myron
|
6fdccc6dbd
|
feat: items #9-13 — password change, webmail SSO, DKIM live, file manager security, cache busting
#9 auth.php: add self-service change-password action (current+new+confirm)
accounts.php: fix admin change-password — accept account_id, fetch username
for chpasswd (was using int ID), add Auth::require('admin') guard
user.js: add Change Password page + navItem + submitChangePassword()
#10 EmailManager: store AES-256-CBC enc_password alongside SHA512-CRYPT hash
webmail.php: rewrite login-url to use webmail_sso_tokens table
novacpx-sso.php: Roundcube SSO bridge (validate token, decrypt, autosubmit)
Migration 005: add enc_password column + webmail_sso_tokens table
#11 opendkim: installed, configured (/etc/opendkim.conf, signing.table,
key.table, trusted.hosts), socket at /var/spool/postfix/opendkim/,
Postfix milter wired, service enabled+running, key generation verified
#12 files.php: fix safe_path() for non-existent paths (write/mkdir),
add safe_path_new() helper using parent-dir realpath check,
fix delete guard (block deleting account root dirs),
fix rename destination, clamp chmod to 0777
#13 nova.js: api() handles network errors, 429 rate-limit with retry-after,
non-JSON responses (PHP fatal pages) — graceful error instead of throw
admin/user/reseller index.php: filemtime-based cache-busting on all assets
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-08 01:19:33 +00:00 |
|
myron
|
870ec062f0
|
Add complete user and reseller panel JS — all pages fully implemented
User panel (user.js): dashboard with usage rings, domains+SSL, email accounts+forwarders, databases, FTP, SSL manager, PHP switcher, cron jobs, file manager (edit/upload/chmod), stats
Reseller panel (reseller.js): dashboard, accounts list+search+suspend/terminate, create account form, packages CRUD, DNS zones editor
Both panels: dynamic sidebar nav using nova-icons.svg sprite, inline auth guard
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-07 06:08:32 +00:00 |
|