cakmoel / scriptlog
Just another blog engine
Maintainers
Requires
- php: >=7.4
- catfan/medoo: ^2.1
- defuse/php-encryption: ^2.2
- egulias/email-validator: ^2.1
- filp/whoops: ^2.9
- intervention/image: ^2.5
- ircmaxell/random-lib: ^1.2
- laminas/laminas-crypt: ^3.3
- laminas/laminas-escaper: ^2.12
- laminas/laminas-feed: ^2.17
- melbahja/seo: ^2.0
- psr/log: ^1.1
- sinergi/browser-detector: ^6.1
- symfony/mailer: ^5.4
- vlucas/phpdotenv: ^5.6
- voku/anti-xss: ^4.1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.0
- phpmetrics/phpmetrics: ^2.9
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^9.5
- squizlabs/php_codesniffer: ^3.7
README
Empowering Your Personal Weblog
Scriptlog is a simple, secure, modular, and robust personal blogging platform. It is a refactored fork of Piluscart 1.4.1, engineered to emphasize simplicity, privacy, and security without the overhead of a complex Content Management System.
Project Overview
Scriptlog is not designed to replace full-scale CMS frameworks. Instead, it is meticulously engineered to:
- Power personal weblogs that do not require a heavy CMS.
- Provide a secure foundation for blogging with modern security practices.
- Run fast with minimal overhead.
Core Technologies
- Backend: PHP 7.4+ (PSR-12 compliant)
- Database: MySQL 5.7+ / MariaDB 10.3+
- Architecture: Multi-layered MVC-like (
Request→Bootstrap→Dispatcher→Controller→Service→DAO→Database) - Security: Laminas (Escaper, Crypt), Defuse PHP Encryption, voku Anti-XSS, HTMLPurifier.
Requirements
Ensure your hosting environment meets the following requirements:
- PHP: 7.4+ (with extensions:
pdo,pdo_mysql,json,mbstring,curl) - Web Server: Apache (with
mod_rewriteenabled) or Nginx - Database: MySQL 5.7+ or MariaDB 10.3+
- Composer: Latest (for dependency management)
Installation
-
Clone the Repository
git clone https://github.com/ScriptLog/scriptlog.git cd Scriptlog -
Install Dependencies
composer install
-
Set Permissions
chmod -R 755 public/ chmod -R 755 public/cache/ public/log/
-
Database Setup Create a new empty database (use
utf8mb4_general_cicollation). -
Run the Installer Navigate to
/install/in your web browser and follow the wizard:- Step 1: System Requirements Check (
install/index.php) - Step 2: Database Setup (
install/setup-db.php) - creates 21 tables - Step 3: Complete Setup (
install/finish.php)
- Step 1: System Requirements Check (
-
Cleanup (Critical) For security purposes, delete the
install/directory immediately after installation is complete.
Configuration Files
After installation, two configuration files are generated:
| File | Purpose |
|---|---|
config.php |
Main configuration with $_ENV fallbacks |
.env |
Environment variables (auto-generated) |
lib/utility/.lts/lts.txt |
Defuse encryption key for authentication cookies |
Configuration
Scriptlog supports both .env and config.php files for configuration. During installation, both files are automatically generated and kept in sync.
config.php Structure
<?php return [ 'db' => [ 'host' => $_ENV['DB_HOST'] ?? 'localhost', 'user' => $_ENV['DB_USER'] ?? '', 'pass' => $_ENV['DB_PASS'] ?? '', 'name' => $_ENV['DB_NAME'] ?? '', 'port' => $_ENV['DB_PORT'] ?? '3306', 'prefix' => $_ENV['DB_PREFIX'] ?? '' ], 'app' => [ 'url' => $_ENV['APP_URL'] ?? 'http://example.com', 'email' => $_ENV['APP_EMAIL'] ?? '', 'key' => $_ENV['APP_KEY'] ?? '', 'defuse_key' => 'lib/utility/.lts/lts.txt' ], 'mail' => [ 'smtp' => [ 'host' => $_ENV['SMTP_HOST'] ?? '', 'port' => $_ENV['SMTP_PORT'] ?? 587, 'encryption' => $_ENV['SMTP_ENCRYPTION'] ?? 'tls', 'username' => $_ENV['SMTP_USER'] ?? '', 'password' => $_ENV['SMTP_PASS'] ?? '', ], 'from' => [ 'email' => $_ENV['MAIL_FROM_ADDRESS'] ?? '', 'name' => $_ENV['MAIL_FROM_NAME'] ?? 'Blogware' ] ], ];
Running the Application
| Environment | URL |
|---|---|
| Public Site | http://your-domain/ |
| Admin Panel | http://your-domain/admin/ |
| API Endpoint | http://your-domain/api/v1/ |
Directory Structure
ScriptLog/
|-- index.php # Public front controller
|-- config.php # Application configuration
|-- .env # Environment variables
|
|-- admin/ # Admin panel
| |-- index.php # Admin entry point
| |-- login.php # Login page
| +-- ... # Other admin pages
|
|-- api/ # RESTful API
| +-- index.php # API entry point
|
|-- lib/ # Core library
| |-- main.php # Application bootstrap
| |-- common.php # Constants and functions
| +-- core/ # Core classes (Bootstrap, Dispatcher, DbFactory, etc.)
| +-- dao/ # Data Access Objects
| +-- service/ # Business logic layer
| +-- controller/ # Request controllers
| +-- model/ # Data models
| +-- utility/ # Utility functions (100+ files)
| +-- vendor/ # Composer dependencies
|
|-- public/ # Web root
| +-- themes/ # Theme templates
| +-- blog/ # Default theme
| +-- files/ # User uploads (pictures, audio, video, docs)
| +-- cache/ # Cache directory
| +-- log/ # Log directory
|
|-- install/ # Installation wizard
| +-- include/ # Installation includes
|
|-- docs/ # Developer guides
+-- DEVELOPER_GUIDE.md
+-- TESTING_GUIDE.md
+-- PLUGIN_DEVELOPER_GUIDE.md
+-- API_DOCUMENTATION.md
+-- API_OPENAPI.yaml
+-- API_OPENAPI.json
|
+-- tests/ # PHPUnit test suite
For detailed architecture and component documentation, see DEVELOPER_GUIDE.md.
Development
Scriptlog adheres to PSR-12 coding standards and uses Conventional Commits.
Architecture
Scriptlog uses a multi-layer architecture designed for maintainability and scalability:
Request → Front Controller → Bootstrap → Dispatcher → Controller → Service → DAO → Database
| Step | Component | Location |
|---|---|---|
| 1 | Front Controller | index.php |
| 2 | Bootstrap | lib/core/Bootstrap.php |
| 3 | Dispatcher | lib/core/Dispatcher.php |
| 4 | Controller | lib/controller/* |
| 5 | Service | lib/service/* |
| 6 | DAO | lib/dao/* |
| 7 | View | lib/core/View.php |
Adding New Features
When adding features, follow the layered implementation pattern:
- Database Table: Add to
install/include/dbtable.php - DAO: Create in
lib/dao/(Database interactions) - Service: Create in
lib/service/(Business logic) - Controller: Create in
lib/controller/(Request handling) - Routes: Add to
lib/core/Bootstrap.php
WARNING: Never bypass the DAO layer when accessing the database. Always use prepared statements to prevent SQL injection.
Key Commands
- Run Tests:
vendor/bin/phpunit - Static Analysis:
vendor/bin/phpstan(see TESTING_GUIDE.md)
Security Features
- Authentication: Custom secure session handler (
SessionMaker) with remember-me tokens and session fingerprinting. - CSRF: Protected via
csrf_defenderand form security utilities. - XSS: Multi-layered prevention using
Anti-XSS(voku) andHTMLPurifier. - Encryption: Sensitive data encrypted using
defuse/php-encryptionwith auto-generated keys. - Password Hashing: Uses PHP's built-in
password_hash()with bcrypt. - Access Control: Role-based user levels with granular permissions.
User Levels
| Level | Permissions |
|---|---|
| administrator | Full access - PRIVACY, USERS, IMPORT, PLUGINS, THEMES, CONFIGURATION, PAGES, NAVIGATION, TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |
| manager | PLUGINS, THEMES, CONFIGURATION, PAGES, NAVIGATION, TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |
| editor | TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |
| author | COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |
| contributor | POSTS, DASHBOARD |
| subscriber | DASHBOARD only |
Contributing
Contributions are welcome! Please read our Contributing Guidelines before submitting pull requests.
Code of Conduct
Please read our Code of Conduct to keep our community approachable and respectable.
Security
For security vulnerabilities, please read our Security Policy for responsible disclosure guidelines.
License
Scriptlog is Open Source and Free PHP Blog Software licensed under the MIT License.
Thank you for creating with Scriptlog.