Production-ready authentication framework that saves you weeks of development. Features enterprise-grade security: 2FA/TOTP, LDAP integration, intelligent rate limiting, session fingerprinting, brute-force protection, security analytics dashboard, comprehensive audit logging, and granular role-based access control. Start building features, not infrastructure.
📚 Documentation • 🧑💻 Developer Documentation • 🐛 Bug Reports • 💬 Discussions
|
|
|
|
The easiest way to run SecStore - Production-ready in under 60 seconds:
# Clone repository
git clone https://github.com/madcoda9000/SecStore.git
cd SecStore
# Configure environment (optional - adjust database passwords)
cp .env.example .env
# Start containers
docker-compose up -d
# Open browser
http://localhost:8000🎉 Done! Follow the web-based setup wizard to configure your database and admin account.
What you get:
- ✅ PHP 8.3 with all required extensions
- ✅ MySQL 8.0 database
- ✅ phpMyAdmin for database management
- ✅ Persistent storage for config, cache, and logs
- ✅ Automatic setup with one command
Full Docker documentation: 📖 README_DOCKER.md
For custom environments or when Docker is not available:
# Clone repository
git clone https://github.com/madcoda9000/SecStore.git
cd SecStore
# Run automatic setup script
chmod +x secstore_setup.sh && ./secstore_setup.sh
# Configure application
cp config.php_TEMPLATE config.php
# -> Edit config.php with your database credentials
# Start development server
php -S localhost:8000 -t public🎉 Done! SecStore is running at http://localhost:8000
Default Login: super.admin / Test1000! (
For detailed manual installation: 📖 INSTALL.md
SecStore is designed as a boilerplate for building custom web applications with modern security features built-in.
Learn to extend SecStore with custom pages, controllers, and features
Complete step-by-step guide with practical examples
- 🔧 Development environment setup
- 📄 Creating Latte templates and controllers
- 🛣️ Adding routes and navigation
- 💾 JavaScript integration (CSP-compliant)
- 🌍 Multilingual support implementation
🔐 Authentication & Security
- ✅ Multi-Factor Authentication (MFA/2FA) with TOTP standard
- ✅ LDAP integration for enterprise connectivity
- ✅ Azure / Entra ID SSO for enterprise connectivity
- ✅ Session security with fingerprinting and auto-regeneration
- ✅ Brute-force protection with intelligent blocking mechanisms
- ✅ Password security with BCRYPT hashing (60 characters)
- ✅ CSRF protection for all forms
- ✅ Content Security Policy (CSP) against XSS attacks
⚡ Rate Limiting & DOS Protection
- ✅ Granular rate limiting with scope-based limits
- ✅ Real-time statistics and violation tracking
- ✅ Intelligent throttling based on action sensitivity
- ✅ Admin whitelist functions
- ✅ Automatic cleanup and block management
👥 User Management
- ✅ Role-based access control (RBAC)
- ✅ Flexible user management with admin interface
- ✅ Bulk actions (Enforce and Unenforce 2fa, delete, Enable and Disable)
- ✅ Self-service profile management
- ✅ Password reset via email (can be enabled/disbaled)
- ✅ Registration system (can be enabled/disabled)
- ✅ 2FA enforcement per user by admins
📊 Monitoring & Logging
- ✅ Security dashboard with Login Analytics (Heatmap, Hourly, Weekly, Pattern detection)
- ✅ Comprehensive logging (Audit, Security, System, Mail, DB)
- ✅ Log categories with granular configuration
- ✅ Violation tracking and threat intelligence
- ✅ Performance metrics and system health
🎨 User Experience
- ✅ Dark/Light theme with automatic detection
- ✅ Multi-language (German/English)
- ✅ Intuitive admin interface
- ✅ Mobile first every page is mobile optimized
🖼️ Show more screenshots
| Admin Area | Security Dashboard |
|---|---|
 |
 |
| Rate Limiting | Audit Logs |
|---|---|
 |
 |
| Settings | Registration |
|---|---|
 |
 |
| Backend |   |
| Frontend |   |
| Database |   |
| Security |    |
| Tools |   |
🐳 Using Docker? Skip these requirements! Docker handles everything automatically.
See README_DOCKER.md for Docker installation.
For manual installation:
| Component | Minimum | Recommended |
|---|---|---|
| PHP | 8.3+ | 8.3+ (latest) |
| MySQL/MariaDB | 8.0+ / 10.4+ | 8.0+ / 10.6+ |
| Webserver | Apache 2.4 / Nginx 1.18 | Apache 2.4+ / Nginx 1.20+ |
| RAM | 512 MB | 1 GB+ |
| Storage | 100 MB | 500 MB+ |
SecStore follows a Model-View-Controller (MVC) architecture with additional middleware and utility layers for enhanced security.
SecStore/
├── 📁 app/ # Core Application
│ ├── Controllers/ # MVC Controllers
│ ├── Models/ # Data Models (Paris ORM)
│ ├── Utils/ # Helper Classes (Session, Log, Security, etc.)
│ ├── Middleware/ # Request Middleware (CSRF, Auth, Rate Limiting)
│ ├── views/ # Latte Templates
│ └── lang/ # Translations (DE/EN)
├── 📁 public/ # Web Root (Entry Point)
│ ├── index.php # Application Bootstrap
│ ├── css/ # Stylesheets
│ └── js/ # JavaScript Files
├── 📁 Documentation/ # Project Documentation
│ ├── ARCHITECTURE.md # Complete architecture documentation
│ ├── INSTALL.md # Installation Guide
│ ├── DEVDOC.md # Developer Guide
│ ├── SECURITY.md # Security Policy
│ └── CHANGELOG.md # Version History
├── 📁 database/ # Database Schema Files
├── 📁 tests/ # PHPUnit Tests (Unit & Integration)
├── 📁 cache/ # Template Cache
├── config.php # Main Configuration
└── composer.json # Dependencies
- MVC Pattern - Clean separation of concerns
- Middleware Stack - Rate Limiting → CSRF → Authentication → Authorization
- Security-First - Session fingerprinting, CSRF tokens, input validation
- Extensible - Easy to add custom controllers, models, and utilities
- CSP-Compliant - No inline scripts or styles
📖 For complete architecture details, request lifecycle, and extension guide:
👉 ARCHITECTURE.md
SecStore is designed as a boilerplate for building custom web applications with modern security features built-in.
# Install dependencies with dev tools
composer install
# Install Git hooks for code quality
./setup-hooks.sh
# Start development server
php -S localhost:8000 -t publicEverything you need to extend SecStore:
👉 DEVDOC.md - Complete step-by-step developer documentation
What's inside:
- 🔧 Development environment setup & tools
- 📄 Creating custom pages, controllers, and models
- 🛣️ Adding routes and navigation
- 💾 CSP-compliant JavaScript integration
- 🌍 Multilingual support implementation
- 🧪 Testing strategies and best practices
- 📚 Code quality guidelines and Git workflow
We welcome contributions! 🎉
- Fork the repository
- Create a feature branch
- Follow the guidelines in DEVDOC.md
- Open a Pull Request
Coding Standards:
- ✅ PSR-12 compliant PHP code
- ✅ Conventional Commits (use
./quick-commit.sh) - ✅ Tests for new features
- ✅ Update documentation
| Document | Description |
|---|---|
| 🏗️ ARCHITECTURE.md | Complete technical architecture and request lifecycle |
| 📖 INSTALL.md | Complete manual installation and setup guide |
| 🐳 README_DOCKER.md | Docker installation guide (recommended) |
| 📘 HANDBOOK.md | Complete Handbook for Users & Adminstrators |
| 🧑💻 DEVDOC.md | Developer guide for extending SecStore |
| 🧪 TESTING.md | Testing strategy and pragmatic approach |
| 🔒 SECURITY.md | Security policies and vulnerability reporting |
| 📝 CHANGELOG.md | Version history and release notes |
| 🔍 GIT_HOOKS.md | Git hooks setup and usage guide |
Can SecStore be used in production?
Yes! SecStore was built for production environments and implements modern security standards. See SECURITY.md for details.
Does SecStore support Single Sign-On (SSO)?
Through LDAP integration, you can connect SecStore to existing SSO solutions. Native SAML/OAuth2 support is planned.
How can I contribute to the project?
We welcome issues, pull requests, documentation, and feature suggestions! See our contributing guidelines above.
If you like SecStore, give us a ⭐ on GitHub! This motivates us to continue working on the project.
Built with ❤️ for the open-source community