Try typing something into the site's url.. eg: http://phpneoform.com/hello_there/how_are_you.html

$GLOBALS['url_arr']:
Array
(
)
				

$_GET:
Array
(
)
				

The PHP.neoform framework is divided up into modules called 'packages'. Each package can be installed/updated/uninstalled through a simple web interface accessible by the backend administration area. A package can be a web forum, blogging pages or something really simple like a database table that gives the site extra functionality. Each package operates independent of each other, but gets tied together into the system through 'structures' and 'widgets/sandboxes'.

A structure in essence is a page (dynamic or static). If you access the URL http://phpneoform.com/account/ you're accessing the 'account/' structure, which is tied to a file stored in the 'system' package. If I were to access the URL http://phpneoform.com/account/some_additional_directory/ the same structure will be called by the system, since the account/ does not have a child structure called some_additional_directory/. What this does, is allow for very human readable URLs (also very SEO friendly), while allowing dynamic content to be generated with a static looking URL.

Widgets and Sandboxes tie packages together by giving each one space to put code into each other. A sandbox is a placeholder where you can place widgets, and have them appear in a certain order on the page. When I embed a sandbox into a given structure's code I give access to that space to any other package that wants to place widgets in that area. This makes for a very unified site that shares functionality. e.g. If I have a 'profiles' package that shows details on a given user and I also have an 'images' package that displays photos uploaded by a user, the photos package would be able to create and place a widget on a user's profile page showing all that user's photos, thereby bringing the two packages together.

PHP.neoform comes with built in user login and and permission authentication. When a user is logged in, he/she is only capable of accessing a structure that he/she has permission to access. If permission is not granted, the last available structure is displayed instead.

e.g. http://phpneoform.com/admin/ is the administrative backend struture. if a user does not have the 'admin' permission, he/she will not be able to view any pages in admin/, instead, the user will see the content from the page http://phpneoform.com/ as if the admin/ doesn't even exist.

Permissions are also inherited.

e.g. http://phpneoform.com/admin/settings/ is a child structure of admin/. settings/ currently requires the permission 'control', and since the admin/ structure requires the permission 'admin', anyone accessing the settings/ structure must have both 'admin' and 'control' permissions.

To give the site administrators more control over the people that use/access the site, there are a number of tools built in to the framework.

• User email domain whitelist/blacklists. Preloaded with a list of disposable email services.
• Username word blacklisting. Preloaded with offensive/deceptive words.
• Activity logging. Showing what a given user has been recently doing.
• Require user email verification.
• Require revalidation of user email and password on timed intervals (e.g. every 3 months the user's password needs to be changed)
• User banning. Allows the admin to write a message/reason to the user being banned.
• IP banning. Allows the admin to write a message/reason to the user being banned.
• User notification. Send a user a message that he/she must read before continuing access to the site.
• Bad login attempt tracking. Any repeated login failure by a given IP, or on a given user account will be recorded. Upon numerous failures, the administrator will be emailed that there has been a possible hack attempt.
• Country-wide IP whitelist/blacklist.
• Built in customizable captcha that tracks bad entries. Reapeated captcha entry failure by a given user/IP gets logged and administrators receive email notification.

The framework has a number of built in 'developer tools' that help programmers create packages quickly and easily. When creating a package, you can do so manually (through the database) or through the 'Package Editor'. The package editor will automatically generate a number of files for you based on the information you give it. As a rule every package requires a few files:

• Directory named after the package (no spaces, lowercase)
• defined.php (contains detailed information on the package)
• functions directory (where common package functions are stored)
• common.php in the functions directory (automatically loaded when a given package is loaded)
• widgets directory (where a package's widgets are stored)
• panels directory (where you store account panels and dashboard panels)

Everything else (including structure file arrangement) is up to you. I like organizing them in 'show' and 'action' directories.

The defined.php is a critical file for a package. This file gets loaded whenever a user access his/her account page and it gets loaded on every administrative backend page. It contains:

• Settings information
• User Account settings panels
• Admin Dashboard panels
• Admin Sidebar panels

To help you create an installer for your package, you can use the 'Package Exporter' along side the 'Structures Exporter' (xml output) and 'Widgets/Sandboxes Exporter' (xml output).

Here are a quick rundown of the standard functions that are automatically included in every structure that gets called on the site:

• ri($local_filepath [, $package_name]) (require include, this will include [once] a file, or show the user a friendly error. $package_name defaults to the current structure's package name)
• rt($template_set_name) (the name of the template set for the loaded package)
• rf($function_name [, $package_name]) (require function, this will include [once] a function file, or show the user a friendly error. All functions are found in each package's 'functions' directory. Each function file must be named the same as the function contained within the file, otherwise there will be a lot of confusion as to what the function file contains. $package_name defaults to the current structure's package name)
  Note: common.php is a default file found in each package's functions directory. Whenever a structure is loaded, the corresponding common.php is loaded prior to the structure file being loaded, this allows you to have commonly accessed functions be easily accessible to every structure in a given package.
• make_bounce([$overwrite=true [, $url='']]) (creates a cookie with the URL of the last loaded page, $_SERVER['HTTP_REFERER']. This is used in connection with bounce_user() when you want to have a user be redirected back to a given page after a given action (e.g. fill out a form, then send them back to the page they came from)
• bounce_user() (this loaded the cookie set by make_bounce() then redirects the user's browser to that url.)
• bounce_back() (simmilar to bounce_user, except it does not use cookies, instead it simply sends the user back to the page they just came from, without using browser caching since it's a redirect, not a javascript)
• safe_string($str [, $trim = true [, $write = false]]) (instead of typing $GLOBALS['sql']->current->real_escape_string($str) while working with mysql queries, this will use the charset of the last used connection. $trim automatically passes the $str through trim(), which removes whitespaces from the beginning/end of the string. $write makes sure to use the charset of the master server if active.)
• create_password($password, $salt, $hash_type) (the method used for encrypting passwords on the site)
• cookie_make($name, $value [, $life = false]) (wrapper to easily create cookies. $name is the cookie name, $value is the value assigned to the cookie, $life is the length in seconds that the cookie will exist. If life is not set, the default length will be used. If set to 0 the cookie will expire when the window is closed. Like any other cookie, you must run this function prior to sending head outputs.)
• cookie_kill($name) (the name of the cookie to be deleted)
• cookie_get($name) (returns the value of a cookie. The function automatically checks if the value is set, returns null if it isn't.)
• hd([$url='']) (Redirect the browser to another url, and terminates the script with a die() command. $url should be a local page [do not include domain name as this function auto includes the URL constant], if $url is not set the page will redirect to the home page)
• make_url_string($str [, $max_length = 255 [, $filter = "[^A-Za-z0-9\_\-]"]]) (Create a string that can be used as a structure name.)
• make_timestamp($datetime) (creates a unix timestamp from a MySQL datetime timestamp)
• make_mysql_timestamp($time) (creates a MySQL friendly timestamp from a unix timestamp)
• nice_date($datetime [, $format = false]) (converts a MySQL timestamp into a readable date/time based on site/user settings. It also incorporates the user's timezone if set in their settings.)
• ip_encode($ip_string) (converts an IP string into a 10 digit unsigned INT, usefull for storing IPs in db)
• ip_decode($ip_int) (converts an 10 digit unsigned IP INT into string, usefull when storing IPs in db)
• ref_code([$get=false]) (returns a ref_code value to be put into a URL. THis is used in conjunction with ref_check() in order to stop certain types of XSS attacks since it verifies the ref_code passed to the ref_code set in the user's cookies. Put ref_code() in the URL of a script, then put ref_check() at the beginning of the script being called by that URL and the site will verify the user isn't being tricked into going to that page.
  
  [e.g. http://www.domain.com/structure/?rc=BUc4pVaR%2FQVgJPjlSX0108hdfU2sH%2FfPuHgbdQ1%2FjF7qf9qFZkg2IQvJ58nMk3z6GAyxOW%2Bf7XIFkztZacVEQg%3D%3D]
  ref_check() must be active in the site settings for this to work. )
• ref_check([$die_on_failure = false]) (verify the ref_code() value)
• gus($structure_number) (Gets a given URL structure value from the $GLOBALS['url_arr'] based on the integer passed. If not set, null is returned.)
• gpn($structure_number) (same as gus(), except it is only meant to be used on URL structures that are formatted as 'pageXXX' where 'XXX' is the integer returned. This function will always return a positive integer greater than 0.)
• ng($name) (simple wrapper for: isset($_GET[$name]) ? $_GET[$name] : null;)
• np($name) (simple wrapper for: isset($_POST[$name]) ? $_POST[$name] : null;)
• hr($str) (simple wrapper for: htmlspecialchars(rawurlencode($str)))