One-Command Installation. Zero Configuration Headaches.
Code:
./install.sh
LIVE PREVIEW : https://m2core.xyz/ YES, THE DESIGN IS TAKEN FROM ODEGON. I LOVE IT AND I TOOK IT. TESTING ACCOUNT : Account: testcms
Password: testcms
Performance
- https://gtmetrix.com/reports/m2core.xyz/zBHGT5mA/
- GTmetrix Performance: 99%
- GTmetrix Structure: 96%
- Lighthouse Performance: 94/100
- Lighthouse Accessibility: 100/100
- Lighthouse Best Practices: 100/100
- First Contentful Paint: 0.6s
- Largest Contentful Paint: 1.5s
- Total Blocking Time: 10ms
- Time to Interactive: 2.0s
- Fully Loaded: 3.5s
Pricing The price is 200e as it is, no custom design. One time payment, full source access For custom design please contact on discordDISCORD: saintlevant337
Key FeaturesFull Admin Control Panel
- Everything configurable from browser — site title, description, theme, fonts, colors, border radius, email template, currency names, date format, upload limits, and 80+ more settings
- No code editing required — ever
- Live theme editor with color picker, preset themes, font customization
- Sandbox/Demo mode — let users explore ACP without saving changes
- Category & subcategory organization with drag-and-drop ordering
- Two currency support (Dragon Coins + JCoins) — fully renameable
- Per-item sealbind toggle
- Stock management with atomic race-condition protection
- Quantity selector with configurable max limit
- Promotion system (global, per-category, per-item discounts with time windows)
- Two delivery methods: Item Award (server processes) or Direct Inventory (instant to mall)
- Character selector for delivery
- Purchase history
- One-click coin package purchases via Stripe Checkout
- Webhook signature verification
- Atomic coin crediting (no double-spend)
- Package metadata validation (prevents tampering)
- Country-based pricing with VPN/proxy detection
- Configurable from ACP — no code changes needed
- Set different real-money prices per country on coin packages
- IP geolocation via ip-api.com with 24h caching
- VPN/proxy detection — VPN users always see default pricing
- Toggle on/off from ACP
- English, Romanian, German, Spanish, French, Italian, Hungarian, Polish, Portuguese, Turkish + add any language from ACP
- 143 translatable strings — every user-facing text
- Auto-detection by browser region
- DeepL API integration for auto-translation
- Add/remove languages from ACP
- Categories with custom icons
- Topics with rich text editor (TipTap)
- Replies with emoji reactions
- Pin, close, delete moderation tools
- Admin toolbar on every topic
- HTML sanitization (DOMPurify + server-side HtmlSanitizer)
- Visual calendar with cycling event icons
- 15 preset event types with custom icons and colors
- Tooltip on hover showing all events
- Sidebar widget with live countdown
- Full-day scheduling (multiple events per day)
- Player rankings (level + exp based)
- Guild rankings
- Cached for performance (120s)
- CMS-managed content sections
- Rich text editor with HTML templates
- Hero image, intro logo, stats badges
- Race cards, tabbed interfaces, promo banners
- Rich text editor with image support
- Tag system (News, Events, Patchnotes, Updates)
- Featured cards (configurable count)
- Category filtering
- Pagination
- Character list with empire, level, rank
- Change password / change email
- Request safebox password (via email)
- Request delete code (via email)
- Referral system with coin rewards
- Purchase history
- Configurable from ACP — SMTP host, port, credentials
- Customizable email template — logo, colors, footer text
- Password reset, account verification, safebox, delete code
- Beautiful HTML emails with site branding
Security (Production-Hardened)- JWT authentication with refresh token rotation
- Admin privilege revalidation from database on every request (prevents JWT forgery)
- Atomic coin operations — no double-spend, no race conditions
- Stripe webhook signature verification + metadata validation
- DOMPurify (frontend) + HtmlSanitizer (backend) — double XSS protection
- SQL injection proof — all queries parameterized, zero string concatenation
- SVG upload scanning — blocks script injection
- Rate limiting — login (5/15min), global (120/min), purchase (10/15min)
- Password reset — 16-char cryptographic tokens (not 6-digit codes)
- SameSite strict cookies with Secure flag
- CSRF protection via SameSite strict
- Brute force protection — 5 failed attempts = 15min lockout
- Sandbox mode — demo without risk
- ForwardedHeaders middleware for proper IP detection behind nginx
- HSTS, X-Frame-Options, X-Content-Type-Options, CSP headers
Performance Optimizations- SWR caching — settings fetched once, shared across all components
- ResponseCache on 15+ endpoints (30s-1hr)
- Nginx — gzip level 4, keepalive connections, proxy buffering
- Brotli + Gzip compression
- Font optimization — WOFF2, preload, font-display: optional
- Image optimization — AVIF/WebP, 1-year cache TTL
- Pagination capped at 100 on all endpoints
- Database indexes on frequently queried columns
- Base64 auto-decoding in game logs
Fully Responsive- Tested at 320px, 375px, 480px, 768px, 1024px, 1440px+
- Mobile-optimized calendar, forms, modals, tables
- Touch-friendly (44px minimum targets)
Docker-Based Deployment- One-command install with automated SSL
- 4 containers: API, Web, Nginx, Certbot
- Auto SSL renewal via Let's Encrypt
- Multiple compose configs: production (SSL), no-SSL, development
- Health monitoring via docker compose ps
- Easy updates via update.sh
- Clean uninstall via uninstall.sh
🛠 Tech Stack
- Backend: C# / .NET 9.0
- Frontend: Next.js 16.2 / React 19.2
- Database: MySQL 8.0+
- ORM: Entity Framework Core 9.0
- Payments: Stripe
- Email: MailKit (SMTP)
- Auth: JWT (HS256)
- CSS: Tailwind CSS 3.4
- Rich Text: TipTap 3.21
- Sanitization: DOMPurify + HtmlSanitizer
- Containerization: Docker + Docker Compose
- Reverse Proxy: Nginx Alpine
- SSL: Let's Encrypt + Certbot
- Geolocation: ip-api.com (Free)
- Translation: DeepL API (Free)
- Data Fetching: SWR 2.4
⚖ What Makes M2Core Different
Installation
M2Core: 1 command, 5 minutes
Others: Manual config, hours of setup
SSL
M2Core: Automatic via Let's Encrypt
Others: Manual certbot configuration
Theme
M2Core: Live editor, 80+ settings, preset themes
Others: Edit CSS files manually
Languages
M2Core: 12 built-in + add any from ACP
Others: 1-2 languages, hardcoded
Item Shop
M2Core: Built-in with Stripe, promotions, stock management
Others: External plugin or none
Country Pricing
M2Core: Built-in with VPN protection
Others: Not available
Security
M2Core: Production-hardened, full pentest audit
Others: Basic at best
Performance
M2Core: 99% GTmetrix
Others: 60-80% typical
Responsive
M2Core: Fully tested 320px-1440px+
Others: Often broken on mobile
Email Template
M2Core: Configurable from ACP (logo, colors, footer)
Others: Edit HTML template files
Updates
M2Core: One command (update.sh)
Others: Manual file replacement
Demo Mode
M2Core: Built-in sandbox
Others: Not available
Requirements- VPS with 1GB+ RAM (2GB recommended)
- Ubuntu 20.04+ or Debian 11+
- Docker (auto-installed if missing)
- MySQL 8.0+ database (can be remote)
- Domain name pointed to VPS IP
Pricing The price is 200e as it is, no custom design. For custom design please contact on discord
Support- Installation support included
- Documentation included
- Update support included
Built with security, performance, and ease of use as the top priorities. Every feature is configurable from the admin panel — zero code editing required.
Some images in case you can't go to live preview:
*Declar că voi presta serviciile în termenii menționați mai sus și înțeleg că, în cazul nerespectării acestora, pot fi supus unei reclamații: DA
