Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgraded to 1.1.0

Browse Source 
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
This commit is contained in:
Hosteroid
2025-10-09 18:02:46 +03:00
parent adc28b97f0
commit e5b9599755
61 changed files with 6838 additions and 812 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
app/Models/Notification.php Normal file
View File

@@ -0,0 +1,180 @@
<?php
namespace App\Models;
use Core\Model;
class Notification extends Model
{
protected static string $table = 'user_notifications';
/**
* Get notifications for a user with filters
*/
public function getForUser(int $userId, array $filters = [], int $limit = 10, int $offset = 0): array
{
$query = "SELECT * FROM user_notifications WHERE user_id = ?";
$params = [$userId];
// Apply status filter
if (isset($filters['status']) && $filters['status'] !== '') {
if ($filters['status'] === 'unread') {
$query .= " AND is_read = 0";
} elseif ($filters['status'] === 'read') {
$query .= " AND is_read = 1";
}
}
// Apply type filter
if (!empty($filters['type'])) {
$query .= " AND type = ?";
$params[] = $filters['type'];
}
// Apply date range filter (future enhancement)
if (!empty($filters['date_range'])) {
switch ($filters['date_range']) {
case 'today':
$query .= " AND DATE(created_at) = CURDATE()";
break;
case 'week':
$query .= " AND created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)";
break;
case 'month':
$query .= " AND created_at >= DATE_SUB(NOW(), INTERVAL 30 DAY)";
break;
}
}
// Order by newest first
$query .= " ORDER BY created_at DESC";
// Apply pagination
$query .= " LIMIT ? OFFSET ?";
$params[] = $limit;
$params[] = $offset;
$stmt = $this->db->prepare($query);
$stmt->execute($params);
return $stmt->fetchAll(\PDO::FETCH_ASSOC);
}
/**
* Count notifications for a user with filters
*/
public function countForUser(int $userId, array $filters = []): int
{
$query = "SELECT COUNT(*) as total FROM user_notifications WHERE user_id = ?";
$params = [$userId];
// Apply status filter
if (isset($filters['status']) && $filters['status'] !== '') {
if ($filters['status'] === 'unread') {
$query .= " AND is_read = 0";
} elseif ($filters['status'] === 'read') {
$query .= " AND is_read = 1";
}
}
// Apply type filter
if (!empty($filters['type'])) {
$query .= " AND type = ?";
$params[] = $filters['type'];
}
// Apply date range filter
if (!empty($filters['date_range'])) {
switch ($filters['date_range']) {
case 'today':
$query .= " AND DATE(created_at) = CURDATE()";
break;
case 'week':
$query .= " AND created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)";
break;
case 'month':
$query .= " AND created_at >= DATE_SUB(NOW(), INTERVAL 30 DAY)";
break;
}
}
$stmt = $this->db->prepare($query);
$stmt->execute($params);
return (int)$stmt->fetch(\PDO::FETCH_ASSOC)['total'];
}
/**
* Get unread count for a user
*/
public function getUnreadCount(int $userId): int
{
$stmt = $this->db->prepare("SELECT COUNT(*) as count FROM user_notifications WHERE user_id = ? AND is_read = 0");
$stmt->execute([$userId]);
return (int)$stmt->fetch(\PDO::FETCH_ASSOC)['count'];
}
/**
* Mark notification as read
*/
public function markAsRead(int $notificationId, int $userId): bool
{
$stmt = $this->db->prepare("UPDATE user_notifications SET is_read = 1, read_at = NOW() WHERE id = ? AND user_id = ?");
return $stmt->execute([$notificationId, $userId]);
}
/**
* Mark all notifications as read for a user
*/
public function markAllAsRead(int $userId): bool
{
$stmt = $this->db->prepare("UPDATE user_notifications SET is_read = 1, read_at = NOW() WHERE user_id = ? AND is_read = 0");
return $stmt->execute([$userId]);
}
/**
* Delete notification
*/
public function deleteNotification(int $notificationId, int $userId): bool
{
$stmt = $this->db->prepare("DELETE FROM user_notifications WHERE id = ? AND user_id = ?");
return $stmt->execute([$notificationId, $userId]);
}
/**
* Clear all notifications for a user
*/
public function clearAll(int $userId): bool
{
$stmt = $this->db->prepare("DELETE FROM user_notifications WHERE user_id = ?");
return $stmt->execute([$userId]);
}
/**
* Create a new notification
*/
public function createNotification(int $userId, string $type, string $title, string $message, ?int $domainId = null): int
{
return $this->create([
'user_id' => $userId,
'type' => $type,
'title' => $title,
'message' => $message,
'domain_id' => $domainId
]);
}
/**
* Get recent unread notifications for dropdown (limit 5)
*/
public function getRecentUnread(int $userId, int $limit = 5): array
{
$stmt = $this->db->prepare(
"SELECT * FROM user_notifications
WHERE user_id = ? AND is_read = 0
ORDER BY created_at DESC
LIMIT ?"
);
$stmt->execute([$userId, $limit]);
return $stmt->fetchAll(\PDO::FETCH_ASSOC);
}
}

42
app/Models/RememberToken.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
namespace App\Models;
use Core\Model;
class RememberToken extends Model
{
protected static string $table = 'remember_tokens';
/**
* Delete remember tokens by session ID
* Called when a session is terminated
*/
public function deleteBySessionId(string $sessionId): int
{
$stmt = $this->db->prepare("DELETE FROM remember_tokens WHERE session_id = ?");
$stmt->execute([$sessionId]);
return $stmt->rowCount();
}
/**
* Get remember token by session ID
*/
public function getBySessionId(string $sessionId): ?array
{
$stmt = $this->db->prepare("SELECT * FROM remember_tokens WHERE session_id = ?");
$stmt->execute([$sessionId]);
$result = $stmt->fetch();
return $result ?: null;
}
/**
* Clean old expired tokens
*/
public function cleanExpired(): int
{
$stmt = $this->db->query("DELETE FROM remember_tokens WHERE expires_at < NOW()");
return $stmt->rowCount();
}
}

188
app/Models/SessionManager.php Normal file
View File

@@ -0,0 +1,188 @@
<?php
namespace App\Models;
use Core\Model;
/**
* Session Manager Model
*
* Manages database-backed sessions with geolocation tracking.
* Works with DatabaseSessionHandler to provide true session control.
*/
class SessionManager extends Model
{
protected static string $table = 'sessions';
/**
* Get all active sessions for a user
*/
public function getByUserId(int $userId): array
{
$stmt = $this->db->prepare(
"SELECT
id,
user_id,
ip_address,
user_agent,
country,
country_code,
region,
city,
isp,
timezone,
last_activity,
created_at
FROM sessions
WHERE user_id = ?
ORDER BY last_activity DESC"
);
$stmt->execute([$userId]);
return $stmt->fetchAll();
}
/**
* Get session by ID
*/
public function getById(string $sessionId): ?array
{
$stmt = $this->db->prepare(
"SELECT
id,
user_id,
ip_address,
user_agent,
country,
country_code,
region,
city,
isp,
timezone,
last_activity,
created_at
FROM sessions
WHERE id = ?"
);
$stmt->execute([$sessionId]);
$result = $stmt->fetch();
return $result ?: null;
}
/**
* Get geolocation data from IP address
* (Moved from old Session model)
*/
public static function getGeolocationData(string $ipAddress): array
{
// Skip for localhost/private IPs
if (in_array($ipAddress, ['127.0.0.1', '::1', 'localhost']) ||
preg_match('/^(10|172\.16|192\.168)\./', $ipAddress)) {
return [
'country' => 'Local',
'country_code' => 'xx',
'region' => 'Local',
'city' => 'Local',
'isp' => 'Local Network',
'timezone' => date_default_timezone_get(),
];
}
try {
// Using ip-api.com (free, no API key needed, 45 requests/minute)
$url = "http://ip-api.com/json/{$ipAddress}?fields=status,country,countryCode,region,city,isp,timezone";
$context = stream_context_create([
'http' => [
'timeout' => 3,
'user_agent' => 'Domain Monitor/1.0'
]
]);
$response = @file_get_contents($url, false, $context);
if ($response === false) {
return self::getDefaultGeolocation();
}
$data = json_decode($response, true);
if (!$data || $data['status'] !== 'success') {
return self::getDefaultGeolocation();
}
return [
'country' => $data['country'] ?? 'Unknown',
'country_code' => strtolower($data['countryCode'] ?? 'xx'),
'region' => $data['region'] ?? 'Unknown',
'city' => $data['city'] ?? 'Unknown',
'isp' => $data['isp'] ?? 'Unknown ISP',
'timezone' => $data['timezone'] ?? date_default_timezone_get(),
];
} catch (\Exception $e) {
error_log("Geolocation lookup failed: " . $e->getMessage());
return self::getDefaultGeolocation();
}
}
/**
* Get default geolocation data for fallback
*/
private static function getDefaultGeolocation(): array
{
return [
'country' => 'Unknown',
'country_code' => 'xx',
'region' => 'Unknown',
'city' => 'Unknown',
'isp' => 'Unknown ISP',
'timezone' => date_default_timezone_get(),
];
}
/**
* Delete session by ID (this actually logs out the user!)
*/
public function deleteById(string $sessionId): bool
{
$stmt = $this->db->prepare("DELETE FROM sessions WHERE id = ?");
return $stmt->execute([$sessionId]);
}
/**
* Delete all sessions for user except current
*/
public function deleteOtherSessions(int $userId, string $currentSessionId): int
{
$stmt = $this->db->prepare(
"DELETE FROM sessions WHERE user_id = ? AND id != ?"
);
$stmt->execute([$userId, $currentSessionId]);
return $stmt->rowCount();
}
/**
* Delete all sessions for user
*/
public function deleteAllUserSessions(int $userId): int
{
$stmt = $this->db->prepare("DELETE FROM sessions WHERE user_id = ?");
$stmt->execute([$userId]);
return $stmt->rowCount();
}
/**
* Clean old sessions (older than session lifetime)
*/
public function cleanOldSessions(int $lifetimeMinutes = 1440): int
{
$cutoff = time() - ($lifetimeMinutes * 60);
$stmt = $this->db->prepare(
"DELETE FROM sessions WHERE last_activity < ?"
);
$stmt->execute([$cutoff]);
return $stmt->rowCount();
}
}

11
app/Models/Setting.php
View File

@@ -109,6 +109,14 @@ class Setting extends Model
return $this->setValue('last_check_run', date('Y-m-d H:i:s'));
}
/**
* Get application version
*/
public function getAppVersion(): string
{
return $this->getValue('app_version', '1.1.0');
}
/**
* Get application settings
*/
@@ -117,7 +125,8 @@ class Setting extends Model
return [
'app_name' => $this->getValue('app_name', 'Domain Monitor'),
'app_url' => $this->getValue('app_url', 'http://localhost:8000'),
'app_timezone' => $this->getValue('app_timezone', 'UTC')
'app_timezone' => $this->getValue('app_timezone', 'UTC'),
'app_version' => $this->getAppVersion()
];
}

83
app/Models/User.php
View File

@@ -61,5 +61,88 @@ class User extends Model
$stmt = $this->db->prepare("UPDATE users SET password = ? WHERE id = ?");
return $stmt->execute([$hashedPassword, $userId]);
}
/**
* Get users with filters, sorting, and pagination
*/
public function getFiltered(array $filters = [], string $sort = 'username', string $order = 'ASC', int $limit = 25, int $offset = 0): array
{
$query = "SELECT * FROM users WHERE 1=1";
$params = [];
// Apply search filter
if (!empty($filters['search'])) {
$query .= " AND (username LIKE ? OR email LIKE ? OR full_name LIKE ?)";
$searchTerm = "%{$filters['search']}%";
$params[] = $searchTerm;
$params[] = $searchTerm;
$params[] = $searchTerm;
}
// Apply role filter
if (!empty($filters['role'])) {
$query .= " AND role = ?";
$params[] = $filters['role'];
}
// Apply status filter
if (isset($filters['status']) && $filters['status'] !== '') {
$isActive = ($filters['status'] === 'active') ? 1 : 0;
$query .= " AND is_active = ?";
$params[] = $isActive;
}
// Apply sorting
$allowedSortColumns = ['username', 'email', 'full_name', 'role', 'is_active', 'email_verified', 'last_login', 'created_at'];
if (!in_array($sort, $allowedSortColumns)) {
$sort = 'username';
}
$order = strtoupper($order) === 'DESC' ? 'DESC' : 'ASC';
$query .= " ORDER BY {$sort} {$order}";
// Apply pagination
$query .= " LIMIT ? OFFSET ?";
$params[] = $limit;
$params[] = $offset;
$stmt = $this->db->prepare($query);
$stmt->execute($params);
return $stmt->fetchAll(\PDO::FETCH_ASSOC);
}
/**
* Count users with filters
*/
public function countFiltered(array $filters = []): int
{
$query = "SELECT COUNT(*) as total FROM users WHERE 1=1";
$params = [];
// Apply search filter
if (!empty($filters['search'])) {
$query .= " AND (username LIKE ? OR email LIKE ? OR full_name LIKE ?)";
$searchTerm = "%{$filters['search']}%";
$params[] = $searchTerm;
$params[] = $searchTerm;
$params[] = $searchTerm;
}
// Apply role filter
if (!empty($filters['role'])) {
$query .= " AND role = ?";
$params[] = $filters['role'];
}
// Apply status filter
if (isset($filters['status']) && $filters['status'] !== '') {
$isActive = ($filters['status'] === 'active') ? 1 : 0;
$query .= " AND is_active = ?";
$params[] = $isActive;
}
$stmt = $this->db->prepare($query);
$stmt->execute($params);
return (int)$stmt->fetch(\PDO::FETCH_ASSOC)['total'];
}
}