Architecture Overview
scriptLog uses a multi-layer architecture designed for maintainability and scalability.
Request Flow
1. Request
User makes a request to the server
2. Front Controller
index.php or admin/index.php
3. Bootstrap
Initializes application and services
4. Dispatcher
Routes request to appropriate controller
5. Controller
Handles HTTP logic
6. Service
Contains business logic
7. DAO
Handles data access
8. Database
MySQL/MariaDB processes queries
Directory Structure
Tree
public_html/
public_html/
|-- index.php # Public front controller
|-- config.php # Application configuration
|
|-- admin/ # Admin panel
| |-- index.php # Admin entry point
| |-- login.php # Login page
| |-- posts.php # Post management
| |-- pages.php # Page management
| |-- topics.php # Category management
| |-- comments.php # Comment management
| |-- reply.php # Reply management
| |-- users.php # User management
| |-- menu.php # Menu management
| |-- templates.php # Theme management
| |-- plugins.php # Plugin management
| |-- medialib.php # Media library
| +-- ui/ # Admin UI components
| +-- comments/ # Comment UI templates
|
|-- api/ # RESTful API
| +-- index.php # API entry point
|
|-- lib/ # Core library
| |-- main.php # Application bootstrap
| |-- common.php # Constants and functions
| |-- options.php # PHP configuration
| |-- Autoloader.php # Class autoloader
| |-- utility-loader.php # Utility functions loader
| |
| +-- core/ # Core classes (80+ files)
| |-- Bootstrap.php # Application initialization
| |-- Dispatcher.php # URL routing
| |-- DbFactory.php # PDO database connection
| |-- Authentication.php # User authentication
| |-- SessionMaker.php # Custom session handler
| |-- View.php # View rendering
| +-- ...
|
| +-- dao/ # Data Access Objects
| |-- PostDao.php # Posts CRUD
| |-- UserDao.php # Users CRUD
| |-- CommentDao.php # Comments CRUD
| |-- TopicDao.php # Topics CRUD
| |-- MediaDao.php # Media CRUD
| |-- PageDao.php # Pages CRUD
| |-- MenuDao.php # Menus CRUD
| |-- PluginDao.php # Plugins CRUD
| |-- ThemeDao.php # Themes CRUD
| +-- ConfigurationDao.php
|
| +-- service/ # Business logic layer
| |-- PostService.php
| |-- UserService.php
| |-- CommentService.php
| |-- TopicService.php
| |-- MediaService.php
| |-- PageService.php
| |-- MenuService.php
| |-- PluginService.php
| |-- ThemeService.php
| |-- ConfigurationService.php
| +-- ReplyService.php
|
| +-- controller/ # Request controllers
| |-- PostController.php
| |-- UserController.php
| |-- CommentController.php
| |-- TopicController.php
| |-- MediaController.php
| |-- PageController.php
| |-- MenuController.php
| |-- PluginController.php
| |-- ThemeController.php
| |-- ConfigurationController.php
| |-- ReplyController.php
| +-- api/ # API Controllers
| |-- PostsApiController.php
| |-- CategoriesApiController.php
| |-- CommentsApiController.php
| +-- ArchivesApiController.php
|
| +-- model/ # Data models
| |-- PostModel.php
| |-- FrontContentModel.php
| |-- TopicModel.php
| |-- TagModel.php
| |-- PageModel.php
| |-- CommentModel.php
| |-- GalleryModel.php
| |-- ArchivesModel.php
| +-- DownloadModel.php
|
| +-- utility/ # Utility functions (100+ files)
| |-- invoke-config.php
| |-- form-security.php
| |-- csrf-defender.php
| |-- remove-xss.php
| |-- email-validation.php
| +-- ...
|
| +-- vendor/ # Composer dependencies
|
|-- public/ # Public web root
| +-- themes/ # Theme templates
| +-- blog/ # Default theme
| +-- files/ # Uploaded files
| |-- pictures/
| |-- audio/
| |-- video/
| +-- docs/
| +-- cache/ # Cache directory
| +-- log/ # Log directory
|
|-- docs/ # Documentation
| |-- DEVELOPER_GUIDE.md
| |-- TESTING_GUIDE.md
| |-- PLUGIN_DEVELOPER_GUIDE.md
| |-- API_DOCUMENTATION.md
| +-- API_OPENAPI.yaml
|
+-- install/ # Installation wizard
|-- index.php
|-- setup-db.php
|-- finish.php
+-- include/
|-- dbtable.php
|-- setup.php
+-- settings.phpTip: Use APP_ROOT, APP_ADMIN, APP_PUBLIC, and other constants defined in lib/common.php for path handling.
Core Components
lib/core/ ...
Bootstrap
Initializes application and sets up services
Bootstrap.php
Dispatcher
URL routing and request dispatching
Dispatcher.php
DbFactory
PDO database connection factory
DbFactory.php
Authentication
auth, sessions and access control
Authentication.php
Route Patterns
PHP
lib/core/Bootstrap.php
$rules = [
'home' => "/",
'category' => "/category/(?'category'[\w\-]+)",
'archive' => "/archive/[0-9]{2}/[0-9]{4}",
'archives' => "/archives",
'blog' => "/blog([^/]*)",
'page' => "/page/(?'page'[^/]+)",
'single' => "/post/(?'id'\d+)/(?'post'[\w\-]+)",
'search' => "(?'search'[\w\-]+)",
'tag' => "/tag/(?'tag'[\w\- ]+)"
];Key Application Constants
| Constant | Value | Description |
|---|---|---|
DS | Directory separator | Platform-specific path separator |
APP_ROOT | Application root | Root directory of the application |
APP_ADMIN | 'admin' | Admin directory name |
APP_PUBLIC | 'public' | Public web root |
APP_LIBRARY | 'lib' | Library directory |
APP_THEME | 'public/themes' | Themes directory |
APP_PLUGIN | 'admin/plugins' | Plugin directory |
APP_IMAGE | 'public/files/pictures' | Image directory |
SCRIPTLOG | HMAC hash | Security constant for direct access prevention |
User Levels & Access Control
| Level | Permissions |
|---|---|
| administrator | Full access - all features |
| manager | PLUGINS, THEMES, CONFIG, PAGES, TOPICS, COMMENTS, MEDIALIB, POSTS |
| editor | TOPICS, COMMENTS, MEDIALIB, POSTS |
| author | COMMENTS, MEDIALIB, POSTS |
| contributor | POSTS only |
| subscriber | DASHBOARD only |
Access Control Implementation
PHP
Admin page
if (false === $authenticator->userAccessControl(ActionConst::PRIVACY)) {
direct_page('index.php?load=403&forbidden=' . forbidden_id(), 403);
}Security Features
CSRF Protection via CSRFGuard class
XSS Prevention with Sanitize class
SQL Injection Prevention (PDO)
Cookie Encryption (Defuse)