ProjectSend

ProjectSend is a PHP‑based, client‑centric file transfer platform that blends classic web technologies with modern security practices. At its core, the application exposes a REST‑style API over HTTPS and a lightweight web UI that leverages jQuery, Bootstrap, and modern CSS for drag‑and‑drop uploads. The server side is written in PHP 7.4+ and relies on a MySQL (or MariaDB) database for metadata, user accounts, permissions, and audit logs. The architecture is deliberately simple: a single PHP entry point (index.php) routes all requests through a front‑controller, while the MVC‑ish separation of concerns is handled by a lightweight framework that ships with its own routing, templating, and validation layers.

Key Features

• Fine‑grained ACLs – Users, clients, and groups can be granted explicit read/write/overwrite permissions on a per‑file or folder basis.
• Server‑side encryption – Files are encrypted with AES‑256‑GCM before storage, both on local disk and when pushed to cloud backends such as AWS S3.
• Audit logging – Every upload, download, delete, or permission change is recorded with timestamps, actor IDs, and IP addresses.
• Extensible storage – The storage abstraction supports local filesystem, S3, and future providers via a plugin interface.
• LDAP/AD integration – Enterprise deployments can authenticate against external directories, with optional role mapping and fallback to local accounts.
• Webhook & API hooks – Developers can register callbacks for upload, download, and deletion events, enabling integration with CI/CD pipelines or notification services.

Technical Stack

• Language: PHP 7.4+ (object‑oriented, namespaced).
• Framework: Custom lightweight MVC with Composer‑managed dependencies (e.g., symfony/var-dumper, guzzlehttp/guzzle).
• Database: MySQL 5.0+ (or MariaDB) using PDO with prepared statements to prevent SQL injection.
• Web Server: Apache 2 or Nginx with XSendFile/X‑Accel support for efficient file streaming.
• Asset Pipeline: NPM + Gulp compiles SCSS and ES6 modules into minified CSS/JS bundles.
• Testing: PHPUnit for unit tests, static analysis via PHPStan and Psalm, CI on GitHub Actions.

Deployment & Infrastructure

ProjectSend is designed for self‑hosting in a LAMP or LNMP stack. Docker images are available (official projectsend/projectsend on Docker Hub) with environment variables for database credentials, storage paths, and LDAP configuration. The container exposes port 80/443 and can be orchestrated with Docker Compose or Kubernetes; the stateless PHP layer scales horizontally, while a shared MySQL cluster and an S3‑compatible bucket provide persistent storage. The application can also run on traditional shared hosting, provided the required PHP extensions (pdo, mbstring, xml, gettext, fileinfo, gd2, zip) are enabled.

Integration & Extensibility

• Plugin System – Developers can drop PHP files into the plugins/ directory; each plugin implements a specific interface (PluginInterface) and can hook into lifecycle events.
• REST API – Endpoints such as /api/v1/files, /api/v1/clients expose CRUD operations with JWT authentication.
• Webhooks – On upload or deletion, the system can POST JSON payloads to configured URLs.
• Themeable UI – Themes are simple CSS/JS overrides located in themes/; new themes can be added without touching core code.
• Internationalization – PO/MO files are managed via Transifex; developers can contribute new translations or modify existing ones.

Developer Experience

The source tree is well‑documented with a docs/ folder that covers architecture, API reference, and deployment guides. Composer keeps third‑party libraries up to date, while GitHub Actions enforce static analysis and dependency security checks. The community is active on Patreon, Open Collective, and a Facebook group, providing quick support for feature requests or bug reports. The codebase follows PSR‑4 autoloading, uses descriptive naming conventions, and includes inline comments that explain complex encryption or permission logic.

Use Cases

• Enterprise File Sharing – Securely deliver project artifacts to clients with per‑client access controls and audit trails.
• DevOps Pipelines – Use the API to programmatically upload build artifacts or logs, with webhooks notifying CI systems of new files.
• SaaS Platforms – Embed ProjectSend as a file management module within a larger application, leveraging its plugin hooks for custom workflows.
• Remote Learning – Instructors can distribute course materials to students, enforce download limits, and track engagement via logs.

Advantages

ProjectSend’s open‑source GPLv2 license allows unrestricted modification and redistribution, a key benefit for companies that require full control over their data pipeline. Its built‑in AES encryption and LDAP support give it a security edge over cloud‑only services, while the lightweight architecture keeps resource usage low—ideal for small VPS or dedicated servers. Compared to alternatives like Nextcloud, ProjectSend offers a narrower feature set focused on file transfer, resulting in fewer dependencies and a smaller attack surface. For developers who need a customizable, self‑hosted file sharing solution that can be tightly integrated into existing infrastructures, ProjectSend delivers a compelling