Auth, Stripe billing, credits, API keys and admin — already wired on plain PHP and SQLite. Launch on one cheap VPS, no build step.
Each piece is plain, readable, and copyable. Delete what you don't need; the plumbing stays the same across every project.
Email code + magic-link login over SES SMTP, plus optional one-tap Sign in with Apple. No passwords, no reset screens, no auth-provider invoice. Session fixation handled, rate-limited by IP and email.
Hosted Checkout, monthly/yearly tiers, upgrade previews with proration, scheduled downgrades, signed webhooks, the billing portal, and one-time digital products.
Define tiers in one config file. Grant from webhooks, spend on actions — atomic and never negative.
Bearer-token auth, CSRF for browser actions, rate limits, and a notes CRUD you copy for real features.
Search users and webhooks, inspect Stripe state, revoke keys, block bad actors — no second app.
One file, automatic migrations on boot, and a backup script you point at cron. Sturdy, not magical — and it scales further than people expect.
Subscriptions, credits, one-time payments, API keys, and protected downloads are the primitives behind most modern SaaS. Bring your product idea — the money plumbing is already here.
Charge credits per render and gate premium models behind higher plans.
Meter messages or tokens with the credit ledger; tier access by plan.
Sell bearer keys with rate limits and a per-call credit cost — usage billing built in.
Sell templates, themes, UI kits, presets, ebooks or datasets — one-time payment, protected files.
Recurring plans that unlock content, tools, or a members-only area.
SEO checkers, generators, analytics, dashboards — any small paid utility.
Charge for listings or featured placement — the build-in-public playbook.
Sell access to lessons, a content library, or premium articles.
composer install then php scripts/install.php. SQLite and your .env are created for you.
Drop in your keys and price IDs. doctor.php tells you exactly what's missing before launch.
Change the copy, plans and theme. Light/dark and the whole design system come from CSS variables.
NGINX + PHP-FPM on a sub-$10 Hetzner VPS, point a domain, run the backup cron. Take real payments.
Composer pulls one practical dependency — PHPMailer. Everything else stays close to plain PHP, SQLite, HTML, CSS and a little jQuery. Pages render on the server and work before JavaScript loads.
You don't need a bigger stack. You need to ship.
Tens of thousands of queries a second from one file. Reads never block writes in WAL mode.
Amazon SES is $0.10 per 1,000 emails — 10,000 passwordless logins a month is exactly $1.
One Hetzner Cloud box runs the whole thing — NGINX, PHP-FPM, SQLite, cron backups. Their smallest plans start around €4. No managed-platform tax on your margin.
Define plans in app/subscriptions.php, attach Stripe price IDs, and the checkout flow stays generic across every project.
Default access for new users and trial accounts.
For a small paid SaaS tier.
For heavier usage and premium features.
For power users and high-credit products.
Yes — parameterised SQL throughout, signed Stripe webhooks, CSRF, rate limiting, session hardening and a security checklist. It's a starter, so you still own your legal pages, secrets and deploy, but the plumbing is real.
Because it's a tax you don't need. Server-rendered PHP plus a little jQuery means no bundler, no hydration, no node_modules, and no supply-chain tree to babysit — pages render instantly and work before JavaScript loads. This is the choice, not a limitation.
Better than most hosted databases people pay monthly for. SQLite serves tens of thousands of reads per second from a single file, and in WAL mode reads never block writes. It's the most widely deployed database on earth and comfortably powers sites doing 100k+ hits a day — indexes, WAL, and cron backups are already wired in. This is the production database.
Rename APP_NAME, swap the copy and plans, replace the legal pages, and toggle light/dark or restyle the CSS variables. The repo ships AI-handoff docs so your agent can do most of it for you.
One Hetzner Cloud VPS runs the whole stack for under $10 a month — their smallest shared-vCPU plans start around €4. Login emails on Amazon SES run $0.10 per 1,000, so 10,000 passwordless logins a month is $1. No per-seat platform bills, no managed-everything subscriptions quietly eating your margin.
Passwordless sign-in, Stripe billing, credits and admin — already wired. Clone it, rename it, start charging.