Search by 
evgip / w3a
A custom modular PHP MVC forum matching the HMVC pattern.
Maintainers
v0.2.1-alpha
2026-06-21 13:17 UTC
Requires
- php: >=8.0
- erusev/parsedown: ^1.8
- phpmailer/phpmailer: ^7.1.1
This package is auto-updated.
Last update: 2026-06-25 01:45:34 UTC
README
π·πΊ Π ΡΡΡΠΊΠΈΠΉ | π¬π§ English
A modern, lightweight news aggregator built with PHP 8.1+ and MySQL, inspired by Hacker News and Lobste.rs. Features a modular HMVC architecture, a custom DI container, an event-driven system, real-time updates, and comprehensive moderation tools.
π Features
Core Functionality
- News Stories β Submit stories with a URL or plain text
- Threaded Comments β Nested, infinitely replyable comment trees
- Voting System β Upvote / downvote stories and comments; downvotes require minimum karma
- User Authentication β Registration, login, "Remember me", email activation, password recovery
- User Profiles β Bio, avatar, activity feed, submitted stories, comment history
- Private Messages β One-to-one conversations between users
- Notifications β In-app notifications for replies, comments on followed stories, moderator actions
Ranking & Discovery
- Hotness Algorithm β Custom ranking formula combining vote score, age, and per-tag weight modifiers
- Wilson Score Interval β Statistically sound confidence ranking for comments
- Tag System β Stories can be tagged; tags belong to categories
- Tag Filters β Users can hide stories by tags they don't want to see
- Full-text Search β Search across stories and comments
- Read Ribbons β Track which comments you've already read; highlights new ones
Moderation & Trust
- Invitation System β Toggle open registration on/off; only users with enough karma can send invites
- Flag / Report System β Users can flag content (spam, offensive, duplicate, etc.); auto-hides at threshold
- Domain Management β Ban entire domains; stories from banned domains are auto-rejected
- User Bans β Temporary or permanent bans with reason, issued by moderators
- IP Bans β Block abusive IP addresses
- Moderator Notes β Private notes attached to user accounts, visible only to staff
- Moderator Activity Log β Daily statistics of moderation actions
- Audit Log β Full trail of every administrative action
Architecture & DX
- DI Container β Lightweight service container for dependency injection
- Event Dispatcher β Observer pattern:
StoryCreated,CommentCreated,UserBanned,FlagResolved, etc. - Middleware Pipeline β HTTP middleware for auth, CSRF, rate-limiting, security headers
- Modular HMVC β Each feature is a self-contained module (Controllers / Models / Views / routes)
- Service Providers β Per-module service registration
Security
- Password Hashing β bcrypt with automatic salt
- CSRF Protection β Token validation on every state-changing form
- SQL Injection Prevention β PDO prepared statements everywhere
- XSS Protection β Output escaping via
htmlspecialchars() - Rate Limiting β Configurable per-action, per-IP limits
- Session Security β HTTP-only cookies, session regeneration
- Input Validation β Server-side validation on every endpoint
- Security Headers β Strict-Transport-Security, X-Frame-Options, etc.
- CAPTCHA β Built-in CAPTCHA for sensitive actions
- Firewall β Request filtering and IP reputation checks
User Experience
- Responsive Design β Mobile-friendly layout
- Dark Mode β System-aware theme switching
- Keyboard Shortcuts β Power-user navigation
- Markdown Support β Rich text formatting in comments and stories (via Parsedown)
- User Settings β Granular notification preferences (email, in-app, per-event)
π οΈ Technology Stack
| Component | Technology |
|---|---|
| Backend | PHP 8.1+ (no framework, custom HMVC + DI) |
| Database | MySQL 8.0+ with PDO |
| Frontend | Vanilla JavaScript, CSS3 |
| Architecture | Modular HMVC, Event Dispatcher, Service Provider |
| PHPMailer 7.x | |
| Markdown | Parsedown 1.8+ |
| Security | CSRF tokens, rate limiting, bcrypt, CAPTCHA |
| Server | Apache / Nginx with URL rewriting |
π¦ Installation
Install via Composer:
composer create-project evgip/w3a
Requirements
- PHP 8.1 or higher
- MySQL 8.0 or higher
- Apache / Nginx with URL rewriting enabled
- Composer (optional, for development)
Step 1 β Clone the Repository
git clone https://github.com/evgip/w3a.git
cd w3a
Step 2 β Creating a database
- Create a MySQL database:
CREATE DATABASE w3a CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
- Import the schema:
mysql -u your_username -p w3a < db/schema.sql
Step 3 β Configure the Application
Rename the .env.example file to .env and fill it in.
Step 4 β Set Permissions
chmod -R 755 storage/ chmod -R 755 public/
Step 5 β Configure the Web Server
Apache (.htaccess is included):
RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [QSA,L]
Nginx:
location / { try_files $uri $uri/ /index.php?$query_string; }
Step 6 β Default Accounts
| Role | Password | |
|---|---|---|
| Admin | admin@example.com | password |
| User | test@test.ru | password |
β οΈ Change these credentials immediately after the first login.
π Project Structure
w3a/
βββ app/
β βββ Config/
β β βββ config.php # Application settings
β βββ Core/
β β βββ Container.php # DI container
β β βββ Router.php # URL routing
β β βββ Controller.php # Base controller
β β βββ Model.php # Base model
β β βββ Database.php # PDO wrapper
β β βββ Session.php # Session management
β β βββ Request.php # HTTP request handling
β β βββ Security.php # Security headers
β β βββ View.php # Template rendering
β β βββ Validator.php # Input validation
β β βββ Audit.php # Audit logging
β β βββ RateLimiter.php # Rate limiting
β β βββ Firewall.php # Request firewall
β β βββ Logger.php # Application logger
β β βββ Benchmark.php # Performance benchmarking
β β βββ SvgChart.php # SVG chart generator
β β βββ ModuleServiceProvider.php
β β βββ Events/ # Event system
β β β βββ Event.php
β β β βββ EventDispatcher.php
β β β βββ StoryCreated.php
β β β βββ StoryDeleted.php
β β β βββ CommentCreated.php
β β β βββ CommentDeleted.php
β β β βββ UserBanned.php
β β β βββ FlagResolved.php
β β β βββ ...
β β βββ Middleware/ # HTTP middleware
β β
β βββ Providers/
β β βββ EventServiceProvider.php
β β
β βββ Lang/ # Localization files
β β
β βββ Modules/ # Feature modules (HMVC)
β β βββ Admin/ # Administration panel
β β βββ Stories/ # News stories
β β βββ Auth/ # Auth
β β βββ Captcha/ # Captcha/
β β βββ Content/ # Markdown
β β βββ Mail/ # Mail
β β βββ Comments/ # Comments
β β βββ Votes/ # Voting system
β β βββ Tags/ # Tags & categories
β β βββ Users/ # User profiles & settings
β β βββ Messages/ # Private messages
β β βββ Notifications/ # User notifications
β β βββ Flags/ # Content reporting
β β βββ Invitations/ # Invitation system
β β βββ Origins/ # Domain management
β β βββ Moderations/ # Moderation tools
β β βββ Search/ # Full-text search
β β βββ Pages/ # Static pages
β β βββ Errors/ # Error handling
β β βββ Common/ # Shared views & components
β β
β βββ helpers.php # Global helper functions
β
βββ public/ # Web root
β βββ index.php # Entry point
β βββ css/
β βββ js/
β βββ images/
β
βββ storage/ # Writable storage
β βββ logs/ # Application logs
β βββ cache/ # Cache files
β
βββ db/
β βββ schema.sql # Database schema
β
βββ composer.json
βββ README.md
π Database Schema
Content
| Table | Description |
|---|---|
stories |
News stories (URL or text), with hotness score |
comments |
Threaded comments with confidence score |
votes |
Polymorphic upvotes / downvotes |
tags |
Tag definitions with hotness modifier |
taggings |
Many-to-many link between stories and tags |
categories |
Tag categories |
tag_filters |
Per-user tag exclusions |
Users & Auth
| Table | Description |
|---|---|
users |
User accounts (role: user / moderator / admin) |
user_profiles |
Bio, avatar |
user_settings |
Notification preferences |
user_bans |
Temporary / permanent bans |
banned_ips |
IP-based blocks |
password_resets |
Password recovery tokens |
email_activations |
Email verification tokens |
invitations |
Invitation codes |
invitation_requests |
Public invite requests |
Social
| Table | Description |
|---|---|
conversations |
Private message threads |
messages |
Individual messages |
user_notifications |
In-app notifications |
read_ribbons |
Tracks last-read comment per story |
Moderation
| Table | Description |
|---|---|
flags |
Content reports (spam, offensive, etc.) |
domains |
Banned / allowed domains |
mod_notes |
Private moderator notes on users |
mod_activity |
Daily moderation action counts |
audit_logs |
Full administrative audit trail |
Infrastructure
| Table | Description |
|---|---|
sessions |
Active user sessions |
rate_limits |
Rate-limiting counters |
See db/schema.sql for the complete schema with indexes and foreign keys.
π€ Contributing
Contributions are welcome!
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
π License
This project is licensed under the MIT License β see the LICENSE file for details.
π Acknowledgments
- Inspired by the functionality and design of Hacker News and Lobste.rs
- Speed and simplicity of the HLEB framework philosophy
- Built with vanilla PHP β no heavy frameworks
- Modular HMVC architecture with DI and events
π§ Contact
- Author: Evgeny Konchik (Evg)
- Repository: https://github.com/evgip/w3a
- Issues: https://github.com/evgip/w3a/issues
β If you find this project useful, please consider giving it a star on GitHub!