Moved global stats logic from LayoutHelper to Domain model and updated views/controllers to use the new stats structure. Replaced direct $_SESSION['user_id'] access with Core\Auth::id() for consistency. Cleaned up redundant code and improved isolation mode handling for statistics.
Updated DashboardController, DomainController, and NotificationGroupController to conditionally fetch user-specific or global data based on the 'user_isolation_mode' setting. This ensures that data visibility aligns with the configured isolation mode, improving multi-user support and data segregation.
Refactored controllers and models to always filter data by user ID, removing admin bypass logic. This ensures all statistics, groups, domains, and tags are user-specific regardless of isolation mode, improving data isolation and security.
Updated LayoutHelper::getGlobalStats to accept a user ID and apply user isolation mode when querying domain statistics. DashboardController and base layout now pass the user ID to ensure stats are scoped per user when isolation is enabled.
GET parameters 'id' and 'group_id' are now explicitly cast to integers in NotificationGroupController for improved type safety. Also, the SQL query in NotificationGroup model now includes GROUP BY and ORDER BY clauses when filtering by user_id, ensuring results are grouped and sorted by group name.
Introduces bulk transfer for domains and groups, available only to admins. Refactors admin checks to use isAdmin(), adds user selection for transfers, and updates views to include transfer buttons and modals for domain transfers.
Moved admin/user isolation checks and related methods from Domain and NotificationGroup models to User model for better separation of concerns. Replaced direct database queries in controllers and services with new model methods. Added methods for assigning unassigned domains/groups, searching domains, and clearing old notification logs. Updated views for improved UI consistency.
Introduces user isolation mode, allowing domains, groups, and tags to be visible only to their owners when enabled. Adds user_id fields to domains and notification_groups, updates models and controllers for isolation-aware queries, and provides admin UI and endpoints for transferring domains and groups between users (single and bulk). Includes migration, settings UI, and routes for toggling isolation mode and handling data migration.
Extended the domain filtering logic and UI to allow filtering by 'available' and 'error' statuses. Updated the Domain model to handle these new filters and adjusted the dashboard to include global stats, including inactive domains.
Introduces a new 'Webhook (Custom)' notification channel allowing users to send JSON payloads to any HTTP endpoint (e.g., n8n, Zapier, custom APIs). Updates the UI to support webhook configuration, adds backend validation, and implements the WebhookChannel for sending notifications. Documentation is updated with usage instructions and payload examples.
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
Extracted all email sending logic into a new EmailHelper class for centralized management and improved error handling. Updated AuthController, SettingsController, and EmailChannel to use EmailHelper for sending emails and logging. Added auto-detection of SMTP encryption based on port in both backend (SettingsController) and frontend (settings view), improving user experience and reducing misconfiguration. Enhanced logging for email operations and improved UI feedback for encryption selection.
Introduces the ability to test notification channels (email, Telegram, Discord, Slack) from the group edit page, both for new and existing channels. Adds a new testChannel method to NotificationGroupController with AJAX and form support, improves validation and error handling, and updates the UI to include test buttons and dynamic toast notifications. Also registers the new /channels/test route.
Introduces a 'tags' field to the domains table and UI, allowing users to organize domains with custom tags. Adds tag input and display to create, edit, bulk-add, and view pages, as well as tag-based filtering and bulk tag management (add/remove) in the domain list. Updates backend validation, controller logic, and migrations to support tags, including a new migration and index for efficient tag searches.
Introduces error log tracking with new ErrorLog model, controller, views, and migration. Adds admin UI for viewing, resolving, and deleting errors. Implements bulk actions for users and notification groups, refactors domain filtering/pagination, and centralizes admin access checks using Auth::requireAdmin().
Introduces CSRF protection to all sensitive controller actions, integrates configurable CAPTCHA (reCAPTCHA v2/v3, Turnstile) for authentication and registration flows, and centralizes input validation via a new InputValidator helper. Adds new helpers and services for CSRF and CAPTCHA, updates settings and migration for CAPTCHA configuration, and enhances logging and error handling in TLD registry import processes. Also improves validation for user, domain, group, and profile inputs throughout the application.
The installer now prompts for and validates a custom admin username and email, updating migrations and SQL placeholders accordingly. Login now accepts either username or email, and the login form and installer views have been updated to reflect these changes. Additional logging and migration handling improvements were made for better installation and authentication workflows.
Enhanced error messages for missing channel configuration fields in NotificationGroupController. Updated Discord and Slack webhook input handling to use distinct field names, improved form validation and required field logic in the edit group view, and added user guidance for webhook URLs.
