Installation

This article walks you through installing Scriptlog from scratch. It covers both installation methods, the browser-based setup wizard, file permissions, and the configuration files the installer generates. Follow the steps in order and you will have a working installation by the end.

Requirements

Before you start, make sure your server meets these minimum requirements. PHP 7.4 or higher, MySQL 5.7+ or MariaDB 10.3+, Apache or Nginx (latest stable), and Composer (latest stable).

Your PHP installation also needs these extensions enabled: pdo, pdo_mysql, json, mbstring, and curl. Most shared hosting environments have all of these active by default. If you are on a VPS, run php -m to check.

Installation Methods

There are two ways to get Scriptlog onto your server.

Option 1: Clone from GitHub

This is the recommended approach for most developers.

git clone https://github.com/ScriptLog/scriptlog.git
cd scriptlog
composer install

After Composer finishes, set the correct permissions:

chmod -R 755 public/
chmod -R 755 public/cache/ public/log/

The public/cache/ and public/log/ directories need to be writable by the web server user. Without this, the application will throw errors on first load.

Option 2: Install via Composer from Packagist

Use this if you want to pull Scriptlog as a dependency into an existing project.

mkdir my-scriptlog
cd my-scriptlog
composer init --name="my/scriptlog" --type=project --no-interaction
composer require cakmoel/scriptlog:dev-develop --prefer-stable

Alternatively, add "minimum-stability": "dev" and "prefer-stable": true to your composer.json, then run composer require cakmoel/scriptlog.

The package installs into the vendor/ directory. The application entry point is in the src/ directory.

Running the Application Locally

For local development, PHP's built-in server is the quickest way to get started:

cd /path/to/your-project
php -S localhost:8080 -t src

Then open http://localhost:8080 in your browser.

The -t src flag is required. It tells the built-in server that src is the document root. Without it, the server cannot find index.php and will return a "Failed to open stream" error.

On Linux and macOS, confirm the web server user has write access to public/cache/ and public/log/ before continuing.

Option 3: Download a Zip or Tar File

You can download production-ready file (zip or tar) file from sourceforge.net. 

Extract  or  Unzip your downloaded file to your web server.  

Next, before we go further. Make sure you have created a Database for Scriptlog on your Web Server, as well as MySQL ( or MariaDB) user who has all privileges for accessing and modifying it. 

The Setup Wizard

Once the application is downloaded, open http://localhost:8080/install/ in your browser. The wizard runs in four steps.

Step 1: System Requirements Check

install/index.php scans your environment and reports whether each requirement is met. This includes PHP version, required extensions, and directory permissions. Fix anything flagged as a failure before moving on. Warnings can sometimes be ignored, failures cannot.

Step 2: Database Setup

install/setup-db.php asks for your database connection details and creates the 21 tables Scriptlog needs to operate. Have the following ready: database host (usually localhost), database name, username and password, port (default 3306), and an optional table prefix.

The installer runs all table creation queries using the definitions in install/include/dbtable.php. If the connection fails at this step, double-check your credentials and confirm the database exists before retrying.

Step 3: Finish Setup

install/finish.php completes the process. It writes your configuration to config.php and .env, generates the application key, and creates the Defuse encryption key used for authentication cookies. At the end of this step you will be given the admin login details.

Delete the Install Directory

As soon as the wizard finishes, delete the entire install/ directory from your server. Do not skip this step.

rm -rf install/

Leaving it in place means anyone who visits /install/ on your domain can re-run the setup wizard and overwrite your database. There is no other protection on that directory.

Configuration Files

The installer generates two configuration files. Both are kept in sync and serve slightly different purposes.

config.php

The main configuration file. It returns a PHP array and reads values from $_ENV with hardcoded fallbacks:

<?php

return [
    'db' => [
        'host'   => $_ENV['DB_HOST'] ?? 'localhost',
        'user'   => $_ENV['DB_USER'] ?? '',
        'pass'   => $_ENV['DB_PASS'] ?? '',
        'name'   => $_ENV['DB_NAME'] ?? '',
        'port'   => $_ENV['DB_PORT'] ?? '3306',
        'prefix' => $_ENV['DB_PREFIX'] ?? ''
    ],
    'app' => [
        'url'        => $_ENV['APP_URL'] ?? 'http://example.com',
        'email'      => $_ENV['APP_EMAIL'] ?? '',
        'key'        => $_ENV['APP_KEY'] ?? '',
        'defuse_key' => '/var/www/your-project/storage/keys/[random_filename].php'
    ],
    'mail' => [
        'smtp' => [
            'host'       => $_ENV['SMTP_HOST'] ?? '',
            'port'       => $_ENV['SMTP_PORT'] ?? 587,
            'encryption' => $_ENV['SMTP_ENCRYPTION'] ?? 'tls',
            'username'   => $_ENV['SMTP_USER'] ?? '',
            'password'   => $_ENV['SMTP_PASS'] ?? '',
        ],
        'from' => [
            'email' => $_ENV['MAIL_FROM_ADDRESS'] ?? '',
            'name'  => $_ENV['MAIL_FROM_NAME'] ?? 'Blogware'
        ]
    ],
    'os' => [
        'system_software' => $_ENV['SYSTEM_OS'] ?? 'Linux',
        'distrib_name'    => $_ENV['DISTRIB_NAME'] ?? ''
    ],
];

In production, keep sensitive values in .env and commit only config.php to version control. The fallback values are safe defaults; the real values come from .env at runtime.

.env

The environment variable file. The installer auto-generates this with your values from the setup wizard:

# DATABASE
DB_HOST=localhost
DB_USER=blogwareuser
DB_PASS=yourpassword
DB_NAME=blogwaredb
DB_PORT=3306
DB_PREFIX=

# APPLICATION
APP_URL=https://example.com
[email protected]
APP_KEY=XXXXXX-XXXXXX-XXXXXX-XXXXXX

# MAIL / SMTP
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_ENCRYPTION=tls
[email protected]
MAIL_FROM_NAME=Blogware

# SYSTEM
SYSTEM_OS=Linux
DISTRIB_NAME="Linux Mint"

Keep this file out of version control. Add .env to your .gitignore if it is not already there.

The Defuse Encryption Key

During setup, the installer generates a Defuse encryption key using Defuse\Crypto\Key::createNewRandomKey(). This key encrypts authentication cookies and is saved with a randomly generated filename.

The installer tries to store it outside the web root first. If that directory is not writable, it falls back to lib/utility/.lts/ inside the web root. Either way, the key path is recorded in three places: config.php under app.defuse_key, .env under DEFUSE_KEY_PATH, and in the tbl_settings database table under defuse_key_path.

Do not delete or move this file after installation. If the key is lost, all existing authentication cookies become invalid and every active session will be terminated.

Accessing the Application After Installation

Once setup is complete, your installation is available at three URLs. The public site is at http://your-domain/, the admin panel is at http://your-domain/admin/, and the API endpoint is at http://your-domain/api/v1/.

Log in to the admin panel with the credentials created during the wizard and you are ready to go.