changelog

Refines the System Monitor backend collectors and chart rendering so displayed runtime metrics are closer to actual host values across Windows and Linux environments. This reduces false readings and improves operator trust in admin diagnostics.

Core changes:

1. Metrics collection hardening (admin/modules/monitor.php):
• Improved Windows memory and CPU detection flow with stronger fallbacks.
* Added PowerShell CIM-based paths before legacy WMIC fallback.
* Normalized counters and added safer numeric parsing for network values.
• Improved Linux disk I/O aggregation to avoid partition double counting.

2. Monitor UI data and chart output (templates/admin/basic-monitor.html):
• Updated traffic chart SVG scaling behavior for stable rendering.
• Reduced traffic line stroke width for cleaner visual density.

Benefits:
• More accurate monitoring output on modern Windows hosts.
• Better cross-platform metric consistency and fewer misleading values.
• Cleaner traffic graph readability in admin dashboard.

Technical notes:
• No schema/storage changes.
• No public API changes; admin monitor internals only.
• Backward compatibility preserved for monitor page routes and placeholders.

This commit audits and rectifies critical discrepancies across our project documentation (README, CONTRIBUTING, UPGRADING, PRINCIPLES, TESTS) aligning them with our current 6.3.x codebase. It also includes comprehensive security hardening configurations and minor syntax optimizations inside admin/modules/monitor.php and core/security.php based on recent audits.

Core changes:

1. Project Documentation (README.md, CONTRIBUTING.md, UPGRADING.md, docs/):
• Rectified module counts and naming (26 modules, 'media' instead of 'gallery').
• Replaced outdated 'phpcs' check with 'php-cs-fixer' in contribution guidelines.
* Ensures contributors use the correct static analysis tool.
• Standardized documentation to strictly refer to the 5 Core SLAED Principles (Fast, Stable, Effective, Productive, Secure).
• Added previously omitted testing suites (LanguageConstantsUsageTest.php, UnusedCodeAuditTest.php) to docs/TESTS.md.
• Uniformly enforced setRedirect() in code examples, removing obsolete header()+exit; legacy patterns.

2. Codebase Security & Optimization (core/security.php, admin/modules/monitor.php):
• Strengthened input validation and regex application to avoid false-positives and potential regex injections.
• Eliminated redundant queries and unnecessary type-casts in monitor.php.
• Improved checkFiles array checks to mitigate potential TypeError deprecations in PHP 8.4+.
• Refined blocker configurations and logging bounds for Super Admin monitoring clarity.

Benefits:
• Eliminates developer confusion by thoroughly ensuring alignment between official guidelines and actual PHP 8.4 codebase implementations.
• Reinforces protection mechanisms against configuration corruption or user-input injections.
• Minor efficiency gain by removing duplicate database server version queries inside monitoring logic.

Technical notes:
• The documentation now precisely matches the codebase capabilities signifying ~85% modernization completeness.
• Removed arbitrary references to obsolete .rules/ files that never existed.

unset() on an object property removes the property entirely from the
object, causing a property lookup overhead on next access. Assigning
null keeps the property slot initialized and avoids re-allocation.

Core changes:

1. Database::getSqlQuery() (core/classes/pdo.php):
• if (\$this->qresult) unset(\$this->qresult)
→ \$this->qresult = null
• Unconditional assignment removes the conditional branch overhead

Benefits:
• Performance: avoids property re-declaration on each query cycle
• Consistency: property remains defined on the object at all times
• Maintainability: clearer intent (reset vs. remove)

Technical notes:
• Functional behavior identical: qresult is falsy in both cases
• Backward compatibility: no API changes

Raw header() calls without exit were used for geo-IP language redirects
and fallback routing, violating the SLAED guardrail (exit after every
redirect). setRedirect() encapsulates both header() and exit atomically.

Core changes:

1. Geo-IP language redirect block (index.php):
• header('Location: index.php?newlang=...') → setRedirect(...) for
en, fr, de, pl, ru, uk locales (6 occurrences)
• Removes implicit fall-through risk after redirect

2. Fallback routing block (index.php):
• header('Location: index.php') + exit → setRedirect('index.php')
(2 occurrences; exit now handled internally by setRedirect)

Benefits:
• Guardrail compliance: no output possible after redirect
• Reduced duplication: exit not repeated manually
• Architecture alignment with setRedirect() API

Technical notes:
• setRedirect() defaults to HTTP 302; behavior unchanged
• Backward compatibility: identical HTTP response for clients

The copyright line in 14 admin module files contained a mojibake
sequence (•) instead of the UTF-8 © symbol, caused by incorrect
encoding during a prior batch operation.

Core changes:

1. Copyright header fix (14 files: modules/*/admin/index.php):
• clients, contact, content, faq, files, forum, help, jokes,
links, news, order, pages, rss, voting, whois
• • 2005 - 2026 → © 2005 - 2026

Benefits:
• Correct UTF-8 output in file headers across all admin modules
• Consistent copyright notice project-wide

Technical notes:
• Single-character encoding fix; no logic changes
• Backward compatibility: not applicable

Follow-up fixes after the main VerbNoun rename commit: corrects navi()
naming conflict, optimizes getUserNav(), and updates all function comments.

Core changes:

1. navi() → getUserNav(): string (core/user.php):
• Renamed to avoid collision with admin navi() in modules/account/admin
• Added missing return type declaration: string
• 4 parallel arrays → single $navs tuple array
• getUserInfo() null-safe: (getUserInfo() ?? [])['user_id'] ?? 0
• $conf['shop'] global mutation removed; replaced with ?? 0 read
• Strict comparisons: != → !==, == 1 → === 1
• foreach destructuring: [$titl, $itit, $link, $icon]

2. Function comments updated (core/user.php):
• All 19 functions now have accurate, descriptive single-line comments
• Old comments reflected legacy names (savecom, editpost, prmess, etc.)

3. Call sites updated (3 files):
• modules/account/index.php (4 calls)
• modules/clients/index.php (1 call)
• modules/shop/index.php (2 calls)

Benefits:
• No redeclaration risk between user and admin navi()
• $navs tuple pattern eliminates parallel-array sync errors
• Null-safe uid lookup prevents notices on unauthenticated edge cases

Standardizes all 16 non-conforming function names in core/user.php and
updates every call site across 20 files so the codebase is consistent
with the approved verb set (get, set, add, update, delete, is, check, filter).

Core changes:

1. Function renames (core/user.php):
• getusrinfo() → getUserInfo() (no camelCase)
• is_mod_group() → isModGroup() (snake_case)
• userblock() → getUserBlock() (missing verb)
• savecom() → addComment() (save not in SLAED verbs)
• editpost() → updatePost() (edit not in SLAED verbs)
• prmess() → getPmView() (no verb, no camelCase)
• prmesssend() → addPmMsg() (no verb, no camelCase)
• prmesssave() → setPmSaved() (no verb, no camelCase)
• prmessdel() → deletePmMsg() (no verb, no camelCase)
• favorview() → getFavorBtn() (no verb, no camelCase)
• favoradd() → addFavor() (verb at end, no camelCase)
• favorliste() → getFavorList() (no verb, no camelCase)
• favordel() → deleteFavor() (no verb, no camelCase)
• rss_channel() → getRssChannel() (snake_case)
• open_search() → getOpenSearch() (snake_case)
• open_xsl() → getOpenXsl() (snake_case)

2. Code quality fixes (core/user.php):
• list() → [] destructuring (28 occurrences)
• Indentation: 1-space global lines → 4 spaces
• getFavorBtn($fid, $mod): added type hints int/string
• Strict comparisons in isModGroup() and addComment()

3. Call sites updated in 20 files:
• core/system.php, core/template.php, index.php
• blocks/block-user_info.php, templates/lite/index.php
• modules/account, auto_links, contact, faq, files, forum,
help, links, media, money, news, order, pages, recommend, shop

Benefits:
• Consistent SLAED VerbNoun naming across core/user.php
• list() removal eliminates PHP 8 deprecation warnings
• Strict comparisons prevent type-juggling edge cases

Technical notes:
• op= URL routing strings (savecom, editpost, prmess, etc.) unchanged
• No logic changes; signature types only on getFavorBtn
• Backward compatibility: internal API only

addmail() collided with addMail() (core/security.php) because PHP
function names are case-insensitive; renamed to addAdminMail() to
follow VerbNoun convention and eliminate the fatal redeclaration error.

Core changes:

1. Function declaration (core/system.php):
• addmail() → addAdminMail(); comment updated
• No logic changes, signature unchanged

2. Call sites (11 files):
• core/user.php
• modules/news, links, files, media, jokes, faq, pages, help, whois, auto_links

Benefits:
• Resolves Fatal error: Cannot redeclare function addMail()
• Consistent VerbNoun camelCase naming per SLAED §3-4
• No ambiguity between low-level addMail() and admin-notify addAdminMail()

Technical notes:
• addMail() (security.php) queues a single email
• addAdminMail() (system.php) dispatches notifications to all subscribed admins
• Backward compatibility: internal API only; no external callers

Replaces all remaining legacy function calls that were missed in the
previous Refactor commit, ensuring system.php is consistent with the
merged isAdmin(bool \$super = false) API in core/security.php.

Core changes:

1. Function call replacements (core/system.php):
• is_admin() → isAdmin() (12 occurrences)
• isAdminSuper() → isAdmin(true) (4 occurrences)

Benefits:
• No legacy shim required; all call sites now use unified API
• Static cache in isAdmin() shared across all 16 call sites per request
• One DB query per request regardless of super check

Technical notes:
• isAdmin(true) is equivalent to removed isAdminSuper()
• isAdmin() is equivalent to removed is_admin()
• Backward compatibility: none needed; legacy functions deleted

Migrates remaining save_datetime() calls to the unified getVar() API,
and corrects a single-quote style issue in the changelog French language file.

Core changes:

1. modules/faq/admin/index.php:
• save_datetime(1, 'time') → getVar('req', 'time', 'time') (×2, add/save)

2. modules/changelog/language/fr.php:
• Double to single quote on one define() line

Benefits:
• Consistent input handling via getVar() throughout admin modules
• No more calls to removed save_datetime() helper

Technical notes:
• Behaviour unchanged; getVar 'time' type validates and formats identically