax calls and more.

It's not a full framework, nor a very basic one but it's not complicated. You can easily install, understand, and use it in any of your projects.

It's indented to remove the complexity of the frameworks. Things like routing, authentication, authorization, manage user session and cookies, and so on are not something I've invented from the scratch, however, they are aggregation of concepts already implemented in other frameworks, but, built in a much simpler way, So, you can understand it, and take it further.

If you need to build bigger application, and take the advantage of most of the features available in frameworks, you can see CakePHP, Laravel, Symphony.

Either way, It's important to understand the PHP MVC skeleton, and know how to authenticate and authorize, learn about security issues and how can you defeat against, and how to build you own application using the framework.

Documentation

Full Documentation can be also found here — created by GitHub automatic page generator.

Index

Demo

A live demo is available here. The live demo is for the demo application built on top of this framework in this @Everterstraat.

Some features mighn't work in the demo.

Installation

Install via Composer

Routing

Whenever you make a request to the application, it wil be directed to index.php inside public folder. So, if you make a request: . This will be splitted and translated into

In fact, htaccess splits everything comes after and adds it to the URL as querystring argument. So, this request will be converted to: .

Then Class, Inside , will split the query string into controller, action method, and any passed arguments to action method.

In Class, Inside , it will instantiate an object from controller class, and make a call to action method, passing any arguments if exist.

Controller

After the Class intantiates controller object, It will call method, which in turn will trigger 3 consecutive events/methods:

  1. : Use it to load components
  2. : Perform any logic actions before calling controller's action method
  3. : Trigger startup() method of loaded components

The constructor of Class shouldn't be overridden, instead you can override the & methods in the extending classes.

After the startup process of the constrcutor finishes it's job, Then, the requested action method will be called, and arguments will be passed(if any).

Components(Middlewares)

Components are the middlewares. They provide reusable logic to be used as part of the controller. Authentication, Authorization, Form Tampering, and Validate CSRF Tokens are implemented inside Components.

It's better to pull these pieces of logic out of controller class, and keep all various tasks and validations inside these Components.

Every component inherits from the base/super class called . Each has a defined task. There are two components, one for called Auth for Authentication and Authorization, and the other one called Security for other Security Issues.

They are very simple to deal with, and they will be called inside controller constructor.

Authentication

Is user has right credentials?

Session

The AuthComponent takes care of user session.

Cookies

Authorization

Do you have the right to access or to perform X action?. The Auth Component takes care of authorization for each controller. Thus, each controller should implement method. What you need to do is to return value.

So, for example, in order to check if current user is admin or not, you would do something like this:

If you want to take it further and apply some permission rules, There is a powerful class called responsible for defining permission rules. This class allows you to define "Who is allowed to perform specific action method on current controller".

So, for example, in order to allow admins to perform any action on notes, while normal users can only edit their notes:

Now, you can check authorization based on user's role, resource, and for each action method.

Security

The SecurityComponent takes care of various security tasks and validation.

HTTP Method

It's important to restrict the request methods. As an example, if you have an action method that accepts form values, So, ONLY POST request will be accepted. The same idea for Ajax, GET, ..etc. You can do this inside method.

Also if you require all requests to be through secured connection, you can configure the whole controller, or specific actions to redirect all requests to HTTPS instead of HTTP.

Domain Validation

It checks & validates if request is coming from the same domain. Although they can be faked, It's good to keep them as part of our security layers.

Form Tampering

Validate submitted form coming from POST request. The pitfall of this method is you need to define the expected form fields, or data that will be sent with POST request.

By default, the framework will validate for form tampering when POST request is made, and it will make sure the CSRF token is passed with the form fields. In this situation, if you didn't pass the CSRF token, it will be considered as a Security thread.

CSRF Tokens

CSRF Tokens are important to validate the submitted forms, and to make sure they aren't faked. A hacker can trick the user to make a request to a website, or click on a link, and so on.

They are valid for a certain duration(>= 1 day), then it will be regenerated and stored in user's session.

CSRF validation is disabled by default. If you want to validate the CSRF token, then assign to as shown in the example below. CSRF validation will be forced when request is POST and form tampering is enabled.

Now, You do not need to manually verify the CSRF token on every requests. The Security Component will verify token in the request versus the token stored in the session.

CSRF tokens are generated per session. You can either add a hidden form field, or in the URL as query parameter.

Form

URL

JavaScript

You can also assign the CSRF token to a javascript variable.

htacess

Turn on/off Components(Middlewares)

Sometimes you need to have a control on these components, such as when want to have a Controller without Authentication or Authorization, or a Security component is enabled. This can be done by override method inside your Controller class, and load only needed Components.

Example 1: Don't load any component, no authentication or authorization, or security validations.

Example 2: Load Security, & Auth component, but don't authenticate and authorize, just in case you want to use the Auth component inside the action methods. LoginController is an example on how to access a page without require a logged-in user.

Example 3: Load Security, & Auth component, and authenticate user & authorize for the current controller. This is the default behavior in the core/Controller Class

Views

Inside the action method you can make a call to model to get some data, and/or render pages inside views folder

Models

In MVC, the model represents the information (the data) and the business rules; the view contains elements of the user interface such as text, form inputs; and the controller manages the communication between the model and the view. Source

All operations like create, delete, update, and validation are implemented in model classes.

In Notes Model

Login

Using the framework, you would probably do login, register, and logout. These actions are implemented in app/models/Login & app/controllers/LoginController. In most situations, you won't need to modify anything related to login actions, just understand the behaviour of the framework.

NOTE If you don't have SSL, you would better want to encrypt data manually at Client Side, If So, read this and also this.

User Verification

Whenever the user registers, An email will be sent with token concatenated with encrypted user id. This token will be expired after 24 hour. It's much better to expire these tokens, and re-use the registered email if they are expired.

Passwords are hashed using the latest algorithms in PHP v5.5

Forgotten Password

If user forgot his password, he can restore it. The same idea of expired tokens goes here.

In addition, block user for certain duration(>= 10min) if he exceeded number of forgotten passwords attempts(5) during a certain duration(>= 10min).

Brute Force Attack

Throttling brute-force attacks is when a hacker tries all possible input combination until he finds the correct password.

Solution:

Captcha

CAPTCHAs are particularly effective in preventing automated logins. Using Captcha an awesome PHP Captcha library.

Block IP Address

Blocking IP Addresses is the last solution to think about. IP Address will be blocked if the same IP failed to login multiple times using different credentials(>=10).

Database

PHP Data Objects (PDO) is used for preparing and executing database queries. Inside Class, there are various methods that hides complexity and let's you instantiate database object, prepare, bind, and execute in few lines.

Encryption

Class is responsible for encrypting and decryption of data. Encryption is applied to things like cookies, User ID, Post ID, ..etc. Encrypted strings are authenticated and they are different every time you encrypt.

Validation

Validation is a small library for validating user inputs. All validation rules are inside Class.

Usage

Errors and Exceptions

Class is responsible for handling all exceptions and errors. It will use Logger to log errors. Error reporting is turned off by default, because every error will be logged and saved in app/logs/log.txt.

If error encountered or exception was thrown, the application will show System Internal Error(500).

Configurations(php.ini)

Logger

A place where you can log anything and save it to app/log/log.txt. You can write any failures, errors, exceptions, or any other malicious actions or attacks.

Email

Emails are sent using PHPMailer via SMTP, another library for sending emails. You shouldn't use function of PHP.

Configurations

In app/config, there are two files, one called config.php for main application configurations, and another one for javascript called javascript.php. The javascript configurations will be then assigned to a javascript variable in your footer.php.

JavaScript

In order to send request and recieve a respond, you may depend on Ajax calls to do so. This framework is heavily depends on ajax requests to perform actions, but, you still can do the same thing for normal requests with just small tweaks.

In public/main.js

config object is assigned to key-value pairs in footer.php. These key-value pairs can be added in server-side code using , which will be assigned then to config object.

ajax A namespace that has two main functions for sending ajax request. One for normal ajax calls, and another for for uploading files.

helpers A namespace that has variety of functions display errors, serialize, redirect, encodeHTML, and so on

app A namespace that's used to initalize the whole javascript events for the current page

events A namespace that's used to declare all of events that may occure, like when user clicks on a link to create, delete or update.

Application(Demo)

Intro

In order to show how to use the framework in a real-life situation, the framework comes with implementation for features like Manage User Profile Management, Dashboard, News Feed, Upload & Download Files, Posts & Comments, Pagination, Admin panel, Manage System Backups, Notificatons, Report Bugs, ...etc.

Installation

Steps:

  1. Edit configuration file in app/config/config.php with your credentials

  2. Execute SQL queries in _installation directory in order

  3. Login

EMAIL SETUP

You need to configure your SMTP account data in app/config/config.php. But, If you don't have SMTP account, then you save emails in app/logs/log.txt using Logger.

To do that, In core/Email, comment & uncomment

User Profile

Every user can change his name, email, password. Also upload profile picture (i.e. initially assigned to default.png).

Update & Revoke User Email

Whenever user asks to change his email, a notification will be sent to user's old email, and the new one.

The notification sent to old email is giving the user the chance to revoke email change, while the notification sent to new email is asking for confirmation. User can still login with his old email until he confirms the change.

This is done in , In methods , , & . In most situations, you won't need to modify the behavior of these methods.

Files

You can upload and download files.

Upload

Download

Configurations(php.ini)

News Feeds, Posts & Comments

Think of News Feed as tweets in twitter, and in Posts like when you open an Issue in Github.

They are implemented on the top of this framework.

Admin

Admins can perform actions where normal users can't. They can delete, edit, create any newsfeed, post, or comment. Also they have control over all user profiles, create & restore backups.

Users

Only admins have access to see all registered users. They can delete, edit their info.

Backups

In most of the situations, you will need to create backups for the system, and restore them whenever you want.

This is done by using mysqldump to create and restore backups. All backups will be stored in app/backups.

Notifications

Did you see the red notifications on facebook, or the blue one on twitter?. The same idea is here. But, It's implemented using triggers instead. Triggers are defined in _installation/triggers.sql.

So, whenever user creates a new newsfeed, post, or upload a file, this will increment the count for all other users, and will display a red notification in navigation bar.

Report Bugs

Users can report Bugs, Features & Enhancements. Once they submitted the form, an email will be sent to defined in app/config/config.php

ToDo Application

Let's say you want to build a simple ToDo Application. Here, I will go step by step on how to create a ToDo App using the framework with & without Ajax calls.

(1) If you followed the installtion setup steps above, you shouldn't have any problem with creating initial user accounts.

(2) Create a table with id as INT, content VARCHAR, user_id as Foreign Key to table

(3) Create TodoController

Create a file called inside app/controllers

(4) Create Note Model Class called in app/models

(5) Inside views/

(a) Create & inside views/layout/todo

(b) Inside views/ Create todo folder that will have , which will contain our todo list.

(6) JavaScript code to send ajax calls, and handle respond

Support

I've written this script in my free time during my studies. This is for free, unpaid. I am saying this because I've seen many developers acts very rude towards any software, and their behavior is really frustrating. I don't know why?! Everyone tends to complain, and saying harsh words. I do accept the feedback, but, in a good and respectful manner.

There are many other scripts online for purchase that does the same thing(if not less), and their authors are earning good money from it, but, I choose to keep it public, available for everyone.

If you learnt something, or I saved your time, please support the project by spreading the word.

Contribute

Contribute by creating new issues, sending pull requests on Github or you can send an email at: [email protected]

Dependencies

License

Built under MIT license.

All versions of miniphp with dependencies

PHP Build Version
Package Version
Requires php Version >=5.5.0
phpmailer/phpmailer Version ~5.2
gregwar/captcha Version ~1.0.12
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package omarelgabry/miniphp contains the following files

Loading the files please wait ....