By Matt 1k views [Edit this page]

Mahal CMS

A closed source content management system providing extensive privacy options.

Version: v2.34 beta
Author: Matt Londrigan
Updated: 20th July 2021
Linux distro: AlmaLinux

Minimum requirements: Apache with mod_rewrite enabled, PHP 7+, cURL, JSON, 2 MYSQL Databases, SMTP Server, Laravel.


Built in-house, written in Core PHP & Laravel, Mahal CMS started as a simple way to publish my photos & is now an advanced CMS with extensive privacy features.

Authors have full control over their content. The entire page can be made public, private, or partially private, making certain photos hidden, requiring login & correct permission level to access them.

This suits users wanting to promote certain photos & have Google index them, while keeping sensitive or personal photos private on the same page.


  • 5th December 2021 Fixed bug where private pages are previewing on tags.
  • 4th Sept 2021 Fixed long words overflow causing mobile theme to break.
  • 1st Sept 2021 Fixed bug where related author suggestions were not displaying when "show padlock" setting is selected.
  • 23rd Aug 2021 Started work on automated root page categories.
  • 20th Aug 2021 Admin update: Redirection system no longer requires page ID (supports raw URLs). Included current redirects on page edit for convenience.
  • 11th Aug 2021 Re-wrote Private Link Share feature from old harcoded system.
  • 11th Aug 2021 Fixed map Zoom bug in Admin.
  • 10th Aug 2021 Made a check for numeric page ID's (not allowed)
  • 10th Aug 2021 Re-wrote maps function from old hardcoded system.
  • 2nd Jul 2021 Created URL redirection system. Old URL now redirects to new URL automatically.
  • 2nd Aug 2021 Upgraded page views readabililty. E.g 1000 views reads as 1k views, 1000000 views reads as 1m views.
  • 1st Aug 2021 Added ability for visitors to change sort order of photos. Authors can also select default sort order for their page.
  • 21st July 2021 - Fixed VPN detector
  • 20th July 2021 - Added honeypot to Contact form & made security challenge easier.
  • 19th July 2021 - created secure contact form that can be added to any page with a simple checkbox.
  • 10th July 2021 (Fix) Relaxed MYSQL table length rules.
  • Added MP3 file upload support & ability to stream/download MP3's from pages.
  • Created automated tag system, e.g
  • Modified routing behavior for certain 404 errors
  • Features

  • Short URL support - Page URL can be independent of default category URL structure (user selectable). Good for SEO.
  • Routes handler manages URL redirect to database, actual pages don't exist on file system.

  • Photos
  • Change position of photos in gallery.
  • Set captions on Photos.
  • Set custom header photo.
  • Set custom page thumb (can differ from header).
  • Adjust header image size
  • Make all or some photos private on a page, only users with granted permissions by author can view
  • Display low or full res images. (Prevents bots from scalping full res images and/or promotes user to login to view high res.

  • Videos
  • Display Youtube videos by pasting ID
  • Change Youtube video gallery style (big/small)
  • Set custom caption of Youtube gallery

  • Page & Privacy
  • Make the entire page public, private or unlisted (like Youtube videos).
  • Author can grant permissions to certain people/groups to view their private page Note: Admin only while in beta

  • Tags
  • Type a word under tags & links are automatically generated to show pages with the same word

  • Smart features
  • Related category content is suggested automatically. (Can be disabled)
  • Related author content is suggested automatically. (Can be disabled)
  • Author can choose to hide/show their page from being suggested on other pages.
  • Note: By default, private pages will not be suggested to guests.
  • Note: Private pages can be shown as a padlock. (Tempt guests to signup/login).
  • Note: Users logged in with appropriate permission level (granted by author) can view related content suggestions that are excluded to guests.
  • Ability to rename categories without effecting URL structure.
  • Change thumb height both in page settings & category settings

  • Membership
  • Traditional signup/login
  • Facebook signup/login
  • Self password/email reset/change
  • Set custom profile
  • Upload avatar
  • Moderators & Admins can assign custom permissions to users (i.e to view private pages)

  • Comments
  • Thumbs up/down
  • Sort by newest or popularity
  • Ability to delete your own comment (within x time period), after that, cannot be self deleted
  • Admins/mods can delete / edit comments
  • Ability to use Facebook Comments plugin instead of built-in comments (FB users don't need to login)

  • Theme
  • Guests can change page theme (dark/light)
  • Authors of page can force dark theme for their page

  • Security
  • Bcrypt password hashing.
  • Encrypted cookies.
  • XSS and CSRF attack preventions.
  • Exhaustive input validation

  • Statistics
  • Display number of people online (shows as stick figures in footer)
  • Display page load time
  • All actions logged for users navigating Admin area.

  • Location Tracker
    Used to track & record your own location. Requires login.
  • Track & store location & address on a map.
  • Store time spent at location.
  • Show all locations ever tracked on a map.
  • Allow public tracking (share a link to let people track you - not recommended but handy if your in danger)
  • To do

    In the near future (easy):
  • Improve Dark theme compatibility
  • Improve CSS styling for suggested content
  • Require login for direct MP3 path
  • Back end: Check for duplicate URL before creating page
  • Back end: Fix bug where single letters show full matches in Tags
  • Integrate Maps API
  • Provide ability to allow only certain regions to view your page. (Uses locations tracker).

  • In the not so near future (head ache):
  • Structured data & rating system
  • Allow users to change URL of page + remember old URL(s) & handle them in a way that they don't 404
  • Fix VPN detector (give authors the ability to disallow VPN visitors to view their page) - can protect against some bots & spiders.
  • Auto generate sitemap according to privacy settings
  • Pay to view functionality

  • Long term (Migraine):
  • Front end birthday / create a skin system.