By Matt 1k views [Edit this page]

Mahal CMS

A closed source content management system with extensive image privacy features.

Status: Beta. Not suitable for production.
Updated: 19th May 2022
Linux distro: AlmaLinux
Dependencies: Apache with mod rewrite, PHP 7+, cURL, JSON, 2 MYSQL Databases, SMTP Server, Laravel.


Built in Core PHP & Laravel, Mahal CMS started as a simple way to publish my photos & is now a full featured CMS with extensive privacy options.

Authors have full control over what they share on a page, where they share to & exactly how much of it they share.


  • Thursday 19th May 2022 Adjust/fix "Sort Order" positioning glitch. Fix incorrect naming convention of images (image vs images) using $total_photos. Fix misaligned styles. Increase content font size. Fix invisible text in dark theme.
  • 10th April 2022 Made shortcut to save pages (CTRL+S)
  • 9th April 2022 Fixed minor security issue in tags. Made /tag/ 404 if it doesn't exist.
  • 8th April 2022 Shortened the private access request, auto generated URL.
  • 8th April 2022 Fixed broken contact form, upgraded security & added CC feature.
  • 8th April 2022 Used ENT_QUOTES to fix bug on edit page in admin.
  • 5th December 2021 Fixed bug where private pages are previewing on tags.
  • 4th Sept 2021 Fixed long words overflow causing mobile theme to break.
  • 1st Sept 2021 Fixed bug where related author suggestions were not displaying when "show padlock" setting is selected.
  • 23rd Aug 2021 Started work on automated root page categories.
  • 20th Aug 2021 Admin update: Redirection system no longer requires page ID (supports raw URLs). Included current redirects on page edit for convenience.
  • 11th Aug 2021 Re-wrote Private Link Share feature from old harcoded system.
  • 11th Aug 2021 Fixed map Zoom bug in Admin.
  • 10th Aug 2021 Made a check for numeric page ID's (not allowed)
  • 10th Aug 2021 Re-wrote maps function from old hardcoded system.
  • 2nd Jul 2021 Created URL redirection system. Old URL now redirects to new URL automatically.
  • 2nd Aug 2021 Upgraded page views readabililty. E.g 1000 views reads as 1k views, 1000000 views reads as 1m views.
  • 1st Aug 2021 Added ability for visitors to change sort order of photos. Authors can also select default sort order for their page.
  • 21st July 2021 - Fixed VPN detector
  • 20th July 2021 - Added honeypot to Contact form & made security challenge easier.
  • 19th July 2021 - created secure contact form that can be added to any page with a simple checkbox.
  • 10th July 2021 (Fix) Relaxed MYSQL table length rules.
  • Added MP3 file upload support & ability to stream/download MP3's from pages.
  • Created automated tag system, e.g
  • Modified routing behavior for certain 404 errors
  • Features

  • Short URL support - Page URL can be independent of default category URL structure (user selectable). Good for SEO.
  • Smart routes handler manages, written from the ground up.

  • Photos
  • Change position of photos in gallery.
  • Set captions on Photos.
  • Set custom header photo.
  • Set custom page thumb (can differ from header).
  • Adjust header image size
  • Make all or some photos private on a page, only users with granted permissions by author can view
  • Display low or full res images. (Prevents bots from scalping full res images and/or promotes user to login to view high res.

  • Videos
  • Display Youtube videos by pasting ID
  • Change Youtube video gallery style (big/small)
  • Set custom caption of Youtube gallery

  • Page & Privacy
  • Make the entire page public, private or unlisted (like Youtube videos).
  • Author can grant permissions to certain people/groups to view their private page Note: Admin only while in beta

  • Tags
  • Type a word under tags & links are automatically generated to show pages with the same word

  • Smart features
  • Related category content is suggested automatically. (Can be disabled)
  • Related author content is suggested automatically. (Can be disabled)
  • Author can choose to hide/show their page from being suggested on other pages.
  • Note: By default, private pages will not be suggested to guests.
  • Note: Private pages can be shown as a padlock. (Tempt guests to signup/login).
  • Note: Users logged in with appropriate permission level (granted by author) can view related content suggestions that are excluded to guests.
  • Ability to rename categories without effecting URL structure.
  • Change thumb height both in page settings & category settings

  • Membership
  • Traditional signup/login
  • Facebook signup/login
  • Self password/email reset/change
  • Set custom profile
  • Upload avatar
  • Moderators & Admins can assign custom permissions to users (i.e to view private pages)

  • Comments
  • Thumbs up/down
  • Sort by newest or popularity
  • Ability to delete your own comment (within x time period), after that, cannot be self deleted
  • Admins/mods can delete / edit comments
  • Ability to use Facebook Comments plugin instead of built-in comments (FB users don't need to login)

  • Theme
  • Guests can change page theme (dark/light)
  • Authors of page can force dark theme for their page

  • Security
  • Bcrypt password hashing.
  • Encrypted cookies.
  • XSS and CSRF attack preventions.
  • Exhaustive input validation

  • Statistics
  • Display number of people online (shows as stick figures in footer)
  • Display page load time
  • All actions logged for users navigating Admin area.

  • Location Tracker
    Used to track & record your own location. Requires login.
  • Track & store location & address on a map.
  • Store time spent at location.
  • Show all locations ever tracked on a map.
  • Allow public tracking (share a link to let people track you - not recommended but handy if your in danger)
  • To do

    In the near future (easy):
  • Improve Dark theme compatibility
  • Improve CSS styling for suggested content
  • Require login for direct MP3 path
  • Back end: Check for duplicate URL before creating page
  • Back end: Fix bug where single letters show full matches in Tags
  • Integrate Maps API
  • Provide ability to allow only certain regions to view your page. (Uses locations tracker).

  • In the not so near future (head ache):
  • Structured data & rating system
  • Allow users to change URL of page + remember old URL(s) & handle them in a way that they don't 404
  • Fix VPN detector (give authors the ability to disallow VPN visitors to view their page) - can protect against some bots & spiders. ✓
  • Auto generate sitemap according to privacy settings
  • Pay to view functionality

  • Long term (Migraine):
  • Front end birthday / create a skin system.