HeadRandom
Back to Main Site

PolyCMS Architecture Overview

Last updated on May 16, 2026 2:03 AM

MVC Architecture

PolyCMS follows strict Model-View-Controller architecture built on CodeIgniter — the same framework powering Perfex CRM. This ensures seamless integration with the CRM's existing codebase and conventions.

File Structure

modules/polycms/
├── assets/              # CSS, JS, images for admin & frontend
├── controllers/         # MVC Controllers
│   ├── Posts.php         # Post CRUD operations
│   ├── Pages.php         # Page management
│   ├── Categories.php    # Category management
│   ├── Tags.php          # Tag management
│   ├── Media.php         # Media Library operations
│   ├── Comments.php      # Comment moderation
│   ├── Menus.php         # Menu builder
│   ├── Themes.php        # Theme management
│   ├── Plugins.php       # Plugin management
│   ├── Settings.php      # CMS settings
│   ├── Tools.php         # Backup, Import/Export
│   ├── Frontend.php      # Public-facing routes & rendering
│   └── Dashboard.php     # CMS Dashboard
├── helpers/             # Helper functions
│   ├── polycms_blog_helper.php
│   ├── polycms_seo_helper.php
│   └── polycms_hook_helper.php
├── language/            # 16 language packs
├── libraries/           # Service classes
│   ├── ThemeLoader.php   # Theme template resolution
│   ├── PluginManager.php # Plugin lifecycle management
│   └── ShortcodeParser.php
├── models/              # Database models
│   ├── Blog_post_model.php
│   ├── Blog_category_model.php
│   └── ... (one per table group)
├── plugins/             # Bundled plugins (5 included)
├── themes/              # Bundled themes
├── views/               # Admin & frontend view templates
├── migrations/          # Database migration files
├── documentations/      # Included documentation
├── install.php          # Database schema creation
├── uninstall.php        # Safe deactivation (preserves data)
└── polycms.php          # Module entry point & hook registration

Database Schema

PolyCMS creates 16 dedicated tables, all prefixed with your Perfex CRM table prefix + blog_:

GroupTables
Contentblog_posts, blog_pages, blog_page_meta
Taxonomyblog_categories, blog_tags, blog_post_categories, blog_post_tags, blog_post_meta
Engagementblog_comments
Navigationblog_menus, blog_menu_items, blog_widgets
Extensionsblog_plugins, blog_plugin_options, blog_themes, blog_theme_options
Configurationblog_settings, blog_permalink_settings

All tables use proper foreign key constraints and indexes for optimal query performance. CMS data is completely isolated from CRM client data.

Request Lifecycle

Admin Requests

  1. Perfex CRM routes request to PolyCMS controller.
  2. Controller validates staff_can() permissions.
  3. Controller calls Model for database operations.
  4. Model returns data via CodeIgniter Active Record.
  5. Controller loads admin View with data.

Frontend Requests

  1. Dynamic routing system matches URL against permalink patterns.
  2. Frontend.php controller determines content type (post, page, category, tag, search, archive).
  3. Hooks fire: polycms_frontend_init, polycms_head.
  4. ThemeLoader resolves template hierarchy → selects appropriate theme template.
  5. Template renders with data, widgets, and shortcodes processed.
  6. Hooks fire: polycms_footer.

Plugin System Architecture

Plugins are loaded by the PluginManager during module initialization:

  1. Scan plugins/ directory for plugin.json manifests.
  2. Check activation status in blog_plugins table.
  3. Load active plugin main files.
  4. Plugins register hooks via polycms_add_action() and polycms_add_filter().
  5. Hooks fire at appropriate lifecycle points during request processing.

Theme System Architecture

The ThemeLoader handles template resolution:

  1. Check active theme in blog_themes table.
  2. Determine content type from current request.
  3. Walk template hierarchy: single.php → category.php → tag.php → page.php → index.php.
  4. Load first matching template file from active theme directory.
  5. Pass content data, widgets, and theme options to template scope.

Security Architecture

  • Permission Layer — All admin actions gated by staff_can('polycms', ...).
  • XSS Protection — HTMLPurifier sanitizes all rich-text content.
  • SQL Protection — CodeIgniter Active Record/Query Builder prevents injection.
  • File Protection — polycms_validate_file_path prevents directory traversal.
  • Rate Limiting — IP-based cache limiter on public endpoints.
  • BASEPATH Guard — Every PHP file includes defined('BASEPATH') or exit().

Related Documentation