Extend i18n support: Add new translation keys for Download and Share modals

CHANGELOG.md

@@ -1,6 +1,67 @@
 # Changelog
 
-## Shift Key Multi‑Selection Changes 4/10/2025
+## Changes 4/13/2025 v1.1.3
+
+- Decreased header height some more and clickable logo.
+- authModals.js fully updated with i18n.js keys.
+- main.js added Dark & Light mode i18n.js keys.
+- New Admin section Header Settings to change Header Title.
+- Admin Panel confirm unsaved changes.
+- Added translations and data attributes for almost all user-facing text
+- Extend i18n support: Add new translation keys for Download and Share modals
+
+---
+
+## Changes 4/12/2025
+
+- Moved Gallery view toggle button into header.
+- Removed css entries that are not needed anymore for Gallery View Toggle.
+- Change search box text when enabling advanced search.
+- Advanced/Basic search button as material icon on same row as search bar.
+
+### Advanced Search Implementation
+
+- **Advanced Search Toggle:**
+  - Added a global toggle (`window.advancedSearchEnabled`) and a UI button to switch between basic and advanced search modes.
+  - The toggle button label changes between "Advanced Search" and "Basic Search" to reflect the active mode.
+
+- **Fuse.js Integration Updates:**
+  - Modified the `searchFiles()` function to conditionally include the `"content"` key in the Fuse.js keys only when advanced search mode is enabled.
+  - Adjusted Fuse.js options by adding `ignoreLocation: true`, adjusting the `threshold`, and optionally assigning weights (e.g., a lower weight for `name` and a higher weight for `content`) to prioritize matches in file content.
+
+- **Backend (PHP) Enhancements:**
+  - Updated **getFileList.php** to read the content of text-based files (e.g., `.txt`, `.html`, `.md`, etc.) using `file_get_contents()`.
+  - Added a `"content"` property to the JSON response for eligible files to allow for full-text search in advanced mode.
+
+### Fuse.js Integration for Indexed Real-Time Searching**
+
+- **Added Fuse.js Library:** Included Fuse.js via a CDN `<script>` tag to leverage its client‑side fuzzy search capabilities.
+- **Created searchFiles Helper Function:** Introduced a new function that uses Fuse.js to build an index and perform fuzzy searches over file properties (file name, uploader, and nested tag names).
+- **Transformed JSON Object to Array:** Updated the loadFileList() function to convert the returned file data into an array (if it isn’t already) and assign file names from JSON keys.
+- **Updated Rendering Functions:** Modified both renderFileTable() and renderGalleryView() to use the searchFiles() helper instead of a simple in‑array .filter(). This ensures that every search—real‑time by user input—is powered by Fuse.js’s indexed search.
+- **Enhanced Search Configuration:** Configured Fuse.js to search across multiple keys (file name, uploader, and tags) so that users can find files based on any of these properties.
+
+---
+
+## Changes 4/11/2025
+
+- Fixed fileDragDrop issue from previous update.
+- Fixed User Panel height changing unexpectedly on mouse over.
+- Improved JS file comments for better documentation.
+- Fixed userPermissions not updating after initial setting.
+- Disabled folder and file sharing for readOnly users.
+- Moved change password close button to the top right of the modal.
+- Updated upload regex pattern to be Unicode‑enabled and added additional security measures. [(#19)](https://github.com/error311/FileRise/issues/19)
+- Updated filename, folder, and username regex acceptance patterns.
+- Updated robthree/twofactorauth to v3 and endroid/qr-code to v5
+- Updated TOTP integration (namespace, enum, QR provider) accordingly
+- Updated docker image from 22.04 to 24.04 <https://github.com/error311/filerise-docker>
+- Ensure consistent session behavior
+- Fix totp_setup.php to use header-based CSRF token verification
+
+---
+
+## Shift Key Multi‑Selection Changes 4/10/2025 v1.1.1
 
 - **Implemented Range Selection:**
   - Modified the `toggleRowSelection` function so that when the Shift key is held down, all rows between the last clicked (anchor) row (stored as `window.lastSelectedFileRow`) and the currently clicked row are selected.
@@ -30,7 +91,7 @@
   - `shareFolder.php` updated to display format size.
   - Fix to prevent the filename text from overflowing its container in the gallery view.
   - Reduced header height.
-  - Create Folder changed to Material Icon `edit`
+  - Create Folder changed to Material Icon `create_new_folder`
 
 ---
 

README.md

@@ -22,7 +22,7 @@ Upload, organize, and share files through a sleek web interface. **FileRise** is
 
 - 📝 **Built-in Editor & Preview:** View images, videos, audio, and PDFs inline with a preview modal – no need to download just to see them. Edit text/code files right in your browser with a CodeMirror-based editor featuring syntax highlighting and line numbers. Great for config files or notes – tweak and save changes without leaving FileRise.
 
-- 🏷️ **Tags & Search:** Categorize your files with color-coded tags (labels) and later find them easily. The global search bar filters by filename or tag, making it simple to locate that “important” document in seconds. Tag management is built-in – create, reuse, or remove tags as needed.
+- 🏷️ **Tags & Search:** Categorize your files with color-coded tags and locate them instantly using our indexed real-time search. Easily switch to Advanced Search mode to enable fuzzy matching not only across file names, tags, and uploader fields but also within the content of text files—helping you find that “important” document even if you make a typo or need to search deep within the file.
 
 - 🔒 **User Authentication & User Permissions:** Secure your portal with username/password login. Supports multiple users – create user accounts (admin UI provided) for family or team members. User permissions such as User “Folder Only” feature assigns each user a dedicated folder within the root directory, named after their username, restricting them from viewing or modifying other directories. User Read Only and Disable Upload are additional permissions. FileRise also integrates with Single Sign-On (OIDC) providers (e.g., OAuth2/OIDC for Google/Authentik/Keycloak) and offers optional TOTP two-factor auth for extra security.
 
@@ -177,6 +177,26 @@ Areas where you can help: translations, bug fixes, UI improvements, or building
 
 ---
 
+## Dependencies
+
+### PHP Libraries
+
+- **[jumbojett/openid-connect-php](https://github.com/jumbojett/OpenID-Connect-PHP)** (v^1.0.0)
+- **[phpseclib/phpseclib](https://github.com/phpseclib/phpseclib)** (v~3.0.7)
+- **[robthree/twofactorauth](https://github.com/RobThree/TwoFactorAuth)** (v^3.0)
+- **[endroid/qr-code](https://github.com/endroid/qr-code)** (v^5.0)
+
+### Client-Side Libraries
+
+- **Google Fonts** – [Roboto](https://fonts.google.com/specimen/Roboto) and **Material Icons** ([Google Material Icons](https://fonts.google.com/icons))
+- **[Bootstrap](https://getbootstrap.com/)** (v4.5.2)
+- **[CodeMirror](https://codemirror.net/)** (v5.65.5) – For code editing functionality.
+- **[Resumable.js](http://www.resumablejs.com/)** (v1.1.0) – For file uploads.
+- **[DOMPurify](https://github.com/cure53/DOMPurify)** (v2.4.0) – For sanitizing HTML.
+- **[Fuse.js](https://fusejs.io/)** (v6.6.2) – For indexed, fuzzy searching.
+
+---
+
 ## License
 
 This project is open-source under the MIT License. That means you’re free to use, modify, and distribute **FileRise**, with attribution. We hope you find it useful and contribute back!

addUser.php

@@ -49,7 +49,7 @@ if (!$newUsername || !$newPassword) {
 }
 
 // Validate username using preg_match (allow letters, numbers, underscores, dashes, and spaces).
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $newUsername)) {
+if (!preg_match(REGEX_USER, $newUsername)) {
     echo json_encode(["error" => "Invalid username. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
     exit;
 }

auth.php

@@ -2,7 +2,9 @@
 require_once 'vendor/autoload.php';
 require_once 'config.php';
 
-// Only send the Content-Type header; CORS and related headers are handled via .htaccess.
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
+
 header('Content-Type: application/json');
 
 // Global exception handler: logs errors and returns a generic error message.
@@ -177,7 +179,7 @@ if (!$username || !$password) {
     exit();
 }
 
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $username)) {
+if (!preg_match(REGEX_USER, $username)) {
     http_response_code(400);
     echo json_encode(["error" => "Invalid username format. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
     exit();
@@ -197,7 +199,13 @@ if ($user !== false) {
                     ]);
                     exit();
                 } else {
-            $tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+                    $tfa = new \RobThree\Auth\TwoFactorAuth(
+                        new GoogleChartsQrCodeProvider(), // QR code provider
+                        'FileRise',                       // issuer
+                        6,                                // number of digits
+                        30,                               // period in seconds
+                        Algorithm::Sha1                   // Correct enum case name from your enum
+                    );
             $providedCode = trim($data['totp_code']);
             if (!$tfa->verifyCode($user['totp_secret'], $providedCode)) {
                 echo json_encode(["error" => "Invalid TOTP code"]);

composer.json

@@ -5,7 +5,7 @@
     "require": {
       "jumbojett/openid-connect-php": "^1.0.0",
       "phpseclib/phpseclib": "~3.0.7",
-      "robthree/twofactorauth": "^1.7",
-      "endroid/qr-code": "^4.0"
+      "robthree/twofactorauth": "^3.0",
+      "endroid/qr-code": "^5.0"
     }
   }

composer.lock

@@ -4,32 +4,32 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "c9857f23364f2280ef4b71cdc72d3f78",
+    "content-hash": "6b70aec0c1830ebb2b8f9bb625b04a22",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
-            "version": "2.0.8",
+            "version": "v3.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Bacon/BaconQrCode.git",
-                "reference": "8674e51bb65af933a5ffaf1c308a660387c35c22"
+                "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/8674e51bb65af933a5ffaf1c308a660387c35c22",
-                "reference": "8674e51bb65af933a5ffaf1c308a660387c35c22",
+                "url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/f9cc1f52b5a463062251d666761178dbdb6b544f",
+                "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f",
                 "shasum": ""
             },
             "require": {
                 "dasprid/enum": "^1.0.3",
                 "ext-iconv": "*",
-                "php": "^7.1 || ^8.0"
+                "php": "^8.1"
             },
             "require-dev": {
-                "phly/keep-a-changelog": "^2.1",
-                "phpunit/phpunit": "^7 | ^8 | ^9",
-                "spatie/phpunit-snapshot-assertions": "^4.2.9",
-                "squizlabs/php_codesniffer": "^3.4"
+                "phly/keep-a-changelog": "^2.12",
+                "phpunit/phpunit": "^10.5.11 || 11.0.4",
+                "spatie/phpunit-snapshot-assertions": "^5.1.5",
+                "squizlabs/php_codesniffer": "^3.9"
             },
             "suggest": {
                 "ext-imagick": "to generate QR code images"
@@ -56,9 +56,9 @@
             "homepage": "https://github.com/Bacon/BaconQrCode",
             "support": {
                 "issues": "https://github.com/Bacon/BaconQrCode/issues",
-                "source": "https://github.com/Bacon/BaconQrCode/tree/2.0.8"
+                "source": "https://github.com/Bacon/BaconQrCode/tree/v3.0.1"
             },
-            "time": "2022-12-07T17:46:57+00:00"
+            "time": "2024-10-01T13:55:55+00:00"
         },
         {
             "name": "dasprid/enum",
@@ -112,29 +112,26 @@
         },
         {
             "name": "endroid/qr-code",
-            "version": "4.8.5",
+            "version": "5.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/endroid/qr-code.git",
-                "reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77"
+                "reference": "393fec6c4cbdc1bd65570ac9d245704428010122"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/endroid/qr-code/zipball/0db25b506a8411a5e1644ebaa67123a6eb7b6a77",
-                "reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77",
+                "url": "https://api.github.com/repos/endroid/qr-code/zipball/393fec6c4cbdc1bd65570ac9d245704428010122",
+                "reference": "393fec6c4cbdc1bd65570ac9d245704428010122",
                 "shasum": ""
             },
             "require": {
-                "bacon/bacon-qr-code": "^2.0.5",
+                "bacon/bacon-qr-code": "^3.0",
                 "php": "^8.1"
             },
-            "conflict": {
-                "khanamiryan/qrcode-detector-decoder": "^1.0.6"
-            },
             "require-dev": {
-                "endroid/quality": "dev-master",
+                "endroid/quality": "dev-main",
                 "ext-gd": "*",
-                "khanamiryan/qrcode-detector-decoder": "^1.0.4||^2.0.2",
+                "khanamiryan/qrcode-detector-decoder": "^2.0.2",
                 "setasign/fpdf": "^1.8.2"
             },
             "suggest": {
@@ -146,7 +143,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "4.x-dev"
+                    "dev-main": "5.x-dev"
                 }
             },
             "autoload": {
@@ -175,7 +172,7 @@
             ],
             "support": {
                 "issues": "https://github.com/endroid/qr-code/issues",
-                "source": "https://github.com/endroid/qr-code/tree/4.8.5"
+                "source": "https://github.com/endroid/qr-code/tree/5.1.0"
             },
             "funding": [
                 {
@@ -183,7 +180,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-09-29T14:03:20+00:00"
+            "time": "2024-09-08T08:52:55+00:00"
         },
         {
             "name": "jumbojett/openid-connect-php",
@@ -456,24 +453,25 @@
         },
         {
             "name": "robthree/twofactorauth",
-            "version": "1.8.2",
+            "version": "v3.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/RobThree/TwoFactorAuth.git",
-                "reference": "65681de5a324eae05140ac58b08648a60212afc0"
+                "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/65681de5a324eae05140ac58b08648a60212afc0",
-                "reference": "65681de5a324eae05140ac58b08648a60212afc0",
+                "url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
+                "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.6.0"
+                "php": ">=8.2.0"
             },
             "require-dev": {
-                "php-parallel-lint/php-parallel-lint": "^1.2",
-                "phpunit/phpunit": "@stable"
+                "friendsofphp/php-cs-fixer": "^3.13",
+                "phpstan/phpstan": "^1.9",
+                "phpunit/phpunit": "^9"
             },
             "suggest": {
                 "bacon/bacon-qr-code": "Needed for BaconQrCodeProvider provider",
@@ -494,6 +492,16 @@
                     "name": "Rob Janssen",
                     "homepage": "http://robiii.me",
                     "role": "Developer"
+                },
+                {
+                    "name": "Nicolas CARPi",
+                    "homepage": "https://github.com/NicolasCARPi",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Will Power",
+                    "homepage": "https://github.com/willpower232",
+                    "role": "Developer"
                 }
             ],
             "description": "Two Factor Authentication",
@@ -522,7 +530,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-03-22T16:11:07+00:00"
+            "time": "2024-10-24T15:14:25+00:00"
         }
     ],
     "packages-dev": [],

config.php

@@ -1,5 +1,20 @@
 <?php
 // config.php
+header("Cache-Control: no-cache, must-revalidate");
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Pragma: no-cache");
+header("Expires: 0");
+header('X-Content-Type-Options: nosniff');
+// Security headers
+header("X-Content-Type-Options: nosniff");
+header("X-Frame-Options: SAMEORIGIN");
+header("Referrer-Policy: no-referrer-when-downgrade");
+// Only include Strict-Transport-Security if you are using HTTPS
+if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+    header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
+}
+header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
+header("X-XSS-Protection: 1; mode=block");
 
 // Define constants.
 define('UPLOAD_DIR', '/var/www/uploads/');
@@ -11,6 +26,10 @@ define('TRASH_DIR', UPLOAD_DIR . 'trash/');
 define('TIMEZONE', 'America/New_York');
 define('DATE_TIME_FORMAT', 'm/d/y  h:iA');
 define('TOTAL_UPLOAD_SIZE', '5G');
+define('REGEX_FOLDER_NAME', '/^[\p{L}\p{N}_\-\s\/\\\\]+$/u');
+define('PATTERN_FOLDER_NAME', '[\p{L}\p{N}_\-\s\/\\\\]+');
+define('REGEX_FILE_NAME', '/^[\p{L}\p{N}\p{M}%\-\.\(\) _]+$/u');
+define('REGEX_USER', '/^[\p{L}\p{N}_\- ]+$/u');
 
 date_default_timezone_set(TIMEZONE);
 
@@ -48,9 +67,12 @@ function decryptData($encryptedData, $encryptionKey)
 }
 
 // Load encryption key from environment (override in production).
-$encryptionKey = getenv('PERSISTENT_TOKENS_KEY') ?: 'default_please_change_this_key';
-if (!$encryptionKey) {
-    die('Encryption key for persistent tokens is not set.');
+$envKey = getenv('PERSISTENT_TOKENS_KEY');
+if ($envKey === false || $envKey === '') {
+    $encryptionKey = 'default_please_change_this_key';
+    error_log('WARNING: Using default encryption key. Please set PERSISTENT_TOKENS_KEY in your environment.');
+} else {
+    $encryptionKey = $envKey;
 }
 
 function loadUserPermissions($username)

copyFiles.php

@@ -44,7 +44,7 @@ $destinationFolder = trim($data['destination']);
 $files = $data['files'];
 
 // Validate folder names: allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-$folderPattern = '/^[A-Za-z0-9_\- \/]+$/';
+$folderPattern = REGEX_FOLDER_NAME;
 if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
     echo json_encode(["error" => "Invalid source folder name."]);
     exit;
@@ -104,7 +104,7 @@ $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($dest
 $errors = [];
 
 // Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($files as $fileName) {
     // Save the original name for metadata lookup.

createFolder.php

@@ -45,13 +45,13 @@ $folderName = trim($input['folderName']);
 $parent = isset($input['parent']) ? trim($input['parent']) : "";
 
 // Basic sanitation: allow only letters, numbers, underscores, dashes, and spaces in folderName
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $folderName)) {
+if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
     exit;
 }
 
 // Optionally, sanitize the parent folder if needed.
-if ($parent && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $parent)) {
+if ($parent && !preg_match(REGEX_FOLDER_NAME, $parent)) {
     echo json_encode(['success' => false, 'error' => 'Invalid parent folder name.']);
     exit;
 }

createFolderShareLink.php

@@ -10,6 +10,16 @@ if (!$input) {
     exit;
 }
 
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to create shared folders."]);
+        exit();
+    }
+}
+
 $folder = isset($input['folder']) ? trim($input['folder']) : "";
 $expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
 $password = isset($input['password']) ? $input['password'] : "";
@@ -17,7 +27,7 @@ $allowUpload = isset($input['allowUpload']) ? intval($input['allowUpload']) : 0;
 
 // Validate folder name using regex.
 // Allow letters, numbers, underscores, hyphens, spaces and slashes.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

createShareLink.php

@@ -9,13 +9,23 @@ if (!$input) {
     exit;
 }
 
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to create share files."]);
+        exit();
+    }
+}
+
 $folder = isset($input['folder']) ? trim($input['folder']) : "";
 $file = isset($input['file']) ? basename($input['file']) : "";
 $expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
 $password = isset($input['password']) ? $input['password'] : "";
 
 // Validate folder using regex.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

css/styles.css

@@ -32,8 +32,8 @@ body {
 
 @media (min-width: 1300px) {
   .container-fluid {
-    padding-left: 40px !important;
-    padding-right: 40px !important;
+    padding-left: 30px !important;
+    padding-right: 30px !important;
   }
 }
 
@@ -69,7 +69,7 @@ body {
   align-items: center;
   justify-content: space-between;
   width: 100%;
-  height: 65px;
+  height: 55px;
   padding: 10px 20px;
   background-color: #2196F3;
   transition: background-color 0.3s ease;
@@ -82,28 +82,16 @@ body.dark-mode .header-container {
 }
 
 .header-logo {
-  max-height: 60px;
+  max-height: 50px;
   width: auto;
   display: block;
 }
 
 .header-logo svg {
-  height: 60px;
+  height: 50px;
   width: auto;
 }
 
-header {
-  display: flex;
-  align-items: center;
-  justify-content: space-between;
-  width: 100%;
-  height: 80px;
-  padding: 0 20px;
-  background-color: #2196F3;
-  transition: background-color 0.3s ease;
-  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
-}
-
 body.dark-mode header {
   background-color: #1f1f1f;
   box-shadow: 0 2px 4px rgba(0, 0, 0, 0.7);
@@ -1584,39 +1572,6 @@ body.dark-mode .btn-secondary {
   border-color: #6c757d;
 }
 
-#toggleViewBtn {
-  margin-bottom: 20px;
-  margin-left: 14px;
-  padding: 10px 20px;
-  background: rgba(0, 0, 0, 0.6);
-  color: #fff;
-  border: none;
-  border-radius: 4px;
-  font-size: 16px;
-  cursor: pointer;
-  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.3);
-  transition: background 0.3s ease, box-shadow 0.3s ease;
-}
-
-@media (max-width: 768px) {
-  #toggleViewBtn {
-    margin-left: 0 !important;
-  }
-}
-
-@media (max-width: 600px) {
-  #toggleViewBtn {
-    margin-left: 0 !important;
-    margin-right: auto !important;
-    display: block !important;
-  }
-}
-
-#toggleViewBtn:hover {
-  background: rgba(0, 0, 0, 0.8);
-  box-shadow: 0 3px 5px rgba(0, 0, 0, 0.4);
-}
-
 body.dark-mode .btn-danger {
   background-color: #dc3545;
   color: #fff;
@@ -1729,21 +1684,6 @@ body.dark-mode .folder-help-icon {
 
 }
 
-body.dark-mode #searchIcon {
-  background-color: #444;
-  border: 1px solid #555;
-  border-radius: 4px;
-  color: #fff;
-  padding: 4px 8px;
-}
-
-body.dark-mode #searchInput {
-  background-color: #333;
-  color: #e0e0e0;
-  border: 1px solid #555;
-}
-
-
 body.dark-mode .CodeMirror {
   background: #1e1e1e !important;
   color: #ffffff !important;
@@ -2161,3 +2101,57 @@ body.dark-mode .header-drop-zone.drag-active {
 body.dark-mode #fileSummary {
   color: white;
 }
+
+#searchIcon {
+  border-radius: 4px;
+  padding: 4px 8px;
+}
+
+body.dark-mode #searchIcon {
+  background-color: #444;
+  border: 1px solid #555;
+  color: #fff;
+}
+
+body.dark-mode #searchInput {
+  background-color: #333;
+  color: #e0e0e0;
+  border: 1px solid #555;
+}
+
+.btn-icon {
+  background: transparent;
+  border: none;
+  padding: 6px 8px;
+  margin: 0;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  transition: background 0.2s, color 0.2s;
+}
+
+.btn-icon .material-icons,
+#searchIcon .material-icons {
+  font-size: 24px;
+  line-height: 1;
+  margin: 0;
+  padding: 0;
+  color: #333;
+}
+
+.btn-icon:hover,
+.btn-icon:focus {
+  background: rgba(0, 0, 0, 0.1);
+  outline: none;
+}
+
+body.dark-mode .btn-icon .material-icons,
+body.dark-mode #searchIcon .material-icons {
+  color: #fff;
+}
+
+body.dark-mode .btn-icon:hover,
+body.dark-mode .btn-icon:focus {
+  background: rgba(255, 255, 255, 0.1);
+}

deleteFiles.php

@@ -69,7 +69,7 @@ if (!isset($data['files']) || !is_array($data['files'])) {
 $folder = isset($data['folder']) ? trim($data['folder']) : 'root';
 
 // Validate folder: allow letters, numbers, underscores, dashes, spaces, and forward slashes
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }
@@ -96,7 +96,7 @@ $movedFiles = [];
 $errors = [];
 
 // Define a safe file name pattern: allow letters, numbers, underscores, dashes, dots, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($data['files'] as $fileName) {
     $basename = basename(trim($fileName));

deleteFolder.php

@@ -50,7 +50,7 @@ if ($folderName === 'root') {
 }
 
 // Allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if (!preg_match('/^[A-Za-z0-9_\- \/]+$/', $folderName)) {
+if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
     exit;
 }

deleteTrashFiles.php

@@ -62,7 +62,7 @@ $deletedFiles = [];
 $errors = [];
 
 // Define a safe file name pattern.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($filesToDelete as $trashName) {
     $trashName = trim($trashName);

download.php

@@ -14,7 +14,7 @@ $file = isset($_GET['file']) ? basename($_GET['file']) : '';
 $folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
 
 // Validate file name (allowing letters, numbers, underscores, dashes, dots, and parentheses)
-if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $file)) {
+if (!preg_match(REGEX_FILE_NAME, $file)) {
     http_response_code(400);
     echo json_encode(["error" => "Invalid file name."]);
     exit;
@@ -80,10 +80,6 @@ if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
 }
 header('Content-Length: ' . filesize($realFilePath));
 
-// Disable caching.
-header('Cache-Control: no-store, no-cache, must-revalidate');
-header('Pragma: no-cache');
-
 readfile($realFilePath);
 exit;
 ?>

downloadSharedFile.php

@@ -79,10 +79,6 @@ if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
     header('Content-Disposition: attachment; filename="' . basename($realFilePath) . '"');
 }
 
-// Disable caching.
-header("Cache-Control: no-store, no-cache, must-revalidate");
-header("Pragma: no-cache");
-
 // Read and output the file.
 readfile($realFilePath);
 exit;

downloadZip.php

@@ -38,7 +38,7 @@ $files = $data['files'];
 if ($folder !== "root") {
     $parts = explode('/', $folder);
     foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $part)) {
+        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
             http_response_code(400);
             header('Content-Type: application/json');
             echo json_encode(["error" => "Invalid folder name."]);
@@ -76,7 +76,7 @@ if (empty($files)) {
 }
 
 foreach ($files as $fileName) {
-    if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $fileName)) {
+    if (!preg_match(REGEX_FILE_NAME, $fileName)) {
         http_response_code(400);
         header('Content-Type: application/json');
         echo json_encode(["error" => "Invalid file name: " . $fileName]);

extractZip.php

@@ -50,7 +50,7 @@ if (empty($files)) {
 if ($folder !== "root") {
     $parts = explode('/', $folder);
     foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $part)) {
+        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
             http_response_code(400);
             echo json_encode(["error" => "Invalid folder name."]);
             exit;
@@ -92,7 +92,7 @@ $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($dest
 $errors = [];
 $allSuccess = true;
 $extractedFiles = array(); // Array to collect names of extracted files
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 // ---------- Process Each File ----------
 foreach ($files as $zipFileName) {

getConfig.php

@@ -11,14 +11,24 @@ if (file_exists($configFile)) {
         echo json_encode(['error' => 'Failed to decrypt configuration.']);
         exit;
     }
-    // Decode the configuration and ensure globalOtpauthUrl is set
+    // Decode the configuration and ensure required fields are set
     $config = json_decode($decryptedContent, true);
+    
+    // Ensure globalOtpauthUrl is set
     if (!isset($config['globalOtpauthUrl'])) {
         $config['globalOtpauthUrl'] = "";
     }
+    
+    // NEW: Ensure header_title is set.
+    if (!isset($config['header_title']) || empty($config['header_title'])) {
+        $config['header_title'] = "FileRise"; // default value
+    }
+    
     echo json_encode($config);
 } else {
+    // If no config file exists, provide defaults
     echo json_encode([
+        'header_title' => "FileRise",
         'oidc' => [
             'providerUrl'  => 'https://your-oidc-provider.com',
             'clientId'     => 'YOUR_CLIENT_ID',

getFileList.php

@@ -1,8 +1,5 @@
 <?php
 require_once 'config.php';
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 header('Content-Type: application/json');
 
 // Ensure user is authenticated
@@ -14,7 +11,7 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 
 $folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
 // Allow only safe characters in the folder parameter (letters, numbers, underscores, dashes, spaces, and forward slashes).
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }
@@ -28,11 +25,6 @@ if ($folder !== 'root') {
 
 /**
  * Helper: Generate the metadata file path for a given folder.
- * For "root", returns "root_metadata.json". Otherwise, replaces slashes,
- * backslashes, and spaces with dashes and appends "_metadata.json".
- *
- * @param string $folder The folder's relative path.
- * @return string The full path to the folder's metadata file.
  */
 function getMetadataFilePath($folder) {
     if (strtolower($folder) === 'root' || $folder === '') {
@@ -53,7 +45,7 @@ $files = array_values(array_diff(scandir($directory), array('.', '..')));
 $fileList = [];
 
 // Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($files as $file) {
     // Skip hidden files (those that begin with a dot)
@@ -72,7 +64,6 @@ foreach ($files as $file) {
     
     // Since metadata is stored per folder, the key is simply the file name.
     $metaKey = $file;
-
     $fileDateModified = filemtime($filePath) ? date(DATE_TIME_FORMAT, filemtime($filePath)) : "Unknown";
     $fileUploadedDate = isset($metadata[$metaKey]["uploaded"]) ? $metadata[$metaKey]["uploaded"] : "Unknown";
     $fileUploader = isset($metadata[$metaKey]["uploader"]) ? $metadata[$metaKey]["uploader"] : "Unknown";
@@ -88,7 +79,8 @@ foreach ($files as $file) {
         $fileSizeFormatted = sprintf("%s bytes", number_format($fileSizeBytes));
     }
 
-    $fileList[] = [
+    // Build the basic file entry.
+    $fileEntry = [
         'name' => $file,
         'modified' => $fileDateModified,
         'uploaded' => $fileUploadedDate,
@@ -96,6 +88,14 @@ foreach ($files as $file) {
         'uploader' => $fileUploader,
         'tags' => isset($metadata[$metaKey]['tags']) ? $metadata[$metaKey]['tags'] : []
     ];
+
+    // Add file content for text-based files.
+    if (preg_match('/\.(txt|html|htm|md|js|css|json|xml|php|py|ini|conf|log)$/i', $file)) {
+        $content = file_get_contents($filePath);
+        $fileEntry['content'] = $content;
+    }
+    
+    $fileList[] = $fileEntry;
 }
 
 // Load global tags from createdTags.json.

getFileTag.php

@@ -0,0 +1,40 @@
+<?php
+declare(strict_types=1);
+
+// getFileTag.php
+
+require_once 'config.php';
+
+// Set security and content headers
+header('Content-Type: application/json; charset=utf-8');
+
+$metadataPath = META_DIR . 'createdTags.json';
+
+// Check if the metadata file exists and is readable
+if (!file_exists($metadataPath) || !is_readable($metadataPath)) {
+    error_log('Metadata file does not exist or is not readable: ' . $metadataPath);
+    http_response_code(200); // Return empty array with HTTP 200 so the client can handle it gracefully
+    echo json_encode([]);
+    exit;
+}
+
+$data = file_get_contents($metadataPath);
+if ($data === false) {
+    error_log('Failed to read metadata file: ' . $metadataPath);
+    http_response_code(500);
+    echo json_encode(["error" => "Unable to read metadata file."]);
+    exit;
+}
+
+// Decode the JSON data to check for validity
+$jsonData = json_decode($data, true);
+if (json_last_error() !== JSON_ERROR_NONE) {
+    error_log('Invalid JSON in metadata file: ' . $metadataPath . ' Error: ' . json_last_error_msg());
+    http_response_code(500);
+    echo json_encode(["error" => "Metadata file contains invalid JSON."]);
+    exit;
+}
+
+// Output the re-encoded JSON to ensure well-formed output
+echo json_encode($jsonData);
+exit;

getFolderList.php

@@ -20,7 +20,7 @@ function getSubfolders($dir, $relative = '') {
     $folders = [];
     $items = scandir($dir);
     // Allow letters, numbers, underscores, dashes, and spaces in folder names.
-    $safeFolderNamePattern = '/^[A-Za-z0-9_\- ]+$/';
+    $safeFolderNamePattern = REGEX_FOLDER_NAME;
     foreach ($items as $item) {
         if ($item === '.' || $item === '..') continue;
         if (!preg_match($safeFolderNamePattern, $item)) {

getUsers.php

@@ -17,7 +17,7 @@ if (file_exists($usersFile)) {
         $parts = explode(':', trim($line));
         if (count($parts) >= 3) {
             // Validate username format:
-            if (preg_match('/^[A-Za-z0-9_\- ]+$/', $parts[0])) {
+            if (preg_match(REGEX_USER, $parts[0])) {
                 $users[] = [
                     "username" => $parts[0],
                     "role" => trim($parts[2])

index.html

@@ -41,12 +41,16 @@
   <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.0/purify.min.js"
     integrity="sha384-Tsl3d5pUAO7a13enIvSsL3O0/95nsthPJiPto5NtLuY8w3+LbZOpr3Fl2MNmrh1E"
     crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/fuse.js@6.6.2/dist/fuse.min.js"
+     integrity="sha384-zPE55eyESN+FxCWGEnlNxGyAPJud6IZ6TtJmXb56OFRGhxZPN4akj9rjA3gw5Qqa" 
+     crossorigin="anonymous"></script>
   <link rel="stylesheet" href="css/styles.css" />
 </head>
 
 <body>
   <header class="header-container">
     <div class="header-left">
+      <a href="index.html">
         <div class="header-logo">
           <svg version="1.1" id="filingCabinetLogo" xmlns="http://www.w3.org/2000/svg"
             xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 64 64" xml:space="preserve">
@@ -110,6 +114,7 @@
             </g>
           </svg>
         </div>
+      </a>
     </div>
     <div class="header-title">
       <h1 data-i18n-key="header_title">FileRise</h1>
@@ -245,7 +250,7 @@
                       <div id="folderTreeContainer"></div>
                     </div>
                     <div class="folder-actions mt-3">
-                      <button id="createFolderBtn" class="btn btn-primary">
+                      <button id="createFolderBtn" class="btn btn-primary" data-i18n-title="create_folder">
                         <i class="material-icons">create_new_folder</i>
                       </button>
                       <div id="createFolderModal" class="modal">
@@ -262,7 +267,7 @@
                           </div>
                         </div>
                       </div>
-                      <button id="renameFolderBtn" class="btn btn-warning ml-2">
+                      <button id="renameFolderBtn" class="btn btn-warning ml-2" data-i18n-title="rename_folder">
                         <i class="material-icons">drive_file_rename_outline</i>
                       </button>
                       <div id="renameFolderModal" class="modal">
@@ -391,21 +396,23 @@
   <div class="modal-content" style="text-align: center; padding: 20px;">
     <!-- Material icon spinner with a dedicated class -->
     <span class="material-icons download-spinner">autorenew</span>
-      <p>Preparing your download...</p>
+    <p data-i18n-key="preparing_download">Preparing your download...</p>
   </div>
 </div>
 
 <!-- Single File Download Modal -->
 <div id="downloadFileModal" class="modal" style="display: none;">
   <div class="modal-content" style="text-align: center; padding: 20px;">
-      <h4>Download File</h4>
-      <p>Confirm or change the download file name:</p>
-      <input type="text" id="downloadFileNameInput" class="form-control" placeholder="Filename" />
+    <h4 data-i18n-key="download_file">Download File</h4>
+    <p data-i18n-key="confirm_or_change_filename">Confirm or change the download file name:</p>
+    <input type="text" id="downloadFileNameInput" class="form-control" data-i18n-placeholder="filename" placeholder="Filename" />
     <div style="margin-top: 15px; text-align: right;">
       <button id="cancelDownloadFile" class="btn btn-secondary"
-          onclick="document.getElementById('downloadFileModal').style.display = 'none';">Cancel</button>
+              onclick="document.getElementById('downloadFileModal').style.display = 'none';"
+              data-i18n-key="cancel">Cancel</button>
       <button id="confirmSingleDownloadButton" class="btn btn-primary"
-          onclick="confirmSingleDownload()">Download</button>
+              onclick="confirmSingleDownload()"
+              data-i18n-key="download">Download</button>
     </div>
   </div>
 </div>
@@ -413,7 +420,7 @@
   <!-- Change Password, Add User, Remove User, Rename File, and Custom Confirm Modals (unchanged) -->
   <div id="changePasswordModal" class="modal" style="display:none;">
     <div class="modal-content" style="max-width:400px; margin:auto;">
-      <span id="closeChangePasswordModal" style="cursor:pointer;">&times;</span>
+      <span id="closeChangePasswordModal" style="position:absolute; top:10px; right:10px; cursor:pointer; font-size:24px;">&times;</span>
       <h3 data-i18n-key="change_password_title">Change Password</h3>
       <input type="password" id="oldPassword" class="form-control" data-i18n-placeholder="old_password"
         placeholder="Old Password" style="width:100%; margin: 5px 0;" />

js/auth.js

@@ -1,5 +1,5 @@
 import { sendRequest } from './networkUtils.js';
-import { t } from './i18n.js';
+import { t, applyTranslations } from './i18n.js';
 import {
   toggleVisibility,
   showToast as originalShowToast,
@@ -97,18 +97,36 @@ function loadAdminConfigFunc() {
   return fetch("getConfig.php", { credentials: "include" })
     .then(response => response.json())
     .then(config => {
+      // Save header_title into localStorage (if needed)
+      localStorage.setItem("headerTitle", config.header_title || "FileRise");
+
+      // Update login options and global OTPAuth URL as before
       localStorage.setItem("disableFormLogin", config.loginOptions.disableFormLogin);
       localStorage.setItem("disableBasicAuth", config.loginOptions.disableBasicAuth);
       localStorage.setItem("disableOIDCLogin", config.loginOptions.disableOIDCLogin);
       localStorage.setItem("globalOtpauthUrl", config.globalOtpauthUrl || "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
+      
+      // Update the UI for login options
       updateLoginOptionsUIFromStorage();
+
+      const headerTitleElem = document.querySelector(".header-title h1");
+      if (headerTitleElem) {
+        headerTitleElem.textContent = config.header_title || "FileRise";
+      }
     })
     .catch(() => {
+      // Fallback defaults in case of error
+      localStorage.setItem("headerTitle", "FileRise");
       localStorage.setItem("disableFormLogin", "false");
       localStorage.setItem("disableBasicAuth", "false");
       localStorage.setItem("disableOIDCLogin", "false");
       localStorage.setItem("globalOtpauthUrl", "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
       updateLoginOptionsUIFromStorage();
+
+      const headerTitleElem = document.querySelector(".header-title h1");
+      if (headerTitleElem) {
+        headerTitleElem.textContent = "FileRise";
+      }
     });
 }
 
@@ -132,10 +150,11 @@ function updateAuthenticatedUI(data) {
   if (data.username) {
     localStorage.setItem("username", data.username);
   }
+  /*
   if (typeof data.folderOnly !== "undefined") {
     localStorage.setItem("folderOnly", data.folderOnly ? "true" : "false");
   }
-
+*/
   const headerButtons = document.querySelector(".header-buttons");
   const firstButton = headerButtons.firstElementChild;
 
@@ -145,7 +164,8 @@ function updateAuthenticatedUI(data) {
       restoreBtn = document.createElement("button");
       restoreBtn.id = "restoreFilesBtn";
       restoreBtn.classList.add("btn", "btn-warning");
-      restoreBtn.innerHTML = '<i class="material-icons" title="Restore/Delete Trash">restore_from_trash</i>';
+      restoreBtn.setAttribute("data-i18n-title", "trash_restore_delete");
+      restoreBtn.innerHTML = '<i class="material-icons">restore_from_trash</i>';
       if (firstButton) insertAfter(restoreBtn, firstButton);
       else headerButtons.appendChild(restoreBtn);
     }
@@ -156,7 +176,8 @@ function updateAuthenticatedUI(data) {
       adminPanelBtn = document.createElement("button");
       adminPanelBtn.id = "adminPanelBtn";
       adminPanelBtn.classList.add("btn", "btn-info");
-      adminPanelBtn.innerHTML = '<i class="material-icons" title="Admin Panel">admin_panel_settings</i>';
+      adminPanelBtn.setAttribute("data-i18n-title", "admin_panel");
+      adminPanelBtn.innerHTML = '<i class="material-icons">admin_panel_settings</i>';
       insertAfter(adminPanelBtn, restoreBtn);
       adminPanelBtn.addEventListener("click", openAdminPanel);
     } else {
@@ -175,7 +196,9 @@ function updateAuthenticatedUI(data) {
       userPanelBtn = document.createElement("button");
       userPanelBtn.id = "userPanelBtn";
       userPanelBtn.classList.add("btn", "btn-user");
-      userPanelBtn.innerHTML = '<i class="material-icons" title="User Panel">account_circle</i>';
+      userPanelBtn.setAttribute("data-i18n-title", "user_panel");
+      userPanelBtn.innerHTML = '<i class="material-icons">account_circle</i>';
+      
       const adminBtn = document.getElementById("adminPanelBtn");
       if (adminBtn) insertAfter(userPanelBtn, adminBtn);
       else if (firstButton) insertAfter(userPanelBtn, firstButton);
@@ -185,7 +208,7 @@ function updateAuthenticatedUI(data) {
       userPanelBtn.style.display = "block";
     }
   }
-
+  applyTranslations();
   updateItemsPerPageSelect();
   updateLoginOptionsUIFromStorage();
 }
@@ -231,7 +254,21 @@ sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
     .then(response => {
       if (response.success || response.status === "ok") {
         sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
+        // Fetch and update permissions, then reload.
+        sendRequest("getUserPermissions.php", "GET")
+          .then(permissionData => {
+            if (permissionData && typeof permissionData === "object") {
+              localStorage.setItem("folderOnly", permissionData.folderOnly ? "true" : "false");
+              localStorage.setItem("readOnly", permissionData.readOnly ? "true" : "false");
+              localStorage.setItem("disableUpload", permissionData.disableUpload ? "true" : "false");
+            }
+          })
+          .catch(() => {
+            // if fetching permissions fails.
+          })
+          .finally(() => {
             window.location.reload();
+          });
       } else if (response.totp_required) {
         openTOTPLoginModal();
       } else if (response.error && response.error.includes("Too many failed login attempts")) {

js/authModals.js

@@ -2,8 +2,9 @@ import { showToast, toggleVisibility, attachEnterKeyListener } from './domUtils.
 import { sendRequest } from './networkUtils.js';
 import { t, applyTranslations, setLocale } from './i18n.js';
 
-const version = "v1.1.1";
-const adminTitle = `Admin Panel <small style="font-size: 12px; color: gray;">${version}</small>`;
+const version = "v1.1.3";
+// Use t() for the admin panel title. (Make sure t("admin_panel") returns "Admin Panel" in English.)
+const adminTitle = `${t("admin_panel")} <small style="font-size: 12px; color: gray;">${version}</small>`;
 
 let lastLoginData = null;
 export function setLastLoginData(data) {
@@ -44,7 +45,7 @@ export function openTOTPLoginModal() {
           <input type="text" id="recoveryInput"
                  style="font-size:24px; text-align:center; width:100%; padding:10px;"
                  placeholder="Recovery code" />
-          <button type="button" id="submitRecovery" class="btn btn-secondary" style="margin-top:10px;">Submit Recovery Code</button>
+          <button type="button" id="submitRecovery" class="btn btn-secondary" style="margin-top:10px;">${t("submit_recovery_code")}</button>
         </div>
       </div>
     `;
@@ -66,12 +67,12 @@ export function openTOTPLoginModal() {
         // Switch to recovery
         totpSection.style.display = "none";
         recoverySection.style.display = "block";
-        toggleLink.textContent = "Use TOTP Code instead";
+        toggleLink.textContent = t("use_totp_code_instead");
       } else {
         // Switch back to TOTP
         recoverySection.style.display = "none";
         totpSection.style.display = "block";
-        toggleLink.textContent = "Use Recovery Code instead";
+        toggleLink.textContent = t("use_recovery_code_instead");
       }
     });
 
@@ -79,7 +80,7 @@ export function openTOTPLoginModal() {
     document.getElementById("submitRecovery").addEventListener("click", () => {
       const recoveryCode = document.getElementById("recoveryInput").value.trim();
       if (!recoveryCode) {
-        showToast("Please enter your recovery code.");
+        showToast(t("please_enter_recovery_code"));
         return;
       }
       fetch("totp_recover.php", {
@@ -97,11 +98,11 @@ export function openTOTPLoginModal() {
             // recovery succeeded → finalize login
             window.location.href = "index.html";
           } else {
-            showToast(json.message || "Recovery code verification failed");
+            showToast(json.message || t("recovery_code_verification_failed"));
           }
         })
         .catch(() => {
-          showToast("Error verifying recovery code.");
+          showToast(t("error_verifying_recovery_code"));
         });
     });
 
@@ -125,14 +126,14 @@ export function openTOTPLoginModal() {
             if (json.status === "ok") {
               window.location.href = "index.html";
             } else {
-              showToast(json.message || "TOTP verification failed");
+              showToast(json.message || t("totp_verification_failed"));
               this.value = "";
               totpLoginModal.style.display = "flex";
               totpInput.focus();
             }
           })
           .catch(() => {
-            showToast("TOTP verification failed");
+            showToast(t("totp_verification_failed"));
             this.value = "";
             totpLoginModal.style.display = "flex";
             totpInput.focus();
@@ -162,9 +163,9 @@ export function openUserPanel() {
     max-width: 600px;
     width: 90%;
     border-radius: 8px;
-    position: relative;
+    position: fixed;
     overflow-y: auto;
-    max-height: 90vh;
+    max-height: 350px !important;
     border: ${isDarkMode ? "1px solid #444" : "1px solid #ccc"};
     transform: none;
     transition: none;
@@ -187,26 +188,26 @@ export function openUserPanel() {
         z-index: 3000;
       `;
     userPanelModal.innerHTML = `
-        <div class="modal-content" style="${modalContentStyles}">
+        <div class="modal-content user-panel-content" style="${modalContentStyles}">
           <span id="closeUserPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Panel (${username})</h3>
-          <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">Change Password</button>
+          <h3>${t("user_panel")} (${username})</h3>
+          <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">${t("change_password")}</button>
           <fieldset style="margin-bottom: 15px;">
-            <legend>TOTP Settings</legend>
+            <legend>${t("totp_settings")}</legend>
             <div class="form-group">
-              <label for="userTOTPEnabled">Enable TOTP:</label>
+              <label for="userTOTPEnabled">${t("enable_totp")}:</label>
               <input type="checkbox" id="userTOTPEnabled" style="vertical-align: middle;" />
             </div>
           </fieldset>
           <fieldset style="margin-bottom: 15px;">
-            <legend>Language</legend>
+            <legend>${t("language")}</legend>
             <div class="form-group">
-              <label for="languageSelector">Select Language:</label>
+              <label for="languageSelector">${t("select_language")}:</label>
               <select id="languageSelector">
-                <option value="en">English</option>
-                <option value="es">Español</option>
-                <option value="fr">Français</option>
-                <option value="de">Deutsch</option>
+                <option value="en">${t("english")}</option>
+                <option value="es">${t("spanish")}</option>
+                <option value="fr">${t("french")}</option>
+                <option value="de">${t("german")}</option>
               </select>
             </div>
           </fieldset>
@@ -239,12 +240,12 @@ export function openUserPanel() {
         .then(r => r.json())
         .then(result => {
           if (!result.success) {
-            showToast("Error updating TOTP setting: " + result.error);
+            showToast(t("error_updating_totp_setting") + ": " + result.error);
           } else if (enabled) {
             openTOTPModal();
           }
         })
-        .catch(() => { showToast("Error updating TOTP setting."); });
+        .catch(() => { showToast(t("error_updating_totp_setting")); });
     });
     // Language dropdown initialization
     const languageSelector = document.getElementById("languageSelector");
@@ -283,10 +284,10 @@ function showRecoveryCodeModal(recoveryCode) {
   `;
   recoveryModal.innerHTML = `
     <div style="background: #fff; color: #000; padding: 20px; max-width: 400px; width: 90%; border-radius: 8px; text-align: center;">
-      <h3>Your Recovery Code</h3>
-      <p>Please save this code securely. It will not be shown again and can only be used once.</p>
+      <h3>${t("your_recovery_code")}</h3>
+      <p>${t("please_save_recovery_code")}</p>
       <code style="display: block; margin: 10px 0; font-size: 20px;">${recoveryCode}</code>
-      <button type="button" id="closeRecoveryModal" class="btn btn-primary">OK</button>
+      <button type="button" id="closeRecoveryModal" class="btn btn-primary">${t("ok")}</button>
     </div>
   `;
   document.body.appendChild(recoveryModal);
@@ -327,17 +328,19 @@ export function openTOTPModal() {
     totpModal.innerHTML = `
     <div class="modal-content" style="${modalContentStyles}">
       <span id="closeTOTPModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-        <h3>TOTP Setup</h3>
-        <p>Scan this QR code with your authenticator app:</p>
-        <img src="totp_setup.php?csrf=${encodeURIComponent(window.csrfToken)}" alt="TOTP QR Code" style="max-width: 100%; height: auto; display: block; margin: 0 auto;">
+      <h3>${t("totp_setup")}</h3>
+      <p>${t("scan_qr_code")}</p>
+      <!-- Create an image placeholder without the CSRF token in the src -->
+      <img id="totpQRCodeImage" src="" alt="TOTP QR Code" style="max-width: 100%; height: auto; display: block; margin: 0 auto;">
       <br/>
-        <p>Enter the 6-digit code from your app to confirm setup:</p>
+      <p>${t("enter_totp_confirmation")}</p>
       <input type="text" id="totpConfirmInput" maxlength="6" style="font-size:24px; text-align:center; width:100%; padding:10px;" placeholder="6-digit code" />
       <br/><br/>
-        <button type="button" id="confirmTOTPBtn" class="btn btn-primary">Confirm</button>
+      <button type="button" id="confirmTOTPBtn" class="btn btn-primary">${t("confirm")}</button>
     </div>
   `;
     document.body.appendChild(totpModal);
+    loadTOTPQRCode();
 
     document.getElementById("closeTOTPModal").addEventListener("click", () => {
       closeTOTPModal(true);
@@ -346,7 +349,7 @@ export function openTOTPModal() {
     document.getElementById("confirmTOTPBtn").addEventListener("click", function () {
       const code = document.getElementById("totpConfirmInput").value.trim();
       if (code.length !== 6) {
-        showToast("Please enter a valid 6-digit code.");
+        showToast(t("please_enter_valid_code"));
         return;
       }
       fetch("totp_verify.php", {
@@ -361,7 +364,7 @@ export function openTOTPModal() {
         .then(r => r.json())
         .then(result => {
           if (result.status === 'ok') {
-            showToast("TOTP successfully enabled.");
+            showToast(t("totp_enabled_successfully"));
             // After successful TOTP verification, fetch the recovery code
             fetch("totp_saveCode.php", {
               method: "POST",
@@ -377,16 +380,16 @@ export function openTOTPModal() {
                   // Show the recovery code in a secure modal
                   showRecoveryCodeModal(data.recoveryCode);
                 } else {
-                  showToast("Error generating recovery code: " + (data.message || "Unknown error."));
+                  showToast(t("error_generating_recovery_code") + ": " + (data.message || t("unknown_error")));
                 }
               })
-              .catch(() => { showToast("Error generating recovery code."); });
+              .catch(() => { showToast(t("error_generating_recovery_code")); });
             closeTOTPModal(false);
           } else {
-            showToast("TOTP verification failed: " + (result.message || "Invalid code."));
+            showToast(t("totp_verification_failed") + ": " + (result.message || t("invalid_code")));
           }
         })
-        .catch(() => { showToast("Error verifying TOTP code."); });
+        .catch(() => { showToast(t("error_verifying_totp_code")); });
     });
 
     // Focus the input and attach enter key listener
@@ -406,6 +409,13 @@ export function openTOTPModal() {
     modalContent.style.background = isDarkMode ? "#2c2c2c" : "#fff";
     modalContent.style.color = isDarkMode ? "#e0e0e0" : "#000";
 
+    // Clear any previous QR code src if needed and then load it:
+    const qrImg = document.getElementById("totpQRCodeImage");
+    if (qrImg) {
+      qrImg.src = "";
+    }
+    loadTOTPQRCode();
+
     // Focus the input and attach enter key listener
     const totpConfirmInput = document.getElementById("totpConfirmInput");
     if (totpConfirmInput) {
@@ -419,6 +429,33 @@ export function openTOTPModal() {
   }
 }
 
+function loadTOTPQRCode() {
+  fetch("totp_setup.php", {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "X-CSRF-Token": window.csrfToken  // Send your CSRF token here
+    }
+  })
+    .then(response => {
+      if (!response.ok) {
+        throw new Error("Failed to fetch QR code. Status: " + response.status);
+      }
+      return response.blob();
+    })
+    .then(blob => {
+      const imageURL = URL.createObjectURL(blob);
+      const qrImg = document.getElementById("totpQRCodeImage");
+      if (qrImg) {
+        qrImg.src = imageURL;
+      }
+    })
+    .catch(error => {
+      console.error("Error loading TOTP QR code:", error);
+      showToast(t("error_loading_qr_code"));
+    });
+}
+
 // Updated closeTOTPModal function with a disable parameter
 export function closeTOTPModal(disable = true) {
   const totpModal = document.getElementById("totpModal");
@@ -443,17 +480,88 @@ export function closeTOTPModal(disable = true) {
       .then(r => r.json())
       .then(result => {
         if (!result.success) {
-          showToast("Error disabling TOTP setting: " + result.error);
+          showToast(t("error_disabling_totp_setting") + ": " + result.error);
         }
       })
-      .catch(() => { showToast("Error disabling TOTP setting."); });
+      .catch(() => { showToast(t("error_disabling_totp_setting")); });
   }
 }
 
+// Global variable to hold the initial state of the admin form.
+let originalAdminConfig = {};
+
+// Capture the initial state of the admin form fields.
+function captureInitialAdminConfig() {
+  originalAdminConfig = {
+    headerTitle: document.getElementById("headerTitle").value.trim(),
+    oidcProviderUrl: document.getElementById("oidcProviderUrl").value.trim(),
+    oidcClientId: document.getElementById("oidcClientId").value.trim(),
+    oidcClientSecret: document.getElementById("oidcClientSecret").value.trim(),
+    oidcRedirectUri: document.getElementById("oidcRedirectUri").value.trim(),
+    disableFormLogin: document.getElementById("disableFormLogin").checked,
+    disableBasicAuth: document.getElementById("disableBasicAuth").checked,
+    disableOIDCLogin: document.getElementById("disableOIDCLogin").checked,
+    globalOtpauthUrl: document.getElementById("globalOtpauthUrl").value.trim()
+  };
+}
+
+// Compare current values to the captured initial state.
+function hasUnsavedChanges() {
+  return (
+    document.getElementById("headerTitle").value.trim() !== originalAdminConfig.headerTitle ||
+    document.getElementById("oidcProviderUrl").value.trim() !== originalAdminConfig.oidcProviderUrl ||
+    document.getElementById("oidcClientId").value.trim() !== originalAdminConfig.oidcClientId ||
+    document.getElementById("oidcClientSecret").value.trim() !== originalAdminConfig.oidcClientSecret ||
+    document.getElementById("oidcRedirectUri").value.trim() !== originalAdminConfig.oidcRedirectUri ||
+    document.getElementById("disableFormLogin").checked !== originalAdminConfig.disableFormLogin ||
+    document.getElementById("disableBasicAuth").checked !== originalAdminConfig.disableBasicAuth ||
+    document.getElementById("disableOIDCLogin").checked !== originalAdminConfig.disableOIDCLogin ||
+    document.getElementById("globalOtpauthUrl").value.trim() !== originalAdminConfig.globalOtpauthUrl
+  );
+}
+
+// Use your custom confirmation modal.
+function showCustomConfirmModal(message) {
+  return new Promise((resolve) => {
+    // Get modal elements from DOM.
+    const modal = document.getElementById("customConfirmModal");
+    const messageElem = document.getElementById("confirmMessage");
+    const yesBtn = document.getElementById("confirmYesBtn");
+    const noBtn = document.getElementById("confirmNoBtn");
+
+    // Set the message in the modal.
+    messageElem.textContent = message;
+    modal.style.display = "block";
+
+    // Define event handlers.
+    function onYes() {
+      cleanup();
+      resolve(true);
+    }
+    function onNo() {
+      cleanup();
+      resolve(false);
+    }
+    // Remove event listeners and hide modal after choice.
+    function cleanup() {
+      yesBtn.removeEventListener("click", onYes);
+      noBtn.removeEventListener("click", onNo);
+      modal.style.display = "none";
+    }
+    
+    yesBtn.addEventListener("click", onYes);
+    noBtn.addEventListener("click", onNo);
+  });
+}
+
 export function openAdminPanel() {
   fetch("getConfig.php", { credentials: "include" })
     .then(response => response.json())
     .then(config => {
+      if (config.header_title) {
+        document.querySelector(".header-title h1").textContent = config.header_title;
+        window.headerTitle = config.header_title || "FileRise";
+      }
       if (config.oidc) Object.assign(window.currentOIDCConfig, config.oidc);
       if (config.globalOtpauthUrl) window.currentOIDCConfig.globalOtpauthUrl = config.globalOtpauthUrl;
       const isDarkMode = document.body.classList.contains("dark-mode");
@@ -487,77 +595,84 @@ export function openAdminPanel() {
             align-items: center;
             z-index: 3000;
           `;
-        // Added a version number next to "Admin Panel"
         adminModal.innerHTML = `
           <div class="modal-content" style="${modalContentStyles}">
             <span id="closeAdminPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-            <h3>
             <h3>${adminTitle}</h3>
-            </h3>
             <form id="adminPanelForm">
               <fieldset style="margin-bottom: 15px;">
-                <legend>User Management</legend>
+                <legend>${t("user_management")}</legend>
                 <div style="display: flex; gap: 10px;">
-                  <button type="button" id="adminOpenAddUser" class="btn btn-success">Add User</button>
-                  <button type="button" id="adminOpenRemoveUser" class="btn btn-danger">Remove User</button>
-                  <button type="button" id="adminOpenUserPermissions" class="btn btn-secondary">User Permissions</button>
+                  <button type="button" id="adminOpenAddUser" class="btn btn-success">${t("add_user")}</button>
+                  <button type="button" id="adminOpenRemoveUser" class="btn btn-danger">${t("remove_user")}</button>
+                  <button type="button" id="adminOpenUserPermissions" class="btn btn-secondary">${t("user_permissions")}</button>
                 </div>
               </fieldset>
               <fieldset style="margin-bottom: 15px;">
-                <legend>OIDC Configuration</legend>
+                <legend>Header Settings</legend>
                 <div class="form-group">
-                  <label for="oidcProviderUrl">OIDC Provider URL:</label>
+                  <label for="headerTitle">Header Title:</label>
+                  <input type="text" id="headerTitle" class="form-control" value="${window.headerTitle}" />
+                </div>
+              </fieldset>
+              <fieldset style="margin-bottom: 15px;">
+                <legend>${t("login_options")}</legend>
+                <div class="form-group">
+                  <input type="checkbox" id="disableFormLogin" />
+                  <label for="disableFormLogin">${t("disable_login_form")}</label>
+                </div>
+                <div class="form-group">
+                  <input type="checkbox" id="disableBasicAuth" />
+                  <label for="disableBasicAuth">${t("disable_basic_http_auth")}</label>
+                </div>
+                <div class="form-group">
+                  <input type="checkbox" id="disableOIDCLogin" />
+                  <label for="disableOIDCLogin">${t("disable_oidc_login")}</label>
+                </div>
+              </fieldset>
+              <fieldset style="margin-bottom: 15px;">
+                <legend>${t("oidc_configuration")}</legend>
+                <div class="form-group">
+                  <label for="oidcProviderUrl">${t("oidc_provider_url")}:</label>
                   <input type="text" id="oidcProviderUrl" class="form-control" value="${window.currentOIDCConfig.providerUrl}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcClientId">OIDC Client ID:</label>
+                  <label for="oidcClientId">${t("oidc_client_id")}:</label>
                   <input type="text" id="oidcClientId" class="form-control" value="${window.currentOIDCConfig.clientId}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcClientSecret">OIDC Client Secret:</label>
+                  <label for="oidcClientSecret">${t("oidc_client_secret")}:</label>
                   <input type="text" id="oidcClientSecret" class="form-control" value="${window.currentOIDCConfig.clientSecret}" />
                 </div>
                 <div class="form-group">
-                  <label for="oidcRedirectUri">OIDC Redirect URI:</label>
+                  <label for="oidcRedirectUri">${t("oidc_redirect_uri")}:</label>
                   <input type="text" id="oidcRedirectUri" class="form-control" value="${window.currentOIDCConfig.redirectUri}" />
                 </div>
               </fieldset>
               <fieldset style="margin-bottom: 15px;">
-                <legend>Global TOTP Settings</legend>
+                <legend>${t("global_totp_settings")}</legend>
                 <div class="form-group">
-                  <label for="globalOtpauthUrl">Global OTPAuth URL:</label>
+                  <label for="globalOtpauthUrl">${t("global_otpauth_url")}:</label>
                   <input type="text" id="globalOtpauthUrl" class="form-control" value="${window.currentOIDCConfig.globalOtpauthUrl || 'otpauth://totp/{label}?secret={secret}&issuer=FileRise'}" />
                 </div>
               </fieldset>
-              <fieldset style="margin-bottom: 15px;">
-                <legend>Login Options</legend>
-                <div class="form-group">
-                  <input type="checkbox" id="disableFormLogin" />
-                  <label for="disableFormLogin">Disable Login Form</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableBasicAuth" />
-                  <label for="disableBasicAuth">Disable Basic HTTP Auth</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableOIDCLogin" />
-                  <label for="disableOIDCLogin">Disable OIDC Login</label>
-                </div>
-              </fieldset>
               <div style="display: flex; justify-content: space-between;">
-                <button type="button" id="cancelAdminSettings" class="btn btn-secondary">Cancel</button>
-                <button type="button" id="saveAdminSettings" class="btn btn-primary">Save Settings</button>
+                <button type="button" id="cancelAdminSettings" class="btn btn-secondary">${t("cancel")}</button>
+                <button type="button" id="saveAdminSettings" class="btn btn-primary">${t("save_settings")}</button>
               </div>
             </form>
           </div>
         `;
         document.body.appendChild(adminModal);
 
+        // Bind closing events that will use our enhanced close function.
         document.getElementById("closeAdminPanel").addEventListener("click", closeAdminPanel);
         adminModal.addEventListener("click", (e) => {
           if (e.target === adminModal) closeAdminPanel();
         });
         document.getElementById("cancelAdminSettings").addEventListener("click", closeAdminPanel);
+
+        // Bind other buttons.
         document.getElementById("adminOpenAddUser").addEventListener("click", () => {
           toggleVisibility("addUserModal", true);
           document.getElementById("newUsername").focus();
@@ -568,7 +683,6 @@ export function openAdminPanel() {
           }
           toggleVisibility("removeUserModal", true);
         });
-        // New event binding for the User Permissions button:
         document.getElementById("adminOpenUserPermissions").addEventListener("click", () => {
           openUserPermissionsModal();
         });
@@ -578,7 +692,7 @@ export function openAdminPanel() {
           const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
           const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
           if (totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
+            showToast(t("at_least_one_login_method"));
             disableOIDCLoginCheckbox.checked = false;
             localStorage.setItem("disableOIDCLogin", "false");
             if (typeof window.updateLoginOptionsUI === "function") {
@@ -590,6 +704,7 @@ export function openAdminPanel() {
             }
             return;
           }
+          const newHeaderTitle = document.getElementById("headerTitle").value.trim();
           const newOIDCConfig = {
             providerUrl: document.getElementById("oidcProviderUrl").value.trim(),
             clientId: document.getElementById("oidcClientId").value.trim(),
@@ -601,6 +716,7 @@ export function openAdminPanel() {
           const disableOIDCLogin = disableOIDCLoginCheckbox.checked;
           const globalOtpauthUrl = document.getElementById("globalOtpauthUrl").value.trim();
           sendRequest("updateConfig.php", "POST", {
+            header_title: newHeaderTitle,
             oidc: newOIDCConfig,
             disableFormLogin,
             disableBasicAuth,
@@ -609,27 +725,31 @@ export function openAdminPanel() {
           }, { "X-CSRF-Token": window.csrfToken })
             .then(response => {
               if (response.success) {
-                showToast("Settings updated successfully.");
+                showToast(t("settings_updated_successfully"));
                 localStorage.setItem("disableFormLogin", disableFormLogin);
                 localStorage.setItem("disableBasicAuth", disableBasicAuth);
                 localStorage.setItem("disableOIDCLogin", disableOIDCLogin);
                 if (typeof window.updateLoginOptionsUI === "function") {
                   window.updateLoginOptionsUI({ disableFormLogin, disableBasicAuth, disableOIDCLogin });
                 }
+                // Update the captured initial state since the changes have now been saved.
+                captureInitialAdminConfig();
                 closeAdminPanel();
+              
               } else {
-                showToast("Error updating settings: " + (response.error || "Unknown error"));
+                showToast(t("error_updating_settings") + ": " + (response.error || t("unknown_error")));
               }
             })
             .catch(() => { });
         });
+        // Enforce login option constraints.
         const disableFormLoginCheckbox = document.getElementById("disableFormLogin");
         const disableBasicAuthCheckbox = document.getElementById("disableBasicAuth");
         const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
         function enforceLoginOptionConstraint(changedCheckbox) {
           const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
           if (changedCheckbox.checked && totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
+            showToast(t("at_least_one_login_method"));
             changedCheckbox.checked = false;
           }
         }
@@ -640,6 +760,9 @@ export function openAdminPanel() {
         document.getElementById("disableFormLogin").checked = config.loginOptions.disableFormLogin === true;
         document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
         document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
+        
+        // Capture initial state after the modal loads.
+        captureInitialAdminConfig();
       } else {
         adminModal.style.backgroundColor = overlayBackground;
         const modalContent = adminModal.querySelector(".modal-content");
@@ -657,6 +780,7 @@ export function openAdminPanel() {
         document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
         document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
         adminModal.style.display = "flex";
+        captureInitialAdminConfig();
       }
     })
     .catch(() => {
@@ -678,19 +802,25 @@ export function openAdminPanel() {
         document.getElementById("disableBasicAuth").checked = localStorage.getItem("disableBasicAuth") === "true";
         document.getElementById("disableOIDCLogin").checked = localStorage.getItem("disableOIDCLogin") === "true";
         adminModal.style.display = "flex";
+        captureInitialAdminConfig();
       } else {
         openAdminPanel();
       }
     });
 }
 
-export function closeAdminPanel() {
+export async function closeAdminPanel() {
+  if (hasUnsavedChanges()) {
+    const userConfirmed = await showCustomConfirmModal(t("unsaved_changes_confirm"));
+    if (!userConfirmed) {
+      return;
+    }
+  }
   const adminModal = document.getElementById("adminPanelModal");
   if (adminModal) adminModal.style.display = "none";
 }
 
 // --- New: User Permissions Modal ---
-
 export function openUserPermissionsModal() {
   let userPermissionsModal = document.getElementById("userPermissionsModal");
   const isDarkMode = document.body.classList.contains("dark-mode");
@@ -723,13 +853,13 @@ export function openUserPermissionsModal() {
     userPermissionsModal.innerHTML = `
         <div class="modal-content" style="${modalContentStyles}">
           <span id="closeUserPermissionsModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Permissions</h3>
+          <h3>${t("user_permissions")}</h3>
           <div id="userPermissionsList" style="max-height: 300px; overflow-y: auto; margin-bottom: 15px;">
             <!-- User rows will be loaded here -->
           </div>
           <div style="display: flex; justify-content: flex-end; gap: 10px;">
-            <button type="button" id="cancelUserPermissionsBtn" class="btn btn-secondary">Cancel</button>
-            <button type="button" id="saveUserPermissionsBtn" class="btn btn-primary">Save Permissions</button>
+            <button type="button" id="cancelUserPermissionsBtn" class="btn btn-secondary">${t("cancel")}</button>
+            <button type="button" id="saveUserPermissionsBtn" class="btn btn-primary">${t("save_permissions")}</button>
           </div>
         </div>
       `;
@@ -760,14 +890,14 @@ export function openUserPermissionsModal() {
       sendRequest("updateUserPermissions.php", "POST", { permissions: permissionsData }, { "X-CSRF-Token": window.csrfToken })
         .then(response => {
           if (response.success) {
-            showToast("User permissions updated successfully.");
+            showToast(t("user_permissions_updated_successfully"));
             userPermissionsModal.style.display = "none";
           } else {
-            showToast("Error updating permissions: " + (response.error || "Unknown error"));
+            showToast(t("error_updating_permissions") + ": " + (response.error || t("unknown_error")));
           }
         })
         .catch(() => {
-          showToast("Error updating permissions.");
+          showToast(t("error_updating_permissions"));
         });
     });
   } else {
@@ -792,20 +922,26 @@ function loadUserPermissionsList() {
         .then(usersData => {
           const users = Array.isArray(usersData) ? usersData : (usersData.users || []);
           if (users.length === 0) {
-            listContainer.innerHTML = "<p>No users found.</p>";
+            listContainer.innerHTML = "<p>" + t("no_users_found") + "</p>";
             return;
           }
           users.forEach(user => {
             // Skip admin users.
             if ((user.role && user.role === "1") || user.username.toLowerCase() === "admin") return;
 
-            // Use stored permissions if available; otherwise fall back to localStorage defaults.
+            // Use stored permissions if available; otherwise fall back to defaults.
             const defaultPerm = {
-              folderOnly: localStorage.getItem("folderOnly") === "true",
-              readOnly: localStorage.getItem("readOnly") === "true",
-              disableUpload: localStorage.getItem("disableUpload") === "true"
+              folderOnly: false,
+              readOnly: false,
+              disableUpload: false,
             };
-            const userPerm = (permissionsData && typeof permissionsData === "object" && permissionsData[user.username]) || defaultPerm;
+
+            // Normalize the username key to match server storage (e.g., lowercase)
+            const usernameKey = user.username.toLowerCase();
+
+            const userPerm = (permissionsData && typeof permissionsData === "object" && (usernameKey in permissionsData))
+              ? permissionsData[usernameKey]
+              : defaultPerm;
 
             // Create a row for the user.
             const row = document.createElement("div");
@@ -817,15 +953,15 @@ function loadUserPermissionsList() {
                 <div style="display: flex; flex-direction: column; gap: 5px;">
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="folderOnly" ${userPerm.folderOnly ? "checked" : ""} />
-                    User Folder Only
+                    ${t("user_folder_only")}
                   </label>
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="readOnly" ${userPerm.readOnly ? "checked" : ""} />
-                    Read Only
+                    ${t("read_only")}
                   </label>
                   <label style="display: flex; align-items: center; gap: 5px;">
                     <input type="checkbox" data-permission="disableUpload" ${userPerm.disableUpload ? "checked" : ""} />
-                    Disable Upload
+                    ${t("disable_upload")}
                   </label>
                 </div>
                 <hr style="margin-top: 10px; border: 0; border-bottom: 1px solid #ccc;">
@@ -835,6 +971,6 @@ function loadUserPermissionsList() {
         });
     })
     .catch(() => {
-      listContainer.innerHTML = "<p>Error loading users.</p>";
+      listContainer.innerHTML = "<p>" + t("error_loading_users") + "</p>";
     });
 }

js/domUtils.js

@@ -90,23 +90,36 @@ export function showToast(message, duration = 3000) {
 
 export function buildSearchAndPaginationControls({ currentPage, totalPages, searchTerm }) {
   const safeSearchTerm = escapeHTML(searchTerm);
+  // Choose the placeholder text based on advanced search mode
+  const placeholderText = window.advancedSearchEnabled 
+    ? t("search_placeholder_advanced")
+    : t("search_placeholder");
+
   return `
     <div class="row align-items-center mb-3">
       <div class="col-12 col-md-8 mb-2 mb-md-0">
         <div class="input-group">
+          <!-- Advanced Search Toggle Button -->
+          <div class="input-group-prepend">
+            <button id="advancedSearchToggle" class="btn btn-outline-secondary btn-icon" onclick="toggleAdvancedSearch()" title="${window.advancedSearchEnabled ? t("basic_search_tooltip") : t("advanced_search_tooltip")}">
+              <i class="material-icons">${window.advancedSearchEnabled ? "filter_alt_off" : "filter_alt"}</i>
+            </button>
+          </div>
+          <!-- Search Icon -->
           <div class="input-group-prepend">
             <span class="input-group-text" id="searchIcon">
               <i class="material-icons">search</i>
             </span>
           </div>
-          <input type="text" id="searchInput" class="form-control" placeholder="${t("search_placeholder")}" value="${safeSearchTerm}" aria-describedby="searchIcon">
+          <!-- Search Input -->
+          <input type="text" id="searchInput" class="form-control" placeholder="${placeholderText}" value="${safeSearchTerm}" aria-describedby="searchIcon">
         </div>
       </div>
       <div class="col-12 col-md-4 text-left">
         <div class="d-flex justify-content-center justify-content-md-start align-items-center">
-          <button class="custom-prev-next-btn" ${currentPage === 1 ? "disabled" : ""} onclick="changePage(${currentPage - 1})">Prev</button>
-          <span class="page-indicator">Page ${currentPage} of ${totalPages || 1}</span>
-          <button class="custom-prev-next-btn" ${currentPage === totalPages ? "disabled" : ""} onclick="changePage(${currentPage + 1})">Next</button>
+          <button class="custom-prev-next-btn" ${currentPage === 1 ? "disabled" : ""} onclick="changePage(${currentPage - 1})">${t("prev")}</button>
+          <span class="page-indicator">${t("page")} ${currentPage} ${t("of")} ${totalPages || 1}</span>
+          <button class="custom-prev-next-btn" ${currentPage === totalPages ? "disabled" : ""} onclick="changePage(${currentPage + 1})">${t("next")}</button>
         </div>
       </div>
     </div>
@@ -124,7 +137,7 @@ export function buildFileTableHeader(sortOrder) {
           <th data-column="uploaded" class="hide-small hide-medium sortable-col">${t("upload_date")} ${sortOrder.column === "uploaded" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
           <th data-column="size" class="hide-small sortable-col">${t("file_size")} ${sortOrder.column === "size" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
           <th data-column="uploader" class="hide-small hide-medium sortable-col">${t("uploader")} ${sortOrder.column === "uploader" ? (sortOrder.ascending ? "▲" : "▼") : ""}</th>
-          <th>Actions</th>
+          <th>${t("actions")}</th>
         </tr>
       </thead>
   `;
@@ -168,20 +181,20 @@ export function buildFileTableRow(file, folderPath) {
       <div class="button-wrap" style="display: flex; justify-content: left; gap: 5px;">
         <button type="button" class="btn btn-sm btn-success download-btn" 
           onclick="openDownloadModal('${file.name}', '${file.folder || 'root'}')" 
-          title="Download">
+          title="${t('download')}">
           <i class="material-icons">file_download</i>
         </button>
         ${file.editable ? `
           <button class="btn btn-sm edit-btn" 
                   onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})'
-                  title="Edit">
+                  title="${t('edit')}">
             <i class="material-icons">edit</i>
           </button>
         ` : ""}
         ${previewButton}
         <button class="btn btn-sm btn-warning rename-btn" 
                 onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})'
-                title="Rename">
+                title="${t('rename')}">
           <i class="material-icons">drive_file_rename_outline</i>
         </button>
       </div>
@@ -193,11 +206,13 @@ export function buildFileTableRow(file, folderPath) {
 export function buildBottomControls(itemsPerPageSetting) {
   return `
     <div class="d-flex align-items-center mt-3 bottom-controls">
-      <label class="label-inline mr-2 mb-0">Show</label>
+      <label class="label-inline mr-2 mb-0">${t("show")}</label>
       <select class="form-control bottom-select" onchange="changeItemsPerPage(this.value)">
-        ${[10, 20, 50, 100].map(num => `<option value="${num}" ${num === itemsPerPageSetting ? "selected" : ""}>${num}</option>`).join("")}
+        ${[10, 20, 50, 100]
+          .map(num => `<option value="${num}" ${num === itemsPerPageSetting ? "selected" : ""}>${num}</option>`)
+          .join("")}
       </select>
-      <span class="items-per-page-text ml-2 mb-0">items per page</span>
+      <span class="items-per-page-text ml-2 mb-0">${t("items_per_page")}</span>
     </div>
   `;
 }

js/dragAndDrop.js

@@ -299,7 +299,7 @@ export function loadSidebarOrder() {
           modal = document.createElement('div');
           modal.className = 'header-card-modal';
           modal.style.position = 'fixed';
-          modal.style.top = '80px';
+          modal.style.top = '55px';
           modal.style.right = '80px';
           modal.style.zIndex = '11000';
           // Render the modal but initially keep it hidden.

js/fileDragDrop.js

@@ -1,4 +1,4 @@
-// dragDrop.js
+// fileDragDrop.js
 import { showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 

js/fileEditor.js

@@ -1,4 +1,4 @@
-// editor.js
+// fileEditor.js
 import { escapeHTML, showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 import { t } from './i18n.js';

js/fileListView.js

@@ -24,6 +24,9 @@ window.itemsPerPage = window.itemsPerPage || 10;
 window.currentPage = window.currentPage || 1;
 window.viewMode = localStorage.getItem("viewMode") || "table"; // "table" or "gallery"
 
+// Global flag for advanced search mode.
+window.advancedSearchEnabled = false;
+
 /**
  * --- Helper Functions ---
  */
@@ -33,11 +36,8 @@ window.viewMode = localStorage.getItem("viewMode") || "table"; // "table" or "ga
  */
 function parseSizeToBytes(sizeStr) {
     if (!sizeStr) return 0;
-    // Remove any whitespace
     let s = sizeStr.trim();
-    // Extract the numerical part.
     let value = parseFloat(s);
-    // Determine if there is a unit. Convert the unit to uppercase for easier matching.
     let upper = s.toUpperCase();
     if (upper.includes("KB")) {
         value *= 1024;
@@ -50,7 +50,7 @@ function parseSizeToBytes(sizeStr) {
 }
 
 /**
- * Format the total bytes as a human-readable string, choosing an appropriate unit.
+ * Format the total bytes as a human-readable string.
  */
 function formatSize(totalBytes) {
     if (totalBytes < 1024) {
@@ -66,16 +66,59 @@ function formatSize(totalBytes) {
 
 /**
  * Build the folder summary HTML using the filtered file list.
- * This function sums the file sizes in bytes correctly, then formats the total.
  */
 function buildFolderSummary(filteredFiles) {
     const totalFiles = filteredFiles.length;
     const totalBytes = filteredFiles.reduce((sum, file) => {
-        // file.size might be something like "456.9KB" or just "1024".
         return sum + parseSizeToBytes(file.size);
     }, 0);
     const sizeStr = formatSize(totalBytes);
-    return `<strong>Total Files:</strong> ${totalFiles} &nbsp;|&nbsp; <strong>Total Size:</strong> ${sizeStr}`;
+    return `<strong>${t('total_files')}:</strong> ${totalFiles} &nbsp;|&nbsp; <strong>${t('total_size')}:</strong> ${sizeStr}`;
+}
+
+/**
+ * --- Advanced Search Toggle ---
+ * Toggles advanced search mode. When enabled, the search will include additional keys (e.g. "content").
+ */
+function toggleAdvancedSearch() {
+    window.advancedSearchEnabled = !window.advancedSearchEnabled;
+    const advancedBtn = document.getElementById("advancedSearchToggle");
+    if (advancedBtn) {
+        advancedBtn.textContent = window.advancedSearchEnabled ? "Basic Search" : "Advanced Search";
+    }
+    // Re-run the file table rendering with updated search settings.
+    renderFileTable(window.currentFolder);
+}
+
+/**
+ * --- Fuse.js Search Helper ---
+ * Uses Fuse.js to perform a fuzzy search on fileData.
+ * By default, searches over file name, uploader, and tag names.
+ * When advanced search is enabled, it also includes the 'content' property.
+ */
+function searchFiles(searchTerm) {
+    if (!searchTerm) return fileData;
+    
+    // Define search keys.
+    let keys = [
+      { name: 'name', weight: 0.1 },
+      { name: 'uploader', weight: 0.1 },
+      { name: 'tags.name', weight: 0.1 }
+    ];
+    if (window.advancedSearchEnabled) {
+      keys.push({ name: 'content', weight: 0.7 });
+    }
+    
+    const options = {
+      keys: keys,
+      threshold: 0.4,
+      minMatchCharLength: 2,
+      ignoreLocation: true
+    };
+    
+    const fuse = new Fuse(fileData, options);
+    let results = fuse.search(searchTerm);
+    return results.map(result => result.item);
   }
 
 /**
@@ -86,19 +129,39 @@ export function createViewToggleButton() {
     if (!toggleBtn) {
       toggleBtn = document.createElement("button");
       toggleBtn.id = "toggleViewBtn";
-        toggleBtn.classList.add("btn", "btn-secondary");
-        const titleElem = document.getElementById("fileListTitle");
-        if (titleElem) {
-            titleElem.parentNode.insertBefore(toggleBtn, titleElem.nextSibling);
+      toggleBtn.classList.add("btn", "btn-toggleview");
+      
+      // Set initial icon and tooltip based on current view mode.
+      if (window.viewMode === "gallery") {
+        toggleBtn.innerHTML = '<i class="material-icons">view_list</i>';
+        toggleBtn.title =  t("switch_to_table_view");
+      } else {
+        toggleBtn.innerHTML = '<i class="material-icons">view_module</i>';
+        toggleBtn.title = t("switch_to_gallery_view");
+      }
+      
+      // Insert the button before the last button in the header.
+      const headerButtons = document.querySelector(".header-buttons");
+      if (headerButtons && headerButtons.lastElementChild) {
+        headerButtons.insertBefore(toggleBtn, headerButtons.lastElementChild);
+      } else if (headerButtons) {
+        headerButtons.appendChild(toggleBtn);
       }
     }
-    toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
+    
     toggleBtn.onclick = () => {
       window.viewMode = window.viewMode === "gallery" ? "table" : "gallery";
       localStorage.setItem("viewMode", window.viewMode);
       loadFileList(window.currentFolder);
-        toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
+      if (window.viewMode === "gallery") {
+        toggleBtn.innerHTML = '<i class="material-icons">view_list</i>';
+        toggleBtn.title =  t("switch_to_table_view");
+      } else {
+        toggleBtn.innerHTML = '<i class="material-icons">view_module</i>';
+        toggleBtn.title = t("switch_to_gallery_view");
+      }
     };
+    
     return toggleBtn;
   }
 
@@ -134,7 +197,15 @@ export function loadFileList(folderParam) {
         })
         .then(data => {
             fileListContainer.innerHTML = ""; // Clear loading message.
-            if (data.files && data.files.length > 0) {
+            if (data.files && Object.keys(data.files).length > 0) {
+                // If the returned "files" is an object instead of an array, transform it.
+                if (!Array.isArray(data.files)) {
+                    data.files = Object.entries(data.files).map(([name, meta]) => {
+                        meta.name = name;
+                        return meta;
+                    });
+                }
+                // Process each file – add computed properties.
                 data.files = data.files.map(file => {
                     file.fullName = (file.path || file.name).trim().toLowerCase();
                     file.editable = canEditFile(file.name);
@@ -142,11 +213,13 @@ export function loadFileList(folderParam) {
                     if (!file.type && /\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(file.name)) {
                         file.type = "image";
                     }
+                    // OPTIONAL: For text documents, preload content (if available from backend)
+                    // Example: if (/\.txt|html|md|js|css|json|xml$/i.test(file.name)) { file.content = file.content || ""; }
                     return file;
                 });
                 fileData = data.files;
 
-                // Update the file list actions area without removing existing buttons.
+                // Update file summary.
                 const actionsContainer = document.getElementById("fileListActions");
                 if (actionsContainer) {
                     let summaryElem = document.getElementById("fileSummary");
@@ -164,7 +237,7 @@ export function loadFileList(folderParam) {
                     summaryElem.innerHTML = buildFolderSummary(fileData);
                 }
 
-                // Render the view normally.
+                // Render view based on the view mode.
                 if (window.viewMode === "gallery") {
                     renderGalleryView(folder);
                 } else {
@@ -193,8 +266,7 @@ export function loadFileList(folderParam) {
 }
 
 /**
- * Update renderFileTable so that it writes its content into the provided container.
- * If no container is provided, it defaults to the element with id "fileList".
+ * Update renderFileTable so it writes its content into the provided container.
  */
 export function renderFileTable(folder, container) {
     const fileListContent = container || document.getElementById("fileList");
@@ -202,11 +274,9 @@ export function renderFileTable(folder, container) {
     const itemsPerPageSetting = parseInt(localStorage.getItem("itemsPerPage") || "10", 10);
     let currentPage = window.currentPage || 1;
 
-    const filteredFiles = fileData.filter(file => {
-        const nameMatch = file.name.toLowerCase().includes(searchTerm);
-        const tagMatch = file.tags && file.tags.some(tag => tag.name.toLowerCase().includes(searchTerm));
-        return nameMatch || tagMatch;
-    });
+    // Use Fuse.js search via our helper function.
+    const filteredFiles = searchFiles(searchTerm);
+    
     const totalFiles = filteredFiles.length;
     const totalPages = Math.ceil(totalFiles / itemsPerPageSetting);
     if (currentPage > totalPages) {
@@ -217,11 +287,15 @@ export function renderFileTable(folder, container) {
         ? "uploads/"
         : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
 
+    // Build the top controls and append the advanced search toggle button.
     const topControlsHTML = buildSearchAndPaginationControls({
         currentPage,
         totalPages,
         searchTerm: window.currentSearchTerm || ""
     });
+
+    const combinedTopHTML = topControlsHTML;
+    
     let headerHTML = buildFileTableHeader(sortOrder);
     const startIndex = (currentPage - 1) * itemsPerPageSetting;
     const endIndex = Math.min(startIndex + itemsPerPageSetting, totalFiles);
@@ -242,7 +316,7 @@ export function renderFileTable(folder, container) {
             rowHTML = rowHTML.replace(/(<td class="file-name-cell">)(.*?)(<\/td>)/, (match, p1, p2, p3) => {
                 return p1 + p2 + tagBadgesHTML + p3;
             });
-            rowHTML = rowHTML.replace(/(<\/div>\s*<\/td>\s*<\/tr>)/, `<button class="share-btn btn btn-sm btn-secondary" data-file="${escapeHTML(file.name)}" title="Share">
+            rowHTML = rowHTML.replace(/(<\/div>\s*<\/td>\s*<\/tr>)/, `<button class="share-btn btn btn-sm btn-secondary" data-file="${escapeHTML(file.name)}" title="${t('share')}">
                 <i class="material-icons">share</i>
               </button>$1`);
             rowsHTML += rowHTML;
@@ -253,11 +327,11 @@ export function renderFileTable(folder, container) {
     rowsHTML += "</tbody></table>";
     const bottomControlsHTML = buildBottomControls(itemsPerPageSetting);
 
-    fileListContent.innerHTML = topControlsHTML + headerHTML + rowsHTML + bottomControlsHTML;
+    fileListContent.innerHTML = combinedTopHTML + headerHTML + rowsHTML + bottomControlsHTML;
 
     createViewToggleButton();
 
-    // Setup event listeners as before...
+    // Setup event listeners.
     const newSearchInput = document.getElementById("searchInput");
     if (newSearchInput) {
         newSearchInput.addEventListener("input", debounce(function () {
@@ -299,7 +373,7 @@ export function renderFileTable(folder, container) {
         });
     });
     updateFileActionButtons();
-    document.querySelectorAll("#fileListContent tbody tr").forEach(row => {
+    document.querySelectorAll("#fileList tbody tr").forEach(row => {
         row.setAttribute("draggable", "true");
         import('./fileDragDrop.js').then(module => {
             row.addEventListener("dragstart", module.fileDragStartHandler);
@@ -317,10 +391,8 @@ export function renderFileTable(folder, container) {
 export function renderGalleryView(folder, container) {
     const fileListContent = container || document.getElementById("fileList");
     const searchTerm = (window.currentSearchTerm || "").toLowerCase();
-    const filteredFiles = fileData.filter(file => {
-        return file.name.toLowerCase().includes(searchTerm) ||
-            (file.tags && file.tags.some(tag => tag.name.toLowerCase().includes(searchTerm)));
-    });
+    // Use Fuse.js search for gallery view as well.
+    const filteredFiles = searchFiles(searchTerm);
     const folderPath = folder === "root"
         ? "uploads/"
         : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
@@ -348,23 +420,23 @@ export function renderGalleryView(folder, container) {
           ${thumbnail}
         </div>
         <div class="gallery-info" style="margin-top: 5px;">
-          <span class="gallery-file-name" style="display: block;">${escapeHTML(file.name)}</span>
+          <span class="gallery-file-name" style="display: block; white-space: normal; overflow-wrap: break-word; word-wrap: break-word;">${escapeHTML(file.name)}</span>
           ${tagBadgesHTML}
           <div class="button-wrap" style="display: flex; justify-content: center; gap: 5px;">
             <button type="button" class="btn btn-sm btn-success download-btn" 
                 onclick="openDownloadModal('${file.name}', '${file.folder || 'root'}')" 
-                title="Download">
+                title="${t('download')}">
                 <i class="material-icons">file_download</i>
             </button>
             ${file.editable ? `
-              <button class="btn btn-sm edit-btn" onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Edit">
+              <button class="btn btn-sm edit-btn" onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="${t('Edit')}">
                 <i class="material-icons">edit</i>
               </button>
             ` : ""}
-            <button class="btn btn-sm btn-warning rename-btn" onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Rename">
+            <button class="btn btn-sm btn-warning rename-btn" onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="${t('rename')}">
                <i class="material-icons">drive_file_rename_outline</i>
             </button>
-            <button class="btn btn-sm btn-secondary share-btn" data-file="${escapeHTML(file.name)}" title="Share">
+            <button class="btn btn-sm btn-secondary share-btn" data-file="${escapeHTML(file.name)}" title="${t('share')}">
                <i class="material-icons">share</i>
             </button>
           </div>
@@ -478,3 +550,4 @@ window.loadFileList = loadFileList;
 window.renderFileTable = renderFileTable;
 window.renderGalleryView = renderGalleryView;
 window.sortFiles = sortFiles;
+window.toggleAdvancedSearch = toggleAdvancedSearch;

js/fileMenu.js

@@ -1,4 +1,4 @@
-// contextMenu.js
+// fileMenu.js
 import { updateRowHighlight, showToast } from './domUtils.js';
 import { handleDeleteSelected, handleCopySelected, handleMoveSelected, handleDownloadZipSelected, handleExtractZipSelected, renameFile } from './fileActions.js';
 import { previewFile } from './filePreview.js';

js/filePreview.js

@@ -26,7 +26,7 @@ export function openShareModal(file, folder) {
           <option value="240">240 minutes</option>
           <option value="1440">1 Day</option>
         </select>
-        <p>Password (optional):</p>
+        <p>${t("password_optional")}</p>
         <input type="text" id="sharePassword" placeholder=${t("password_optional")} style="width: 100%;"/>
         <br>
         <button id="generateShareLinkBtn" class="btn btn-primary" style="margin-top:10px;">${t("generate_share_link")}</button>

js/fileTags.js

@@ -305,7 +305,7 @@ if (localStorage.getItem('globalTags')) {
   
 // New function to load global tags from the server's persistent JSON.
 export function loadGlobalTags() {
-  fetch("metadata/createdTags.json", { credentials: "include" })
+  fetch("getFileTag.php", { credentials: "include" })
     .then(response => {
       if (!response.ok) {
         // If the file doesn't exist, assume there are no global tags.

js/folderShareModal.js

@@ -28,7 +28,7 @@ export function openFolderShareModal(folder) {
           <option value="1440">1 ${t("day")}</option>
         </select>
         <p>${t("password_optional")}</p>
-        <input type="text" id="folderSharePassword" placeholder="${t("password")}" style="width: 100%;"/>
+        <input type="text" id="folderSharePassword" placeholder="${t("enter_password")}" style="width: 100%;"/>
         <br>
         <label>
           <input type="checkbox" id="folderShareAllowUpload"> ${t("allow_uploads")}

js/i18n.js

@@ -1,11 +1,14 @@
 /* i18n.js */
 const translations = {
-    en: { /* English translations */
+  en: {
     "please_log_in_to_continue": "Please log in to continue.",
     "no_files_selected": "No files selected.",
     "confirm_delete_files": "Are you sure you want to delete {count} selected file(s)?",
     "element_not_found": "Element with id \"{id}\" not found.",
-      "search_placeholder": "Search files or tag...",
+    "search_placeholder": "Search files, tags, & uploader...",
+    "search_placeholder_advanced": "Advanced Search: files, tags, uploader & content...",
+    "basic_search_tooltip": "Basic Search: Search by file name, tags, and uploader.",
+    "advanced_search_tooltip": "Advanced Search: Includes file content, in addition to file name, tags, and uploader.",
     "file_name": "File Name",
     "date_modified": "Date Modified",
     "upload_date": "Upload Date",
@@ -32,7 +35,6 @@ const translations = {
     "tag_name": "Tag Name:",
     "tag_color": "Tag Color:",
     "save_tag": "Save Tag",
-      "files_in": "Files in",
     "light_mode": "Light Mode",
     "dark_mode": "Dark Mode",
     "upload_instruction": "Drop files/folders here or click 'Choose files'",
@@ -83,6 +85,7 @@ const translations = {
     "folder_help_item_4": "To rename or delete a folder, select it and then click the appropriate button.",
 
     // File List keys:
+    "actions": "Actions",
     "file_list_title": "Files in (Root)",
     "files_in": "Files in",
     "delete_files": "Delete Files",
@@ -99,6 +102,13 @@ const translations = {
     "download_zip_title": "Download Selected Files as Zip",
     "download_zip_prompt": "Enter a name for the zip file:",
     "zip_placeholder": "files.zip",
+    "share": "Share",
+    "total_files": "Total Files",
+    "total_size": "Total Size",
+    "prev": "Prev",
+    "next": "Next",
+    "page": "Page",
+    "of": "of",
 
     // Login Form keys:
     "login": "Login",
@@ -116,6 +126,13 @@ const translations = {
     "create_new_user_title": "Create New User",
     "username": "Username:",
     "password": "Password:",
+    "enter_password": "Password",
+    "preparing_download": "Preparing your download...",
+    "download_file": "Download File",
+    "confirm_or_change_filename": "Confirm or change the download file name:",
+    "filename": "Filename",
+    "cancel": "Cancel",
+    "download": "Download",
     "grant_admin": "Grant Admin Access",
     "save_user": "Save User",
 
@@ -135,14 +152,12 @@ const translations = {
     "error_generating_share_link": "Error Generating Share Link",
 
     // Folder
-      "create_folder": "Create Folder",
-      "rename_folder": "Rename Folder",
     "folder_share": "Share Folder",
-      "delete_folder": "Delete Folder",
 
     // Custom Confirm Modal keys:
     "yes": "Yes",
     "no": "No",
+    "unsaved_changes_confirm": "You have unsaved changes. Are you sure you want to close without saving?",
     "delete": "Delete",
     "download": "Download",
     "upload": "Upload",
@@ -160,14 +175,78 @@ const translations = {
 
     // Dark Mode Toggle
     "dark_mode_toggle": "Dark Mode",
-      "light_mode_toggle": "Light Mode"
+    "light_mode_toggle": "Light Mode",
+
+    // NEW KEYS ADDED FOR ADMIN, USER PANELS, AND TOTP MODALS:
+    "admin_panel": "Admin Panel",
+    "user_panel": "User Panel",
+    "trash_restore_delete": "Trash Restore/Delete",
+    "totp_settings": "TOTP Settings",
+    "enable_totp": "Enable TOTP",
+    "language": "Language",
+    "select_language": "Select Language",
+    "english": "English",
+    "spanish": "Spanish",
+    "french": "French",
+    "german": "German",
+    "use_totp_code_instead": "Use TOTP Code instead",
+    "submit_recovery_code": "Submit Recovery Code",
+    "please_enter_recovery_code": "Please enter your recovery code.",
+    "recovery_code_verification_failed": "Recovery code verification failed",
+    "error_verifying_recovery_code": "Error verifying recovery code",
+    "totp_verification_failed": "TOTP verification failed",
+    "error_verifying_totp_code": "Error verifying TOTP code",
+    "totp_setup": "TOTP Setup",
+    "scan_qr_code": "Scan this QR code with your authenticator app.",
+    "enter_totp_confirmation": "Enter the 6-digit code from your app to confirm setup:",
+    "confirm": "Confirm",
+    "please_enter_valid_code": "Please enter a valid 6-digit code.",
+    "totp_enabled_successfully": "TOTP successfully enabled.",
+    "error_generating_recovery_code": "Error generating recovery code",
+    "error_loading_qr_code": "Error loading QR code.",
+    "error_disabling_totp_setting": "Error disabling TOTP setting",
+    "user_management": "User Management",
+    "add_user": "Add User",
+    "remove_user": "Remove User",
+    "user_permissions": "User Permissions",
+    "oidc_configuration": "OIDC Configuration",
+    "oidc_provider_url": "OIDC Provider URL",
+    "oidc_client_id": "OIDC Client ID",
+    "oidc_client_secret": "OIDC Client Secret",
+    "oidc_redirect_uri": "OIDC Redirect URI",
+    "global_totp_settings": "Global TOTP Settings",
+    "global_otpauth_url": "Global OTPAuth URL",
+    "login_options": "Login Options",
+    "disable_login_form": "Disable Login Form",
+    "disable_basic_http_auth": "Disable Basic HTTP Auth",
+    "disable_oidc_login": "Disable OIDC Login",
+    "save_settings": "Save Settings",
+    "at_least_one_login_method": "At least one login method must remain enabled.",
+    "settings_updated_successfully": "Settings updated successfully.",
+    "error_updating_settings": "Error updating settings",
+    "user_permissions_updated_successfully": "User permissions updated successfully.",
+    "error_updating_permissions": "Error updating permissions",
+    "no_users_found": "No users found.",
+    "user_folder_only": "User Folder Only",
+    "read_only": "Read Only",
+    "disable_upload": "Disable Upload",
+    "error_loading_users": "Error loading users",
+    "save_permissions": "Save Permissions",
+    "your_recovery_code": "Your Recovery Code",
+    "please_save_recovery_code": "Please save this code securely. It will not be shown again and can only be used once.",
+    "ok": "OK",
+    "show": "Show",
+    "items_per_page": "items per page"
   },
-    es: { /* Spanish translations */
+  es: {
     "please_log_in_to_continue": "Por favor, inicie sesión para continuar.",
-        "no_files_selected": "No se seleccionaron archivos.",
+    "no_files_selected": "No se han seleccionado archivos.",
     "confirm_delete_files": "¿Está seguro de que desea eliminar {count} archivo(s) seleccionado(s)?",
     "element_not_found": "Elemento con id \"{id}\" no encontrado.",
-        "search_placeholder": "Buscar archivos o etiqueta...",
+    "search_placeholder": "Buscar archivos, etiquetas y cargador...",
+    "search_placeholder_advanced": "Búsqueda avanzada: archivos, etiquetas, cargador y contenido...",
+    "basic_search_tooltip": "Búsqueda básica: Buscar por nombre de archivo, etiquetas y cargador.",
+    "advanced_search_tooltip": "Búsqueda avanzada: Incluye el contenido del archivo, además del nombre, etiquetas y cargador.",
     "file_name": "Nombre del archivo",
     "date_modified": "Fecha de modificación",
     "upload_date": "Fecha de carga",
@@ -194,11 +273,10 @@ const translations = {
     "tag_name": "Nombre de la etiqueta:",
     "tag_color": "Color de la etiqueta:",
     "save_tag": "Guardar etiqueta",
-        "files_in": "Archivos en",
     "light_mode": "Modo claro",
     "dark_mode": "Modo oscuro",
-        "upload_instruction": "Suelte archivos/carpetas o haga clic en 'Elegir archivos'",
-        "no_files_selected_default": "No se seleccionaron archivos",
+    "upload_instruction": "Suelte archivos/carpetas aquí o haga clic en 'Elegir archivos'",
+    "no_files_selected_default": "No se han seleccionado archivos",
     "choose_files": "Elegir archivos",
     "delete_selected": "Eliminar seleccionados",
     "copy_selected": "Copiar seleccionados",
@@ -210,7 +288,7 @@ const translations = {
     "edit": "Editar",
     "rename": "Renombrar",
     "trash_empty": "La papelera está vacía.",
-        "no_trash_selected": "No se seleccionaron elementos de la papelera para restaurar.",
+    "no_trash_selected": "No se han seleccionado elementos de la papelera para restaurar.",
 
     // Additional keys for HTML translations:
     "title": "FileRise",
@@ -240,12 +318,13 @@ const translations = {
     "delete_folder_message": "¿Está seguro de que desea eliminar esta carpeta?",
     "folder_help": "Ayuda de carpetas",
     "folder_help_item_1": "Haga clic en una carpeta en el árbol para ver sus archivos.",
-        "folder_help_item_2": "Utilice [-] para colapsar y [+] para expandir carpetas.",
+    "folder_help_item_2": "Utilice [-] para contraer y [+] para expandir las carpetas.",
     "folder_help_item_3": "Seleccione una carpeta y haga clic en \"Crear carpeta\" para agregar una subcarpeta.",
     "folder_help_item_4": "Para renombrar o eliminar una carpeta, selecciónela y luego haga clic en el botón correspondiente.",
 
     // File List keys:
     "file_list_title": "Archivos en (Raíz)",
+    "files_in": "Archivos en",
     "delete_files": "Eliminar archivos",
     "delete_selected_files_title": "Eliminar archivos seleccionados",
     "delete_files_message": "¿Está seguro de que desea eliminar los archivos seleccionados?",
@@ -257,9 +336,9 @@ const translations = {
     "move_files_message": "Seleccione una carpeta destino para mover los archivos seleccionados:",
     "move": "Mover",
     "extract_zip_button": "Extraer Zip",
-        "download_zip_title": "Descargar archivos seleccionados en Zip",
+    "download_zip_title": "Descargar archivos seleccionados en un Zip",
     "download_zip_prompt": "Ingrese un nombre para el archivo Zip:",
-        "zip_placeholder": "archivos.zip",
+    "zip_placeholder": "files.zip",
 
     // Login Form keys:
     "login": "Iniciar sesión",
@@ -277,6 +356,13 @@ const translations = {
     "create_new_user_title": "Crear nuevo usuario",
     "username": "Usuario:",
     "password": "Contraseña:",
+    "enter_password": "Contraseña",
+    "preparing_download": "Preparando su descarga...",
+    "download_file": "Descargar Archivo",
+    "confirm_or_change_filename": "Confirme o cambie el nombre del archivo a descargar:",
+    "filename": "Nombre de archivo",
+    "cancel": "Cancelar",
+    "download": "Descargar",
     "grant_admin": "Otorgar acceso de administrador",
     "save_user": "Guardar usuario",
 
@@ -289,29 +375,110 @@ const translations = {
     "rename_file_title": "Renombrar archivo",
     "rename_file_placeholder": "Ingrese el nuevo nombre del archivo",
 
+    // Folder Share
+    "share_folder": "Compartir carpeta",
+    "allow_uploads": "Permitir cargas",
+    "share_link_generated": "Enlace para compartir generado",
+    "error_generating_share_link": "Error al generar el enlace para compartir",
+
+    // Folder
+    "folder_share": "Compartir carpeta",
+
     // Custom Confirm Modal keys:
     "yes": "Sí",
     "no": "No",
+    "unsaved_changes_confirm": "Tiene cambios sin guardar. ¿Está seguro de que desea cerrar sin guardar?",
     "delete": "Eliminar",
     "download": "Descargar",
     "upload": "Cargar",
     "copy": "Copiar",
     "extract": "Extraer",
+    "user": "Usuario:",
+    "unknown_error": "Error desconocido",
+    "link_copied": "Enlace copiado al portapapeles",
+    "minutes": "minutos",
+    "hours": "horas",
+    "days": "días",
+    "weeks": "semanas",
+    "months": "meses",
+    "seconds": "segundos",
 
     // Dark Mode Toggle
-        "dark_mode_toggle": "Modo oscuro"
+    "dark_mode_toggle": "Modo oscuro",
+    "light_mode_toggle": "Modo claro",
+
+    // NEW KEYS ADDED FOR ADMIN, USER PANELS, AND TOTP MODALS:
+    "admin_panel": "Panel de Administración",
+    "user_panel": "Panel de Usuario",
+    "totp_settings": "Configuración TOTP",
+    "enable_totp": "Activar TOTP",
+    "language": "Idioma",
+    "select_language": "Seleccionar idioma",
+    "english": "Inglés",
+    "spanish": "Español",
+    "french": "Francés",
+    "german": "Alemán",
+    "use_totp_code_instead": "Usar código TOTP en su lugar",
+    "submit_recovery_code": "Enviar código de recuperación",
+    "please_enter_recovery_code": "Por favor, ingrese su código de recuperación.",
+    "recovery_code_verification_failed": "La verificación del código de recuperación falló",
+    "error_verifying_recovery_code": "Error al verificar el código de recuperación",
+    "totp_verification_failed": "La verificación TOTP falló",
+    "error_verifying_totp_code": "Error al verificar el código TOTP",
+    "totp_setup": "Configuración TOTP",
+    "scan_qr_code": "Escanee este código QR con su aplicación de autenticación.",
+    "enter_totp_confirmation": "Ingrese el código de 6 dígitos de su aplicación para confirmar la configuración:",
+    "confirm": "Confirmar",
+    "please_enter_valid_code": "Por favor, ingrese un código válido de 6 dígitos.",
+    "totp_enabled_successfully": "TOTP activado con éxito.",
+    "error_generating_recovery_code": "Error al generar el código de recuperación",
+    "error_loading_qr_code": "Error al cargar el código QR.",
+    "error_disabling_totp_setting": "Error al desactivar la configuración TOTP",
+    "user_management": "Gestión de Usuarios",
+    "add_user": "Agregar usuario",
+    "remove_user": "Eliminar usuario",
+    "user_permissions": "Permisos de Usuario",
+    "oidc_configuration": "Configuración OIDC",
+    "oidc_provider_url": "URL del Proveedor OIDC",
+    "oidc_client_id": "ID del Cliente OIDC",
+    "oidc_client_secret": "Secreto del Cliente OIDC",
+    "oidc_redirect_uri": "URI de Redirección OIDC",
+    "global_totp_settings": "Configuración Global TOTP",
+    "global_otpauth_url": "URL Global OTPAuth",
+    "login_options": "Opciones de inicio de sesión",
+    "disable_login_form": "Desactivar formulario de inicio de sesión",
+    "disable_basic_http_auth": "Desactivar autenticación HTTP básica",
+    "disable_oidc_login": "Desactivar inicio de sesión OIDC",
+    "save_settings": "Guardar configuración",
+    "at_least_one_login_method": "Al menos un método de inicio de sesión debe permanecer habilitado.",
+    "settings_updated_successfully": "Configuración actualizada con éxito.",
+    "error_updating_settings": "Error al actualizar la configuración",
+    "user_permissions_updated_successfully": "Permisos de usuario actualizados con éxito.",
+    "error_updating_permissions": "Error al actualizar los permisos",
+    "no_users_found": "No se encontraron usuarios.",
+    "user_folder_only": "Solo carpeta de usuario",
+    "read_only": "Solo lectura",
+    "disable_upload": "Desactivar carga",
+    "error_loading_users": "Error al cargar usuarios",
+    "save_permissions": "Guardar permisos",
+    "your_recovery_code": "Su código de recuperación",
+    "please_save_recovery_code": "Por favor, guarde este código de forma segura. No se mostrará de nuevo y solo podrá usarse una vez.",
+    "ok": "OK"
   },
-      fr: { /* French translations */
+  fr: {
     "please_log_in_to_continue": "Veuillez vous connecter pour continuer.",
     "no_files_selected": "Aucun fichier sélectionné.",
-        "confirm_delete_files": "Êtes-vous sûr de vouloir supprimer {count} fichier(s) sélectionné(s) ?",
+    "confirm_delete_files": "Êtes-vous sûr de vouloir supprimer {count} fichier(s) sélectionné(s) ?",
     "element_not_found": "Élément avec l'id \"{id}\" non trouvé.",
-        "search_placeholder": "Rechercher des fichiers ou un tag...",
+    "search_placeholder": "Rechercher des fichiers, des balises et l'uploader...",
+    "search_placeholder_advanced": "Recherche avancée : fichiers, balises, uploader et contenu...",
+    "basic_search_tooltip": "Recherche basique : rechercher par nom de fichier, balises et uploader.",
+    "advanced_search_tooltip": "Recherche avancée : inclut le contenu du fichier, en plus du nom, des balises et de l'uploader.",
     "file_name": "Nom du fichier",
     "date_modified": "Date de modification",
     "upload_date": "Date de téléchargement",
     "file_size": "Taille du fichier",
-        "uploader": "Téléversé par",
+    "uploader": "Uploader",
     "enter_totp_code": "Entrez le code TOTP",
     "use_recovery_code_instead": "Utilisez le code de récupération à la place",
     "enter_recovery_code": "Entrez le code de récupération",
@@ -321,29 +488,28 @@ const translations = {
     "save": "Enregistrer",
     "close": "Fermer",
     "no_files_found": "Aucun fichier trouvé.",
-        "switch_to_table_view": "Passer à la vue tableau",
-        "switch_to_gallery_view": "Passer à la vue galerie",
+    "switch_to_table_view": "Passer en vue tableau",
+    "switch_to_gallery_view": "Passer en vue galerie",
     "share_file": "Partager le fichier",
-        "set_expiration": "Définir l'expiration :",
-        "password_optional": "Mot de passe (facultatif) :",
-        "generate_share_link": "Générer un lien de partage",
-        "shareable_link": "Lien partageable :",
+    "set_expiration": "Définir l'expiration :",
+    "password_optional": "Mot de passe (facultatif) :",
+    "generate_share_link": "Générer le lien de partage",
+    "shareable_link": "Lien partageable :",
     "copy_link": "Copier le lien",
-        "tag_file": "Marquer le fichier",
-        "tag_name": "Nom du tag :",
-        "tag_color": "Couleur du tag :",
-        "save_tag": "Enregistrer le tag",
-        "files_in": "Fichiers dans",
+    "tag_file": "Étiqueter le fichier",
+    "tag_name": "Nom de l'étiquette :",
+    "tag_color": "Couleur de l'étiquette :",
+    "save_tag": "Enregistrer l'étiquette",
     "light_mode": "Mode clair",
     "dark_mode": "Mode sombre",
-        "upload_instruction": "Déposez vos fichiers/dossiers ici ou cliquez sur 'Choisir des fichiers'",
+    "upload_instruction": "Déposez des fichiers/dossiers ici ou cliquez sur 'Choisir des fichiers'",
     "no_files_selected_default": "Aucun fichier sélectionné",
     "choose_files": "Choisir des fichiers",
     "delete_selected": "Supprimer la sélection",
     "copy_selected": "Copier la sélection",
     "move_selected": "Déplacer la sélection",
-        "tag_selected": "Marquer la sélection",
-        "download_zip": "Télécharger en Zip",
+    "tag_selected": "Étiqueter la sélection",
+    "download_zip": "Télécharger le Zip",
     "extract_zip": "Extraire le Zip",
     "preview": "Aperçu",
     "edit": "Modifier",
@@ -354,7 +520,7 @@ const translations = {
     // Additional keys for HTML translations:
     "title": "FileRise",
     "header_title": "FileRise",
-        "logout": "Se déconnecter",
+    "logout": "Déconnexion",
     "change_password": "Changer le mot de passe",
     "restore_text": "Restaurer ou",
     "delete_text": "Supprimer les éléments de la corbeille",
@@ -376,7 +542,7 @@ const translations = {
     "rename_folder_placeholder": "Entrez le nouveau nom du dossier",
     "delete_folder": "Supprimer le dossier",
     "delete_folder_title": "Supprimer le dossier",
-        "delete_folder_message": "Êtes-vous sûr de vouloir supprimer ce dossier ?",
+    "delete_folder_message": "Êtes-vous sûr de vouloir supprimer ce dossier ?",
     "folder_help": "Aide des dossiers",
     "folder_help_item_1": "Cliquez sur un dossier dans l'arborescence pour voir ses fichiers.",
     "folder_help_item_2": "Utilisez [-] pour réduire et [+] pour développer les dossiers.",
@@ -385,25 +551,26 @@ const translations = {
 
     // File List keys:
     "file_list_title": "Fichiers dans (Racine)",
+    "files_in": "Fichiers dans",
     "delete_files": "Supprimer les fichiers",
     "delete_selected_files_title": "Supprimer les fichiers sélectionnés",
-        "delete_files_message": "Êtes-vous sûr de vouloir supprimer les fichiers sélectionnés ?",
+    "delete_files_message": "Êtes-vous sûr de vouloir supprimer les fichiers sélectionnés ?",
     "copy_files": "Copier les fichiers",
     "copy_files_title": "Copier les fichiers sélectionnés",
-        "copy_files_message": "Sélectionnez un dossier de destination pour copier les fichiers sélectionnés :",
+    "copy_files_message": "Sélectionnez un dossier de destination pour copier les fichiers sélectionnés :",
     "move_files": "Déplacer les fichiers",
     "move_files_title": "Déplacer les fichiers sélectionnés",
-        "move_files_message": "Sélectionnez un dossier de destination pour déplacer les fichiers sélectionnés :",
+    "move_files_message": "Sélectionnez un dossier de destination pour déplacer les fichiers sélectionnés :",
     "move": "Déplacer",
     "extract_zip_button": "Extraire le Zip",
     "download_zip_title": "Télécharger les fichiers sélectionnés en Zip",
-        "download_zip_prompt": "Entrez un nom pour le fichier Zip :",
-        "zip_placeholder": "fichiers.zip",
+    "download_zip_prompt": "Entrez un nom pour le fichier Zip :",
+    "zip_placeholder": "files.zip",
 
     // Login Form keys:
     "login": "Connexion",
     "remember_me": "Se souvenir de moi",
-        "login_oidc": "Connexion avec OIDC",
+    "login_oidc": "Se connecter avec OIDC",
     "basic_http_login": "Utiliser l'authentification HTTP basique",
 
     // Change Password keys:
@@ -414,43 +581,131 @@ const translations = {
 
     // Add User keys:
     "create_new_user_title": "Créer un nouvel utilisateur",
-        "username": "Nom d'utilisateur :",
-        "password": "Mot de passe :",
-        "grant_admin": "Accorder les droits d'administrateur",
+    "username": "Nom d'utilisateur :",
+    "password": "Mot de passe :",
+    "enter_password": "Mot de passe",
+    "preparing_download": "Préparation de votre téléchargement...",
+    "download_file": "Télécharger le fichier",
+    "confirm_or_change_filename": "Confirmez ou modifiez le nom du fichier à télécharger :",
+    "filename": "Nom du fichier",
+    "cancel": "Annuler",
+    "download": "Télécharger",
+    "grant_admin": "Accorder l'accès administrateur",
     "save_user": "Enregistrer l'utilisateur",
 
     // Remove User keys:
-        "remove_user_title": "Supprimer l'utilisateur",
-        "select_user_remove": "Sélectionnez un utilisateur à supprimer :",
+    "remove_user_title": "Supprimer un utilisateur",
+    "select_user_remove": "Sélectionnez un utilisateur à supprimer :",
     "delete_user": "Supprimer l'utilisateur",
 
     // Rename File keys:
     "rename_file_title": "Renommer le fichier",
     "rename_file_placeholder": "Entrez le nouveau nom du fichier",
 
+    // Folder Share
+    "share_folder": "Partager le dossier",
+    "allow_uploads": "Autoriser les téléchargements",
+    "share_link_generated": "Lien de partage généré",
+    "error_generating_share_link": "Erreur lors de la génération du lien de partage",
+
+    // Folder
+    "folder_share": "Partager le dossier",
+
     // Custom Confirm Modal keys:
     "yes": "Oui",
     "no": "Non",
+    "unsaved_changes_confirm": "Vous avez des modifications non enregistrées. Êtes-vous sûr de vouloir fermer sans enregistrer ?",
     "delete": "Supprimer",
     "download": "Télécharger",
     "upload": "Téléverser",
     "copy": "Copier",
     "extract": "Extraire",
+    "user": "Utilisateur :",
+    "unknown_error": "Erreur inconnue",
+    "link_copied": "Lien copié dans le presse-papiers",
+    "minutes": "minutes",
+    "hours": "heures",
+    "days": "jours",
+    "weeks": "semaines",
+    "months": "mois",
+    "seconds": "secondes",
 
     // Dark Mode Toggle
-        "dark_mode_toggle": "Mode sombre"
+    "dark_mode_toggle": "Mode sombre",
+    "light_mode_toggle": "Mode clair",
+
+    // NEW KEYS ADDED FOR ADMIN, USER PANELS, AND TOTP MODALS:
+    "admin_panel": "Panneau d'administration",
+    "user_panel": "Panneau utilisateur",
+    "totp_settings": "Paramètres TOTP",
+    "enable_totp": "Activer TOTP",
+    "language": "Langue",
+    "select_language": "Sélectionnez la langue",
+    "english": "Anglais",
+    "spanish": "Espagnol",
+    "french": "Français",
+    "german": "Allemand",
+    "use_totp_code_instead": "Utiliser le code TOTP à la place",
+    "submit_recovery_code": "Soumettre le code de récupération",
+    "please_enter_recovery_code": "Veuillez entrer votre code de récupération.",
+    "recovery_code_verification_failed": "La vérification du code de récupération a échoué",
+    "error_verifying_recovery_code": "Erreur lors de la vérification du code de récupération",
+    "totp_verification_failed": "La vérification TOTP a échoué",
+    "error_verifying_totp_code": "Erreur lors de la vérification du code TOTP",
+    "totp_setup": "Configuration TOTP",
+    "scan_qr_code": "Scannez ce QR code avec votre application d'authentification.",
+    "enter_totp_confirmation": "Entrez le code à 6 chiffres de votre application pour confirmer la configuration :",
+    "confirm": "Confirmer",
+    "please_enter_valid_code": "Veuillez entrer un code valide à 6 chiffres.",
+    "totp_enabled_successfully": "TOTP activé avec succès.",
+    "error_generating_recovery_code": "Erreur lors de la génération du code de récupération",
+    "error_loading_qr_code": "Erreur lors du chargement du QR code.",
+    "error_disabling_totp_setting": "Erreur lors de la désactivation des paramètres TOTP",
+    "user_management": "Gestion des utilisateurs",
+    "add_user": "Ajouter un utilisateur",
+    "remove_user": "Supprimer un utilisateur",
+    "user_permissions": "Permissions des utilisateurs",
+    "oidc_configuration": "Configuration OIDC",
+    "oidc_provider_url": "URL du fournisseur OIDC",
+    "oidc_client_id": "ID du client OIDC",
+    "oidc_client_secret": "Secret du client OIDC",
+    "oidc_redirect_uri": "URI de redirection OIDC",
+    "global_totp_settings": "Paramètres globaux TOTP",
+    "global_otpauth_url": "URL globale OTPAuth",
+    "login_options": "Options de connexion",
+    "disable_login_form": "Désactiver le formulaire de connexion",
+    "disable_basic_http_auth": "Désactiver l'authentification HTTP basique",
+    "disable_oidc_login": "Désactiver la connexion OIDC",
+    "save_settings": "Enregistrer les paramètres",
+    "at_least_one_login_method": "Au moins une méthode de connexion doit rester activée.",
+    "settings_updated_successfully": "Paramètres mis à jour avec succès.",
+    "error_updating_settings": "Erreur lors de la mise à jour des paramètres",
+    "user_permissions_updated_successfully": "Permissions des utilisateurs mises à jour avec succès.",
+    "error_updating_permissions": "Erreur lors de la mise à jour des permissions",
+    "no_users_found": "Aucun utilisateur trouvé.",
+    "user_folder_only": "Uniquement le dossier utilisateur",
+    "read_only": "Lecture seule",
+    "disable_upload": "Désactiver le téléchargement",
+    "error_loading_users": "Erreur lors du chargement des utilisateurs",
+    "save_permissions": "Enregistrer les permissions",
+    "your_recovery_code": "Votre code de récupération",
+    "please_save_recovery_code": "Veuillez sauvegarder ce code en toute sécurité. Il ne sera plus affiché et ne pourra être utilisé qu'une seule fois.",
+    "ok": "OK"
   },
   de: {
     "please_log_in_to_continue": "Bitte melden Sie sich an, um fortzufahren.",
     "no_files_selected": "Keine Dateien ausgewählt.",
     "confirm_delete_files": "Sind Sie sicher, dass Sie {count} ausgewählte Datei(en) löschen möchten?",
     "element_not_found": "Element mit der ID \"{id}\" wurde nicht gefunden.",
-        "search_placeholder": "Suche nach Dateien oder Tags...",
+    "search_placeholder": "Dateien, Tags und Uploader suchen...",
+    "search_placeholder_advanced": "Erweiterte Suche: Dateien, Tags, Uploader & Inhalt...",
+    "basic_search_tooltip": "Einfache Suche: Nach Dateiname, Tags und Uploader suchen.",
+    "advanced_search_tooltip": "Erweiterte Suche: Beinhaltet Dateiinhalte zusätzlich zum Dateinamen, Tags und Uploader.",
     "file_name": "Dateiname",
     "date_modified": "Änderungsdatum",
     "upload_date": "Hochladedatum",
     "file_size": "Dateigröße",
-        "uploader": "Hochgeladen von",
+    "uploader": "Uploader",
     "enter_totp_code": "Geben Sie den TOTP-Code ein",
     "use_recovery_code_instead": "Verwenden Sie stattdessen den Wiederherstellungscode",
     "enter_recovery_code": "Geben Sie den Wiederherstellungscode ein",
@@ -472,7 +727,6 @@ const translations = {
     "tag_name": "Tagname:",
     "tag_color": "Tagfarbe:",
     "save_tag": "Tag speichern",
-        "files_in": "Dateien in",
     "light_mode": "Heller Modus",
     "dark_mode": "Dunkler Modus",
     "upload_instruction": "Ziehen Sie Dateien/Ordner hierher oder klicken Sie auf 'Dateien auswählen'",
@@ -488,7 +742,7 @@ const translations = {
     "edit": "Bearbeiten",
     "rename": "Umbenennen",
     "trash_empty": "Papierkorb ist leer.",
-        "no_trash_selected": "Keine Elemente im Papierkorb für die Wiederherstellung ausgewählt.",
+    "no_trash_selected": "Keine Papierkorbeinträge zur Wiederherstellung ausgewählt.",
 
     // Additional keys for HTML translations:
     "title": "FileRise",
@@ -517,13 +771,15 @@ const translations = {
     "delete_folder_title": "Ordner löschen",
     "delete_folder_message": "Sind Sie sicher, dass Sie diesen Ordner löschen möchten?",
     "folder_help": "Ordnerhilfe",
-        "folder_help_item_1": "Klicken Sie auf einen Ordner, um dessen Dateien anzuzeigen.",
-        "folder_help_item_2": "Verwenden Sie [-] um zu minimieren und [+] um zu erweitern.",
-        "folder_help_item_3": "Klicken Sie auf \"Ordner erstellen\", um einen Unterordner hinzuzufügen.",
-        "folder_help_item_4": "Um einen Ordner umzubenennen oder zu löschen, wählen Sie ihn und klicken Sie auf die entsprechende Schaltfläche.",
+    "folder_help_item_1": "Klicken Sie auf einen Ordner im Baum, um dessen Dateien anzuzeigen.",
+    "folder_help_item_2": "Verwenden Sie [-] zum Einklappen und [+] zum Ausklappen der Ordner.",
+    "folder_help_item_3": "Wählen Sie einen Ordner aus und klicken Sie auf \"Ordner erstellen\", um einen Unterordner hinzuzufügen.",
+    "folder_help_item_4": "Um einen Ordner umzubenennen oder zu löschen, wählen Sie ihn aus und klicken Sie auf den entsprechenden Button.",
 
     // File List keys:
+    "actions": "Aktionen",
     "file_list_title": "Dateien in (Root)",
+    "files_in": "Dateien in",
     "delete_files": "Dateien löschen",
     "delete_selected_files_title": "Ausgewählte Dateien löschen",
     "delete_files_message": "Sind Sie sicher, dass Sie die ausgewählten Dateien löschen möchten?",
@@ -537,7 +793,14 @@ const translations = {
     "extract_zip_button": "Zip entpacken",
     "download_zip_title": "Ausgewählte Dateien als Zip herunterladen",
     "download_zip_prompt": "Geben Sie einen Namen für die Zip-Datei ein:",
-        "zip_placeholder": "dateien.zip",
+    "zip_placeholder": "files.zip",
+    "share": "Teilen",
+    "total_files": "Gesamtanzahl",
+    "total_size": "Gesamtgröße",
+    "prev": "Zurück",
+    "next": "Weiter",
+    "page": "Seite",
+    "of": "von",    
 
     // Login Form keys:
     "login": "Anmelden",
@@ -555,29 +818,117 @@ const translations = {
     "create_new_user_title": "Neuen Benutzer erstellen",
     "username": "Benutzername:",
     "password": "Passwort:",
+    "enter_password": "Passwort",
+    "preparing_download": "Bereite Ihren Download vor...",
+    "download_file": "Datei herunterladen",
+    "confirm_or_change_filename": "Bestätigen oder ändern Sie den Dateinamen zum Download:",
+    "filename": "Dateiname",
+    "cancel": "Abbrechen",
+    "download": "Herunterladen",
     "grant_admin": "Admin-Rechte vergeben",
     "save_user": "Benutzer speichern",
 
     // Remove User keys:
     "remove_user_title": "Benutzer entfernen",
-        "select_user_remove": "Wählen Sie einen Benutzer zum Entfernen:",
+    "select_user_remove": "Wählen Sie einen Benutzer zum Entfernen aus:",
     "delete_user": "Benutzer löschen",
 
     // Rename File keys:
     "rename_file_title": "Datei umbenennen",
-        "rename_file_placeholder": "Neuen Dateinamen eingeben",
+    "rename_file_placeholder": "Geben Sie den neuen Dateinamen ein",
+
+    // Folder Share
+    "share_folder": "Ordner teilen",
+    "allow_uploads": "Uploads erlauben",
+    "share_link_generated": "Freigabelink generiert",
+    "error_generating_share_link": "Fehler beim Generieren des Freigabelinks",
+
+    // Folder
+    "folder_share": "Ordner teilen",
 
     // Custom Confirm Modal keys:
     "yes": "Ja",
     "no": "Nein",
+    "unsaved_changes_confirm": "Sie haben ungespeicherte Änderungen. Sind Sie sicher, dass Sie schließen möchten, ohne zu speichern?",
     "delete": "Löschen",
     "download": "Herunterladen",
     "upload": "Hochladen",
     "copy": "Kopieren",
     "extract": "Entpacken",
+    "user": "Benutzer:",
+    "unknown_error": "Unbekannter Fehler",
+    "link_copied": "Link in die Zwischenablage kopiert",
+    "minutes": "Minuten",
+    "hours": "Stunden",
+    "days": "Tage",
+    "weeks": "Wochen",
+    "months": "Monate",
+    "seconds": "Sekunden",
 
     // Dark Mode Toggle
-        "dark_mode_toggle": "Dunkler Modus"
+    "dark_mode_toggle": "Dunkler Modus",
+    "light_mode_toggle": "Heller Modus",
+
+    // NEW KEYS ADDED FOR ADMIN, USER PANELS, AND TOTP MODALS:
+    "admin_panel": "Administrationsbereich",
+    "user_panel": "Benutzerbereich",
+    "trash_restore_delete": "Papierkorb wiederherstellen/löschen",
+    "totp_settings": "TOTP-Einstellungen",
+    "enable_totp": "TOTP aktivieren",
+    "language": "Sprache",
+    "select_language": "Sprache auswählen",
+    "english": "Englisch",
+    "spanish": "Spanisch",
+    "french": "Französisch",
+    "german": "Deutsch",
+    "use_totp_code_instead": "Stattdessen TOTP-Code verwenden",
+    "submit_recovery_code": "Wiederherstellungscode absenden",
+    "please_enter_recovery_code": "Bitte geben Sie Ihren Wiederherstellungscode ein.",
+    "recovery_code_verification_failed": "Überprüfung des Wiederherstellungscodes fehlgeschlagen",
+    "error_verifying_recovery_code": "Fehler bei der Überprüfung des Wiederherstellungscodes",
+    "totp_verification_failed": "TOTP-Überprüfung fehlgeschlagen",
+    "error_verifying_totp_code": "Fehler bei der Überprüfung des TOTP-Codes",
+    "totp_setup": "TOTP-Einrichtung",
+    "scan_qr_code": "Scannen Sie diesen QR-Code mit Ihrer Authenticator-App.",
+    "enter_totp_confirmation": "Geben Sie den 6-stelligen Code aus Ihrer App zur Bestätigung ein:",
+    "confirm": "Bestätigen",
+    "please_enter_valid_code": "Bitte geben Sie einen gültigen 6-stelligen Code ein.",
+    "totp_enabled_successfully": "TOTP wurde erfolgreich aktiviert.",
+    "error_generating_recovery_code": "Fehler beim Generieren des Wiederherstellungscodes",
+    "error_loading_qr_code": "Fehler beim Laden des QR-Codes.",
+    "error_disabling_totp_setting": "Fehler beim Deaktivieren der TOTP-Einstellungen",
+    "user_management": "Benutzerverwaltung",
+    "add_user": "Benutzer hinzufügen",
+    "remove_user": "Benutzer entfernen",
+    "user_permissions": "Benutzerberechtigungen",
+    "oidc_configuration": "OIDC-Konfiguration",
+    "oidc_provider_url": "OIDC-Anbieter-URL",
+    "oidc_client_id": "OIDC-Client-ID",
+    "oidc_client_secret": "OIDC-Client-Geheimnis",
+    "oidc_redirect_uri": "OIDC-Umleitungs-URI",
+    "global_totp_settings": "Globale TOTP-Einstellungen",
+    "global_otpauth_url": "Globale OTPAuth-URL",
+    "login_options": "Anmeldeoptionen",
+    "disable_login_form": "Anmeldeformular deaktivieren",
+    "disable_basic_http_auth": "HTTP-Basisauthentifizierung deaktivieren",
+    "disable_oidc_login": "OIDC-Anmeldung deaktivieren",
+    "save_settings": "Einstellungen speichern",
+    "at_least_one_login_method": "Mindestens eine Anmeldemethode muss aktiviert bleiben.",
+    "settings_updated_successfully": "Einstellungen wurden erfolgreich aktualisiert.",
+    "error_updating_settings": "Fehler beim Aktualisieren der Einstellungen",
+    "user_permissions_updated_successfully": "Benutzerberechtigungen wurden erfolgreich aktualisiert.",
+    "error_updating_permissions": "Fehler beim Aktualisieren der Berechtigungen",
+    "no_users_found": "Keine Benutzer gefunden.",
+    "user_folder_only": "Nur Benutzerordner",
+    "read_only": "Nur Lesen",
+    "disable_upload": "Upload deaktivieren",
+    "error_loading_users": "Fehler beim Laden der Benutzer",
+    "save_permissions": "Berechtigungen speichern",
+    "your_recovery_code": "Ihr Wiederherstellungscode",
+    "please_save_recovery_code": "Bitte speichern Sie diesen Code sicher. Er wird nicht erneut angezeigt und kann nur einmal verwendet werden.",
+    "ok": "OK",
+    "show": "Zeige",
+    "items_per_page": "elemente pro seite"
   }
 };
 

js/main.js

@@ -12,7 +12,8 @@ import { initFileActions, renameFile, openDownloadModal, confirmSingleDownload }
 import { editFile, saveFile } from './fileEditor.js';
 import { t, applyTranslations, setLocale } from './i18n.js';
 
-function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
+// Remove the retry logic version and just use loadCsrfToken directly:
+function loadCsrfToken() {
   return fetch('token.php', { credentials: 'include' })
     .then(response => {
       if (!response.ok) {
@@ -21,11 +22,9 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       return response.json();
     })
     .then(data => {
-      // Set global variables.
       window.csrfToken = data.csrf_token;
       window.SHARE_URL = data.share_url;
       
-      // Update (or create) the CSRF meta tag.
       let metaCSRF = document.querySelector('meta[name="csrf-token"]');
       if (!metaCSRF) {
         metaCSRF = document.createElement('meta');
@@ -34,7 +33,6 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       }
       metaCSRF.setAttribute('content', data.csrf_token);
 
-      // Update (or create) the share URL meta tag.
       let metaShare = document.querySelector('meta[name="share-url"]');
       if (!metaShare) {
         metaShare = document.createElement('meta');
@@ -44,15 +42,6 @@ function loadCsrfTokenWithRetry(retries = 3, delay = 1000) {
       metaShare.setAttribute('content', data.share_url);
 
       return data;
-    })
-    .catch(error => {
-      if (retries > 0) {
-        console.warn(`CSRF token load failed. Retrying in ${delay}ms... (${retries} retries left)`, error);
-        return new Promise(resolve => setTimeout(resolve, delay))
-          .then(() => loadCsrfTokenWithRetry(retries - 1, delay * 2));
-      }
-      console.error("Failed to load CSRF token after retries.", error);
-      throw error;
     });
 }
 
@@ -78,7 +67,7 @@ document.addEventListener("DOMContentLoaded", function () {
   // Apply the translations to update the UI
   applyTranslations();
   // First, load the CSRF token (with retry).
-  loadCsrfTokenWithRetry().then(() => {
+  loadCsrfToken().then(() => {
     // Once CSRF token is loaded, initialize authentication.
     initAuth();
 
@@ -139,18 +128,18 @@ document.addEventListener("DOMContentLoaded", function () {
 
     if (darkModeToggle) {
       darkModeToggle.textContent = document.body.classList.contains("dark-mode")
-        ? "Light Mode"
-        : "Dark Mode";
+        ? t("light_mode")
+        : t("dark_mode");
 
       darkModeToggle.addEventListener("click", function () {
         if (document.body.classList.contains("dark-mode")) {
           document.body.classList.remove("dark-mode");
           localStorage.setItem("darkMode", "false");
-          darkModeToggle.textContent = "Dark Mode";
+          darkModeToggle.textContent = t("dark_mode");
         } else {
           document.body.classList.add("dark-mode");
           localStorage.setItem("darkMode", "true");
-          darkModeToggle.textContent = "Light Mode";
+          darkModeToggle.textContent = t("light_mode");
         }
       });
     }

login_basic.php

@@ -81,7 +81,7 @@ $username = trim($_SERVER['PHP_AUTH_USER']);
 $password = trim($_SERVER['PHP_AUTH_PW']);
 
 // Validate username format (optional)
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $username)) {
+if (!preg_match(REGEX_USER, $username)) {
     header('WWW-Authenticate: Basic realm="FileRise Login"');
     header('HTTP/1.0 401 Unauthorized');
     echo 'Invalid username format';

moveFiles.php

@@ -1,9 +1,6 @@
 <?php
 require_once 'config.php';
 header('Content-Type: application/json');
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 
 // --- CSRF Protection ---
 $headers = array_change_key_case(getallheaders(), CASE_LOWER);
@@ -45,7 +42,7 @@ $sourceFolder = trim($data['source']) ?: 'root';
 $destinationFolder = trim($data['destination']) ?: 'root';
 
 // Allow only letters, numbers, underscores, dashes, spaces, and forward slashes in folder names.
-$folderPattern = '/^[A-Za-z0-9_\- \/]+$/';
+$folderPattern = REGEX_FOLDER_NAME;
 if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
     echo json_encode(["error" => "Invalid source folder name."]);
     exit;
@@ -111,7 +108,7 @@ $srcMetadata = file_exists($srcMetaFile) ? json_decode(file_get_contents($srcMet
 $destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($destMetaFile), true) : [];
 
 $errors = [];
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 foreach ($data['files'] as $fileName) {
     // Save the original name for metadata lookup.

removeChunks.php

@@ -17,9 +17,9 @@ if (!isset($_POST['folder'])) {
     exit;
 }
 
-$folder = $_POST['folder'];
-// Validate the folder name (only alphanumerics, dashes allowed)
-if (!preg_match('/^resumable_[A-Za-z0-9\-]+$/', $folder)) {
+$folder = urldecode($_POST['folder']);
+$regex = "/^resumable_" . PATTERN_FOLDER_NAME . "$/u";  // full regex pattern
+if (!preg_match($regex, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     http_response_code(400);
     exit;

removeUser.php

@@ -30,7 +30,7 @@ if (!$usernameToRemove) {
 }
 
 // Optional: Validate the username format (allow letters, numbers, underscores, dashes, and spaces)
-if (!preg_match('/^[A-Za-z0-9_\- ]+$/', $usernameToRemove)) {
+if (!preg_match(REGEX_USER, $usernameToRemove)) {
     echo json_encode(["error" => "Invalid username format"]);
     exit;
 }

renameFile.php

@@ -40,7 +40,7 @@ if (!$data || !isset($data['folder']) || !isset($data['oldName']) || !isset($dat
 
 $folder = trim($data['folder']) ?: 'root';
 // For subfolders, allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     exit;
 }
@@ -49,7 +49,7 @@ $oldName = basename(trim($data['oldName']));
 $newName = basename(trim($data['newName']));
 
 // Validate file names: allow letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-if (!preg_match('/^[A-Za-z0-9_\-\. \(\)]+$/', $oldName) || !preg_match('/^[A-Za-z0-9_\-\. \(\)]+$/', $newName)) {
+if (!preg_match(REGEX_FILE_NAME, $oldName) || !preg_match(REGEX_FILE_NAME, $newName)) {
     echo json_encode(["error" => "Invalid file name."]);
     exit;
 }

renameFolder.php

@@ -1,9 +1,6 @@
 <?php
 require_once 'config.php';
 header('Content-Type: application/json');
-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Expires: 0");
 
 // Ensure user is authenticated
 if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
@@ -48,7 +45,7 @@ $oldFolder = trim($input['oldFolder']);
 $newFolder = trim($input['newFolder']);
 
 // Validate folder names
-if (!preg_match('/^[A-Za-z0-9_\- \/]+$/', $oldFolder) || !preg_match('/^[A-Za-z0-9_\- \/]+$/', $newFolder)) {
+if (!preg_match(REGEX_FOLDER_NAME, $oldFolder) || !preg_match(REGEX_FOLDER_NAME, $newFolder)) {
     echo json_encode(['success' => false, 'error' => 'Invalid folder name(s).']);
     exit;
 }

restoreFiles.php

@@ -53,7 +53,7 @@ if (!isset($data['files']) || !is_array($data['files'])) {
 }
 
 // Define a safe file name pattern.
-$safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+$safeFileNamePattern = REGEX_FILE_NAME;
 
 $restoredItems = [];
 $errors = [];

saveFile.php

@@ -48,7 +48,7 @@ $folder = isset($data["folder"]) ? trim($data["folder"]) : "root";
 
 // If a subfolder is provided, validate it.
 // Allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if ($folder !== "root" && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== "root" && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name"]);
     exit;
 }

saveFileTag.php

@@ -13,11 +13,21 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 }
 
 // CSRF Protection: validate token from header.
-$headers = getallheaders();
-if (!isset($headers['X-CSRF-Token']) || $headers['X-CSRF-Token'] !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token."]);
-    http_response_code(403);
-    exit;
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
+}
+
+$username = $_SESSION['username'] ?? '';
+$userPermissions = loadUserPermissions($username);
+if ($username) {
+    $userPermissions = loadUserPermissions($username);
+    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
+        echo json_encode(["error" => "Read-only users are not allowed to file tags"]);
+        exit();
+    }
 }
 
 // Retrieve and sanitize input.
@@ -77,7 +87,7 @@ if ($file === "global") {
 }
 
 // Validate folder name.
-if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
     echo json_encode(["error" => "Invalid folder name."]);
     exit;
 }

totp_disable.php

@@ -11,11 +11,11 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 }
 
 // Verify CSRF token from request headers.
-$csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
 if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
-    http_response_code(403);
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    exit;
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 header('Content-Type: application/json');

totp_recover.php

@@ -13,11 +13,11 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 // ——— 2) CSRF check ———
-if (empty($_SERVER['HTTP_X_CSRF_TOKEN']) 
- || $_SERVER['HTTP_X_CSRF_TOKEN'] !== ($_SESSION['csrf_token'] ?? '')) {
-    http_response_code(403);
-    error_log("Invalid CSRF token on recovery for IP {$_SERVER['REMOTE_ADDR']}");
-    exit(json_encode(['status'=>'error','message'=>'Invalid CSRF token']));
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 // ——— 3) Identify user to recover ———
@@ -32,7 +32,7 @@ if (!$userId) {
 }
 
 // ——— Validate userId format ———
-if (!preg_match('/^[A-Za-z0-9_\-]+$/', $userId)) {
+if (!preg_match(REGEX_USER, $userId)) {
     http_response_code(400);
     error_log("Invalid userId format: {$userId}");
     exit(json_encode(['status'=>'error','message'=>'Invalid user identifier']));

totp_saveCode.php

@@ -13,11 +13,11 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 // 2) CSRF check
-if (empty($_SERVER['HTTP_X_CSRF_TOKEN']) 
- || $_SERVER['HTTP_X_CSRF_TOKEN'] !== ($_SESSION['csrf_token'] ?? '')) {
-    http_response_code(403);
-    error_log("totp_saveCode: invalid CSRF token from IP {$_SERVER['REMOTE_ADDR']}");
-    exit(json_encode(['status'=>'error','message'=>'Invalid CSRF token']));
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
 }
 
 // 3) Must be logged in
@@ -29,7 +29,7 @@ if (empty($_SESSION['username'])) {
 
 // 4) Validate username format
 $userId = $_SESSION['username'];
-if (!preg_match('/^[A-Za-z0-9_\-]+$/', $userId)) {
+if (!preg_match(REGEX_USER, $userId)) {
     http_response_code(400);
     error_log("totp_saveCode: invalid username format: {$userId}");
     exit(json_encode(['status'=>'error','message'=>'Invalid user identifier']));

totp_setup.php

@@ -6,19 +6,35 @@ require_once 'config.php';
 
 use Endroid\QrCode\Builder\Builder;
 use Endroid\QrCode\Writer\PngWriter;
-use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
 
-// For debugging purposes, you might enable error reporting temporarily:
-// ini_set('display_errors', 1);
-// error_reporting(E_ALL);
+// Define the respond() helper if not already defined.
+if (!function_exists('respond')) {
+    function respond($status, $code, $message, $data = []) {
+        http_response_code($code);
+        echo json_encode([
+            'status'  => $status,
+            'code'    => $code,
+            'message' => $message,
+            'data'    => $data
+        ]);
+        exit;
+    }
+}
 
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
+// Allow access if the user is authenticated or pending TOTP.
+if (!((isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true) || isset($_SESSION['pending_login_user']))) {
     http_response_code(403);
     exit;
 }
 
-// Verify CSRF token provided as a GET parameter.
-if (!isset($_GET['csrf']) || $_GET['csrf'] !== $_SESSION['csrf_token']) {
+// Retrieve CSRF token from GET parameter or request headers.
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if ($receivedToken !== $_SESSION['csrf_token']) {
+    echo json_encode(["error" => "Invalid CSRF token"]);
     http_response_code(403);
     exit;
 }
@@ -108,7 +124,13 @@ function getGlobalOtpauthUrl() {
     return "";
 }
 
-$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+$tfa = new \RobThree\Auth\TwoFactorAuth(
+    new GoogleChartsQrCodeProvider(), // QR code provider
+    'FileRise',                       // issuer
+    6,                                // number of digits
+    30,                               // period in seconds
+    Algorithm::Sha1                   // enum case from your Algorithm enum
+);
 
 // Retrieve the current TOTP secret for the user.
 $totpSecret = getUserTOTPSecret($username);
@@ -120,8 +142,6 @@ if (!$totpSecret) {
 }
 
 // Determine the otpauth URL to use.
-// If a global OTPAuth URL template is defined, replace placeholders {label} and {secret}.
-// Otherwise, use the default method.
 $globalOtpauthUrl = getGlobalOtpauthUrl();
 if (!empty($globalOtpauthUrl)) {
     $label = "FileRise:" . $username;
@@ -140,7 +160,6 @@ if (!empty($globalOtpauthUrl)) {
 $result = Builder::create()
     ->writer(new PngWriter())
     ->data($otpauthUrl)
-    ->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
     ->build();
 
 header('Content-Type: ' . $result->getMimeType());

totp_verify.php

@@ -8,6 +8,9 @@ require_once 'config.php';
 header('Content-Type: application/json');
 header("Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self';");
 
+use RobThree\Auth\Algorithm;
+use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
+
 try {
     // standardized error helper
     function respond($status, $code, $message, $data = []) {
@@ -54,8 +57,9 @@ try {
         respond('error', 403, 'Not authenticated');
     }
 
-    // CSRF check
-    $csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+    $headers = array_change_key_case(getallheaders(), CASE_LOWER);
+    $csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+    
     if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
         respond('error', 403, 'Invalid CSRF token');
     }
@@ -71,7 +75,13 @@ try {
     if (isset($_SESSION['pending_login_user'])) {
         $username   = $_SESSION['pending_login_user'];
         $totpSecret = $_SESSION['pending_login_secret'];
-        $tfa        = new \RobThree\Auth\TwoFactorAuth('FileRise');
+        $tfa = new \RobThree\Auth\TwoFactorAuth(
+            new GoogleChartsQrCodeProvider(), // QR code provider
+            'FileRise',                       // issuer
+            6,                                // number of digits
+            30,                               // period in seconds
+            Algorithm::Sha1                   // Correct enum case name from your enum
+        );
 
         if (!$tfa->verifyCode($totpSecret, $code)) {
             $_SESSION['totp_failures']++;
@@ -117,7 +127,14 @@ try {
         respond('error', 500, 'TOTP secret not found. Please set up TOTP again.');
     }
 
-    $tfa = new \RobThree\Auth\TwoFactorAuth('FileRise');
+    $tfa = new \RobThree\Auth\TwoFactorAuth(
+        new GoogleChartsQrCodeProvider(), // QR code provider
+        'FileRise',                       // issuer
+        6,                                // number of digits
+        30,                               // period in seconds
+        Algorithm::Sha1                   // Correct enum case name from your enum
+    );
+
     if (!$tfa->verifyCode($totpSecret, $code)) {
         $_SESSION['totp_failures']++;
         respond('error', 400, 'Invalid TOTP code');

updateConfig.php

@@ -33,6 +33,9 @@ if (!is_array($data)) {
     exit;
 }
 
+// Retrieve new header title, sanitize if necessary.
+$headerTitle = isset($data['header_title']) ? trim($data['header_title']) : "";
+
 // Validate and sanitize OIDC configuration.
 $oidc = isset($data['oidc']) ? $data['oidc'] : [];
 $oidcProviderUrl = isset($oidc['providerUrl']) ? filter_var($oidc['providerUrl'], FILTER_SANITIZE_URL) : '';
@@ -54,8 +57,9 @@ $disableOIDCLogin = isset($data['disableOIDCLogin']) ? filter_var($data['disable
 // Retrieve the global OTPAuth URL (new field). If not provided, default to an empty string.
 $globalOtpauthUrl = isset($data['globalOtpauthUrl']) ? trim($data['globalOtpauthUrl']) : "";
 
-// Prepare configuration array.
+// Prepare configuration array including the header title.
 $configUpdate = [
+    'header_title' => $headerTitle,  // New field for the header title
     'oidc' => [
         'providerUrl'  => $oidcProviderUrl,
         'clientId'     => $oidcClientId,
@@ -79,15 +83,10 @@ $encryptedContent = encryptData($plainTextConfig, $encryptionKey);
 
 // Attempt to write the new configuration.
 if (file_put_contents($configFile, $encryptedContent, LOCK_EX) === false) {
-    // Log the error.
     error_log("updateConfig.php: Initial write failed, attempting to delete the old configuration file.");
-    
-    // Delete the old file.
     if (file_exists($configFile)) {
         unlink($configFile);
     }
-    
-    // Try writing again.
     if (file_put_contents($configFile, $encryptedContent, LOCK_EX) === false) {
         error_log("updateConfig.php: Failed to write configuration even after deletion.");
         http_response_code(500);

updateUserPermissions.php

@@ -40,16 +40,39 @@ if (file_exists($permissionsFile)) {
     $existingPermissions = [];
 }
 
+// Load user roles from the users file (similar to getUsers.php)
+$usersFile = USERS_DIR . USERS_FILE;
+$userRoles = [];
+if (file_exists($usersFile)) {
+    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+    foreach ($lines as $line) {
+        $parts = explode(':', trim($line));
+        if (count($parts) >= 3) {
+            // Validate username format:
+            if (preg_match(REGEX_USER, $parts[0])) {
+                // Use a lowercase key for consistency.
+                $userRoles[strtolower($parts[0])] = trim($parts[2]);
+            }
+        }
+    }
+}
+
 // Loop through each permission update.
 foreach ($permissions as $perm) {
     // Ensure username is provided.
     if (!isset($perm['username'])) continue;
     $username = $perm['username'];
+    
+    // Look up the user's role from the users file.
+    $role = isset($userRoles[strtolower($username)]) ? $userRoles[strtolower($username)] : null;
+    
     // Skip updating permissions for admin users.
-    if (strtolower($username) === "admin") continue;
+    if ($role === "1") {
+        continue;
+    }
     
     // Update permissions: default any missing value to false.
-    $existingPermissions[$username] = [
+    $existingPermissions[strtolower($username)] = [
         'folderOnly'    => isset($perm['folderOnly']) ? (bool)$perm['folderOnly'] : false,
         'readOnly'      => isset($perm['readOnly']) ? (bool)$perm['readOnly'] : false,
         'disableUpload' => isset($perm['disableUpload']) ? (bool)$perm['disableUpload'] : false

upload.php

@@ -65,14 +65,16 @@ if (isset($_POST['resumableChunkNumber'])) {
     $resumableFilename   = $_POST['resumableFilename'];
     
 
-if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
-    http_response_code(400); // Set an error HTTP status code
+// First, strip directory components.
+$resumableFilename = urldecode(basename($_POST['resumableFilename']));
+if (!preg_match(REGEX_FILE_NAME, $resumableFilename)) {
+    http_response_code(400);
     echo json_encode(["error" => "Invalid file name: " . $resumableFilename]);
     exit;
 }
     
     $folder = isset($_POST['folder']) ? trim($_POST['folder']) : 'root';
-    if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+    if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
         echo json_encode(["error" => "Invalid folder name"]);
         exit;
     }
@@ -173,7 +175,7 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
     // ------------- Full Upload (Non-chunked) -------------
     // Validate folder name input.
     $folder = isset($_POST['folder']) ? trim($_POST['folder']) : 'root';
-    if ($folder !== 'root' && !preg_match('/^[A-Za-z0-9_\- \/]+$/', $folder)) {
+    if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
         echo json_encode(["error" => "Invalid folder name"]);
         exit;
     }
@@ -195,10 +197,12 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
     $metadataCollection = []; // key: folder path, value: metadata array
     $metadataChanged = [];    // key: folder path, value: boolean
     
-    $safeFileNamePattern = '/^[A-Za-z0-9_\-\.\(\) ]+$/';
+    // Use a Unicode-enabled pattern to allow special characters.
+    $safeFileNamePattern = REGEX_FILE_NAME;
     
     foreach ($_FILES["file"]["name"] as $index => $fileName) {
-        $safeFileName = basename($fileName);
+        // First, ensure we only work with the base filename to avoid traversal issues.
+        $safeFileName = trim(urldecode(basename($fileName)));
         if (!preg_match($safeFileNamePattern, $safeFileName)) {
             echo json_encode(["error" => "Invalid file name: " . $fileName]);
             exit;
@@ -224,6 +228,7 @@ if (!preg_match('/^[A-Za-z0-9_\-\.\(\) ]+$/', $resumableFilename)) {
                 $uploadDir = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR 
                             . str_replace('/', DIRECTORY_SEPARATOR, $folderPath) . DIRECTORY_SEPARATOR;
             }
+            // Reapply basename to the relativePath to get the final safe file name.
             $safeFileName = basename($relativePath);
         }
         // --- End Minimal Folder/Subfolder Logic ---

uploadToSharedFolder.php

@@ -109,8 +109,6 @@ if (!move_uploaded_file($fileUpload['tmp_name'], $targetPath)) {
 }
 
 // --- Metadata Update for Shared Upload ---
-// We want to update metadata similarly to your normal upload.
-// Determine a key for metadata storage for the folder.
 $metadataKey = ($folder === '' || $folder === 'root') ? "root" : $folder;
 // Sanitize the metadata file name.
 $metadataFileName = str_replace(['/', '\\', ' '], '-', $metadataKey) . '_metadata.json';