Skavoo

02/08/2025 · Zascia Hugo · 6 min read

PHPMySQLMVCCSS
On This Page
Why I Built SkavooThe Windows XP AestheticSystem ArchitectureKey FeaturesSocial PostingFriend SystemPrivate MessagingReal-Time NotificationsUser ProfilesPassword RecoverySecurityDatabase SchemaTechnical StackDesign Principles in PracticeWhat I LearnedWhere Can I Learn More?

Skavoo is a social media platform built entirely from scratch with vanilla PHP. No frameworks, no shortcuts - just raw PHP, MySQL, and a deliberate decision to build every layer by hand. The design leans into nostalgia with a Windows XP-inspired aesthetic, because social media doesn't have to look like everything else on the internet.

Skavoo - Home Page

Skavoo - Home Page

Skavoo - Login

Skavoo - Login

Skavoo - Registration

Skavoo - Registration

Skavoo - Reset Password

Skavoo - Reset Password

Skavoo - Feed

Skavoo - Feed

Skavoo - Friends List

Skavoo - Friends List

Skavoo - Pending Friend List

Skavoo - Pending Friend List

Skavoo - View Message

Skavoo - View Message

Skavoo - Inbox

Skavoo - Inbox

Skavoo - Logged In Profile

Skavoo - Logged In Profile

Skavoo - Other User Profile

Skavoo - Other User Profile

Why I Built Skavoo

Social networks are deceptively complex. Behind a simple feed sits authentication, session management, friend graphs, real-time notifications, file uploads, private messaging, and a dozen security concerns. Building one from scratch forces you to confront every one of those problems without a framework abstracting them away.

I wanted to prove that vanilla PHP can produce a well-structured, secure, and fully functional application - not just a toy demo. Skavoo demonstrates:

  1. MVC architecture implemented from first principles, not inherited from a framework.
  2. Complete authentication with bcrypt hashing, CSRF protection, and secure session handling.
  3. Relational data modelling across users, posts, likes, comments, friends, messages, and notifications.
  4. Security-first development with PDO prepared statements, output escaping, and token-based form protection.

The Windows XP Aesthetic

Every social platform today looks the same - rounded corners, soft shadows, minimalist everything. Skavoo goes the other way. The UI takes cues from the Windows XP era: bold borders, familiar chrome, and a visual style that feels like opening Internet Explorer on a fresh Dell in 2003. It's a deliberate design choice - partly for fun, partly to show that styling is a creative decision, not a formula.

System Architecture

Skavoo follows an MVC pattern built from the ground up:

  • Controllers handle incoming requests and return responses - one per feature domain (Auth, Feed, Friends, Messages, Posts, Notifications, Search, User).
  • Views are PHP templates that render HTML, organised by feature with reusable components.
  • Helpers provide database access (DB), CSRF token management, mail utilities, and shared functions.
  • Middleware handles authentication checks and request preprocessing.
  • Router maps URLs to controller actions with a clean routing table.

Key Features

Social Posting

Users create posts with optional image uploads. Posts appear on the feed, where friends can like and comment. Post deletion is restricted to the original author.

Friend System

The full friend lifecycle is supported - send requests, accept or reject them, view your friends list, and remove connections. The friend graph drives the feed: you only see posts from people you're connected with.

Private Messaging

One-to-one direct messaging with conversation threads. Messages are organised by conversation, making it easy to pick up where you left off.

Real-Time Notifications

Activity notifications for likes, comments, friend requests, and messages. Users can mark individual notifications as read or clear them all at once.

User Profiles

Customisable profiles with avatars and post history. Each profile page shows the user's posts, their friend count, and a way to connect or message them.

Password Recovery

Email-based password reset with secure, time-limited tokens. The full flow - request, email, verify, reset - is implemented end to end.

Security

Security is not an afterthought in Skavoo. Every form is protected with CSRF tokens. All database queries use PDO prepared statements to prevent SQL injection. Passwords are hashed with bcrypt. Sessions are configured securely. Output is escaped to prevent XSS.

MeasureImplementation
Password Hashingpassword_hash() with bcrypt
SQL InjectionPDO prepared statements throughout
CSRF ProtectionToken-based protection on all forms
Session SecuritySecure session configuration
XSS PreventionOutput escaping in views

Database Schema

The relational model spans eight tables:

TablePurpose
usersUser accounts and profile data
postsUser posts with optional media
likesPost likes (user-post relationship)
commentsComments on posts
friendsFriend relationships and requests
messagesPrivate messages between users
notificationsUser activity notifications
password_resetsPassword reset tokens

Technical Stack

  • Language: PHP 8.0+
  • Database: MySQL 5.7+
  • Architecture: MVC (built from scratch)
  • Security: bcrypt, CSRF tokens, PDO prepared statements, XSS escaping
  • Server: Apache/Nginx or PHP built-in server
  • Styling: Custom CSS with a Windows XP-inspired aesthetic

Design Principles in Practice

Skavoo was designed to validate that vanilla PHP, built from the ground up, can produce a system with the same architectural quality as a framework-based application:

PrincipleImplementation
Separation of ConcernsControllers handle requests, Views render HTML, Helpers manage data access
Single ResponsibilityOne controller per domain - Auth, Feed, Friends, Messages, Posts, Notifications, Search, User
DRY (Don't Repeat Yourself)Shared components for headers, footers, and navigation across all views
Defence in DepthMultiple security layers - CSRF, prepared statements, hashing, output escaping
Convention over ConfigurationConsistent file naming, routing patterns, and controller structure

What I Learned

Building Skavoo from scratch reinforced several important lessons:

  • Frameworks abstract more than you realise. Building routing, middleware, CSRF protection, and session management by hand gives you a real understanding of what Laravel, Symfony, or Express do under the hood. It is a different kind of education.
  • Security requires active effort at every layer. It is not enough to hash passwords. Every form needs CSRF tokens. Every query needs prepared statements. Every output needs escaping. Security is not a feature - it is a discipline.
  • Relational data modelling is the backbone. Friends, messages, notifications, likes, and comments all create relationships between users and content. Designing the schema correctly from the start made every feature easier to build.
  • Nostalgia is a valid design choice. The Windows XP aesthetic started as a joke, but it proved a real point: styling is intentional. It is not about following trends - it is about choosing a direction and committing to it.

Where Can I Learn More?

  • Repository: GitHub Repo
  • Documentation: Full developer docs in the docs/ folder