⬡ CryptoMax

A full-featured cryptocurrency investment and trading platform built on CodeIgniter 4. Everything you need to run a professional crypto investment business — out of the box.

Packed with robust features, CryptoMax enables seamless Peer-to-Peer transfers, supports multiple payment gateways, and comes with an intuitive and informative user panel. Key functionalities include KYC verification, flexible deposit and withdrawal options, customizable investment plans, bonuses, referral commissions, and an automated dynamic ROI (Return on Investment) system.

To enhance user engagement, CryptoMax integrates live chat support, Telegram, and WhatsApp chat options, a newsletter system, and multilingual support with a built-in language translator. Additionally, it’s optimized for SEO and boasts a fully responsive, modern PHP architecture, ensuring top performance across all devices.

Whether you’re looking to launch your own investment platform in minutes or scale an existing system, CryptoMax is your go-to tool for a feature-rich and secure experience. Perfect for professionals aiming to create a profitable online investment platform with ease!

Version 3.5.0 CodeIgniter 4 PHP ^8.1 MIT License Updated March 31, 2026

⚙ Requirements

Dependency	Version
PHP	`^8.1`
MySQL / MariaDB	`5.7+` / `10.3+`
Web Server	Apache 2.4+ or Nginx 1.18+
PHP Extensions	`intl`, `mbstring`, `json`, `mysqlnd`, `curl`, `gd`

🚀 Installation

CryptoMax ships as a complete package including all dependencies. No need to run Composer — just follow the steps below.

✅

The vendor folder is already included — no Composer installation required.

Package Contents

After purchasing and downloading, your package will contain the following:

cryptomax/
                    ├── app/
                    ├── public/
                    ├── vendor/
                    ├── writable/
                    ├── composer.json
                    └── composer.lock

Recommended Directory Structure

Following CodeIgniter 4 security best practices, it is strongly recommended to place most of the application outside your web root (public_html), and only expose the contents of the public/ folder. This prevents direct web access to your app/ and vendor/ folders.

your-server/
                    ├── public_html/ ← Web root (contents of public/ go here)
                    │ ├── index.php
                    │ ├── .htaccess
                    │ └── assets/
                    ├── app/ ← Outside public_html
                    ├── vendor/ ← Outside public_html
                    ├── writable/ ← Outside public_html
                    ├── composer.json
                    └── composer.lock

ℹ️

This layout prevents sensitive application files from being directly accessible via a browser URL — a key security hardening step recommended by CodeIgniter 4.

Installation Steps

Upload & Extract the Package

Upload and extract the downloaded zip to your server. Place app/, vendor/, writable/, composer.json, and composer.lock outside your public_html folder. Copy only the contents of the public/ folder into public_html/.

🖼

Screenshot: File structure after upload

Replace with actual screenshot

Set Directory Permissions

Ensure the web server can write to the required directories:

chmod -R 755 writable/
                                chmod -R 755 public_html/uploads/

Create a Database

Create a new MySQL database and user via your hosting control panel or directly in MySQL. Have the following ready for the installer:

Database host (usually localhost)
Database name
Database username
Database password

🖼

Screenshot: Creating a database in cPanel / hosting panel

Replace with actual screenshot

Run the Setup Wizard

Visit your domain in a browser. CryptoMax will automatically detect the installer on first run and redirect you to it:

https://yourdomain.com/install.php

The installer will create your .env file, set up the database, seed initial data, and create your admin account. Simply follow the on-screen steps.

🖼

Screenshot: Installer welcome screen

Replace with actual screenshot

Enter Database & Admin Details

The installer will prompt you to enter your database credentials, admin account details, and basic site settings.

🖼

Screenshot: Installer — database & admin setup form

Replace with actual screenshot

Installation Complete

Once all steps are completed, the installer will create the required tables, seed initial data, set up your admin account, and lock itself. You will be redirected to your new platform automatically.

🖼

Screenshot: Installation success screen

Replace with actual screenshot

⚠️

The installer is only accessible on first run. Once setup is complete, it is automatically disabled. Do not delete or move files during the installation process.

Reinstallation

Once installed, the installer will no longer be detected on normal site visits. However, if you made a mistake during installation or need to start over, you can run the installer directly:

https://yourdomain.com/install.php

It will prompt you to confirm the reinstallation. Click OK to continue.

⚠️

Reinstallation will:

Delete your configuration files (including .env)
Drop all migrated database tables and their data
Reset the platform back to a fresh state

Make sure you have a backup before proceeding.

🔧 Environment Configuration

Application

.envCI_ENVIRONMENT = development
                    app.baseURL = 'https://yourdomain.com/'
                    app.siteName = 'CryptoMax'
                    app.pin = 1234

Database

.envdatabase.default.hostname = localhost
                    database.default.DBDriver = MySQLi
                    database.default.database = cryptomax
                    database.default.username = cryptomax_user
                    database.default.password = your_password
                    database.default.DBPrefix = kis_
                    database.default.charset = utf8mb4
                    database.default.DBCollat = utf8mb4_general_ci

ℹ️

All tables use the prefix kis_. Do not change this after initial installation.

Encryption Key

.envencryption.key = hex2bin:YOUR_32_BYTE_HEX_KEY

Generate a secure key with: php spark key:generate

🗄 Database Setup

The setup wizard handles all migrations automatically. To run manually:

bashphp spark migrate
                    php spark db:seed AssetsSeeder
                    php spark db:seed EmailtemplatesSeeder
                    php spark db:seed FaqsSeeder
                    php spark db:seed ReviewsSeeder

Table	Purpose
`kis_users`	User accounts and authentication
`kis_transactions`	All financial transactions
`kis_investments`	Active and completed investment records
`kis_packages`	Investment plan definitions
`kis_wallets`	Admin-managed crypto wallet addresses
`kis_trades`	Binary-options trading records
`kis_assets`	Tradable assets (crypto, forex, stocks)
`kis_kycs`	KYC document submissions
`kis_tickets`	Support ticket threads
`kis_notifications`	In-app user notifications
`kis_settings`	Key-value application settings
`kis_emailtemplates`	Customisable transactional email templates
`kis_sessions`	Database-backed sessions

🌐 Web Server Configuration

Apache

apache<VirtualHost *:80>
                    ServerName yourdomain.com
                    DocumentRoot /var/www/html/cryptomax/public
                    <Directory /var/www/html/cryptomax/public>
                    AllowOverride All
                    Require all granted
                    </Directory>
                    </VirtualHost>

Nginx

nginxserver {
                    listen 80;
                    server_name yourdomain.com;
                    root /var/www/html/cryptomax/public;
                    index index.php;
                    location / { try_files $uri $uri/ /index.php$is_args$args; }
                    location ~ \.php$ {
                    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
                    fastcgi_index index.php;
                    include fastcgi_params;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                    }
                    }

🔑 Google OAuth Setup

Create a Google Cloud Project

Go to Google Cloud Console and create a new project.

Create OAuth Credentials

Navigate to APIs & Services → Credentials and create an OAuth 2.0 Client ID (Web application type).

Add Redirect URI

Add https://yourdomain.com/auth/google to Authorised redirect URIs.

Save in Admin Panel

Enter your Client ID and Client Secret under Admin → Settings → Google OAuth. The secret is encrypted at rest.

📧 Email (SMTP) Setup

.envemail.protocol = smtp
                    email.SMTPHost = smtp.mailprovider.com
                    email.SMTPPort = 587
                    email.SMTPCrypto = tls
                    email.SMTPUser = [email protected]
                    email.SMTPPass = your_password
                    email.fromEmail = [email protected]
                    email.fromName = CryptoMax

All transactional emails are fully customisable from Admin → Email Templates. Includes 15 templates covering registration, deposits, withdrawals, KYC, 2FA, password reset, and more.

🔔 Web Push Notifications

Generate VAPID keys and add them to your .env:

bashphp -r "
                    \$keys = \Minishlink\WebPush\VAPID::createVapidKeys();
                    echo 'Public: ' . \$keys['publicKey'] . PHP_EOL;
                    echo 'Private: ' . \$keys['privateKey'] . PHP_EOL;
                    "

.envvapid.publickey = YOUR_PUBLIC_VAPID_KEY
                    vapid.privatekey = YOUR_PRIVATE_VAPID_KEY

⏱ Cron Jobs

crontab* * * * * curl -s https://yourdomain.com/api/cron >
                    /dev/null 2>&1

💰

Investment Accruals

Credits daily profits for all active investments

📈

Trade Settlements

Settles expired binary-options trades
Credits wins or records losses

🔔

Push Notifications

Sends push alerts for completed events

✨ Feature Overview

🔐

Authentication

Email/password registration
Google OAuth 2.0 social login
Two-factor authentication (OTP)
Forgot / reset password
Optional captcha
New-device detection
Session regeneration on login

📊

User Dashboard

Portfolio overview & balance
Full transaction history
Deposit & withdrawal requests
Investment plan subscriptions
Fund transfers between users
Beneficiary management
Push notification opt-in

💼

Investment System

Admin-defined packages
Min/max amounts per package
Configurable daily profit %
Automated profit accrual via cron
Investment history & tracking

📉

Binary-Options Trading

BUY/SELL on Crypto, Forex & Stocks
Configurable trade duration
One active trade per user
Automated settlement via cron

💳

Deposits & Withdrawals

Multiple crypto wallets with QR codes
Payment proof image upload
Referral commission on first deposit
Admin approval queue

🪪

KYC Verification

Document upload (JPEG/PNG/PDF)
3-stage flow: unverified→pending→verified
Admin one-click approval
Optional auto-approve

👥

Referral System

Tracking via ?ref=username
Configurable commission %
One-time or recurring bonus

🛡

Admin Panel

Dashboard metrics
User management
Manual balance adjustments
Approval queues (deposits, withdrawals, KYC)
Email template editor
Theme & branding settings
Data export

🏗 Architecture

Built on CodeIgniter 4 MVC. All routing defined in app/Config/Routes.php.

Request Lifecycle

Browser → Routes.php → Filter (auth/sameorigin) → Controller → AppModel → JSON/View

Controller Hierarchy

CodeIgniter\Controller
                    └── BaseController ← helpers, settings, email, push, QR, caching
                    ├── AuthController
                    ├── FrontController
                    ├── DepositController
                    ├── WithdrawalController
                    ├── TradeController
                    ├── InvestmentController
                    ├── KycController
                    ├── UserController
                    └── ... (31 controllers total)

AppModel is a single generic model wrapping CodeIgniter's Query Builder. All results are cached by table name and invalidated on each write.

📁 Directory Structure

cryptomax/
                    ├── app/
                    │ ├── Config/ # Framework and app configuration
                    │ ├── Controllers/ # 31 controllers
                    │ ├── Database/
                    │ │ ├── Migrations/ # 19 migration files
                    │ │ └── Seeds/ # 4 seeders
                    │ ├── Filters/ # auth:guest|user|admin, sameorigin
                    │ ├── Libraries/ # DeviceInfo, GeoIP, LoginSecurity, Translator
                    │ ├── Models/
                    │ │ └── AppModel.php # Generic CRUD model
                    │ └── Views/
                    ├── public/ # ← Point your web server here
                    │ ├── assets/
                    │ └── uploads/
                    ├── writable/ # Logs, cache, sessions (must be writable)
                    ├── vendor/ # Included — no Composer needed
                    └── .env # Never commit this file

⚡ API Reference

All endpoints return JSON. Authenticated endpoints require an active session cookie.

Response Envelope

json{ "success": true, "type": "redirect|confirm|alert", "title":
                    "...", "text": "...", "url": "..." }

Public Endpoints

Method	Path	Description
POST	`/auth/login`	Submit credentials
POST	`/auth/signup`	Submit registration
GET	`/auth/google`	Google OAuth callback
POST	`/auth/otp`	Submit OTP
POST	`/auth/forgot-password`	Request reset email
POST	`/auth/reset-password`	Submit new password
GET	`/api/cron`	Cron trigger

User Endpoints (authenticated)

Method	Path	Description
GET	`/dashboard`	User dashboard
POST	`/api/deposit`	Submit deposit request
POST	`/api/withdraw`	Submit withdrawal request
POST	`/api/trade`	Place a trade
POST	`/api/invest`	Subscribe to investment plan
POST	`/api/kyc`	Upload KYC document
POST	`/api/transfer`	Transfer funds to another user
POST	`/api/tickets`	Create / reply to ticket
GET	`/api/notifications`	Fetch notifications
POST	`/api/profile`	Update profile

Admin Endpoints (authenticated)

Method	Path	Description
GET	`/admin`	Admin dashboard
POST	`/api/deposit/approve`	Approve deposit
POST	`/api/withdraw/approve`	Approve withdrawal
POST	`/api/kyc/process`	Approve KYC
POST	`/api/settings`	Update settings
POST	`/api/packages`	Manage investment packages
POST	`/api/newsletter`	Send newsletter
GET	`/api/data`	Export data

⚡ Cache Management

Caches are named after their source tables and invalidated automatically on every write. Settings are cached for 24 hours.

GET /cache/clear # via browser
                    php spark cache:clear # via CLI

🔒 Security

CSRF

sameorigin filter on all state-changing routes

Authentication

Role-based filters: auth:guest, auth:user, auth:admin

Password Hashing

phpass (portable MD5 + bcrypt fallback)

Sensitive Data

Google OAuth secret encrypted with Services::encrypter()

Mass Assignment

AppModel::filterTableFields() strips non-column keys

Session Fixation

session()->regenerate() on every login

File Uploads

MIME + size validation; images re-encoded via GD

IP, device, browser, OS & geolocation logged per admin login

💻 CLI Reference

bashphp spark serve # Local dev server
                    php spark migrate # Run pending migrations
                    php spark migrate:rollback # Roll back last batch
                    php spark db:seed SeederName # Run a specific seeder
                    php spark key:generate # Generate encryption key
                    php spark cache:clear # Clear all caches
                    php spark make:migration Foo # Scaffold a new migration

↑ Back to top