the secure PHP framework


14 August 2014, 17:01
Not like anybody cares, but version 4.2 of the Banshee PHP framework has been released.
15 August 2014, 07:47
Hi Hugo,

I care.

I however am kind of a noob with the stacks of server and web related layers.. I compiled Hiawatha and added banshee and fiddled with the monitor server/client some. I liked it however had to get back on track (evaluating wiki solutions) and had sort of settled on MoinMoin, and thus really needed to focus on if I could manage to get a reasonably lightweight setup for a very low spec VPS.

Prone to wandering off on tangents, I'd sunk many more hours, days, weeks on other things (node, python, WSGI, fetchmail, etc, etc.) and now I am back to your work, which I appreciate as best I can being somewhat overwhelmed by all the 'toys' I find to tinker with.

I've since been messing around with SCM applications and now back to my wiki notes again, tangent back to Hiawatha + Banshee, and maybe will try a DocuWiki setup with Hiawatha.

I don't suffer from attention deficit disorder AFAIK.. Just that there is so many interesting things to persue and they all seem to be intertwined.
Hugo Leisink
15 August 2014, 20:38
Thanks for your feedback!
19 August 2014, 10:51
You are welcome.

Early on I bought a control panel to facilitate hosting on a linux machine. While it serves well for hosting others, and did ease me into learning server admin, It adds it own complexities too.

Slowly I am making up for the quick and dirty dive into hosting by doing all by CLI and working on some very low cost VPS and at home on old notebook computers with BSD and linux.

Software such as Hiawatha and Banshee are great for this re-start of my learning from this new approach. At my stage of the game, looking at stuff like Zope offers a split between challenge and headaches.

Anyhow, IIRC you wrote Hiawatha (banshee too?) since existing solutions weren't to your liking or needs. Assuming that is still accurate, I hope my notice and appreciation of your work is enough to satistfy whatever level of external pat on tha back you seemed to be fishing for.

I've been writing software since the early 70's and although some were also shared and/or sold it always was, and is for my own pleasure, needs and learning. Sadly, I won't live long enough to learn all that I would like even if limited to just the computer related presuits.
Hugo Leisink
19 August 2014, 11:02
I'm not fishing for any pat on the back. I really don't care how many people use my software. I mainly make it for myself and a friend. It's just that Banshee has not many users. So, I didn't knew what to write in the blog post and that was the first and only thing that came into my mind.
21 August 2014, 00:06
People need the occasional slap at the back or the finger straight up the ... Just to keep them going.

Hugo. I am working on a prototype "Banshee Framework with Twitter Bootstrap". Are you interested?
21 August 2014, 01:25
@Hugo - I understand now and am glad that I read too much into your opening statement.
Hugo Leisink
21 August 2014, 19:10
@René: Sure, but no promises that I will do something with it. But I'd like to see how you combine Banshee and Bootstrap.
21 August 2014, 20:54
Ok, expect the prototype next week in your mailbox.
1 September 2014, 12:12
I also want to see it!
1 September 2014, 16:02
Who said that...
3 September 2014, 13:57
@René It was me! :-)

I installed Banshee for the first time in my life.

The layout looks a bit wrong. No css.

/css/banshee/layout_pluralism.css <-- not found

/public/css/banshee/layout_pluralism.css <-- found

Can I move the contents of public to DocRoot and delete everything that was in banshee root folder?
3 September 2014, 14:15
I copied the css folder to DocRoot because I thought index.php is looking there for the layout but still not working (/css/banshee/layout_pluralism.css).

I guess this CMS is a bit too advanced for me.
Hugo Leisink
3 September 2014, 14:16
The DocRoot should be the public directory.
3 September 2014, 14:20
Hi Hugo,

I'm on shared web hosting. I can't change the DocRoot. It is public_html. Will try to copy everything from the folder "public" to "public_html" and try again.
3 September 2014, 14:35
No luck. The script works fine though. It's only css that fails on my webspace.
3 September 2014, 15:26
Solved it :-)

I copied the contents from folder "public" to "public_html".
The rest is in my home directory. Now it works. :-)

Is this OK or do I have to make some more changes?
Hugo Leisink
3 September 2014, 15:43
If it works, it's ok. I already thought you had done that (your post at 14:20).
3 September 2014, 17:47
@Me. You are John?
Hugo Leisink
3 September 2014, 17:48
Are you talking to yourself??
3 September 2014, 17:54
I expected that...
Hugo Leisink
3 September 2014, 17:57
You know me. Oh, wait, you don't...
3 September 2014, 18:19
I only know your presence on the internet.
25 September 2014, 16:18
Hi Hugo,

I've been trying to email you but I keep getting an error about TLS on your side. Don't worry about it - I'll have another go.

I want to use Banshee. As you well know I use Hiawatha exclusively. Go to and you will see what I see. Empty DB. I was doing everything in a massive rush yesterday so I predict I have overlooked something. I have setup Banshee before but I'm getting no joy this time. I have put the MySQL server details where required but can't seem to run the script to populate the tables. Should that be run from the CLI?

Thanks as always,


PS - sorry if I'm trying your patience.
Hugo Leisink
25 September 2014, 16:21
Hi Patrick, no worries about my patience. I have plenty.

You can use either the extra/setup_database script via the command line or use a tool like phpMyAdmin to import the file database/mysql.sql directly into your database. Your choice.
25 September 2014, 16:38
That was fast!

Thanks Hugo. That's what I thought (really!).

I have three sites lined up to use Banshee. My work pushes things at me unexpectedly, same as everyone I guess. Expect an email soon.
3 October 2014, 10:09
Hi again Hugo,

I have been playing with Banshee and the more I do, the more I like it.

Theming is my next question. I could reverse engineer it but thought I'd ask you first. I can theme a Concrete5 site in a morning, essentially copying a few bits of php code into HTML and saving as a php. What would you advise as the best first step into theming Banshee?


3 October 2014, 14:10
Got it figured out.

Nice and simple.
Hugo Leisink
3 October 2014, 14:11
That's good to hear!
Dotan Cohen
31 October 2014, 12:48
Hi Hugo, I just discovered Banshee and it seems to be pretty much what I'm looking for in a PHP CMS. Some things concern me which perhaps you could address:
1) No readily-identifiable issue tracker
2) No readily-identifiable user group / mailing list
3) Release announcements that begin with "Not like anybody cares, but..." add to the other two issues to give the appearance that this is not a viable project.

Note that you don't have to convince me, I'm sold and I'll probably start using Banshee. However if you have a goal of attracting users (which might not be your goal) then I would suggest addressing these issues.

This is constructive criticism, with the intent of helping, not disparaging.
Hugo Leisink
31 October 2014, 13:26
Hi Dotan,

Thanks for your feedback. Let me first take away your concerns: Banshee is viable. Web technology is a hobby of mine and will probably always be. I use Banshee for every website I create. A good friend of mine is a professional web developer and he also uses it for his work.

1) No, there is no issue tracker. Believe it or not, there haven't been any serious issue. A long time ago, I had a forum for this website which users could use to ask questions and report issues. The forum was mainly used by spammers and a few asked a few questions about configuration.
2) Also, no user group and or mailing list. Banshee is not used by many. Perhaps 5 or 10 maybe.
3) As stated above, although Banshee has not many users, it is viable.

In the past, I've done my best to make Banshee more known. But people don't want to use or even try it, because it's not Wordpress / Joomla / Drupal / some other big CMS. The same goes for Hiawatha, another web related project of mine which also focusses on security. Even with Heartbleed, Slowloris, the numerous Wordpress vulnerabilities, the latest Drupal vulnerability, people don't care about security. All the want is some nice shiny interface or simply the stuff they are familiar with. I've come to the point that I no longer care. I'm fine with the world messing around with IT. When shit like Heartbleed and the latest Drupal SQLi happens, I just laugh and move on.
12 December 2014, 16:57
Hi Hugo,

I'm interested by Free Software and I found that Hiawatha and Banshee fits most of my needs as a free(as in freedom) and secure webserver and php framework solution, thank you for the great job.

But in the same time, I find that some things are missing:

1) Banshee requires using OOP and other complicated stuff
with XSLT, please make it more simpler to support non-oop php
2) Using copylefted license which in the same permits
its incorporation into proprietary code is important for
PHP Frameworks to be better maintained, featured and more
free. so I recommend using LGPLv3 for banshee.

Hugo Leisink
12 December 2014, 21:47
Hi Kais. Thanks for your feedback.

1) OOP and XSLT aren't really that complicated. Once you understand the idea of OOP, I'm sure you'll like it. And XSLT, I learned all I need to know about it to use it in Banshee in an hour.

2) I stick with the current license. I don't wish for Banshee to be more known and used, because that would only cost me more support time. I make it for myself and share what I have. And I don't like the idea of other people making money while I did all the work.
12 December 2014, 23:12

I agree with you, but I don't think of using OOP languages since it's the latest choice for me as programming languages.

so is there any nonOOP PHP framework, which can be a good alternative to Banshee?
14 December 2014, 11:50
Maybe my question seems little-bit stupid,
anyway since Banshee is great, I will not cross my arms waiting for other solution
and I'm going to write my own wrapper to use Banshee without OOP.
and it's OK for XSLT, I will try to learn it.

also, I was meaning by 'proprietary code' not a commercial nonfree derived
work, but I mean instead the legal use of the framework in my own website
php code which i must not publish for security reason,
I don't have any money purpose when talked about LGPLv3,
and I discovered that you have right when you disagree with LGPL for php
framework since proprietary software companies can take advantage
to use it in their nonfree proprietary software,
and lately I discovered that GPL licensed php code can be linked with your
own website private php code, so that GPL is the best choice as a license
for PHP frameworks and not LGPL or other licenses.

there is no problem whether Banshee stays licensed under its own license or
under GPL.
but in the same time I want that Banshee will be always better maintained
, fast and secure.
Hugo Leisink
14 December 2014, 12:48
The reason for not choosing GPL is for the very reason that GPL requires you to make changes also public. For a website framework, which is meant to make changes to, this might not be desirable. That's why I didn't chose GPL, but my own do-what-you-want-with-it-as-long-as-you-give-me-credit-and-don't-abuse-my-time-and-effort license.

Good to hear you will give XSLT a try. I don't think it's the perfect solution for views, but it enforces you to keep the view clean (strict MVC) and doesn't allow you to cheat by including code in it. I advice you to do the same with OOP. It isn't really that hard. Start reading here []. Read about properties, constructors, destructors, visibility, inheritance and magic methods. With that, you'll be perfectly able to understand and use Banshee. The rest of OOP will follow later. I'm sure it will take no more than an hour to read. OOP makes your PHP code, specially the libraries, much cleaner.

Cleaner code = easier to read = easier to extend = less chance to make mistakes = more secure. Please, consider this advice from someone with 30 years of coding experience.
24 March 2015, 05:48
Well, I also think I will appreciate Banshee. I wrote my own CMS too many years ago, which is still lying around. However, it was as often is when learning the trade, half baked. I did however find it nice to be pedantic on those things I find immensely important, like security but on the same time, I know my shortcomings in knowledge would equally lend me many potential insecurities (not personal, programming ones silly! ,p).

Anyway, to me Banshee reminds me a lot of what I was also making, and it is not overextending for the milliions and being automagic more than necessary (framework vs. full cms).

The leaner it is, the easier it is to adjust the code as well.

But, a small thing which glares out at me from the beginning is this:

When a user logs in, and clicks on admin, it links to forbidden. Fine.. now, how does the user _log out_ so that admin can log in?! :p

Obviously, one just writes a quick logout button, session_destroy() logic bit, but was a bit funny it's not there as is on fresh install
24 March 2015, 05:50
Oh and like others seem to say , both at hiawatha site and here, I think many care.. I quickly took a liking to you and your project when I see your efforts and how you help people with your projects. Very nice and I definitely started appreciating you straight off the bat!

But yes.. the open source world/internet user base can be (edit: no.. IS) a rough, unforgiving, ungrateful world haha. ,)
Hugo Leisink
24 March 2015, 09:40
Thanks for your nice feedback, Mina. About the logout issue, simply place a link to /logout in your website. The default Banshee website is nothing more than an example.
8 May 2015, 00:33
Nice work, both Hiawatha and Banshee. I'm using them on a RaspberryPi and they are working nicely. Hiawatha is very simple to setup yet powerful and fast. Only a question how can I use sqlite instead of MySQL for Banshee? I do not find any information about this topic.

Hugo Leisink
8 May 2015, 01:04
It's not supported, but I guess it can be done. Switch to SQLite by changing MySQLi_connection in public/index.php and convert database/mysql.sql to SQLite. But this requires some programming of course. Although all SQL queries have been written for MySQL, I think many of them will run fine on SQLite. Maybe with a little tweaking.