stonedz / pff2
A simple yet robust PHP MVC framework
Installs: 550
Dependents: 9
Suggesters: 0
Security: 0
Stars: 1
Watchers: 5
Forks: 5
Open Issues: 2
Type:pff2-core
pkg:composer/stonedz/pff2
Requires
- php: >=8.1
- ezyang/htmlpurifier: *
- mobiledetect/mobiledetectlib: 4.8.*
- pimple/pimple: ~3.5
- symfony/console: ~7
- symfony/mailer: ~7
- symfony/yaml: ~5.3
Requires (Dev)
- codeception/codeception: ^5.3
- phpstan/phpstan: ^1.12
- phpunit/phpunit: ^11.5
- rector/rector: ^1.2
- stonedz/pff2-doctrine: 4.0.x-dev
- dev-master
- v4.1.5
- v4.1.4
- v4.1.3
- v4.1.2
- v4.1.1
- v4.1
- 4.0.x-dev
- v3.0.2
- v3.0.1
- v3.0.0
- v2.7.1
- v2.7.0
- v2.6.9
- v2.6.8
- v2.6.7
- v2.6.6
- v2.6.5
- v2.6.4
- v2.6.3
- v2.6.2
- v2.6.1
- v2.6.0
- v2.5.0
- v2.4.9
- 2.4.8
- v2.4.7
- v2.4.6
- v2.4.5
- v2.4.4
- v2.4.3
- v2.4.2
- v2.4.1
- v2.4.0
- v2.3.15
- v2.3.14
- v2.3.13
- v2.3.12
- v2.3.11
- v2.3.10
- v2.3.9
- v2.3.8
- v2.3.7
- v2.3.6
- v2.3.5
- v2.3.4
- v2.3.3
- v2.3.2
- v2.3.1
- v2.3.0
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.5
- v2.1.4
- v2.1.3
- v2.1.2
- v2.1.1
- v2.1.0
- v2.0.12
- v2.0.11
- v2.0.10
- v2.0.9
- v2.0.8
- v2.0.7
- v2.0.6
- v2.0.5
- v2.0.4
- v2.0.3
- v2.0.2
- v2.0.1
- v2.0.0
- v2.0.0-beta19
- v2.0.0-beta18
- v2.0.0-beta17
- v2.0.0-beta16
- v2.0.0-beta15
- v2.0.0-beta14
- v2.0.0-beta13
- v2.0.0-beta12
- v2.0.0-beta11
- v2.0.0-beta10
- v2.0.0-beta9
- v2.0.0-beta8
- v2.0.0-beta7
- v2.0.0-beta6
- v2.0.0-beta5
- v2.0.0-beta4
- v2.0.0-beta3
- v2.0.0-beta2
- v2.0.0-beta1
- v2.0.0-alpha5
- v2.0.0-alpha4
- v2.0.0-alpha3
- v2.0.0-alpha2
- v2.0.0-alpha
- v1.0.0-beta7
- dev-dev
This package is auto-updated.
Last update: 2026-02-20 10:32:36 UTC
README
Pff2 is a lightweight MVC framework for PHP 8.1+.
Quick start (Composer)
- Create a new project directory and add
stonedz/pff2tocomposer.json. - Install dependencies:
composer install
- Scaffold app files:
vendor/bin/init
- Your project entry point is generated from
resources/site_skeleton/index.php.
Generated development files include:
development/compose.yamldevelopment/nginx.confdevelopment/PHP.Dockerfile
Quick start (Docker)
The canonical development compose file is:
development/compose.yaml
Run:
docker compose -f development/compose.yaml up --build
Default service endpoints from this setup:
- Web:
http://localhost:8081 - Mailcatcher UI:
http://localhost:1080 - MariaDB:
localhost:33061
Installation notes
- Composer install no longer auto-creates app symlinks; run
vendor/bin/initexplicitly. vendor/bin/updaterefreshes framework-controlled generated files (for existing projects), including Docker dev files indevelopment/.- Generated writable folders now default to
775permissions (instead of777). vendor/bin/initandvendor/bin/updateskip optional copies when source files are not present, avoiding noisycp: cannot staterrors.
Security defaults
Pff2 now uses safer defaults in the app skeleton:
- Exception details are configurable via
show_exception_detailsand should be disabled in production. - Session/cookie hardening options are available in
app/config/config.user.php:security_cookie_httponlysecurity_cookie_samesitesecurity_cookie_securesecurity_session_strict_mode
- Auth module default hashing is
password_hash/password_verify(legacymd5/sha256remain deprecated compatibility paths).
Upgrade notes
- Mail module has migrated from SwiftMailer to Symfony Mailer.
swiftmailer/swiftmaileris removed from dependencies.- Existing
mail/module.conf.yamlkeys (Type,Host,Port,Username,Password,Encryption) continue to work. sendMail(...)API remains available and returnstrueon success,falseon transport failure.
- If your app still uses auth
passwordType: md5orsha256, plan migration topassword_hash.
Notes on templates
PHP views are the recommended template path for new apps. Smarty templates are considered legacy/best-effort support.
Documentation
Additional details: Wiki