Features
Server listing and discovery
Servers are listed with address, port, description, and categories. The home and server index pages show servers with live status: the application pings Minecraft servers using the game protocol and displays online or offline state, player count, and version. Filtering is available by category, country, Minecraft version, and status. A banner generator lets server owners create promotional banners. Server detail pages show full information, comments, and voting. Server owners can submit, edit, and manage their servers; editing is restricted to the owner or an admin.
User accounts and security
Users register with email and password. Account activation is done by email link. Login and registration are protected by rate limiting and login-attempt tracking. Sessions are stored in the database with a custom session handler; session hijacking is mitigated by binding sessions to the client IP. Password reset is available via email. Users have profiles (viewable by username) and can edit their profile and change their password. CSRF tokens are enforced on state-changing requests. The application uses a configurable rate limiter (Stiphle) so that auth, voting, contact, and other routes can have different limits per IP or user.
Voting and Votifier
Users can vote for servers. Voting is rate-limited (e.g. once per day per user per server). The application integrates with the Votifier protocol so that when a user votes on the site, the corresponding Minecraft server can be notified. Vote data is stored and can be reset from the admin panel.
Comments and reports
Server pages support comments. Users can post comments and delete their own; comments can be loaded in a “load more” fashion. A reporting system allows users to report servers or content; reports are handled in the admin panel with view, action, and delete.
Premium and payments
Premium features include server highlighting and featured placement. Purchases are handled via PayPal using the PayPal PHP SDK. The flow supports creating orders, capturing payments, and cancellation. PayPal can be configured in sandbox or live mode. Payment history is visible in the admin panel.
Server claim
A server claim flow allows users to prove ownership of a server (e.g. by placing a code in the server’s MOTD or similar). Users can start a claim, verify it, or cancel. This is separate from normal server submission and editing.
Blog
The site includes a simple blog: server owners or authorized users can add, edit, and delete blog posts associated with a server. Posts are shown on the server page with load-more pagination. Blog posts can be managed from the admin panel.
Admin panel
Administrators have a dedicated panel. It covers user management (list, edit, delete, actions), server management (list, edit, approve/reject, delete), category management (create, edit, delete), report handling (list, view, action, delete), payment history and deletion, and blog post deletion. Site-wide settings are configurable (e.g. site name, timezone, PayPal, feature toggles). An audit log records admin actions. A migrations UI allows running database migrations (run all or selected) from the browser.
Static pages and SEO
Static pages exist for terms of service, privacy policy, and contact. The contact form sends email and can be rate-limited. The application generates a sitemap (sitemap.xml) and serves robots.txt for search engines. Meta tags and titles are handled via a small SEO helper for better indexing.
Internationalization
The interface supports multiple languages via a language system. Translation files (e.g. English and Polish) live under resources/languages and are used in views so that labels and messages can be localized.
Installation
A web-based installer (install.php) collects database credentials and basic site configuration, writes config/app.php, and creates a lock file so that after installation the app no longer redirects to the installer. The installer can be removed or renamed after setup. Default admin credentials are set during installation and should be changed immediately.
Tech stack
Backend
The application is built with PHP 8.2 or higher. It does not use a full framework; instead it uses a minimal custom stack. Entry point is index.php in the project root: it checks for configuration and install lock, loads bootstrap.php, then loads a Router and the route definitions from routes/web.php. The router matches HTTP method and URI (with optional path parameters), invokes controller actions (Controller@method), and enforces CSRF on non-GET requests. Controllers live under app/Controllers (and app/Controllers/Admin for admin actions). Business logic is grouped in app/Core/Features (e.g. Servers, Users, Votes, Comments, Payments, Blog, Reports, Categories, ServerClaim). Models under app/Models represent database entities (User, Server, Category, Vote, Comment, Payment, Report, BlogPost, etc.). The database layer is a small Database class in app/Core/System; migrations are SQL files in database/migrations and are run by MigrationRunner, triggered from the admin migrations UI or CLI.
Database and session
MySQL 8.0 (or compatible) is used as the database. PDO with the native driver is used for connections and queries. Sessions are stored in the database via a custom SessionHandler (app/Core/System/SessionHandler) that implements PHP’s session save handler interface, so session data persists in MySQL instead of the default file store.
Security and dependencies
Security-related code includes Auth (login, logout, password hashing), Csrf (token generation and validation), RateLimit (configurable rules in config/ratelimit.php, backed by Stiphle), and LoginSecurity for tracking login attempts. Composer dependencies are php 8.2+, davedevelopment/stiphle (rate limiting), paypal/paypal-server-sdk (PayPal integration), and PHP extensions: gd (e.g. for images or banners), sockets (for pinging Minecraft servers), pdo, openssl. Development tools include PHP-CS-Fixer and PHPUnit.
Minecraft integration
Server status is obtained via the Minecraft server list ping protocol. app/Core/Integrations/MinecraftPing implements the handshake and status request over TCP and returns the server’s JSON status (version, players, description). app/Core/Integrations/AsyncBatchPinger uses non-blocking sockets and stream_select to ping many servers concurrently for efficient updates on the server list. Votifier integration (app/Core/Integrations/Votifier) sends vote notifications to Minecraft servers that run the Votifier plugin.
Frontend
The frontend uses Bootstrap 5.3.2 (CSS and JS) from a CDN, Bootstrap Icons, and jQuery. Custom CSS lives under public/assets/css (base, server, filter modal, navbar mobile). JavaScript under public/assets includes app.js and utilities such as searchable-select and category-cloud. Views are plain PHP templates in resources/views: layouts (e.g. app.php), partials (navbar, footer, server cards, alerts, etc.), and per-page views for auth, servers, users, admin, static pages, and errors. There is no front-end build step; assets are served from public. A simple view() helper includes a view file with extracted variables; the layout receives a $content variable and renders meta tags (including CSRF) and flash messages.
Configuration and deployment
Main configuration is in config/app.php (site name, url, timezone, db credentials, PayPal settings). This file is generated or edited during installation. Rate limit rules are in config/ratelimit.php. The application expects the web server to point to the project root (or to public if assets are split); a .htaccess is present for URL rewriting so that all requests are routed to index.php. Logs (e.g. rate limit violations) are written under storage/logs. The public-facing document root can be the project root or a public subdirectory depending on server setup.