{"id":48783073,"url":"https://github.com/cakmoel/scriptlog","last_synced_at":"2026-04-13T15:01:09.189Z","repository":{"id":29520616,"uuid":"221689568","full_name":"cakmoel/Scriptlog","owner":"cakmoel","description":"Just another blog engine","archived":false,"fork":false,"pushed_at":"2026-04-05T06:26:08.000Z","size":20134,"stargazers_count":10,"open_issues_count":2,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-04-05T06:26:56.267Z","etag":null,"topics":["blog","blog-engine","blog-platform","mariadb","mysql","php","scriptlog","weblog"],"latest_commit_sha":null,"homepage":"https://scriptlog.my.id","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cakmoel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-11-14T12:12:03.000Z","updated_at":"2026-04-05T06:26:12.000Z","dependencies_parsed_at":"2024-11-22T13:29:24.279Z","dependency_job_id":null,"html_url":"https://github.com/cakmoel/Scriptlog","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cakmoel/Scriptlog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cakmoel%2FScriptlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cakmoel%2FScriptlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cakmoel%2FScriptlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cakmoel%2FScriptlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cakmoel","download_url":"https://codeload.github.com/cakmoel/Scriptlog/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cakmoel%2FScriptlog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31757482,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T13:27:56.013Z","status":"ssl_error","status_checked_at":"2026-04-13T13:21:23.512Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blog","blog-engine","blog-platform","mariadb","mysql","php","scriptlog","weblog"],"created_at":"2026-04-13T15:00:57.332Z","updated_at":"2026-04-13T15:01:09.175Z","avatar_url":"https://github.com/cakmoel.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Scriptlog\n\n**Empowering Your Personal Weblog**\n\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE.md)\n[![PHP Version](https://img.shields.io/badge/PHP-7.4%2B-777BB4.svg)](https://www.php.net/)\n[![MySQL Version](https://img.shields.io/badge/MySQL-5.7%2B-4479A1.svg)](https://www.mysql.com/)\n[![MariaDB Version](https://img.shields.io/badge/MariaDB-10.3%2B-003545.svg)](https://mariadb.org/)\n[![PSR-12](https://img.shields.io/badge/PSR--12-Compliant-2C2C2C.svg)](https://www.php-fig.org/psr/psr-12/)\n[![Tests](https://github.com/cakmoel/Scriptlog/workflows/Tests/badge.svg)](https://github.com/cakmoel/Scriptlog/actions/workflows/tests.yml)\n![Scriptlog Mascot](assets/scriptlog-mascot-min.png)\n\n---\n\nScriptlog is a simple, secure, modular, and robust personal blogging platform. It is a refactored fork of Piluscart 1.4.1, engineered to emphasize simplicity, privacy, and security without the overhead of a complex Content Management System.\n\n## Project Overview\n\nScriptlog is not designed to replace full-scale CMS frameworks. Instead, it is meticulously engineered to:\n- Power personal weblogs that do not require a heavy CMS.\n- Provide a secure foundation for blogging with modern security practices.\n- Run fast with minimal overhead.\n\n### Core Technologies\n- **Backend:** PHP 7.4+ (PSR-12 compliant)\n- **Database:** MySQL 5.7+ / MariaDB 10.3+\n- **Architecture:** Multi-layered MVC-like (`Request` → `Bootstrap` → `Dispatcher` → `Controller` → `Service` → `DAO` → `Database`)\n- **Security:** Laminas (Escaper, Crypt), Defuse PHP Encryption, voku Anti-XSS, HTMLPurifier.\n\n## Requirements\n\nEnsure your hosting environment meets the following requirements:\n- **PHP:** 7.4+ (with extensions: `pdo`, `pdo_mysql`, `json`, `mbstring`, `curl`)\n- **Web Server:** Apache (with `mod_rewrite` enabled) or Nginx\n- **Database:** MySQL 5.7+ or MariaDB 10.3+\n- **Composer:** Latest (for dependency management)\n\n## Installation\n\n1. **Clone the Repository**\n   ```bash\n   git clone https://github.com/ScriptLog/scriptlog.git\n   cd scriptlog\n   ```\n\n2. **Install Dependencies**\n   ```bash\n   composer install\n   ```\n\n3. **Set Permissions**\n   ```bash\n   chmod -R 755 public/\n   chmod -R 777 public/cache/ public/log/\n   ```\n\n4. **Database Setup**\n   Create a new empty database (use `utf8mb4_general_ci` collation).\n\n5. **Run the Installer**\n   Navigate to `/install/` in your web browser and follow the wizard:\n   - Step 1: System Requirements Check (`install/index.php`)\n   - Step 2: Database Setup (`install/setup-db.php`) - creates 21 tables\n   - Step 3: Complete Setup (`install/finish.php`)\n\n6. **Cleanup (Critical)**\n   For security purposes, **delete the `install/` directory** immediately after installation is complete.\n\n### Configuration Files\n\nAfter installation, two configuration files are generated:\n\n| File | Purpose |\n|------|---------|\n| `config.php` | Main configuration with `$_ENV` fallbacks |\n| `.env` | Environment variables (auto-generated) |\n| `lib/utility/.lts/lts.txt` | Defuse encryption key for authentication cookies |\n\n## Configuration\n\nScriptlog supports both `.env` and `config.php` files for configuration. During installation, both files are automatically generated and kept in sync.\n\n### config.php Structure\n\n```php\n\u003c?php\nreturn [\n    'db' =\u003e [\n        'host' =\u003e $_ENV['DB_HOST'] ?? 'localhost',\n        'user' =\u003e $_ENV['DB_USER'] ?? '',\n        'pass' =\u003e $_ENV['DB_PASS'] ?? '',\n        'name' =\u003e $_ENV['DB_NAME'] ?? '',\n        'port' =\u003e $_ENV['DB_PORT'] ?? '3306',\n        'prefix' =\u003e $_ENV['DB_PREFIX'] ?? ''\n    ],\n    'app' =\u003e [\n        'url'   =\u003e $_ENV['APP_URL'] ?? 'http://example.com',\n        'email' =\u003e $_ENV['APP_EMAIL'] ?? '',\n        'key'   =\u003e $_ENV['APP_KEY'] ?? '',\n        'defuse_key' =\u003e 'lib/utility/.lts/lts.txt'\n    ],\n    'mail' =\u003e [\n        'smtp' =\u003e [\n            'host' =\u003e $_ENV['SMTP_HOST'] ?? '',\n            'port' =\u003e $_ENV['SMTP_PORT'] ?? 587,\n            'encryption' =\u003e $_ENV['SMTP_ENCRYPTION'] ?? 'tls',\n            'username' =\u003e $_ENV['SMTP_USER'] ?? '',\n            'password' =\u003e $_ENV['SMTP_PASS'] ?? '',\n        ],\n        'from' =\u003e [\n            'email' =\u003e $_ENV['MAIL_FROM_ADDRESS'] ?? '',\n            'name' =\u003e $_ENV['MAIL_FROM_NAME'] ?? 'Blogware'\n        ]\n    ],\n];\n```\n\n## Running the Application\n\n| Environment | URL |\n|-------------|-----|\n| **Public Site** | `http://your-domain/` |\n| **Admin Panel** | `http://your-domain/admin/` |\n| **API Endpoint** | `http://your-domain/api/v1/` |\n\n## Directory Structure\n\n```\nScriptLog/\n|-- index.php                    # Public front controller\n|-- config.php                   # Application configuration\n|-- .env                         # Environment variables\n|\n|-- admin/                      # Admin panel\n|   |-- index.php               # Admin entry point\n|   |-- login.php               # Login page\n|   +-- ...                     # Other admin pages\n|\n|-- api/                        # RESTful API\n|   +-- index.php               # API entry point\n|\n|-- lib/                       # Core library\n|   |-- main.php               # Application bootstrap\n|   |-- common.php             # Constants and functions\n|   +-- core/                  # Core classes (Bootstrap, Dispatcher, DbFactory, etc.)\n|       +-- dao/               # Data Access Objects\n|       +-- service/           # Business logic layer\n|       +-- controller/        # Request controllers\n|       +-- model/             # Data models\n|       +-- utility/           # Utility functions (100+ files)\n|       +-- vendor/           # Composer dependencies\n|\n|-- public/                    # Web root\n|   +-- themes/              # Theme templates\n|       +-- blog/            # Default theme\n|   +-- files/               # User uploads (pictures, audio, video, docs)\n|   +-- cache/               # Cache directory\n|   +-- log/                 # Log directory\n|\n|-- install/                  # Installation wizard\n|   +-- include/             # Installation includes\n|\n|-- docs/                    # Developer guides\n    +-- DEVELOPER_GUIDE.md\n    +-- TESTING_GUIDE.md\n    +-- PLUGIN_DEVELOPER_GUIDE.md\n    +-- API_DOCUMENTATION.md\n    +-- API_OPENAPI.yaml\n    +-- API_OPENAPI.json\n|\n+-- tests/                  # PHPUnit test suite\n```\n\nFor detailed architecture and component documentation, see [DEVELOPER_GUIDE.md](src/docs/DEVELOPER_GUIDE.md).\n\n## Development\n\nScriptlog adheres to **PSR-12** coding standards and uses **Conventional Commits**.\n\n### Architecture\n\nScriptlog uses a **multi-layer architecture** designed for maintainability and scalability:\n\n```\nRequest → Front Controller → Bootstrap → Dispatcher → Controller → Service → DAO → Database\n```\n\n| Step | Component | Location |\n|------|-----------|----------|\n| 1 | **Front Controller** | `index.php` |\n| 2 | **Bootstrap** | `lib/core/Bootstrap.php` |\n| 3 | **Dispatcher** | `lib/core/Dispatcher.php` |\n| 4 | **Controller** | `lib/controller/*` |\n| 5 | **Service** | `lib/service/*` |\n| 6 | **DAO** | `lib/dao/*` |\n| 7 | **View** | `lib/core/View.php` |\n\n### Adding New Features\n\nWhen adding features, follow the layered implementation pattern:\n1. **Database Table:** Add to `install/include/dbtable.php`\n2. **DAO:** Create in `lib/dao/` (Database interactions)\n3. **Service:** Create in `lib/service/` (Business logic)\n4. **Controller:** Create in `lib/controller/` (Request handling)\n5. **Routes:** Add to `lib/core/Bootstrap.php`\n\n\u003e **WARNING:** Never bypass the DAO layer when accessing the database. Always use prepared statements to prevent SQL injection.\n\n### Key Commands\n- **Run Tests:** `vendor/bin/phpunit`\n- **Static Analysis:** `vendor/bin/phpstan` (see [TESTING_GUIDE.md](src/docs/TESTING_GUIDE.md))\n\n## Security Features\n\n- **Authentication:** Custom secure session handler (`SessionMaker`) with remember-me tokens and session fingerprinting.\n- **CSRF:** Protected via `csrf_defender` and form security utilities.\n- **XSS:** Multi-layered prevention using `Anti-XSS` (voku) and `HTMLPurifier`.\n- **Encryption:** Sensitive data encrypted using `defuse/php-encryption` with auto-generated keys.\n- **Password Hashing:** Uses PHP's built-in `password_hash()` with bcrypt.\n- **Access Control:** Role-based user levels with granular permissions.\n\n### User Levels\n\n| Level | Permissions |\n|-------|-------------|\n| **administrator** | Full access - PRIVACY, USERS, IMPORT, PLUGINS, THEMES, CONFIGURATION, PAGES, NAVIGATION, TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |\n| **manager** | PLUGINS, THEMES, CONFIGURATION, PAGES, NAVIGATION, TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |\n| **editor** | TOPICS, COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |\n| **author** | COMMENTS, MEDIALIB, REPLY, POSTS, DASHBOARD |\n| **contributor** | POSTS, DASHBOARD |\n| **subscriber** | DASHBOARD only |\n\n## Contributing\n\nContributions are welcome! Please read our [Contributing Guidelines](CONTRIBUTING.md) before submitting pull requests.\n\n## Code of Conduct\n\nPlease read our [Code of Conduct](CODE_OF_CONDUCT.md) to keep our community approachable and respectable.\n\n## Security\n\nFor security vulnerabilities, please read our [Security Policy](SECURITY.md) for responsible disclosure guidelines.\n\n## License\n\nScriptlog is Open Source and Free PHP Blog Software licensed under the [MIT License](LICENSE.md).\n\n---\n\n*Thank you for creating with Scriptlog.*","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcakmoel%2Fscriptlog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcakmoel%2Fscriptlog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcakmoel%2Fscriptlog/lists"}