app/Controllers/SearchController.php

<?php

namespace App\Controllers;

use Core\Controller;
use App\Models\Domain;
use App\Services\WhoisService;

class SearchController extends Controller
{
    private Domain $domainModel;
    private WhoisService $whoisService;

    public function __construct()
    {
        $this->domainModel = new Domain();
        $this->whoisService = new WhoisService();
    }

    public function index()
    {
        $query = \App\Helpers\InputValidator::sanitizeSearch($_GET['q'] ?? '', 100);

        if (empty($query)) {
            $_SESSION['error'] = 'Please enter a search term';
            $this->redirect('/domains');
            return;
        }

        // Get current user and isolation mode
        $userId = \Core\Auth::id();
        $settingModel = new \App\Models\Setting();
        $isolationMode = $settingModel->getValue('user_isolation_mode', 'shared');

        // Pagination parameters
        $page = max(1, (int)($_GET['page'] ?? 1));
        $perPage = max(10, min(100, (int)($_GET['per_page'] ?? 25)));

        // Search existing domains in database
        $allResults = $this->domainModel->searchDomains($query, $isolationMode === 'isolated' ? $userId : null);
        $totalResults = count($allResults);

        // Calculate pagination
        $totalPages = ceil($totalResults / $perPage);
        $page = min($page, max(1, $totalPages)); // Ensure page is within valid range
        $offset = ($page - 1) * $perPage;

        // Slice results for current page
        $existingDomains = array_slice($allResults, $offset, $perPage);

        // Check if query looks like a domain name
        $isDomainLike = $this->isDomainFormat($query);

        // If it looks like a domain and not found in database, offer WHOIS lookup
        $whoisData = null;
        $whoisError = null;
        
        if ($isDomainLike && empty($allResults)) {
            // Do WHOIS lookup
            $whoisData = $this->whoisService->getDomainInfo($query);
            if (!$whoisData) {
                $whoisError = "Could not retrieve WHOIS information for '$query'";
            }
        }

        // Format existing domains for display
        $formattedDomains = \App\Helpers\DomainHelper::formatMultiple($existingDomains);
        
        $this->view('search/results', [
            'query' => $query,
            'existingDomains' => $formattedDomains,
            'whoisData' => $whoisData,
            'whoisError' => $whoisError,
            'isDomainLike' => $isDomainLike,
            'pagination' => [
                'current_page' => $page,
                'per_page' => $perPage,
                'total' => $totalResults,
                'total_pages' => $totalPages,
                'showing_from' => $totalResults > 0 ? $offset + 1 : 0,
                'showing_to' => min($offset + $perPage, $totalResults)
            ],
            'title' => 'Search Results'
        ]);
    }

    /**
     * AJAX endpoint for live search suggestions
     */
    public function suggest()
    {
        header('Content-Type: application/json');
        
        $query = \App\Helpers\InputValidator::sanitizeSearch($_GET['q'] ?? '', 100);
        
        if (empty($query)) {
            echo json_encode(['domains' => [], 'isDomainLike' => false]);
            exit;
        }

        // Search existing domains (limit to 5 for quick results)
        $results = $this->domainModel->searchSuggestions($query, 5);

        // Calculate days left for each domain
        foreach ($results as &$domain) {
            if (!empty($domain['expiration_date'])) {
                $daysLeft = floor((strtotime($domain['expiration_date']) - time()) / 86400);
                $domain['days_left'] = $daysLeft;
                
                // Color coding
                if ($daysLeft < 0) {
                    $domain['status_color'] = 'red';
                } elseif ($daysLeft <= 30) {
                    $domain['status_color'] = 'orange';
                } elseif ($daysLeft <= 90) {
                    $domain['status_color'] = 'yellow';
                } else {
                    $domain['status_color'] = 'green';
                }
            } else {
                $domain['days_left'] = null;
                $domain['status_color'] = 'gray';
            }
        }

        // Check if query looks like a domain
        $isDomainLike = $this->isDomainFormat($query);

        echo json_encode([
            'domains' => $results,
            'isDomainLike' => $isDomainLike,
            'query' => $query
        ]);
        exit;
    }


    /**
     * Check if string looks like a domain name
     */
    private function isDomainFormat(string $query): bool
    {
        // Basic domain validation
        return preg_match('/^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,}$/i', $query);
    }
}
Initial Commit 2025-10-08 14:23:07 +03:00			`<?php`

			`namespace App\Controllers;`

			`use Core\Controller;`
			`use App\Models\Domain;`
			`use App\Services\WhoisService;`

			`class SearchController extends Controller`
			`{`
			`private Domain $domainModel;`
			`private WhoisService $whoisService;`

			`public function __construct()`
			`{`
			`$this->domainModel = new Domain();`
			`$this->whoisService = new WhoisService();`
			`}`

			`public function index()`
			`{`
Add CSRF, CAPTCHA, and input validation improvements Introduces CSRF protection to all sensitive controller actions, integrates configurable CAPTCHA (reCAPTCHA v2/v3, Turnstile) for authentication and registration flows, and centralizes input validation via a new InputValidator helper. Adds new helpers and services for CSRF and CAPTCHA, updates settings and migration for CAPTCHA configuration, and enhances logging and error handling in TLD registry import processes. Also improves validation for user, domain, group, and profile inputs throughout the application. 2025-10-10 00:04:12 +03:00			`$query = \App\Helpers\InputValidator::sanitizeSearch($_GET['q'] ?? '', 100);`
Initial Commit 2025-10-08 14:23:07 +03:00
			`if (empty($query)) {`
			`$_SESSION['error'] = 'Please enter a search term';`
			`$this->redirect('/domains');`
			`return;`
			`}`

Add user isolation mode and transfer features Introduces user isolation mode, allowing domains, groups, and tags to be visible only to their owners when enabled. Adds user_id fields to domains and notification_groups, updates models and controllers for isolation-aware queries, and provides admin UI and endpoints for transferring domains and groups between users (single and bulk). Includes migration, settings UI, and routes for toggling isolation mode and handling data migration. 2025-10-20 17:04:13 +03:00			`// Get current user and isolation mode`
			`$userId = \Core\Auth::id();`
			`$settingModel = new \App\Models\Setting();`
			`$isolationMode = $settingModel->getValue('user_isolation_mode', 'shared');`

Initial Commit 2025-10-08 14:23:07 +03:00			`// Pagination parameters`
			`$page = max(1, (int)($_GET['page'] ?? 1));`
			`$perPage = max(10, min(100, (int)($_GET['per_page'] ?? 25)));`

			`// Search existing domains in database`
Refactor admin/user isolation logic and model methods Moved admin/user isolation checks and related methods from Domain and NotificationGroup models to User model for better separation of concerns. Replaced direct database queries in controllers and services with new model methods. Added methods for assigning unassigned domains/groups, searching domains, and clearing old notification logs. Updated views for improved UI consistency. 2025-10-20 17:25:02 +03:00			`$allResults = $this->domainModel->searchDomains($query, $isolationMode === 'isolated' ? $userId : null);`
Initial Commit 2025-10-08 14:23:07 +03:00			`$totalResults = count($allResults);`

			`// Calculate pagination`
			`$totalPages = ceil($totalResults / $perPage);`
			`$page = min($page, max(1, $totalPages)); // Ensure page is within valid range`
			`$offset = ($page - 1) * $perPage;`

			`// Slice results for current page`
			`$existingDomains = array_slice($allResults, $offset, $perPage);`

			`// Check if query looks like a domain name`
			`$isDomainLike = $this->isDomainFormat($query);`

			`// If it looks like a domain and not found in database, offer WHOIS lookup`
			`$whoisData = null;`
			`$whoisError = null;`

			`if ($isDomainLike && empty($allResults)) {`
			`// Do WHOIS lookup`
			`$whoisData = $this->whoisService->getDomainInfo($query);`
			`if (!$whoisData) {`
			`$whoisError = "Could not retrieve WHOIS information for '$query'";`
			`}`
			`}`

Upgraded to 1.1.0 1.1.0 (2025-10-09) - User Notifications System - In-app notification center with 7 notification types, filtering, pagination - Advanced Session Management - Database-backed sessions with geolocation (country, city, ISP) - Remote Session Control - Terminate any device instantly with immediate logout validation - Enhanced Profile Page - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions) - MVC Architecture Refactoring - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views - Geolocation Tracking - IP-based location detection using ip-api.com, country flags with flag-icons - Device Detection - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet) - Auto-Detected Cron Paths - Settings show actual installation paths (thanks @jadeops) - Welcome Notifications - Sent to new users on registration or fresh install - Upgrade Notifications - Admins notified on system updates with version & migration count - Web-Based Installer - Replaces CLI, auto-generates encryption key, one-time password display - Web-Based Updater - `/install/update` for running new migrations with smart detection - User Registration - Full signup flow with email verification, password reset, resend verification - User Management - CRUD for users with filtering, sorting, pagination (admin-only) - Remember Me - 30-day secure tokens linked to sessions, cascade deletion on logout - Session Validator - Middleware validates sessions on every request for instant remote logout - Consistent UI/UX - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry - Smart Migrations - Consolidated schema for fresh installs, incremental for upgrades - XSS Protection - htmlspecialchars() applied across all user-facing data (thanks @jadeops) 2025-10-09 18:02:46 +03:00			`// Format existing domains for display`
			`$formattedDomains = \App\Helpers\DomainHelper::formatMultiple($existingDomains);`

Initial Commit 2025-10-08 14:23:07 +03:00			`$this->view('search/results', [`
			`'query' => $query,`
Upgraded to 1.1.0 1.1.0 (2025-10-09) - User Notifications System - In-app notification center with 7 notification types, filtering, pagination - Advanced Session Management - Database-backed sessions with geolocation (country, city, ISP) - Remote Session Control - Terminate any device instantly with immediate logout validation - Enhanced Profile Page - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions) - MVC Architecture Refactoring - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views - Geolocation Tracking - IP-based location detection using ip-api.com, country flags with flag-icons - Device Detection - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet) - Auto-Detected Cron Paths - Settings show actual installation paths (thanks @jadeops) - Welcome Notifications - Sent to new users on registration or fresh install - Upgrade Notifications - Admins notified on system updates with version & migration count - Web-Based Installer - Replaces CLI, auto-generates encryption key, one-time password display - Web-Based Updater - `/install/update` for running new migrations with smart detection - User Registration - Full signup flow with email verification, password reset, resend verification - User Management - CRUD for users with filtering, sorting, pagination (admin-only) - Remember Me - 30-day secure tokens linked to sessions, cascade deletion on logout - Session Validator - Middleware validates sessions on every request for instant remote logout - Consistent UI/UX - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry - Smart Migrations - Consolidated schema for fresh installs, incremental for upgrades - XSS Protection - htmlspecialchars() applied across all user-facing data (thanks @jadeops) 2025-10-09 18:02:46 +03:00			`'existingDomains' => $formattedDomains,`
Initial Commit 2025-10-08 14:23:07 +03:00			`'whoisData' => $whoisData,`
			`'whoisError' => $whoisError,`
			`'isDomainLike' => $isDomainLike,`
			`'pagination' => [`
			`'current_page' => $page,`
			`'per_page' => $perPage,`
			`'total' => $totalResults,`
			`'total_pages' => $totalPages,`
			`'showing_from' => $totalResults > 0 ? $offset + 1 : 0,`
			`'showing_to' => min($offset + $perPage, $totalResults)`
			`],`
			`'title' => 'Search Results'`
			`]);`
			`}`

			`/**`
			`* AJAX endpoint for live search suggestions`
			`*/`
			`public function suggest()`
			`{`
			`header('Content-Type: application/json');`

Add CSRF, CAPTCHA, and input validation improvements Introduces CSRF protection to all sensitive controller actions, integrates configurable CAPTCHA (reCAPTCHA v2/v3, Turnstile) for authentication and registration flows, and centralizes input validation via a new InputValidator helper. Adds new helpers and services for CSRF and CAPTCHA, updates settings and migration for CAPTCHA configuration, and enhances logging and error handling in TLD registry import processes. Also improves validation for user, domain, group, and profile inputs throughout the application. 2025-10-10 00:04:12 +03:00			`$query = \App\Helpers\InputValidator::sanitizeSearch($_GET['q'] ?? '', 100);`
Initial Commit 2025-10-08 14:23:07 +03:00
			`if (empty($query)) {`
			`echo json_encode(['domains' => [], 'isDomainLike' => false]);`
			`exit;`
			`}`

			`// Search existing domains (limit to 5 for quick results)`
Refactor admin/user isolation logic and model methods Moved admin/user isolation checks and related methods from Domain and NotificationGroup models to User model for better separation of concerns. Replaced direct database queries in controllers and services with new model methods. Added methods for assigning unassigned domains/groups, searching domains, and clearing old notification logs. Updated views for improved UI consistency. 2025-10-20 17:25:02 +03:00			`$results = $this->domainModel->searchSuggestions($query, 5);`
Initial Commit 2025-10-08 14:23:07 +03:00
			`// Calculate days left for each domain`
			`foreach ($results as &$domain) {`
			`if (!empty($domain['expiration_date'])) {`
			`$daysLeft = floor((strtotime($domain['expiration_date']) - time()) / 86400);`
			`$domain['days_left'] = $daysLeft;`

			`// Color coding`
			`if ($daysLeft < 0) {`
			`$domain['status_color'] = 'red';`
			`} elseif ($daysLeft <= 30) {`
			`$domain['status_color'] = 'orange';`
			`} elseif ($daysLeft <= 90) {`
			`$domain['status_color'] = 'yellow';`
			`} else {`
			`$domain['status_color'] = 'green';`
			`}`
			`} else {`
			`$domain['days_left'] = null;`
			`$domain['status_color'] = 'gray';`
			`}`
			`}`

			`// Check if query looks like a domain`
			`$isDomainLike = $this->isDomainFormat($query);`

			`echo json_encode([`
			`'domains' => $results,`
			`'isDomainLike' => $isDomainLike,`
			`'query' => $query`
			`]);`
			`exit;`
			`}`

Add user isolation mode and transfer features Introduces user isolation mode, allowing domains, groups, and tags to be visible only to their owners when enabled. Adds user_id fields to domains and notification_groups, updates models and controllers for isolation-aware queries, and provides admin UI and endpoints for transferring domains and groups between users (single and bulk). Includes migration, settings UI, and routes for toggling isolation mode and handling data migration. 2025-10-20 17:04:13 +03:00
Initial Commit 2025-10-08 14:23:07 +03:00			`/**`
			`* Check if string looks like a domain name`
			`*/`
			`private function isDomainFormat(string $query): bool`
			`{`
			`// Basic domain validation`
			`return preg_match('/^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,}$/i', $query);`
			`}`
			`}`