https://github.com/ci4-cms-erp/ci4ms

mysql veriyon for ci4ms
https://github.com/ci4-cms-erp/ci4ms

authentication authorization codeigniter-cms codeigniter-template codeigniter4 codeigniter4-cms php rbac roles

Last synced: 4 months ago
JSON representation

mysql veriyon for ci4ms

• Host: GitHub
• URL: https://github.com/ci4-cms-erp/ci4ms
• Owner: ci4-cms-erp
• License: mit
• Created: 2022-12-11T03:31:34.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2025-03-13T22:20:29.000Z (about 1 year ago)
• Last Synced: 2025-04-12T00:15:05.706Z (about 1 year ago)
• Topics: authentication, authorization, codeigniter-cms, codeigniter-template, codeigniter4, codeigniter4-cms, php, rbac, roles
• Language: JavaScript
• Size: 31.5 MB
• Stars: 7
• Watchers: 2
• Forks: 1
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# CI4MS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. It combines CMS workflows, developer-focused CLI commands, an extensible module system, and customizable front-end themes in a single package.

## Key Features

- Authentication & RBAC: `Modules\Auth` handles user login, lockouts, and password resets, while permissions map to `auth_permissions_pages` records.

- Modular backend: Each feature ships as an independent module (Blog, Pages, Menu, Media, Users, Settings, Theme, etc.) under `modules/*`.

- Flexible content management: Page and blog entries include SEO metadata, categories, tags, and full comment workflows.

- Media & files: Includes elFinder-powered media management, a built-in file editor, and an in-panel log viewer.

- Theme system: The `public/templates/*` structure and the `Modules\Theme` module enable installing or upgrading themes from ZIP packages.

- Setup & automation: Offers a web-based installer (`/install`) plus CLI commands for default data seeding, automatic route generation, and module scaffolding via `php spark make:module`.

- SEO helpers: `ci4seopro` builds meta tags and JSON-LD, while `CommonLibrary` centralizes email, breadcrumbs, and inline shortcode utilities.

## Requirements

- PHP 8.1 or newer (intl, json, mbstring, gd, curl, openssl recommended)

- Composer

- MySQL/MariaDB (or any CodeIgniter 4-supported driver)

- Writable directories: `writable/`, `public/uploads/`, optionally `public/templates/`

See `composer.json` for the full dependency list (e.g. `bertugfahriozer/ci4commonmodel`, `bertugfahriozer/sql2migration`, `ci4-cms-erp/ext_module_generator`, `claviska/simpleimage`, `seunmatt/codeigniter-log-viewer`, `gregwar/captcha`, `jasongrimes/paginator`, `studio-42/elfinder`, `phpmailer/phpmailer`).

# 🪴 Project Activity

![Alt](https://repobeats.axiom.co/api/embed/9f2631ce1dcfae3db84f5113fea08ac0c7ae8d29.svg "Repobeats analytics image")

## Installation

### Fresh Project (recommended)

```bash

composer create-project ci4-cms-erp/ci4ms myproject

cd myproject

```

### Clone Existing Repository

```bash

git clone  ci4ms

cd ci4ms

composer install

```

### Environment & Configuration

1. Create your `.env` and enable the development environment:

   ```bash

   cp env .env

   php spark env development

   ```

2. Update these core settings in `.env`:

   - `app.baseURL`

   - `database.default.*`

   - Optional: `cookie.*`, `honeypot.*`, `security.*`

3. If you prefer the web installer, open `/install` in the browser and follow the wizard. Use the CLI steps below if you want to skip the wizard.

### Database & Seed Data

```bash

php spark migrate

php spark db:seed Ci4msDefaultsSeeder   # You will be prompted for your name, email, and password

php spark create:route                  # Generates the default routes file

php spark key:generate                  # Creates an encryption key

```

The seeder provisions an active administrator account (group_id=1) and populates the initial module records.

### Run the Dev Server

```bash

php spark serve

```

Access the backend via: `https:///backend`

## Directory Layout

- `app/Controllers/Home.php` — Handles front-end pages, blog listings, details, and comments.

- `app/Libraries/` — Shared helpers (email, SEO, shortcodes).

- `app/Commands/` — CLI tooling (`make:a*`, `create:route`).

- `app/Filters/Ci4ms.php` — Install guard, maintenance mode redirect, menu cache.

- `modules/*` — Each module includes its own `Config/Routes.php`, `Controllers`, `Models`, `Views`, `Language`, `Libraries`, `Filters`.

- `public/templates/` — Theme assets; each theme requires `info.xml` and `screenshot.png`.

- `writable/` — Cache, logs, temporary files.

## Modules

| Module           | Purpose                    | Highlights                                            |

| ---------------- | -------------------------- | ----------------------------------------------------- |

| Auth             | Authentication lifecycle   | CAPTCHA, email activation, reset tokens               |

| Backend          | Admin shell                | Dashboard stats, shared base controller               |

| Blog             | Blog CRUD                  | Categories, tags, comments, bad-word filters          |

| Pages            | Static page management     | SEO fields, inline shortcode parsing                  |

| Menu             | Menu builder               | Drag-and-drop ordering, slug helpers                  |

| Media            | Media manager              | elFinder integration, optional WebP conversion        |

| Fileeditor       | Project file editor        | Safe read/write/rename/move/delete                    |

| Settings         | System configuration       | Company/social/mail settings, encrypted SMTP password |

| Users            | User & role management     | Group-based permissions, reset tracking               |

| Methods          | Route → permission mapping | Module toggling, router scan                          |

| Logs             | Log viewer                 | Browses CodeIgniter log files inside the backend      |

| ModulesInstaller | Module ZIP installer       | Upload + cache invalidation                           |

| Theme            | Theme manager              | ZIP upload, duplicate folder checks                   |

| Install          | Web installer              | Creates `.env`, triggers migrations                   |

| Backup           | Database backup manager    | Create, download, and restore backups                 |

See `docs/architecture.md` for deeper architectural notes.

## CLI Commands

- `php spark make:module Blog` — Scaffolds a module (`Config`, `Controllers`, `Views`, language files, etc.).

- `php spark make:acontroller Example` — Generates a backend controller template.

- `php spark make:amodel Example` — Generates a backend model (with options for table, return type).

- `php spark make:abview dashboard` — Generates a backend view from the AdminLTE template.

- `php spark create:route` — Rebuilds `app/Config/Routes.php` from the template.

- Standard CodeIgniter commands: `php spark migrate`, `php spark db:seed`, `php spark cache:clear`, etc.

## Developer Notes

- **Cache keys**: `settings` (24h), `menus` (menu tree, 24h), `{userId}_permissions`. Clear with `php spark cache:clear` or `cache()->delete()`.

- **Base controller**: Extend `Modules\Backend\Controllers\BaseController` for new backend controllers; it prepares session user, navigation, mail settings, and shared data.

- **Permissions**: Remember to register new secured routes in `Modules\Methods` (or via the database) so the permission filter recognizes them. The backend log viewer lives under `/backend/logs` and follows the same permission model.

- **Slug generation**: `seflink()` handles transliteration (including Turkish characters).

- **Form security**: Global CSRF is enabled; backend AJAX endpoints opt out via `BackendConfig::$csrfExcept`.

- **Comment moderation**: `CommonLibrary::commentBadwordFiltering` handles bad word filtering and moderation rules.

- **Email delivery**: `CommonLibrary::phpMailer()` resolves SMTP settings from encrypted storage in `settings.mail`.

- **Theme uploads**: Each theme must include `info.xml` and `screenshot.png`; missing files trigger a backend warning.

## Testing & Maintenance

- `composer test`

- Add coding standards or static analysis as needed (not included by default).

- **Maintenance mode**: When `settings.maintenanceMode.scalar == 1`, the `Ci4ms` filter redirects visitors to `maintenance-mode`.

- **Security**: `Fileeditor` and `Media` enforce `realpath` guards. Limit access in production environments.

## Additional docs

- `docs/architecture.md` — Architecture, flow, permissions, and extension guidance.

Questions or contributions? Open an issue or pull request.

## 🏆 Security Hall of Fame

A huge thank you to the security researchers who have helped make **ci4ms** more secure by finding and reporting vulnerabilities.

| Contributor | Contribution | Date |

| :--- | :--- | :--- |

| **[Lars van Mil](https://github.com/Far-Horizons)** | Identified Critical RCE and Information Disclosure vulnerabilities. | Jan 2026 |

> If you find a security vulnerability, please report it via [Security Policy](SECURITY.md).