Panel no longer depends on the user-managed MariaDB service.
SQLite at /var/lib/novacpx/panel.db runs independently so the
control panel stays up even when MariaDB is stopped.
- DB.php: switch to sqlite: DSN, add SQL translator (ON DUPLICATE KEY,
DATE_ADD/DATE_SUB INTERVAL, NOW(), UNIX_TIMESTAMP(), IFNULL)
- Core.php: replace DB_HOST/NAME/USER/PASS with DB_PATH constant
- schema.sql: full SQLite syntax, add TOTP columns to users table
- _branding.php: use sqlite: PDO, datetime('now') for session check
- install.sh: apt install sqlite3, create SQLite DB instead of MySQL DB
- tools/migrate-to-sqlite.sh: one-shot migration script for existing installs
- proxy.php: always set proxy_mode=disabled and clear remote_host/backend_ip
on any uninstall, not just when nginx binary is removed
- admin.js: show setup cards when mode==='disabled' regardless of whether
nginx binary still exists on the remote VM
- Status card shows 'Disabled' instead of 'Stopped' when mode is disabled
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NOVACPX_ROOT (/srv/novacpx/public) is a deployed file copy, not a git
repo — hence 'fatal: not a git repository'. The actual git clone lives
at /opt/novacpx-src (installed by the installer).
check-update and apply-update now use /opt/novacpx-src for all git
operations. apply-update also deploys the pulled files back to the web
root with cp -a (public/, api/, lib/, bin/) and re-sets ownership.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nova.modal(title, body, footerHtml) expects an HTML string for the third
parameter. proxyAddHost, proxyEditHost, proxySwitchLocal, and proxyUninstall
were all passing async functions instead, which got stringified as garbage
text with no actual buttons rendered.
Each modal now gets proper Cancel + action button footer HTML, with the
save/action logic wired via addEventListener after modal creation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
proxyRunSetup() used EventSource which only sends GET. The setup-remote
endpoint requires POST, so the request hit the 404 default and the SSE
connection immediately errored with 'Connection lost'.
Replace EventSource with fetch+ReadableStream (same pattern already used
by proxySwitchLocal). Also remove the dead EventSource+close() pair that
was left in proxySwitchLocal from an earlier draft.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
remoteExec uses 2>&1 so SSH's own stderr merged with command stdout.
The 'Warning: Permanently added...' line prepended to 'active' made the
=== 'active' check in isRunning() always return false.
Add -o LogLevel=ERROR to suppress SSH informational/warning messages
while keeping actual remote command output and real SSH errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ProxyManager::sysctl() and reload() now use sudo for local commands —
www-data cannot run systemctl directly, so start/stop/restart/reload
were silently failing with permission denied
- Control endpoint now returns success:false when nginx stays stopped
after a start/restart, or stays running after a stop
- proxyControl() JS shows a loading overlay while the action runs and
uses error toast when the action reports failure
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nova.modal(title, bodyHtml, footerHtml) expects footerHtml as an HTML
string, but an async callback was passed instead. The function got
stringified as garbage text in the footer with no save button, so
nothing ever saved regardless of mode chosen.
Replaced with proper footer HTML (Cancel + Save buttons) and wired the
save logic as an event listener on the save button.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- admin.js was calling 'apply-novacpx-update' but endpoint is 'apply-update'
- Add null guard in nova.js progress bar setInterval — _barEl can be set to
null by the fade-out timer between interval ticks, causing a crash
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The redirect on 401 sent the browser back to /?redirect=... on the same
panel port, which re-served the panel page itself — causing an infinite
reload. The panel pages (admin/reseller/user) already have inline login
forms that activate when auth/me fails, so no redirect is needed.
Return a failure object on 401 so the existing login form shows instead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Only apply the tight 10/min bucket to POST /auth (actual login attempts).
GET /auth (session checks on page load) now falls into the general 120/min
bucket, preventing the login page from rate-limiting itself during normal use.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add -o UserKnownHostsFile=/dev/null to remoteExec so SSH doesn't
attempt to write to /var/www/.ssh/known_hosts (permission denied).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ProxyManager::runSetupOnRemote() — generator yields step-by-step
progress; drives SSE stream from /api/proxy/setup-remote POST
- ProxyManager::uninstall(bool) — removes configs from remote or local;
optionally apt-get removes nginx and sets mode=disabled
- ProxyManager::healthCheck() — called every 5 min from collect-stats.php;
restarts nginx on remote if found stopped
- proxy.php: POST /api/proxy/setup-remote (SSE stream), DELETE /api/proxy/uninstall
- admin.js: proxyRunSetup() streams output to a live log modal;
proxyUninstall() with configs-only vs full removal choice;
'Run Setup on Remote VM' / 'Uninstall' buttons in page header
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ProxyManager: all ops (start/stop/reload, config push) work over SSH
when proxy_mode=remote; sysctl/reload/writeHostConfig/deleteHost all
route to remoteExec/remotePush helpers
- proxy.php: add GET/POST /api/proxy/settings and POST /api/proxy/test-remote
- admin.js: Settings modal with mode selector + remote fields + Test Connection;
page header always shows Settings button; status card shows mode + remote host;
'not installed' state directs to Configure Remote Proxy VM
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- auth: impersonate stores empty data instead of raw cookie; unimpersonate
issues a fresh session rather than replaying a stored token
- api/index.php: restore rate limiting (10 req/min auth, 120 general)
- nova.js: 401 redirects to login instead of silently returning error;
escHtml now escapes single quotes to prevent onclick XSS
- accounts: wrap ownership-change 4-write path in beginTransaction/commit;
restore audit body on account.update
- reseller/user login cards: use $_pname instead of hardcoded 'NovaCPX'
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- VM polls GitHub every minute via novacpx-poll-deploy cron
- GitHub webhook registered at JARVIS for push notifications
- Deploy webhook.php at /deploy/webhook.php for future relay use
- Queue file permissions fixed (666) for www-data/root shared access
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Enforce portal role isolation: admin/reseller/user can only auth on their own port
- Admin/reseller impersonation: Login As with cookie handoff + Return banner in user panel
- Account ownership: admin can reassign accounts to resellers, DNS NS follows
- accounts/update: ownership change cascades package + NS to new owner
- users.php endpoint: admin list/filter by role (reseller dropdown)
- Docker launch fix: uDockerUpdateParams defined before call
- Nova.loading() spinners: login, SSL, PHP switch/save, backup create, docker launch/actions
- Logo consistency: gradient CPX text on all login pages, novacpx_logo_html() in all sidebars
- BackupManager: fix DB class name, table name, column name
- DNSManager: fix settings keys (ns1_hostname/ns2_hostname)
- docker.php: resolve account_id from user uid for all actions
- Auth: impersonate sets cookie + stores return_token for seamless round-trip
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- initUser/initReseller: show main-layout and hide auth-check on
successful auth (was never shown, causing blank page after login)
- Fix login form IDs in user/index.php and reseller/index.php:
changed l-user/l-pass/login-err to li-user/li-pass/li-err to
match what doLogin() reads; add onsubmit handler so form works
immediately without waiting for JS to replace it
- Wire logout button in both boot sequences
- Fix data.accounts → data in reseller.js (same paginate() bug as admin)
- Reset myron user password to Joker1974!!!
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- initUser() now hides auth-check and shows main-layout on success
- Remove conflicting inline script from user/index.php that referenced
#app (non-existent) instead of #main-layout, causing null JS error
that prevented the panel from ever rendering after successful auth
- Wire logout button in boot sequence (was only in the removed inline script)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
JS sends account_id but PHP was reading id; both now accept either.
Same fix applied to terminate.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New accounts/update endpoint: updates package_id, php_version, email,
and notes; switches PHP-FPM pool when version changes
- Edit button on each account row opens pre-populated modal
- Modal shows email, package dropdown, PHP version selector; domain
is read-only with tooltip explaining it can't change
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix accounts list always showing empty: Response::paginate() returns data
as res.data (array), not res.data.accounts — fix all 9 call sites in admin.js
- Replace blocking apply-os-update with background job + terminal modal:
start-os-update runs apt-get as nohup subprocess with sudo, writes to
/tmp log file; os-update-status polls log and done-file; admin.js shows
scrolling terminal modal that auto-closes when complete
- Fix OS update: was running apt-get without sudo (www-data lacks root)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- novacpx-webserver-switch: new helper script that manages ports 80/443
only; panel ports 8880-8883 are never touched
- system.php: save-option web_server now calls the helper script instead
of stopping all web servers (which killed the panel)
- admin.js: server options shows live Apache/Nginx status badges and notes
that the panel always runs on Apache
- save-option: inline service switching (web/ftp/dns) instead of missing shell scripts
- stats: dynamic service list based on web_server/ftp_server/dns_server settings
- service action: allow all variants (nginx, pure-ftpd, pdns, nsd, etc.)
- mysqlManager: full rewrite with MySQL/MariaDB/PostgreSQL engine cards (install/remove/start/stop), active engine selector, all-databases table
- ftpServer page: dynamic — shows whichever FTP server is configured, not hardcoded proftpd
- db-engine-action: fixed duplicate INSERT line
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
php.php: install-version, remove-version, version-extensions, install-extension,
remove-extension, fpm-action endpoints. versions now returns fpm_active status
and panel_php (current runtime version).
admin.js phpManager(): grid of installed/not-installed versions with Install/
Remove/Restart FPM buttons; Extensions panel slides in below with filterable
list, dropdown of common extensions + custom input, per-extension Remove buttons.
Panel PHP info card shows which version NovaCPX runs on.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use btn-xs + flex-wrap so Restart/Start/Stop fit within the stat-card
on narrow layouts without bleeding into adjacent cards.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Stubs inside the IIFE (twofa/sessions/cloudflare/wordpress/nginxProxy)
always shadowed the real global implementations. Pages dict captured
the stubs so clicking those nav items just showed "Loading...".
Fix: stubs now delegate to renamed global functions (*Page suffix).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
system.php: INSERT used wrong column names (cpu_pct/ram_pct/disk_pct/
load_1m) — table has cpu_usage/ram_usage/disk_usage/load_avg matching
migration 007. Fatal PDOException was crashing stats API → all services
showing as unknown.
admin.js mailServer(): remove spamassassin row (not installed, was
permanently hardcoded to 'unknown').
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Extra } after auditLog helpers was closing the outer async IIFE early,
causing phpManager() and all subsequent functions to parse outside the
IIFE — resulting in "Unexpected token async" crash and a blank panel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Notifier.php + test-notify: use plain email address in 'from' field
(CyberMail rejects "Name <email>" format)
- deploy-runner.sh: rsync panel/api/ and panel/lib/ to web root after
panel/public/ sync; also syncs panel/bin/ to /opt/novacpx/bin/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Notifier.php: CyberMail API sender with 4 trigger types (account
created, suspended, disk quota warning, SSL expiry)
- Reads cybermail_api_key / notify_from_* / notify_admin_email from
settings table
- accounts.php: fires Notifier on create (welcome + admin alert) and
suspend (user + admin alert)
- system.php: notify-settings GET, save-notify-settings POST,
test-notify POST (with API key masking)
- bin/notify-checks.php: daily cron for disk ≥85% and SSL ≤14 days
(flag-based dedup in settings table)
- admin panel: Notifications page with form + trigger reference table;
sidebar link added
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
#18: reseller_branding table (migration 008). branding.php endpoint: get/save/
upload-logo/delete-logo/resellers. _branding.php server-side helper injects
CSS vars (--primary, --accent), custom CSS, favicon, and panel name into
<head> of reseller + user portals at page-load time (no flash of unbranded
content). NOVACPX_BRANDING JS global carries panel_name/support_email/
support_url/hide_powered_by for runtime use. Reseller panel gets a new
"White Label" sidebar page with logo upload, color pickers with live preview,
support contact fields, powered-by toggle, and custom CSS textarea.
#24: audit-log backend now accepts user/action/date_from/date_to filter params.
auditLog() JS rebuilt: filter bar at top, paginated table, expandable detail
rows (click row to show JSON detail), total entry count, page buttons.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
myron