A modern, secure, and feature-rich real-time chat application built with PHP, WebSockets, and advanced security features.
- Real-time messaging with WebSocket support and HTTP fallback
- End-to-end message encryption using AES-256-CBC
- User authentication with CSRF protection and rate limiting
- File sharing with support for images, documents, and media
- Message reactions with emoji support
- Typing indicators for better user experience
- Online/offline status tracking
- Message search and conversation history
- CSRF protection on all forms
- Rate limiting for messages and login attempts
- Password strength validation with requirements
- Account lockout after failed login attempts
- File upload validation with type and size restrictions
- XSS protection with input sanitization
- Secure headers (HSTS, X-Frame-Options, etc.)
- Database support with MySQL/PDO and JSON fallback
- WebSocket server for real-time communication
- Mobile responsive design
- Dark theme with modern UI
- Emoji picker with extensive emoji support
- User profiles and settings
- Message encryption at rest and in transit
- PHP 7.4 or higher
- MySQL 5.7+ (optional, falls back to JSON files)
- Composer for dependency management
- Modern web browser with WebSocket support
# Download the files to your web server directory
# Example: /var/www/html/chatx/composer install-- Create database
CREATE DATABASE chatx_advanced;
-- Create user
CREATE USER 'chatx_user'@'localhost' IDENTIFIED BY 'your_secure_password';
GRANT ALL PRIVILEGES ON chatx_advanced.* TO 'chatx_user'@'localhost';
FLUSH PRIVILEGES;Update database credentials in database_config.php:
private $db_config = [
'host' => 'localhost',
'dbname' => 'chatx_advanced',
'username' => 'chatx_user',
'password' => 'your_secure_password',
'charset' => 'utf8mb4'
];chmod 755 chatx_advanced.php
chmod -R 775 chat_data/php websocket_server.php- Open
chatx_advanced.phpin your web browser - Register a new account with a strong password
- Login and start chatting!
- Start the WebSocket server:
php websocket_server.php - The application will automatically use WebSocket for real-time communication
- If WebSocket is unavailable, it falls back to HTTP polling
Edit the constants in chatx_advanced.php:
define('MAX_FILE_SIZE', 10 * 1024 * 1024); // 10MB
define('ALLOWED_FILE_TYPES', ['jpg', 'jpeg', 'png', 'gif', 'pdf', 'txt', 'docx']);
define('MAX_MESSAGE_LENGTH', 1000);define('RATE_LIMIT_MESSAGES', 30); // messages per minute
define('RATE_LIMIT_LOGIN', 5); // login attempts per hour- Change encryption keys in production
- Use HTTPS in production
- Configure proper session settings
- Set up proper file permissions
chatx/
├── chatx_advanced.php # Main application file
├── database_config.php # Database abstraction layer
├── websocket_server.php # WebSocket server
├── websocket_client.js # WebSocket client
├── composer.json # Dependencies
├── README.md # This file
└── chat_data/ # Data directory
├── users.json # User data (if no database)
├── messages.json # Message data (if no database)
├── online_users.json # Online status
├── rate_limits.json # Rate limiting data
└── uploads/ # File uploads
users- User accounts and profilesmessages- Chat messages with encryptionmessage_reactions- Message reactions/emojisonline_users- Online status trackingrate_limits- Rate limiting countersuser_settings- User preferences
- Use HTTPS - Always serve over SSL/TLS
- Secure database - Use strong passwords and restrict access
- File permissions - Set proper file and directory permissions
- Rate limiting - Implement reverse proxy rate limiting
- Firewall - Configure firewall rules
- Monitoring - Set up logging and monitoring
- Backups - Regular database and file backups
- Minimum 8 characters
- Must contain uppercase, lowercase, and numbers
- Hashed with PHP's password_hash() using bcrypt
- Account lockout after failed attempts
- File type validation
- Size limits enforced
- Files stored outside web root when possible
- Virus scanning recommended for production
The application uses CSS custom properties for easy theming:
:root {
--bg-primary: #0a0a0a;
--accent-primary: #6366f1;
--text-primary: #ffffff;
/* ... more variables */
}The modular architecture makes it easy to add features:
- Add database schema changes
- Update the main ChatX class
- Add frontend JavaScript
- Update WebSocket handlers if needed
WebSocket Connection Failed
- Check if WebSocket server is running
- Verify firewall settings
- Check browser WebSocket support
File Upload Issues
- Check PHP upload_max_filesize setting
- Verify directory permissions
- Check allowed file types
Database Connection Failed
- Verify database credentials
- Check if database service is running
- The app will fall back to JSON files
Rate Limiting Too Aggressive
- Adjust rate limit constants
- Clear rate_limits.json or database table
- Use database instead of JSON for better performance
- Enable PHP opcache
- Use Redis for session storage
- Implement CDN for file uploads
- Use nginx for static file serving
This project is licensed under the MIT License. See LICENSE file for details.
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
For support, please:
- Check this README
- Review the code comments
- Open an issue on the repository
- Contact the development team
- End-to-end encryption
- WebSocket real-time communication
- Advanced security features
- File sharing and reactions
- Database support with fallback
- Mobile responsive design
- Message search and history
- Voice/video calling
- Group chats
- Message threading
- Advanced user roles
- API for third-party integrations
- Progressive Web App (PWA)
- Multi-language support
ChatX Advanced - Secure, Modern, Real-time Communication 🚀