CodeCanyon is forcing me to use framework

My item just got rejected.

Consider using at least a minimal framework to structure the application better. Right now, it’s a mix of HTML, PHP and SQL.

Code is not bad, really, it’s OOP using MySQli and PSR standards.

Take a look at folder structure

It’s fine right?

Or maybe framework is REQUIRED? Can you please guide me through what to do to improve my code (without using framework).

You can see demo here

Use BOOTSTRAP. Isnt it a framework?

I am using BootStrap 4, but they are asking me to use PHP framework, which I won’t do. My code is secure against SQL injection, XSS and all other attacks, it is well organized, i was using OOP.
I just think CodeCanyon will always find a reason to reject my work…

When I purchased things from ThemeForest & CodeCanyon I saw how code of some themes/scripts is messed up, and that items got approved, even some scripts had big vulnerabilities (wp themes), people were also complaining here on the forum and that items got removed. So are reviewers really doing they job right? Do they choose appearance over security? I think they are really not fair to Junior PHP developers which paid a lot of money for private schools to learn them coding. I know why is codecanyon so picky, because they are popular now and they have full bags of money so they only accept work that will generate a lot more money for them. So, startups here do not have a chance. prove me otherwise if you can. Tell me they are not monopolist


Yeah! This is really bad. Rejecting an item because its not using a PHP framework(no matter what the script is doing) is a wrong move I think. There are a lot of people reporting this problem(Rejected because of not using a framework).

###What you should do (my personal opinion):

Good Luck! Btw, Please post the reply message here from the help team(If you want :slight_smile: ) as I’m really interested if from now all PHP scripts with no frameworks will be rejected. :expressionless:

1 Like

Yeah, like they’ll give one, [sarcasm]They always give so good in-detailed explanation of what is wrong when your work get rejected. They also keep records of every rejection and what is wrong, they just do not say until you ask them, they’ll be happy to work with me.[/sarcasm]

actually is best to use a php framework
as the documentation is already available and its updated every now and then
and they can easily change what ever they want
unlike your self made framework which you are the only one understand it
this is not criticism but advice :slight_smile:

1 Like

I second what @ThemeSLR said - please open a help ticket and post the response here. I’m very intrigued by this and want to know more.

Forcing people to use a framework for small apps can and likely will create numerous problems, including security-related issues, as they rush to learn a framework without paying much attention to detail.


@bastikikang My code is as comprehensible as any framework when you see it for the first time.

@baileyherbert I will, but I’m not doing it for me, i’ll open ticket for the community.
I got accepted with no problems on other marketplace.

1 Like

Look at this amazing support:

Riqi Macap

Riqi Macapagal (Envato Market Help)

Apr 27, 13:00 AEST

Hello Luka,

Thank you for writing in. My name is Riqi, an Envato Help Officer. We’re sorry to hear about the recent rejection of your file, Confessions PHP Script. We know that this can be disappointing, and we’re very happy to hear that you’re taking the time to revise/improve your work.

I understand that this is frustrating on your part, but we are unable to provide further feedback other than what the reviewer has left on the note. The best way to get feedback before submitting it again is to post a screenshot or a link on the forums, where talented and helpful community members can give valuable feedback to you.

You may also want to read the following public Help articles:

Rejected Items
Common Rejection Reasons for Envato Market

Thank you for understanding and best of luck on all your projects.

Best Regards,

Riqi Macapagal

My last item was also rejected because of this reason and what I did is fix the bugs and re-submitted it again with explanation of how it works and why it should be approved and after a few days they approved it.

Yes, good idea.
The review comment says “consider” so resubmit it and tell him that you did consider and decided against it.

Well I guess I can look at the code again and do a detailed intervention sticking to PSR standards, re-indenting, etc.

  • Please make sure the code adheres to PSR standards.
  • Make sure that the code doesn’t raise any PHP errors, notices or warnings. Please set error_reporting(E_ALL)
  • Please double check for common security vulnerabilities: SQL injection, XSS, CSRF etc

This is newest reject, why is this happening?

Always when i develop my code is set to E_ALL and there are no errors.
My code IS per PSR standards and i was using OOP.

And I have no security problems, I am using prepared statements and I always htmlspecialchars any user output . What should I do. Why are they doing this

It’s a canned response. One of any of the three is happening. Most likely, there’s hidden errors, notices, or warnings.

Set error_reporting to E_ALL and test your app in full.
Make sure that if you enter a " or html into any inputs then it doesn’t break it. Just double check.

Are you listening to me? My error displaying is always on and it’s always set to E_ALL in php.ini when I am developing.
You think I am vulnerable to XSS or SQL injection?! I am not some lame developer.
i know how to write code.

I am using prepared statements, MYSQLI, object oriented code. When I do not use prepared statements or PDO I always ESCAPE input. And htmlspecialchars output.

I wrote code for one of the biggest portal in Serbia I am really not thinking my code is a problem here.

Check for yourself everything is fine, link is in first post.

The CodeCanyon reviewer is very smart and very good at PHP as well. He will not reject an item unless something is wrong with it, so there is something wrong with it. Rather than outright denying any possibilities that somewhere your code may have an issue, and claiming your work is perfect, you should aim to try and identify the problem.

I just successfully posted HTML in a comment on your platform. Is that intentional? Can I post iframes too? How about scripts?
If this is not intentional then very clearly you’re wrong.

1 Like

You didn’t, that is just because when you post a comment jquery is directly appending it to the page so the user can see his comment without refreshing page, and that is not an actual xss or vulnerability, i can escape that with no problem, but as soon you refresh the page you will see your comment is escaped properly because it’s loading data from database.
You didn’t even bother to refresh the page
I am not saying my code is perfect, but I worked a very much a very long and really there is nothing wrong with it.

What version of PHP are you using locally?
What version(s) of PHP did you specify as the requirements for the item when uploading?
Have you tested for errors, warnings, or deprecation notices across all specified versions?

I am using 7.0 version locally and on my hosting.

I choose PHP 5.6 and 7.0

I tested script with E_ALL on my hosting with both versions, since I am owner of that hosting company I can set that for my account.

And there are no any errors, script is not doing anything special or using some tricky functions. It’s simple. I will be happy to send you zip of my script in PM if you want to check it out.

I wast 3 months. i was hoping that my first commercial-script will be in envato. but its nightmare when i got rejected twice because of not using framework. my script is only in html,css,php and they say same thing again.> Consider using at least a minimal framework to structure the application better. Right now, it’s a mix of HTML, PHP and SQL.
i think review team just copy and paste this message to a specific category upload. i think they are approving some specific genre files. and other category uploads approve if uploader is well-known to them.
Its really disgusting and i decided that i wont buy any things from there market in future.