changelog

Adds the HTMX client library to admin assets and updates the monitor admin template markup.
This commit groups the remaining UI-side changes into one atomic delivery for deployment.

Core changes:

1. Monitor template (templates/admin/basic-monitor.html):
• Updated monitor admin layout and template blocks
• Improved partial rendering markup for monitor panels

2. Frontend dependency (templates/admin/js/htmx.min.js):
• Added bundled HTMX minified script for admin monitor interactions

Benefits:
• Enables template-driven interactive monitor updates
• Keeps monitor frontend assets versioned in repository
• Delivers remaining workspace changes as one deployable unit

Technical notes:
• No backend PHP logic changes in this commit
• No database/schema changes
• Backward compatibility is preserved at template level

Refactors monitor module internals to comply with SLAED security and refactor rules while preserving behavior.
The update removes prohibited patterns and normalizes request/runtime handling in a way that is easier to audit.

Core changes:

1. Navigation and signatures (admin/modules/monitor.php):
• Updated navi() to the SLAED admin signature baseline
• Added strict typing to getTooltipText()

2. Input and runtime handling (admin/modules/monitor.php):
• Replaced direct $_SERVER and $_COOKIE usage with helper wrappers
• Added server/cookie accessor helpers for safer and centralized reads

3. Safety and output hardening (admin/modules/monitor.php):
• Removed @ error suppression from file access paths
• Hardened tooltip attribute escaping and normalized concatenation style
• Removed in-function comment in catch block per project preamble

Benefits:
• Better alignment with SLAED skills and system preamble
• Improved auditability of request data access
• Reduced risk from suppressed file operation errors

Technical notes:
• No DB schema changes
• No routing changes
• Compatible with existing monitor template placeholders

Implement UI and backend updates for System Monitor and align size formatting naming
across the codebase. This improves dashboard readability, consistent styling behavior,
and standardizes helper naming according to current SLAED conventions.

Core changes:

1. Monitor module and core helpers (admin/modules/monitor.php, core/system.php):
• Reworked monitor metrics mapping and gauge placeholders for CPU/RAM/Disk.
* Added RAM gauge dash binding and threshold-based color mapping.
* Renamed size helper usage to filterSize(...) project-wide.
• Updated size filter implementation and naming consistency.

2. Admin templates and presentation (templates/admin/basic-monitor.html):
• Refined top layout and moved Software panel to ROW 1.
• Expanded Traffic panel to full width and stabilized SVG stroke rendering.
* Added vector-effect="non-scaling-stroke" for consistent chart line thickness.
* Updated gauge and percentage colors via dynamic placeholders.
• Integrated Bootstrap Icons for panel titles and software rows.

Benefits:
• Better visual hierarchy and readability in System Monitor.
• Consistent size formatting API across modules.
• More predictable chart rendering independent of container scaling.

Technical notes:
• No database schema or API contract changes.
• Backward compatibility preserved for runtime behavior; changes are UI/style and naming alignment.

Refines the System Monitor backend collectors and chart rendering so displayed runtime metrics are closer to actual host values across Windows and Linux environments. This reduces false readings and improves operator trust in admin diagnostics.

Core changes:

1. Metrics collection hardening (admin/modules/monitor.php):
• Improved Windows memory and CPU detection flow with stronger fallbacks.
* Added PowerShell CIM-based paths before legacy WMIC fallback.
* Normalized counters and added safer numeric parsing for network values.
• Improved Linux disk I/O aggregation to avoid partition double counting.

2. Monitor UI data and chart output (templates/admin/basic-monitor.html):
• Updated traffic chart SVG scaling behavior for stable rendering.
• Reduced traffic line stroke width for cleaner visual density.

Benefits:
• More accurate monitoring output on modern Windows hosts.
• Better cross-platform metric consistency and fewer misleading values.
• Cleaner traffic graph readability in admin dashboard.

Technical notes:
• No schema/storage changes.
• No public API changes; admin monitor internals only.
• Backward compatibility preserved for monitor page routes and placeholders.

This commit audits and rectifies critical discrepancies across our project documentation (README, CONTRIBUTING, UPGRADING, PRINCIPLES, TESTS) aligning them with our current 6.3.x codebase. It also includes comprehensive security hardening configurations and minor syntax optimizations inside admin/modules/monitor.php and core/security.php based on recent audits.

Core changes:

1. Project Documentation (README.md, CONTRIBUTING.md, UPGRADING.md, docs/):
• Rectified module counts and naming (26 modules, 'media' instead of 'gallery').
• Replaced outdated 'phpcs' check with 'php-cs-fixer' in contribution guidelines.
* Ensures contributors use the correct static analysis tool.
• Standardized documentation to strictly refer to the 5 Core SLAED Principles (Fast, Stable, Effective, Productive, Secure).
• Added previously omitted testing suites (LanguageConstantsUsageTest.php, UnusedCodeAuditTest.php) to docs/TESTS.md.
• Uniformly enforced setRedirect() in code examples, removing obsolete header()+exit; legacy patterns.

2. Codebase Security & Optimization (core/security.php, admin/modules/monitor.php):
• Strengthened input validation and regex application to avoid false-positives and potential regex injections.
• Eliminated redundant queries and unnecessary type-casts in monitor.php.
• Improved checkFiles array checks to mitigate potential TypeError deprecations in PHP 8.4+.
• Refined blocker configurations and logging bounds for Super Admin monitoring clarity.

Benefits:
• Eliminates developer confusion by thoroughly ensuring alignment between official guidelines and actual PHP 8.4 codebase implementations.
• Reinforces protection mechanisms against configuration corruption or user-input injections.
• Minor efficiency gain by removing duplicate database server version queries inside monitoring logic.

Technical notes:
• The documentation now precisely matches the codebase capabilities signifying ~85% modernization completeness.
• Removed arbitrary references to obsolete .rules/ files that never existed.

unset() on an object property removes the property entirely from the
object, causing a property lookup overhead on next access. Assigning
null keeps the property slot initialized and avoids re-allocation.

Core changes:

1. Database::getSqlQuery() (core/classes/pdo.php):
• if (\$this->qresult) unset(\$this->qresult)
→ \$this->qresult = null
• Unconditional assignment removes the conditional branch overhead

Benefits:
• Performance: avoids property re-declaration on each query cycle
• Consistency: property remains defined on the object at all times
• Maintainability: clearer intent (reset vs. remove)

Technical notes:
• Functional behavior identical: qresult is falsy in both cases
• Backward compatibility: no API changes

Raw header() calls without exit were used for geo-IP language redirects
and fallback routing, violating the SLAED guardrail (exit after every
redirect). setRedirect() encapsulates both header() and exit atomically.

Core changes:

1. Geo-IP language redirect block (index.php):
• header('Location: index.php?newlang=...') → setRedirect(...) for
en, fr, de, pl, ru, uk locales (6 occurrences)
• Removes implicit fall-through risk after redirect

2. Fallback routing block (index.php):
• header('Location: index.php') + exit → setRedirect('index.php')
(2 occurrences; exit now handled internally by setRedirect)

Benefits:
• Guardrail compliance: no output possible after redirect
• Reduced duplication: exit not repeated manually
• Architecture alignment with setRedirect() API

Technical notes:
• setRedirect() defaults to HTTP 302; behavior unchanged
• Backward compatibility: identical HTTP response for clients

The copyright line in 14 admin module files contained a mojibake
sequence (•) instead of the UTF-8 © symbol, caused by incorrect
encoding during a prior batch operation.

Core changes:

1. Copyright header fix (14 files: modules/*/admin/index.php):
• clients, contact, content, faq, files, forum, help, jokes,
links, news, order, pages, rss, voting, whois
• • 2005 - 2026 → © 2005 - 2026

Benefits:
• Correct UTF-8 output in file headers across all admin modules
• Consistent copyright notice project-wide

Technical notes:
• Single-character encoding fix; no logic changes
• Backward compatibility: not applicable

Follow-up fixes after the main VerbNoun rename commit: corrects navi()
naming conflict, optimizes getUserNav(), and updates all function comments.

Core changes:

1. navi() → getUserNav(): string (core/user.php):
• Renamed to avoid collision with admin navi() in modules/account/admin
• Added missing return type declaration: string
• 4 parallel arrays → single $navs tuple array
• getUserInfo() null-safe: (getUserInfo() ?? [])['user_id'] ?? 0
• $conf['shop'] global mutation removed; replaced with ?? 0 read
• Strict comparisons: != → !==, == 1 → === 1
• foreach destructuring: [$titl, $itit, $link, $icon]

2. Function comments updated (core/user.php):
• All 19 functions now have accurate, descriptive single-line comments
• Old comments reflected legacy names (savecom, editpost, prmess, etc.)

3. Call sites updated (3 files):
• modules/account/index.php (4 calls)
• modules/clients/index.php (1 call)
• modules/shop/index.php (2 calls)

Benefits:
• No redeclaration risk between user and admin navi()
• $navs tuple pattern eliminates parallel-array sync errors
• Null-safe uid lookup prevents notices on unauthenticated edge cases

Standardizes all 16 non-conforming function names in core/user.php and
updates every call site across 20 files so the codebase is consistent
with the approved verb set (get, set, add, update, delete, is, check, filter).

Core changes:

1. Function renames (core/user.php):
• getusrinfo() → getUserInfo() (no camelCase)
• is_mod_group() → isModGroup() (snake_case)
• userblock() → getUserBlock() (missing verb)
• savecom() → addComment() (save not in SLAED verbs)
• editpost() → updatePost() (edit not in SLAED verbs)
• prmess() → getPmView() (no verb, no camelCase)
• prmesssend() → addPmMsg() (no verb, no camelCase)
• prmesssave() → setPmSaved() (no verb, no camelCase)
• prmessdel() → deletePmMsg() (no verb, no camelCase)
• favorview() → getFavorBtn() (no verb, no camelCase)
• favoradd() → addFavor() (verb at end, no camelCase)
• favorliste() → getFavorList() (no verb, no camelCase)
• favordel() → deleteFavor() (no verb, no camelCase)
• rss_channel() → getRssChannel() (snake_case)
• open_search() → getOpenSearch() (snake_case)
• open_xsl() → getOpenXsl() (snake_case)

2. Code quality fixes (core/user.php):
• list() → [] destructuring (28 occurrences)
• Indentation: 1-space global lines → 4 spaces
• getFavorBtn($fid, $mod): added type hints int/string
• Strict comparisons in isModGroup() and addComment()

3. Call sites updated in 20 files:
• core/system.php, core/template.php, index.php
• blocks/block-user_info.php, templates/lite/index.php
• modules/account, auto_links, contact, faq, files, forum,
help, links, media, money, news, order, pages, recommend, shop

Benefits:
• Consistent SLAED VerbNoun naming across core/user.php
• list() removal eliminates PHP 8 deprecation warnings
• Strict comparisons prevent type-juggling edge cases

Technical notes:
• op= URL routing strings (savecom, editpost, prmess, etc.) unchanged
• No logic changes; signature types only on getFavorBtn
• Backward compatibility: internal API only