Banshee, the secure PHP framework


Banshee is a PHP website framework, which aims at being secure, fast and easy to use. It has a Model-View-Controller architecture (XSLT for the views). Although it was designed to use MySQL as the database, other database applications can be used as well with only little effort.

Ready to use modules like a forum, photo album, weblog, poll and a guestbook will save web developers a lot of work when creating a new website. Easy to use libraries for e-mail, pagination, HTTP requests, database management, images, cryptography and many more are also included.

Most software that can be used to create a website is either a framework or a CMS. The disadvantage of a framework is that it requires quite some time and work to build a website. The disadvantage of a CMS is that in many cases it requires quite some knowledge about the CMS (and hacking) to extend its functionality. Banshee has none of these disadvantages as it is more of a hybrid, a framework with CMS functionality and ready-to-use modules.


The main focus of the framework is to be secure. Several techniques have been used to prevent attacks like SQL injection, Cross-Site Scripting and Cross-Site Request Forgery. The framework also takes care of authenticating users.

Since version 1.7, a security auditing script is included to verify that changes made to the framework have not introduced a security bug.

An earlier version of Banshee has been audited by a Dutch IT security company. No issues were found.

Why Banshee?

There are a lot of PHP frameworks available. So, why should you chose Banshee? Many frameworks require a lot of documentation reading before you can start using it. While creating Banshee, special attention has been given to an easy to read and understand structure. Where possible, Banshee creates a transparent layer on top of the default PHP functionality. For example, you can use $_SESSION as you are used to. The Banshee session library takes care of the rest. To understand how Banshee works, just start reading public/index.php and everything will be clear. Promise.

What others say about Banshee

"It is really impressive! A powerful solution with all the right basics. And it is a pleasure to extend! This framework is done by someone who really knows the trade: Clear structure and secure coding, cleverly and well baked solutions. Look at the code (and compare with Drupal, Wordpress) and you know what I mean." - Frank Lewandowski


You can see an online demo here. There are two users available: 'admin' and 'user'. Both users have the password 'banshee'. You are allowed to test things by changing the content, but please behave.