Extend i18n support: Add new translation keys for Download and Share modals

CHANGELOG.md

@@ -1,6 +1,67 @@
 # Changelog
 
-## Shift Key Multi‑Selection Changes 4/10/2025
+## Changes 4/13/2025 v1.1.3
+
+- Decreased header height some more and clickable logo.
+- authModals.js fully updated with i18n.js keys.
+- main.js added Dark & Light mode i18n.js keys.
+- New Admin section Header Settings to change Header Title.
+- Admin Panel confirm unsaved changes.
+- Added translations and data attributes for almost all user-facing text
+- Extend i18n support: Add new translation keys for Download and Share modals
+
+---
+
+## Changes 4/12/2025
+
+- Moved Gallery view toggle button into header.
+- Removed css entries that are not needed anymore for Gallery View Toggle.
+- Change search box text when enabling advanced search.
+- Advanced/Basic search button as material icon on same row as search bar.
+
+### Advanced Search Implementation
+
+- **Advanced Search Toggle:**
+  - Added a global toggle (`window.advancedSearchEnabled`) and a UI button to switch between basic and advanced search modes.
+  - The toggle button label changes between "Advanced Search" and "Basic Search" to reflect the active mode.
+
+- **Fuse.js Integration Updates:**
+  - Modified the `searchFiles()` function to conditionally include the `"content"` key in the Fuse.js keys only when advanced search mode is enabled.
+  - Adjusted Fuse.js options by adding `ignoreLocation: true`, adjusting the `threshold`, and optionally assigning weights (e.g., a lower weight for `name` and a higher weight for `content`) to prioritize matches in file content.
+
+- **Backend (PHP) Enhancements:**
+  - Updated **getFileList.php** to read the content of text-based files (e.g., `.txt`, `.html`, `.md`, etc.) using `file_get_contents()`.
+  - Added a `"content"` property to the JSON response for eligible files to allow for full-text search in advanced mode.
+
+### Fuse.js Integration for Indexed Real-Time Searching**
+
+- **Added Fuse.js Library:** Included Fuse.js via a CDN `<script>` tag to leverage its client‑side fuzzy search capabilities.
+- **Created searchFiles Helper Function:** Introduced a new function that uses Fuse.js to build an index and perform fuzzy searches over file properties (file name, uploader, and nested tag names).
+- **Transformed JSON Object to Array:** Updated the loadFileList() function to convert the returned file data into an array (if it isn’t already) and assign file names from JSON keys.
+- **Updated Rendering Functions:** Modified both renderFileTable() and renderGalleryView() to use the searchFiles() helper instead of a simple in‑array .filter(). This ensures that every search—real‑time by user input—is powered by Fuse.js’s indexed search.
+- **Enhanced Search Configuration:** Configured Fuse.js to search across multiple keys (file name, uploader, and tags) so that users can find files based on any of these properties.
+
+---
+
+## Changes 4/11/2025
+
+- Fixed fileDragDrop issue from previous update.
+- Fixed User Panel height changing unexpectedly on mouse over.
+- Improved JS file comments for better documentation.
+- Fixed userPermissions not updating after initial setting.
+- Disabled folder and file sharing for readOnly users.
+- Moved change password close button to the top right of the modal.
+- Updated upload regex pattern to be Unicode‑enabled and added additional security measures. [(#19)](https://github.com/error311/FileRise/issues/19)
+- Updated filename, folder, and username regex acceptance patterns.
+- Updated robthree/twofactorauth to v3 and endroid/qr-code to v5
+- Updated TOTP integration (namespace, enum, QR provider) accordingly
+- Updated docker image from 22.04 to 24.04 <https://github.com/error311/filerise-docker>
+- Ensure consistent session behavior
+- Fix totp_setup.php to use header-based CSRF token verification
+
+---
+
+## Shift Key Multi‑Selection Changes 4/10/2025 v1.1.1
 
 - **Implemented Range Selection:**
   - Modified the `toggleRowSelection` function so that when the Shift key is held down, all rows between the last clicked (anchor) row (stored as `window.lastSelectedFileRow`) and the currently clicked row are selected.
@@ -30,7 +91,7 @@
   - `shareFolder.php` updated to display format size.
   - Fix to prevent the filename text from overflowing its container in the gallery view.
   - Reduced header height.
-  - Create Folder changed to Material Icon `edit`
+  - Create Folder changed to Material Icon `create_new_folder`
 
 ---
 

README.md

@@ -22,7 +22,7 @@ Upload, organize, and share files through a sleek web interface. **FileRise** is
 
 - 📝 **Built-in Editor & Preview:** View images, videos, audio, and PDFs inline with a preview modal – no need to download just to see them. Edit text/code files right in your browser with a CodeMirror-based editor featuring syntax highlighting and line numbers. Great for config files or notes – tweak and save changes without leaving FileRise.
 
-- 🏷️ **Tags & Search:** Categorize your files with color-coded tags (labels) and later find them easily. The global search bar filters by filename or tag, making it simple to locate that “important” document in seconds. Tag management is built-in – create, reuse, or remove tags as needed.
+- 🏷️ **Tags & Search:** Categorize your files with color-coded tags and locate them instantly using our indexed real-time search. Easily switch to Advanced Search mode to enable fuzzy matching not only across file names, tags, and uploader fields but also within the content of text files—helping you find that “important” document even if you make a typo or need to search deep within the file.
 
 - 🔒 **User Authentication & User Permissions:** Secure your portal with username/password login. Supports multiple users – create user accounts (admin UI provided) for family or team members. User permissions such as User “Folder Only” feature assigns each user a dedicated folder within the root directory, named after their username, restricting them from viewing or modifying other directories. User Read Only and Disable Upload are additional permissions. FileRise also integrates with Single Sign-On (OIDC) providers (e.g., OAuth2/OIDC for Google/Authentik/Keycloak) and offers optional TOTP two-factor auth for extra security.
 
@@ -177,6 +177,26 @@ Areas where you can help: translations, bug fixes, UI improvements, or building
 
 ---
 
+## Dependencies
+
+### PHP Libraries
+
+- **[jumbojett/openid-connect-php](https://github.com/jumbojett/OpenID-Connect-PHP)** (v^1.0.0)
+- **[phpseclib/phpseclib](https://github.com/phpseclib/phpseclib)** (v~3.0.7)
+- **[robthree/twofactorauth](https://github.com/RobThree/TwoFactorAuth)** (v^3.0)
+- **[endroid/qr-code](https://github.com/endroid/qr-code)** (v^5.0)
+
+### Client-Side Libraries
+
+- **Google Fonts** – [Roboto](https://fonts.google.com/specimen/Roboto) and **Material Icons** ([Google Material Icons](https://fonts.google.com/icons))
+- **[Bootstrap](https://getbootstrap.com/)** (v4.5.2)
+- **[CodeMirror](https://codemirror.net/)** (v5.65.5) – For code editing functionality.
+- **[Resumable.js](http://www.resumablejs.com/)** (v1.1.0) – For file uploads.
+- **[DOMPurify](https://github.com/cure53/DOMPurify)** (v2.4.0) – For sanitizing HTML.
+- **[Fuse.js](https://fusejs.io/)** (v6.6.2) – For indexed, fuzzy searching.
+
+---
+
 ## License
 
 This project is open-source under the MIT License. That means you’re free to use, modify, and distribute **FileRise**, with attribution. We hope you find it useful and contribute back!

addUser.php

@@ -49,7 +49,7 @@ if (!$newUsername || !$newPassword) {
 }
 
 // Validate username using preg_match (allow letters, numbers, underscores, dashes, and spaces).
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $newUsername)) {
+if (!preg_match(REGEX_USER, $newUsername)) {
     echo json_encode(["error" => "Invalid username. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
     exit;
 }

auth.php

@@ -2,7 +2,9 @@
 require_once 'vendor/autoload.php';
 require_once 'config.php';
 
-// Only send the Content-Type header; CORS and related headers are handled via .htaccess.
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
+
 header('Content-Type: application/json');
 
 // Global exception handler: logs errors and returns a generic error message.
@@ -177,7 +179,7 @@ if (!$username || !$password) {
     exit();
 }
 
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $username)) {
+if (!preg_match(REGEX_USER, $username)) {
     http_response_code(400);
     echo json_encode(["error" => "Invalid username format. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
     exit();
@@ -197,7 +199,13 @@ if ($user !== false) {
                     ]);
                     exit();
                 } else {
-            $tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+                    $tfa = new \RobThree\Auth\TwoFactorAuth(
+                        new GoogleChartsQrCodeProvider(), // QR code provider
+                        'FileRise',                       // issuer
+                        6,                                // number of digits
+                        30,                               // period in seconds
+                        Algorithm::Sha1                   // Correct enum case name from your enum
+                    );
             $providedCode = trim($data['totp_code']);
             if (!$tfa->verifyCode($user['totp_secret'], $providedCode)) {
                 echo json_encode(["error" => "Invalid TOTP code"]);

composer.json

@@ -5,7 +5,7 @@
     "require": {
       "jumbojett/openid-connect-php": "^1.0.0",
       "phpseclib/phpseclib": "~3.0.7",
-      "robthree/twofactorauth": "^1.7",
-      "endroid/qr-code": "^4.0"
+      "robthree/twofactorauth": "^3.0",
+      "endroid/qr-code": "^5.0"
     }
   }

composer.lock

@@ -4,32 +4,32 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "c9857f23364f2280ef4b71cdc72d3f78",
+    "content-hash": "6b70aec0c1830ebb2b8f9bb625b04a22",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
-            "version": "2.0.8",
+            "version": "v3.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Bacon/BaconQrCode.git",
-                "reference": "8674e51bb65af933a5ffaf1c308a660387c35c22"
+                "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/8674e51bb65af933a5ffaf1c308a660387c35c22",
-                "reference": "8674e51bb65af933a5ffaf1c308a660387c35c22",
+                "url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/f9cc1f52b5a463062251d666761178dbdb6b544f",
+                "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f",
                 "shasum": ""
             },
             "require": {
                 "dasprid/enum": "^1.0.3",
                 "ext-iconv": "*",
-                "php": "^7.1 || ^8.0"
+                "php": "^8.1"
             },
             "require-dev": {
-                "phly/keep-a-changelog": "^2.1",
-                "phpunit/phpunit": "^7 | ^8 | ^9",
-                "spatie/phpunit-snapshot-assertions": "^4.2.9",
-                "squizlabs/php_codesniffer": "^3.4"
+                "phly/keep-a-changelog": "^2.12",
+                "phpunit/phpunit": "^10.5.11 || 11.0.4",
+                "spatie/phpunit-snapshot-assertions": "^5.1.5",
+                "squizlabs/php_codesniffer": "^3.9"
             },
             "suggest": {
                 "ext-imagick": "to generate QR code images"
@@ -56,9 +56,9 @@
             "homepage": "https://github.com/Bacon/BaconQrCode",
             "support": {
                 "issues": "https://github.com/Bacon/BaconQrCode/issues",
-                "source": "https://github.com/Bacon/BaconQrCode/tree/2.0.8"
+                "source": "https://github.com/Bacon/BaconQrCode/tree/v3.0.1"
             },
-            "time": "2022-12-07T17:46:57+00:00"
+            "time": "2024-10-01T13:55:55+00:00"
         },
         {
             "name": "dasprid/enum",
@@ -112,29 +112,26 @@
         },
         {
             "name": "endroid/qr-code",
-            "version": "4.8.5",
+            "version": "5.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/endroid/qr-code.git",
-                "reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77"
+                "reference": "393fec6c4cbdc1bd65570ac9d245704428010122"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/endroid/qr-code/zipball/0db25b506a8411a5e1644ebaa67123a6eb7b6a77",
-                "reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77",
+                "url": "https://api.github.com/repos/endroid/qr-code/zipball/393fec6c4cbdc1bd65570ac9d245704428010122",
+                "reference": "393fec6c4cbdc1bd65570ac9d245704428010122",
                 "shasum": ""
             },
             "require": {
-                "bacon/bacon-qr-code": "^2.0.5",
+                "bacon/bacon-qr-code": "^3.0",
                 "php": "^8.1"
             },
-            "conflict": {
-                "khanamiryan/qrcode-detector-decoder": "^1.0.6"
-            },
             "require-dev": {
-                "endroid/quality": "dev-master",
+                "endroid/quality": "dev-main",
                 "ext-gd": "*",
-                "khanamiryan/qrcode-detector-decoder": "^1.0.4||^2.0.2",
+                "khanamiryan/qrcode-detector-decoder": "^2.0.2",
                 "setasign/fpdf": "^1.8.2"
             },
             "suggest": {
@@ -146,7 +143,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "4.x-dev"
+                    "dev-main": "5.x-dev"
                 }
             },
             "autoload": {
@@ -175,7 +172,7 @@
             ],
             "support": {
                 "issues": "https://github.com/endroid/qr-code/issues",
-                "source": "https://github.com/endroid/qr-code/tree/4.8.5"
+                "source": "https://github.com/endroid/qr-code/tree/5.1.0"
             },
             "funding": [
                 {
@@ -183,7 +180,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-09-29T14:03:20+00:00"
+            "time": "2024-09-08T08:52:55+00:00"
         },
         {
             "name": "jumbojett/openid-connect-php",
@@ -456,24 +453,25 @@
         },
         {
             "name": "robthree/twofactorauth",
-            "version": "1.8.2",
+            "version": "v3.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/RobThree/TwoFactorAuth.git",
-                "reference": "65681de5a324eae05140ac58b08648a60212afc0"
+                "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/65681de5a324eae05140ac58b08648a60212afc0",
-                "reference": "65681de5a324eae05140ac58b08648a60212afc0",
+                "url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
+                "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.6.0"
+                "php": ">=8.2.0"
             },
             "require-dev": {
-                "php-parallel-lint/php-parallel-lint": "^1.2",
-                "phpunit/phpunit": "@stable"
+                "friendsofphp/php-cs-fixer": "^3.13",
+                "phpstan/phpstan": "^1.9",
+                "phpunit/phpunit": "^9"
             },
             "suggest": {
                 "bacon/bacon-qr-code": "Needed for BaconQrCodeProvider provider",
@@ -494,6 +492,16 @@
                     "name": "Rob Janssen",
                     "homepage": "http://robiii.me",
                     "role": "Developer"
+                },
+                {
+                    "name": "Nicolas CARPi",
+                    "homepage": "https://github.com/NicolasCARPi",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Will Power",
+                    "homepage": "https://github.com/willpower232",
+                    "role": "Developer"
                 }
             ],
             "description": "Two Factor Authentication",
@@ -522,7 +530,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-03-22T16:11:07+00:00"
+            "time": "2024-10-24T15:14:25+00:00"
         }
     ],
     "packages-dev": [],

config.php

@@ -1,5 +1,20 @@
 <?php
 // config.php
+header("Cache-Control: no-cache, must-revalidate");
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Pragma: no-cache");
+header("Expires: 0");
+header('X-Content-Type-Options: nosniff');
+// Security headers
+header("X-Content-Type-Options: nosniff");
+header("X-Frame-Options: SAMEORIGIN");
+header("Referrer-Policy: no-referrer-when-downgrade");
+// Only include Strict-Transport-Security if you are using HTTPS
+if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+    header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
+}
+header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
+header("X-XSS-Protection: 1; mode=block");
 
 // Define constants.
 define('UPLOAD_DIR', '/var/www/uploads/');
@@ -11,6 +26,10 @@ define('TRASH_DIR', UPLOAD_DIR . 'trash/');
 define('TIMEZONE', 'America/New_York');
 define('DATE_TIME_FORMAT', 'm/d/y  h:iA');
 define('TOTAL_UPLOAD_SIZE', '5G');
+define('REGEX_FOLDER_NAME', '/^[\p{L}\p{N}_\-\s\/\\\\]+$/u');
+define('PATTERN_FOLDER_NAME', '[\p{L}\p{N}_\-\s\/\\\\]+');
+define('REGEX_FILE_NAME', '/^[\p{L}\p{N}\p{M}%\-\.\(\) _]+$/u');
+define('REGEX_USER', '/^[\p{L}\p{N}_\- ]+$/u');
 
 date_default_timezone_set(TIMEZONE);
 
@@ -48,9 +67,12 @@ function decryptData($encryptedData, $encryptionKey)
 }
 
 // Load encryption key from environment (override in production).
-$encryptionKey = getenv('PERSISTENT_TOKENS_KEY') ?: 'default_please_change_this_key';
-if (!$encryptionKey) {
-    die('Encryption key for persistent tokens is not set.');
+$envKey = getenv('PERSISTENT_TOKENS_KEY');
+if ($envKey === false || $envKey === '') {
+    $encryptionKey = 'default_please_change_this_key';
+    error_log('WARNING: Using default encryption key. Please set PERSISTENT_TOKENS_KEY in your environment.');
+} else {
+    $encryptionKey = $envKey;
 }
 
 function loadUserPermissions($username)

copyFiles.php

@@ -44,7 +44,7 @@ $destinationFolder = trim($data['destination']);
 $files = $data['files'];
 
 // Validate folder names: allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-$folderPattern = '/^[A-Za-z0-9_\- \/]+$/';
+$folderPattern = REGEX_FOLDER_NAME;
 if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
     echo json_encode(["error" => "Invalid source folder name."]);
     exit;
@@ -104,7 +104,7 @@ $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($dest
 $errors = [];
 
 // Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($files as $fileName) {
     // Save the original name for metadata lookup.

createFolder.php

@@ -45,13 +45,13 @@ $folderName = trim($input['folderName']);
 $parent = isset($input['parent']) ? trim($input['parent']) : "";
 
 // Basic sanitation: allow only letters, numbers, underscores, dashes, and spaces in folderName
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $folderName)) {
+if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
     exit;
 }
 
 // Optionally, sanitize the parent folder if needed.
-if ($parent && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $parent)) {
+if ($parent && !preg_match(REGEX_FOLDER_NAME, $parent)) {
     echo json_encode(['success' => false, 'error' => 'Invalid parent folder name.']);
     exit;
 }

createFolderShareLink.php

@@ -10,6 +10,16 @@ if (!$input) {
     exit;
 }
 
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to create shared folders."]);
+        exit();
+    }
+}
+
 $folder = isset($input['folder']) ? trim($input['folder']) : "";
 $expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
 $password = isset($input['password']) ? $input['password'] : "";
@@ -17,7 +27,7 @@ $allowUpload = isset($input['allowUpload']) ? intval($input['allowUpload']) : 0;
 
 // Validate folder name using regex.
 // Allow letters, numbers, underscores, hyphens, spaces and slashes.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

createShareLink.php

@@ -9,13 +9,23 @@ if (!$input) {
     exit;
 }
 
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to create share files."]);
+        exit();
+    }
+}
+
 $folder = isset($input['folder']) ? trim($input['folder']) : "";
 $file = isset($input['file']) ? basename($input['file']) : "";
 $expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
 $password = isset($input['password']) ? $input['password'] : "";
 
 // Validate folder using regex.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

css/styles.css

@@ -32,8 +32,8 @@ body {
 
 @media (min-width: 1300px) {
   .container-fluid {
-    padding-left: 40px !important;
-    padding-right: 40px !important;
+    padding-left: 30px !important;
+    padding-right: 30px !important;
   }
 }
 
@@ -69,7 +69,7 @@ body {
   align-items: center;
   justify-content: space-between;
   width: 100%;
-  height: 65px;
+  height: 55px;
   padding: 10px 20px;
   background-color: #2196F3;
   transition: background-color 0.3s ease;
@@ -82,28 +82,16 @@ body.dark-mode .header-container {
 }
 
 .header-logo {
-  max-height: 60px;
+  max-height: 50px;
   width: auto;
   display: block;
 }
 
 .header-logo svg {
-  height: 60px;
+  height: 50px;
   width: auto;
 }
 
-header {
-  display: flex;
-  align-items: center;
-  justify-content: space-between;
-  width: 100%;
-  height: 80px;
-  padding: 0 20px;
-  background-color: #2196F3;
-  transition: background-color 0.3s ease;
-  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
-}
-
 body.dark-mode header {
   background-color: #1f1f1f;
   box-shadow: 0 2px 4px rgba(0, 0, 0, 0.7);
@@ -1584,39 +1572,6 @@ body.dark-mode .btn-secondary {
   border-color: #6c757d;
 }
 
-#toggleViewBtn {
-  margin-bottom: 20px;
-  margin-left: 14px;
-  padding: 10px 20px;
-  background: rgba(0, 0, 0, 0.6);
-  color: #fff;
-  border: none;
-  border-radius: 4px;
-  font-size: 16px;
-  cursor: pointer;
-  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.3);
-  transition: background 0.3s ease, box-shadow 0.3s ease;
-}
-
-@media (max-width: 768px) {
-  #toggleViewBtn {
-    margin-left: 0 !important;
-  }
-}
-
-@media (max-width: 600px) {
-  #toggleViewBtn {
-    margin-left: 0 !important;
-    margin-right: auto !important;
-    display: block !important;
-  }
-}
-
-#toggleViewBtn:hover {
-  background: rgba(0, 0, 0, 0.8);
-  box-shadow: 0 3px 5px rgba(0, 0, 0, 0.4);
-}
-
 body.dark-mode .btn-danger {
   background-color: #dc3545;
   color: #fff;
@@ -1729,21 +1684,6 @@ body.dark-mode .folder-help-icon {
 
 }
 
-body.dark-mode #searchIcon {
-  background-color: #444;
-  border: 1px solid #555;
-  border-radius: 4px;
-  color: #fff;
-  padding: 4px 8px;
-}
-
-body.dark-mode #searchInput {
-  background-color: #333;
-  color: #e0e0e0;
-  border: 1px solid #555;
-}
-
-
 body.dark-mode .CodeMirror {
   background: #1e1e1e !important;
   color: #ffffff !important;
@@ -2161,3 +2101,57 @@ body.dark-mode .header-drop-zone.drag-active {
 body.dark-mode #fileSummary {
   color: white;
 }
+
+#searchIcon {
+  border-radius: 4px;
+  padding: 4px 8px;
+}
+
+body.dark-mode #searchIcon {
+  background-color: #444;
+  border: 1px solid #555;
+  color: #fff;
+}
+
+body.dark-mode #searchInput {
+  background-color: #333;
+  color: #e0e0e0;
+  border: 1px solid #555;
+}
+
+.btn-icon {
+  background: transparent;
+  border: none;
+  padding: 6px 8px;
+  margin: 0;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  transition: background 0.2s, color 0.2s;
+}
+
+.btn-icon .material-icons,
+#searchIcon .material-icons {
+  font-size: 24px;
+  line-height: 1;
+  margin: 0;
+  padding: 0;
+  color: #333;
+}
+
+.btn-icon:hover,
+.btn-icon:focus {
+  background: rgba(0, 0, 0, 0.1);
+  outline: none;
+}
+
+body.dark-mode .btn-icon .material-icons,
+body.dark-mode #searchIcon .material-icons {
+  color: #fff;
+}
+
+body.dark-mode .btn-icon:hover,
+body.dark-mode .btn-icon:focus {
+  background: rgba(255, 255, 255, 0.1);
+}

deleteFiles.php

@@ -69,7 +69,7 @@ if (!isset($data['files']) || !is_array($data['files'])) {
 $folder = isset($data['folder']) ? trim($data['folder']) : 'root';
 
 // Validate folder: allow letters, numbers, underscores, dashes, spaces, and forward slashes
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }
@@ -96,7 +96,7 @@ $movedFiles = [];
 $errors = [];
 
 // Define a safe file name pattern: allow letters, numbers, underscores, dashes, dots, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($data['files'] as $fileName) {
     $basename = basename(trim($fileName));

deleteFolder.php

@@ -50,7 +50,7 @@ if ($folderName === 'root') {
 }
 
 // Allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if (!preg_match('/^[A-Za-z0-9_\- \/]+$/', $folderName)) {
+if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
     exit;
 }

deleteTrashFiles.php

@@ -62,7 +62,7 @@ $deletedFiles = [];
 $errors = [];
 
 // Define a safe file name pattern.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($filesToDelete as $trashName) {
     $trashName = trim($trashName);

download.php

@@ -14,7 +14,7 @@ $file = isset($_GET['file']) ? basename($_GET['file']) : '';
 $folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
 
 // Validate file name (allowing letters, numbers, underscores, dashes, dots, and parentheses)
-if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $file)) {
+if (!preg_match(REGEX_FILE_NAME, $file)) {
     http_response_code(400);
     echo json_encode(["error" => "Invalid file name."]);
     exit;
@@ -80,10 +80,6 @@ if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
 }
 header('Content-Length: ' . filesize($realFilePath));
 
-// Disable caching.
-header('Cache-Control: no-store, no-cache, must-revalidate');
-header('Pragma: no-cache');
-
 readfile($realFilePath);
 exit;
 ?>

downloadSharedFile.php

@@ -79,10 +79,6 @@ if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
     header('Content-Disposition: attachment; filename="' . basename($realFilePath) . '"');
 }
 
-// Disable caching.
-header("Cache-Control: no-store, no-cache, must-revalidate");
-header("Pragma: no-cache");
-
 // Read and output the file.
 readfile($realFilePath);
 exit;

downloadZip.php

@@ -38,7 +38,7 @@ $files = $data['files'];
 if ($folder !== "root") {
     $parts = explode('/', $folder);
     foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $part)) {
+        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
             http_response_code(400);
             header('Content-Type: application/json');
             echo json_encode(["error" => "Invalid folder name."]);
@@ -76,7 +76,7 @@ if (empty($files)) {
 }
 
 foreach ($files as $fileName) {
-    if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $fileName)) {
+    if (!preg_match(REGEX_FILE_NAME, $fileName)) {
         http_response_code(400);
         header('Content-Type: application/json');
         echo json_encode(["error" => "Invalid file name: " . $fileName]);

extractZip.php

@@ -50,7 +50,7 @@ if (empty($files)) {
 if ($folder !== "root") {
     $parts = explode('/', $folder);
     foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $part)) {
+        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
             http_response_code(400);
             echo json_encode(["error" => "Invalid folder name."]);
             exit;
@@ -92,7 +92,7 @@ $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($dest
 $errors = [];
 $allSuccess = true;
 $extractedFiles = array(); // Array to collect names of extracted files
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 // ---------- Process Each File ----------
 foreach ($files as $zipFileName) {

getConfig.php

@@ -11,14 +11,24 @@ if (file_exists($configFile)) {
         echo json_encode(['error' => 'Failed to decrypt configuration.']);
         exit;
     }
-    // Decode the configuration and ensure globalOtpauthUrl is set
+    // Decode the configuration and ensure required fields are set
     $config = json_decode($decryptedContent, true);
+    
+    // Ensure globalOtpauthUrl is set
     if (!isset($config['globalOtpauthUrl'])) {
         $config['globalOtpauthUrl'] = "";
     }
+    
+    // NEW: Ensure header_title is set.
+    if (!isset($config['header_title']) || empty($config['header_title'])) {
+        $config['header_title'] = "FileRise"; // default value
+    }
+    
     echo json_encode($config);
 } else {
+    // If no config file exists, provide defaults
     echo json_encode([
+        'header_title' => "FileRise",
         'oidc' => [
             'providerUrl'  => 'https://your-oidc-provider.com',
             'clientId'     => 'YOUR_CLIENT_ID',

getFileList.php

@@ -1,8 +1,5 @@
 <?php
 require_once 'config.php';
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 header('Content-Type: application/json');
 
 // Ensure user is authenticated
@@ -14,7 +11,7 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 
 $folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
 // Allow only safe characters in the folder parameter (letters, numbers, underscores, dashes, spaces, and forward slashes).
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }
@@ -28,11 +25,6 @@ if ($folder !== 'root') {
 
 /**
  * Helper: Generate the metadata file path for a given folder.
- * For "root", returns "root_metadata.json". Otherwise, replaces slashes,
- * backslashes, and spaces with dashes and appends "_metadata.json".
- *
- * @param string $folder The folder's relative path.
- * @return string The full path to the folder's metadata file.
  */
 function getMetadataFilePath($folder) {
     if (strtolower($folder) === 'root' || $folder === '') {
@@ -53,7 +45,7 @@ $files = array_values(array_diff(scandir($directory), array('.', '..')));
 $fileList = [];
 
 // Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($files as $file) {
     // Skip hidden files (those that begin with a dot)
@@ -72,7 +64,6 @@ foreach ($files as $file) {
     
     // Since metadata is stored per folder, the key is simply the file name.
     $metaKey = $file;
-
     $fileDateModified = filemtime($filePath) ? date(DATE_TIME_FORMAT, filemtime($filePath)) : "Unknown";
     $fileUploadedDate = isset($metadata[$metaKey]["uploaded"]) ? $metadata[$metaKey]["uploaded"] : "Unknown";
     $fileUploader = isset($metadata[$metaKey]["uploader"]) ? $metadata[$metaKey]["uploader"] : "Unknown";
@@ -88,7 +79,8 @@ foreach ($files as $file) {
         $fileSizeFormatted = sprintf("%s bytes", number_format($fileSizeBytes));
     }
 
-    $fileList[] = [
+    // Build the basic file entry.
+    $fileEntry = [
         'name' => $file,
         'modified' => $fileDateModified,
         'uploaded' => $fileUploadedDate,
@@ -96,6 +88,14 @@ foreach ($files as $file) {
         'uploader' => $fileUploader,
         'tags' => isset($metadata[$metaKey]['tags']) ? $metadata[$metaKey]['tags'] : []
     ];
+
+    // Add file content for text-based files.
+    if (preg_match('/\.(txt|html|htm|md|js|css|json|xml|php|py|ini|conf|log)$/i', $file)) {
+        $content = file_get_contents($filePath);
+        $fileEntry['content'] = $content;
+    }
+    
+    $fileList[] = $fileEntry;
 }
 
 // Load global tags from createdTags.json.

getFileTag.php

@@ -0,0 +1,40 @@
+<?php
+declare(strict_types=1);
+
+// getFileTag.php
+
+require_once 'config.php';
+
+// Set security and content headers
+header('Content-Type: application/json; charset=utf-8');
+
+$metadataPath = META_DIR . 'createdTags.json';
+
+// Check if the metadata file exists and is readable
+if (!file_exists($metadataPath) || !is_readable($metadataPath)) {
+    error_log('Metadata file does not exist or is not readable: ' . $metadataPath);
+    http_response_code(200); // Return empty array with HTTP 200 so the client can handle it gracefully
+    echo json_encode([]);
+    exit;
+}
+
+$data = file_get_contents($metadataPath);
+if ($data === false) {
+    error_log('Failed to read metadata file: ' . $metadataPath);
+    http_response_code(500);
+    echo json_encode(["error" => "Unable to read metadata file."]);
+    exit;
+}
+
+// Decode the JSON data to check for validity
+$jsonData = json_decode($data, true);
+if (json_last_error() !== JSON_ERROR_NONE) {
+    error_log('Invalid JSON in metadata file: ' . $metadataPath . ' Error: ' . json_last_error_msg());
+    http_response_code(500);
+    echo json_encode(["error" => "Metadata file contains invalid JSON."]);
+    exit;
+}
+
+// Output the re-encoded JSON to ensure well-formed output
+echo json_encode($jsonData);
+exit;

getFolderList.php

@@ -20,7 +20,7 @@ function getSubfolders($dir, $relative = '') {
     $folders = [];
     $items = scandir($dir);
     // Allow letters, numbers, underscores, dashes, and spaces in folder names.
-    $safeFolderNamePattern = '/^[A-Za-z0-9_\- ]+$/';
+    $safeFolderNamePattern = REGEX_FOLDER_NAME;
     foreach ($items as $item) {
         if ($item === '.' || $item === '..') continue;
         if (!preg_match($safeFolderNamePattern, $item)) {

getUsers.php

@@ -17,7 +17,7 @@ if (file_exists($usersFile)) {
         $parts = explode(':', trim($line));
         if (count($parts) >= 3) {
             // Validate username format:
-            if (preg_match('/^[A-Za-z0-9_\- ]+$/', $parts[0])) {
+            if (preg_match(REGEX_USER, $parts[0])) {
                 $users[] = [
                     "username" => $parts[0],
                     "role" => trim($parts[2])

index.html

@@ -41,75 +41,80 @@
   <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.0/purify.min.js"
     integrity="sha384-Tsl3d5pUAO7a13enIvSsL3O0/95nsthPJiPto5NtLuY8w3+LbZOpr3Fl2MNmrh1E"
     crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/fuse.js@6.6.2/dist/fuse.min.js"
+     integrity="sha384-zPE55eyESN+FxCWGEnlNxGyAPJud6IZ6TtJmXb56OFRGhxZPN4akj9rjA3gw5Qqa" 
+     crossorigin="anonymous"></script>
   <link rel="stylesheet" href="css/styles.css" />
 </head>
 
 <body>
   <header class="header-container">
     <div class="header-left">
-      <div class="header-logo">
-        <svg version="1.1" id="filingCabinetLogo" xmlns="http://www.w3.org/2000/svg"
-          xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 64 64" xml:space="preserve">
-          <defs>
-            <!-- Gradient for the cabinet body -->
-            <linearGradient id="cabinetGradient" x1="0%" y1="0%" x2="0%" y2="100%">
-              <stop offset="0%" style="stop-color:#2196F3;stop-opacity:1" />
-              <stop offset="100%" style="stop-color:#1976D2;stop-opacity:1" />
-            </linearGradient>
-            <!-- Drop shadow filter with animated attributes for a lifting effect -->
-            <filter id="shadowFilter" x="-20%" y="-20%" width="140%" height="140%">
-              <feDropShadow id="dropShadow" dx="0" dy="2" stdDeviation="2" flood-color="#000" flood-opacity="0.2">
-                <!-- Animate the vertical offset: from 2 to 1 (as it rises), hold, then back to 2 -->
-                <animate attributeName="dy" values="2;1;1;2" keyTimes="0;0.2;0.8;1" dur="5s" fill="freeze" />
-                <!-- Animate the blur similarly: from 2 to 1.5 then back to 2 -->
-                <animate attributeName="stdDeviation" values="2;1.5;1.5;2" keyTimes="0;0.2;0.8;1" dur="5s"
-                  fill="freeze" />
-              </feDropShadow>
-            </filter>
-          </defs>
-          <style type="text/css">
-            /* Cabinet with gradient, white outline, and drop shadow */
-            .cabinet {
-              fill: url(#cabinetGradient);
-              stroke: white;
-              stroke-width: 2;
-            }
-
-            .divider {
-              stroke: #1565C0;
-              stroke-width: 1.5;
-            }
-
-            .drawer {
-              fill: #FFFFFF;
-            }
-
-            .handle {
-              fill: #1565C0;
-            }
-          </style>
-          <!-- Group that will animate upward and then back down once -->
-          <g id="cabinetGroup">
-            <!-- Cabinet Body with rounded corners, white outline, and drop shadow -->
-            <rect x="4" y="4" width="56" height="56" rx="6" ry="6" class="cabinet" filter="url(#shadowFilter)" />
-            <!-- Divider lines for drawers -->
-            <line x1="5" y1="22" x2="59" y2="22" class="divider" />
-            <line x1="5" y1="34" x2="59" y2="34" class="divider" />
-            <!-- Drawers with Handles -->
-            <rect x="8" y="24" width="48" height="6" rx="1" ry="1" class="drawer" />
-            <circle cx="54" cy="27" r="1.5" class="handle" />
-            <rect x="8" y="36" width="48" height="6" rx="1" ry="1" class="drawer" />
-            <circle cx="54" cy="39" r="1.5" class="handle" />
-            <rect x="8" y="48" width="48" height="6" rx="1" ry="1" class="drawer" />
-            <circle cx="54" cy="51" r="1.5" class="handle" />
-            <!-- Additional detail: a small top handle on the cabinet door -->
-            <rect x="28" y="10" width="8" height="4" rx="1" ry="1" fill="#1565C0" />
-            <!-- Animate transform: rises by 2 pixels over 1s, holds for 3s, then falls over 1s (total 5s) -->
-            <animateTransform attributeName="transform" type="translate" values="0 0; 0 -2; 0 -2; 0 0"
-              keyTimes="0;0.2;0.8;1" dur="5s" fill="freeze" />
-          </g>
-        </svg>
-      </div>
+      <a href="index.html">
+        <div class="header-logo">
+          <svg version="1.1" id="filingCabinetLogo" xmlns="http://www.w3.org/2000/svg"
+            xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 64 64" xml:space="preserve">
+            <defs>
+              <!-- Gradient for the cabinet body -->
+              <linearGradient id="cabinetGradient" x1="0%" y1="0%" x2="0%" y2="100%">
+                <stop offset="0%" style="stop-color:#2196F3;stop-opacity:1" />
+                <stop offset="100%" style="stop-color:#1976D2;stop-opacity:1" />
+              </linearGradient>
+              <!-- Drop shadow filter with animated attributes for a lifting effect -->
+              <filter id="shadowFilter" x="-20%" y="-20%" width="140%" height="140%">
+                <feDropShadow id="dropShadow" dx="0" dy="2" stdDeviation="2" flood-color="#000" flood-opacity="0.2">
+                  <!-- Animate the vertical offset: from 2 to 1 (as it rises), hold, then back to 2 -->
+                  <animate attributeName="dy" values="2;1;1;2" keyTimes="0;0.2;0.8;1" dur="5s" fill="freeze" />
+                  <!-- Animate the blur similarly: from 2 to 1.5 then back to 2 -->
+                  <animate attributeName="stdDeviation" values="2;1.5;1.5;2" keyTimes="0;0.2;0.8;1" dur="5s"
+                    fill="freeze" />
+                </feDropShadow>
+              </filter>
+            </defs>
+            <style type="text/css">
+              /* Cabinet with gradient, white outline, and drop shadow */
+              .cabinet {
+                fill: url(#cabinetGradient);
+                stroke: white;
+                stroke-width: 2;
+              }
+      
+              .divider {
+                stroke: #1565C0;
+                stroke-width: 1.5;
+              }
+      
+              .drawer {
+                fill: #FFFFFF;
+              }
+      
+              .handle {
+                fill: #1565C0;
+              }
+            </style>
+            <!-- Group that will animate upward and then back down once -->
+            <g id="cabinetGroup">
+              <!-- Cabinet Body with rounded corners, white outline, and drop shadow -->
+              <rect x="4" y="4" width="56" height="56" rx="6" ry="6" class="cabinet" filter="url(#shadowFilter)" />
+              <!-- Divider lines for drawers -->
+              <line x1="5" y1="22" x2="59" y2="22" class="divider" />
+              <line x1="5" y1="34" x2="59" y2="34" class="divider" />
+              <!-- Drawers with Handles -->
+              <rect x="8" y="24" width="48" height="6" rx="1" ry="1" class="drawer" />
+              <circle cx="54" cy="27" r="1.5" class="handle" />
+              <rect x="8" y="36" width="48" height="6" rx="1" ry="1" class="drawer" />
+              <circle cx="54" cy="39" r="1.5" class="handle" />
+              <rect x="8" y="48" width="48" height="6" rx="1" ry="1" class="drawer" />
+              <circle cx="54" cy="51" r="1.5" class="handle" />
+              <!-- Additional detail: a small top handle on the cabinet door -->
+              <rect x="28" y="10" width="8" height="4" rx="1" ry="1" fill="#1565C0" />
+              <!-- Animate transform: rises by 2 pixels over 1s, holds for 3s, then falls over 1s (total 5s) -->
+              <animateTransform attributeName="transform" type="translate" values="0 0; 0 -2; 0 -2; 0 0"
+                keyTimes="0;0.2;0.8;1" dur="5s" fill="freeze" />
+            </g>
+          </svg>
+        </div>
+      </a>
     </div>
     <div class="header-title">
       <h1 data-i18n-key="header_title">FileRise</h1>
@@ -245,7 +250,7 @@
                       <div id="folderTreeContainer"></div>
                     </div>
                     <div class="folder-actions mt-3">
-                      <button id="createFolderBtn" class="btn btn-primary">
+                      <button id="createFolderBtn" class="btn btn-primary" data-i18n-title="create_folder">
                         <i class="material-icons">create_new_folder</i>
                       </button>
                       <div id="createFolderModal" class="modal">
@@ -262,7 +267,7 @@
                           </div>
                         </div>
                       </div>
-                      <button id="renameFolderBtn" class="btn btn-warning ml-2">
+                      <button id="renameFolderBtn" class="btn btn-warning ml-2" data-i18n-title="rename_folder">
                         <i class="material-icons">drive_file_rename_outline</i>
                       </button>
                       <div id="renameFolderModal" class="modal">
@@ -386,34 +391,36 @@
     </div> <!-- end mainColumn -->
   </div> <!-- end main-wrapper -->
 
-  <!-- Download Progress Modal -->
-  <div id="downloadProgressModal" class="modal" style="display: none;">
-    <div class="modal-content" style="text-align: center; padding: 20px;">
-      <!-- Material icon spinner with a dedicated class -->
-      <span class="material-icons download-spinner">autorenew</span>
-      <p>Preparing your download...</p>
-    </div>
+<!-- Download Progress Modal -->
+<div id="downloadProgressModal" class="modal" style="display: none;">
+  <div class="modal-content" style="text-align: center; padding: 20px;">
+    <!-- Material icon spinner with a dedicated class -->
+    <span class="material-icons download-spinner">autorenew</span>
+    <p data-i18n-key="preparing_download">Preparing your download...</p>
   </div>
+</div>
 
-  <!-- Single File Download Modal -->
-  <div id="downloadFileModal" class="modal" style="display: none;">
-    <div class="modal-content" style="text-align: center; padding: 20px;">
-      <h4>Download File</h4>
-      <p>Confirm or change the download file name:</p>
-      <input type="text" id="downloadFileNameInput" class="form-control" placeholder="Filename" />
-      <div style="margin-top: 15px; text-align: right;">
-        <button id="cancelDownloadFile" class="btn btn-secondary"
-          onclick="document.getElementById('downloadFileModal').style.display = 'none';">Cancel</button>
-        <button id="confirmSingleDownloadButton" class="btn btn-primary"
-          onclick="confirmSingleDownload()">Download</button>
-      </div>
+<!-- Single File Download Modal -->
+<div id="downloadFileModal" class="modal" style="display: none;">
+  <div class="modal-content" style="text-align: center; padding: 20px;">
+    <h4 data-i18n-key="download_file">Download File</h4>
+    <p data-i18n-key="confirm_or_change_filename">Confirm or change the download file name:</p>
+    <input type="text" id="downloadFileNameInput" class="form-control" data-i18n-placeholder="filename" placeholder="Filename" />
+    <div style="margin-top: 15px; text-align: right;">
+      <button id="cancelDownloadFile" class="btn btn-secondary"
+              onclick="document.getElementById('downloadFileModal').style.display = 'none';"
+              data-i18n-key="cancel">Cancel</button>
+      <button id="confirmSingleDownloadButton" class="btn btn-primary"
+              onclick="confirmSingleDownload()"
+              data-i18n-key="download">Download</button>
     </div>
   </div>
+</div>
 
   <!-- Change Password, Add User, Remove User, Rename File, and Custom Confirm Modals (unchanged) -->
   <div id="changePasswordModal" class="modal" style="display:none;">
     <div class="modal-content" style="max-width:400px; margin:auto;">
-      <span id="closeChangePasswordModal" style="cursor:pointer;">&times;</span>
+      <span id="closeChangePasswordModal" style="position:absolute; top:10px; right:10px; cursor:pointer; font-size:24px;">&times;</span>
       <h3 data-i18n-key="change_password_title">Change Password</h3>
       <input type="password" id="oldPassword" class="form-control" data-i18n-placeholder="old_password"
         placeholder="Old Password" style="width:100%; margin: 5px 0;" />

js/auth.js

@@ -1,5 +1,5 @@
 import { sendRequest } from './networkUtils.js';
-import { t } from './i18n.js';
+import { t, applyTranslations } from './i18n.js';
 import {
   toggleVisibility,
   showToast as originalShowToast,
@@ -97,18 +97,36 @@ function loadAdminConfigFunc() {
   return fetch("getConfig.php", { credentials: "include" })
     .then(response => response.json())
     .then(config => {
+      // Save header_title into localStorage (if needed)
+      localStorage.setItem("headerTitle", config.header_title || "FileRise");
+
+      // Update login options and global OTPAuth URL as before
       localStorage.setItem("disableFormLogin", config.loginOptions.disableFormLogin);
       localStorage.setItem("disableBasicAuth", config.loginOptions.disableBasicAuth);
       localStorage.setItem("disableOIDCLogin", config.loginOptions.disableOIDCLogin);
       localStorage.setItem("globalOtpauthUrl", config.globalOtpauthUrl || "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
+      
+      // Update the UI for login options
       updateLoginOptionsUIFromStorage();
+
+      const headerTitleElem = document.querySelector(".header-title h1");
+      if (headerTitleElem) {
+        headerTitleElem.textContent = config.header_title || "FileRise";
+      }
     })
     .catch(() => {
+      // Fallback defaults in case of error
+      localStorage.setItem("headerTitle", "FileRise");
       localStorage.setItem("disableFormLogin", "false");
       localStorage.setItem("disableBasicAuth", "false");
       localStorage.setItem("disableOIDCLogin", "false");
       localStorage.setItem("globalOtpauthUrl", "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
       updateLoginOptionsUIFromStorage();
+
+      const headerTitleElem = document.querySelector(".header-title h1");
+      if (headerTitleElem) {
+        headerTitleElem.textContent = "FileRise";
+      }
     });
 }
 
@@ -132,10 +150,11 @@ function updateAuthenticatedUI(data) {
   if (data.username) {
     localStorage.setItem("username", data.username);
   }
+  /*
   if (typeof data.folderOnly !== "undefined") {
     localStorage.setItem("folderOnly", data.folderOnly ? "true" : "false");
   }
-
+*/
   const headerButtons = document.querySelector(".header-buttons");
   const firstButton = headerButtons.firstElementChild;
 
@@ -145,7 +164,8 @@ function updateAuthenticatedUI(data) {
       restoreBtn = document.createElement("button");
       restoreBtn.id = "restoreFilesBtn";
       restoreBtn.classList.add("btn", "btn-warning");
-      restoreBtn.innerHTML = '<i class="material-icons" title="Restore/Delete Trash">restore_from_trash</i>';
+      restoreBtn.setAttribute("data-i18n-title", "trash_restore_delete");
+      restoreBtn.innerHTML = '<i class="material-icons">restore_from_trash</i>';
       if (firstButton) insertAfter(restoreBtn, firstButton);
       else headerButtons.appendChild(restoreBtn);
     }
@@ -156,7 +176,8 @@ function updateAuthenticatedUI(data) {
       adminPanelBtn = document.createElement("button");
       adminPanelBtn.id = "adminPanelBtn";
       adminPanelBtn.classList.add("btn", "btn-info");
-      adminPanelBtn.innerHTML = '<i class="material-icons" title="Admin Panel">admin_panel_settings</i>';
+      adminPanelBtn.setAttribute("data-i18n-title", "admin_panel");
+      adminPanelBtn.innerHTML = '<i class="material-icons">admin_panel_settings</i>';
       insertAfter(adminPanelBtn, restoreBtn);
       adminPanelBtn.addEventListener("click", openAdminPanel);
     } else {
@@ -175,17 +196,19 @@ function updateAuthenticatedUI(data) {
       userPanelBtn = document.createElement("button");
       userPanelBtn.id = "userPanelBtn";
       userPanelBtn.classList.add("btn", "btn-user");
-      userPanelBtn.innerHTML = '<i class="material-icons" title="User Panel">account_circle</i>';
+      userPanelBtn.setAttribute("data-i18n-title", "user_panel");
+      userPanelBtn.innerHTML = '<i class="material-icons">account_circle</i>';
+      
       const adminBtn = document.getElementById("adminPanelBtn");
       if (adminBtn) insertAfter(userPanelBtn, adminBtn);
       else if (firstButton) insertAfter(userPanelBtn, firstButton);
-      else headerButtons.appendChild(userPanelBtn);
+      else headerButtons.appendChild(userPanelBtn); 
       userPanelBtn.addEventListener("click", openUserPanel);
     } else {
       userPanelBtn.style.display = "block";
     }
   }
-
+  applyTranslations();
   updateItemsPerPageSelect();
   updateLoginOptionsUIFromStorage();
 }
@@ -227,15 +250,29 @@ function checkAuthentication(showLoginToast = true) {
 function submitLogin(data) {
   setLastLoginData(data);
   window.__lastLoginData = data;
-sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
-  .then(response => {
-    if (response.success || response.status === "ok") {
-      sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
-      window.location.reload();
-    } else if (response.totp_required) {
-      openTOTPLoginModal();
-    } else if (response.error && response.error.includes("Too many failed login attempts")) {
-      showToast(response.error);
+  sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
+    .then(response => {
+      if (response.success || response.status === "ok") {
+        sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
+        // Fetch and update permissions, then reload.
+        sendRequest("getUserPermissions.php", "GET")
+          .then(permissionData => {
+            if (permissionData && typeof permissionData === "object") {
+              localStorage.setItem("folderOnly", permissionData.folderOnly ? "true" : "false");
+              localStorage.setItem("readOnly", permissionData.readOnly ? "true" : "false");
+              localStorage.setItem("disableUpload", permissionData.disableUpload ? "true" : "false");
+            }
+          })
+          .catch(() => {
+            // if fetching permissions fails.
+          })
+          .finally(() => {
+            window.location.reload();
+          });
+      } else if (response.totp_required) {
+        openTOTPLoginModal();
+      } else if (response.error && response.error.includes("Too many failed login attempts")) {
+        showToast(response.error);
         const loginButton = document.getElementById("authForm").querySelector("button[type='submit']");
         if (loginButton) {
           loginButton.disabled = true;
@@ -293,7 +330,7 @@ function loadUserList() {
         closeRemoveUserModal();
       }
     })
-    .catch(() => {});
+    .catch(() => { });
 }
 window.loadUserList = loadUserList;
 
@@ -320,7 +357,7 @@ function initAuth() {
       method: "POST",
       credentials: "include",
       headers: { "X-CSRF-Token": window.csrfToken }
-    }).then(() => window.location.reload(true)).catch(() => {});
+    }).then(() => window.location.reload(true)).catch(() => { });
   });
   document.getElementById("addUserBtn").addEventListener("click", function () {
     resetUserForm();
@@ -386,7 +423,7 @@ function initAuth() {
           showToast("Error: " + (data.error || "Could not remove user"));
         }
       })
-      .catch(() => {});
+      .catch(() => { });
   });
   document.getElementById("cancelRemoveUserBtn").addEventListener("click", closeRemoveUserModal);
   document.getElementById("changePasswordBtn").addEventListener("click", function () {

js/authModals.js

@@ -2,8 +2,9 @@ import { showToast, toggleVisibility, attachEnterKeyListener } from './domUtils.
 import { sendRequest } from './networkUtils.js';
 import { t, applyTranslations, setLocale } from './i18n.js';
 
-const version = "v1.1.1";
-const adminTitle = `Admin Panel <small style="font-size: 12px; color: gray;">${version}</small>`;
+const version = "v1.1.3";
+// Use t() for the admin panel title. (Make sure t("admin_panel") returns "Admin Panel" in English.)
+const adminTitle = `${t("admin_panel")} <small style="font-size: 12px; color: gray;">${version}</small>`;
 
 let lastLoginData = null;
 export function setLastLoginData(data) {
@@ -44,7 +45,7 @@ export function openTOTPLoginModal() {
           <input type="text" id="recoveryInput"
                  style="font-size:24px; text-align:center; width:100%; padding:10px;"
                  placeholder="Recovery code" />
-          <button type="button" id="submitRecovery" class="btn btn-secondary" style="margin-top:10px;">Submit Recovery Code</button>
+          <button type="button" id="submitRecovery" class="btn btn-secondary" style="margin-top:10px;">${t("submit_recovery_code")}</button>
         </div>
       </div>
     `;
@@ -66,12 +67,12 @@ export function openTOTPLoginModal() {
         // Switch to recovery
         totpSection.style.display = "none";
         recoverySection.style.display = "block";
-        toggleLink.textContent = "Use TOTP Code instead";
+        toggleLink.textContent = t("use_totp_code_instead");
       } else {
         // Switch back to TOTP
         recoverySection.style.display = "none";
         totpSection.style.display = "block";
-        toggleLink.textContent = "Use Recovery Code instead";
+        toggleLink.textContent = t("use_recovery_code_instead");
       }
     });
 
@@ -79,7 +80,7 @@ export function openTOTPLoginModal() {
     document.getElementById("submitRecovery").addEventListener("click", () => {
       const recoveryCode = document.getElementById("recoveryInput").value.trim();
       if (!recoveryCode) {
-        showToast("Please enter your recovery code.");
+        showToast(t("please_enter_recovery_code"));
         return;
       }
       fetch("totp_recover.php", {
@@ -97,11 +98,11 @@ export function openTOTPLoginModal() {
             // recovery succeeded → finalize login
             window.location.href = "index.html";
           } else {
-            showToast(json.message || "Recovery code verification failed");
+            showToast(json.message || t("recovery_code_verification_failed"));
           }
         })
         .catch(() => {
-          showToast("Error verifying recovery code.");
+          showToast(t("error_verifying_recovery_code"));
         });
     });
 
@@ -125,14 +126,14 @@ export function openTOTPLoginModal() {
             if (json.status === "ok") {
               window.location.href = "index.html";
             } else {
-              showToast(json.message || "TOTP verification failed");
+              showToast(json.message || t("totp_verification_failed"));
               this.value = "";
               totpLoginModal.style.display = "flex";
               totpInput.focus();
             }
           })
           .catch(() => {
-            showToast("TOTP verification failed");
+            showToast(t("totp_verification_failed"));
             this.value = "";
             totpLoginModal.style.display = "flex";
             totpInput.focus();
@@ -162,9 +163,9 @@ export function openUserPanel() {
     max-width: 600px;
     width: 90%;
     border-radius: 8px;
-    position: relative;
+    position: fixed;
     overflow-y: auto;
-    max-height: 90vh;
+    max-height: 350px !important;
     border: ${isDarkMode ? "1px solid #444" : "1px solid #ccc"};
     transform: none;
     transition: none;
@@ -187,26 +188,26 @@ export function openUserPanel() {
         z-index: 3000;
       `;
     userPanelModal.innerHTML = `
-        <div class="modal-content" style="${modalContentStyles}">
+        <div class="modal-content user-panel-content" style="${modalContentStyles}">
           <span id="closeUserPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Panel (${username})</h3>
-          <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">Change Password</button>
+          <h3>${t("user_panel")} (${username})</h3>
+          <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">${t("change_password")}</button>
           <fieldset style="margin-bottom: 15px;">
-            <legend>TOTP Settings</legend>
+            <legend>${t("totp_settings")}</legend>
             <div class="form-group">
-              <label for="userTOTPEnabled">Enable TOTP:</label>
+              <label for="userTOTPEnabled">${t("enable_totp")}:</label>
               <input type="checkbox" id="userTOTPEnabled" style="vertical-align: middle;" />
             </div>
           </fieldset>
           <fieldset style="margin-bottom: 15px;">
-            <legend>Language</legend>
+            <legend>${t("language")}</legend>
             <div class="form-group">
-              <label for="languageSelector">Select Language:</label>
+              <label for="languageSelector">${t("select_language")}:</label>
               <select id="languageSelector">
-                <option value="en">English</option>
-                <option value="es">Español</option>
-                <option value="fr">Français</option>
-                <option value="de">Deutsch</option>
+                <option value="en">${t("english")}</option>
+                <option value="es">${t("spanish")}</option>
+                <option value="fr">${t("french")}</option>
+                <option value="de">${t("german")}</option>
               </select>
             </div>
           </fieldset>
@@ -239,12 +240,12 @@ export function openUserPanel() {
         .then(r => r.json())
         .then(result => {
           if (!result.success) {
-            showToast("Error updating TOTP setting: " + result.error);
+            showToast(t("error_updating_totp_setting") + ": " + result.error);
           } else if (enabled) {
             openTOTPModal();
           }
         })
-        .catch(() => { showToast("Error updating TOTP setting."); });
+        .catch(() => { showToast(t("error_updating_totp_setting")); });
     });
     // Language dropdown initialization
     const languageSelector = document.getElementById("languageSelector");
@@ -283,10 +284,10 @@ function showRecoveryCodeModal(recoveryCode) {
   `;
   recoveryModal.innerHTML = `
     <div style="background: #fff; color: #000; padding: 20px; max-width: 400px; width: 90%; border-radius: 8px; text-align: center;">
-      <h3>Your Recovery Code</h3>
-      <p>Please save this code securely. It will not be shown again and can only be used once.</p>
+      <h3>${t("your_recovery_code")}</h3>
+      <p>${t("please_save_recovery_code")}</p>
       <code style="display: block; margin: 10px 0; font-size: 20px;">${recoveryCode}</code>
-      <button type="button" id="closeRecoveryModal" class="btn btn-primary">OK</button>
+      <button type="button" id="closeRecoveryModal" class="btn btn-primary">${t("ok")}</button>
     </div>
   `;
   document.body.appendChild(recoveryModal);
@@ -325,19 +326,21 @@ export function openTOTPModal() {
       z-index: 3100;
     `;
     totpModal.innerHTML = `
-      <div class="modal-content" style="${modalContentStyles}">
-        <span id="closeTOTPModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-        <h3>TOTP Setup</h3>
-        <p>Scan this QR code with your authenticator app:</p>
-        <img src="totp_setup.php?csrf=${encodeURIComponent(window.csrfToken)}" alt="TOTP QR Code" style="max-width: 100%; height: auto; display: block; margin: 0 auto;">
-        <br/>
-        <p>Enter the 6-digit code from your app to confirm setup:</p>
-        <input type="text" id="totpConfirmInput" maxlength="6" style="font-size:24px; text-align:center; width:100%; padding:10px;" placeholder="6-digit code" />
-        <br/><br/>
-        <button type="button" id="confirmTOTPBtn" class="btn btn-primary">Confirm</button>
-      </div>
-    `;
+    <div class="modal-content" style="${modalContentStyles}">
+      <span id="closeTOTPModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
+      <h3>${t("totp_setup")}</h3>
+      <p>${t("scan_qr_code")}</p>
+      <!-- Create an image placeholder without the CSRF token in the src -->
+      <img id="totpQRCodeImage" src="" alt="TOTP QR Code" style="max-width: 100%; height: auto; display: block; margin: 0 auto;">
+      <br/>
+      <p>${t("enter_totp_confirmation")}</p>
+      <input type="text" id="totpConfirmInput" maxlength="6" style="font-size:24px; text-align:center; width:100%; padding:10px;" placeholder="6-digit code" />
+      <br/><br/>
+      <button type="button" id="confirmTOTPBtn" class="btn btn-primary">${t("confirm")}</button>
+    </div>
+  `;
     document.body.appendChild(totpModal);
+    loadTOTPQRCode();
 
     document.getElementById("closeTOTPModal").addEventListener("click", () => {
       closeTOTPModal(true);
@@ -346,7 +349,7 @@ export function openTOTPModal() {
     document.getElementById("confirmTOTPBtn").addEventListener("click", function () {
       const code = document.getElementById("totpConfirmInput").value.trim();
       if (code.length !== 6) {
-        showToast("Please enter a valid 6-digit code.");
+        showToast(t("please_enter_valid_code"));
         return;
       }
       fetch("totp_verify.php", {
@@ -361,7 +364,7 @@ export function openTOTPModal() {
         .then(r => r.json())
         .then(result => {
           if (result.status === 'ok') {
-            showToast("TOTP successfully enabled.");
+            showToast(t("totp_enabled_successfully"));
             // After successful TOTP verification, fetch the recovery code
             fetch("totp_saveCode.php", {
               method: "POST",
@@ -377,16 +380,16 @@ export function openTOTPModal() {
                   // Show the recovery code in a secure modal
                   showRecoveryCodeModal(data.recoveryCode);
                 } else {
-                  showToast("Error generating recovery code: " + (data.message || "Unknown error."));
+                  showToast(t("error_generating_recovery_code") + ": " + (data.message || t("unknown_error")));
                 }
               })
-              .catch(() => { showToast("Error generating recovery code."); });
+              .catch(() => { showToast(t("error_generating_recovery_code")); });
             closeTOTPModal(false);
           } else {
-            showToast("TOTP verification failed: " + (result.message || "Invalid code."));
+            showToast(t("totp_verification_failed") + ": " + (result.message || t("invalid_code")));
           }
         })
-        .catch(() => { showToast("Error verifying TOTP code."); });
+        .catch(() => { showToast(t("error_verifying_totp_code")); });
     });
 
     // Focus the input and attach enter key listener
@@ -406,6 +409,13 @@ export function openTOTPModal() {
     modalContent.style.background = isDarkMode ? "#2c2c2c" : "#fff";
     modalContent.style.color = isDarkMode ? "#e0e0e0" : "#000";
 
+    // Clear any previous QR code src if needed and then load it:
+    const qrImg = document.getElementById("totpQRCodeImage");
+    if (qrImg) {
+      qrImg.src = "";
+    }
+    loadTOTPQRCode();
+
     // Focus the input and attach enter key listener
     const totpConfirmInput = document.getElementById("totpConfirmInput");
     if (totpConfirmInput) {
@@ -419,6 +429,33 @@ export function openTOTPModal() {
   }
 }
 
+function loadTOTPQRCode() {
+  fetch("totp_setup.php", {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "X-CSRF-Token": window.csrfToken  // Send your CSRF token here
+    }
+  })
+    .then(response => {
+      if (!response.ok) {
+        throw new Error("Failed to fetch QR code. Status: " + response.status);
+      }
+      return response.blob();
+    })
+    .then(blob => {
+      const imageURL = URL.createObjectURL(blob);
+      const qrImg = document.getElementById("totpQRCodeImage");
+      if (qrImg) {
+        qrImg.src = imageURL;
+      }
+    })
+    .catch(error => {
+      console.error("Error loading TOTP QR code:", error);
+      showToast(t("error_loading_qr_code"));
+    });
+}
+
 // Updated closeTOTPModal function with a disable parameter
 export function closeTOTPModal(disable = true) {
   const totpModal = document.getElementById("totpModal");
@@ -443,17 +480,88 @@ export function closeTOTPModal(disable = true) {
       .then(r => r.json())
       .then(result => {
         if (!result.success) {
-          showToast("Error disabling TOTP setting: " + result.error);
+          showToast(t("error_disabling_totp_setting") + ": " + result.error);
         }
       })
-      .catch(() => { showToast("Error disabling TOTP setting."); });
+      .catch(() => { showToast(t("error_disabling_totp_setting")); });
   }
 }
 
+// Global variable to hold the initial state of the admin form.
+let originalAdminConfig = {};
+
+// Capture the initial state of the admin form fields.
+function captureInitialAdminConfig() {
+  originalAdminConfig = {
+    headerTitle: document.getElementById("headerTitle").value.trim(),
+    oidcProviderUrl: document.getElementById("oidcProviderUrl").value.trim(),
+    oidcClientId: document.getElementById("oidcClientId").value.trim(),
+    oidcClientSecret: document.getElementById("oidcClientSecret").value.trim(),
+    oidcRedirectUri: document.getElementById("oidcRedirectUri").value.trim(),
+    disableFormLogin: document.getElementById("disableFormLogin").checked,
+    disableBasicAuth: document.getElementById("disableBasicAuth").checked,
+    disableOIDCLogin: document.getElementById("disableOIDCLogin").checked,
+    globalOtpauthUrl: document.getElementById("globalOtpauthUrl").value.trim()
+  };
+}
+
+// Compare current values to the captured initial state.
+function hasUnsavedChanges() {
+  return (
+    document.getElementById("headerTitle").value.trim() !== originalAdminConfig.headerTitle ||
+    document.getElementById("oidcProviderUrl").value.trim() !== originalAdminConfig.oidcProviderUrl ||
+    document.getElementById("oidcClientId").value.trim() !== originalAdminConfig.oidcClientId ||
+    document.getElementById("oidcClientSecret").value.trim() !== originalAdminConfig.oidcClientSecret ||
+    document.getElementById("oidcRedirectUri").value.trim() !== originalAdminConfig.oidcRedirectUri ||
+    document.getElementById("disableFormLogin").checked !== originalAdminConfig.disableFormLogin ||
+    document.getElementById("disableBasicAuth").checked !== originalAdminConfig.disableBasicAuth ||
+    document.getElementById("disableOIDCLogin").checked !== originalAdminConfig.disableOIDCLogin ||
+    document.getElementById("globalOtpauthUrl").value.trim() !== originalAdminConfig.globalOtpauthUrl
+  );
+}
+
+// Use your custom confirmation modal.
+function showCustomConfirmModal(message) {
+  return new Promise((resolve) => {
+    // Get modal elements from DOM.
+    const modal = document.getElementById("customConfirmModal");
+    const messageElem = document.getElementById("confirmMessage");
+    const yesBtn = document.getElementById("confirmYesBtn");
+    const noBtn = document.getElementById("confirmNoBtn");
+
+    // Set the message in the modal.
+    messageElem.textContent = message;
+    modal.style.display = "block";
+
+    // Define event handlers.
+    function onYes() {
+      cleanup();
+      resolve(true);
+    }
+    function onNo() {
+      cleanup();
+      resolve(false);
+    }
+    // Remove event listeners and hide modal after choice.
+    function cleanup() {
+      yesBtn.removeEventListener("click", onYes);
+      noBtn.removeEventListener("click", onNo);
+      modal.style.display = "none";
+    }
+    
+    yesBtn.addEventListener("click", onYes);
+    noBtn.addEventListener("click", onNo);
+  });
+}
+
 export function openAdminPanel() {
   fetch("getConfig.php", { credentials: "include" })
     .then(response => response.json())
     .then(config => {
+      if (config.header_title) {
+        document.querySelector(".header-title h1").textContent = config.header_title;
+        window.headerTitle = config.header_title || "FileRise";
+      }
       if (config.oidc) Object.assign(window.currentOIDCConfig, config.oidc);
       if (config.globalOtpauthUrl) window.currentOIDCConfig.globalOtpauthUrl = config.globalOtpauthUrl;
       const isDarkMode = document.body.classList.contains("dark-mode");
@@ -487,77 +595,84 @@ export function openAdminPanel() {
             align-items: center;
             z-index: 3000;
           `;
-        // Added a version number next to "Admin Panel"
         adminModal.innerHTML = `
           <div class="modal-content" style="${modalContentStyles}">
             <span id="closeAdminPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-            <h3>
-              <h3>${adminTitle}</h3>
-            </h3>
+            <h3>${adminTitle}</h3>
             <form id="adminPanelForm">
               <fieldset style="margin-bottom: 15px;">
-                <legend>User Management</legend>
+                <legend>${t("user_management")}</legend>
                 <div style="display: flex; gap: 10px;">
-                  <button type="button" id="adminOpenAddUser" class="btn btn-success">Add User</button>
-                  <button type="button" id="adminOpenRemoveUser" class="btn btn-danger">Remove User</button>
-                  <button type="button" id="adminOpenUserPermissions" class="btn btn-secondary">User Permissions</button>
+                  <button type="button" id="adminOpenAddUser" class="btn btn-success">${t("add_user")}</button>
+                  <button type="button" id="adminOpenRemoveUser" class="btn btn-danger">${t("remove_user")}</button>
+                  <button type="button" id="adminOpenUserPermissions" class="btn btn-secondary">${t("user_permissions")}</button>
                 </div>
               </fieldset>
               <fieldset style="margin-bottom: 15px;">
-                <legend>OIDC Configuration</legend>
+                <legend>Header Settings</legend>
                 <div class="form-group">
-                  <label for="oidcProviderUrl">OIDC Provider URL:</label>
+                  <label for="headerTitle">Header Title:</label>
+                  <input type="text" id="headerTitle" class="form-control" value="${window.headerTitle}" />
+                </div>
+              </fieldset>
+              <fieldset style="margin-bottom: 15px;">
+                <legend>${t("login_options")}</legend>
+                <div class="form-group">
+                  <input type="checkbox" id="disableFormLogin" />
+                  <label for="disableFormLogin">${t("disable_login_form")}</label>
+                </div>
+                <div class="form-group">
+                  <input type="checkbox" id="disableBasicAuth" />
+                  <label for="disableBasicAuth">${t("disable_basic_http_auth")}</label>
+                </div>
+                <div class="form-group">
+                  <input type="checkbox" id="disableOIDCLogin" />
+                  <label for="disableOIDCLogin">${t("disable_oidc_login")}</label>
+                </div>
+              </fieldset>
+              <fieldset style="margin-bottom: 15px;">
+                <legend>${t("oidc_configuration")}</legend>
+                <div class="form-group">
+                  <label for="oidcProviderUrl">${t("oidc_provider_url")}:</label>
                   <input type="text" id="oidcProviderUrl" class="form-control" value="${window.currentOIDCConfig.providerUrl}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcClientId">OIDC Client ID:</label>
+                  <label for="oidcClientId">${t("oidc_client_id")}:</label>
                   <input type="text" id="oidcClientId" class="form-control" value="${window.currentOIDCConfig.clientId}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcClientSecret">OIDC Client Secret:</label>
+                  <label for="oidcClientSecret">${t("oidc_client_secret")}:</label>
                   <input type="text" id="oidcClientSecret" class="form-control" value="${window.currentOIDCConfig.clientSecret}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcRedirectUri">OIDC Redirect URI:</label>
+                  <label for="oidcRedirectUri">${t("oidc_redirect_uri")}:</label>
                   <input type="text" id="oidcRedirectUri" class="form-control" value="${window.currentOIDCConfig.redirectUri}" />
                 </div>
               </fieldset>
               <fieldset style="margin-bottom: 15px;">
-                <legend>Global TOTP Settings</legend>
+                <legend>${t("global_totp_settings")}</legend>
                 <div class="form-group">
-                  <label for="globalOtpauthUrl">Global OTPAuth URL:</label>
+                  <label for="globalOtpauthUrl">${t("global_otpauth_url")}:</label>
                   <input type="text" id="globalOtpauthUrl" class="form-control" value="${window.currentOIDCConfig.globalOtpauthUrl || 'otpauth://totp/{label}?secret={secret}&issuer=FileRise'}" />
                 </div>
               </fieldset>
-              <fieldset style="margin-bottom: 15px;">
-                <legend>Login Options</legend>
-                <div class="form-group">
-                  <input type="checkbox" id="disableFormLogin" />
-                  <label for="disableFormLogin">Disable Login Form</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableBasicAuth" />
-                  <label for="disableBasicAuth">Disable Basic HTTP Auth</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableOIDCLogin" />
-                  <label for="disableOIDCLogin">Disable OIDC Login</label>
-                </div>
-              </fieldset>
               <div style="display: flex; justify-content: space-between;">
-                <button type="button" id="cancelAdminSettings" class="btn btn-secondary">Cancel</button>
-                <button type="button" id="saveAdminSettings" class="btn btn-primary">Save Settings</button>
+                <button type="button" id="cancelAdminSettings" class="btn btn-secondary">${t("cancel")}</button>
+                <button type="button" id="saveAdminSettings" class="btn btn-primary">${t("save_settings")}</button>
               </div>
             </form>
           </div>
         `;
         document.body.appendChild(adminModal);
 
+        // Bind closing events that will use our enhanced close function.
         document.getElementById("closeAdminPanel").addEventListener("click", closeAdminPanel);
         adminModal.addEventListener("click", (e) => {
           if (e.target === adminModal) closeAdminPanel();
         });
         document.getElementById("cancelAdminSettings").addEventListener("click", closeAdminPanel);
+
+        // Bind other buttons.
         document.getElementById("adminOpenAddUser").addEventListener("click", () => {
           toggleVisibility("addUserModal", true);
           document.getElementById("newUsername").focus();
@@ -568,7 +683,6 @@ export function openAdminPanel() {
           }
           toggleVisibility("removeUserModal", true);
         });
-        // New event binding for the User Permissions button:
         document.getElementById("adminOpenUserPermissions").addEventListener("click", () => {
           openUserPermissionsModal();
         });
@@ -578,7 +692,7 @@ export function openAdminPanel() {
           const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
           const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
           if (totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
+            showToast(t("at_least_one_login_method"));
             disableOIDCLoginCheckbox.checked = false;
             localStorage.setItem("disableOIDCLogin", "false");
             if (typeof window.updateLoginOptionsUI === "function") {
@@ -590,6 +704,7 @@ export function openAdminPanel() {
             }
             return;
           }
+          const newHeaderTitle = document.getElementById("headerTitle").value.trim();
           const newOIDCConfig = {
             providerUrl: document.getElementById("oidcProviderUrl").value.trim(),
             clientId: document.getElementById("oidcClientId").value.trim(),
@@ -601,6 +716,7 @@ export function openAdminPanel() {
           const disableOIDCLogin = disableOIDCLoginCheckbox.checked;
           const globalOtpauthUrl = document.getElementById("globalOtpauthUrl").value.trim();
           sendRequest("updateConfig.php", "POST", {
+            header_title: newHeaderTitle,
             oidc: newOIDCConfig,
             disableFormLogin,
             disableBasicAuth,
@@ -609,27 +725,31 @@ export function openAdminPanel() {
           }, { "X-CSRF-Token": window.csrfToken })
             .then(response => {
               if (response.success) {
-                showToast("Settings updated successfully.");
+                showToast(t("settings_updated_successfully"));
                 localStorage.setItem("disableFormLogin", disableFormLogin);
                 localStorage.setItem("disableBasicAuth", disableBasicAuth);
                 localStorage.setItem("disableOIDCLogin", disableOIDCLogin);
                 if (typeof window.updateLoginOptionsUI === "function") {
                   window.updateLoginOptionsUI({ disableFormLogin, disableBasicAuth, disableOIDCLogin });
                 }
+                // Update the captured initial state since the changes have now been saved.
+                captureInitialAdminConfig();
                 closeAdminPanel();
+              
               } else {
-                showToast("Error updating settings: " + (response.error || "Unknown error"));
+                showToast(t("error_updating_settings") + ": " + (response.error || t("unknown_error")));
               }
             })
             .catch(() => { });
         });
+        // Enforce login option constraints.
         const disableFormLoginCheckbox = document.getElementById("disableFormLogin");
         const disableBasicAuthCheckbox = document.getElementById("disableBasicAuth");
         const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
         function enforceLoginOptionConstraint(changedCheckbox) {
           const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
           if (changedCheckbox.checked && totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
+            showToast(t("at_least_one_login_method"));
             changedCheckbox.checked = false;
           }
         }
@@ -640,6 +760,9 @@ export function openAdminPanel() {
         document.getElementById("disableFormLogin").checked = config.loginOptions.disableFormLogin === true;
         document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
         document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
+        
+        // Capture initial state after the modal loads.
+        captureInitialAdminConfig();
       } else {
         adminModal.style.backgroundColor = overlayBackground;
         const modalContent = adminModal.querySelector(".modal-content");
@@ -657,6 +780,7 @@ export function openAdminPanel() {
         document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
         document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
         adminModal.style.display = "flex";
+        captureInitialAdminConfig();
       }
     })
     .catch(() => {
@@ -678,19 +802,25 @@ export function openAdminPanel() {
         document.getElementById("disableBasicAuth").checked = localStorage.getItem("disableBasicAuth") === "true";
         document.getElementById("disableOIDCLogin").checked = localStorage.getItem("disableOIDCLogin") === "true";
         adminModal.style.display = "flex";
+        captureInitialAdminConfig();
       } else {
         openAdminPanel();
       }
     });
 }
 
-export function closeAdminPanel() {
+export async function closeAdminPanel() {
+  if (hasUnsavedChanges()) {
+    const userConfirmed = await showCustomConfirmModal(t("unsaved_changes_confirm"));
+    if (!userConfirmed) {
+      return;
+    }
+  }
   const adminModal = document.getElementById("adminPanelModal");
   if (adminModal) adminModal.style.display = "none";
 }
 
 // --- New: User Permissions Modal ---
-
 export function openUserPermissionsModal() {
   let userPermissionsModal = document.getElementById("userPermissionsModal");
   const isDarkMode = document.body.classList.contains("dark-mode");
@@ -723,13 +853,13 @@ export function openUserPermissionsModal() {
     userPermissionsModal.innerHTML = `
         <div class="modal-content" style="${modalContentStyles}">
           <span id="closeUserPermissionsModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Permissions</h3>
+          <h3>${t("user_permissions")}</h3>
           <div id="userPermissionsList" style="max-height: 300px; overflow-y: auto; margin-bottom: 15px;">
             <!-- User rows will be loaded here -->
           </div>
           <div style="display: flex; justify-content: flex-end; gap: 10px;">
-            <button type="button" id="cancelUserPermissionsBtn" class="btn btn-secondary">Cancel</button>
-            <button type="button" id="saveUserPermissionsBtn" class="btn btn-primary">Save Permissions</button>
+            <button type="button" id="cancelUserPermissionsBtn" class="btn btn-secondary">${t("cancel")}</button>
+            <button type="button" id="saveUserPermissionsBtn" class="btn btn-primary">${t("save_permissions")}</button>
           </div>
         </div>
       `;
@@ -760,14 +890,14 @@ export function openUserPermissionsModal() {
       sendRequest("updateUserPermissions.php", "POST", { permissions: permissionsData }, { "X-CSRF-Token": window.csrfToken })
         .then(response => {
           if (response.success) {
-            showToast("User permissions updated successfully.");
+            showToast(t("user_permissions_updated_successfully"));
             userPermissionsModal.style.display = "none";
           } else {
-            showToast("Error updating permissions: " + (response.error || "Unknown error"));
+            showToast(t("error_updating_permissions") + ": " + (response.error || t("unknown_error")));
           }
         })
         .catch(() => {
-          showToast("Error updating permissions.");
+          showToast(t("error_updating_permissions"));
         });
     });
   } else {
@@ -792,20 +922,26 @@ function loadUserPermissionsList() {
         .then(usersData => {
           const users = Array.isArray(usersData) ? usersData : (usersData.users || []);
           if (users.length === 0) {
-            listContainer.innerHTML = "<p>No users found.</p>";
+            listContainer.innerHTML = "<p>" + t("no_users_found") + "</p>";
             return;
           }
           users.forEach(user => {
             // Skip admin users.
             if ((user.role && user.role === "1") || user.username.toLowerCase() === "admin") return;
 
-            // Use stored permissions if available; otherwise fall back to localStorage defaults.
+            // Use stored permissions if available; otherwise fall back to defaults.
             const defaultPerm = {
-              folderOnly: localStorage.getItem("folderOnly") === "true",
-              readOnly: localStorage.getItem("readOnly") === "true",
-              disableUpload: localStorage.getItem("disableUpload") === "true"
+              folderOnly: false,
+              readOnly: false,
+              disableUpload: false,
             };
-            const userPerm = (permissionsData && typeof permissionsData === "object" && permissionsData[user.username]) || defaultPerm;
+
+            // Normalize the username key to match server storage (e.g., lowercase)
+            const usernameKey = user.username.toLowerCase();
+
+            const userPerm = (permissionsData && typeof permissionsData === "object" && (usernameKey in permissionsData))
+              ? permissionsData[usernameKey]
+              : defaultPerm;
 
             // Create a row for the user.
             const row = document.createElement("div");
@@ -817,15 +953,15 @@ function loadUserPermissionsList() {
                 <div style="display: flex; flex-direction: column; gap: 5px;">
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="folderOnly" ${userPerm.folderOnly ? "checked" : ""} />
-                    User Folder Only
+                    ${t("user_folder_only")}
                   </label>
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="readOnly" ${userPerm.readOnly ? "checked" : ""} />
-                    Read Only
+                    ${t("read_only")}
                   </label>
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="disableUpload" ${userPerm.disableUpload ? "checked" : ""} />
-                    Disable Upload
+                    ${t("disable_upload")}
                   </label>
                 </div>
                 <hr style="margin-top: 10px; border: 0; border-bottom: 1px solid #ccc;">
@@ -835,6 +971,6 @@ function loadUserPermissionsList() {
         });
     })
     .catch(() => {
-      listContainer.innerHTML = "<p>Error loading users.</p>";
+      listContainer.innerHTML = "<p>" + t("error_loading_users") + "</p>";
     });
 }

js/domUtils.js

@@ -90,23 +90,36 @@ export function showToast(message, duration = 3000) {
 
 export function buildSearchAndPaginationControls({ currentPage, totalPages, searchTerm }) {
   const safeSearchTerm = escapeHTML(searchTerm);
+  // Choose the placeholder text based on advanced search mode
+  const placeholderText = window.advancedSearchEnabled 
+    ? t("search_placeholder_advanced")
+    : t("search_placeholder");
+
   return `
     <div class="row align-items-center mb-3">
       <div class="col-12 col-md-8 mb-2 mb-md-0">
         <div class="input-group">
+          <!-- Advanced Search Toggle Button -->
+          <div class="input-group-prepend">
+            <button id="advancedSearchToggle" class="btn btn-outline-secondary btn-icon" onclick="toggleAdvancedSearch()" title="${window.advancedSearchEnabled ? t("basic_search_tooltip") : t("advanced_search_tooltip")}">
+              <i class="material-icons">${window.advancedSearchEnabled ? "filter_alt_off" : "filter_alt"}</i>
+            </button>
+          </div>
+          <!-- Search Icon -->
           <div class="input-group-prepend">
             <span class="input-group-text" id="searchIcon">
               <i class="material-icons">search</i>
             </span>
           </div>
-          <input type="text" id="searchInput" class="form-control" placeholder="${t("search_placeholder")}" value="${safeSearchTerm}" aria-describedby="searchIcon">
+          <!-- Search Input -->
+          <input type="text" id="searchInput" class="form-control" placeholder="${placeholderText}" value="${safeSearchTerm}" aria-describedby="searchIcon">
         </div>
       </div>
       <div class="col-12 col-md-4 text-left">
         <div class="d-flex justify-content-center justify-content-md-start align-items-center">
-          <button class="custom-prev-next-btn" ${currentPage === 1 ? "disabled" : ""} onclick="changePage(${currentPage - 1})">Prev</button>
-          <span class="page-indicator">Page ${currentPage} of ${totalPages || 1}</span>
-          <button class="custom-prev-next-btn" ${currentPage === totalPages ? "disabled" : ""} onclick="changePage(${currentPage + 1})">Next</button>
+          <button class="custom-prev-next-btn" ${currentPage === 1 ? "disabled" : ""} onclick="changePage(${currentPage - 1})">${t("prev")}</button>
+          <span class="page-indicator">${t("page")} ${currentPage} ${t("of")} ${totalPages || 1}</span>
+          <button class="custom-prev-next-btn" ${currentPage === totalPages ? "disabled" : ""} onclick="changePage(${currentPage + 1})">${t("next")}</button>
         </div>
       </div>
     </div>
@@ -124,7 +137,7 @@ export function buildFileTableHeader(sortOrder) {
           <th data-column="uploaded" class="hide-small hide-medium sortable-col">${t("upload_date")} ${sortOrder.column === "uploaded" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
           <th data-column="size" class="hide-small sortable-col">${t("file_size")} ${sortOrder.column === "size" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
           <th data-column="uploader" class="hide-small hide-medium sortable-col">${t("uploader")} ${sortOrder.column === "uploader" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
-          <th>Actions</th>
+          <th>${t("actions")}</th>
         </tr>
       </thead>
   `;
@@ -168,36 +181,38 @@ export function buildFileTableRow(file, folderPath) {
       <div class="button-wrap" style="display: flex; justify-content: left; gap: 5px;">
         <button type="button" class="btn btn-sm btn-success download-btn" 
           onclick="openDownloadModal('${file.name}', '${file.folder || 'root'}')" 
-          title="Download">
-        <i class="material-icons">file_download</i>
+          title="${t('download')}">
+          <i class="material-icons">file_download</i>
         </button>
         ${file.editable ? `
           <button class="btn btn-sm edit-btn" 
                   onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})'
-                  title="Edit">
+                  title="${t('edit')}">
             <i class="material-icons">edit</i>
           </button>
         ` : ""}
         ${previewButton}
         <button class="btn btn-sm btn-warning rename-btn" 
                 onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})'
-                title="Rename">
+                title="${t('rename')}">
           <i class="material-icons">drive_file_rename_outline</i>
         </button>
       </div>
     </td>
   </tr>
-  `;
+`;
 }
 
 export function buildBottomControls(itemsPerPageSetting) {
   return `
     <div class="d-flex align-items-center mt-3 bottom-controls">
-      <label class="label-inline mr-2 mb-0">Show</label>
+      <label class="label-inline mr-2 mb-0">${t("show")}</label>
       <select class="form-control bottom-select" onchange="changeItemsPerPage(this.value)">
-        ${[10, 20, 50, 100].map(num => `<option value="${num}" ${num === itemsPerPageSetting ? "selected" : ""}>${num}</option>`).join("")}
+        ${[10, 20, 50, 100]
+          .map(num => `<option value="${num}" ${num === itemsPerPageSetting ? "selected" : ""}>${num}</option>`)
+          .join("")}
       </select>
-      <span class="items-per-page-text ml-2 mb-0">items per page</span>
+      <span class="items-per-page-text ml-2 mb-0">${t("items_per_page")}</span>
     </div>
   `;
 }

js/dragAndDrop.js

@@ -299,7 +299,7 @@ export function loadSidebarOrder() {
           modal = document.createElement('div');
           modal.className = 'header-card-modal';
           modal.style.position = 'fixed';
-          modal.style.top = '80px';
+          modal.style.top = '55px';
           modal.style.right = '80px';
           modal.style.zIndex = '11000';
           // Render the modal but initially keep it hidden.

js/fileDragDrop.js

@@ -1,4 +1,4 @@
-// dragDrop.js
+// fileDragDrop.js
 import { showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 

js/fileEditor.js

@@ -1,4 +1,4 @@
-// editor.js
+// fileEditor.js
 import { escapeHTML, showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 import { t } from './i18n.js';

js/fileListView.js

@@ -24,6 +24,9 @@ window.itemsPerPage = window.itemsPerPage || 10;
 window.currentPage = window.currentPage || 1;
 window.viewMode = localStorage.getItem("viewMode") || "table"; // "table" or "gallery"
 
+// Global flag for advanced search mode.
+window.advancedSearchEnabled = false;
+
 /**
  * --- Helper Functions ---
  */
@@ -33,11 +36,8 @@ window.viewMode = localStorage.getItem("viewMode") || "table"; // "table" or "ga
  */
 function parseSizeToBytes(sizeStr) {
     if (!sizeStr) return 0;
-    // Remove any whitespace
     let s = sizeStr.trim();
-    // Extract the numerical part.
     let value = parseFloat(s);
-    // Determine if there is a unit. Convert the unit to uppercase for easier matching.
     let upper = s.toUpperCase();
     if (upper.includes("KB")) {
         value *= 1024;
@@ -50,7 +50,7 @@ function parseSizeToBytes(sizeStr) {
 }
 
 /**
- * Format the total bytes as a human-readable string, choosing an appropriate unit.
+ * Format the total bytes as a human-readable string.
  */
 function formatSize(totalBytes) {
     if (totalBytes < 1024) {
@@ -66,41 +66,104 @@ function formatSize(totalBytes) {
 
 /**
  * Build the folder summary HTML using the filtered file list.
- * This function sums the file sizes in bytes correctly, then formats the total.
  */
 function buildFolderSummary(filteredFiles) {
     const totalFiles = filteredFiles.length;
     const totalBytes = filteredFiles.reduce((sum, file) => {
-        // file.size might be something like "456.9KB" or just "1024".
         return sum + parseSizeToBytes(file.size);
     }, 0);
     const sizeStr = formatSize(totalBytes);
-    return `<strong>Total Files:</strong> ${totalFiles} &nbsp;|&nbsp; <strong>Total Size:</strong> ${sizeStr}`;
+    return `<strong>${t('total_files')}:</strong> ${totalFiles} &nbsp;|&nbsp; <strong>${t('total_size')}:</strong> ${sizeStr}`;
 }
 
+/**
+ * --- Advanced Search Toggle ---
+ * Toggles advanced search mode. When enabled, the search will include additional keys (e.g. "content").
+ */
+function toggleAdvancedSearch() {
+    window.advancedSearchEnabled = !window.advancedSearchEnabled;
+    const advancedBtn = document.getElementById("advancedSearchToggle");
+    if (advancedBtn) {
+        advancedBtn.textContent = window.advancedSearchEnabled ? "Basic Search" : "Advanced Search";
+    }
+    // Re-run the file table rendering with updated search settings.
+    renderFileTable(window.currentFolder);
+}
+
+/**
+ * --- Fuse.js Search Helper ---
+ * Uses Fuse.js to perform a fuzzy search on fileData.
+ * By default, searches over file name, uploader, and tag names.
+ * When advanced search is enabled, it also includes the 'content' property.
+ */
+function searchFiles(searchTerm) {
+    if (!searchTerm) return fileData;
+    
+    // Define search keys.
+    let keys = [
+      { name: 'name', weight: 0.1 },
+      { name: 'uploader', weight: 0.1 },
+      { name: 'tags.name', weight: 0.1 }
+    ];
+    if (window.advancedSearchEnabled) {
+      keys.push({ name: 'content', weight: 0.7 });
+    }
+    
+    const options = {
+      keys: keys,
+      threshold: 0.4,
+      minMatchCharLength: 2,
+      ignoreLocation: true
+    };
+    
+    const fuse = new Fuse(fileData, options);
+    let results = fuse.search(searchTerm);
+    return results.map(result => result.item);
+  }
+
 /**
  * --- VIEW MODE TOGGLE BUTTON & Helpers ---
  */
 export function createViewToggleButton() {
     let toggleBtn = document.getElementById("toggleViewBtn");
     if (!toggleBtn) {
-        toggleBtn = document.createElement("button");
-        toggleBtn.id = "toggleViewBtn";
-        toggleBtn.classList.add("btn", "btn-secondary");
-        const titleElem = document.getElementById("fileListTitle");
-        if (titleElem) {
-            titleElem.parentNode.insertBefore(toggleBtn, titleElem.nextSibling);
-        }
+      toggleBtn = document.createElement("button");
+      toggleBtn.id = "toggleViewBtn";
+      toggleBtn.classList.add("btn", "btn-toggleview");
+      
+      // Set initial icon and tooltip based on current view mode.
+      if (window.viewMode === "gallery") {
+        toggleBtn.innerHTML = '<i class="material-icons">view_list</i>';
+        toggleBtn.title =  t("switch_to_table_view");
+      } else {
+        toggleBtn.innerHTML = '<i class="material-icons">view_module</i>';
+        toggleBtn.title = t("switch_to_gallery_view");
+      }
+      
+      // Insert the button before the last button in the header.
+      const headerButtons = document.querySelector(".header-buttons");
+      if (headerButtons && headerButtons.lastElementChild) {
+        headerButtons.insertBefore(toggleBtn, headerButtons.lastElementChild);
+      } else if (headerButtons) {
+        headerButtons.appendChild(toggleBtn);
+      }
     }
-    toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
+    
     toggleBtn.onclick = () => {
-        window.viewMode = window.viewMode === "gallery" ? "table" : "gallery";
-        localStorage.setItem("viewMode", window.viewMode);
-        loadFileList(window.currentFolder);
-        toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
+      window.viewMode = window.viewMode === "gallery" ? "table" : "gallery";
+      localStorage.setItem("viewMode", window.viewMode);
+      loadFileList(window.currentFolder);
+      if (window.viewMode === "gallery") {
+        toggleBtn.innerHTML = '<i class="material-icons">view_list</i>';
+        toggleBtn.title =  t("switch_to_table_view");
+      } else {
+        toggleBtn.innerHTML = '<i class="material-icons">view_module</i>';
+        toggleBtn.title = t("switch_to_gallery_view");
+      }
     };
+    
     return toggleBtn;
-}
+  }
 
 export function formatFolderName(folder) {
     if (folder === "root") return "(Root)";
@@ -134,7 +197,15 @@ export function loadFileList(folderParam) {
         })
         .then(data => {
             fileListContainer.innerHTML = ""; // Clear loading message.
-            if (data.files && data.files.length > 0) {
+            if (data.files && Object.keys(data.files).length > 0) {
+                // If the returned "files" is an object instead of an array, transform it.
+                if (!Array.isArray(data.files)) {
+                    data.files = Object.entries(data.files).map(([name, meta]) => {
+                        meta.name = name;
+                        return meta;
+                    });
+                }
+                // Process each file – add computed properties.
                 data.files = data.files.map(file => {
                     file.fullName = (file.path || file.name).trim().toLowerCase();
                     file.editable = canEditFile(file.name);
@@ -142,11 +213,13 @@ export function loadFileList(folderParam) {
                     if (!file.type && /\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(file.name)) {
                         file.type = "image";
                     }
+                    // OPTIONAL: For text documents, preload content (if available from backend)
+                    // Example: if (/\.txt|html|md|js|css|json|xml$/i.test(file.name)) { file.content = file.content || ""; }
                     return file;
                 });
                 fileData = data.files;
 
-                // Update the file list actions area without removing existing buttons.
+                // Update file summary.
                 const actionsContainer = document.getElementById("fileListActions");
                 if (actionsContainer) {
                     let summaryElem = document.getElementById("fileSummary");
@@ -164,7 +237,7 @@ export function loadFileList(folderParam) {
                     summaryElem.innerHTML = buildFolderSummary(fileData);
                 }
 
-                // Render the view normally.
+                // Render view based on the view mode.
                 if (window.viewMode === "gallery") {
                     renderGalleryView(folder);
                 } else {
@@ -193,8 +266,7 @@ export function loadFileList(folderParam) {
 }
 
 /**
- * Update renderFileTable so that it writes its content into the provided container.
- * If no container is provided, it defaults to the element with id "fileList".
+ * Update renderFileTable so it writes its content into the provided container.
  */
 export function renderFileTable(folder, container) {
     const fileListContent = container || document.getElementById("fileList");
@@ -202,11 +274,9 @@ export function renderFileTable(folder, container) {
     const itemsPerPageSetting = parseInt(localStorage.getItem("itemsPerPage") || "10", 10);
     let currentPage = window.currentPage || 1;
 
-    const filteredFiles = fileData.filter(file => {
-        const nameMatch = file.name.toLowerCase().includes(searchTerm);
-        const tagMatch = file.tags && file.tags.some(tag => tag.name.toLowerCase().includes(searchTerm));
-        return nameMatch || tagMatch;
-    });
+    // Use Fuse.js search via our helper function.
+    const filteredFiles = searchFiles(searchTerm);
+    
     const totalFiles = filteredFiles.length;
     const totalPages = Math.ceil(totalFiles / itemsPerPageSetting);
     if (currentPage > totalPages) {
@@ -217,11 +287,15 @@ export function renderFileTable(folder, container) {
         ? "uploads/"
         : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
 
+    // Build the top controls and append the advanced search toggle button.
     const topControlsHTML = buildSearchAndPaginationControls({
         currentPage,
         totalPages,
         searchTerm: window.currentSearchTerm || ""
     });
+
+    const combinedTopHTML = topControlsHTML;
+    
     let headerHTML = buildFileTableHeader(sortOrder);
     const startIndex = (currentPage - 1) * itemsPerPageSetting;
     const endIndex = Math.min(startIndex + itemsPerPageSetting, totalFiles);
@@ -242,7 +316,7 @@ export function renderFileTable(folder, container) {
             rowHTML = rowHTML.replace(/(<td class="file-name-cell">)(.*?)(<\/td>)/, (match, p1, p2, p3) => {
                 return p1 + p2 + tagBadgesHTML + p3;
             });
-            rowHTML = rowHTML.replace(/(<\/div>\s*<\/td>\s*<\/tr>)/, `<button class="share-btn btn btn-sm btn-secondary" data-file="${escapeHTML(file.name)}" title="Share">
+            rowHTML = rowHTML.replace(/(<\/div>\s*<\/td>\s*<\/tr>)/, `<button class="share-btn btn btn-sm btn-secondary" data-file="${escapeHTML(file.name)}" title="${t('share')}">
                 <i class="material-icons">share</i>
               </button>$1`);
             rowsHTML += rowHTML;
@@ -253,11 +327,11 @@ export function renderFileTable(folder, container) {
     rowsHTML += "</tbody></table>";
     const bottomControlsHTML = buildBottomControls(itemsPerPageSetting);
 
-    fileListContent.innerHTML = topControlsHTML + headerHTML + rowsHTML + bottomControlsHTML;
+    fileListContent.innerHTML = combinedTopHTML + headerHTML + rowsHTML + bottomControlsHTML;
 
     createViewToggleButton();
 
-    // Setup event listeners as before...
+    // Setup event listeners.
     const newSearchInput = document.getElementById("searchInput");
     if (newSearchInput) {
         newSearchInput.addEventListener("input", debounce(function () {
@@ -299,7 +373,7 @@ export function renderFileTable(folder, container) {
         });
     });
     updateFileActionButtons();
-    document.querySelectorAll("#fileListContent tbody tr").forEach(row => {
+    document.querySelectorAll("#fileList tbody tr").forEach(row => {
         row.setAttribute("draggable", "true");
         import('./fileDragDrop.js').then(module => {
             row.addEventListener("dragstart", module.fileDragStartHandler);
@@ -317,10 +391,8 @@ export function renderFileTable(folder, container) {
 export function renderGalleryView(folder, container) {
     const fileListContent = container || document.getElementById("fileList");
     const searchTerm = (window.currentSearchTerm || "").toLowerCase();
-    const filteredFiles = fileData.filter(file => {
-        return file.name.toLowerCase().includes(searchTerm) ||
-            (file.tags && file.tags.some(tag => tag.name.toLowerCase().includes(searchTerm)));
-    });
+    // Use Fuse.js search for gallery view as well.
+    const filteredFiles = searchFiles(searchTerm);
     const folderPath = folder === "root"
         ? "uploads/"
         : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
@@ -348,23 +420,23 @@ export function renderGalleryView(folder, container) {
           ${thumbnail}
         </div>
         <div class="gallery-info" style="margin-top: 5px;">
-          <span class="gallery-file-name" style="display: block;">${escapeHTML(file.name)}</span>
+          <span class="gallery-file-name" style="display: block; white-space: normal; overflow-wrap: break-word; word-wrap: break-word;">${escapeHTML(file.name)}</span>
           ${tagBadgesHTML}
           <div class="button-wrap" style="display: flex; justify-content: center; gap: 5px;">
             <button type="button" class="btn btn-sm btn-success download-btn" 
                 onclick="openDownloadModal('${file.name}', '${file.folder || 'root'}')" 
-                title="Download">
+                title="${t('download')}">
                 <i class="material-icons">file_download</i>
             </button>
             ${file.editable ? `
-              <button class="btn btn-sm edit-btn" onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Edit">
+              <button class="btn btn-sm edit-btn" onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="${t('Edit')}">
                 <i class="material-icons">edit</i>
               </button>
             ` : ""}
-            <button class="btn btn-sm btn-warning rename-btn" onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Rename">
+            <button class="btn btn-sm btn-warning rename-btn" onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="${t('rename')}">
                <i class="material-icons">drive_file_rename_outline</i>
             </button>
-            <button class="btn btn-sm btn-secondary share-btn" data-file="${escapeHTML(file.name)}" title="Share">
+            <button class="btn btn-sm btn-secondary share-btn" data-file="${escapeHTML(file.name)}" title="${t('share')}">
                <i class="material-icons">share</i>
             </button>
           </div>
@@ -477,4 +549,5 @@ window.changeItemsPerPage = function (newCount) {
 window.loadFileList = loadFileList;
 window.renderFileTable = renderFileTable;
 window.renderGalleryView = renderGalleryView;
-window.sortFiles = sortFiles;
+window.sortFiles = sortFiles;
+window.toggleAdvancedSearch = toggleAdvancedSearch;

js/fileMenu.js

@@ -1,4 +1,4 @@
-// contextMenu.js
+// fileMenu.js
 import { updateRowHighlight, showToast } from './domUtils.js';
 import { handleDeleteSelected, handleCopySelected, handleMoveSelected, handleDownloadZipSelected, handleExtractZipSelected, renameFile } from './fileActions.js';
 import { previewFile } from './filePreview.js';

js/filePreview.js

@@ -26,7 +26,7 @@ export function openShareModal(file, folder) {
           <option value="240">240 minutes</option>
           <option value="1440">1 Day</option>
         </select>
-        <p>Password (optional):</p>
+        <p>${t("password_optional")}</p>
         <input type="text" id="sharePassword" placeholder=${t("password_optional")} style="width: 100%;"/>
         <br>
         <button id="generateShareLinkBtn" class="btn btn-primary" style="margin-top:10px;">${t("generate_share_link")}</button>

js/fileTags.js

@@ -305,7 +305,7 @@ if (localStorage.getItem('globalTags')) {
   
 // New function to load global tags from the server's persistent JSON.
 export function loadGlobalTags() {
-  fetch("metadata/createdTags.json", { credentials: "include" })
+  fetch("getFileTag.php", { credentials: "include" })
     .then(response => {
       if (!response.ok) {
         // If the file doesn't exist, assume there are no global tags.

js/folderShareModal.js

@@ -28,7 +28,7 @@ export function openFolderShareModal(folder) {
           <option value="1440">1 ${t("day")}</option>
         </select>
         <p>${t("password_optional")}</p>
-        <input type="text" id="folderSharePassword" placeholder="${t("password")}" style="width: 100%;"/>
+        <input type="text" id="folderSharePassword" placeholder="${t("enter_password")}" style="width: 100%;"/>
         <br>
         <label>
           <input type="checkbox" id="folderShareAllowUpload"> ${t("allow_uploads")}

js/main.js

@@ -12,7 +12,8 @@ import { initFileActions, renameFile, openDownloadModal, confirmSingleDownload }
 import { editFile, saveFile } from './fileEditor.js';
 import { t, applyTranslations, setLocale } from './i18n.js';
 
-function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
+// Remove the retry logic version and just use loadCsrfToken directly:
+function loadCsrfToken() {
   return fetch('token.php', { credentials: 'include' })
     .then(response => {
       if (!response.ok) {
@@ -21,11 +22,9 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       return response.json();
     })
     .then(data => {
-      // Set global variables.
       window.csrfToken = data.csrf_token;
       window.SHARE_URL = data.share_url;
-
-      // Update (or create) the CSRF meta tag.
+      
       let metaCSRF = document.querySelector('meta[name="csrf-token"]');
       if (!metaCSRF) {
         metaCSRF = document.createElement('meta');
@@ -34,7 +33,6 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       }
       metaCSRF.setAttribute('content', data.csrf_token);
 
-      // Update (or create) the share URL meta tag.
       let metaShare = document.querySelector('meta[name="share-url"]');
       if (!metaShare) {
         metaShare = document.createElement('meta');
@@ -44,15 +42,6 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       metaShare.setAttribute('content', data.share_url);
 
       return data;
-    })
-    .catch(error => {
-      if (retries > 0) {
-        console.warn(`CSRF token load failed. Retrying in ${delay}ms... (${retries} retries left)`, error);
-        return new Promise(resolve => setTimeout(resolve, delay))
-          .then(() => loadCsrfTokenWithRetry(retries - 1, delay * 2));
-      }
-      console.error("Failed to load CSRF token after retries.", error);
-      throw error;
     });
 }
 
@@ -78,7 +67,7 @@ document.addEventListener("DOMContentLoaded", function () {
   // Apply the translations to update the UI
   applyTranslations();
   // First, load the CSRF token (with retry).
-  loadCsrfTokenWithRetry().then(() => {
+  loadCsrfToken().then(() => {
     // Once CSRF token is loaded, initialize authentication.
     initAuth();
 
@@ -139,18 +128,18 @@ document.addEventListener("DOMContentLoaded", function () {
 
     if (darkModeToggle) {
       darkModeToggle.textContent = document.body.classList.contains("dark-mode")
-        ? "Light Mode"
-        : "Dark Mode";
+        ? t("light_mode")
+        : t("dark_mode");
 
       darkModeToggle.addEventListener("click", function () {
         if (document.body.classList.contains("dark-mode")) {
           document.body.classList.remove("dark-mode");
           localStorage.setItem("darkMode", "false");
-          darkModeToggle.textContent = "Dark Mode";
+          darkModeToggle.textContent = t("dark_mode");
         } else {
           document.body.classList.add("dark-mode");
           localStorage.setItem("darkMode", "true");
-          darkModeToggle.textContent = "Light Mode";
+          darkModeToggle.textContent = t("light_mode");
         }
       });
     }

login_basic.php

@@ -81,7 +81,7 @@ $username = trim($_SERVER['PHP_AUTH_USER']);
 $password = trim($_SERVER['PHP_AUTH_PW']);
 
 // Validate username format (optional)
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $username)) {
+if (!preg_match(REGEX_USER, $username)) {
     header('WWW-Authenticate: Basic realm="FileRise Login"');
     header('HTTP/1.0 401 Unauthorized');
     echo 'Invalid username format';

moveFiles.php

@@ -1,9 +1,6 @@
 <?php
 require_once 'config.php';
 header('Content-Type: application/json');
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 
 // --- CSRF Protection ---
 $headers = array_change_key_case(getallheaders(), CASE_LOWER);
@@ -45,7 +42,7 @@ $sourceFolder = trim($data['source']) ?: 'root';
 $destinationFolder = trim($data['destination']) ?: 'root';
 
 // Allow only letters, numbers, underscores, dashes, spaces, and forward slashes in folder names.
-$folderPattern = '/^[A-Za-z0-9_\- \/]+$/';
+$folderPattern = REGEX_FOLDER_NAME;
 if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
     echo json_encode(["error" => "Invalid source folder name."]);
     exit;
@@ -111,7 +108,7 @@ $srcMetadata = file_exists($srcMetaFile) ? json_decode(file_get_contents($srcMet
 $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($destMetaFile), true) : [];
 
 $errors = [];
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($data['files'] as $fileName) {
     // Save the original name for metadata lookup.

removeChunks.php

@@ -17,9 +17,9 @@ if (!isset($_POST['folder'])) {
     exit;
 }
 
-$folder = $_POST['folder'];
-// Validate the folder name (only alphanumerics, dashes allowed)
-if (!preg_match('/^resumable_[A-Za-z0-9\-]+$/', $folder)) {
+$folder = urldecode($_POST['folder']);
+$regex = "/^resumable_" . PATTERN_FOLDER_NAME . "$/u";  // full regex pattern
+if (!preg_match($regex, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     http_response_code(400);
     exit;

removeUser.php

@@ -30,7 +30,7 @@ if (!$usernameToRemove) {
 }
 
 // Optional: Validate the username format (allow letters, numbers, underscores, dashes, and spaces)
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $usernameToRemove)) {
+if (!preg_match(REGEX_USER, $usernameToRemove)) {
     echo json_encode(["error" => "Invalid username format"]);
     exit;
 }

renameFile.php

@@ -40,7 +40,7 @@ if (!$data || !isset($data['folder']) || !isset($data['oldName']) || !isset($dat
 
 $folder = trim($data['folder']) ?: 'root';
 // For subfolders, allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     exit;
 }
@@ -49,7 +49,7 @@ $oldName = basename(trim($data['oldName']));
 $newName = basename(trim($data['newName']));
 
 // Validate file names: allow letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-if (!preg_match('/^[A-Za-z0-9_\-\. \(\)]+$/', $oldName) || !preg_match('/^[A-Za-z0-9_\-\. \(\)]+$/', $newName)) {
+if (!preg_match(REGEX_FILE_NAME, $oldName) || !preg_match(REGEX_FILE_NAME, $newName)) {
     echo json_encode(["error" => "Invalid file name."]);
     exit;
 }

renameFolder.php

@@ -1,9 +1,6 @@
 <?php
 require_once 'config.php';
 header('Content-Type: application/json');
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 
 // Ensure user is authenticated
 if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
@@ -48,7 +45,7 @@ $oldFolder = trim($input['oldFolder']);
 $newFolder = trim($input['newFolder']);
 
 // Validate folder names
-if (!preg_match('/^[A-Za-z0-9_\- \/]+$/', $oldFolder) || !preg_match('/^[A-Za-z0-9_\- \/]+$/', $newFolder)) {
+if (!preg_match(REGEX_FOLDER_NAME, $oldFolder) || !preg_match(REGEX_FOLDER_NAME, $newFolder)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name(s).']);
     exit;
 }

restoreFiles.php

@@ -53,7 +53,7 @@ if (!isset($data['files']) || !is_array($data['files'])) {
 }
 
 // Define a safe file name pattern.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 $restoredItems = [];
 $errors = [];

saveFile.php

@@ -48,7 +48,7 @@ $folder = isset($data["folder"]) ? trim($data["folder"]) : "root";
 
 // If a subfolder is provided, validate it.
 // Allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if ($folder !== "root" && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== "root" && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     exit;
 }

saveFileTag.php

@@ -13,11 +13,21 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 }
 
 // CSRF Protection: validate token from header.
-$headers = getallheaders();
-if (!isset($headers['X-CSRF-Token']) || $headers['X-CSRF-Token'] !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token."]);
-    http_response_code(403);
-    exit;
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
+}
+
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to file tags"]);
+        exit();
+    }
 }
 
 // Retrieve and sanitize input.
@@ -77,7 +87,7 @@ if ($file === "global") {
 }
 
 // Validate folder name.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

totp_disable.php

@@ -11,11 +11,11 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 }
 
 // Verify CSRF token from request headers.
-$csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
 if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
-    http_response_code(403);
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    exit;
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 header('Content-Type: application/json');

totp_recover.php

@@ -13,11 +13,11 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 // ——— 2) CSRF check ———
-if (empty($_SERVER['HTTP_X_CSRF_TOKEN']) 
- || $_SERVER['HTTP_X_CSRF_TOKEN'] !== ($_SESSION['csrf_token'] ?? '')) {
-    http_response_code(403);
-    error_log("Invalid CSRF token on recovery for IP {$_SERVER['REMOTE_ADDR']}");
-    exit(json_encode(['status'=>'error','message'=>'Invalid CSRF token']));
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 // ——— 3) Identify user to recover ———
@@ -32,7 +32,7 @@ if (!$userId) {
 }
 
 // ——— Validate userId format ———
-if (!preg_match('/^[A-Za-z0-9_\-]+$/', $userId)) {
+if (!preg_match(REGEX_USER, $userId)) {
     http_response_code(400);
     error_log("Invalid userId format: {$userId}");
     exit(json_encode(['status'=>'error','message'=>'Invalid user identifier']));

totp_saveCode.php

@@ -13,11 +13,11 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 // 2) CSRF check
-if (empty($_SERVER['HTTP_X_CSRF_TOKEN']) 
- || $_SERVER['HTTP_X_CSRF_TOKEN'] !== ($_SESSION['csrf_token'] ?? '')) {
-    http_response_code(403);
-    error_log("totp_saveCode: invalid CSRF token from IP {$_SERVER['REMOTE_ADDR']}");
-    exit(json_encode(['status'=>'error','message'=>'Invalid CSRF token']));
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 // 3) Must be logged in
@@ -29,7 +29,7 @@ if (empty($_SESSION['username'])) {
 
 // 4) Validate username format
 $userId = $_SESSION['username'];
-if (!preg_match('/^[A-Za-z0-9_\-]+$/', $userId)) {
+if (!preg_match(REGEX_USER, $userId)) {
     http_response_code(400);
     error_log("totp_saveCode: invalid username format: {$userId}");
     exit(json_encode(['status'=>'error','message'=>'Invalid user identifier']));

totp_setup.php

@@ -6,19 +6,35 @@ require_once 'config.php';
 
 use Endroid\QrCode\Builder\Builder;
 use Endroid\QrCode\Writer\PngWriter;
-use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
 
-// For debugging purposes, you might enable error reporting temporarily:
-// ini_set('display_errors', 1);
-// error_reporting(E_ALL);
+// Define the respond() helper if not already defined.
+if (!function_exists('respond')) {
+    function respond($status, $code, $message, $data = []) {
+        http_response_code($code);
+        echo json_encode([
+            'status'  => $status,
+            'code'    => $code,
+            'message' => $message,
+            'data'    => $data
+        ]);
+        exit;
+    }
+}
 
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
+// Allow access if the user is authenticated or pending TOTP.
+if (!((isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true) || isset($_SESSION['pending_login_user']))) {
     http_response_code(403);
     exit;
 }
 
-// Verify CSRF token provided as a GET parameter.
-if (!isset($_GET['csrf']) || $_GET['csrf'] !== $_SESSION['csrf_token']) {
+// Retrieve CSRF token from GET parameter or request headers.
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if ($receivedToken !== $_SESSION['csrf_token']) {
+    echo json_encode(["error" => "Invalid CSRF token"]);
     http_response_code(403);
     exit;
 }
@@ -108,7 +124,13 @@ function getGlobalOtpauthUrl() {
     return "";
 }
 
-$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+$tfa = new \RobThree\Auth\TwoFactorAuth(
+    new GoogleChartsQrCodeProvider(), // QR code provider
+    'FileRise',                       // issuer
+    6,                                // number of digits
+    30,                               // period in seconds
+    Algorithm::Sha1                   // enum case from your Algorithm enum
+);
 
 // Retrieve the current TOTP secret for the user.
 $totpSecret = getUserTOTPSecret($username);
@@ -120,8 +142,6 @@ if (!$totpSecret) {
 }
 
 // Determine the otpauth URL to use.
-// If a global OTPAuth URL template is defined, replace placeholders {label} and {secret}.
-// Otherwise, use the default method.
 $globalOtpauthUrl = getGlobalOtpauthUrl();
 if (!empty($globalOtpauthUrl)) {
     $label = "FileRise:" . $username;
@@ -140,7 +160,6 @@ if (!empty($globalOtpauthUrl)) {
 $result = Builder::create()
     ->writer(new PngWriter())
     ->data($otpauthUrl)
-    ->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
     ->build();
 
 header('Content-Type: ' . $result->getMimeType());

totp_verify.php

@@ -8,6 +8,9 @@ require_once 'config.php';
 header('Content-Type: application/json');
 header("Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self';");
 
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
+
 try {
     // standardized error helper
     function respond($status, $code, $message, $data = []) {
@@ -54,8 +57,9 @@ try {
         respond('error', 403, 'Not authenticated');
     }
 
-    // CSRF check
-    $csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+    $headers = array_change_key_case(getallheaders(), CASE_LOWER);
+    $csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+    
     if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
         respond('error', 403, 'Invalid CSRF token');
     }
@@ -71,7 +75,13 @@ try {
     if (isset($_SESSION['pending_login_user'])) {
         $username   = $_SESSION['pending_login_user'];
         $totpSecret = $_SESSION['pending_login_secret'];
-        $tfa        = new \RobThree\Auth\TwoFactorAuth('FileRise');
+        $tfa = new \RobThree\Auth\TwoFactorAuth(
+            new GoogleChartsQrCodeProvider(), // QR code provider
+            'FileRise',                       // issuer
+            6,                                // number of digits
+            30,                               // period in seconds
+            Algorithm::Sha1                   // Correct enum case name from your enum
+        );
 
         if (!$tfa->verifyCode($totpSecret, $code)) {
             $_SESSION['totp_failures']++;
@@ -117,7 +127,14 @@ try {
         respond('error', 500, 'TOTP secret not found. Please set up TOTP again.');
     }
 
-    $tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+    $tfa = new \RobThree\Auth\TwoFactorAuth(
+        new GoogleChartsQrCodeProvider(), // QR code provider
+        'FileRise',                       // issuer
+        6,                                // number of digits
+        30,                               // period in seconds
+        Algorithm::Sha1                   // Correct enum case name from your enum
+    );
+
     if (!$tfa->verifyCode($totpSecret, $code)) {
         $_SESSION['totp_failures']++;
         respond('error', 400, 'Invalid TOTP code');

updateConfig.php

@@ -33,6 +33,9 @@ if (!is_array($data)) {
     exit;
 }
 
+// Retrieve new header title, sanitize if necessary.
+$headerTitle = isset($data['header_title']) ? trim($data['header_title']) : "";
+
 // Validate and sanitize OIDC configuration.
 $oidc = isset($data['oidc']) ? $data['oidc'] : [];
 $oidcProviderUrl = isset($oidc['providerUrl']) ? filter_var($oidc['providerUrl'], FILTER_SANITIZE_URL) : '';
@@ -54,8 +57,9 @@ $disableOIDCLogin = isset($data['disableOIDCLogin']) ? filter_var($data['disable
 // Retrieve the global OTPAuth URL (new field). If not provided, default to an empty string.
 $globalOtpauthUrl = isset($data['globalOtpauthUrl']) ? trim($data['globalOtpauthUrl']) : "";
 
-// Prepare configuration array.
+// Prepare configuration array including the header title.
 $configUpdate = [
+    'header_title' => $headerTitle,  // New field for the header title
     'oidc' => [
         'providerUrl'  => $oidcProviderUrl,
         'clientId'     => $oidcClientId,
@@ -79,15 +83,10 @@ $encryptedContent = encryptData($plainTextConfig, $encryptionKey);
 
 // Attempt to write the new configuration.
 if (file_put_contents($configFile, $encryptedContent, LOCK_EX) === false) {
-    // Log the error.
     error_log("updateConfig.php: Initial write failed, attempting to delete the old configuration file.");
-    
-    // Delete the old file.
     if (file_exists($configFile)) {
         unlink($configFile);
     }
-    
-    // Try writing again.
     if (file_put_contents($configFile, $encryptedContent, LOCK_EX) === false) {
         error_log("updateConfig.php: Failed to write configuration even after deletion.");
         http_response_code(500);

updateUserPermissions.php

@@ -40,16 +40,39 @@ if (file_exists($permissionsFile)) {
     $existingPermissions = [];
 }
 
+// Load user roles from the users file (similar to getUsers.php)
+$usersFile = USERS_DIR . USERS_FILE;
+$userRoles = [];
+if (file_exists($usersFile)) {
+    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+    foreach ($lines as $line) {
+        $parts = explode(':', trim($line));
+        if (count($parts) >= 3) {
+            // Validate username format:
+            if (preg_match(REGEX_USER, $parts[0])) {
+                // Use a lowercase key for consistency.
+                $userRoles[strtolower($parts[0])] = trim($parts[2]);
+            }
+        }
+    }
+}
+
 // Loop through each permission update.
 foreach ($permissions as $perm) {
     // Ensure username is provided.
     if (!isset($perm['username'])) continue;
     $username = $perm['username'];
+    
+    // Look up the user's role from the users file.
+    $role = isset($userRoles[strtolower($username)]) ? $userRoles[strtolower($username)] : null;
+    
     // Skip updating permissions for admin users.
-    if (strtolower($username) === "admin") continue;
+    if ($role === "1") {
+        continue;
+    }
     
     // Update permissions: default any missing value to false.
-    $existingPermissions[$username] = [
+    $existingPermissions[strtolower($username)] = [
         'folderOnly'    => isset($perm['folderOnly']) ? (bool)$perm['folderOnly'] : false,
         'readOnly'      => isset($perm['readOnly']) ? (bool)$perm['readOnly'] : false,
         'disableUpload' => isset($perm['disableUpload']) ? (bool)$perm['disableUpload'] : false

upload.php

@@ -65,14 +65,16 @@ if (isset($_POST['resumableChunkNumber'])) {
     $resumableFilename   = $_POST['resumableFilename'];
     
 
-if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
-    http_response_code(400); // Set an error HTTP status code
+// First, strip directory components.
+$resumableFilename = urldecode(basename($_POST['resumableFilename']));
+if (!preg_match(REGEX_FILE_NAME, $resumableFilename)) {
+    http_response_code(400);
     echo json_encode(["error" => "Invalid file name: " . $resumableFilename]);
     exit;
 }
     
     $folder = isset($_POST['folder']) ? trim($_POST['folder']) : 'root';
-    if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+    if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
         echo json_encode(["error" => "Invalid folder name"]);
         exit;
     }
@@ -173,7 +175,7 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
     // ------------- Full Upload (Non-chunked) -------------
     // Validate folder name input.
     $folder = isset($_POST['folder']) ? trim($_POST['folder']) : 'root';
-    if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+    if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
         echo json_encode(["error" => "Invalid folder name"]);
         exit;
     }
@@ -195,10 +197,12 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
     $metadataCollection = []; // key: folder path, value: metadata array
     $metadataChanged = [];    // key: folder path, value: boolean
     
-    $safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+    // Use a Unicode-enabled pattern to allow special characters.
+    $safeFileNamePattern = REGEX_FILE_NAME;
     
     foreach ($_FILES["file"]["name"] as $index => $fileName) {
-        $safeFileName = basename($fileName);
+        // First, ensure we only work with the base filename to avoid traversal issues.
+        $safeFileName = trim(urldecode(basename($fileName)));
         if (!preg_match($safeFileNamePattern, $safeFileName)) {
             echo json_encode(["error" => "Invalid file name: " . $fileName]);
             exit;
@@ -224,6 +228,7 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
                 $uploadDir = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR 
                             . str_replace('/', DIRECTORY_SEPARATOR, $folderPath) . DIRECTORY_SEPARATOR;
             }
+            // Reapply basename to the relativePath to get the final safe file name.
             $safeFileName = basename($relativePath);
         }
         // --- End Minimal Folder/Subfolder Logic ---

uploadToSharedFolder.php

@@ -109,8 +109,6 @@ if (!move_uploaded_file($fileUpload['tmp_name'], $targetPath)) {
 }
 
 // --- Metadata Update for Shared Upload ---
-// We want to update metadata similarly to your normal upload.
-// Determine a key for metadata storage for the folder.
 $metadataKey = ($folder === '' || $folder === 'root') ? "root" : $folder;
 // Sanitize the metadata file name.
 $metadataFileName = str_replace(['/', '\\', ' '], '-', $metadataKey) . '_metadata.json';