PHP MVC framework with built-in CSRF prevention
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

PHP MVC Framework


CSRF Prevention

In any form you create in a view you'll need to insert the render CSRF input method right before the submit button.

<?php echo Security::renderCSRFInput(); ?>

If the token is malformed by a malicious user or is not set the form will redirect to a 403 Forbidden status page on submission.


The MVC framework comes packaged with a home controller. This will appear as the base root of your domain url, such as

If you were to add another controller by the name of blog you would point your browser to, given that you have a index method view in place.


Views are linked by methods inside the controller class. Inside the home controller class there are 3 methods already setup; _404, index, and contact. Views act as the standalone page rendered in the browser. The base root of your domain renders the index file under the home controller, => index.

Most MVC frameworks typically display the home controller and index method view in the url, but your site tends to look better without the unnecessary baggage on the home page. We leave these out by setting a default controller of home and a default method of index when no parameters are passed in the url.

Framework Components

Components are callable methods to include in a view.

Site Title

Retrieves the current page tile.

<?php echo $get['component']->site_title(); ?>


To display a sidebar in your view you simply place this line. The argument inside the sidebar method is looking for a filename, no need to include the extension. Make sure your sidebar file(s) are placed in the template directory of your view.

<?php $get['component']->sidebar('sidebar'); ?>


Configuration files are located in the app/config/ directory. There are 3 configuration files, global.php for defining constants that will remain the same in dev and production, dev.php for defining constants in development mode, and prod.php for defining constants in production mode.