- Updated SQL queries to use backticks around database and table names for improved safety and compatibility.
- Implemented escaping for user inputs in CREATE USER and SET PASSWORD statements to prevent SQL injection vulnerabilities.
- Ensured consistent use of safe variable handling across various database operations, including user creation and privilege grants.
- Introduced a new endpoint to manually regenerate the 2FA secret for users.
- Updated views to handle 2FA secret regeneration, including security checks and logging.
- Enhanced the user interface with a button to regenerate the 2FA secret, along with appropriate alerts and confirmations.
- Updated JavaScript to manage the regeneration process and display the new secret key and QR code provisioning URI.
https://github.com/usmannasir/cyberpanel/issues/1577
- Added PHP 8.6 to the list of system PHP versions and fallback versions in PHPManager.
- Updated return values to include PHP 8.6 in case of errors or empty results.
- Enhanced phpUtilities to recognize PHP 8.6 for CentOS and Ubuntu configurations.
- Adjusted recommended PHP version order to prioritize PHP 8.6.
- Added PHP 8.6 to the list of system PHP versions and fallback versions in PHPManager.
- Updated return values to include PHP 8.6 in case of errors or empty results.
- Enhanced phpUtilities to recognize PHP 8.6 for CentOS and Ubuntu configurations.
- Adjusted recommended PHP version order to prioritize PHP 8.6.
- Removed local installation function in favor of a direct installation approach.
- Updated installation script to prioritize the development branch for downloading CyberPanel, with a fallback to stable if unavailable.
- Adjusted PHP version lists across various scripts to exclude PHP 8.6 and ensure compatibility with existing versions.
- Enhanced error handling and feedback during installation to improve user experience.
- Added installation logic for PHP 8.6 in the install script, ensuring compatibility with various distributions.
- Updated PHP version lists in the PHPManager to include PHP 8.6 for system checks and fallbacks.
- Modified phpUtilities to recognize PHP 8.6 for CentOS and Ubuntu.
- Adjusted upgrade script to support PHP 8.6 for AlmaLinux 8+ compatibility.
- Revised symlink setup logic to prioritize PHP 8.6 alongside other versions.
- Changed the default installer URL to the stable branch, with an option to use the development branch if BRANCH_NAME is set to v2.5.5-dev.
- Enhanced the logic to check for the availability of the development branch before falling back to stable.
- Updated the archive URL selection based on the chosen branch to ensure correct installation files are downloaded.
- Improved feedback messages to clarify which branch is being used during installation.
- Introduced a new function to install CyberPanel from a local repository if installation files are available.
- Updated the installation flow to prioritize local installation before falling back to the direct download method.
- Enhanced error handling to provide clearer feedback if local installation files are not found.
- Adjusted the installer script to include branch specification for better version control during installation.
- Added detection for AlmaLinux 10 and updated package manager settings accordingly.
- Included support for Ubuntu versions 25.10, 25.04, and 22.04.5 in the OS detection logic.
- Updated error messages and supported OS lists to reflect the new additions.
- Improved compatibility checks and installation scripts for comprehensive support across the newly added OS versions.
This commit implements an improved version of PRs #1575 and #1576 from @bdgreenweb
with critical performance optimizations.
## Background
The original PRs (#1575, #1576) proposed real-time disk usage tracking for file
manager operations. While the feature was valuable for improving user awareness of
disk quotas, there were several concerns:
1. **Performance Impact**: Original implementation used synchronous `executioner()`
calls that would block file operations until disk calculation completed
2. **Target Branch Issues**: PRs were submitted to the stable branch instead of
development branch, which could introduce instability
3. **Blocking Operations**: Each file operation would wait for disk usage
recalculation, potentially causing noticeable delays
## Implementation Changes
### filemanager/filemanager.py
- Added disk usage updates to 9 file operation methods:
- createNewFile() - After file creation
- createNewFolder() - After folder creation
- deleteFolderOrFile() - After deletion (both permanent and trash)
- restore() - After restoring from trash
- copy() - After copying files/folders
- move() - After moving files/folders
- upload() - After file uploads
- extract() - After extracting archives
- compress() - After creating archives
### plogical/IncScheduler.py
- Added CalculateAndUpdateDiskUsageDomain() function for domain-specific updates
- Added command-line argument handler for UpdateDiskUsageForceDomain
- Calculates disk usage for websites, email accounts, and bandwidth
## Key Improvements Over Original PRs
1. **Asynchronous Execution**: Uses `popenExecutioner()` instead of `executioner()`
- File operations return immediately without waiting
- Disk usage updates happen in background threads
- Zero performance impact on user operations
2. **Selective Updates**: Only updates the specific domain affected by the operation
rather than all domains system-wide
3. **Proper Branch Targeting**: Applied to development branch (v2.5.5-dev) for
proper testing before stable release
## Benefits
- Real-time disk usage tracking as requested
- No performance degradation
- Users immediately aware of quota usage
- Prevents accidental quota violations
- Better than competitors (cPanel/DirectAdmin) in responsiveness
## Acknowledgments
Thank you @bdgreenweb for the original implementation idea and PRs #1575/#1576.
While we couldn't merge them directly due to the performance and stability concerns
mentioned above, your contribution highlighted an important feature gap. This
implementation preserves your core functionality while addressing the performance
concerns through asynchronous execution.
This will definitely help organizations track disk usage more effectively without
sacrificing file manager performance.
- Removed session validation check from phpmyadminsignin.php
- Removed PhpMyAdminAccessMiddleware from settings.py
- These changes were preventing access to phpMyAdmin even for logged-in users
- Reverts problematic authentication flow that was blocking legitimate access
- Set proper ownership (root:cyberpanel) and permissions (640) on /etc/cyberpanel/mysqlPassword
- Ensures cyberpanel group can read the password file to prevent permission denied errors
- Falls back to root-only permissions if cyberpanel group doesn't exist yet
- Also fixes permissions on existing password files during installation
Account creation now happens immediately after Python version check, before other system operations. This ensures system users are available for subsequent installation steps.
Update all vhost configurations to use /usr/local/lsws/Example/html/.well-known/acme-challenge
instead of domain-specific paths for better SSL certificate management
- Move status messages to appear after CyberPanel installer completes
- Silence verbose output during post-installation fixes
- Auto-answer OpenLiteSpeed password prompts to avoid manual input
- Simplify final status summary with cleaner formatting
- Fix static file permissions silently in background
- Show actual server IP in access details
- Reduce redundant success messages
- Make post-installation configurations less verbose
This creates a cleaner installation experience where the CyberPanel installer's summary appears first, followed by minimal post-installation configuration messages and a concise final status.
- Capture actual generated password from CyberPanel installation output
- Save generated password to /root/.cyberpanel_password for persistence
- Use captured password for OpenLiteSpeed admin configuration
- Update status summary to show actual password instead of hardcoded value
- Fix service check to use lscpd (actual CyberPanel service) instead of non-existent 'cyberpanel' service
- Add lscpd service status check in installation summary
This ensures the password shown in the summary matches the actual CyberPanel admin password.
Added missing PowerDNS configuration setup that was present in v2.4.4:
- Added installPowerDNSConfigurations() method to properly copy and configure pdns.conf
- Fixed PowerDNS installation to call configuration method after package installation
- Updated fixAndStartPowerDNS() to copy config template if missing
- Added proper MySQL password configuration for PowerDNS backend
- Added errno import for proper error handling
This fixes PowerDNS installation failures by ensuring the configuration file is properly created and configured with database credentials.
- Add execute_mysql_command() helper in install.py for robust auth fallback
- Update mysqlUtilities.py with socket auth fallback for all operations:
* Database creation
* User creation
* Privilege granting
* Privilege flushing
- Fix PowerDNS database setup to use new authentication helper
- Improve cyberpanel user connection verification
- Add proper error handling and logging throughout
This ensures the installation works correctly when MariaDB is pre-installed
with socket authentication (common with dependency installations).
Fixes the 'Cannot update settings with empty passwords' installation failure.
- Add socket authentication support (sudo mysql/mariadb) for fresh MariaDB installs
- Fallback to traditional password-based authentication for existing installs
- Improve error handling with subprocess.run() and proper timeouts
- Add detailed logging to show which authentication method succeeded
- Graceful degradation when all methods fail
- Fixes installation failure when MariaDB is pre-installed as dependency
Resolves issue where installation fails with 'Cannot update settings with empty passwords'
when MariaDB gets installed during dependency phase with socket authentication.
