PHPackages ci4-cms-erp/ci4ms - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ci4-cms-erp/ci4ms ActiveProject[Authentication & Authorization](/categories/authentication) ci4-cms-erp/ci4ms ================= Modular CodeIgniter 4 CMS featuring RBAC admin, theming, blog/page management, elFinder media integration, and CLI tooling for rapid customization. 0.31.1.0(1mo ago)202764[4 issues](https://github.com/ci4-cms-erp/ci4ms/issues)MITJavaScriptPHP ^8.2CI passing Since Nov 6Pushed 1mo ago3 watchersCompare [ Source](https://github.com/ci4-cms-erp/ci4ms)[ Packagist](https://packagist.org/packages/ci4-cms-erp/ci4ms)[ Docs](https://github.com/ci4-cms-erp/ci4ms)[ RSS](/packages/ci4-cms-erp-ci4ms/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)Dependencies (29)Versions (52)Used By (0)Security (2) CI4MS ===== [](#ci4ms) CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. It combines CMS workflows, developer-focused CLI commands, an extensible module system, and customizable front-end themes in a single package. Key Features ------------ [](#key-features) - Authentication & RBAC: `Modules\Auth` handles user login, lockouts, and password resets, while permissions map to `auth_permissions_pages` records. - Modular backend: Each feature ships as an independent module (Blog, Pages, Menu, Media, Users, Settings, Theme, etc.) under `modules/*`. - Flexible content management: Page and blog entries include SEO metadata, categories, tags, and full comment workflows. - Media & files: Includes elFinder-powered media management, a built-in file editor, and an in-panel log viewer. - Theme system: The `public/templates/*` structure and the `Modules\Theme` module enable installing or upgrading themes from ZIP packages. - Setup & automation: Offers a web-based installer (`/install`) plus CLI commands for default data seeding, automatic route generation, and module scaffolding via `php spark make:module`. - SEO helpers: `ci4seopro` builds meta tags and JSON-LD, while `CommonLibrary` centralizes email, breadcrumbs, and inline shortcode utilities. Requirements ------------ [](#requirements) - PHP 8.1 or newer (intl, json, mbstring, gd, curl, openssl recommended) - Composer - MySQL/MariaDB (or any CodeIgniter 4-supported driver) - Writable directories: `writable/`, `public/uploads/`, optionally `public/templates/` See `composer.json` for the full dependency list (e.g. `bertugfahriozer/ci4commonmodel`, `bertugfahriozer/sql2migration`, `ci4-cms-erp/ext_module_generator`, `claviska/simpleimage`, `gregwar/captcha`, `studio-42/elfinder`). ðŸŠī Project Activity ================== [](#-project-activity) [![Alt](https://camo.githubusercontent.com/b284b1d6577ca78a18a42dd77b377634d9aba9b51491e81445bf750bcaee07b8/68747470733a2f2f7265706f62656174732e6178696f6d2e636f2f6170692f656d6265642f396632363331636531646366616533646238346635313133666561303861633063376165386432392e737667 "Repobeats analytics image")](https://camo.githubusercontent.com/b284b1d6577ca78a18a42dd77b377634d9aba9b51491e81445bf750bcaee07b8/68747470733a2f2f7265706f62656174732e6178696f6d2e636f2f6170692f656d6265642f396632363331636531646366616533646238346635313133666561303861633063376165386432392e737667) Installation ------------ [](#installation) ### Fresh Project (recommended) [](#fresh-project-recommended) ``` composer create-project ci4-cms-erp/ci4ms myproject cd myproject ``` ### Clone Existing Repository [](#clone-existing-repository) ``` git clone ci4ms cd ci4ms composer install ``` ### Environment & Configuration [](#environment--configuration) 1. Create your `.env` and enable the development environment: ``` cp env .env php spark env development ``` 2. Update these core settings in `.env`: - `app.baseURL` - `database.default.*` - Optional: `cookie.*`, `honeypot.*`, `security.*` 3. If you prefer the web installer, open `/install` in the browser and follow the wizard. Use the CLI steps below if you want to skip the wizard. ### Database & Seed Data [](#database--seed-data) ``` php spark migrate php spark db:seed Ci4msDefaultsSeeder # You will be prompted for your name, email, and password php spark create:route # Generates the default routes file php spark key:generate # Creates an encryption key ``` The seeder provisions an active administrator account (group\_id=1) and populates the initial module records. ### Run the Dev Server [](#run-the-dev-server) ``` php spark serve ``` Access the backend via: `https:///backend` Directory Layout ---------------- [](#directory-layout) - `app/Controllers/Home.php` — Handles front-end pages, blog listings, details, and comments. - `app/Libraries/` — Shared helpers (email, SEO, shortcodes). - `app/Commands/` — CLI tooling (`make:a*`, `create:route`). - `app/Filters/Ci4ms.php` — Install guard, maintenance mode redirect, menu cache. - `modules/*` — Each module includes its own `Config/Routes.php`, `Controllers`, `Models`, `Views`, `Language`, `Libraries`, `Filters`. - `public/templates/` — Theme assets; each theme requires `info.xml` and `screenshot.png`. - `writable/` — Cache, logs, temporary files. Modules ------- [](#modules) ModulePurposeHighlightsAuthAuthentication lifecycleCAPTCHA, email activation, reset tokensBackendAdmin shellDashboard stats, shared base controllerBlogBlog CRUDCategories, tags, comments, bad-word filtersPagesStatic page managementSEO fields, inline shortcode parsingMenuMenu builderDrag-and-drop ordering, slug helpersMediaMedia managerelFinder integration, optional WebP conversionFileeditorProject file editorSafe read/write/rename/move/deleteSettingsSystem configurationCompany/social/mail settings, encrypted SMTP passwordUsersUser & role managementGroup-based permissions, reset trackingMethodsRoute → permission mappingModule toggling, router scanLogsLog viewerBrowses CodeIgniter log files inside the backendModulesInstallerModule ZIP installerUpload + cache invalidationThemeTheme managerZIP upload, duplicate folder checksInstallWeb installerCreates `.env`, triggers migrationsBackupDatabase backup managerCreate, download, and restore backupsSee `docs/architecture.md` for deeper architectural notes. CLI Commands ------------ [](#cli-commands) - `php spark make:module Blog` — Scaffolds a module (`Config`, `Controllers`, `Views`, language files, etc.). - `php spark make:acontroller Example` — Generates a backend controller template. - `php spark make:amodel Example` — Generates a backend model (with options for table, return type). - `php spark make:abview dashboard` — Generates a backend view from the AdminLTE template. - `php spark create:route` — Rebuilds `app/Config/Routes.php` from the template. - Standard CodeIgniter commands: `php spark migrate`, `php spark db:seed`, `php spark cache:clear`, etc. Developer Notes --------------- [](#developer-notes) - **Cache keys**: `settings` (24h), `menus` (menu tree, 24h), `{userId}_permissions`. Clear with `php spark cache:clear` or `cache()->delete()`. - **Base controller**: Extend `Modules\Backend\Controllers\BaseController` for new backend controllers; it prepares session user, navigation, mail settings, and shared data. - **Permissions**: Remember to register new secured routes in `Modules\Methods` (or via the database) so the permission filter recognizes them. The backend log viewer lives under `/backend/logs` and follows the same permission model. - **Slug generation**: `seflink()` handles transliteration (including Turkish characters). - **Form security**: Global CSRF is enabled; backend AJAX endpoints opt out via `BackendConfig::$csrfExcept`. - **Comment moderation**: `CommonLibrary::commentBadwordFiltering` handles bad word filtering and moderation rules. - **Theme uploads**: Each theme must include `info.xml` and `screenshot.png`; missing files trigger a backend warning. Testing & Maintenance ------------------------- [](#testing--maintenance) - `composer test` - Add coding standards or static analysis as needed (not included by default). - **Maintenance mode**: When `settings.maintenanceMode.scalar == 1`, the `Ci4ms` filter redirects visitors to `maintenance-mode`. - **Security**: `Fileeditor` and `Media` enforce `realpath` guards. Limit access in production environments. Additional docs --------------- [](#additional-docs) - `docs/architecture.md` — Architecture, flow, permissions, and extension guidance. Questions or contributions? Open an issue or pull request. 🏆 Security Hall of Fame ----------------------- [](#-security-hall-of-fame) A huge thank you to the security researchers who have helped make **ci4ms** more secure by finding and reporting vulnerabilities. ContributorContributionDate**[Lars van Mil](https://github.com/Far-Horizons)**Identified Critical RCE and Information Disclosure vulnerabilities.Jan 2026**[0xAlchemist](https://github.com/bugmithlegend)**Identified Stored DOM XSS vulnerabilities leading to Account Takeover.Feb 2026**[peeefour](https://github.com/peeefour)**Identified Stored DOM XSS vulnerabilities leading to Account Takeover.Feb 2026**[Hunter.](https://github.com/LAW6ZX7)**Identified Critical Stored XSS in Backend & Blog modules allowing Session Hijacking.Feb 2026**[m1scher](https://github.com/m1scher)**Assisted with vulnerability triaging and security testing.Feb 2026**[alpernae](https://github.com/alpernae)**Assisted with vulnerability triaging and security testing.Feb 2026> If you find a security vulnerability, please report it via [Security Policy](SECURITY.md). ### Health Score 50 — FairBetter than 95% of packages Maintenance93 Actively maintained with recent releases Popularity25 Limited adoption so far Community11 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~18 days Total 49 Last Release 40d ago PHP version history (3 changes)0.21.0PHP ^7.4 || ^8.0 0.21.3.7PHP ^8.1 0.31.0.0PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/5c4d6d3907dd5bf7ac598582e52c35e8888399f733558a11f249fa4744e2fa0f?d=identicon)[bertugfahriozer](/maintainers/bertugfahriozer) --- Top Contributors [![bertugfahriozer](https://avatars.githubusercontent.com/u/20905215?v=4)](https://github.com/bertugfahriozer "bertugfahriozer (135 commits)") --- Tags admin-dashboardauthenticationauthorizationblog-enginecli-toolscmscodeigniter-templatecodeigniter4composer-packagecontent-management-systemfile-managermariadbmodular-cmsmysqlphprbacrolesseo-toolstheme-managementuser-management ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ci4-cms-erp-ci4ms/health.svg) ``` [![Health](https://phpackages.com/badges/ci4-cms-erp-ci4ms/health.svg)](https://phpackages.com/packages/ci4-cms-erp-ci4ms) ``` ### Alternatives [simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M190](/packages/simplesamlphp-simplesamlphp)[getkirby/cms The Kirby core 1.5k535.5k350](/packages/getkirby-cms)[codeigniter4/shield Authentication and Authorization for CodeIgniter 4 417372.4k21](/packages/codeigniter4-shield)[agungsugiarto/boilerplate CodeIgniter4 Boilerplate based on AdminLTE 3 with user management, roles, permissions, ... 1647.7k](/packages/agungsugiarto-boilerplate)[agungsugiarto/codeigniter4-authentication Provides an API for authentication and includes concrete authentication adapters for common use case scenarios 494.5k2](/packages/agungsugiarto-codeigniter4-authentication)[casbin/codeigniter-permission Associate users with roles and permissions, use Casbin in CodeIgniter4 Web Framework. 443.0k](/packages/casbin-codeigniter-permission) PHPackages ÂĐ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)