Nephtali
A PHP web framework that promotes web standards, enhances security, and stays out of your way.
Clean markup
Nephtali uses XML comments to map out dynamic regions of pages, making it very easy to work with your favorite XHTML editor and craft the markup just as you want (no sifting through PHP.)
<!--pipe:announcements-->
<!--view:default-->
<h3>Announcements</h3>
<ul>
<!--data-->
<li><h4><a href="{link}">{title}</a></h4>
<p>{description}</p>
</li>
<!--data-->
</ul>
<!--view:default-->
<!--pipe:announcements-->
Easy Ajax integration
Nephtali makes Ajax possible through progressive enhancement, but the pages remain fully functional for users without Javascript (Jeremy Keith coined the name 'Hijax' for this type of architecture.)
Nephtali makes this possible through a REST-ful API for retrieving the html fragment for dynamic regions of pages. Additionally, the API also allows you to retrieve the results of server-side form validation, removing the need to duplicate validation code.
For an example of the REST-ful retrieval of dynamic region data, view the html fragment for the announcements column on the right.
For an example of the REST-ful retrieval of form validation results, view the results of the validation of the site search form for the search term:
'supercalifragilisticexbealislkjfkdsjflsdkfsdlkfjsdkjfl...whatever'.
Nephtali includes a plugin for DOMAssistant (a great Javascript library) that makes leveraging the REST-ful API for Ajax websites as simple as calling one Javascript method.
Security
Security is not an add-on! Rather, it must inform every single decision in the development of an application, loathe complexity, and cherish simplicity. Otherwise, it won't work and it won't be used.
Nephtali's core security capabilities include:
- Input validation and XSS filtering
- Error handling for each individual dynamic region of a page.
- Session and Cookie encryption.
- Core DB objects make use of PDO prepared statements to prevent SQL injection, and the object hierarchy is composed of read-only objects (Datasources), and write objects (Actions.)
Additionally, Nephtali constitutes a relatively small, simple code base and no feature was (or will be) added without careful analysis in light of Nephtali's security directives.
Download Nephali [nephtali_0_6_5.zip (66.8 KB)] from Google Code
Announcements
-
Error messages for port validation improved
In earlier versions of Nephtali, you could either set a generic error message for all types of validation failures, or have a generic message automatically generated. Starting with Nephtali 0.6.2, you can now set the error messages directly for each type of validation failure (e.g., withFilter(), withMaxLength(), etc.
-
JSON now returned from nvalidate requests.
Nephtali allows you to validate ports individually or by port group through REST-ful calls. Now, the results are returned in JSON format making it easier than ever to parse the data for use in the page.
-
SQL transactions now integrated into Nephtali
In the latest release of Nephtali, SQL transactions have been integrated into Nephtali. Now you can process any number of SQLActions (or SQLActionGateways) as a transaction.
Sites using Nephtali
-
Nephtali
The site for information regarding the Nephtali web framework. Yep, we eat our own dogfood and love it :)
-
Mid-Michigan Ponds
By using Nephtali, the site was able to easily integrate a search and contact form.
-
Envision Internet Consulting
Portions of the website are using the Nephtali Framework to manage content side-by-side with legacy code (that's not nearly as pretty.)
-
Michigan Humanities Council
Nephtali provides the core for the CMS that works in conjunction with Dreamweaver templates to manage the site.
-
Dynamic Control Systems
The Nephtali Framework is used to provide announcments capabilities to the client and manage the email contact forms.
-
RangeListings.com
Site provides state-wide map of shooting ranges with detailed descriptions.
-
Audible Bussiness
Nephtali provides a client-side backend that allows customers to manage their accounts.