WAF Documentation

Extract, import, and configure WAF correctly.

Follow the essential setup path: upload and extract the package, import the database, configure your environment file, set permissions, add the cron job, and complete the first admin setup.

Direct Setup

Set up by extract and database import.

Secure Guide

Includes final cleanup steps.

Hosting Ready

Works with cPanel, Plesk, and Hostinger.

1. Server Requirements

Before uploading WAF, make sure your hosting account is ready. The setup is based on uploading the files, extracting the package, importing the database, and configuring the environment file.

  • PHP 8.2 or later
  • MySQL or MariaDB database
  • Apache or LiteSpeed with .htaccess support
  • Writable storage and bootstrap/cache folders
  • Ability to create a cron job

Required PHP extensions

  • allow_url_fopen
  • cURL
  • Fileinfo
  • Imagick
  • Intl
  • Mbstring
  • OpenSSL
  • PDO MySQL
  • Tokenizer
  • XML
  • Zip
  • Ioncube Loader, if your package is encoded

Recommended PHP Version

Use PHP 8.2 or newer for the best compatibility. Enable required extensions before importing the database and opening the website.

2. Create a Database

Create a new empty database and database user from your hosting panel. Save the database name, username, password, and host because these values must be added to the environment file.

cPanel

  1. Open MySQL Databases.
  2. Create a new database.
  3. Create a database user with a strong password.
  4. Add the user to the database.
  5. Grant All Privileges.

Hostinger hPanel

  1. Open Databases > MySQL Databases.
  2. Create a database and database user.
  3. Copy the database host, name, username, and password.

Plesk

  1. Open Databases.
  2. Click Add Database.
  3. Create the database and assign a database user.
  4. Make sure the user has full access to the database.

3. Upload and Extract Files

  1. Download the WAF package from your account or Telegram purchase link.
  2. Open your hosting file manager or connect by FTP.
  3. Upload the ZIP package to your website root directory, usually public_html.
  4. Extract the ZIP package.
  5. Make sure the extracted files are directly inside the website root, not inside an extra nested folder.
  6. Confirm that .htaccess, app, bootstrap, config, public, resources, routes, and storage are present.
public_html/
├── .htaccess
├── app/
├── bootstrap/
├── config/
├── public/
├── resources/
├── routes/
└── storage/

Avoid Nested Extraction

If the files are extracted into a folder like waf-package/public_html, move the contents into your real website root so the domain can load the application correctly.

4. Import the Database

After creating the database, import the SQL file included in your package. This creates the required tables and default data.

Using phpMyAdmin

  1. Open phpMyAdmin from your hosting panel.
  2. Select the database you created for WAF.
  3. Open the Import tab.
  4. Choose the SQL file from the WAF package.
  5. Click Import and wait until it finishes.

Using command line

mysql -u database_user -p database_name < database.sql

If your package contains a different SQL filename, use that filename instead of database.sql.

5. Configure the Environment File

Open the .env file and update the main application, database, license, mail, cache, queue, and payment settings required by your website.

Basic application settings

APP_NAME="What A Faucet"
APP_ENV=production
APP_DEBUG=false
APP_URL=https://yourdomain.com

Database connection

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=your_database_name
DB_USERNAME=your_database_user
DB_PASSWORD=your_database_password

License key

LICENSE_KEY=your_license_key

Default credentials

USERNAME: [email protected]
PASSWORD: 12345678

6. Set Permissions and Cron Job

The application must be able to write cache, logs, sessions, and uploaded files.

Recommended permissions

chmod -R 775 storage bootstrap/cache

On shared hosting, you can usually set folder permission to 775 from File Manager. If 775 is not allowed by your host, use the permission recommended by your hosting provider.

Cron job

Add this cron job so scheduled tasks can run automatically:

* * * * * /usr/local/bin/php /home/username/public_html/artisan schedule:run >> /dev/null 2>&1

Replace /usr/local/bin/php and /home/username/public_html with the correct PHP path and project path from your hosting account.

7. Final Setup

  1. Open your domain in the browser.
  2. Log in using the admin details included with your package or the credentials provided by the database file.
  3. Immediately update the admin email and password.
  4. Open the admin dashboard and review website settings.
  5. Configure currency, payment methods, withdraw methods, offerwalls, ads, postback settings, and email settings.
  6. Test registration, login, faucet claim, shortlink, offerwall postback, deposit, and withdraw flow before going live.

Useful checks after setup

  • The homepage loads without server error.
  • User registration and email sending work.
  • Admin dashboard can save settings.
  • Scheduled tasks run from cron.
  • Payment callback URLs are copied correctly to payment providers.
  • Offerwall postback URLs are copied correctly to offerwall networks.

8. Configure Google OAuth

Google login is optional. Configure it only if you want users to sign in with Google.

  1. Open Google Cloud Console.
  2. Create a new project or select an existing project.
  3. Open APIs & Services > Credentials.
  4. Click Create Credentials and choose OAuth Client ID.
  5. Select Web Application.
  6. Add the authorized redirect URI:
https://yourdomain.com/oauth/google/callback
  1. Copy the Client ID and Client Secret.
  2. Add them to your .env file.
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret

9. Currencies

Admin path: Admin > Withdraw Settings > Currencies (or wherever the Currency manager is linked from your admin nav).

Currencies are the crypto assets your platform can pay users in (e.g. BTC, ETH, USDT). Every currency is validated and priced against CoinGecko.

Adding a currency

Field Required Notes
Name Yes Must match the exact CoinGecko coin ID (e.g. bitcoin, tether, binancecoin) — not the ticker. If it doesn't match a CoinGecko ID, the request fails with "Currency not supported by CoinGecko."
Code Yes The ticker symbol (e.g. BTC, USDT). Stored uppercase.

When you submit, WAF:

  1. Checks the currency doesn't already exist (by code or name).
  2. Calls CoinGecko's /simple/price endpoint to pull live conversion rates against ~48 supported fiat currencies (USD, EUR, IDR, GBP, INR, etc.).
  3. Stores the currency with all fiat conversion rates attached.

If CoinGecko is Unreachable

You'll get a 502 error ("Currency price lookup is unavailable right now."). Just retry later.

Deleting a currency

A currency cannot be deleted while any withdraw option still references it (currency_id). Remove or reassign the withdraw option first.

10. Fiat Rates

Used when a withdraw option pays out in fiat rather than crypto (see Payout Asset Mode in the Withdraw Options section below). Fiat rates are managed separately (FiatRate records) and must already exist for a fiat currency before you can select it on a withdraw option.

11. Deposit Settings

Admin path: Admin > Settings > Deposit

This page controls which deposit methods are available to users on the /deposit page.

Method Toggle Required fields
Direct/manual crypto address deposit direct_deposit CCPayment App ID, CCPayment App Secret, minimum deposit
FaucetPay faucetpay_deposit FaucetPay username, minimum deposit
ZexPay zexpay_deposit ZexPay Merchant API key, ZexPay merchant username, minimum deposit
Manual payment methods Configured separately under Manual Payment Methods

Notes:

  • Minimum Deposit is a local validation only — it stops a request from even reaching the provider's API below that USD amount.
  • Each provider's webhook URL is shown on this page for reference (e.g. /webhook/faucetpay, /webhook/zexpay) — you generally don't need to touch these unless the provider's dashboard asks you to whitelist or register a callback URL.

Adding a Currency to Direct Deposit (via CCPayment)

The Direct/manual crypto address deposit (direct_deposit) method is powered by the CCPayment API, using the CCPayment App ID and CCPayment App Secret you set on this page. If a currency you want to accept isn't showing up as a deposit option yet, it usually needs to be enabled on the CCPayment side first:

  1. Log in to your CCPayment merchant dashboard.
  2. Go to Merchant Settings > Settings.
  3. Find the "Tokens For Your Business" section and enable the token/currency you want to accept.
  4. Back in WAF, make sure the matching currency is also added under Currencies, then re-check the /deposit page — it should now list the newly enabled currency for direct deposit.

12. Withdraw Options

Admin path: Admin > Withdraw Settings > Withdraw Options

This is where you define every way a user can withdraw their balance. You can have multiple options active at once (e.g. FaucetPay + Binance + ZexPay + a manual bank transfer option).

Step 1 — Basic info

Field Required Notes
Name Yes Label shown to users, e.g. "FaucetPay (BTC)".
Wallet / Provider Yes One of: faucetpay, binance, cwallet, zexpay, manual.
Payout Mode Yes api (automatic, instant payout via provider API) or manual (admin approves and pays out by hand).

cwallet payouts always route through CCPayment's API under the hood — you'll still just select "CWallet" as the wallet type.

Step 2 — Payout asset

The Payout Asset Mode depends on Payout Mode:

  • api mode is always crypto — you must select a Currency from the list you configured in step 1.
  • manual mode can be:
    • Crypto — pick a Currency.
    • Fiat — pick a fiat currency that already has a Fiat Rate configured.
    • Custom — define your own currency code + a fixed conversion rate manually (useful for points systems, gift cards, etc.).

Step 3 — Provider-specific credentials

Wallet API key API secret Extra fields
FaucetPay Required (only for api mode)
ZexPay Required (only for api mode)
Binance Required Required Payout type (crypto_address, pay_id, pay_email), and network (e.g. BSC) if paying to a crypto address
CWallet Uses your global CCPayment credentials, not a per-option key
Manual

Where to Get API Keys

Each provider's API key is stored per withdraw option row, not globally — so if you add two FaucetPay-based options for different currencies, each keeps its own key.

Step 4 — Branding

  • Logo — optional custom image upload (jpg/png/webp/gif, max 4MB).
  • Show provider logo — if enabled and no custom logo is uploaded, WAF shows the built-in provider icon (FaucetPay/CWallet/ZexPay/Binance) automatically.

Step 5 — Manual-mode extras

Only relevant when Payout Mode is manual:

  • Require account profile — forces the user to fill out a structured form (defined by an Account Profile Preset — see the next section) instead of a free-text address field. Useful for bank transfers, e-wallets, etc.
  • Instructions — free text shown to the user on the withdraw page (up to 5000 characters) — e.g. payout schedule, processing time.

Step 6 — Limits & fees

Field Required Notes
Instant Yes yes/no. Forced to no automatically for manual payout mode.
Minimum Withdraw Yes Numeric floor for this method.
Fee Type Yes percentage or fixed.
Fee Yes The fee value matching the chosen fee type.

Once saved, the option immediately appears as a choice on the user-facing /withdraw page.

Deleting a withdraw option

No special restriction — but double check no pending withdrawals rely on it before removing.

13. Account Profile Presets (optional)

Admin path: Admin > Withdraw Settings > Account Profile Presets

Used only for manual withdraw options that require structured user input beyond a plain address (e.g. "Bank Name", "Account Number", "Account Holder Name").

  • Create a preset with a name and a set of fields.
  • Mark it Active before it can be attached to a withdraw option.
  • A preset cannot be deactivated or deleted while any withdraw option still references it — update or remove that withdraw option first.

Quick Reference — Full Setup Order for a New API Provider (Example: ZexPay)

  1. Currencies: add the crypto you'll pay out in (e.g. tether / USDT) if not already added.
  2. Deposit Settings: turn on ZexPay Deposit Status, fill in the ZexPay Merchant API key, merchant username, and minimum deposit.
  3. Withdraw Options: add new option → Wallet = ZexPay → Payout Mode = api → select the Currency from step 1 → paste your ZexPay (Faucet Owner) API key → set minimum withdraw and fee → Save.
  4. Done — ZexPay now appears as both a deposit and withdraw method on the user-facing pages.

Recommended configuration order: Currencies → Fiat Rates (if needed) → Deposit Settings → Withdraw Options → Account Profile Presets (if needed).

14. Troubleshooting & Tips

Always install updates after setup

After completing the initial installation (not a demo), go to Website Settings > System Update and install all available updates in order. Do not skip this step.

Shortlink URL format

The shortlink API URL must always end with url= and nothing should be appended after it:

https://example.com/api?api=abcd&url=

Common mistakes to avoid:

  • https://example.com/api?api=abcd&url — missing =
  • https://example.com/api?api=abcd&url=example.com — nothing should follow url=
  • https://example.com/api?url=&api=abc — wrong parameter order
  • https://example.com/api?url= — missing the api parameter
  • https://example.com/st?api=abcd&url= — wrong endpoint path

If you get a 500 error after installation

  • Re-check that every step in this documentation was followed correctly.
  • Make sure Ioncube Loader 15 is installed.
  • Check the actual error message in /storage/logs/laravel.log.
  • Confirm the database was imported and the database user has proper permissions on it.
  • Double-check the database credentials in .env. If a password like DB_PASSWORD=correctpass still fails even though it's correct, wrap it in quotes, e.g. DB_PASSWORD='correctpass'.

A feature is active but not showing up for users

If a feature has been activated in the admin panel but still doesn't appear in the user-facing navigation, check System Tools > Menu Manager and make sure the corresponding menu item is added/enabled there.

Installation Complete

Your WAF website is ready after the files are extracted, the database is imported, the environment file is configured, permissions are set, and cron is active.

Back to Top