--- # 🚀 MASTER BLUEPRINT: SKSOFTDEV ENTERPRISE SYSTEM ## 1. PROJECT OVERVIEW * **Project Name:** SKSOFTDEV * **Project Type:** Full Dynamic Professional Software Company Website & Management System. * **Target Audience:** Local (Bangladesh) & International Clients. * **Core Philosophy:** Production-level, Scalable, Maintainable, Secure, Modular, and Enterprise-Standard. "Plug-and-play" architecture. Core system must remain untouched during future updates. ## 2. TECHNOLOGY STACK * **Backend:** PHP 8.3+ (Core PHP Modular, Strict Types, PSR-12). * **Database:** MySQL 8+ (PDO, Normalized, Indexed). * **Frontend:** HTML5, CSS3, Vanilla JS, Alpine.js (for lightweight interactions), AJAX. * **Architecture:** Hybrid MVC + Modular + Repository Pattern + Service & Hook Engine. * **Environment:** cPanel Ready, Git-versioned, `.env` configured. ## 3. MASTER FOLDER STRUCTURE ```text sksoftdev/ ├── .env # Environment configurations (DB, API Keys) ├── .gitignore # Git exclusions ├── public/ # Document Root (Only this is accessible) │ ├── index.php # Front Controller │ ├── .htaccess # URL Rewriting & Security headers │ ├── assets/ # CSS, JS, Images │ └── uploads/ # Symlink to storage/uploads ├── app/ # Main Application Logic │ ├── Controllers/ │ ├── Models/ │ ├── Views/ │ ├── Middleware/ # WAF, Auth, Role Checks │ ├── Services/ # Business Logic (Mail, Payment, SEO) │ ├── Repositories/ # DB Abstraction layer │ ├── Helpers/ # URL, File, String helpers │ ├── Traits/ # SoftDeletes, Loggable │ ├── Events/ # Event Dispatcher (beforeSave, afterLogin) │ ├── Hooks/ # Plugin hook system (do_action, apply_filters) │ ├── Exceptions/ # Centralized Error Handling │ ├── Validators/ # Form & Request validation │ ├── Policies/ # Granular ACL permissions │ └── Notifications/ # Mail, SMS, DB Alert generators ├── core/ # Framework Core (Router, DB, Auth, Config Loader) ├── modules/ # Plug-and-play expansions (Blog, Portfolio) ├── themes/ # Theme Engine │ ├── default/ # Public UI │ └── admin/ # Admin UI ├── lang/ # Localization (en/, bn/) ├── jobs/ # Queue workers, Cron handlers ├── install/ # Setup Wizard (Auto-locks after setup) ├── config/ # Config files loaded from .env ├── api/ │ ├── v1/ # Versioned REST APIs │ └── webhooks/ # External triggers ├── storage/ # Strictly protected, No direct access │ ├── logs/ # Error, Security, API, Activity logs │ ├── cache/ # Settings, Page, Query caching │ ├── backups/ # DB & File backups │ ├── tmp/ # Temporary processing │ └── sessions/ # Secure custom session handling └── database/ ├── migrations/ # Version-controlled DB schemas (up/down) └── seeders/ # Default system data ``` ## 4. DATABASE ARCHITECTURE * **Core Tables:** `users`, `admins`, `roles`, `permissions`, `role_permissions`, `site_settings`, `theme_settings`. * **System & Logs:** `system_versions`, `system_logs`, `error_logs`, `api_logs`, `security_logs`, `activity_logs`, `login_logs`, `cron_jobs`, `backup_logs`, `cache_logs`, `audit_trails`, `notification_logs`. * **Content:** `services`, `products`, `portfolio`, `blogs`, `categories`, `page_sections` (Builder), `media_library`, `faq`, `team`, `testimonials`. * **Interaction:** `messages`, `tickets`, `notifications`, `newsletter`, `seo_pages`, `translations`, `feature_flags`. * **Database Rules:** * Soft deletes (`deleted_at`) for all major tables. * Timestamps (`created_at`, `updated_at`) mandatory. * UUID support where required. * Advanced indexing for performance (`users`, `logs`, `seo`, etc.). ## 5. CORE ENGINES & FEATURES 1. **Global Settings Engine:** Centralized management for Site, Email, SMS, Payment, API Keys, Maintenance mode. Auto-refreshes cache on update. 2. **Page Builder System:** Dynamic section reordering, CTA edits, UI toggle. 3. **Media Manager:** File upload, organization, compression, preview. 4. **Log System:** Separated Error, Security, Activity, API, and Admin logs. 5. **Cache System:** Query, Page, and Settings caching. 6. **Backup System:** Manual/Auto backup & Restore with encryption. 7. **Queue & Cron System:** Background processing for emails, cleanups. 8. **SEO Engine:** Dynamic meta, OG tags, Schema, Sitemap generation. 9. **Role-Based Access Control (RBAC):** Super Admin, Admin, Manager, Support, Editor, Client. 10. **Pagination & Search:** Reusable global systems for all modules. 11. **URL & Asset Helpers:** `url()`, `asset()`, `route()`, `redirect()`. ## 6. STRICT SYSTEM LOCK RULES 1. **Core Untouchable:** Future updates via modules, hooks, services, or themes only. No editing `core/` directly. 2. **Module System:** Must support `install()`, `uninstall()`, `enable()`, `disable()`, `update()`. 3. **Migration Rules:** Every migration must have `up()` and `down()` for safe rollbacks. 4. **Error Handling:** Single global exception handler (Production/Debug/Log modes). 5. **Config Loader:** Priority: `.env` → `config/` → `runtime cache`. 6. **Autoloader:** PSR-4 standard class autoloading. No manual `require`. 7. **Hook & Event Engine:** `do_action()`, `apply_filters()`, `beforeSave`, `afterLogin`. 8. **Safe Update Engine:** Patch modules/themes/assets without breaking live site. 9. **Coding Standards:** PSR-12, strict types, reusable traits, repository for DB, service for logic. NO scattered raw SQL. ## 7. MAXIMUM SECURITY STANDARDS * SQL Injection, XSS, CSRF, Session Security, Brute Force protection. * All Admin actions strictly require: CSRF validation + Auth check + Role check + Audit Log. * WAF-like request filtering, Honeypot, Device Fingerprinting. * Strict file security for `/storage` and `/uploads`. ## 8. PHASE 1 EXECUTION ORDER 1. Environment Loader 2. Config Loader 3. Database Core 4. Migration Engine 5. Router Engine 6. Request Class 7. Response Class 8. Security Core 9. Session Core 10. Auth Core 11. Base Controller 12. Base Model 13. Module Loader 14. Hook Engine 15. Event Engine --- sksoftdev/ ├── .env ├── public/ # Document Root │ └── index.php # Front Controller ├── app/ # 🚀 MAIN APPLICATION FOLDER │ │ │ ├── Admin/ # 🔴 ১. শুধুমাত্র অ্যাডমিন প্যানেলের সব কোড │ │ ├── Controllers/ # Admin Controllers (e.g., DashboardController) │ │ ├── Middleware/ # Admin Security (e.g., SuperAdminCheck) │ │ └── Routes/ # admin.php (শুধুমাত্র অ্যাডমিন লিংকগুলো) │ │ │ ├── Web/ # 🔵 ২. শুধুমাত্র ইউজার ও পাবলিক ওয়েবসাইটের কোড │ │ ├── Controllers/ # Web Controllers (e.g., HomeController, UserController) │ │ ├── Middleware/ # Web Security (e.g., UserAuthCheck) │ │ └── Routes/ # web.php (পাবলিক এবং ইউজার প্যানেলের লিংক) │ │ │ ├── Api/ # 🟢 ৩. শুধুমাত্র মোবাইল অ্যাপ বা থার্ড-পার্টি API │ │ ├── Controllers/ │ │ └── Routes/ # api.php │ │ │ └── Shared/ # 🟡 ৪. কমন কোড (যা Admin, Web এবং Api সবাই ব্যবহার করবে) │ ├── Models/ # Database Models (User, Product, Settings) │ ├── Services/ # Business Logic (MailService, PaymentService) │ └── Repositories/ # Database Queries │ ├── core/ # Framework Core (Router, DB, Security - Untouched) ├── modules/ # Plug-and-play extensions ├── themes/ │ ├── admin/ # অ্যাডমিনের ডিজাইন │ └── web/ # ওয়েবসাইটের ডিজাইন └── storage/ # Logs, Cache, Uploads