Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nixphp/form

NixPHP Form Plugin for handling forms natively.
https://github.com/nixphp/form

csrf csrf-protection framework nixphp php plugin

Last synced: 3 months ago
JSON representation

NixPHP Form Plugin for handling forms natively.

Awesome Lists containing this project

README 

          



![Logo](https://nixphp.github.io/docs/assets/nixphp-logo-small-square.png)



[![NixPHP Form Plugin](https://github.com/nixphp/form/actions/workflows/php.yml/badge.svg)](https://github.com/nixphp/form/actions/workflows/php.yml)






[โ† Back to NixPHP](https://github.com/nixphp/framework)



---



# nixphp/form



> **Form handling the NixPHP way โ€” minimal, secure, intuitive, extendable.**



This plugin provides **form memory**, **CSRF protection**, a flexible **Validator system**,

and a full set of **view helpers** for easy form handling in your NixPHP applications.



Everything is registered automatically and works without configuration.



---



## ๐Ÿ“ฆ Features



* โœ”๏ธ **Form input memory** (`memory()`, `memory_checked()`, `memory_selected()`)

* โœ”๏ธ **CSRF protection** via automatic event listener

* โœ”๏ธ **Validator system** with dynamic rule registry

* โœ”๏ธ **Built-in rules:** `required`, `email`, `min`, `max`, `boolean`

* โœ”๏ธ **Custom rules** via `Validator::register()`

* โœ”๏ธ **View helpers** (`error()`, `has_error()`, `error_class()`, `validator()`)

* โœ”๏ธ Automatically integrates into `guard()` and the event system

* โœ”๏ธ Zero configuration โ€” plug and play



---



## ๐Ÿ“ฅ Installation



```bash

composer require nixphp/form

```



The plugin registers itself. No additional setup needed.



---



## ๐Ÿš€ Usage



### ๐Ÿง  Form Memory



### `memory($key, $default = null)`



Restores previous user input:



```php



```



### `memory_checked($key, $value = 'on')`



Works for checkboxes:



```php

>

```



### `memory_selected($key, $expected)`



Works for selects:



```php

>Germany

```



Memory is powered by `param()` and persists automatically after POST requests.



---



## ๐Ÿงช Validation



Create a Validator and run rules:



```php

validator()->validate(request()->getParsedBody(), [

    'email'    => 'required|email',

    'password' => 'required|min:8',

]);

```



Check validity:



```php

if (validator()->isValid()) {

    // continue...

}

```



Custom messages:



```php

validator()->validate($request->getParsedBody(), [

    'name' => 'required|min:3'

], [

    'name' => [

        'required' => 'Please enter your name.',

        'min'      => 'At least %s characters.'

    ]

]);

```



Get errors:



```php

validator()->getErrorMessages();

validator()->getErrorMessage('email');

```



---



### ๐Ÿงฉ Built-in Validation Rules



The plugin registers these rules automatically:



```php

Validator::register('required', fn($val) => !empty($val), 'Field is required.');

Validator::register('email', fn($val) => (bool)filter_var($val, FILTER_VALIDATE_EMAIL), 'Please enter a valid email address.');

Validator::register('min', fn($val, $p) => empty($val) || mb_strlen((string)$val) >= (int)$p, 'At least %d characters.');

Validator::register('max', fn($val, $p) => empty($val) || mb_strlen((string)$val) <= (int)$p, 'Maximum of %d characters.');

Validator::register('boolean', fn($val) => filter_var($val, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) !== null, 'Is not a boolean value.');



### Adding your own rule:



```php

Validator::register('starts_with', function ($value, $param) {

    return str_starts_with((string)$value, $param);

}, "Value must start with '%s'.");

```



---



## ๐ŸŽจ View Helpers for Errors



### `error($field, Validator $validator)`



Outputs error messages wrapped in `
`.



```php

= error('email', $validator) ?>

```



### `has_error($field, $validator)`



Useful for conditional styling:



```php



```



### `error_class($field, $validator)`



Returns `"error"` if the field has validation errors.



### `validator()`



Returns the Validator instance from the container:



```php

$validator = validator();

```



### `is_post()`



Detects if the request method is POST.



---



## ๐Ÿ›ก๏ธ CSRF Protection



CSRF is enforced automatically for:



* POST

* PUT

* DELETE



unless an `Authorization` header exists.



Add the token to your form:



```php



    



```



Invalid tokens immediately trigger a 400 response before controller execution.



---



## ๐Ÿ” Internals



The plugin automatically:



* Registers built-in validator rules via the container

* Hooks CSRF validation into `Event::CONTROLLER_CALLING`

* Extends the guard with a CSRF service

* Provides global view helpers for forms

* Uses `param()` to manage form memory state



All without configuration.



---



## ๐Ÿ“ Requirements



* `nixphp/framework` โ‰ฅ 0.1.0

* `nixphp/session` โ‰ฅ 0.1.0 (required for CSRF + memory)



---



## ๐Ÿ“„ License



MIT License.