Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgraded to 1.1.0

Browse Source 
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
This commit is contained in:
Hosteroid
2025-10-09 18:02:46 +03:00
parent adc28b97f0
commit e5b9599755
61 changed files with 6838 additions and 812 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
README.md
View File

@@ -22,12 +22,17 @@ A modern PHP MVC application for monitoring domain expiration dates and sending
- 🎨 **Modern UI** - Clean, responsive design with intuitive interface
### Advanced Features
- 🔐 **Secure by Default** - Random passwords, session management, prepared statements
- 🔐 **Secure by Default** - Random passwords, database-backed sessions, prepared statements
- 🔔 **User Notifications System** - In-app notification center with real-time updates
- 📬 **Smart Notifications** - Welcome messages, upgrade alerts, domain warnings
- 🌐 **Advanced Session Management** - View all active sessions with geolocation and device tracking
- 🚨 **Remote Session Termination** - Logout any device immediately from anywhere
- 📈 **Bulk Operations** - Import, refresh, and manage multiple domains at once
- 🎯 **Flexible Alerts** - Customizable notification thresholds (60, 30, 21, 14, 7, 5, 3, 2, 1 days)
- 🔄 **Auto WHOIS Refresh** - Keep domain data up-to-date automatically
- 📱 **Monitoring Controls** - Enable/disable notifications per domain with alerts
- 🌍 **RDAP Support** - Modern protocol for faster, structured domain data
- 🏴 **Geolocation Tracking** - See location, ISP, and device info for all sessions
## 📋 Requirements
@@ -43,9 +48,12 @@ A modern PHP MVC application for monitoring domain expiration dates and sending
The application includes built-in authentication with secure practices:
- 🔑 **Random Password Generation** - Unique secure password created on installation
- 🛡️ **Session Management** - Secure session handling with httpOnly cookies
- 🛡️ **Database-Backed Sessions** - True session management with immediate remote logout
- 🌍 **Session Tracking** - Monitor all active sessions with location and device info
- 🚨 **Remote Session Control** - Terminate suspicious sessions from any device
- 💉 **SQL Injection Protection** - All queries use prepared statements
- 🔒 **One-time Credentials** - Admin password shown only once during setup
- 🍪 **Secure Remember Me** - Cryptographically secure 30-day tokens linked to sessions
⚠️ **Important:** Save your admin password during installation - it won't be shown again!
@@ -88,7 +96,7 @@ DB_PASSWORD=your_password
```
**Note:**
- The encryption key (APP_ENCRYPTION_KEY) will be automatically generated during migration
- The encryption key (APP_ENCRYPTION_KEY) will be automatically generated during web installation
- Application name, URL, timezone, email settings, and monitoring schedules are configured through the web interface in **Settings** (not .env)
### 4. Create Database
@@ -99,48 +107,44 @@ Create a MySQL database:
CREATE DATABASE domain_monitor CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
```
### 5. Run Migrations
### 5. Run Web Installer
#### Option A: Apache/Nginx (Recommended)
Configure your web server (see step 7 below), then visit your domain in a browser:
```
http://your-domain.com
```
You'll be automatically redirected to the installer.
#### Option B: PHP Built-in Server
```bash
php database/migrate.php
php -S localhost:8000 -t public
```
**⚠️ IMPORTANT:** The migration will:
1. **Generate an encryption key** (if not already set) and save it to `.env`
2. **Generate a random admin password** and display it **only once**
Then visit: `http://localhost:8000`
Example output:
```
🔑 Generating encryption key...
✓ Encryption key generated and saved to .env
Key: base64_encoded_key_here
⚠️ Keep this key secret and backup securely!
The web installer will:
1. ✅ Create all database tables
2. Generate encryption key and save to `.env`
3. ✅ Let you set admin email and password
4. ✅ Show credentials on completion (save them!)
...
🔑 Admin credentials (SAVE THESE!):
═══════════════════════════════════════
Username: admin
Password: 3f8a2b9c4d5e6f7a
═══════════════════════════════════════
⚠️ This password will not be shown again!
💾 Save it to a secure password manager.
```
**Save these immediately:**
- The encryption key is needed to decrypt sensitive data (backup securely!)
- The admin password is needed to access the dashboard
**⚠️ IMPORTANT:** The installer will display your admin credentials **only once**. Save them to a secure password manager!
### 6. Import TLD Registry Data (Optional but Recommended)
For enhanced WHOIS lookups with automatic server discovery:
After logging in, go to **TLD Registry** page and click **"Import TLDs"** to download RDAP and WHOIS server data for 1,400+ TLDs from IANA.
Alternatively, use the CLI:
```bash
php cron/import_tld_registry.php
```
This imports RDAP and WHOIS server data for 1,400+ TLDs from IANA.
### 7. Configure Web Server
#### Apache
@@ -217,16 +221,18 @@ All application and email settings are now managed through the **Settings** page
The application requires a cron job to check domains periodically.
**💡 Pro Tip:** The cron path is automatically detected! Go to **Settings → System** to copy the exact command for your installation.
### Linux/Mac
```bash
crontab -e
```
Add this line to run daily at 9 AM:
Add this line (or copy from Settings → System):
```cron
0 9 * * * /usr/bin/php /path/to/project/cron/check_domains.php
0 9 * * * /usr/bin/php /your/actual/path/cron/check_domains.php
```
### Windows
@@ -238,17 +244,16 @@ Use Task Scheduler:
3. Set trigger (e.g., Daily at 9:00 AM)
4. Action: Start a program
5. Program: `C:\php\php.exe`
6. Arguments: `C:\path\to\domain-monitor\cron\check_domains.php`
6. Arguments: Copy from **Settings → System** tab (auto-detected path)
## 🧪 Testing Notifications
Before setting up the cron job, test your notification channels:
Before setting up the cron job, test your notification channels through the web interface:
```bash
php cron/test_notification.php
```
Follow the prompts to test Email, Telegram, Discord, or Slack.
1. Go to **Settings → Email** tab
2. Enter a test email address
3. Click **"Send Test Email"** to verify SMTP configuration
4. For Telegram/Discord/Slack, send a test from the notification group settings
## 📖 Usage Guide
@@ -298,6 +303,8 @@ All system settings are managed through the **Settings** page (`/settings`) in y
- **Application Name**: Customize the display name
- **Application URL**: Base URL for links in emails
- **Timezone**: Set your preferred timezone
- **User Registration**: Enable/disable new user signups
- **Email Verification**: Require email verification for new users
#### Email Settings
- **SMTP Configuration**: Host, port, encryption
@@ -319,6 +326,60 @@ All system settings are managed through the **Settings** page (`/settings`) in y
- Every 2 days
- Weekly
#### System Settings
- **Auto-Detected Cron Path**: Copy-paste ready cron commands with your actual installation path
- **Log File Locations**: Find logs for troubleshooting
### User Notifications
Stay informed with the in-app notification system:
#### Notification Center
- **Bell Icon**: Top navigation shows unread count with animated indicator
- **Dropdown Preview**: Quick view of 5 most recent unread notifications
- **Full Page**: `/notifications` with complete history and management
#### Notification Types
- 📬 **Welcome** - Sent when you create an account or system is installed
- ⬆️ **System Upgrade** - Admins notified when system is updated (includes version & migration count)
- 🔴 **Domain Expiring** - Alerts based on your configured thresholds
- ⚠️ **Domain Expired** - Critical alerts for expired domains
- 🔄 **Domain Updated** - WHOIS data changes detected
- 🔐 **New Login** - Security alerts for new device logins
-**WHOIS Failed** - Lookup errors and issues
#### Notification Features
- **Filter by Status**: Unread, Read, or All
- **Filter by Type**: Domain, System, or Security notifications
- **Date Ranges**: Today, This Week, This Month, All Time
- **Pagination**: View 10, 25, 50, or 100 per page
- **Quick Actions**: Mark as read, Delete, Mark all read, Clear all
### Profile Management
Access your profile settings via the top-right user menu:
#### My Profile
- Update full name and email
- View account creation date
- Check last login timestamp
- Email verification status
#### Security
- Change password securely
- Password strength requirements
- Security best practices
#### Active Sessions
- **View All Sessions**: See every device where you're logged in
- **Session Details**: Location (country, city), ISP, device type, browser
- **Country Flags**: Visual indicators for each session location
- **Session Age**: See when each session was created
- **Last Activity**: Monitor recent activity per session
- **Remember Me Indicator**: See which sessions have "remember me" enabled
- **Remote Logout**: Terminate individual sessions or all other sessions
- **Instant Termination**: Deleted sessions are logged out immediately
All settings are stored in the database and can be updated at any time through the web interface.
## 📁 Project Structure
@@ -327,11 +388,20 @@ All settings are stored in the database and can be updated at any time through t
Domain Monitor/
├── app/
│ ├── Controllers/ # Application controllers
│ ├── Models/ # Database models
│ ├── Models/ # Database models (User, Domain, SessionManager, etc.)
│ ├── Services/ # Business logic & services
│ │ ── Channels/ # Notification channel implementations
│ └── Views/ # HTML views
│ │ ── Channels/ # Notification channel implementations
│ └── NotificationService.php # Notification creation & management
│ ├── Helpers/ # Helper classes for formatting & display logic
│ │ ├── LayoutHelper.php # Global layout data (notifications, stats)
│ │ ├── DomainHelper.php # Domain formatting & calculations
│ │ └── SessionHelper.php # Session display formatting
│ └── Views/ # HTML views (pure display, no business logic)
├── core/ # Core MVC framework
│ ├── DatabaseSessionHandler.php # Database session storage
│ ├── SessionValidator.php # Session validation middleware
│ ├── Auth.php # Authentication helpers
│ └── ...
├── cron/ # Cron job scripts
├── database/
│ └── migrations/ # Database migrations
@@ -361,9 +431,9 @@ Domain Monitor/
### Notifications Not Sending
1. Check logs: `logs/cron.log`
2. Verify notification channel configuration
3. Test using: `php cron/test_notification.php`
4. Check SMTP/API credentials
2. Verify notification channel configuration in **Settings → Email**
3. Test email using the built-in test function in Settings
4. Check SMTP/API credentials in Settings
### Database Connection Error