PicoFarad

PicoFarad is a minimalist micro-framework for PHP. Perfect to build a REST API or a small webapp.

Features

  • No dependency
  • Easy to use, fast and very lightweight
  • Only 4 files: Request, Response, Router and Session
  • License: Do what the fuck you want with that

Requirements

  • PHP >= 5.3

Router

Example for a single file webapp:

<?php

use PicoFarad\Router;
use PicoFarad\Response;
use PicoFarad\Request;
use PicoFarad\Session;

// Called before each action
Router\before(function($action) {

    // Open a session only for the specified directory
    Session\open(dirname($_SERVER['PHP_SELF']));

    // HTTP secure headers
    Response\csp();
    Response\xframe();
    Response\xss();
    Response\nosniff();
});

// GET ?action=show-help
Router\get_action('show-help', function() {
    Response\text('help me!');
});

// POST ?action=hello (with a form value "name")
Router\post_action('show-help', function() {
    Response\text('Hello '.Request\value('name'));
});

// Default action executed
Router\notfound(function() {
    Response\text('Sorry, page not found!');
})

Split your webapp in different files:

<?php

use PicoFarad\Router;
use PicoFarad\Response;

// Include automatically those files:
// __DIR__.'/controllers/controller1.php'
// __DIR__.'/controllers/controller2.php'
Router\bootstrap(__DIR__.'/controllers', 'controller1', 'controller2');

// Page not found
Router\notfound(function() {
    Response\redirect('?action=unread');
});

Example for a REST API:

<?php

// POST /foo
Router\post('/foo', function() {
    $values = Request\values();
    ...
    Response\json(['result' => true], 201);
});

// GET /foo/123
Router\get('/foo/:id', function($id) {
    Response\json(['result' => true]);
});

// PUT /foo/123
Router\put('/foo/:id', function($id) {
    $values = Request\values();
    ...
    Response\json(['result' => true]);
});

// DELETE /foo/123
Router\delete('/foo/:id', function($id) {
    Response\json(['result' => true]);
});

Response

Send a JSON response

<?php

use PicoFarad\Response;

$data = array(....);

// Output the encoded JSON data with a HTTP status 200 Ok
Response\json($data);

// Change the default HTTP status code by a 400 Bad Request
Response\json($data, 400);

Send text response

Response\text('my text data');

Send HTML response

Response\html('<html...>');

Send XML response

Response\xml('<xml ... >');

Send a binary response

Response\binary($my_file_content);

Send a raw response (no content-type)

Response\raw($content);

Force browser download

Response\force_download('The name of the ouput file');

Modify the HTTP status code

Response\status(403);

Temporary redirection

Response\redirect('http://....');

Permanent redirection

Response\redirect('http://....', 301);

Secure headers

// Send the header X-Content-Type-Options: nosniff
Response\nosniff();

// Send the header X-XSS-Protection: 1; mode=block
Response\xss()

// Send the header Strict-Transport-Security: max-age=31536000
Response\hsts();

// Send the header X-Frame-Options: DENY
Response\xframe();

Content Security Policies

Response\csp(array(
    'img-src' => '*'
));

// Send these headers:
Content-Security-Policy: img-src *; default-src 'self';
X-Content-Security-Policy: img-src *; default-src 'self';
X-WebKit-CSP: img-src *; default-src 'self';

Request

Get querystring variables

use PicoFarad\Request;

// Get from the URL: ?toto=value
echo Request\param('toto');

// Get only integer value: ?toto=2
echo Request\int_param('toto');

Get the raw body

echo Request\body();

Get decoded JSON body or form values

If a form is submited, you got an array of values. If the body is a JSON encoded string you got an array of the decoded JSON.

print_r(Request\values());

Get a form variable

echo Request\value('myvariable');

Get the content of a uploaded file

echo Request\file_content('field_form_name');

Check if the request is a POST

if (Request\is_post()) {
    ...
}

Check if the request is a GET

if (Request\is_get()) {
    ...
}

Get the request uri

echo Request\uri();

Session

Open and close a session

The session cookie have the following settings:

  • Cookie lifetime: 2678400 seconds (31 days)
  • Limited to a specified path (http://domain/mywebapp/) or not (http://domain/)
  • If the connection is HTTPS, the cookie use the secure flag
  • The cookie is HttpOnly, not available from Javascript

Example:

use PicoFarad\Session;

// Session start
Session\open('mywebappdirectory');

// Destroy the session
Session\close();

Flash messages

Set the session variables: $_SESSION['flash_message'] and $_SESSION['flash_error_message']. In your template, use a helper to display and delete these messages.

// Standard message
Session\flash('My message');

// Error message
Session\flash_error('My error message');