A fully custom-built Content Management System (CMS) tailored for blogging. Engineered with modern PHP and MongoDB, this platform features a robust administrative dashboard, an integrated AI writing assistant, advanced security protocols, and built-in newsletter capabilities.
- Rich Text Editor: Integrated Quill WYSIWYG editor for seamless content creation.
- Image Handling: image uploading and rendering utilizing MongoDB GridFS.
- AI-Powered Assistant: Integrated with the Gemini API to help draft content, generate SEO meta descriptions, and rewrite excerpts.
- Draft & Publish Workflow: Manage post statuses seamlessly before pushing them live.
- Two-Factor Authentication (2FA): Enforced TOTP-based authentication for administrative access.
- Anti-Brute Force: Login rate limiting (account lockouts/delay after successive failed attempts).
- Session Protection: Strict session management, hijacking prevention (User Agent & IP binding), and secure httponly cookies.
- xSS & CSRF Mitigation: HTMLPurifier for robust content sanitization and CSRF tokens across all mutable forms.
- Bot Protection: Google reCAPTCHA v2 integration on forms.
- SEO Optimized: Custom slugs, meta titles, descriptions, and dynamic OpenGraph/Twitter cards.
- Newsletter System: Collect subscriber emails and broadcast newsletters directly from the dashboard.
- Analytics Dashboard: Track total views, published documents, and recent engagement metrics.
- Backend: PHP 8.1+
- Database: MongoDB (via the
mongodb/mongodbdriver) - Dependency Management: Composer
- Frontend: HTML5, CSS3, JavaScript, Bootstrap 5
- Key Libraries:
vlucas/phpdotenv: Environment variable management.spomky-labs/otphp: Two-Factor Authentication (TOTP).ezyang/htmlpurifier: XSS payload sanitization.phpmailer/phpmaileror HTTP-based mailer APIs.
-
Clone the repository (if applicable) or place the files in your web directory (e.g.,
htdocs/blog). -
Install Composer Dependencies Navigate to the project root and run:
composer install
-
Environment Configuration Create a
.envfile in the root directory and configure your environment variables:# web base url BASE_URL="http://localhost/blog/" #database credentials MONGODB_URI="mongodb+srv://<username>:<password>@cluster.mongodb.net/?retryWrites=true&w=majority" MONGODB_DATABASE="my_blog_db" #recaptcha RECAPTCHA_SECRET_KEY="your-google-recaptcha-secret" #gemin api GEMINI_API_KEY="your-google-gemini-api-key" # Mail (Brevo / Sendinblue example) BREVO_API_KEY="your-brevo-api-key" MAIL_FROM_ADDRESS="[email protected]"#from brevo you have to setup this email as a recipient and sender in brevo dashboard MAIL_FROM_NAME="Admin" #this is the name that appears after you have sent an email
-
Initialize the Admin Account Run the secure seeder script from your terminal to generate the first super admin.
php seed_admin.php
Note: For security reasons, the seeder script is programmed to automatically delete itself (
unlink) upon successful execution. *The script has preset values such as email and password please replace the values before running the script * -
First Login Navigate to
/admin/login, log in with the credentials provided by the prompt, and immediately configure your 2FA using a mobile Authenticator app (e.g., Google Authenticator, Authy) this is optional .
/admin/- Fully protected administrative dashboard, login, write/edit interface, and configuration scripts./vendor/- Composer dependencies.index.php- Homepage / Blog listing.blog.php- Single article view.contact.php- Contact form.serve_image.php- Secure file handler extracting GridFS images to the browser..htaccess- Critical security headers, URL rewriting, and directory protection.
Contributions, issues, and feature requests are welcome! Ensure you test your code and adhere to the built-in security practices
This project is licensed under the MIT License.