15 KB


What is it. Quite frankly its a light, somewhat crude CMS written on top of CodeIgnier4. it suits my purpose. Its aimed at those that want a simple blogging system, that allows creation , edit and delete . In other words basic CRUD operations. At least there is a captacha for login , csrf etc .So if you compare to fancy looking WordPress actually this is safer. Also there are only 6 attempts for admin login.

What are the 2 immediate things you need to do on localhost to see it in action.

from a command line : composer update

composer install npm install

//ok that was three things

Salient Points:


The CodeIgniter team make available Ci4 with a MIT licence. I'm quite happy to have anything I've added to inherit that licence;
I’ve queried Richard Stallman on the matter who in an email reply suggested I just submit to fsf , so i've done that. I'm not holding my breath those GNU guys are slow, hey they haven't even finished the GNU Hurd kernel

I'm on Arch Linux where php is currently : PHP 8.1.5 Everything seems to work with CI4.1.9 and php 8 fine so far :^)
The good news is that the core is up to date and if it works with php8 then the framework isn't going to get outdated any time soon!

Getting Started

Download the Zip to your Desktop. In order to reduce upload size the vendor directory was removed and also node_modules.
However its easy to put back using composer ; it depends on how you have composer set up . On Linux I just open a shell window i.e. xterm or equivalent, CD into the unzipped directory and type :

composer install

Never run composer with 'sudo' nor root permissions. If you do you will likely get a blank page! Now to run composer install you need to have composer installed already , or if you don’t have it , install it.

If your on Linux you can set up composer by just downloading the composer.phar file then, from a terminal do something like :

sudo chmod 777 composer.phar

sudo mv composer.phar /usr/local/bin/composer

that will put the executable file into your /usr/local/bin which then which then can be evoked just using composer For composer use see :

Sass and Grunt

Sass has some advantages over css see:

For one you can define a colour once, and use that colour as a variable throughout the rest of the in my case custom.sass Grunt is a task runner and can do some tedious tasks for you such as automatically converting sass to css.

I installed grunt globally on my linux box using :

npm install -g grunt-cli

If you want to use Grunt you will have to do the same.

I then using a shell windows CD'd into my CodeIgniter4CMS and typed:

npm install grunt --save-dev

Again you will have to run that .

After that since there is a package.json, in the web root to install stuff grunt uses for tasks just(with your terminal and context of location being being inside your web root i.e where package.json is ) run:

npm install

that will put back whats needed for Grunt to be able to use the Gruntfile.js which is in the root of the unzipped directory

To fire up Ci4 from the same terminal window type php spark serve

You should back on the terminal window get feedback development server started. Enter into the address bar of your web browser of choice type: http://localhost:8080

Then you should get the landing page up .

Admin User Name and Password Setup

Now there is a little setting up to do , the system uses an sqlite3 database file and that needs populating with a admin user name and password. To to do that simply type /setUp at the url i.e full url is : http://localhost:8080/setUp Note the camel case with the U being a capital .The password will be automatically encrypted . If it works you will simply get "done” returned .If you need to reset username and password , use sqlitebrowser to delete the entry in the admin table, of database Art .click on write changes re-run setUp again

After that you need to go to app/config/ Routes.php and comment out lines 48 and 49 which are:



that stops anyone else if they discover the url setting up .

You can then login going to http://localhost:8080/blackcat

You will probably think funny url ? It is unless your a middlesbrough football team supported. Where is Middlesbrough you don't want to know or go there ; its depressing trust me.

well you want a weird url for login if possible so that its hard to guess. Its harder to hack a web site if hackers can find your admin login page. Now you should see a simple captcha.

Its my own simple login system. I have only allocated for one admin user; if I coded for more it would then involve coding to prevent clashes of users editing the same code i.e a locking of system. The CMS is really aimed at small business owners or bloggers looking for an alternative to WordPress or php coders with little or knowledge of frameworks.

A quick point here; if you compare to WordPress where the login form can easily be accessed (trust me on this ) , user names easily obtained (trust me ) and WP has no captcha, then i suggest relatively speaking security is not bad here ! Login is under session with 5 attempts to further reduce risk from hackers.

if you want to change the url for the admin login page edit line 105 of app/config/Routes.php :


PLEASE note there are some re-directs using whatever you change 'orange' to in the file app/Controllers/Login.php on lines 168 and 195 .So if you change /orange to something else in routes, reflect this on lines 168 and 195 in app/Controllers/Login.php

These are evoked on a failure on login back to login form.

The other points are that the system has as its front end bootstrap, and it uses flexbox . I have break points so its responsive to different device size windows.

Before I forget; on the landing page, that has the carousel on the right is the latest Tweets; its my daughters tweet account. I’m not advertising;the point is you can replace that embed code with your own, so surfers can see a couple of your latest tweets. Lets hope you update more than my daughter . “is she bothered ?” No

Running Grunt

Now when you ran “composer install” that should have put twbs into vendor. The twbs directory will be Bootstrap in the form of Sass.

After editing either the bootstrap sass (not a good idea in my view) or the sass in the custom.scss (see image for location) run once :

grunt do1

grunt do2

grunt do3

That does the conversion of sass into css , concats 3 bootstrap css into one etc. Custom.css , by the way part overrides the bootstrap.css

One file which is referenced in the view layout.php brings it all together and is called “style.css” One you’ve run the 3 grunt as above run once :

grunt watch

After that any changes to custom.scss will be picked up and the processing done automatically. You might have to clear the browser cache as mentioned and also re-fresh browser! Feel free to edit Grunt.js so that the browser refreshes automatically

Since I’ve run grunt and the Bootstrap.css are available if you don’t want to get involved with grunt or sass, then just directly edit Custom.css which is at public/custom.css

Regarding the contact form for people to get back to you, from the web and the process of surfers input into the contact form, the way I used it was to use my google account name and password in Sendmail.php .

I did that via lines below of app/controllers/sendmail.php

Lines 94 to 96

$mail->Username = "*"; //Password to use for SMTP authentication $mail->Password = "*****";

Line 90 (marked out here for privacy is my google email) now I had google email arranged as a “two step”

then : $mail->setFrom('admin@yourdomain', 'john Doe'); $mail->addAddress('emailAddressWhereMeesageShouldBeSent', 'John Doe');

here admin@yourdomain simply comes up in email message. For the section "emailAddressWhereMeesageShouldBeSent " what i did was use my yahoo email account email. So basically i used my google account email and google mail sever to send myself an email to my yahoo email account. you can use your domain email account if you want and simply your own email account to receive the message.

The bane of our lives these days, are spammers, so before the input from a surfer gets sent to the email , defined in the controller Sendmail.php a bit of spam checking is done. On my live testing I didn't actually get much spam ( maybe that was due to not much traffic ?) any way , the spam checking is done via a Controller called SpamChecker.php located app/Andy/SpamChecker.php If you open up that file you will see a small array such as 'http','www','//', 'viagra','

Obviously spammers want to send you a link to their clients web site, so the first 3 values in the array reflect that. Then I've added key words from the spam i received. if any of that is input into the message text box of the contact form, the surfer gets re-directed to a "your a spammer page" and the message is not sent.

You can add your own key words as you see fit.


I left an arbitrary blogs in the database, so you could play with how the edit or delete works. Have a look at the blog article there is some more info in the blog itself.

Another small point at the bottom of each page you will see a link, saying download in pdf. Surfers who visit your blog, and you write something interesting will want to download it ! If you try that yourself it would go to your local download.

Now a quick point regarding running the web app from your desktop and having it served from say Apache. When fired up using spark, the download struggles and doesn't really work. I've got it served from Apache local dev, and the download to pdf, in this case works fine.

Edit of blogs

Now if you have done anything with html , you will know that some characters are best represented by their html entity for best rendering to how you want then to look; databases also don't like certain characters. So here's the problem, when you do an edit of a blog enter characters without thinking it ould cause glitch. I don't want that to happen, so when you click submit the system does some regular expression filtering. You also don't want the sytem to be a control freak either, or there might be no formating. So i've included tags that a permitted including <p > stuff here </p> (start and end of paragraph) You can also safely directly type apostrophies int othe text box, they will be converted to html code representations

Image Names In Blog and Gallery

Don't use underscore(_) in image names dash ( -) is ok because of the regex if there are odd characters in the name they will get removed then there will be an issue of the name stored in the database and its orginal name , which is used for moving into blog Images directory


You might have come across Blade or twig on other systems. With CodeIgniter you can make use of "layouts" which is what i 've done.

So if you want to have another page called say something.php then the view contents would look like:

<?= $this->extend('layout') ?> <?= $this->section('content') ?>

Page content of the view goes here

<?= $this->endSection() ?>

One the home page that comes up if you click on I have also added a bit more information of the views, that come up on clicking them, getting rid of them and getting rid of twitter feed and carousel


The reason why the system works and that you can see the arbitary blogs , is that it doesn't need MySQl to work. Instead i use sqlite3 database , which is "serverless" meaning it doesn't require a db server to work. The database name is just "Art" and is located in the writable directory. Make sure that the writable directory has read & write permissions and so does the Art database file.

Sqlite db's sometimes are named with .db suffix. I found that with one datbase browser, nothing was visible until i clicked to open "all files". A light and simple database browser and editor is called sqlitebrowser: It should be in your repository if your on Linux.

As a browser I use Firefox (hey they need all the help they can get) and had a little trouble with web caching. It kept serving me the same page; that was before I edited custom.scss.

Either you are going to have to keep clearing the web cache via history or try , typing “ about:config “ into the address bar and disable web caching.

The system is written on top of CodeIgniter 4.1.3 and consists of a very light CMS system. if you look at the attached image , which once logged in is accessible from /orange

I.e full url i.e http://localhost:8080/orange

the links take you to forms where administrative tasks can be done will be visible. if not logged in access the admin page http://localhost:8080/admin will come up as page not found. You don't want web surfers getting access to the url , so its prevented using filters.

Moving to production

This CMS is really aimed at aspiring coders maybe coming to a framework for the first time. Looking int othe code you can see the basics of CRUD operations. Maybe you will be able to improve on my code one day :^)

Anyway I have had the system testing live for some time , so maybe not sophisticaed it does the good

If you want to give it a go a few things need tweaking . At line 24 of app/Config/app.php I use the line :

public $baseURL = 'http://localhost:8080/';

Change that to your domain(keep trailing slash at end /) or if developing on Apache rather than using spark serve what ever url you have set to serve the app up. eg on my Apache I use via /etc/hosts and my virtual hosts set up to serve up landing page of web

To get rid of debug toolbar at every bottom of page go to line 22 of index.php in public and change

$_SERVER['CI_ENVIRONMENT'] = 'development';

to :

$_SERVER['CI_ENVIRONMENT'] = 'production';

CodeIgniter4 documentation is at :

The CodeIniter forum is at :

PS I apologise to anyone who previously downloaded when it was a chunky 90Mb , that was due to unseen junk in .files I've removed it so its now more a reasonable download size

Also i'm in the process of checking , adding things i've forgot , and tidying up , also checking things like inclusion of CSRF protection. Actually that should have been done in all the forms, but i will double check . so i will up date as I get the time. I've put authorship in the top of the controllers I wrote with my email if you have any burning questions