Add CLAUDE.md with comprehensive codebase documentation

Added detailed guidance for Claude Code including: - Project overview and tech stack - Development setup instructions - Architecture and directory structure - ACL system and metadata patterns - Common development tasks - Code conventions and security requirements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
chore(release): set APP_VERSION to v2.3.6 [skip ci]
2025-12-07 01:17:05 +00:00 · 2025-12-06 11:22:31 +00:00 · 2025-12-06 06:22:20 -05:00 · 2025-12-06 09:02:26 +00:00 · 2025-12-06 04:02:14 -05:00 · 2025-12-05 05:29:00 -05:00
337 changed files with 58826 additions and 14828 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,20 @@
+# dockerignore
+
+.git
+.gitignore
+.github
+.github/**
+Dockerfile*
+resources/
+node_modules/
+*.log
+tmp/
+.env
+.vscode/
+.DS_Store
+data/
+uploads/
+users/
+metadata/
+sessions/
+vendor/
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,40 @@
+# --- Docs that shouldn't count toward code stats
+public/api.php            linguist-documentation
+public/openapi.json       linguist-documentation
+openapi.json.dist         linguist-documentation
+SECURITY.md               linguist-documentation
+CHANGELOG.md              linguist-documentation
+CONTRIBUTING.md           linguist-documentation
+CODE_OF_CONDUCT.md        linguist-documentation
+LICENSE                   linguist-documentation
+README.md                 linguist-documentation
+
+# --- Vendored/minified stuff: exclude from Linguist
+public/vendor/**          linguist-vendored
+public/css/vendor/**      linguist-vendored
+public/fonts/**           linguist-vendored
+public/js/**/*.min.js     linguist-vendored
+public/**/*.min.css       linguist-vendored
+public/**/*.map           linguist-generated
+
+# --- Treat assets as binary (nicer diffs)
+*.png   -diff
+*.jpg   -diff
+*.jpeg  -diff
+*.gif   -diff
+*.webp  -diff
+*.svg   -diff
+*.ico   -diff
+*.woff  -diff
+*.woff2 -diff
+*.ttf   -diff
+*.otf   -diff
+*.zip   -diff
+
+# --- Keep these out of auto-generated source archives (OK to ignore)
+# Only ignore things you *never* need in release tarballs
+.github/           export-ignore
+resources/         export-ignore
+
+# --- Normalize text files
+* text=auto
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+---
+github: [error311]
+ko_fi: error311
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,92 @@
+---
+name: CI
+"on":
+  push:
+    branches: [master, main]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: ['8.1', '8.2', '8.3']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          coverage: none
+      - name: Validate composer.json (if present)
+        run: |
+          if [ -f composer.json ]; then composer validate --no-check-publish; fi
+      - name: Composer audit (if lock present)
+        run: |
+          if [ -f composer.lock ]; then composer audit || true; fi
+      - name: PHP syntax check
+        run: |
+          set -e
+          mapfile -t files < <(git ls-files '*.php')
+          if [ "${#files[@]}" -gt 0 ]; then
+            for f in "${files[@]}"; do php -l "$f"; done
+          else
+            echo "No PHP files found."
+          fi
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo apt-get update && sudo apt-get install -y shellcheck
+      - name: ShellCheck all scripts
+        run: |
+          set -e
+          mapfile -t sh < <(git ls-files '*.sh')
+          if [ "${#sh[@]}" -gt 0 ]; then
+            shellcheck "${sh[@]}"
+          else
+            echo "No shell scripts found."
+          fi
+
+  dockerfile-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Lint Dockerfile with hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          failure-threshold: error
+          ignore: DL3008,DL3059
+
+  sanity:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo apt-get update && sudo apt-get install -y jq yamllint
+      - name: Lint JSON
+        run: |
+          set -e
+          mapfile -t jsons < <(git ls-files '*.json' ':!:vendor/**')
+          if [ "${#jsons[@]}" -gt 0 ]; then
+            for j in "${jsons[@]}"; do jq -e . "$j" >/dev/null; done
+          else
+            echo "No JSON files."
+          fi
+      - name: Lint YAML
+        run: |
+          set -e
+          mapfile -t yamls < <(git ls-files '*.yml' '*.yaml')
+          if [ "${#yamls[@]}" -gt 0 ]; then
+            yamllint -d "{extends: default, rules: {line-length: disable, truthy: {check-keys: false}}}" "${yamls[@]}"
+          else
+            echo "No YAML files."
+          fi
--- a/.github/workflows/release-on-version.yml
+++ b/.github/workflows/release-on-version.yml
@@ -0,0 +1,271 @@
+---
+name: Release on version.js update
+
+on:
+  workflow_run:
+    workflows: ["Bump version and sync Changelog to Docker Repo"]
+    types: [completed]
+    branches: [master]
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "Ref (branch/sha) to build from (default: master)"
+        required: false
+      version:
+        description: "Explicit version tag to release (e.g., v1.8.12). If empty, parse from public/js/version.js."
+        required: false
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'workflow_dispatch'
+
+    concurrency:
+      group: release-${{ github.event_name }}-${{ github.run_id }}
+      cancel-in-progress: false
+
+    steps:
+      - name: Resolve source ref
+        id: pickref
+        shell: bash
+        run: |
+          set -euo pipefail
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            if [[ -n "${{ github.event.inputs.ref }}" ]]; then
+              REF_IN="${{ github.event.inputs.ref }}"
+            else
+              REF_IN="master"
+            fi
+            if git ls-remote --exit-code --heads https://github.com/${{ github.repository }}.git "$REF_IN" >/dev/null 2>&1; then
+              REF="$REF_IN"
+            else
+              REF="$REF_IN"
+            fi
+          else
+            REF="${{ github.sha }}"
+          fi
+          echo "ref=$REF" >> "$GITHUB_OUTPUT"
+          echo "Using ref=$REF"
+
+      - name: Checkout chosen ref (full history + tags, no persisted token)
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.pickref.outputs.ref }}
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Determine version
+        id: ver
+        shell: bash
+        run: |
+          set -euo pipefail
+          if [[ -n "${{ github.event.inputs.version || '' }}" ]]; then
+            VER="${{ github.event.inputs.version }}"
+          else
+            if [[ ! -f public/js/version.js ]]; then
+              echo "public/js/version.js not found; cannot auto-detect version." >&2
+              exit 1
+            fi
+            VER="$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/")"
+            if [[ -z "$VER" ]]; then
+              echo "Could not parse APP_VERSION from public/js/version.js" >&2
+              exit 1
+            fi
+          fi
+          echo "version=$VER" >> "$GITHUB_OUTPUT"
+          echo "Detected version: $VER"
+
+      - name: Skip if tag already exists
+        id: tagcheck
+        shell: bash
+        run: |
+          set -euo pipefail
+          if git rev-parse -q --verify "refs/tags/${{ steps.ver.outputs.version }}" >/dev/null; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+            echo "Tag ${{ steps.ver.outputs.version }} already exists. Skipping release."
+          else
+            echo "exists=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Prepare stamp script
+        if: steps.tagcheck.outputs.exists == 'false'
+        shell: bash
+        run: |
+          set -euo pipefail
+          sed -i 's/\r$//' scripts/stamp-assets.sh || true
+          chmod +x scripts/stamp-assets.sh
+
+      - name: Build stamped staging tree
+        if: steps.tagcheck.outputs.exists == 'false'
+        shell: bash
+        run: |
+          set -euo pipefail
+          VER="${{ steps.ver.outputs.version }}"
+          rm -rf staging
+          rsync -a \
+            --exclude '.git' --exclude '.github' \
+            --exclude 'resources' \
+            --exclude '.dockerignore' --exclude '.gitattributes' --exclude '.gitignore' \
+            ./ staging/
+          bash ./scripts/stamp-assets.sh "${VER}" "$(pwd)/staging"
+
+      # --- PHP + Composer for vendor/ (production) ---
+      - name: Setup PHP
+        if: steps.tagcheck.outputs.exists == 'false'
+        id: php
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          tools: composer:v2
+          extensions: mbstring, json, curl, dom, fileinfo, openssl, zip
+          coverage: none
+          ini-values: memory_limit=-1
+
+      - name: Cache Composer downloads
+        if: steps.tagcheck.outputs.exists == 'false'
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.composer/cache
+            ~/.cache/composer
+          key: composer-${{ runner.os }}-php-${{ steps.php.outputs.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            composer-${{ runner.os }}-php-${{ steps.php.outputs.php-version }}-
+
+      - name: Install PHP dependencies into staging
+        if: steps.tagcheck.outputs.exists == 'false'
+        env:
+          COMPOSER_MEMORY_LIMIT: -1
+        shell: bash
+        run: |
+          set -euo pipefail
+          pushd staging >/dev/null
+          if [[ -f composer.json ]]; then
+            composer install \
+              --no-dev \
+              --prefer-dist \
+              --no-interaction \
+              --no-progress \
+              --optimize-autoloader \
+              --classmap-authoritative
+            test -f vendor/autoload.php || (echo "Composer install did not produce vendor/autoload.php" >&2; exit 1)
+          else
+            echo "No composer.json in staging; skipping vendor install."
+          fi
+          popd >/dev/null
+      # --- end Composer ---
+
+      - name: Verify placeholders removed (skip vendor/)
+        if: steps.tagcheck.outputs.exists == 'false'
+        shell: bash
+        run: |
+          set -euo pipefail
+          ROOT="$(pwd)/staging"
+          if grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \
+              --exclude-dir=vendor --exclude-dir=vendor-bin \
+              --include='*.html' --include='*.php' --include='*.css' --include='*.js' 2>/dev/null; then
+            echo "Unreplaced placeholders found in staging." >&2
+            exit 1
+          fi
+          echo "OK: No unreplaced placeholders."
+
+      - name: Zip artifact (includes vendor/)
+        if: steps.tagcheck.outputs.exists == 'false'
+        shell: bash
+        run: |
+          set -euo pipefail
+          VER="${{ steps.ver.outputs.version }}"
+          (cd staging && zip -r "../FileRise-${VER}.zip" . >/dev/null)
+
+      - name: Compute SHA-256
+        if: steps.tagcheck.outputs.exists == 'false'
+        id: sum
+        shell: bash
+        run: |
+          set -euo pipefail
+          ZIP="FileRise-${{ steps.ver.outputs.version }}.zip"
+          SHA=$(shasum -a 256 "$ZIP" | awk '{print $1}')
+          echo "$SHA  $ZIP" > "${ZIP}.sha256"
+          echo "sha=$SHA" >> "$GITHUB_OUTPUT"
+          echo "Computed SHA-256: $SHA"
+
+      - name: Extract notes from CHANGELOG (optional)
+        if: steps.tagcheck.outputs.exists == 'false'
+        id: notes
+        shell: bash
+        run: |
+          set -euo pipefail
+          NOTES_PATH=""
+          if [[ -f CHANGELOG.md ]]; then
+            awk '
+              BEGIN{found=0}
+              /^## / && !found {found=1}
+              found && /^---$/ {exit}
+              found {print}
+            ' CHANGELOG.md > CHANGELOG_SNIPPET.md || true
+            sed -i -e :a -e '/^\n*$/{$d;N;ba' -e '}' CHANGELOG_SNIPPET.md || true
+            if [[ -s CHANGELOG_SNIPPET.md ]]; then
+              NOTES_PATH="CHANGELOG_SNIPPET.md"
+            fi
+          fi
+          echo "path=$NOTES_PATH" >> "$GITHUB_OUTPUT"
+
+      - name: Compute previous tag (for Full Changelog link)
+        if: steps.tagcheck.outputs.exists == 'false'
+        id: prev
+        shell: bash
+        run: |
+          set -euo pipefail
+          VER="${{ steps.ver.outputs.version }}"
+          PREV=$(git tag --list "v*" --sort=-v:refname | grep -v -F "$VER" | head -n1 || true)
+          if [[ -z "$PREV" ]]; then
+            PREV=$(git rev-list --max-parents=0 HEAD | tail -n1)
+          fi
+          echo "prev=$PREV" >> "$GITHUB_OUTPUT"
+          echo "Previous tag/baseline: $PREV"
+
+      - name: Build release body
+        if: steps.tagcheck.outputs.exists == 'false'
+        shell: bash
+        run: |
+          set -euo pipefail
+          VER="${{ steps.ver.outputs.version }}"
+          PREV="${{ steps.prev.outputs.prev }}"
+          REPO="${GITHUB_REPOSITORY}"
+          COMPARE_URL="https://github.com/${REPO}/compare/${PREV}...${VER}"
+          ZIP="FileRise-${VER}.zip"
+          SHA="${{ steps.sum.outputs.sha }}"
+          {
+            echo
+            if [[ -s CHANGELOG_SNIPPET.md ]]; then
+              cat CHANGELOG_SNIPPET.md
+              echo
+            fi
+            echo "## ${VER}"
+            echo "### Full Changelog"
+            echo "[${PREV} → ${VER}](${COMPARE_URL})"
+            echo
+            echo "### SHA-256 (zip)"
+            echo '```'
+            echo "${SHA}  ${ZIP}"
+            echo '```'
+          } > RELEASE_BODY.md
+          sed -n '1,200p' RELEASE_BODY.md
+
+      - name: Create GitHub Release
+        if: steps.tagcheck.outputs.exists == 'false'
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.ver.outputs.version }}
+          target_commitish: ${{ steps.pickref.outputs.ref }}
+          name: ${{ steps.ver.outputs.version }}
+          body_path: RELEASE_BODY.md
+          generate_release_notes: false
+          files: |
+            FileRise-${{ steps.ver.outputs.version }}.zip
+            FileRise-${{ steps.ver.outputs.version }}.zip.sha256
--- a/.github/workflows/sync-changelog.yml
+++ b/.github/workflows/sync-changelog.yml
@@ -0,0 +1,115 @@
+---
+name: Bump version and sync Changelog to Docker Repo
+
+on:
+  push:
+    paths:
+      - "CHANGELOG.md"
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+
+concurrency:
+  group: bump-and-sync-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  bump_and_sync:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout FileRise
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref }}
+
+      - name: Extract version from commit message
+        id: ver
+        shell: bash
+        run: |
+          set -euo pipefail
+          MSG="${{ github.event.head_commit.message }}"
+          if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\) ]]; then
+            echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
+            echo "Found version: ${BASH_REMATCH[1]}"
+          else
+            echo "version=" >> "$GITHUB_OUTPUT"
+            echo "No release(vX.Y.Z) tag in commit message; skipping bump."
+          fi
+
+      # Ensure we're on the branch and up to date BEFORE modifying files
+      - name: Ensure clean branch (no local mods), update from remote
+        if: steps.ver.outputs.version != ''
+        shell: bash
+        run: |
+          set -euo pipefail
+          # Be on a named branch that tracks the remote
+          git checkout -B "${{ github.ref_name }}" --track "origin/${{ github.ref_name }}" || git checkout -B "${{ github.ref_name }}"
+          # Make sure the worktree is clean
+          if ! git diff --quiet || ! git diff --cached --quiet; then
+            echo "::error::Working tree not clean before update. Aborting."
+            git status --porcelain
+            exit 1
+          fi
+          # Update branch
+          git pull --rebase origin "${{ github.ref_name }}"
+
+      - name: Update public/js/version.js (source of truth)
+        if: steps.ver.outputs.version != ''
+        shell: bash
+        run: |
+          set -euo pipefail
+          cat > public/js/version.js <<'EOF'
+          // generated by CI
+          window.APP_VERSION = '${{ steps.ver.outputs.version }}';
+          EOF
+
+      - name: Commit version.js only
+        if: steps.ver.outputs.version != ''
+        shell: bash
+        run: |
+          set -euo pipefail
+          git config user.name  "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add public/js/version.js
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "chore(release): set APP_VERSION to ${{ steps.ver.outputs.version }} [skip ci]"
+            git push origin "${{ github.ref_name }}"
+          fi
+
+      - name: Checkout filerise-docker
+        if: steps.ver.outputs.version != ''
+        uses: actions/checkout@v4
+        with:
+          repository: error311/filerise-docker
+          token: ${{ secrets.PAT_TOKEN }}
+          path: docker-repo
+          fetch-depth: 0
+
+      - name: Copy CHANGELOG.md and write VERSION
+        if: steps.ver.outputs.version != ''
+        shell: bash
+        run: |
+          set -euo pipefail
+          cp CHANGELOG.md docker-repo/CHANGELOG.md
+          echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION
+
+      - name: Commit & push to docker repo
+        if: steps.ver.outputs.version != ''
+        working-directory: docker-repo
+        shell: bash
+        run: |
+          set -euo pipefail
+          git config user.name  "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add CHANGELOG.md VERSION
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "chore: sync CHANGELOG.md + VERSION (${{ steps.ver.outputs.version }}) from FileRise"
+            git push origin main
+          fi
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/data/
--- a/.htaccess
+++ b/.htaccess
@@ -1,75 +0,0 @@
-# -----------------------------
-# 1) Prevent directory listings
-# -----------------------------
-Options -Indexes
-
-# -----------------------------
-# Default index files
-# -----------------------------
-DirectoryIndex index.html
-
-# -----------------------------
-# Deny access to hidden files
-# -----------------------------
-<FilesMatch "^\.">
-  Require all denied
-</FilesMatch>
-
-# -----------------------------
-# Enforce HTTPS (optional)
-# -----------------------------
-RewriteEngine On
-#RewriteCond %{HTTPS} off
-#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
-<IfModule mod_headers.c>
-    # Allow requests from a specific origin
-    #Header set Access-Control-Allow-Origin "https://demo.filerise.net"
-    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
-    Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, X-CSRF-Token"
-    Header set Access-Control-Allow-Credentials "true"
-</IfModule>
-
-<IfModule mod_headers.c>
-  # Prevent clickjacking
-  Header always set X-Frame-Options "SAMEORIGIN"
-  # Block XSS
-  Header always set X-XSS-Protection "1; mode=block"
-  # No MIME sniffing
-  Header always set X-Content-Type-Options "nosniff"
-</IfModule>
-
-<IfModule mod_headers.c>
-  # HTML: always revalidate
-  <FilesMatch "\.(html|htm)$">
-    Header set Cache-Control "no-cache, no-store, must-revalidate"
-    Header set Pragma "no-cache"
-    Header set Expires "0"
-  </FilesMatch>
-  # JS/CSS: short‑term cache, revalidate regularly
-  <FilesMatch "\.(js|css)$">
-    Header set Cache-Control "public, max-age=3600, must-revalidate"
-  </FilesMatch>
-</IfModule>
-
-# -----------------------------
-# Additional Security Headers
-# -----------------------------
-<IfModule mod_headers.c>
-    # Enforce HTTPS for a year with subdomains and preload option.
-    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-    # Set a Referrer Policy.
-    Header always set Referrer-Policy "strict-origin-when-cross-origin"
-    # Permissions Policy: disable features you don't need.
-    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
-    # IE-specific header to prevent downloads from opening in IE.
-    Header always set X-Download-Options "noopen"
-    # Expect-CT header for Certificate Transparency (optional).
-    Header always set Expect-CT "max-age=86400, enforce"
-</IfModule>
-
-# -----------------------------
-# Disable TRACE method
-# -----------------------------
-RewriteCond %{REQUEST_METHOD} ^TRACE
-RewriteRule .* - [F]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,288 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+FileRise is a self-hosted web file manager / WebDAV server built with PHP 8.3+. It provides drag-and-drop uploads, granular ACL-based permissions, ONLYOFFICE integration, WebDAV support, and OIDC authentication. No external database is required - all data is stored in JSON files.
+
+**Tech Stack:**
+- Backend: PHP 8.3+ (no framework)
+- Frontend: Vanilla JavaScript, Bootstrap 4.5.2
+- WebDAV: sabre/dav
+- Dependencies: Composer (see composer.json)
+
+## Development Setup
+
+### Running Locally (Docker - Recommended)
+
+```bash
+docker compose up -d
+```
+
+The docker-compose.yml file is configured for development. FileRise will be available at http://localhost:8080.
+
+### Running with PHP Built-in Server
+
+1. Install dependencies:
+```bash
+composer install
+```
+
+2. Create required directories:
+```bash
+mkdir -p uploads users metadata
+chmod -R 775 uploads users metadata
+```
+
+3. Set environment variables and start:
+```bash
+export TIMEZONE="America/New_York"
+export TOTAL_UPLOAD_SIZE="10G"
+export SECURE="false"
+export PERSISTENT_TOKENS_KEY="dev_key_please_change"
+php -S localhost:8080 -t public/
+```
+
+## Architecture
+
+### Directory Structure
+
+```
+FileRise/
+├── config/
+│   └── config.php              # Global configuration, session handling, encryption
+├── src/
+│   ├── controllers/            # Business logic for each feature area
+│   │   ├── FileController.php  # File operations (download, preview, share)
+│   │   ├── FolderController.php # Folder operations (create, move, copy, delete)
+│   │   ├── UserController.php  # User management
+│   │   ├── AuthController.php  # Authentication (login, OIDC, TOTP)
+│   │   ├── AdminController.php # Admin panel operations
+│   │   ├── AclAdminController.php # ACL management
+│   │   ├── UploadController.php # File upload handling
+│   │   ├── MediaController.php # Media preview/streaming
+│   │   ├── OnlyOfficeController.php # ONLYOFFICE document editing
+│   │   └── PortalController.php # Client portal (Pro feature)
+│   ├── models/                 # Data access layer
+│   │   ├── UserModel.php
+│   │   ├── FolderModel.php
+│   │   ├── FolderMeta.php
+│   │   ├── MediaModel.php
+│   │   └── AdminModel.php
+│   ├── lib/                    # Core libraries
+│   │   ├── ACL.php            # Central ACL enforcement (read, write, upload, share, etc.)
+│   │   └── FS.php             # Filesystem utilities and safety checks
+│   ├── webdav/                # WebDAV implementation (using sabre/dav)
+│   │   ├── FileRiseFile.php
+│   │   ├── FileRiseDirectory.php
+│   │   └── CurrentUser.php
+│   ├── cli/                   # CLI utilities
+│   └── openapi/               # OpenAPI spec generation
+├── public/                    # Web root (served by Apache/Nginx)
+│   ├── index.html            # Main SPA entry point
+│   ├── api.php               # API documentation viewer
+│   ├── webdav.php            # WebDAV endpoint
+│   ├── api/                  # API endpoints (called by frontend)
+│   │   ├── *.php            # Individual API endpoints
+│   │   └── pro/             # Pro-only API endpoints
+│   ├── js/                   # Frontend JavaScript
+│   ├── css/                  # Stylesheets
+│   ├── vendor/               # Client-side libraries (Bootstrap, CodeMirror, etc.)
+│   └── .htaccess             # Apache rewrite rules
+├── scripts/
+│   └── scan_uploads.php      # CLI tool to rebuild metadata from filesystem
+├── uploads/                   # User file storage (created at runtime)
+├── users/                     # User data, permissions, tokens (created at runtime)
+└── metadata/                  # File metadata, tags, shares, ACLs (created at runtime)
+```
+
+### Key Architectural Patterns
+
+#### 1. ACL System (src/lib/ACL.php)
+
+The ACL class is the **single source of truth** for all permission checks. It manages folder-level permissions with inheritance:
+
+- **Buckets**: owners, read, write, share, read_own, create, upload, edit, rename, copy, move, delete, extract, share_file, share_folder
+- **Enforcement**: All controllers MUST call ACL methods (e.g., `ACL::canRead()`, `ACL::canWrite()`) before performing operations
+- **Storage**: Permissions stored in `metadata/folder_acl.json`
+- **Inheritance**: When a user is granted permissions on a folder, they typically have access to subfolders unless explicitly restricted
+
+#### 2. Metadata System
+
+FileRise stores metadata in JSON files rather than a database:
+
+- **Per-folder metadata**: `metadata/{folder_key}_metadata.json`
+  - Root folder: `root_metadata.json`
+  - Subfolder "invoices/2025": `invoices-2025_metadata.json` (slashes/spaces replaced with hyphens)
+- **Global metadata**:
+  - `users/users.txt` - User credentials (bcrypt hashed)
+  - `users/userPermissions.json` - Per-user settings (encrypted)
+  - `users/persistent_tokens.json` - "Remember me" tokens (encrypted)
+  - `users/adminConfig.json` - Admin settings (encrypted)
+  - `metadata/folder_acl.json` - All ACL rules
+  - `metadata/folder_owners.json` - Folder ownership tracking
+
+#### 3. Encryption
+
+Sensitive data is encrypted using AES-256-CBC with the `PERSISTENT_TOKENS_KEY` environment variable:
+- Functions: `encryptData()` and `decryptData()` in config/config.php
+- Encrypted files: userPermissions.json, persistent_tokens.json, adminConfig.json, proLicense.json
+
+#### 4. Session Management
+
+- PHP sessions with configurable lifetime (default: 2 hours)
+- "Remember me" tokens stored separately with 30-day expiry
+- Session regeneration on login to prevent fixation attacks
+- Proxy authentication bypass mode (AUTH_BYPASS) for SSO integration
+
+#### 5. WebDAV Integration
+
+The WebDAV endpoint (`public/webdav.php`) uses sabre/dav with custom node classes:
+- `FileRiseFile` and `FileRiseDirectory` in `src/webdav/`
+- **All WebDAV operations respect ACL rules** via the same ACL class
+- Authentication via HTTP Basic Auth or proxy headers
+
+#### 6. Pro Features
+
+FileRise has a Pro version with additional features loaded dynamically:
+- Pro bundle located in `users/pro/` (configurable via FR_PRO_BUNDLE_DIR)
+- Bootstrap file: `users/pro/bootstrap_pro.php`
+- License validation sets FR_PRO_ACTIVE constant
+- Pro endpoints in `public/api/pro/`
+
+## Common Development Tasks
+
+### Testing ACL Changes
+
+When modifying ACL logic:
+
+1. Test with multiple user roles (admin, regular user, restricted user)
+2. Verify both UI and WebDAV respect the same rules
+3. Check inheritance behavior for nested folders
+4. Test edge cases: root folder, trash folder, special characters in paths
+
+### Adding New API Endpoints
+
+1. Create endpoint file in `public/api/` (e.g., `public/api/myFeature.php`)
+2. Include config: `require_once __DIR__ . '/../../config/config.php';`
+3. Check authentication: `if (empty($_SESSION['authenticated'])) { /* return 401 */ }`
+4. Perform ACL checks using `ACL::can*()` methods before operations
+5. Return JSON: `header('Content-Type: application/json'); echo json_encode($response);`
+
+### Working with Metadata
+
+Reading folder metadata:
+```php
+require_once PROJECT_ROOT . '/src/models/FolderModel.php';
+$meta = FolderModel::getFolderMeta($folderKey); // e.g., "root" or "invoices/2025"
+```
+
+Writing folder metadata:
+```php
+FolderModel::saveFolderMeta($folderKey, $metaArray);
+```
+
+### Rebuilding Metadata from Filesystem
+
+If files are added/removed outside FileRise:
+
+```bash
+php scripts/scan_uploads.php
+```
+
+This rebuilds all `*_metadata.json` files by scanning the uploads directory.
+
+### Running in Docker
+
+The Dockerfile and start.sh handle:
+- Setting PHP configuration (upload limits, timezone)
+- Running scan_uploads.php if SCAN_ON_START=true
+- Fixing permissions if CHOWN_ON_START=true
+- Starting Apache
+
+Environment variables are processed in config/config.php (falls back to constants if not set).
+
+## Code Conventions
+
+### File Organization
+
+- Controllers handle HTTP requests and orchestrate business logic
+- Models handle data persistence (JSON file I/O)
+- ACL class is the **only** place for permission logic - never duplicate ACL checks
+- FS class provides filesystem utilities and path safety checks
+
+### Security Requirements
+
+- **Always validate user input** - use regex patterns from config.php (REGEX_FILE_NAME, REGEX_FOLDER_NAME)
+- **Always check ACLs** before file/folder operations
+- **Always use FS::safeReal()** to prevent path traversal via symlinks
+- **Never trust client-provided paths** - validate and sanitize all paths
+- **Use CSRF tokens** for state-changing operations (token in $_SESSION['csrf_token'])
+- **Sanitize output** when rendering user content (especially in previews)
+
+### Error Handling
+
+- Return appropriate HTTP status codes (401 Unauthorized, 403 Forbidden, 404 Not Found, 500 Internal Server Error)
+- Log errors using `error_log()` for debugging
+- Return user-friendly JSON error messages
+
+### Path Handling
+
+- Use DIRECTORY_SEPARATOR for cross-platform compatibility
+- Always normalize folder keys with `ACL::normalizeFolder()`
+- Convert between absolute paths and folder keys consistently:
+  - Absolute: `/var/www/uploads/invoices/2025/`
+  - Folder key: `invoices/2025` (relative to uploads, forward slashes)
+  - Root folder key: `root`
+
+## Testing
+
+FileRise does not currently have automated tests. When making changes:
+
+1. Test manually in browser UI
+2. Test WebDAV operations (if applicable)
+3. Test with different user permission levels
+4. Test ACL inheritance behavior
+5. Check error cases (invalid input, insufficient permissions, missing files)
+
+## CI/CD
+
+GitHub Actions workflows (in `.github/workflows/`):
+- `ci.yml` - Basic CI checks
+- `release-on-version.yml` - Automated releases when version changes
+- `sync-changelog.yml` - Changelog synchronization
+
+## Important Notes
+
+- **No ORM/framework**: This is vanilla PHP - all database operations are manual JSON file I/O
+- **Session-based auth**: Not JWT - sessions stored server-side, persistent tokens for "remember me"
+- **Metadata consistency**: If you modify files directly, run scan_uploads.php to rebuild metadata
+- **ACL is central**: Never bypass ACL checks - all file operations must go through ACL validation
+- **Encryption key**: PERSISTENT_TOKENS_KEY must be set in production (default is insecure)
+- **Pro features**: Some functionality is dynamically loaded from the Pro bundle - check FR_PRO_ACTIVE before calling Pro code
+
+## Performance Considerations
+
+- FileRise is designed to scale to **100k+ folders** in the sidebar tree
+- Metadata files are loaded on-demand (not all at once)
+- Large directory scans use scandir() with filtering - avoid recursive operations when possible
+- WebDAV PROPFIND operations should be optimized (limit depth)
+
+## Debugging
+
+Enable PHP error reporting in development:
+```php
+ini_set('display_errors', '1');
+error_reporting(E_ALL);
+```
+
+Check logs:
+- Apache error log: `/var/log/apache2/error.log` (or similar)
+- PHP error_log() output: check Docker logs with `docker logs filerise`
+
+## Documentation
+
+- Main docs: GitHub Wiki at https://github.com/error311/FileRise/wiki
+- API docs: Available at `/api.php` when logged in (Redoc interface)
+- OpenAPI spec: `openapi.json.dist`
--- a/145
+++ b/145
@@ -0,0 +1,145 @@
+# syntax=docker/dockerfile:1.4
+
+#############################
+# Source Stage – copy your FileRise app
+#############################
+FROM ubuntu:24.04 AS appsource
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends ca-certificates && \
+    rm -rf /var/lib/apt/lists/*  # clean up apt cache
+
+RUN mkdir -p /var/www && rm -f /var/www/html/index.html
+COPY . /var/www
+
+#############################
+# Composer Stage – install PHP dependencies
+#############################
+FROM composer:2 AS composer
+WORKDIR /app
+COPY --from=appsource /var/www/composer.json /var/www/composer.lock ./
+RUN composer install --no-dev --optimize-autoloader  # production-ready autoloader
+
+#############################
+# Final Stage – runtime image
+#############################
+FROM ubuntu:24.04
+LABEL by=error311
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    HOME=/root \
+    LC_ALL=C.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 TERM=xterm \
+    UPLOAD_MAX_FILESIZE=5G POST_MAX_SIZE=5G TOTAL_UPLOAD_SIZE=5G \
+    PERSISTENT_TOKENS_KEY=default_please_change_this_key \
+    PUID=99 PGID=100
+
+# Install Apache, PHP, and required extensions
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+      apache2 php php-json php-curl php-zip php-mbstring php-gd php-xml \
+      ca-certificates curl git openssl && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*  # slim down image
+
+# Remap www-data to the PUID/PGID provided for safe bind mounts
+RUN set -eux; \
+    if [ "$(id -u www-data)" != "${PUID}" ]; then usermod -u "${PUID}" www-data; fi; \
+    if [ "$(id -g www-data)" != "${PGID}" ]; then groupmod -g "${PGID}" www-data 2>/dev/null || true; fi; \
+    usermod -g "${PGID}" www-data
+
+# Copy config, code, and vendor
+COPY custom-php.ini /etc/php/8.3/apache2/conf.d/99-app-tuning.ini
+COPY --from=appsource /var/www /var/www
+COPY --from=composer /app/vendor /var/www/vendor
+
+# ── ensure config/ is writable by www-data so sed -i can work ──
+RUN mkdir -p /var/www/config \
+    && chown -R www-data:www-data /var/www/config \
+    && chmod 750 /var/www/config
+
+# Secure permissions: code read-only, only data dirs writable
+RUN chown -R root:www-data /var/www && \
+    find /var/www -type d -exec chmod 755 {} \; && \
+    find /var/www -type f -exec chmod 644 {} \; && \
+    mkdir -p /var/www/public/uploads /var/www/users /var/www/metadata && \
+    chown -R www-data:www-data /var/www/public/uploads /var/www/users /var/www/metadata && \
+    chmod -R 775 /var/www/public/uploads /var/www/users /var/www/metadata  # writable upload areas
+
+# Apache site configuration
+RUN cat <<'EOF' > /etc/apache2/sites-available/000-default.conf
+<VirtualHost *:80>
+    # Global settings
+    TraceEnable off
+    KeepAlive On
+    MaxKeepAliveRequests 100
+    KeepAliveTimeout 5
+    Timeout 60
+
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/public
+
+    # Security headers for all responses
+    <IfModule mod_headers.c>
+      Header always set X-Frame-Options "SAMEORIGIN"
+      Header always set X-Content-Type-Options "nosniff"
+      Header always set X-XSS-Protection "1; mode=block"
+      Header always set Referrer-Policy "strict-origin-when-cross-origin"
+      Header always set Content-Security-Policy "default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob:; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';"
+    </IfModule>
+
+    # Compression
+    <IfModule mod_deflate.c>
+      AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json
+    </IfModule>
+
+    # Cache static assets
+    <IfModule mod_expires.c>
+      ExpiresActive on
+      ExpiresByType image/jpeg      "access plus 1 month"
+      ExpiresByType image/png       "access plus 1 month"
+      ExpiresByType text/css        "access plus 1 week"
+      ExpiresByType application/javascript "access plus 3 hour"
+    </IfModule>
+
+    # Protect uploads directory
+    Alias /uploads/ /var/www/uploads/
+    <Directory "/var/www/uploads/">
+        Options -Indexes
+        AllowOverride None
+        <IfModule mod_php7.c>
+           php_flag engine off
+        </IfModule>
+        <IfModule mod_php.c>
+           php_flag engine off
+        </IfModule>
+        Require all granted
+    </Directory>
+
+    # Public directory
+    <Directory "/var/www/public">
+        AllowOverride All
+        Require all granted
+        DirectoryIndex index.html index.php
+    </Directory>
+
+    # Deny access to hidden files
+    <FilesMatch "^\.">
+      Require all denied
+    </FilesMatch>
+    
+    <Files "api.php">
+    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' https://cdn.redoc.ly; style-src 'self' 'unsafe-inline'; worker-src 'self' https://cdn.redoc.ly blob:; connect-src 'self'; img-src 'self' data: blob:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"
+    </Files>
+
+    ErrorLog /var/www/metadata/log/error.log
+    CustomLog /var/www/metadata/log/access.log combined
+</VirtualHost>
+EOF
+
+# Enable required modules
+RUN a2enmod rewrite headers proxy proxy_fcgi expires deflate ssl
+
+EXPOSE 80 443
+COPY start.sh /usr/local/bin/start.sh
+RUN chmod +x /usr/local/bin/start.sh
+
+CMD ["/usr/local/bin/start.sh"]
--- a/1
+++ b/1
@@ -1,5 +1,6 @@
 MIT License

+Copyright (c) 2024 SeNS
 Copyright (c) 2025 FileRise

 Permission is hereby granted, free of charge, to any person obtaining a copy
--- a/README.md
+++ b/README.md
@@ -1,202 +1,293 @@
 # FileRise

-**Elevate your File Management** – A modern, self-hosted web file manager.
-Upload, organize, and share files through a sleek web interface. **FileRise** is lightweight yet powerful: think of it as your personal cloud drive that you control. With drag-and-drop uploads, in-browser editing, secure user logins (with SSO and 2FA support), and one-click sharing, **FileRise** makes file management on your server a breeze.
+[![GitHub stars](https://img.shields.io/github/stars/error311/FileRise?style=social)](https://github.com/error311/FileRise)
+[![Docker pulls](https://img.shields.io/docker/pulls/error311/filerise-docker)](https://hub.docker.com/r/error311/filerise-docker)
+[![Docker CI](https://img.shields.io/github/actions/workflow/status/error311/filerise-docker/main.yml?branch=main&label=Docker%20CI)](https://github.com/error311/filerise-docker/actions/workflows/main.yml)
+[![CI](https://img.shields.io/github/actions/workflow/status/error311/FileRise/ci.yml?branch=master&label=CI)](https://github.com/error311/FileRise/actions/workflows/ci.yml)
+[![Demo](https://img.shields.io/badge/demo-live-brightgreen)](https://demo.filerise.net)
+[![Release](https://img.shields.io/github/v/release/error311/FileRise?include_prereleases&sort=semver)](https://github.com/error311/FileRise/releases)
+[![License](https://img.shields.io/github/license/error311/FileRise)](LICENSE)
+[![Discord](https://img.shields.io/badge/Discord-join_chat-5865F2?logo=discord&logoColor=white)](https://discord.gg/7WN6f56X2e)
+[![Sponsor on GitHub](https://img.shields.io/badge/Sponsor-❤-red)](https://github.com/sponsors/error311)
+[![Support on Ko-fi](https://img.shields.io/badge/Ko--fi-Buy%20me%20a%20coffee-orange)](https://ko-fi.com/error311)

-**4/3/2025 Video demo:**
+**FileRise** is a modern, self-hosted web file manager / WebDAV server.  
+Drag & drop uploads, ACL-aware sharing, OnlyOffice integration, and a clean UI — all in a single PHP app that you control.

-<https://github.com/user-attachments/assets/221f6a53-85f5-48d4-9abe-89445e0af90e>
+- 💾 **Self-hosted “cloud drive”** – Runs anywhere with PHP (or via Docker). No external DB required.
+- 🔐 **Granular per-folder ACLs** – View / Own / Upload / Edit / Delete / Share, enforced across UI, API, and WebDAV.
+- 🔄 **Fast drag-and-drop uploads** – Chunked, resumable uploads with pause/resume and progress.
+- 🌳 **Scales to huge trees** – Tested with **100k+ folders** in the sidebar tree.
+- 🧩 **ONLYOFFICE support (optional)** – Edit DOCX/XLSX/PPTX using your own Document Server.
+- 🌍 **WebDAV** – Mount FileRise as a drive from macOS, Windows, Linux, or Cyberduck/WinSCP.
+- 📊 **Storage / disk usage summary** – CLI scanner with snapshots, total usage, and per-volume breakdowns in the admin panel.
+- 🎨 **Polished UI** – Dark/light mode, responsive layout, in-browser previews & code editor.
+- 🔑 **Login + SSO** – Local users, TOTP 2FA, and OIDC (Auth0 / Authentik / Keycloak / etc.).
+- 👥 **Pro: user groups, client portals & storage explorer** – Group-based ACLs, brandable client upload portals, and an ncdu-style explorer to drill into folders, largest files, and clean up storage inline.

-**Dark mode:**
-![Dark Header](https://raw.githubusercontent.com/error311/FileRise/refs/heads/master/resources/dark-header.png)
+Full list of features available at [Full Feature Wiki](https://github.com/error311/FileRise/wiki/Features)
+
+![FileRise](https://raw.githubusercontent.com/error311/FileRise/master/resources/filerise-v2.3.4.png)
+
+> 💡 Looking for **FileRise Pro** (brandable header, **user groups**, **client upload portals**, license handling)?
+> Check out [filerise.net](https://filerise.net) – FileRise Core stays fully open-source (MIT).

 ---

-## Features at a Glance or [Full Features Wiki](https://github.com/error311/FileRise/wiki/Features)
+## Quick links

- 🚀 **Easy File Uploads:** Upload multiple files and folders via drag & drop or file picker. Supports large files with pause/resumable chunked uploads and shows real-time progress for each file. No more failed transfers – FileRise will pick up where it left off if your connection drops.
-
- 🗂️ **File Management:** Full set of file/folder operations – move or copy files (via intuitive drag-drop or dialogs), rename items, and delete in batches. You can even download selected files as a ZIP archive or extract uploaded ZIP files server-side. Organize content with an interactive folder tree and breadcrumb navigation for quick jumps.
-
- 🗃️ **Folder Sharing & File Sharing:** Easily share entire folders via secure, expiring public links. Folder shares can be password-protected, and shared folders support file uploads from outside users with a separate, secure upload mechanism. Folder listings are paginated (10 items per page) with navigation controls, and file sizes are displayed in MB for clarity. Share files with others using one-time or expiring public links (with password protection if desired) – convenient for sending individual files without exposing the whole app.
-
- 📝 **Built-in Editor & Preview:** View images, videos, audio, and PDFs inline with a preview modal – no need to download just to see them. Edit text/code files right in your browser with a CodeMirror-based editor featuring syntax highlighting and line numbers. Great for config files or notes – tweak and save changes without leaving FileRise.
-
- 🏷️ **Tags & Search:** Categorize your files with color-coded tags and quickly locate them using our advanced, indexed real-time search. The built-in search now leverages Fuse.js to provide fuzzy matching across file names, tags, and uploader fields—helping you find that “important” document even if you make a typo.
-
- 🔒 **User Authentication & User Permissions:** Secure your portal with username/password login. Supports multiple users – create user accounts (admin UI provided) for family or team members. User permissions such as User “Folder Only” feature assigns each user a dedicated folder within the root directory, named after their username, restricting them from viewing or modifying other directories. User Read Only and Disable Upload are additional permissions. FileRise also integrates with Single Sign-On (OIDC) providers (e.g., OAuth2/OIDC for Google/Authentik/Keycloak) and offers optional TOTP two-factor auth for extra security.
-
- 🎨 **Responsive UI (Dark/Light Mode):** FileRise is mobile-friendly out of the box – manage files from your phone or tablet with a responsive layout. Choose between Dark mode or Light theme, or let it follow your system preference. The interface remembers your preferences (layout, items per page, last visited folder, etc.) for a personalized experience each time.
-
- 🌐 **Internationalization & Localization:** FileRise supports multiple languages via an integrated i18n system. Users can switch languages through a user panel dropdown, and their choice is saved in local storage for a consistent experience across sessions. Currently available in English, Spanish, and French—please report any translation issues you encounter.
-
- 🗑️ **Trash & File Recovery:** Mistakenly deleted files? No worries – deleted items go to the Trash instead of immediate removal. Admins can restore files from Trash or empty it to free space. FileRise auto-purges old trash entries (default 3 days) to keep your storage tidy.
-
- ⚙️ **Lightweight & Self-Contained:** FileRise runs on PHP 8.1+ with no external database required – data is stored in files (users, metadata) for simplicity. It’s a single-folder web app you can drop into any Apache/PHP server or run as a container. Docker & Unraid ready: use our pre-built image for a hassle-free setup. Memory and CPU footprint is minimal, yet the app scales to thousands of files with pagination and sorting features.
-
-(For a full list of features and detailed changelogs, see the [Wiki](https://github.com/error311/FileRise/wiki), [changelog](https://github.com/error311/FileRise/blob/master/CHANGELOG.md) or the [releases](https://github.com/error311/FileRise/releases) pages.)
+- 🚀 **Live demo:** [Demo](https://demo.filerise.net) (username: `demo` / password: `demo`)  
+- 📚 **Docs & Wiki:** [Wiki](https://github.com/error311/FileRise/wiki)  
+  - [Features overview](https://github.com/error311/FileRise/wiki/Features)
+  - [WebDAV](https://github.com/error311/FileRise/wiki/WebDAV)
+  - [ONLYOFFICE](https://github.com/error311/FileRise/wiki/ONLYOFFICE)
+- 🐳 **Docker image:** [Docker](https://github.com/error311/filerise-docker)
+- 💬 **Discord:** [Join the FileRise server](https://discord.gg/YOUR_CODE_HERE)
+- 📝 **Changelog:** [Changes](https://github.com/error311/FileRise/blob/master/CHANGELOG.md)

 ---

-## Live Demo
+## 1. What FileRise does

-Curious about the UI? **Check out the live demo:** <https://demo.filerise.net> (login with username “demo” and password “demo”). *The demo is read-only for security*. Explore the interface, switch themes, preview files, and see FileRise in action!
+FileRise turns a folder on your server into a **web-based file explorer** with:
+
+- Folder tree + breadcrumbs for fast navigation
+- Multi-file/folder drag-and-drop uploads
+- Move / copy / rename / delete / extract ZIP
+- Public share links (optionally password-protected & expiring)
+- Tagging and search by name, tag, uploader, and content
+- Trash with restore/purge
+- Inline previews (images, audio, video, PDF) and a built-in code editor
+
+Everything flows through a single ACL engine, so permissions are enforced consistently whether users are in the browser UI, using WebDAV, or hitting the API.

 ---

-## Installation & Setup
+## 2. Install (Docker – recommended)

-You can deploy FileRise either by running the **Docker container** (quickest way) or by a **manual installation** on a PHP web server. Both methods are outlined below.
+The easiest way to run FileRise is the official Docker image.

-### 1. Running with Docker (Recommended)
+### Option A – Quick start (docker run)

-If you have Docker installed, you can get FileRise up and running in minutes:
-
- **Pull the image from Docker Hub:**
-
-``` bash
-docker pull error311/filerise-docker:latest
-```
-
-*(For Apple Silicon (M1/M2) users, use --platform linux/amd64 tag until multi-arch support is added.)*  
-
- **Run a container:**
-
-``` bash
+```bash
 docker run -d \
+  --name filerise \
  -p 8080:80 \
  -e TIMEZONE="America/New_York" \
-  -e TOTAL_UPLOAD_SIZE="5G" \
+  -e TOTAL_UPLOAD_SIZE="10G" \
  -e SECURE="false" \
+  -e PERSISTENT_TOKENS_KEY="default_please_change_this_key" \
+  -e SCAN_ON_START="true" \
+  -e CHOWN_ON_START="true" \
  -v ~/filerise/uploads:/var/www/uploads \
  -v ~/filerise/users:/var/www/users \
  -v ~/filerise/metadata:/var/www/metadata \
-  --name filerise \
  error311/filerise-docker:latest
-  ```
+```

-  This will start FileRise on port 8080. Visit `http://your-server-ip:8080` to access it. Environment variables shown above are optional – for instance, set `SECURE="true"` to enforce HTTPS (assuming you have SSL at proxy level) and adjust `TIMEZONE` as needed. The volume mounts ensure your files and user data persist outside the container.
+Then visit:

- **Using Docker Compose:**
-Alternatively, use **docker-compose**. Save the snippet below as docker-compose.yml and run `docker-compose up -d`:
+```text
+http://your-server-ip:8080
+```

-``` yaml
-version: '3'
+On first launch you’ll be guided through creating the **initial admin user**.
+
+> 💡 After the first run, you can set `CHOWN_ON_START="false"` if permissions are already correct and you don’t want a recursive `chown` on every start.
+
+> ⚠️ **Uploads folder recommendation**
+>
+> It’s strongly recommended to bind `/var/www/uploads` to a **dedicated folder**
+> (for example `~/filerise/uploads` or `/mnt/user/appdata/FileRise/uploads`),
+> not the root of a huge media share.
+>
+> If you really want FileRise to sit “on top of” an existing share, use a
+> subfolder (e.g. `/mnt/user/media/filerise_root`) instead of the share root,
+> so scans and permission changes stay scoped to that folder.
+
+---
+
+### Option B – docker-compose.yml
+
+```yaml
 services:
  filerise:
    image: error311/filerise-docker:latest
+    container_name: filerise
    ports:
      - "8080:80"
    environment:
-      TIMEZONE: "UTC"
+      TIMEZONE: "America/New_York"
      TOTAL_UPLOAD_SIZE: "10G"
      SECURE: "false"
-      PERSISTENT_TOKENS_KEY: "please_change_this_@@"
+      PERSISTENT_TOKENS_KEY: "default_please_change_this_key"
+      SCAN_ON_START: "true"   # auto-index existing files on startup
+      CHOWN_ON_START: "true"  # fix permissions on uploads/users/metadata on startup
    volumes:
      - ./uploads:/var/www/uploads
      - ./users:/var/www/users
      - ./metadata:/var/www/metadata
 ```

-FileRise will be accessible at `http://localhost:8080` (or your server’s IP). The above example also sets a custom `PERSISTENT_TOKENS_KEY` (used to encrypt “remember me” tokens) – be sure to change it to a random string for security.
+Bring it up with:

-**First-time Setup:** On first launch, FileRise will detect no users and prompt you to create an **Admin account**. Choose your admin username & password, and you’re in! You can then head to the **User Management** section to add additional users if needed.
-
-### 2. Manual Installation (PHP/Apache)
-
-If you prefer to run FileRise on a traditional web server (LAMP stack or similar):
-
- **Requirements:** PHP 8.1 or higher, Apache (with mod_php) or another web server configured for PHP. Ensure PHP extensions json, curl, and zip are enabled. No database needed.
- **Download Files:** Clone this repo or download the [latest release archive](https://github.com/error311/FileRise/releases).
-
-``` bash
-git clone https://github.com/error311/FileRise.git  
+```bash
+docker compose up -d
 ```

-Place the files into your web server’s directory (e.g., `/var/www/html/filerise`). It can be in a subfolder (just adjust the `BASE_URL` in config as below).
+---

- **Composer Dependencies:** If you plan to use OIDC (SSO login), install Composer and run `composer install` in the FileRise directory. (This pulls in a couple of PHP libraries like jumbojett/openid-connect for OAuth support.) If you skip this, FileRise will still work, but OIDC login won’t be available.
+### Common environment variables

- **Folder Permissions:** Ensure the server can write to the following directories (create them if they don’t exist):
+| Variable                | Required | Example                          | What it does                                                                  |
+|-------------------------|----------|----------------------------------|-------------------------------------------------------------------------------|
+| `TIMEZONE`              | ✅       | `America/New_York`               | PHP / container timezone.                                                     |
+| `TOTAL_UPLOAD_SIZE`     | ✅       | `10G`                            | Max total upload size per request (e.g. `5G`, `10G`).                         |
+| `SECURE`                | ✅       | `false`                          | `true` when running behind HTTPS / reverse proxy, else `false`.               |
+| `PERSISTENT_TOKENS_KEY` | ✅       | `default_please_change_this_key` | Secret used to sign “remember me” tokens. **Change this.**                    |
+| `SCAN_ON_START`         | Optional | `true`                           | If `true`, scan `uploads/` on startup and index existing files.               |
+| `CHOWN_ON_START`        | Optional | `true`                           | If `true`, chown `uploads/`, `users/`, `metadata/` on startup.                |
+| `DATE_TIME_FORMAT`      | Optional | `Y-m-d H:i`                      | Overrides `DATE_TIME_FORMAT` in `config.php` (controls how dates are shown).  |

-``` bash
-mkdir -p uploads users metadata
-chown -R www-data:www-data uploads users metadata   # www-data is Apache user; use appropriate user
-chmod -R 775 uploads users metadata
-```
+> If `DATE_TIME_FORMAT` is not set, FileRise uses the default from `config/config.php`
+> (currently `m/d/y  h:iA`).
+> 🗂 **Using an existing folder tree**
+>
+> - Point `/var/www/uploads` at the folder you want FileRise to manage.
+> - Set `SCAN_ON_START="true"` on the first run to index existing files, then
+>   usually set it to `"false"` so the container doesn’t rescan on every restart.
+> - `CHOWN_ON_START="true"` is handy on first run to fix permissions. If you map
+>   a large share or already manage ownership yourself, set it to `"false"` to
+>   avoid recursive `chown` on every start.
+>
+> Volumes:  
+> - `/var/www/uploads` – your actual files  
+> - `/var/www/users` – user & pro jsons  
+> - `/var/www/metadata` – tags, search index, share links, etc.

-The uploads/ folder is where files go, users/ stores the user credentials file, and metadata/ holds metadata like tags and share links.
-
- **Configuration:** Open the `config.php` file in a text editor. You may want to adjust:
-
-  - `BASE_URL` – the URL where you will access FileRise (e.g., `“https://files.mydomain.com/”`). This is used for generating share links.
-  
-  - `TIMEZONE` and `DATE_TIME_FORMAT` – match your locale (for correct timestamps).
-  
-  - `TOTAL_UPLOAD_SIZE` – max aggregate upload size (default 5G). Also adjust PHP’s `upload_max_filesize` and `post_max_size` to at least this value (the Docker start script auto-adjusts PHP limits).
-  
-  - `PERSISTENT_TOKENS_KEY` – set a unique secret if you use “Remember Me” logins, to encrypt the tokens.
-  
-  - Other settings like `UPLOAD_DIR`, `USERS_FILE` etc. generally don’t need changes unless you move those folders. Defaults are set for the directories mentioned above.
-
- **Web Server Config:** If using Apache, ensure `.htaccess` files are allowed or manually add the rules from `.htaccess` to your Apache config – these disable directory listings and prevent access to certain files. For Nginx or others, you’ll need to replicate those protections (see Wiki: [Nginx Setup for examples](https://github.com/error311/FileRise/wiki/Nginx-Setup)). Also enable mod_rewrite if not already, as FileRise may use pretty URLs for share links.
-
-Now navigate to the FileRise URL in your browser. On first load, you’ll be prompted to create the Admin user (same as Docker setup). After that, the application is ready to use!
+**More Docker / orchestration options (Unraid, Portainer, k8s, reverse proxy, etc.)**  
+- [Install & Setup](https://github.com/error311/FileRise/wiki/Installation-Setup)  
+- [Nginx](https://github.com/error311/FileRise/wiki/Nginx-Setup)  
+- [FAQ](https://github.com/error311/FileRise/wiki/FAQ)  
+- [Kubernetes / k8s deployment](https://github.com/error311/FileRise/wiki/Kubernetes---k8s-deployment)  
+- Portainer templates: add this URL in Portainer → Settings → App Templates:  
+  `https://raw.githubusercontent.com/error311/filerise-portainer-templates/refs/heads/main/templates.json` 
+- See also the Docker repo: [error311/filerise-docker](https://github.com/error311/filerise-docker)

 ---

-## FAQ / Troubleshooting
+## 3. Manual install (PHP web server)

- **“Upload failed” or large files not uploading:** Make sure `TOTAL_UPLOAD_SIZE` in config and PHP’s `post_max_size` / `upload_max_filesize` are all set high enough. For extremely large files, you might also need to increase max_execution_time in PHP or rely on the resumable upload feature in smaller chunks.
+Prefer bare-metal or your own stack? FileRise is just PHP + a few extensions.

- **How to enable HTTPS?** FileRise itself doesn’t handle TLS. Run it behind a reverse proxy like Nginx, Caddy, or Apache with SSL, or use Docker with a companion like nginx-proxy or Caddy. Set `SECURE="true"` env var in Docker so FileRise knows to generate https links.
+**Requirements**  

- **Changing Admin or resetting password:** Admin can change any user’s password via the UI (User Management section). If you lose admin access, you can edit the `users/users.txt` file on the server – passwords are hashed (bcrypt), but you can delete the admin line and then restart the app to trigger the setup flow again.
+- PHP **8.3+**
+- Web server (Apache / Nginx / Caddy + PHP-FPM)
+- PHP extensions: `json`, `curl`, `zip` (and usual defaults)
+- No database required

- **Where are my files stored?** In the `uploads/` directory (or the path you set for `UPLOAD_DIR`). Within it, files are organized in the folder structure you see in the app. Deleted files move to `uploads/trash/`. Tag information is in `metadata/file_metadata`.json and trash metadata in `metadata/trash.json`, etc. Regular backups of these folders is recommended if the data is important.
+**Steps**  

- **Updating FileRise:** If using Docker, pull the new image and recreate the container. For manual installs, download the latest release and replace the files (preserve your `config.php` and the uploads/users/metadata folders). Clear your browser cache if you have issues after an update (in case CSS/JS changed).
+1. Clone or download FileRise into your web root:

-For more Q&A or to ask for help, please check the Discussions or open an issue.
+   ```bash
+   git clone https://github.com/error311/FileRise.git
+   ```
+
+2. Create data directories and set permissions:
+
+   ```bash
+   cd FileRise
+   mkdir -p uploads users metadata
+   chown -R www-data:www-data uploads users metadata   # adjust for your web user
+   chmod -R 775 uploads users metadata
+   ```
+
+3. (Optional) Install PHP dependencies with Composer:
+
+   ```bash
+   composer install
+   ```
+
+4. Configure PHP (upload limits / timeouts) and ensure rewrites are enabled.  
+   - Apache: allow `.htaccess` or copy its rules into your vhost.  
+   - Nginx/Caddy: mirror the basic protections (no directory listing, block sensitive files).
+
+5. Browse to your FileRise URL and follow the **admin setup** screen.
+
+For detailed examples and reverse proxy snippets, see the **Installation** page in the Wiki [Install & Setup](https://github.com/error311/FileRise/wiki/Installation-Setup).

 ---

-## Contributing
+## 4. WebDAV & ONLYOFFICE (optional)

-Contributions are welcome! If you have ideas for new features or have found a bug, feel free to open an issue. Check out the [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. You can also join the conversation in GitHub Discussions or on Reddit (see links below) to share feedback and suggestions.
+### WebDAV

-Areas where you can help: translations, bug fixes, UI improvements, or building integration with other services. If you like FileRise, giving the project a ⭐ star ⭐ on GitHub is also a much-appreciated contribution!
+Once enabled in the Admin panel, FileRise exposes a WebDAV endpoint (e.g. `/webdav.php`). Use it with:
+
+- **macOS Finder** – Go → Connect to Server → `https://your-host/webdav.php/`
+- **Windows File Explorer** – Map Network Drive → `https://your-host/webdav.php/`
+- **Linux (GVFS/Nautilus)** – `dav://your-host/webdav.php/`
+- Clients like **Cyberduck**, **WinSCP**, etc.
+
+WebDAV operations honor the same ACLs as the web UI.
+
+See: [WebDAV](https://github.com/error311/FileRise/wiki/WebDAV)
+
+### ONLYOFFICE integration
+
+If you run an ONLYOFFICE Document Server you can open/edit Office documents directly from FileRise (DOCX, XLSX, PPTX, ODT, ODS, ODP; PDFs view-only).
+
+Configure it in **Admin → ONLYOFFICE**:
+
+- Enable ONLYOFFICE
+- Set your Document Server origin (e.g. `https://docs.example.com`)
+- Configure a shared JWT secret
+- Copy the suggested Content-Security-Policy header into your reverse proxy
+
+Docs: [ONLYOFFICE](https://github.com/error311/FileRise/wiki/ONLYOFFICE)

 ---

-## Community and Support
+## 5. Security & updates

- **Reddit:** [r/selfhosted: FileRise Discussion](https://www.reddit.com/r/selfhosted/comments/1jl01pi/introducing_filerise_a_modern_selfhosted_file/) – (Announcement and user feedback thread).
- **Unraid Forums:** [FileRise Support Thread](https://forums.unraid.net/topic/187337-support-filerise/) – for Unraid-specific support or issues.
- **GitHub Discussions:** Use the Q&A category for any setup questions, and the Ideas category to suggest enhancements.
+- FileRise is actively maintained and has published security advisories.  
+- See **SECURITY.md** and GitHub Security Advisories for details.
+- To upgrade:
+  - **Docker:** `docker pull error311/filerise-docker:latest` and recreate the container with the same volumes.
+  - **Manual:** replace app files with the latest release (keep `uploads/`, `users/`, `metadata/`, and your config).
+
+Please report vulnerabilities responsibly via the channels listed in **SECURITY.md**.

 ---

-## Dependencies
+## 6. Community, support & contributing

-### PHP Libraries
+- 🧵 **GitHub Discussions & Issues:** ask questions, report bugs, suggest features.  
+- 💬 **Unraid forum thread:** for Unraid-specific setup and tuning.  
+- 🌍 **Reddit / self-hosting communities:** occasional release posts & feedback threads.

- **[jumbojett/openid-connect-php](https://github.com/jumbojett/OpenID-Connect-PHP)** (v^1.0.0)
- **[phpseclib/phpseclib](https://github.com/phpseclib/phpseclib)** (v~3.0.7)
- **[robthree/twofactorauth](https://github.com/RobThree/TwoFactorAuth)** (v^3.0)
- **[endroid/qr-code](https://github.com/endroid/qr-code)** (v^5.0)
+Contributions are welcome — from bug fixes and docs to translations and UI polish.  
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

-### Client-Side Libraries
+If FileRise saves you time or becomes your daily driver, a ⭐ on GitHub or sponsorship is hugely appreciated:

- **Google Fonts** – [Roboto](https://fonts.google.com/specimen/Roboto) and **Material Icons** ([Google Material Icons](https://fonts.google.com/icons))
- **[Bootstrap](https://getbootstrap.com/)** (v4.5.2)
- **[CodeMirror](https://codemirror.net/)** (v5.65.5) – For code editing functionality.
- **[Resumable.js](http://www.resumablejs.com/)** (v1.1.0) – For file uploads.
- **[DOMPurify](https://github.com/cure53/DOMPurify)** (v2.4.0) – For sanitizing HTML.
- **[Fuse.js](https://fusejs.io/)** (v6.6.2) – For indexed, fuzzy searching.
+- ❤️ [GitHub Sponsors](https://github.com/sponsors/error311)
+- ☕ [Ko-fi](https://ko-fi.com/error311)

 ---

-## License
+## 7. License & third-party code

-This project is open-source under the MIT License. That means you’re free to use, modify, and distribute **FileRise**, with attribution. We hope you find it useful and contribute back!
+FileRise Core is released under the **MIT License** – see [LICENSE](LICENSE).
+
+It bundles a small set of well-known client and server libraries (Bootstrap, CodeMirror, DOMPurify, Fuse.js, Resumable.js, sabre/dav, etc.).  
+All third-party code remains under its original licenses.
+
+See `THIRD_PARTY.md` and the `licenses/` folder for full details.
+
+## 8. Press
+
+- [Heise / iX Magazin – “FileRise 2.0: Web-Dateimanager mit Client Portals” (DE)](https://www.heise.de/news/FileRise-2-0-Web-Dateimanager-mit-Client-Portals-11092171.html)
+- [Heise / iX Magazin – “FileRise 2.0: Web File Manager with Client Portals” (EN)](https://www.heise.de/en/news/FileRise-2-0-Web-File-Manager-with-Client-Portals-11092376.html)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,32 +2,60 @@

 ## Supported Versions

-FileRise is actively maintained. Only supported versions will receive security updates. For details on which versions are currently supported, please see the [Release Notes](https://github.com/error311/FileRise/releases).
+We provide security fixes for the latest minor release line.
+
+| Version   | Supported |
+|----------|-----------|
+| v1.5.x   | ✅        |
+| ≤ v1.4.x | ❌        |
+
+> Known issues in ≤ v1.4.x are fixed in **v1.5.0** and later.

 ## Reporting a Vulnerability

-If you discover a security vulnerability, please do not open a public issue. Instead, follow these steps:
+**Please do not open a public issue.** Use one of the private channels below:

-1. **Email Us Privately:**  
-   Send an email to [security@filerise.net](mailto:security@filerise.net) with the subject line “[FileRise] Security Vulnerability Report”.
+1) **GitHub Security Advisory (preferred)**  
+   Open a private report here: <https://github.com/error311/FileRise/security/advisories/new>

-2. **Include Details:**  
-   Provide a detailed description of the vulnerability, steps to reproduce it, and any other relevant information (e.g., affected versions, screenshots, logs).
+2) **Email**  
+   Send details to **<security@filerise.net>** with subject: `[FileRise] Security Vulnerability Report`.

-3. **Secure Communication (Optional):**  
-   If you wish to discuss the vulnerability securely, you can use our PGP key. You can obtain our PGP key by emailing us, and we will send it upon request.
+### What to include

-## Disclosure Policy
+- Affected versions (e.g., v1.4.0), component/endpoint, and impact
+- Reproduction steps / PoC
+- Any logs, screenshots, or crash traces
+- Safe test scope used (see below)

- **Acknowledgement:**  
-  We will acknowledge receipt of your report within 48 hours.
-  
- **Resolution Timeline:**  
-  We aim to fix confirmed vulnerabilities within 30 days. In cases where a delay is necessary, we will communicate updates to you directly.
+If you’d like encrypted comms, ask for our PGP key in your first email.

- **Public Disclosure:**  
-  After a fix is available, details of the vulnerability will be disclosed publicly in a way that does not compromise user security.
+## Coordinated Disclosure

-## Additional Information
+- **Acknowledgement:** within **48 hours**  
+- **Triage & initial assessment:** within **7 days**  
+- **Fix target:** within **30 days** for high-severity issues (may vary by complexity)
+- **CVE & advisory:** we publish a GitHub Security Advisory and request a CVE when appropriate.  
+  We notify the reporter before public disclosure and credit them (unless they prefer to remain anonymous).

-We appreciate responsible disclosure of vulnerabilities and thank all researchers who help keep FileRise secure. For any questions related to this policy, please contact us at [admin@filerise.net](mailto:admin@filerise.net).
+## Safe-Harbor / Rules of Engagement
+
+We support good-faith research. Please:
+
+- Avoid privacy violations, data exfiltration, and service disruption (no DoS, spam, or brute-forcing)
+- Don’t access other users’ data beyond what’s necessary to demonstrate the issue
+- Don’t run automated scans against production installs you don’t own
+- Follow applicable laws and make a good-faith effort to respect data and availability
+
+If you follow these guidelines, we won’t pursue or support legal action.
+
+## Published Advisories
+
+- **GHSA-6p87-q9rh-95wh** — ≤ **1.3.15**: Improper ownership/permission validation allowed cross-tenant file operations.  
+- **GHSA-jm96-2w52-5qjj** — **v1.4.0**: Insecure folder visibility via name-based mapping and incomplete ACL checks.  
+
+Both are fixed in **v1.5.0** (ACL hardening). Thanks to **[@kiwi865](https://github.com/kiwi865)** for responsible disclosure.
+
+## Questions
+
+General security questions: **<admin@filerise.net>**
--- a/THIRD_PARTY.md
+++ b/THIRD_PARTY.md
@@ -0,0 +1,47 @@
+# Third-Party Notices
+
+FileRise bundles the following third‑party assets. Each item lists the project, version, typical on-disk location in this repo, and its license.
+
+If you believe any attribution is missing or incorrect, please open an issue.
+
+---
+
+## Fonts
+
+- **Roboto (wght 400/500)** — Google Fonts  
+  **License:** Apache License 2.0  
+  **Files:** `public/css/vendor/roboto.css`, `public/fonts/roboto/*.woff2`
+
+- **Material Icons (ligature font)** — Google Fonts  
+  **License:** Apache License 2.0  
+  **Files:** `public/css/vendor/material-icons.css`, `public/fonts/material-icons/*.woff2`
+
+> Google fonts/icons © Google. Licensed under Apache 2.0. See `licenses/apache-2.0.txt`.
+
+---
+
+## CSS / JS Libraries (vendored)
+
+- **Bootstrap 4.5.2** — MIT License  
+  **Files:** `public/vendor/bootstrap/4.5.2/bootstrap.min.css`
+
+- **CodeMirror 5.65.5** — MIT License  
+  **Files:** `public/vendor/codemirror/5.65.5/*`
+
+- **DOMPurify 2.4.0** — Apache License 2.0  
+  **Files:** `public/vendor/dompurify/2.4.0/purify.min.js`
+
+- **Fuse.js 6.6.2** — Apache License 2.0  
+  **Files:** `public/vendor/fuse/6.6.2/fuse.min.js`
+
+- **Resumable.js 1.1.0** — MIT License  
+  **Files:** `public/vendor/resumable/1.1.0/resumable.min.js`
+
+- **ReDoc (redoc.standalone.js)** — MIT License  
+  **Files:** `public/vendor/redoc/redoc.standalone.js`  
+  **Notes:** Self-hosted to comply with `script-src 'self'` CSP.
+
+> MIT-licensed code: see `licenses/mit.txt`.  
+> Apache-2.0–licensed code: see `licenses/apache-2.0.txt`.
+
+---
--- a/addUser.php
+++ b/addUser.php
@@ -1,86 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-$usersFile = USERS_DIR . USERS_FILE;
-
-// Determine if we are in setup mode:
-// - Query parameter setup=1 is passed
-// - And users.txt is either missing or empty (zero bytes or trimmed content is empty)
-$isSetup = (isset($_GET['setup']) && $_GET['setup'] === '1');
-if ($isSetup && (!file_exists($usersFile) || filesize($usersFile) == 0 || trim(file_get_contents($usersFile)) === '')) {
-    // Allow initial admin creation without session checks.
-    $setupMode = true;
-} else {
-    $setupMode = false;
-    // In non-setup mode, check CSRF token and require admin privileges.
-    $headers = array_change_key_case(getallheaders(), CASE_LOWER);
-    $receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-    if (!isset($_SESSION['csrf_token']) || $receivedToken !== $_SESSION['csrf_token']) {
-        echo json_encode(["error" => "Invalid CSRF token"]);
-        http_response_code(403);
-        exit;
-    }
-    if (
-        !isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true ||
-        !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true
-    ) {
-        echo json_encode(["error" => "Unauthorized"]);
-        exit;
-    }
-}
-
-// Get input data from JSON.
-$data = json_decode(file_get_contents("php://input"), true);
-$newUsername = trim($data["username"] ?? "");
-$newPassword = trim($data["password"] ?? "");
-
-// In setup mode, force the new user to be admin.
-if ($setupMode) {
-    $isAdmin = "1";
-} else {
-    $isAdmin = !empty($data["isAdmin"]) ? "1" : "0"; // "1" for admin, "0" for regular user.
-}
-
-// Validate input.
-if (!$newUsername || !$newPassword) {
-    echo json_encode(["error" => "Username and password required"]);
-    exit;
-}
-
-// Validate username using preg_match (allow letters, numbers, underscores, dashes, and spaces).
-if (!preg_match(REGEX_USER, $newUsername)) {
-    echo json_encode(["error" => "Invalid username. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
-    exit;
-}
-
-// Ensure users.txt exists.
-if (!file_exists($usersFile)) {
-    file_put_contents($usersFile, '');
-}
-
-// Check if username already exists.
-$existingUsers = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-foreach ($existingUsers as $line) {
-    list($storedUser, $storedHash, $storedRole) = explode(':', trim($line));
-    if ($newUsername === $storedUser) {
-        echo json_encode(["error" => "User already exists"]);
-        exit;
-    }
-}
-
-// Hash the password.
-$hashedPassword = password_hash($newPassword, PASSWORD_BCRYPT);
-
-// Prepare new user line.
-$newUserLine = $newUsername . ":" . $hashedPassword . ":" . $isAdmin . PHP_EOL;
-
-// In setup mode, overwrite users.txt; otherwise, append to it.
-if ($setupMode) {
-    file_put_contents($usersFile, $newUserLine);
-} else {
-    file_put_contents($usersFile, $newUserLine, FILE_APPEND);
-}
-
-echo json_encode(["success" => "User added successfully"]);
-?>
--- a/assets/favicon.ico
+++ b/assets/favicon.ico
--- a/assets/logo.png
+++ b/assets/logo.png
--- a/assets/logo.svg
+++ b/assets/logo.svg
--- a/auth.php
+++ b/auth.php
@@ -1,270 +0,0 @@
-<?php
-require_once 'vendor/autoload.php';
-require_once 'config.php';
-
-use RobThree\Auth\Algorithm;
-use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
-
-header('Content-Type: application/json');
-
-// Global exception handler: logs errors and returns a generic error message.
-set_exception_handler(function ($e) {
-    error_log("Unhandled exception: " . $e->getMessage());
-    http_response_code(500);
-    echo json_encode(["error" => "Internal Server Error"]);
-    exit();
-});
-
-/**
- * Helper: Get the user's role from users.txt.
- */
-function getUserRole($username) {
-    $usersFile = USERS_DIR . USERS_FILE;
-    if (file_exists($usersFile)) {
-        foreach (file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) {
-            $parts = explode(":", trim($line));
-            if (count($parts) >= 3 && $parts[0] === $username) {
-                return trim($parts[2]);
-            }
-        }
-    }
-    return null;
-}
-
-/* --- OIDC Authentication Flow --- */
-// Detect either ?oidc=… or a callback that only has ?code=
-$oidcAction = $_GET['oidc'] ?? null;
-if (!$oidcAction && isset($_GET['code'])) {
-    $oidcAction = 'callback';
-}
-if ($oidcAction) {
-    $adminConfigFile = USERS_DIR . 'adminConfig.json';
-    if (file_exists($adminConfigFile)) {
-        $enc = file_get_contents($adminConfigFile);
-        $dec = decryptData($enc, $encryptionKey);
-        $cfg = $dec !== false ? json_decode($dec, true) : [];
-    } else {
-        $cfg = [];
-    }
-    $oidc_provider_url  = $cfg['oidc']['providerUrl']  ?? 'https://your-oidc-provider.com';
-    $oidc_client_id     = $cfg['oidc']['clientId']     ?? 'YOUR_CLIENT_ID';
-    $oidc_client_secret = $cfg['oidc']['clientSecret'] ?? 'YOUR_CLIENT_SECRET';
-    // Use your production domain for redirect URI.
-    $oidc_redirect_uri  = $cfg['oidc']['redirectUri']  ?? 'https://yourdomain.com/auth.php?oidc=callback';
-
-    $oidc = new Jumbojett\OpenIDConnectClient(
-        $oidc_provider_url,
-        $oidc_client_id,
-        $oidc_client_secret
-    );
-    $oidc->setRedirectURL($oidc_redirect_uri);
-
-    if ($oidcAction === 'callback') {
-        try {
-            $oidc->authenticate();
-            $username = $oidc->requestUserInfo('preferred_username');
-
-            // Check if this user has a TOTP secret.
-            $usersFile = USERS_DIR . USERS_FILE;
-            $totp_secret = null;
-            if (file_exists($usersFile)) {
-                foreach (file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) {
-                    $parts = explode(":", trim($line));
-                    if (count($parts) >= 4 && $parts[0] === $username && !empty($parts[3])) {
-                        $totp_secret = decryptData($parts[3], $encryptionKey);
-                        break;
-                    }
-                }
-            }
-            if ($totp_secret) {
-                // Hold pending login & prompt for TOTP.
-                $_SESSION['pending_login_user']   = $username;
-                $_SESSION['pending_login_secret'] = $totp_secret;
-                header("Location: index.html?totp_required=1");
-                exit();
-            }
-
-            // No TOTP → finalize login.
-            session_regenerate_id(true);
-            $_SESSION["authenticated"] = true;
-            $_SESSION["username"]      = $username;
-            $_SESSION["isAdmin"]       = (getUserRole($username) === "1");
-            $_SESSION["folderOnly"]    = loadUserPermissions($username);
-
-            header("Location: index.html");
-            exit();
-        } catch (Exception $e) {
-            error_log("OIDC authentication error: " . $e->getMessage());
-            http_response_code(401);
-            echo json_encode(["error" => "Authentication failed."]);
-            exit();
-        }
-    } else {
-        // Initiate OIDC authentication.
-        try {
-            $oidc->authenticate();
-            exit();
-        } catch (Exception $e) {
-            error_log("OIDC initiation error: " . $e->getMessage());
-            http_response_code(401);
-            echo json_encode(["error" => "Authentication initiation failed."]);
-            exit();
-        }
-    }
-}
-
-/* --- Fallback: Form-based Authentication --- */
-$usersFile = USERS_DIR . USERS_FILE;
-$maxAttempts = 5;
-$lockoutTime = 30 * 60; // 30 minutes
-$attemptsFile = USERS_DIR . 'failed_logins.json';
-$failedLogFile = USERS_DIR . 'failed_login.log';
-$persistentTokensFile = USERS_DIR . 'persistent_tokens.json';
-
-function loadFailedAttempts($file) {
-    if (file_exists($file)) {
-        $data = json_decode(file_get_contents($file), true);
-        if (is_array($data)) {
-            return $data;
-        }
-    }
-    return [];
-}
-
-function saveFailedAttempts($file, $data) {
-    file_put_contents($file, json_encode($data, JSON_PRETTY_PRINT), LOCK_EX);
-}
-
-$ip = $_SERVER['REMOTE_ADDR'];
-$currentTime = time();
-$failedAttempts = loadFailedAttempts($attemptsFile);
-
-if (isset($failedAttempts[$ip])) {
-    $attemptData = $failedAttempts[$ip];
-    if ($attemptData['count'] >= $maxAttempts && ($currentTime - $attemptData['last_attempt']) < $lockoutTime) {
-        http_response_code(429);
-        echo json_encode(["error" => "Too many failed login attempts. Please try again later."]);
-        exit();
-    }
-}
-
-function authenticate($username, $password) {
-    global $usersFile, $encryptionKey;
-    if (!file_exists($usersFile)) {
-        return false;
-    }
-    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-    foreach ($lines as $line) {
-        $parts = explode(':', trim($line));
-        if (count($parts) < 3) continue;
-        if ($username === $parts[0] && password_verify($password, $parts[1])) {
-            $result = ['role' => $parts[2]];
-            $result['totp_secret'] = (isset($parts[3]) && !empty($parts[3]))
-                ? decryptData($parts[3], $encryptionKey)
-                : null;
-            return $result;
-        }
-    }
-    return false;
-}
-
-$data = json_decode(file_get_contents("php://input"), true);
-$username = trim($data["username"] ?? "");
-$password = trim($data["password"] ?? "");
-$rememberMe = isset($data["remember_me"]) && $data["remember_me"] === true;
-
-if (!$username || !$password) {
-    http_response_code(400);
-    echo json_encode(["error" => "Username and password are required"]);
-    exit();
-}
-
-if (!preg_match(REGEX_USER, $username)) {
-    http_response_code(400);
-    echo json_encode(["error" => "Invalid username format. Only letters, numbers, underscores, dashes, and spaces are allowed."]);
-    exit();
-}
-
-$user = authenticate($username, $password);
-if ($user !== false) {
-    if (!empty($user['totp_secret'])) {
-                // If TOTP code is missing or malformed, indicate that TOTP is required.
-                if (empty($data['totp_code']) || !preg_match('/^\d{6}$/', $data['totp_code'])) {
-                   // ← STORE pending user & secret so recovery can see it
-                    $_SESSION['pending_login_user']   = $username;
-                    $_SESSION['pending_login_secret'] = $user['totp_secret'];
-                    echo json_encode([
-                      "totp_required" => true,
-                      "message"      => "TOTP code required"
-                    ]);
-                    exit();
-                } else {
-                    $tfa = new \RobThree\Auth\TwoFactorAuth(
-                        new GoogleChartsQrCodeProvider(), // QR code provider
-                        'FileRise',                       // issuer
-                        6,                                // number of digits
-                        30,                               // period in seconds
-                        Algorithm::Sha1                   // Correct enum case name from your enum
-                    );
-            $providedCode = trim($data['totp_code']);
-            if (!$tfa->verifyCode($user['totp_secret'], $providedCode)) {
-                echo json_encode(["error" => "Invalid TOTP code"]);
-                exit();
-            }
-        }
-    }
-    if (isset($failedAttempts[$ip])) {
-        unset($failedAttempts[$ip]);
-        saveFailedAttempts($attemptsFile, $failedAttempts);
-    }
-    session_regenerate_id(true);
-    $_SESSION["authenticated"] = true;
-    $_SESSION["username"] = $username;
-    $_SESSION["isAdmin"] = ($user['role'] === "1");
-    $_SESSION["folderOnly"] = loadUserPermissions($username);
-    
-    if ($rememberMe) {
-        $token = bin2hex(random_bytes(32));
-        $expiry = time() + (30 * 24 * 60 * 60);
-        $persistentTokens = [];
-        if (file_exists($persistentTokensFile)) {
-            $encryptedContent = file_get_contents($persistentTokensFile);
-            $decryptedContent = decryptData($encryptedContent, $encryptionKey);
-            $persistentTokens = json_decode($decryptedContent, true);
-            if (!is_array($persistentTokens)) {
-                $persistentTokens = [];
-            }
-        }
-        $persistentTokens[$token] = [
-            "username" => $username,
-            "expiry"   => $expiry,
-            "isAdmin"  => ($_SESSION["isAdmin"] === true)
-        ];
-        $encryptedContent = encryptData(json_encode($persistentTokens, JSON_PRETTY_PRINT), $encryptionKey);
-        file_put_contents($persistentTokensFile, $encryptedContent, LOCK_EX);
-        // Define $secure based on whether HTTPS is enabled
-        $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
-        setcookie('remember_me_token', $token, $expiry, '/', '', $secure, true);
-    }
-    
-    echo json_encode([
-      "status" => "ok",
-      "success"   => "Login successful", 
-      "isAdmin"   => $_SESSION["isAdmin"],
-      "folderOnly"=> $_SESSION["folderOnly"],
-      "username"  => $_SESSION["username"]
-    ]);
-} else {
-    if (isset($failedAttempts[$ip])) {
-        $failedAttempts[$ip]['count']++;
-        $failedAttempts[$ip]['last_attempt'] = $currentTime;
-    } else {
-        $failedAttempts[$ip] = ['count' => 1, 'last_attempt' => $currentTime];
-    }
-    saveFailedAttempts($attemptsFile, $failedAttempts);
-    $logLine = date('Y-m-d H:i:s') . " - Failed login attempt for username: " . $username . " from IP: " . $ip . PHP_EOL;
-    file_put_contents($failedLogFile, $logLine, FILE_APPEND);
-    http_response_code(401);
-    echo json_encode(["error" => "Invalid credentials"]);
-}
-?>
--- a/changePassword.php
+++ b/changePassword.php
@@ -1,99 +0,0 @@
-<?php
-// changePassword.php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-if (!$username) {
-    echo json_encode(["error" => "No username in session"]);
-    exit;
-}
-
-// CSRF token check.
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Get POST data.
-$data = json_decode(file_get_contents("php://input"), true);
-$oldPassword = trim($data["oldPassword"] ?? "");
-$newPassword = trim($data["newPassword"] ?? "");
-$confirmPassword = trim($data["confirmPassword"] ?? "");
-
-// Validate input.
-if (!$oldPassword || !$newPassword || !$confirmPassword) {
-    echo json_encode(["error" => "All fields are required."]);
-    exit;
-}
-if ($newPassword !== $confirmPassword) {
-    echo json_encode(["error" => "New passwords do not match."]);
-    exit;
-}
-
-// Path to users file.
-$usersFile = USERS_DIR . USERS_FILE;
-if (!file_exists($usersFile)) {
-    echo json_encode(["error" => "Users file not found"]);
-    exit;
-}
-
-// Read current users.
-$lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-$userFound = false;
-$newLines = [];
-
-foreach ($lines as $line) {
-    $parts = explode(':', trim($line));
-    // Expect at least 3 parts: username, hashed password, and role.
-    if (count($parts) < 3) {
-        // Skip invalid lines.
-        $newLines[] = $line;
-        continue;
-    }
-    $storedUser = $parts[0];
-    $storedHash = $parts[1];
-    $storedRole = $parts[2];
-    // Preserve TOTP secret if it exists.
-    $totpSecret = (count($parts) >= 4) ? $parts[3] : "";
-    
-    if ($storedUser === $username) {
-        $userFound = true;
-        // Verify the old password.
-        if (!password_verify($oldPassword, $storedHash)) {
-            echo json_encode(["error" => "Old password is incorrect."]);
-            exit;
-        }
-        // Hash the new password.
-        $newHashedPassword = password_hash($newPassword, PASSWORD_BCRYPT);
-        // Rebuild the line with the new hash and preserve TOTP secret if present.
-        if ($totpSecret !== "") {
-            $newLines[] = $username . ":" . $newHashedPassword . ":" . $storedRole . ":" . $totpSecret;
-        } else {
-            $newLines[] = $username . ":" . $newHashedPassword . ":" . $storedRole;
-        }
-    } else {
-        $newLines[] = $line;
-    }
-}
-
-if (!$userFound) {
-    echo json_encode(["error" => "User not found."]);
-    exit;
-}
-
-// Save updated users file.
-if (file_put_contents($usersFile, implode(PHP_EOL, $newLines) . PHP_EOL)) {
-    echo json_encode(["success" => "Password updated successfully."]);
-} else {
-    echo json_encode(["error" => "Could not update password."]);
-}
-?>
--- a/checkAuth.php
+++ b/checkAuth.php
@@ -1,70 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Check if users.txt is empty or doesn't exist.
-$usersFile = USERS_DIR . USERS_FILE;
-if (!file_exists($usersFile) || trim(file_get_contents($usersFile)) === '') {
-    // In production, you might log that the system is in setup mode.
-    error_log("checkAuth: users file not found or empty; entering setup mode.");
-    echo json_encode(["setup" => true]);
-    exit();
-}
-
-// Check session authentication.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["authenticated" => false]);
-    exit();
-}
-
-/**
- * Helper function to get a user's role from users.txt.
- * Returns the role as a string (e.g. "1") or null if not found.
- */
-function getUserRole($username) {
-    global $usersFile;
-    if (file_exists($usersFile)) {
-        $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-        foreach ($lines as $line) {
-            $parts = explode(":", trim($line));
-            if (count($parts) >= 3 && $parts[0] === $username) {
-                return trim($parts[2]);
-            }
-        }
-    }
-    return null;
-}
-
-// Determine if TOTP is enabled by checking users.txt.
-$totp_enabled = false;
-$username = $_SESSION['username'] ?? '';
-if ($username) {
-    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-    foreach ($lines as $line) {
-        $parts = explode(":", trim($line));
-        // Assuming first field is username and fourth (if exists) is the TOTP secret.
-        if ($parts[0] === $username) {
-            if (isset($parts[3]) && trim($parts[3]) !== "") {
-                $totp_enabled = true;
-            }
-            break;
-        }
-    }
-}
-
-// Use getUserRole() to determine admin status.
-// We cast the role to an integer so that "1" (string) is treated as true.
-$userRole = getUserRole($username);
-$isAdmin = ((int)$userRole === 1);
-
-// Build and return the JSON response.
-$response = [
-    "authenticated" => true,
-    "isAdmin"       => $isAdmin,
-    "totp_enabled"  => $totp_enabled,
-    "username"      => $username,
-    "folderOnly"    => isset($_SESSION["folderOnly"]) ? $_SESSION["folderOnly"] : false
-];
-
-echo json_encode($response);
-?>
--- a/codeql-config.yml
+++ b/codeql-config.yml
@@ -0,0 +1,12 @@
+---
+name: FileRise CodeQL config
+paths:
+  - public/js
+  - api
+paths-ignore:
+  - public/vendor/**
+  - public/css/vendor/**
+  - public/fonts/**
+  - public/**/*.min.js
+  - public/**/*.min.css
+  - public/**/*.map
--- a/composer.json
+++ b/composer.json
@@ -6,6 +6,7 @@
      "jumbojett/openid-connect-php": "^1.0.0",
      "phpseclib/phpseclib": "~3.0.7",
      "robthree/twofactorauth": "^3.0",
-      "endroid/qr-code": "^5.0"
+      "endroid/qr-code": "^5.0",
+      "sabre/dav": "^4.4"
    }
  }
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "6b70aec0c1830ebb2b8f9bb625b04a22",
+    "content-hash": "3a9b8d9fcfdaaa865ba03eab392e88fd",
    "packages": [
        {
            "name": "bacon/bacon-qr-code",
@@ -451,6 +451,56 @@
            ],
            "time": "2024-12-14T21:12:59+00:00"
        },
+        {
+            "name": "psr/log",
+            "version": "3.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/log.git",
+                "reference": "f16e1d5863e37f8d8c2a01719f5b34baa2b714d3"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/f16e1d5863e37f8d8c2a01719f5b34baa2b714d3",
+                "reference": "f16e1d5863e37f8d8c2a01719f5b34baa2b714d3",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.0.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Log\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for logging libraries",
+            "homepage": "https://github.com/php-fig/log",
+            "keywords": [
+                "log",
+                "psr",
+                "psr-3"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/log/tree/3.0.2"
+            },
+            "time": "2024-09-11T13:17:53+00:00"
+        },
        {
            "name": "robthree/twofactorauth",
            "version": "v3.0.2",
@@ -531,6 +581,451 @@
                }
            ],
            "time": "2024-10-24T15:14:25+00:00"
+        },
+        {
+            "name": "sabre/dav",
+            "version": "4.7.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/dav.git",
+                "reference": "074373bcd689a30bcf5aaa6bbb20a3395964ce7a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/dav/zipball/074373bcd689a30bcf5aaa6bbb20a3395964ce7a",
+                "reference": "074373bcd689a30bcf5aaa6bbb20a3395964ce7a",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ctype": "*",
+                "ext-date": "*",
+                "ext-dom": "*",
+                "ext-iconv": "*",
+                "ext-json": "*",
+                "ext-mbstring": "*",
+                "ext-pcre": "*",
+                "ext-simplexml": "*",
+                "ext-spl": "*",
+                "lib-libxml": ">=2.7.0",
+                "php": "^7.1.0 || ^8.0",
+                "psr/log": "^1.0 || ^2.0 || ^3.0",
+                "sabre/event": "^5.0",
+                "sabre/http": "^5.0.5",
+                "sabre/uri": "^2.0",
+                "sabre/vobject": "^4.2.1",
+                "sabre/xml": "^2.0.1"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "^2.19",
+                "monolog/monolog": "^1.27 || ^2.0",
+                "phpstan/phpstan": "^0.12 || ^1.0",
+                "phpstan/phpstan-phpunit": "^1.0",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6"
+            },
+            "suggest": {
+                "ext-curl": "*",
+                "ext-imap": "*",
+                "ext-pdo": "*"
+            },
+            "bin": [
+                "bin/sabredav",
+                "bin/naturalselection"
+            ],
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Sabre\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "WebDAV Framework for PHP",
+            "homepage": "http://sabre.io/",
+            "keywords": [
+                "CalDAV",
+                "CardDAV",
+                "WebDAV",
+                "framework",
+                "iCalendar"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/dav/issues",
+                "source": "https://github.com/fruux/sabre-dav"
+            },
+            "time": "2024-10-29T11:46:02+00:00"
+        },
+        {
+            "name": "sabre/event",
+            "version": "5.1.7",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/event.git",
+                "reference": "86d57e305c272898ba3c28e9bd3d65d5464587c2"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/event/zipball/86d57e305c272898ba3c28e9bd3d65d5464587c2",
+                "reference": "86d57e305c272898ba3c28e9bd3d65d5464587c2",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.1 || ^8.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.17.1||^3.63",
+                "phpstan/phpstan": "^0.12",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/coroutine.php",
+                    "lib/Loop/functions.php",
+                    "lib/Promise/functions.php"
+                ],
+                "psr-4": {
+                    "Sabre\\Event\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "sabre/event is a library for lightweight event-based programming",
+            "homepage": "http://sabre.io/event/",
+            "keywords": [
+                "EventEmitter",
+                "async",
+                "coroutine",
+                "eventloop",
+                "events",
+                "hooks",
+                "plugin",
+                "promise",
+                "reactor",
+                "signal"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/event/issues",
+                "source": "https://github.com/fruux/sabre-event"
+            },
+            "time": "2024-08-27T11:23:05+00:00"
+        },
+        {
+            "name": "sabre/http",
+            "version": "5.1.12",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/http.git",
+                "reference": "dedff73f3995578bc942fa4c8484190cac14f139"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/http/zipball/dedff73f3995578bc942fa4c8484190cac14f139",
+                "reference": "dedff73f3995578bc942fa4c8484190cac14f139",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ctype": "*",
+                "ext-curl": "*",
+                "ext-mbstring": "*",
+                "php": "^7.1 || ^8.0",
+                "sabre/event": ">=4.0 <6.0",
+                "sabre/uri": "^2.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.17.1||^3.63",
+                "phpstan/phpstan": "^0.12",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6"
+            },
+            "suggest": {
+                "ext-curl": " to make http requests with the Client class"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/functions.php"
+                ],
+                "psr-4": {
+                    "Sabre\\HTTP\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "The sabre/http library provides utilities for dealing with http requests and responses. ",
+            "homepage": "https://github.com/fruux/sabre-http",
+            "keywords": [
+                "http"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/http/issues",
+                "source": "https://github.com/fruux/sabre-http"
+            },
+            "time": "2024-08-27T16:07:41+00:00"
+        },
+        {
+            "name": "sabre/uri",
+            "version": "2.3.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/uri.git",
+                "reference": "b76524c22de90d80ca73143680a8e77b1266c291"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/uri/zipball/b76524c22de90d80ca73143680a8e77b1266c291",
+                "reference": "b76524c22de90d80ca73143680a8e77b1266c291",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.4 || ^8.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "^3.63",
+                "phpstan/extension-installer": "^1.4",
+                "phpstan/phpstan": "^1.12",
+                "phpstan/phpstan-phpunit": "^1.4",
+                "phpstan/phpstan-strict-rules": "^1.6",
+                "phpunit/phpunit": "^9.6"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/functions.php"
+                ],
+                "psr-4": {
+                    "Sabre\\Uri\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "Functions for making sense out of URIs.",
+            "homepage": "http://sabre.io/uri/",
+            "keywords": [
+                "rfc3986",
+                "uri",
+                "url"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/uri/issues",
+                "source": "https://github.com/fruux/sabre-uri"
+            },
+            "time": "2024-08-27T12:18:16+00:00"
+        },
+        {
+            "name": "sabre/vobject",
+            "version": "4.5.7",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/vobject.git",
+                "reference": "ff22611a53782e90c97be0d0bc4a5f98a5c0a12c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/vobject/zipball/ff22611a53782e90c97be0d0bc4a5f98a5c0a12c",
+                "reference": "ff22611a53782e90c97be0d0bc4a5f98a5c0a12c",
+                "shasum": ""
+            },
+            "require": {
+                "ext-mbstring": "*",
+                "php": "^7.1 || ^8.0",
+                "sabre/xml": "^2.1 || ^3.0 || ^4.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.17.1",
+                "phpstan/phpstan": "^0.12 || ^1.12 || ^2.0",
+                "phpunit/php-invoker": "^2.0 || ^3.1",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6"
+            },
+            "suggest": {
+                "hoa/bench": "If you would like to run the benchmark scripts"
+            },
+            "bin": [
+                "bin/vobject",
+                "bin/generate_vcards"
+            ],
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "4.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Sabre\\VObject\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Dominik Tobschall",
+                    "email": "dominik@fruux.com",
+                    "homepage": "http://tobschall.de/",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Ivan Enderlin",
+                    "email": "ivan.enderlin@hoa-project.net",
+                    "homepage": "http://mnt.io/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "The VObject library for PHP allows you to easily parse and manipulate iCalendar and vCard objects",
+            "homepage": "http://sabre.io/vobject/",
+            "keywords": [
+                "availability",
+                "freebusy",
+                "iCalendar",
+                "ical",
+                "ics",
+                "jCal",
+                "jCard",
+                "recurrence",
+                "rfc2425",
+                "rfc2426",
+                "rfc2739",
+                "rfc4770",
+                "rfc5545",
+                "rfc5546",
+                "rfc6321",
+                "rfc6350",
+                "rfc6351",
+                "rfc6474",
+                "rfc6638",
+                "rfc6715",
+                "rfc6868",
+                "vCalendar",
+                "vCard",
+                "vcf",
+                "xCal",
+                "xCard"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/vobject/issues",
+                "source": "https://github.com/fruux/sabre-vobject"
+            },
+            "time": "2025-04-17T09:22:48+00:00"
+        },
+        {
+            "name": "sabre/xml",
+            "version": "2.2.11",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabre-io/xml.git",
+                "reference": "01a7927842abf3e10df3d9c2d9b0cc9d813a3fcc"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabre-io/xml/zipball/01a7927842abf3e10df3d9c2d9b0cc9d813a3fcc",
+                "reference": "01a7927842abf3e10df3d9c2d9b0cc9d813a3fcc",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-xmlreader": "*",
+                "ext-xmlwriter": "*",
+                "lib-libxml": ">=2.6.20",
+                "php": "^7.1 || ^8.0",
+                "sabre/uri": ">=1.0,<3.0.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.17.1||3.63.2",
+                "phpstan/phpstan": "^0.12",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/Deserializer/functions.php",
+                    "lib/Serializer/functions.php"
+                ],
+                "psr-4": {
+                    "Sabre\\Xml\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Evert Pot",
+                    "email": "me@evertpot.com",
+                    "homepage": "http://evertpot.com/",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Markus Staab",
+                    "email": "markus.staab@redaxo.de",
+                    "role": "Developer"
+                }
+            ],
+            "description": "sabre/xml is an XML library that you may not hate.",
+            "homepage": "https://sabre.io/xml/",
+            "keywords": [
+                "XMLReader",
+                "XMLWriter",
+                "dom",
+                "xml"
+            ],
+            "support": {
+                "forum": "https://groups.google.com/group/sabredav-discuss",
+                "issues": "https://github.com/sabre-io/xml/issues",
+                "source": "https://github.com/fruux/sabre-xml"
+            },
+            "time": "2024-09-06T07:37:46+00:00"
        }
    ],
    "packages-dev": [],
--- a/config.php
+++ b/config.php
@@ -1,167 +0,0 @@
-<?php
-// config.php
-header("Cache-Control: no-cache, must-revalidate");
-header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
-header("Pragma: no-cache");
-header("Expires: 0");
-header('X-Content-Type-Options: nosniff');
-// Security headers
-header("X-Content-Type-Options: nosniff");
-header("X-Frame-Options: SAMEORIGIN");
-header("Referrer-Policy: no-referrer-when-downgrade");
-// Only include Strict-Transport-Security if you are using HTTPS
-if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-    header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
-}
-header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
-header("X-XSS-Protection: 1; mode=block");
-
-// Define constants.
-define('UPLOAD_DIR', '/var/www/uploads/');
-define('USERS_DIR', '/var/www/users/');
-define('USERS_FILE', 'users.txt');
-define('META_DIR', '/var/www/metadata/');
-define('META_FILE', 'file_metadata.json');
-define('TRASH_DIR', UPLOAD_DIR . 'trash/');
-define('TIMEZONE', 'America/New_York');
-define('DATE_TIME_FORMAT', 'm/d/y  h:iA');
-define('TOTAL_UPLOAD_SIZE', '5G');
-define('REGEX_FOLDER_NAME', '/^[\p{L}\p{N}_\-\s\/\\\\]+$/u');
-define('PATTERN_FOLDER_NAME', '[\p{L}\p{N}_\-\s\/\\\\]+');
-define('REGEX_FILE_NAME', '/^[\p{L}\p{N}\p{M}%\-\.\(\) _]+$/u');
-define('REGEX_USER', '/^[\p{L}\p{N}_\- ]+$/u');
-
-date_default_timezone_set(TIMEZONE);
-
-/**
- * Encrypts data using AES-256-CBC.
- *
- * @param string $data The plaintext.
- * @param string $encryptionKey The encryption key.
- * @return string Base64-encoded string containing IV and ciphertext.
- */
-function encryptData($data, $encryptionKey)
-{
-    $cipher = 'AES-256-CBC';
-    $ivlen = openssl_cipher_iv_length($cipher);
-    $iv = openssl_random_pseudo_bytes($ivlen);
-    $ciphertext = openssl_encrypt($data, $cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);
-    return base64_encode($iv . $ciphertext);
-}
-
-/**
- * Decrypts data encrypted with AES-256-CBC.
- *
- * @param string $encryptedData Base64-encoded data containing IV and ciphertext.
- * @param string $encryptionKey The encryption key.
- * @return string|false The decrypted plaintext or false on failure.
- */
-function decryptData($encryptedData, $encryptionKey)
-{
-    $cipher = 'AES-256-CBC';
-    $data = base64_decode($encryptedData);
-    $ivlen = openssl_cipher_iv_length($cipher);
-    $iv = substr($data, 0, $ivlen);
-    $ciphertext = substr($data, $ivlen);
-    return openssl_decrypt($ciphertext, $cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);
-}
-
-// Load encryption key from environment (override in production).
-$envKey = getenv('PERSISTENT_TOKENS_KEY');
-if ($envKey === false || $envKey === '') {
-    $encryptionKey = 'default_please_change_this_key';
-    error_log('WARNING: Using default encryption key. Please set PERSISTENT_TOKENS_KEY in your environment.');
-} else {
-    $encryptionKey = $envKey;
-}
-
-function loadUserPermissions($username)
-{
-    global $encryptionKey;
-    $permissionsFile = USERS_DIR . 'userPermissions.json';
-
-    if (file_exists($permissionsFile)) {
-        $content = file_get_contents($permissionsFile);
-
-        // Try to decrypt the content.
-        $decryptedContent = decryptData($content, $encryptionKey);
-        if ($decryptedContent !== false) {
-            $permissions = json_decode($decryptedContent, true);
-        } else {
-            $permissions = json_decode($content, true);
-        }
-
-        if (is_array($permissions) && array_key_exists($username, $permissions)) {
-            $result = $permissions[$username];
-            return !empty($result) ? $result : false;
-        }
-    }
-    // Removed error_log() to prevent flooding logs when file is not found.
-    return false; // Return false if no permissions found.
-}
-
-// Determine whether HTTPS is used.
-$envSecure = getenv('SECURE');
-if ($envSecure !== false) {
-    $secure = filter_var($envSecure, FILTER_VALIDATE_BOOLEAN);
-} else {
-    $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
-}
-
-$cookieParams = [
-    'lifetime' => 7200,
-    'path'     => '/',
-    'domain'   => '', // Set your domain as needed.
-    'secure'   => $secure,
-    'httponly' => true,
-    'samesite' => 'Lax'
-];
-
-if (session_status() === PHP_SESSION_NONE) {
-    session_set_cookie_params($cookieParams);
-    ini_set('session.gc_maxlifetime', 7200);
-    session_start();
-}
-
-if (empty($_SESSION['csrf_token'])) {
-    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
-}
-
-// Auto-login via persistent token.
-if (!isset($_SESSION["authenticated"]) && isset($_COOKIE['remember_me_token'])) {
-    $persistentTokensFile = USERS_DIR . 'persistent_tokens.json';
-    $persistentTokens = [];
-    if (file_exists($persistentTokensFile)) {
-        $encryptedContent = file_get_contents($persistentTokensFile);
-        $decryptedContent = decryptData($encryptedContent, $encryptionKey);
-        $persistentTokens = json_decode($decryptedContent, true);
-        if (!is_array($persistentTokens)) {
-            $persistentTokens = [];
-        }
-    }
-    if (isset($persistentTokens[$_COOKIE['remember_me_token']])) {
-        $tokenData = $persistentTokens[$_COOKIE['remember_me_token']];
-        if ($tokenData['expiry'] >= time()) {
-            $_SESSION["authenticated"] = true;
-            $_SESSION["username"] = $tokenData["username"];
-            // IMPORTANT: Set the folderOnly flag here for auto-login.
-            $_SESSION["folderOnly"] = loadUserPermissions($tokenData["username"]);
-        } else {
-            unset($persistentTokens[$_COOKIE['remember_me_token']]);
-            $newEncryptedContent = encryptData(json_encode($persistentTokens, JSON_PRETTY_PRINT), $encryptionKey);
-            file_put_contents($persistentTokensFile, $newEncryptedContent, LOCK_EX);
-            setcookie('remember_me_token', '', time() - 3600, '/', '', $secure, true);
-        }
-    }
-}
-
-define('BASE_URL', 'http://yourwebsite/uploads/');
-
-if (strpos(BASE_URL, 'yourwebsite') !== false) {
-    $defaultShareUrl = isset($_SERVER['HTTP_HOST'])
-        ? "http://" . $_SERVER['HTTP_HOST'] . "/share.php"
-        : "http://localhost/share.php";
-} else {
-    $defaultShareUrl = rtrim(BASE_URL, '/') . "/share.php";
-}
-define('SHARE_URL', getenv('SHARE_URL') ? getenv('SHARE_URL') : $defaultShareUrl);
--- a/config/config.php
+++ b/config/config.php
@@ -0,0 +1,312 @@
+<?php
+declare(strict_types=1);
+// config.php
+
+// Define constants
+define('PROJECT_ROOT', dirname(__DIR__));
+define('UPLOAD_DIR',    '/var/www/uploads/');
+define('USERS_DIR',     '/var/www/users/');
+define('USERS_FILE',    'users.txt');
+define('META_DIR',      '/var/www/metadata/');
+define('META_FILE',     'file_metadata.json');
+define('TRASH_DIR',     UPLOAD_DIR . 'trash/');
+define('TIMEZONE',      'America/New_York');
+define('DATE_TIME_FORMAT','m/d/y  h:iA');
+define('TOTAL_UPLOAD_SIZE','5G');
+define('REGEX_FOLDER_NAME','/^(?!^(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])$)(?!.*[. ]$)(?:[^<>:"\/\\\\|?*\x00-\x1F]{1,255})(?:[\/\\\\][^<>:"\/\\\\|?*\x00-\x1F]{1,255})*$/xu');
+define('PATTERN_FOLDER_NAME','[\p{L}\p{N}_\-\s\/\\\\]+');
+define('REGEX_FILE_NAME', '/^[^\x00-\x1F\/\\\\]{1,255}$/u');
+define('REGEX_USER',       '/^[\p{L}\p{N}_\- ]+$/u');
+define('FR_DEMO_MODE', false);
+
+date_default_timezone_set(TIMEZONE);
+
+if (!defined('DEFAULT_BYPASS_OWNERSHIP')) define('DEFAULT_BYPASS_OWNERSHIP', false);
+if (!defined('DEFAULT_CAN_SHARE'))        define('DEFAULT_CAN_SHARE', true);
+if (!defined('DEFAULT_CAN_ZIP'))          define('DEFAULT_CAN_ZIP', true);
+if (!defined('DEFAULT_VIEW_OWN_ONLY'))    define('DEFAULT_VIEW_OWN_ONLY', false);
+define('FOLDER_OWNERS_FILE', META_DIR . 'folder_owners.json');
+define('ACL_INHERIT_ON_CREATE', true);
+// ONLYOFFICE integration overrides (uncomment and set as needed)
+/*
+define('ONLYOFFICE_ENABLED', false);
+define('ONLYOFFICE_JWT_SECRET', 'test123456');
+define('ONLYOFFICE_DOCS_ORIGIN', 'http://192.168.1.61'); // your Document Server
+define('ONLYOFFICE_DEBUG', true);
+*/
+
+if (!defined('OIDC_TOKEN_ENDPOINT_AUTH_METHOD')) {
+    define('OIDC_TOKEN_ENDPOINT_AUTH_METHOD', 'client_secret_basic'); // default
+}
+
+// Encryption helpers
+function encryptData($data, $encryptionKey)
+{
+    $cipher = 'AES-256-CBC';
+    $ivlen  = openssl_cipher_iv_length($cipher);
+    $iv     = openssl_random_pseudo_bytes($ivlen);
+    $ct     = openssl_encrypt($data, $cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);
+    return base64_encode($iv . $ct);
+}
+
+function decryptData($encryptedData, $encryptionKey)
+{
+    $cipher = 'AES-256-CBC';
+    $data   = base64_decode($encryptedData);
+    $ivlen  = openssl_cipher_iv_length($cipher);
+    $iv     = substr($data, 0, $ivlen);
+    $ct     = substr($data, $ivlen);
+    return openssl_decrypt($ct, $cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);
+}
+
+// Load encryption key
+$envKey = getenv('PERSISTENT_TOKENS_KEY');
+if ($envKey === false || $envKey === '') {
+    $encryptionKey = 'default_please_change_this_key';
+    error_log('WARNING: Using default encryption key. Please set PERSISTENT_TOKENS_KEY in your environment.');
+} else {
+    $encryptionKey = $envKey;
+}
+
+// Helper to load JSON permissions (with optional decryption)
+function loadUserPermissions($username)
+{
+    global $encryptionKey;
+    $permissionsFile = USERS_DIR . 'userPermissions.json';
+    if (!file_exists($permissionsFile)) {
+        return false;
+    }
+
+    $content   = file_get_contents($permissionsFile);
+    $decrypted = decryptData($content, $encryptionKey);
+    $json      = ($decrypted !== false) ? $decrypted : $content;
+    $permsAll  = json_decode($json, true);
+
+    if (!is_array($permsAll)) {
+        return false;
+    }
+
+    // Try exact match first, then lowercase (since we store keys lowercase elsewhere)
+    $uExact = (string)$username;
+    $uLower = strtolower($uExact);
+
+    $row = $permsAll[$uExact] ?? $permsAll[$uLower] ?? null;
+
+    // Normalize: always return an array when found, else false (to preserve current callers’ behavior)
+    return is_array($row) ? $row : false;
+}
+
+// Determine HTTPS usage
+$envSecure = getenv('SECURE');
+$secure = ($envSecure !== false)
+    ? filter_var($envSecure, FILTER_VALIDATE_BOOLEAN)
+    : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
+
+
+// PHP session lifetime (independent of "remember me")
+// Keep this reasonably short; "remember me" uses its own token.
+$defaultSession  = 7200;              // 2 hours
+$sessionLifetime = $defaultSession;
+
+// "Remember me" window (how long the persistent token itself is valid)
+// This is used in persistent_tokens.json, *not* for PHP session lifetime.
+$persistentDays  = 30 * 24 * 60 * 60; // 30 days
+
+/**
+ * Start session idempotently:
+ * - If no session: set cookie params + gc_maxlifetime, then session_start().
+ * - If session already active: DO NOT change ini/cookie params; optionally refresh cookie expiry.
+ */
+if (session_status() === PHP_SESSION_NONE) {
+    session_set_cookie_params([
+        'lifetime' => $sessionLifetime,
+        'path'     => '/',
+        'domain'   => '',      // adjust if you need a specific domain
+        'secure'   => $secure,
+        'httponly' => true,
+        'samesite' => 'Lax'
+    ]);
+    ini_set('session.gc_maxlifetime', (string)$sessionLifetime);
+    session_start();
+} else {
+    // Optionally refresh the session cookie expiry to keep the user alive
+    $params = session_get_cookie_params();
+    if ($sessionLifetime > 0) {
+        setcookie(session_name(), session_id(), [
+            'expires'  => time() + $sessionLifetime,
+            'path'     => $params['path']     ?: '/',
+            'domain'   => $params['domain']   ?? '',
+            'secure'   => $secure,
+            'httponly' => true,
+            'samesite' => $params['samesite'] ?? 'Lax',
+        ]);
+    }
+}
+
+// CSRF token
+if (empty($_SESSION['csrf_token'])) {
+    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+}
+
+// Auto-login via persistent token
+if (empty($_SESSION["authenticated"]) && !empty($_COOKIE['remember_me_token'])) {
+    $tokFile = USERS_DIR . 'persistent_tokens.json';
+    $tokens = [];
+    if (file_exists($tokFile)) {
+        $enc = file_get_contents($tokFile);
+        $dec = decryptData($enc, $encryptionKey);
+        $tokens = json_decode($dec, true) ?: [];
+    }
+    $token = $_COOKIE['remember_me_token'];
+    if (!empty($tokens[$token])) {
+        $data = $tokens[$token];
+        if ($data['expiry'] >= time()) {
+            // NEW: mitigate session fixation
+            if (session_status() === PHP_SESSION_ACTIVE) {
+                session_regenerate_id(true);
+            }
+
+            $_SESSION["authenticated"] = true;
+            $_SESSION["username"]      = $data["username"];
+            $_SESSION["folderOnly"]    = loadUserPermissions($data["username"]);
+            $_SESSION["isAdmin"]       = !empty($data["isAdmin"]);
+        } else {
+            // expired — clean up
+            unset($tokens[$token]);
+            file_put_contents(
+                $tokFile,
+                encryptData(json_encode($tokens, JSON_PRETTY_PRINT), $encryptionKey),
+                LOCK_EX
+            );
+            setcookie('remember_me_token', '', time() - 3600, '/', '', $secure, true);
+        }
+    }
+}
+
+$adminConfigFile = USERS_DIR . 'adminConfig.json';
+
+// sane defaults:
+$cfgAuthBypass = false;
+$cfgAuthHeader = 'X_REMOTE_USER';
+
+if (file_exists($adminConfigFile)) {
+    $encrypted = file_get_contents($adminConfigFile);
+    $decrypted = decryptData($encrypted, $encryptionKey);
+    $adminCfg  = json_decode($decrypted, true) ?: [];
+
+    $loginOpts = $adminCfg['loginOptions'] ?? [];
+
+    // proxy-only bypass flag
+    $cfgAuthBypass = ! empty($loginOpts['authBypass']);
+
+    // header name (e.g. “X-Remote-User” → HTTP_X_REMOTE_USER)
+    $hdr = trim($loginOpts['authHeaderName'] ?? '');
+    if ($hdr === '') {
+        $hdr = 'X-Remote-User';
+    }
+    // normalize to PHP’s $_SERVER key format:
+    $cfgAuthHeader = 'HTTP_' . strtoupper(str_replace('-', '_', $hdr));
+}
+
+define('AUTH_BYPASS',  $cfgAuthBypass);
+define('AUTH_HEADER',  $cfgAuthHeader);
+
+// ─────────────────────────────────────────────────────────────────────────────
+// PROXY-ONLY AUTO–LOGIN now uses those constants:
+if (AUTH_BYPASS) {
+    $hdrKey = AUTH_HEADER;   // e.g. "HTTP_X_REMOTE_USER"
+    if (!empty($_SERVER[$hdrKey])) {
+        // regenerate once per session
+        if (empty($_SESSION['authenticated'])) {
+            session_regenerate_id(true);
+        }
+
+        $username = $_SERVER[$hdrKey];
+        $_SESSION['authenticated'] = true;
+        $_SESSION['username']      = $username;
+
+        // ◾ lookup actual role instead of forcing admin
+        require_once PROJECT_ROOT . '/src/models/AuthModel.php';
+        $role = AuthModel::getUserRole($username);
+        $_SESSION['isAdmin'] = ($role === '1');
+
+        // carry over any folder/read/upload perms
+        $perms = loadUserPermissions($username) ?: [];
+        $_SESSION['folderOnly']    = $perms['folderOnly']    ?? false;
+        $_SESSION['readOnly']      = $perms['readOnly']      ?? false;
+        $_SESSION['disableUpload'] = $perms['disableUpload'] ?? false;
+    }
+}
+
+// Share URL fallback (keep BASE_URL behavior)
+define('BASE_URL', 'http://yourwebsite/uploads/');
+
+// Detect scheme correctly (works behind proxies too)
+$proto = $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? (
+           (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'
+         );
+$host  = $_SERVER['HTTP_HOST'] ?? 'localhost';
+
+if (strpos(BASE_URL, 'yourwebsite') !== false) {
+    $defaultShare = "{$proto}://{$host}/api/file/share.php";
+} else {
+    $defaultShare = rtrim(BASE_URL, '/') . "/api/file/share.php";
+}
+
+// Final: env var wins, else fallback
+define('SHARE_URL', getenv('SHARE_URL') ?: $defaultShare);
+
+// ------------------------------------------------------------
+// FileRise Pro bootstrap wiring
+// ------------------------------------------------------------
+
+// Inline license (optional; usually set via Admin UI and PRO_LICENSE_FILE)
+if (!defined('FR_PRO_LICENSE')) {
+    $envLicense = getenv('FR_PRO_LICENSE');
+    define('FR_PRO_LICENSE', $envLicense !== false ? trim((string)$envLicense) : '');
+}
+
+// JSON license file used by AdminController::setLicense()
+if (!defined('PRO_LICENSE_FILE')) {
+    define('PRO_LICENSE_FILE', rtrim(USERS_DIR, "/\\") . '/proLicense.json');
+}
+
+// Optional plain-text license file (used as fallback in bootstrap)
+if (!defined('FR_PRO_LICENSE_FILE')) {
+    $lf = getenv('FR_PRO_LICENSE_FILE');
+    if ($lf === false || $lf === '') {
+        $lf = rtrim(USERS_DIR, "/\\") . '/proLicense.txt';
+    }
+    define('FR_PRO_LICENSE_FILE', $lf);
+}
+
+// Where Pro code lives by default → inside users volume
+$proDir = getenv('FR_PRO_BUNDLE_DIR');
+if ($proDir === false || $proDir === '') {
+    $proDir = rtrim(USERS_DIR, "/\\") . '/pro';
+}
+$proDir = rtrim($proDir, "/\\");
+if (!defined('FR_PRO_BUNDLE_DIR')) {
+    define('FR_PRO_BUNDLE_DIR', $proDir);
+}
+
+// Try to load Pro bootstrap if enabled + present
+$proBootstrap = FR_PRO_BUNDLE_DIR . '/bootstrap_pro.php';
+if (@is_file($proBootstrap)) {
+    require_once $proBootstrap;
+}
+
+// If bootstrap didn’t define these, give safe defaults
+if (!defined('FR_PRO_ACTIVE')) {
+    define('FR_PRO_ACTIVE', false);
+}
+if (!defined('FR_PRO_INFO')) {
+    define('FR_PRO_INFO', [
+        'valid'   => false,
+        'error'   => null,
+        'payload' => null,
+    ]);
+}
+if (!defined('FR_PRO_BUNDLE_VERSION')) {
+    define('FR_PRO_BUNDLE_VERSION', null);
+}
--- a/copyFiles.php
+++ b/copyFiles.php
@@ -1,153 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to copy files."]);
-        exit();
-    }
-}
-
-$data = json_decode(file_get_contents("php://input"), true);
-if (
-    !$data || 
-    !isset($data['source']) || 
-    !isset($data['destination']) || 
-    !isset($data['files'])
-) {
-    echo json_encode(["error" => "Invalid request"]);
-    exit;
-}
-
-$sourceFolder = trim($data['source']);
-$destinationFolder = trim($data['destination']);
-$files = $data['files'];
-
-// Validate folder names: allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-$folderPattern = REGEX_FOLDER_NAME;
-if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
-    echo json_encode(["error" => "Invalid source folder name."]);
-    exit;
-}
-if ($destinationFolder !== 'root' && !preg_match($folderPattern, $destinationFolder)) {
-    echo json_encode(["error" => "Invalid destination folder name."]);
-    exit;
-}
-
-// Trim any leading/trailing slashes and spaces.
-$sourceFolder = trim($sourceFolder, "/\\ ");
-$destinationFolder = trim($destinationFolder, "/\\ ");
-
-// Build the source and destination directories.
-$baseDir = rtrim(UPLOAD_DIR, '/\\');
-$sourceDir = ($sourceFolder === 'root') 
-    ? $baseDir . DIRECTORY_SEPARATOR 
-    : $baseDir . DIRECTORY_SEPARATOR . $sourceFolder . DIRECTORY_SEPARATOR;
-$destDir = ($destinationFolder === 'root') 
-    ? $baseDir . DIRECTORY_SEPARATOR 
-    : $baseDir . DIRECTORY_SEPARATOR . $destinationFolder . DIRECTORY_SEPARATOR;
-
-// Helper: Generate the metadata file path for a given folder.
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-// Helper: Generate a unique file name if a file with the same name exists.
-function getUniqueFileName($destDir, $fileName) {
-    $fullPath = $destDir . $fileName;
-    clearstatcache(true, $fullPath);
-    if (!file_exists($fullPath)) {
-        return $fileName;
-    }
-    $basename = pathinfo($fileName, PATHINFO_FILENAME);
-    $extension = pathinfo($fileName, PATHINFO_EXTENSION);
-    $counter = 1;
-    do {
-        $newName = $basename . " (" . $counter . ")" . ($extension ? "." . $extension : "");
-        $newFullPath = $destDir . $newName;
-        clearstatcache(true, $newFullPath);
-        $counter++;
-    } while (file_exists($destDir . $newName));
-    return $newName;
-}
-
-// Load source and destination metadata.
-$srcMetaFile = getMetadataFilePath($sourceFolder);
-$destMetaFile = getMetadataFilePath($destinationFolder);
-
-$srcMetadata = file_exists($srcMetaFile) ? json_decode(file_get_contents($srcMetaFile), true) : [];
-$destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($destMetaFile), true) : [];
-
-$errors = [];
-
-// Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-foreach ($files as $fileName) {
-    // Save the original name for metadata lookup.
-    $originalName = basename(trim($fileName));
-    $basename = $originalName;
-    if (!preg_match($safeFileNamePattern, $basename)) {
-        $errors[] = "$basename has an invalid name.";
-        continue;
-    }
-    
-    $srcPath = $sourceDir . $originalName;
-    $destPath = $destDir . $basename;
-    
-    clearstatcache();
-    if (!file_exists($srcPath)) {
-        $errors[] = "$originalName does not exist in source.";
-        continue;
-    }
-    
-    if (file_exists($destPath)) {
-        $uniqueName = getUniqueFileName($destDir, $basename);
-        $basename = $uniqueName; // update the file name for metadata and destination path
-        $destPath = $destDir . $uniqueName;
-    }
-    
-    if (!copy($srcPath, $destPath)) {
-        $errors[] = "Failed to copy $basename";
-        continue;
-    }
-    
-    // Update destination metadata: if there's metadata for the original file in source, add it under the new name.
-    if (isset($srcMetadata[$originalName])) {
-        $destMetadata[$basename] = $srcMetadata[$originalName];
-    }
-}
-
-if (file_put_contents($destMetaFile, json_encode($destMetadata, JSON_PRETTY_PRINT)) === false) {
-    $errors[] = "Failed to update destination metadata.";
-}
-
-if (empty($errors)) {
-    echo json_encode(["success" => "Files copied successfully"]);
-} else {
-    echo json_encode(["error" => implode("; ", $errors)]);
-}
-?>
--- a/createFolder.php
+++ b/createFolder.php
@@ -1,96 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-// Ensure the request is a POST
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    echo json_encode(['success' => false, 'error' => 'Invalid request method.']);
-    exit;
-}
-
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(['success' => false, 'error' => 'Invalid CSRF token.']);
-    http_response_code(403);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to create folders."]);
-        exit();
-    }
-}
-
-// Get the JSON input and decode it
-$input = json_decode(file_get_contents('php://input'), true);
-if (!isset($input['folderName'])) {
-    echo json_encode(['success' => false, 'error' => 'Folder name not provided.']);
-    exit;
-}
-
-$folderName = trim($input['folderName']);
-$parent = isset($input['parent']) ? trim($input['parent']) : "";
-
-// Basic sanitation: allow only letters, numbers, underscores, dashes, and spaces in folderName
-if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
-    echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
-    exit;
-}
-
-// Optionally, sanitize the parent folder if needed.
-if ($parent && !preg_match(REGEX_FOLDER_NAME, $parent)) {
-    echo json_encode(['success' => false, 'error' => 'Invalid parent folder name.']);
-    exit;
-}
-
-// Build the full folder path.
-$baseDir = rtrim(UPLOAD_DIR, '/\\');
-if ($parent && strtolower($parent) !== "root") {
-    $fullPath = $baseDir . DIRECTORY_SEPARATOR . $parent . DIRECTORY_SEPARATOR . $folderName;
-    $relativePath = $parent . "/" . $folderName;
-} else {
-    $fullPath = $baseDir . DIRECTORY_SEPARATOR . $folderName;
-    $relativePath = $folderName;
-}
-
-// Check if the folder already exists.
-if (file_exists($fullPath)) {
-    echo json_encode(['success' => false, 'error' => 'Folder already exists.']);
-    exit;
-}
-
-// Attempt to create the folder.
-if (mkdir($fullPath, 0755, true)) {
-
-    // --- Create an empty metadata file for the new folder ---
-    // Helper: Generate the metadata file path for a given folder.
-    // For "root", returns "root_metadata.json". Otherwise, replaces slashes, backslashes, and spaces with dashes and appends "_metadata.json".
-    function getMetadataFilePath($folder) {
-        if (strtolower($folder) === 'root' || $folder === '') {
-            return META_DIR . "root_metadata.json";
-        }
-        return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-    }
-    
-    $metadataFile = getMetadataFilePath($relativePath);
-    // Create an empty associative array (i.e. empty metadata) and write to the metadata file.
-    file_put_contents($metadataFile, json_encode([], JSON_PRETTY_PRINT));
-
-    echo json_encode(['success' => true]);
-} else {
-    echo json_encode(['success' => false, 'error' => 'Failed to create folder.']);
-}
-?>
--- a/createFolderShareLink.php
+++ b/createFolderShareLink.php
@@ -1,94 +0,0 @@
-<?php
-// createFolderShareLink.php
-
-require_once 'config.php';
-
-// Get POST input.
-$input = json_decode(file_get_contents("php://input"), true);
-if (!$input) {
-    echo json_encode(["error" => "Invalid input."]);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to create shared folders."]);
-        exit();
-    }
-}
-
-$folder = isset($input['folder']) ? trim($input['folder']) : "";
-$expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
-$password = isset($input['password']) ? $input['password'] : "";
-$allowUpload = isset($input['allowUpload']) ? intval($input['allowUpload']) : 0;
-
-// Validate folder name using regex.
-// Allow letters, numbers, underscores, hyphens, spaces and slashes.
-if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
-    echo json_encode(["error" => "Invalid folder name."]);
-    exit;
-}
-
-// Generate a secure token.
-try {
-    $token = bin2hex(random_bytes(16)); // 32 hex characters.
-} catch (Exception $e) {
-    echo json_encode(["error" => "Could not generate token."]);
-    exit;
-}
-
-// Calculate expiration time (Unix timestamp).
-$expires = time() + ($expirationMinutes * 60);
-
-// Hash password if provided.
-$hashedPassword = !empty($password) ? password_hash($password, PASSWORD_DEFAULT) : "";
-
-// Define the file to store share folder links.
-$shareFile = META_DIR . "share_folder_links.json";
-$shareLinks = [];
-if (file_exists($shareFile)) {
-    $data = file_get_contents($shareFile);
-    $shareLinks = json_decode($data, true);
-    if (!is_array($shareLinks)) {
-        $shareLinks = [];
-    }
-}
-
-// Clean up expired share links.
-$currentTime = time();
-foreach ($shareLinks as $key => $link) {
-    if (isset($link["expires"]) && $link["expires"] < $currentTime) {
-        unset($shareLinks[$key]);
-    }
-}
-
-// Add the new share record.
-$shareLinks[$token] = [
-    "folder" => $folder,
-    "expires" => $expires,
-    "password" => $hashedPassword,
-    "allowUpload" => $allowUpload
-];
-
-// Save the share links.
-if (file_put_contents($shareFile, json_encode($shareLinks, JSON_PRETTY_PRINT))) {
-// Determine base URL.
-if (defined('BASE_URL') && !empty(BASE_URL) && strpos(BASE_URL, 'yourwebsite') === false) {
-    $baseUrl = rtrim(BASE_URL, '/');
-} else {
-    // Prefer HTTP_HOST over SERVER_ADDR.
-    $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
-    // Use HTTP_HOST if set; fallback to gethostbyname if needed.
-    $host = !empty($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : gethostbyname($_SERVER['SERVER_ADDR'] ?? 'localhost');
-    $baseUrl = $protocol . "://" . $host;
-}
-    // The share URL points to shareFolder.php.
-    $link = $baseUrl . "/shareFolder.php?token=" . urlencode($token);
-    echo json_encode(["token" => $token, "expires" => $expires, "link" => $link]);
-} else {
-    echo json_encode(["error" => "Could not save share link."]);
-}
-?>
--- a/createShareLink.php
+++ b/createShareLink.php
@@ -1,75 +0,0 @@
-<?php
-// createShareLink.php
-require_once 'config.php';
-
-// Get POST input.
-$input = json_decode(file_get_contents("php://input"), true);
-if (!$input) {
-    echo json_encode(["error" => "Invalid input."]);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to create share files."]);
-        exit();
-    }
-}
-
-$folder = isset($input['folder']) ? trim($input['folder']) : "";
-$file = isset($input['file']) ? basename($input['file']) : "";
-$expirationMinutes = isset($input['expirationMinutes']) ? intval($input['expirationMinutes']) : 60;
-$password = isset($input['password']) ? $input['password'] : "";
-
-// Validate folder using regex.
-if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
-    echo json_encode(["error" => "Invalid folder name."]);
-    exit;
-}
-
-// Generate a secure token.
-$token = bin2hex(random_bytes(16)); // 32 hex characters.
-
-// Calculate expiration (Unix timestamp).
-$expires = time() + ($expirationMinutes * 60);
-
-// Hash password if provided.
-$hashedPassword = !empty($password) ? password_hash($password, PASSWORD_DEFAULT) : "";
-
-// File to store share links.
-$shareFile = META_DIR . "share_links.json";
-$shareLinks = [];
-if (file_exists($shareFile)) {
-    $data = file_get_contents($shareFile);
-    $shareLinks = json_decode($data, true);
-    if (!is_array($shareLinks)) {
-        $shareLinks = [];
-    }
-}
-
-// Clean up expired share links.
-$currentTime = time();
-foreach ($shareLinks as $key => $link) {
-    if ($link["expires"] < $currentTime) {
-        unset($shareLinks[$key]);
-    }
-}
-
-// Add record.
-$shareLinks[$token] = [
-    "folder" => $folder,
-    "file" => $file,
-    "expires" => $expires,
-    "password" => $hashedPassword
-];
-
-// Save the share links.
-if (file_put_contents($shareFile, json_encode($shareLinks, JSON_PRETTY_PRINT))) {
-    echo json_encode(["token" => $token, "expires" => $expires]);
-} else {
-    echo json_encode(["error" => "Could not save share link."]);
-}
-?>
--- a/css/styles.css
+++ b/css/styles.css
--- a/custom-php.ini
+++ b/custom-php.ini
@@ -0,0 +1,53 @@
+; custom-php.ini
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; OPcache Settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+opcache.enable=1
+opcache.enable_cli=0
+; Allocate 128MB of memory for opcode caching
+opcache.memory_consumption=128
+; Increase the maximum number of accelerated files (adjust if you have a large codebase)
+opcache.max_accelerated_files=4000
+; Refresh file timestamp every 60 seconds to avoid too many disk reads
+opcache.revalidate_freq=60
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Memory and Execution Time Limits
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Increase memory limit to 512M for large file processing or image processing operations
+memory_limit=512M
+; Set execution time limits to accommodate long-running uploads/processes
+max_execution_time=300
+max_input_time=300
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Realpath Cache Settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+realpath_cache_size=4096k
+realpath_cache_ttl=600
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; File Upload Settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Allow a maximum of 20 files per request
+max_file_uploads=20
+; Ensure the temporary directory is set (should exist and be writable)
+upload_tmp_dir=/tmp
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Session Configuration (if applicable)
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+session.gc_maxlifetime=1440
+session.gc_probability=1
+session.gc_divisor=100
+session.save_path = "/var/www/sessions"
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Error Handling / Logging
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Do not display errors publicly in production
+display_errors=Off
+; Log errors to a dedicated file
+log_errors=On
+error_log=/var/log/php8.3-error.log
--- a/deleteFiles.php
+++ b/deleteFiles.php
@@ -1,161 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-// Define $username first.
-$username = $_SESSION['username'] ?? '';
-
-// Now load the user's permissions.
-$userPermissions = loadUserPermissions($username);
-
-// Check if the user is read-only.
-if ($username) {
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to delete files."]);
-        exit();
-    }
-}
-
-// --- Setup Trash Folder & Metadata ---
-$trashDir = rtrim(TRASH_DIR, '/\\') . DIRECTORY_SEPARATOR;
-if (!file_exists($trashDir)) {
-    mkdir($trashDir, 0755, true);
-}
-$trashMetadataFile = $trashDir . "trash.json";
-$trashData = [];
-if (file_exists($trashMetadataFile)) {
-    $json = file_get_contents($trashMetadataFile);
-    $trashData = json_decode($json, true);
-    if (!is_array($trashData)) {
-        $trashData = [];
-    }
-}
-
-// Helper: Generate the metadata file path for a given folder.
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-// Read request body
-$data = json_decode(file_get_contents("php://input"), true);
-
-// Validate request
-if (!isset($data['files']) || !is_array($data['files'])) {
-    echo json_encode(["error" => "No file names provided"]);
-    exit;
-}
-
-// Determine folder – default to 'root'
-$folder = isset($data['folder']) ? trim($data['folder']) : 'root';
-
-// Validate folder: allow letters, numbers, underscores, dashes, spaces, and forward slashes
-if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
-    echo json_encode(["error" => "Invalid folder name."]);
-    exit;
-}
-$folder = trim($folder, "/\\ ");
-
-// Build the upload directory.
-if ($folder !== 'root') {
-    $uploadDir = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR . $folder . DIRECTORY_SEPARATOR;
-} else {
-    $uploadDir = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR;
-}
-
-// Load folder metadata (if exists) to retrieve uploader and upload date.
-$metadataFile = getMetadataFilePath($folder);
-$folderMetadata = [];
-if (file_exists($metadataFile)) {
-    $folderMetadata = json_decode(file_get_contents($metadataFile), true);
-    if (!is_array($folderMetadata)) {
-        $folderMetadata = [];
-    }
-}
-
-$movedFiles = [];
-$errors = [];
-
-// Define a safe file name pattern: allow letters, numbers, underscores, dashes, dots, and spaces.
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-foreach ($data['files'] as $fileName) {
-    $basename = basename(trim($fileName));
-    
-    // Validate the file name.
-    if (!preg_match($safeFileNamePattern, $basename)) {
-        $errors[] = "$basename has an invalid name.";
-        continue;
-    }
-    
-    $filePath = $uploadDir . $basename;
-    
-    if (file_exists($filePath)) {
-        // Append a timestamp to the file name in trash to avoid collisions.
-        $timestamp = time();
-        $trashFileName = $basename . "_" . $timestamp;
-        if (rename($filePath, $trashDir . $trashFileName)) {
-            $movedFiles[] = $basename;
-            // Record trash metadata for possible restoration.
-            $trashData[] = [
-                'type'           => 'file',
-                'originalFolder' => $uploadDir,  // You could also store a relative path here.
-                'originalName'   => $basename,
-                'trashName'      => $trashFileName,
-                'trashedAt'      => $timestamp,
-                // Enrich trash record with uploader and upload date from folder metadata (if available)
-                'uploaded'       => isset($folderMetadata[$basename]['uploaded']) ? $folderMetadata[$basename]['uploaded'] : "Unknown",
-                'uploader'       => isset($folderMetadata[$basename]['uploader']) ? $folderMetadata[$basename]['uploader'] : "Unknown",
-                // NEW: Record the username of the user who deleted the file.
-                'deletedBy'      => isset($_SESSION['username']) ? $_SESSION['username'] : "Unknown"
-            ];
-        } else {
-            $errors[] = "Failed to move $basename to Trash.";
-        }
-    } else {
-        // Consider file already deleted.
-        $movedFiles[] = $basename;
-    }
-}
-
-// Write back the updated trash metadata.
-file_put_contents($trashMetadataFile, json_encode($trashData, JSON_PRETTY_PRINT));
-
-// Update folder-specific metadata file by removing deleted files.
-if (file_exists($metadataFile)) {
-    $metadata = json_decode(file_get_contents($metadataFile), true);
-    if (is_array($metadata)) {
-        foreach ($movedFiles as $delFile) {
-            if (isset($metadata[$delFile])) {
-                unset($metadata[$delFile]);
-            }
-        }
-        file_put_contents($metadataFile, json_encode($metadata, JSON_PRETTY_PRINT));
-    }
-}
-
-if (empty($errors)) {
-    echo json_encode(["success" => "Files moved to Trash: " . implode(", ", $movedFiles)]);
-} else {
-    echo json_encode(["error" => implode("; ", $errors) . ". Files moved to Trash: " . implode(", ", $movedFiles)]);
-}
-?>
--- a/deleteFolder.php
+++ b/deleteFolder.php
@@ -1,99 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-// Ensure the request is a POST
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    echo json_encode(['success' => false, 'error' => 'Invalid request method.']);
-    exit;
-}
-
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(['success' => false, 'error' => 'Invalid CSRF token.']);
-    http_response_code(403);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to delete folders."]);
-        exit();
-    }
-}
-
-// Get the JSON input and decode it
-$input = json_decode(file_get_contents('php://input'), true);
-if (!isset($input['folder'])) {
-    echo json_encode(['success' => false, 'error' => 'Folder name not provided.']);
-    exit;
-}
-
-$folderName = trim($input['folder']);
-
-// Prevent deletion of root.
-if ($folderName === 'root') {
-    echo json_encode(['success' => false, 'error' => 'Cannot delete root folder.']);
-    exit;
-}
-
-// Allow letters, numbers, underscores, dashes, spaces, and forward slashes.
-if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
-    echo json_encode(['success' => false, 'error' => 'Invalid folder name.']);
-    exit;
-}
-
-// Build the folder path (supports subfolder paths like "FolderTest/FolderTestSub")
-$folderPath = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR . $folderName;
-
-// Check if the folder exists and is a directory
-if (!file_exists($folderPath) || !is_dir($folderPath)) {
-    echo json_encode(['success' => false, 'error' => 'Folder does not exist.']);
-    exit;
-}
-
-// Prevent deletion if the folder is not empty
-if (count(scandir($folderPath)) > 2) {
-    echo json_encode(['success' => false, 'error' => 'Folder is not empty.']);
-    exit;
-}
-
-/**
- * Helper: Generate the metadata file path for a given folder.
- * For "root", returns "root_metadata.json". Otherwise, it replaces
- * slashes, backslashes, and spaces with dashes and appends "_metadata.json".
- *
- * @param string $folder The folder's relative path.
- * @return string The full path to the folder's metadata file.
- */
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-// Attempt to delete the folder.
-if (rmdir($folderPath)) {
-    // Remove corresponding metadata file if it exists.
-    $metadataFile = getMetadataFilePath($folderName);
-    if (file_exists($metadataFile)) {
-        unlink($metadataFile);
-    }
-    echo json_encode(['success' => true]);
-} else {
-    echo json_encode(['success' => false, 'error' => 'Failed to delete folder.']);
-}
-?>
--- a/deleteTrashFiles.php
+++ b/deleteTrashFiles.php
@@ -1,104 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-// --- Setup Trash Folder & Metadata ---
-$trashDir = rtrim(TRASH_DIR, '/\\') . DIRECTORY_SEPARATOR;
-if (!file_exists($trashDir)) {
-    mkdir($trashDir, 0755, true);
-}
-$trashMetadataFile = $trashDir . "trash.json";
-
-// Load trash metadata into an associative array keyed by trashName.
-$trashData = [];
-if (file_exists($trashMetadataFile)) {
-    $json = file_get_contents($trashMetadataFile);
-    $tempData = json_decode($json, true);
-    if (is_array($tempData)) {
-        foreach ($tempData as $item) {
-            if (isset($item['trashName'])) {
-                $trashData[$item['trashName']] = $item;
-            }
-        }
-    }
-}
-
-// Read request body.
-$data = json_decode(file_get_contents("php://input"), true);
-if (!$data) {
-    echo json_encode(["error" => "Invalid input"]);
-    exit;
-}
-
-// Determine deletion mode: if "deleteAll" is true, delete all trash items; otherwise, use provided "files" array.
-$filesToDelete = [];
-if (isset($data['deleteAll']) && $data['deleteAll'] === true) {
-    $filesToDelete = array_keys($trashData);
-} elseif (isset($data['files']) && is_array($data['files'])) {
-    $filesToDelete = $data['files'];
-} else {
-    echo json_encode(["error" => "No trash file identifiers provided"]);
-    exit;
-}
-
-$deletedFiles = [];
-$errors = [];
-
-// Define a safe file name pattern.
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-foreach ($filesToDelete as $trashName) {
-    $trashName = trim($trashName);
-    if (!preg_match($safeFileNamePattern, $trashName)) {
-        $errors[] = "$trashName has an invalid format.";
-        continue;
-    }
-    
-    if (!isset($trashData[$trashName])) {
-        $errors[] = "Trash item $trashName not found.";
-        continue;
-    }
-    
-    $filePath = $trashDir . $trashName;
-    
-    if (file_exists($filePath)) {
-        if (unlink($filePath)) {
-            $deletedFiles[] = $trashName;
-            unset($trashData[$trashName]);
-        } else {
-            $errors[] = "Failed to delete $trashName.";
-        }
-    } else {
-        // If the file doesn't exist, remove its metadata entry.
-        unset($trashData[$trashName]);
-        $deletedFiles[] = $trashName;
-    }
-}
-
-// Write the updated trash metadata back (as an indexed array).
-file_put_contents($trashMetadataFile, json_encode(array_values($trashData), JSON_PRETTY_PRINT));
-
-if (empty($errors)) {
-    echo json_encode(["success" => "Trash items deleted: " . implode(", ", $deletedFiles)]);
-} else {
-    echo json_encode(["error" => implode("; ", $errors) . ". Trash items deleted: " . implode(", ", $deletedFiles)]);
-}
-exit;
-?>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,43 @@
+---
+version: "3.9"
+
+services:
+  filerise:
+    # Use the published image (does NOT build in CI by default)
+    image: error311/filerise-docker:latest
+    container_name: filerise
+    restart: unless-stopped
+
+    # If someone wants to build locally instead, they can uncomment:
+    # build:
+    #   context: .
+    #   dockerfile: Dockerfile
+
+    ports:
+      - "${HOST_HTTP_PORT:-8080}:80"
+      # Uncomment if you really terminate TLS inside the container:
+      # - "${HOST_HTTPS_PORT:-8443}:443"
+
+    environment:
+      TIMEZONE: "${TIMEZONE:-UTC}"
+      DATE_TIME_FORMAT: "${DATE_TIME_FORMAT:-m/d/y  h:iA}"
+      TOTAL_UPLOAD_SIZE: "${TOTAL_UPLOAD_SIZE:-5G}"
+      SECURE: "${SECURE:-false}"
+      PERSISTENT_TOKENS_KEY: "${PERSISTENT_TOKENS_KEY:-please_change_this_@@}"
+      PUID: "${PUID:-1000}"
+      PGID: "${PGID:-1000}"
+      CHOWN_ON_START: "${CHOWN_ON_START:-true}"
+      SCAN_ON_START: "${SCAN_ON_START:-true}"
+      SHARE_URL: "${SHARE_URL:-}"
+
+    volumes:
+      - ./data/uploads:/var/www/uploads
+      - ./data/users:/var/www/users
+      - ./data/metadata:/var/www/metadata
+
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://localhost/ || exit 1"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 20s
--- a/download.php
+++ b/download.php
@@ -1,85 +0,0 @@
-<?php
-require_once 'config.php';
-
-// Check if the user is authenticated.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    http_response_code(401);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-// Get file parameters from the GET request.
-$file = isset($_GET['file']) ? basename($_GET['file']) : '';
-$folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
-
-// Validate file name (allowing letters, numbers, underscores, dashes, dots, and parentheses)
-if (!preg_match(REGEX_FILE_NAME, $file)) {
-    http_response_code(400);
-    echo json_encode(["error" => "Invalid file name."]);
-    exit;
-}
-
-// Get the realpath of the upload directory.
-$uploadDirReal = realpath(UPLOAD_DIR);
-if ($uploadDirReal === false) {
-    http_response_code(500);
-    echo json_encode(["error" => "Server misconfiguration."]);
-    exit;
-}
-
-// Determine the directory.
-if ($folder === 'root') {
-    $directory = $uploadDirReal;
-} else {
-    // Prevent path traversal in folder parameter.
-    if (strpos($folder, '..') !== false) {
-        http_response_code(400);
-        echo json_encode(["error" => "Invalid folder name."]);
-        exit;
-    }
-    
-    $directoryPath = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR . $folder;
-    $directory = realpath($directoryPath);
-    
-    // Ensure that the resolved directory exists and is within the allowed UPLOAD_DIR.
-    if ($directory === false || strpos($directory, $uploadDirReal) !== 0) {
-        http_response_code(400);
-        echo json_encode(["error" => "Invalid folder path."]);
-        exit;
-    }
-}
-
-// Build the file path.
-$filePath = $directory . DIRECTORY_SEPARATOR . $file;
-$realFilePath = realpath($filePath);
-
-// Validate that the real file path exists and is within the allowed directory.
-if ($realFilePath === false || strpos($realFilePath, $uploadDirReal) !== 0) {
-    http_response_code(403);
-    echo json_encode(["error" => "Access forbidden."]);
-    exit;
-}
-
-if (!file_exists($realFilePath)) {
-    http_response_code(404);
-    echo json_encode(["error" => "File not found."]);
-    exit;
-}
-
-// Serve the file.
-$mimeType = mime_content_type($realFilePath);
-header("Content-Type: " . $mimeType);
-
-// For images, serve inline; for other types, force download.
-$ext = strtolower(pathinfo($realFilePath, PATHINFO_EXTENSION));
-if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
-    header('Content-Disposition: inline; filename="' . basename($realFilePath) . '"');
-} else {
-    header('Content-Disposition: attachment; filename="' . basename($realFilePath) . '"');
-}
-header('Content-Length: ' . filesize($realFilePath));
-
-readfile($realFilePath);
-exit;
-?>
--- a/downloadSharedFile.php
+++ b/downloadSharedFile.php
@@ -1,85 +0,0 @@
-<?php
-// downloadSharedFile.php
-
-require_once 'config.php';
-
-// Retrieve and sanitize token and file name from GET.
-$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
-$file = filter_input(INPUT_GET, 'file', FILTER_SANITIZE_STRING);
-
-if (empty($token) || empty($file)) {
-    http_response_code(400);
-    echo "Missing token or file parameter.";
-    exit;
-}
-
-// Load the share folder records.
-$shareFile = META_DIR . "share_folder_links.json";
-if (!file_exists($shareFile)) {
-    http_response_code(404);
-    echo "Share link not found.";
-    exit;
-}
-
-$shareLinks = json_decode(file_get_contents($shareFile), true);
-if (!is_array($shareLinks) || !isset($shareLinks[$token])) {
-    http_response_code(404);
-    echo "Share link not found.";
-    exit;
-}
-
-$record = $shareLinks[$token];
-
-// Check if the link has expired.
-if (time() > $record['expires']) {
-    http_response_code(403);
-    echo "This share link has expired.";
-    exit;
-}
-
-// Get the shared folder from the record.
-$folder = trim($record['folder'], "/\\ ");
-$folderPath = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR . $folder;
-$realFolderPath = realpath($folderPath);
-$uploadDirReal = realpath(UPLOAD_DIR);
-
-if ($realFolderPath === false || strpos($realFolderPath, $uploadDirReal) !== 0 || !is_dir($realFolderPath)) {
-    http_response_code(404);
-    echo "Shared folder not found.";
-    exit;
-}
-
-// Sanitize the filename to prevent directory traversal.
-if (strpos($file, "/") !== false || strpos($file, "\\") !== false) {
-    http_response_code(400);
-    echo "Invalid file name.";
-    exit;
-}
-$file = basename($file);
-
-// Build the full file path and verify it is inside the shared folder.
-$filePath = $realFolderPath . DIRECTORY_SEPARATOR . $file;
-$realFilePath = realpath($filePath);
-if ($realFilePath === false || strpos($realFilePath, $realFolderPath) !== 0 || !is_file($realFilePath)) {
-    http_response_code(404);
-    echo "File not found.";
-    exit;
-}
-
-// Determine MIME type.
-$mimeType = mime_content_type($realFilePath);
-header("Content-Type: " . $mimeType);
-
-// Set Content-Disposition header.
-// Inline if the file is an image; attachment for others.
-$ext = strtolower(pathinfo($realFilePath, PATHINFO_EXTENSION));
-if (in_array($ext, ['jpg','jpeg','png','gif','bmp','webp','svg','ico'])) {
-    header('Content-Disposition: inline; filename="' . basename($realFilePath) . '"');
-} else {
-    header('Content-Disposition: attachment; filename="' . basename($realFilePath) . '"');
-}
-
-// Read and output the file.
-readfile($realFilePath);
-exit;
-?>
--- a/downloadZip.php
+++ b/downloadZip.php
@@ -1,133 +0,0 @@
-<?php
-require_once 'config.php';
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Check if the user is authenticated.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    http_response_code(401);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-// Read and decode the JSON input.
-$rawData = file_get_contents("php://input");
-$data = json_decode($rawData, true);
-
-if (!is_array($data) || !isset($data['folder']) || !isset($data['files']) || !is_array($data['files'])) {
-    http_response_code(400);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Invalid input."]);
-    exit;
-}
-
-$folder = $data['folder'];
-$files = $data['files'];
-
-// Validate folder name to allow subfolders.
-// "root" is allowed; otherwise, split by "/" and validate each segment.
-if ($folder !== "root") {
-    $parts = explode('/', $folder);
-    foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
-            http_response_code(400);
-            header('Content-Type: application/json');
-            echo json_encode(["error" => "Invalid folder name."]);
-            exit;
-        }
-    }
-    $relativePath = implode(DIRECTORY_SEPARATOR, $parts) . DIRECTORY_SEPARATOR;
-} else {
-    $relativePath = "";
-}
-
-// Use the absolute UPLOAD_DIR from config.php.
-$baseDir = realpath(UPLOAD_DIR);
-if ($baseDir === false) {
-    http_response_code(500);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Uploads directory not configured correctly."]);
-    exit;
-}
-
-$folderPath = $baseDir . DIRECTORY_SEPARATOR . $relativePath;
-$folderPathReal = realpath($folderPath);
-if ($folderPathReal === false || strpos($folderPathReal, $baseDir) !== 0) {
-    http_response_code(404);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Folder not found."]);
-    exit;
-}
-
-if (empty($files)) {
-    http_response_code(400);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "No files specified."]);
-    exit;
-}
-
-foreach ($files as $fileName) {
-    if (!preg_match(REGEX_FILE_NAME, $fileName)) {
-        http_response_code(400);
-        header('Content-Type: application/json');
-        echo json_encode(["error" => "Invalid file name: " . $fileName]);
-        exit;
-    }
-}
-
-// Build an array of files to include in the ZIP.
-$filesToZip = [];
-foreach ($files as $fileName) {
-    $filePath = $folderPathReal . DIRECTORY_SEPARATOR . $fileName;
-    if (file_exists($filePath)) {
-        $filesToZip[] = $filePath;
-    }
-}
-
-if (empty($filesToZip)) {
-    http_response_code(400);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "No valid files found to zip."]);
-    exit;
-}
-
-// Create a temporary file for the ZIP archive.
-$tempZip = tempnam(sys_get_temp_dir(), 'zip');
-unlink($tempZip); // Remove the temporary file so ZipArchive can create a new one.
-$tempZip .= '.zip';
-
-$zip = new ZipArchive();
-if ($zip->open($tempZip, ZipArchive::CREATE) !== TRUE) {
-    http_response_code(500);
-    header('Content-Type: application/json');
-    echo json_encode(["error" => "Could not create zip archive."]);
-    exit;
-}
-
-// Add each file to the archive using its base name.
-foreach ($filesToZip as $filePath) {
-    $zip->addFile($filePath, basename($filePath));
-}
-$zip->close();
-
-// Send headers to force download and disable caching.
-header('Content-Type: application/zip');
-header('Content-Disposition: attachment; filename="files.zip"');
-header('Content-Length: ' . filesize($tempZip));
-header('Cache-Control: no-store, no-cache, must-revalidate');
-header('Pragma: no-cache');
-
-// Output the file and delete it afterward.
-readfile($tempZip);
-unlink($tempZip);
-exit;
-?>
--- a/extractZip.php
+++ b/extractZip.php
@@ -1,165 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    http_response_code(403);
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    exit;
-}
-
-// Ensure user is authenticated.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    http_response_code(401);
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to extract zip files"]);
-        exit();
-    }
-}
-
-// Read and decode the JSON input.
-$rawData = file_get_contents("php://input");
-$data = json_decode($rawData, true);
-if (!is_array($data) || !isset($data['folder']) || !isset($data['files']) || !is_array($data['files'])) {
-    http_response_code(400);
-    echo json_encode(["error" => "Invalid input."]);
-    exit;
-}
-
-$folder = $data['folder'];
-$files = $data['files'];
-
-if (empty($files)) {
-    http_response_code(400);
-    echo json_encode(["error" => "No files specified."]);
-    exit;
-}
-
-// Validate folder name (allow "root" or valid subfolder names).
-if ($folder !== "root") {
-    $parts = explode('/', $folder);
-    foreach ($parts as $part) {
-        if (empty($part) || $part === '.' || $part === '..' || !preg_match(REGEX_FOLDER_NAME, $part)) {
-            http_response_code(400);
-            echo json_encode(["error" => "Invalid folder name."]);
-            exit;
-        }
-    }
-    $relativePath = implode(DIRECTORY_SEPARATOR, $parts) . DIRECTORY_SEPARATOR;
-} else {
-    $relativePath = "";
-}
-
-$baseDir = realpath(UPLOAD_DIR);
-if ($baseDir === false) {
-    http_response_code(500);
-    echo json_encode(["error" => "Uploads directory not configured correctly."]);
-    exit;
-}
-
-$folderPath = $baseDir . DIRECTORY_SEPARATOR . $relativePath;
-$folderPathReal = realpath($folderPath);
-if ($folderPathReal === false || strpos($folderPathReal, $baseDir) !== 0) {
-    http_response_code(404);
-    echo json_encode(["error" => "Folder not found."]);
-    exit;
-}
-
-// ---------- Metadata Setup ----------
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-$srcMetaFile = getMetadataFilePath($folder);
-$destMetaFile = getMetadataFilePath($folder);
-$srcMetadata = file_exists($srcMetaFile) ? json_decode(file_get_contents($srcMetaFile), true) : [];
-$destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($destMetaFile), true) : [];
-
-$errors = [];
-$allSuccess = true;
-$extractedFiles = array(); // Array to collect names of extracted files
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-// ---------- Process Each File ----------
-foreach ($files as $zipFileName) {
-    $originalName = basename(trim($zipFileName));
-    // Process only .zip files.
-    if (strtolower(substr($originalName, -4)) !== '.zip') {
-        continue;
-    }
-    if (!preg_match($safeFileNamePattern, $originalName)) {
-        $errors[] = "$originalName has an invalid name.";
-        $allSuccess = false;
-        continue;
-    }
-    
-    $zipFilePath = $folderPathReal . DIRECTORY_SEPARATOR . $originalName;
-    if (!file_exists($zipFilePath)) {
-        $errors[] = "$originalName does not exist in folder.";
-        $allSuccess = false;
-        continue;
-    }
-    
-    $zip = new ZipArchive();
-    if ($zip->open($zipFilePath) !== TRUE) {
-        $errors[] = "Could not open $originalName as a zip file.";
-        $allSuccess = false;
-        continue;
-    }
-    
-    // Attempt extraction.
-    if (!$zip->extractTo($folderPathReal)) {
-        $errors[] = "Failed to extract $originalName.";
-        $allSuccess = false;
-    } else {
-        // Collect extracted file names from this zip.
-        for ($i = 0; $i < $zip->numFiles; $i++) {
-            $entryName = $zip->getNameIndex($i);
-            $extractedFileName = basename($entryName);
-            if ($extractedFileName) {
-                $extractedFiles[] = $extractedFileName;
-            }
-        }
-        // Update metadata for each extracted file if the zip file has metadata.
-        if (isset($srcMetadata[$originalName])) {
-            $zipMeta = $srcMetadata[$originalName];
-            // Iterate through all entries in the zip.
-            for ($i = 0; $i < $zip->numFiles; $i++) {
-                $entryName = $zip->getNameIndex($i);
-                $extractedFileName = basename($entryName);
-                if ($extractedFileName) {
-                    $destMetadata[$extractedFileName] = $zipMeta;
-                }
-            }
-        }
-    }
-    $zip->close();
-}
-
-// Write updated metadata back to the destination metadata file.
-if (file_put_contents($destMetaFile, json_encode($destMetadata, JSON_PRETTY_PRINT)) === false) {
-    $errors[] = "Failed to update metadata.";
-    $allSuccess = false;
-}
-
-if ($allSuccess) {
-    echo json_encode(["success" => true, "extractedFiles" => $extractedFiles]);
-} else {
-    echo json_encode(["success" => false, "error" => implode(" ", $errors)]);
-}
-exit;
-?>
--- a/getConfig.php
+++ b/getConfig.php
@@ -1,36 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-$configFile = USERS_DIR . 'adminConfig.json';
-if (file_exists($configFile)) {
-    $encryptedContent = file_get_contents($configFile);
-    $decryptedContent = decryptData($encryptedContent, $encryptionKey);
-    if ($decryptedContent === false) {
-        http_response_code(500);
-        echo json_encode(['error' => 'Failed to decrypt configuration.']);
-        exit;
-    }
-    // Decode the configuration and ensure globalOtpauthUrl is set
-    $config = json_decode($decryptedContent, true);
-    if (!isset($config['globalOtpauthUrl'])) {
-        $config['globalOtpauthUrl'] = "";
-    }
-    echo json_encode($config);
-} else {
-    echo json_encode([
-        'oidc' => [
-            'providerUrl'  => 'https://your-oidc-provider.com',
-            'clientId'     => 'YOUR_CLIENT_ID',
-            'clientSecret' => 'YOUR_CLIENT_SECRET',
-            'redirectUri'  => 'https://yourdomain.com/auth.php?oidc=callback'
-        ],
-        'loginOptions' => [
-            'disableFormLogin' => false,
-            'disableBasicAuth' => false,
-            'disableOIDCLogin' => false
-        ],
-        'globalOtpauthUrl' => ""
-    ]);
-}
-?>
--- a/getFileList.php
+++ b/getFileList.php
@@ -1,103 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-$folder = isset($_GET['folder']) ? trim($_GET['folder']) : 'root';
-// Allow only safe characters in the folder parameter (letters, numbers, underscores, dashes, spaces, and forward slashes).
-if ($folder !== 'root' && !preg_match(REGEX_FOLDER_NAME, $folder)) {
-    echo json_encode(["error" => "Invalid folder name."]);
-    exit;
-}
-
-// Determine the directory based on the folder parameter.
-if ($folder !== 'root') {
-    $directory = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR . $folder;
-} else {
-    $directory = UPLOAD_DIR;
-}
-
-/**
- * Helper: Generate the metadata file path for a given folder.
- * For "root", returns "root_metadata.json". Otherwise, replaces slashes,
- * backslashes, and spaces with dashes and appends "_metadata.json".
- *
- * @param string $folder The folder's relative path.
- * @return string The full path to the folder's metadata file.
- */
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-$metadataFile = getMetadataFilePath($folder);
-$metadata = file_exists($metadataFile) ? json_decode(file_get_contents($metadataFile), true) : [];
-
-if (!is_dir($directory)) {
-    echo json_encode(["error" => "Directory not found."]);
-    exit;
-}
-
-$files = array_values(array_diff(scandir($directory), array('.', '..')));
-$fileList = [];
-
-// Define a safe file name pattern: letters, numbers, underscores, dashes, dots, parentheses, and spaces.
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-foreach ($files as $file) {
-    // Skip hidden files (those that begin with a dot)
-    if (substr($file, 0, 1) === '.') {
-        continue;
-    }
-    
-    $filePath = $directory . DIRECTORY_SEPARATOR . $file;
-    // Only include files (skip directories)
-    if (!is_file($filePath)) continue;
-    
-    // Optionally, skip files with unsafe names.
-    if (!preg_match($safeFileNamePattern, $file)) {
-        continue;
-    }
-    
-    // Since metadata is stored per folder, the key is simply the file name.
-    $metaKey = $file;
-
-    $fileDateModified = filemtime($filePath) ? date(DATE_TIME_FORMAT, filemtime($filePath)) : "Unknown";
-    $fileUploadedDate = isset($metadata[$metaKey]["uploaded"]) ? $metadata[$metaKey]["uploaded"] : "Unknown";
-    $fileUploader = isset($metadata[$metaKey]["uploader"]) ? $metadata[$metaKey]["uploader"] : "Unknown";
-
-    $fileSizeBytes = filesize($filePath);
-    if ($fileSizeBytes >= 1073741824) {
-        $fileSizeFormatted = sprintf("%.1f GB", $fileSizeBytes / 1073741824);
-    } elseif ($fileSizeBytes >= 1048576) {
-        $fileSizeFormatted = sprintf("%.1f MB", $fileSizeBytes / 1048576);
-    } elseif ($fileSizeBytes >= 1024) {
-        $fileSizeFormatted = sprintf("%.1f KB", $fileSizeBytes / 1024);
-    } else {
-        $fileSizeFormatted = sprintf("%s bytes", number_format($fileSizeBytes));
-    }
-
-    $fileList[] = [
-        'name' => $file,
-        'modified' => $fileDateModified,
-        'uploaded' => $fileUploadedDate,
-        'size' => $fileSizeFormatted,
-        'uploader' => $fileUploader,
-        'tags' => isset($metadata[$metaKey]['tags']) ? $metadata[$metaKey]['tags'] : []
-    ];
-}
-
-// Load global tags from createdTags.json.
-$globalTagsFile = META_DIR . "createdTags.json";
-$globalTags = file_exists($globalTagsFile) ? json_decode(file_get_contents($globalTagsFile), true) : [];
-
-echo json_encode(["files" => $fileList, "globalTags" => $globalTags]);
-?>
--- a/getFileTag.php
+++ b/getFileTag.php
@@ -1,40 +0,0 @@
-<?php
-declare(strict_types=1);
-
-// getFileTag.php
-
-require_once 'config.php';
-
-// Set security and content headers
-header('Content-Type: application/json; charset=utf-8');
-
-$metadataPath = META_DIR . 'createdTags.json';
-
-// Check if the metadata file exists and is readable
-if (!file_exists($metadataPath) || !is_readable($metadataPath)) {
-    error_log('Metadata file does not exist or is not readable: ' . $metadataPath);
-    http_response_code(200); // Return empty array with HTTP 200 so the client can handle it gracefully
-    echo json_encode([]);
-    exit;
-}
-
-$data = file_get_contents($metadataPath);
-if ($data === false) {
-    error_log('Failed to read metadata file: ' . $metadataPath);
-    http_response_code(500);
-    echo json_encode(["error" => "Unable to read metadata file."]);
-    exit;
-}
-
-// Decode the JSON data to check for validity
-$jsonData = json_decode($data, true);
-if (json_last_error() !== JSON_ERROR_NONE) {
-    error_log('Invalid JSON in metadata file: ' . $metadataPath . ' Error: ' . json_last_error_msg());
-    http_response_code(500);
-    echo json_encode(["error" => "Metadata file contains invalid JSON."]);
-    exit;
-}
-
-// Output the re-encoded JSON to ensure well-formed output
-echo json_encode($jsonData);
-exit;
--- a/getFolderList.php
+++ b/getFolderList.php
@@ -1,97 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-/**
- * Recursively scan a directory for subfolders.
- *
- * @param string $dir The full path to the directory.
- * @param string $relative The relative path from the base upload directory.
- * @return array An array of folder paths (relative to the base).
- */
-function getSubfolders($dir, $relative = '') {
-    $folders = [];
-    $items = scandir($dir);
-    // Allow letters, numbers, underscores, dashes, and spaces in folder names.
-    $safeFolderNamePattern = REGEX_FOLDER_NAME;
-    foreach ($items as $item) {
-        if ($item === '.' || $item === '..') continue;
-        if (!preg_match($safeFolderNamePattern, $item)) {
-            continue;
-        }
-        $path = $dir . DIRECTORY_SEPARATOR . $item;
-        if (is_dir($path)) {
-            // Build the relative path.
-            $folderPath = ($relative ? $relative . '/' : '') . $item;
-            $folders[] = $folderPath;
-            // Recursively get subfolders.
-            $subFolders = getSubfolders($path, $folderPath);
-            $folders = array_merge($folders, $subFolders);
-        }
-    }
-    return $folders;
-}
-
-/**
- * Helper: Generate the metadata file path for a given folder.
- * For "root", it returns "root_metadata.json"; otherwise, it replaces
- * slashes, backslashes, and spaces with dashes and appends "_metadata.json".
- *
- * @param string $folder The folder's relative path.
- * @return string The full path to the folder's metadata file.
- */
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-$baseDir = rtrim(UPLOAD_DIR, '/\\');
-
-// Build an array to hold folder information.
-$folderInfoList = [];
-
-// Include "root" as a folder.
-$rootMetaFile = getMetadataFilePath('root');
-$rootFileCount = 0;
-if (file_exists($rootMetaFile)) {
-    $rootMetadata = json_decode(file_get_contents($rootMetaFile), true);
-    $rootFileCount = is_array($rootMetadata) ? count($rootMetadata) : 0;
-}
-$folderInfoList[] = [
-    "folder" => "root",
-    "fileCount" => $rootFileCount,
-    "metadataFile" => basename($rootMetaFile)
-];
-
-// Scan for subfolders.
-$subfolders = [];
-if (is_dir($baseDir)) {
-    $subfolders = getSubfolders($baseDir);
-}
-
-// For each subfolder, load its metadata and record file count.
-foreach ($subfolders as $folder) {
-    $metaFile = getMetadataFilePath($folder);
-    $fileCount = 0;
-    if (file_exists($metaFile)) {
-        $metadata = json_decode(file_get_contents($metaFile), true);
-        $fileCount = is_array($metadata) ? count($metadata) : 0;
-    }
-    $folderInfoList[] = [
-        "folder" => $folder,
-        "fileCount" => $fileCount,
-        "metadataFile" => basename($metaFile)
-    ];
-}
-
-echo json_encode($folderInfoList);
-?>
--- a/getTrashItems.php
+++ b/getTrashItems.php
@@ -1,68 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Ensure user is authenticated.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-
-// Define the trash directory and trash metadata file.
-$trashDir = rtrim(TRASH_DIR, '/\\') . DIRECTORY_SEPARATOR;
-$trashMetadataFile = $trashDir . "trash.json";
-
-// Helper: Generate the metadata file path for a given folder.
-// For "root", returns "root_metadata.json". Otherwise, replaces slashes, backslashes, and spaces with dashes and appends "_metadata.json".
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-// Read the trash metadata.
-$trashItems = [];
-if (file_exists($trashMetadataFile)) {
-    $json = file_get_contents($trashMetadataFile);
-    $trashItems = json_decode($json, true);
-    if (!is_array($trashItems)) {
-        $trashItems = [];
-    }
-}
-
-// Enrich each trash record.
-foreach ($trashItems as &$item) {
-    // Ensure deletedBy is set and not empty.
-    if (empty($item['deletedBy'])) {
-        $item['deletedBy'] = "Unknown";
-    }
-    // Enrich with uploader and uploaded date if not already present.
-    if (empty($item['uploaded']) || empty($item['uploader'])) {
-        if (isset($item['originalFolder']) && isset($item['originalName'])) {
-            $metadataFile = getMetadataFilePath($item['originalFolder']);
-            if (file_exists($metadataFile)) {
-                $metadata = json_decode(file_get_contents($metadataFile), true);
-                if (is_array($metadata) && isset($metadata[$item['originalName']])) {
-                    $item['uploaded'] = !empty($metadata[$item['originalName']]['uploaded']) ? $metadata[$item['originalName']]['uploaded'] : "Unknown";
-                    $item['uploader'] = !empty($metadata[$item['originalName']]['uploader']) ? $metadata[$item['originalName']]['uploader'] : "Unknown";
-                } else {
-                    $item['uploaded'] = "Unknown";
-                    $item['uploader'] = "Unknown";
-                }
-            } else {
-                $item['uploaded'] = "Unknown";
-                $item['uploader'] = "Unknown";
-            }
-        } else {
-            $item['uploaded'] = "Unknown";
-            $item['uploader'] = "Unknown";
-        }
-    }
-}
-unset($item);
-
-echo json_encode($trashItems);
-exit;
-?>
--- a/getUserPermissions.php
+++ b/getUserPermissions.php
@@ -1,47 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// Check if the user is authenticated.
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-$permissionsFile = USERS_DIR . "userPermissions.json";
-$permissionsArray = [];
-
-// Load permissions file if it exists.
-if (file_exists($permissionsFile)) {
-    $content = file_get_contents($permissionsFile);
-    // Attempt to decrypt the content.
-    $decryptedContent = decryptData($content, $encryptionKey);
-    if ($decryptedContent === false) {
-        // If decryption fails, assume the file is plain JSON.
-        $permissionsArray = json_decode($content, true);
-    } else {
-        $permissionsArray = json_decode($decryptedContent, true);
-    }
-    if (!is_array($permissionsArray)) {
-        $permissionsArray = [];
-    }
-}
-
-// If the user is an admin, return all permissions.
-if (isset($_SESSION['isAdmin']) && $_SESSION['isAdmin'] === true) {
-    echo json_encode($permissionsArray);
-    exit;
-}
-
-// Otherwise, return only the current user's permissions.
-$username = $_SESSION['username'] ?? '';
-foreach ($permissionsArray as $storedUsername => $data) {
-    if (strcasecmp($storedUsername, $username) === 0) {
-        echo json_encode($data);
-        exit;
-    }
-}
-
-// If no permissions are found for the current user, return an empty object.
-echo json_encode(new stdClass());
-?>
--- a/getUsers.php
+++ b/getUsers.php
@@ -1,31 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true ||
-    !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
-}
-
-$usersFile = USERS_DIR . USERS_FILE;
-$users = [];
-
-if (file_exists($usersFile)) {
-    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-    foreach ($lines as $line) {
-        $parts = explode(':', trim($line));
-        if (count($parts) >= 3) {
-            // Validate username format:
-            if (preg_match(REGEX_USER, $parts[0])) {
-                $users[] = [
-                    "username" => $parts[0],
-                    "role" => trim($parts[2])
-                ];
-            }
-        }
-    }
-}
-
-echo json_encode($users);
-?>
--- a/js/auth.js
+++ b/js/auth.js
@@ -1,471 +0,0 @@
-import { sendRequest } from './networkUtils.js';
-import { t } from './i18n.js';
-import {
-  toggleVisibility,
-  showToast as originalShowToast,
-  attachEnterKeyListener,
-  showCustomConfirmModal
-} from './domUtils.js';
-import { loadFileList } from './fileListView.js';
-import { initFileActions } from './fileActions.js';
-import { renderFileTable } from './fileListView.js';
-import { loadFolderTree } from './folderManager.js';
-import {
-  openTOTPLoginModal as originalOpenTOTPLoginModal,
-  openUserPanel,
-  openTOTPModal,
-  closeTOTPModal,
-  openAdminPanel,
-  closeAdminPanel,
-  setLastLoginData
-} from './authModals.js';
-
-// Production OIDC configuration (override via API as needed)
-const currentOIDCConfig = {
-  providerUrl: "https://your-oidc-provider.com",
-  clientId: "YOUR_CLIENT_ID",
-  clientSecret: "YOUR_CLIENT_SECRET",
-  redirectUri: "https://yourdomain.com/auth.php?oidc=callback",
-  globalOtpauthUrl: ""
-};
-window.currentOIDCConfig = currentOIDCConfig;
-
-/* ----------------- TOTP & Toast Overrides ----------------- */
-// detect if we’re in a pending‑TOTP state
-window.pendingTOTP = new URLSearchParams(window.location.search).get('totp_required') === '1';
-
-// override showToast to suppress the "Please log in to continue." toast during TOTP
-function showToast(msgKey) {
-  const msg = t(msgKey);
-  if (window.pendingTOTP && msgKey === "please_log_in_to_continue") {
-    return;
-  }
-  originalShowToast(msg);
-}
-window.showToast = showToast;
-
-// wrap the TOTP modal opener to disable other login buttons only for Basic/OIDC flows
-function openTOTPLoginModal() {
-  originalOpenTOTPLoginModal();
-
-  const isFormLogin = Boolean(window.__lastLoginData);
-  if (!isFormLogin) {
-    // disable Basic‑Auth link
-    const basicLink = document.querySelector("a[href='login_basic.php']");
-    if (basicLink) {
-      basicLink.style.pointerEvents = 'none';
-      basicLink.style.opacity = '0.5';
-    }
-    // disable OIDC button
-    const oidcBtn = document.getElementById("oidcLoginBtn");
-    if (oidcBtn) {
-      oidcBtn.disabled = true;
-      oidcBtn.style.opacity = '0.5';
-    }
-    // hide the form login
-    const authForm = document.getElementById("authForm");
-    if (authForm) authForm.style.display = 'none';
-  }
-}
-
-/* ----------------- Utility Functions ----------------- */
-function updateItemsPerPageSelect() {
-  const selectElem = document.querySelector(".form-control.bottom-select");
-  if (selectElem) {
-    selectElem.value = localStorage.getItem("itemsPerPage") || "10";
-  }
-}
-
-function updateLoginOptionsUI({ disableFormLogin, disableBasicAuth, disableOIDCLogin }) {
-  const authForm = document.getElementById("authForm");
-  if (authForm) authForm.style.display = disableFormLogin ? "none" : "block";
-  const basicAuthLink = document.querySelector("a[href='login_basic.php']");
-  if (basicAuthLink) basicAuthLink.style.display = disableBasicAuth ? "none" : "inline-block";
-  const oidcLoginBtn = document.getElementById("oidcLoginBtn");
-  if (oidcLoginBtn) oidcLoginBtn.style.display = disableOIDCLogin ? "none" : "inline-block";
-}
-
-function updateLoginOptionsUIFromStorage() {
-  updateLoginOptionsUI({
-    disableFormLogin: localStorage.getItem("disableFormLogin") === "true",
-    disableBasicAuth: localStorage.getItem("disableBasicAuth") === "true",
-    disableOIDCLogin: localStorage.getItem("disableOIDCLogin") === "true"
-  });
-}
-
-function loadAdminConfigFunc() {
-  return fetch("getConfig.php", { credentials: "include" })
-    .then(response => response.json())
-    .then(config => {
-      localStorage.setItem("disableFormLogin", config.loginOptions.disableFormLogin);
-      localStorage.setItem("disableBasicAuth", config.loginOptions.disableBasicAuth);
-      localStorage.setItem("disableOIDCLogin", config.loginOptions.disableOIDCLogin);
-      localStorage.setItem("globalOtpauthUrl", config.globalOtpauthUrl || "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
-      updateLoginOptionsUIFromStorage();
-    })
-    .catch(() => {
-      localStorage.setItem("disableFormLogin", "false");
-      localStorage.setItem("disableBasicAuth", "false");
-      localStorage.setItem("disableOIDCLogin", "false");
-      localStorage.setItem("globalOtpauthUrl", "otpauth://totp/{label}?secret={secret}&issuer=FileRise");
-      updateLoginOptionsUIFromStorage();
-    });
-}
-
-function insertAfter(newNode, referenceNode) {
-  referenceNode.parentNode.insertBefore(newNode, referenceNode.nextSibling);
-}
-
-function updateAuthenticatedUI(data) {
-  toggleVisibility("loginForm", false);
-  toggleVisibility("mainOperations", true);
-  toggleVisibility("uploadFileForm", true);
-  toggleVisibility("fileListContainer", true);
-  attachEnterKeyListener("addUserModal", "saveUserBtn");
-  attachEnterKeyListener("removeUserModal", "deleteUserBtn");
-  attachEnterKeyListener("changePasswordModal", "saveNewPasswordBtn");
-  document.querySelector(".header-buttons").style.visibility = "visible";
-
-  if (typeof data.totp_enabled !== "undefined") {
-    localStorage.setItem("userTOTPEnabled", data.totp_enabled ? "true" : "false");
-  }
-  if (data.username) {
-    localStorage.setItem("username", data.username);
-  }
-  /*
-  if (typeof data.folderOnly !== "undefined") {
-    localStorage.setItem("folderOnly", data.folderOnly ? "true" : "false");
-  }
-*/
-  const headerButtons = document.querySelector(".header-buttons");
-  const firstButton = headerButtons.firstElementChild;
-
-  if (data.isAdmin) {
-    let restoreBtn = document.getElementById("restoreFilesBtn");
-    if (!restoreBtn) {
-      restoreBtn = document.createElement("button");
-      restoreBtn.id = "restoreFilesBtn";
-      restoreBtn.classList.add("btn", "btn-warning");
-      restoreBtn.innerHTML = '<i class="material-icons" title="Restore/Delete Trash">restore_from_trash</i>';
-      if (firstButton) insertAfter(restoreBtn, firstButton);
-      else headerButtons.appendChild(restoreBtn);
-    }
-    restoreBtn.style.display = "block";
-
-    let adminPanelBtn = document.getElementById("adminPanelBtn");
-    if (!adminPanelBtn) {
-      adminPanelBtn = document.createElement("button");
-      adminPanelBtn.id = "adminPanelBtn";
-      adminPanelBtn.classList.add("btn", "btn-info");
-      adminPanelBtn.innerHTML = '<i class="material-icons" title="Admin Panel">admin_panel_settings</i>';
-      insertAfter(adminPanelBtn, restoreBtn);
-      adminPanelBtn.addEventListener("click", openAdminPanel);
-    } else {
-      adminPanelBtn.style.display = "block";
-    }
-  } else {
-    const restoreBtn = document.getElementById("restoreFilesBtn");
-    if (restoreBtn) restoreBtn.style.display = "none";
-    const adminPanelBtn = document.getElementById("adminPanelBtn");
-    if (adminPanelBtn) adminPanelBtn.style.display = "none";
-  }
-
-  if (window.location.hostname !== "demo.filerise.net") {
-    let userPanelBtn = document.getElementById("userPanelBtn");
-    if (!userPanelBtn) {
-      userPanelBtn = document.createElement("button");
-      userPanelBtn.id = "userPanelBtn";
-      userPanelBtn.classList.add("btn", "btn-user");
-      userPanelBtn.innerHTML = '<i class="material-icons" title="User Panel">account_circle</i>';
-      const adminBtn = document.getElementById("adminPanelBtn");
-      if (adminBtn) insertAfter(userPanelBtn, adminBtn);
-      else if (firstButton) insertAfter(userPanelBtn, firstButton);
-      else headerButtons.appendChild(userPanelBtn);
-      userPanelBtn.addEventListener("click", openUserPanel);
-    } else {
-      userPanelBtn.style.display = "block";
-    }
-  }
-
-  updateItemsPerPageSelect();
-  updateLoginOptionsUIFromStorage();
-}
-
-function checkAuthentication(showLoginToast = true) {
-  return sendRequest("checkAuth.php")
-    .then(data => {
-      if (data.setup) {
-        window.setupMode = true;
-        if (showLoginToast) showToast("Setup mode: No users found. Please add an admin user.");
-        toggleVisibility("loginForm", false);
-        toggleVisibility("mainOperations", false);
-        document.querySelector(".header-buttons").style.visibility = "hidden";
-        toggleVisibility("addUserModal", true);
-        document.getElementById("newUsername").focus();
-        return false;
-      }
-      window.setupMode = false;
-      if (data.authenticated) {
-        if (typeof data.totp_enabled !== "undefined") {
-          localStorage.setItem("userTOTPEnabled", data.totp_enabled ? "true" : "false");
-        }
-        updateAuthenticatedUI(data);
-        return data;
-      } else {
-        if (showLoginToast) showToast("Please log in to continue.");
-        toggleVisibility("loginForm", true);
-        toggleVisibility("mainOperations", false);
-        toggleVisibility("uploadFileForm", false);
-        toggleVisibility("fileListContainer", false);
-        document.querySelector(".header-buttons").style.visibility = "hidden";
-        return false;
-      }
-    })
-    .catch(() => false);
-}
-
-/* ----------------- Authentication Submission ----------------- */
-function submitLogin(data) {
-  setLastLoginData(data);
-  window.__lastLoginData = data;
-  sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
-    .then(response => {
-      if (response.success || response.status === "ok") {
-        sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
-        // Fetch and update permissions, then reload.
-        sendRequest("getUserPermissions.php", "GET")
-          .then(permissionData => {
-            if (permissionData && typeof permissionData === "object") {
-              localStorage.setItem("folderOnly", permissionData.folderOnly ? "true" : "false");
-              localStorage.setItem("readOnly", permissionData.readOnly ? "true" : "false");
-              localStorage.setItem("disableUpload", permissionData.disableUpload ? "true" : "false");
-            }
-          })
-          .catch(() => {
-            // if fetching permissions fails.
-          })
-          .finally(() => {
-            window.location.reload();
-          });
-      } else if (response.totp_required) {
-        openTOTPLoginModal();
-      } else if (response.error && response.error.includes("Too many failed login attempts")) {
-        showToast(response.error);
-        const loginButton = document.getElementById("authForm").querySelector("button[type='submit']");
-        if (loginButton) {
-          loginButton.disabled = true;
-          setTimeout(() => {
-            loginButton.disabled = false;
-            showToast("You can now try logging in again.");
-          }, 30 * 60 * 1000);
-        }
-      } else {
-        showToast("Login failed: " + (response.error || "Unknown error"));
-      }
-    })
-    .catch(() => {
-      showToast("Login failed: Unknown error");
-    });
-}
-window.submitLogin = submitLogin;
-
-/* ----------------- Other Helpers ----------------- */
-window.changeItemsPerPage = function (value) {
-  localStorage.setItem("itemsPerPage", value);
-  if (typeof renderFileTable === "function") renderFileTable(window.currentFolder || "root");
-};
-
-function resetUserForm() {
-  document.getElementById("newUsername").value = "";
-  document.getElementById("addUserPassword").value = "";
-}
-
-function closeAddUserModal() {
-  toggleVisibility("addUserModal", false);
-  resetUserForm();
-}
-
-function closeRemoveUserModal() {
-  toggleVisibility("removeUserModal", false);
-  document.getElementById("removeUsernameSelect").innerHTML = "";
-}
-
-function loadUserList() {
-  fetch("getUsers.php", { credentials: "include" })
-    .then(response => response.json())
-    .then(data => {
-      const users = Array.isArray(data) ? data : (data.users || []);
-      const selectElem = document.getElementById("removeUsernameSelect");
-      selectElem.innerHTML = "";
-      users.forEach(user => {
-        const option = document.createElement("option");
-        option.value = user.username;
-        option.textContent = user.username;
-        selectElem.appendChild(option);
-      });
-      if (selectElem.options.length === 0) {
-        showToast("No other users found to remove.");
-        closeRemoveUserModal();
-      }
-    })
-    .catch(() => { });
-}
-window.loadUserList = loadUserList;
-
-function initAuth() {
-  checkAuthentication(false);
-  loadAdminConfigFunc();
-  const authForm = document.getElementById("authForm");
-  if (authForm) {
-    authForm.addEventListener("submit", function (event) {
-      event.preventDefault();
-      const rememberMe = document.getElementById("rememberMeCheckbox")
-        ? document.getElementById("rememberMeCheckbox").checked
-        : false;
-      const formData = {
-        username: document.getElementById("loginUsername").value.trim(),
-        password: document.getElementById("loginPassword").value.trim(),
-        remember_me: rememberMe
-      };
-      submitLogin(formData);
-    });
-  }
-  document.getElementById("logoutBtn").addEventListener("click", function () {
-    fetch("logout.php", {
-      method: "POST",
-      credentials: "include",
-      headers: { "X-CSRF-Token": window.csrfToken }
-    }).then(() => window.location.reload(true)).catch(() => { });
-  });
-  document.getElementById("addUserBtn").addEventListener("click", function () {
-    resetUserForm();
-    toggleVisibility("addUserModal", true);
-    document.getElementById("newUsername").focus();
-  });
-  document.getElementById("saveUserBtn").addEventListener("click", function () {
-    const newUsername = document.getElementById("newUsername").value.trim();
-    const newPassword = document.getElementById("addUserPassword").value.trim();
-    const isAdmin = document.getElementById("isAdmin").checked;
-    if (!newUsername || !newPassword) {
-      showToast("Username and password are required!");
-      return;
-    }
-    let url = "addUser.php";
-    if (window.setupMode) url += "?setup=1";
-    fetch(url, {
-      method: "POST",
-      credentials: "include",
-      headers: { "Content-Type": "application/json", "X-CSRF-Token": window.csrfToken },
-      body: JSON.stringify({ username: newUsername, password: newPassword, isAdmin })
-    })
-      .then(response => response.json())
-      .then(data => {
-        if (data.success) {
-          showToast("User added successfully!");
-          closeAddUserModal();
-          checkAuthentication(false);
-        } else {
-          showToast("Error: " + (data.error || "Could not add user"));
-        }
-      })
-      .catch(() => { });
-  });
-  document.getElementById("cancelUserBtn").addEventListener("click", closeAddUserModal);
-
-  document.getElementById("removeUserBtn").addEventListener("click", function () {
-    loadUserList();
-    toggleVisibility("removeUserModal", true);
-  });
-  document.getElementById("deleteUserBtn").addEventListener("click", async function () {
-    const selectElem = document.getElementById("removeUsernameSelect");
-    const usernameToRemove = selectElem.value;
-    if (!usernameToRemove) {
-      showToast("Please select a user to remove.");
-      return;
-    }
-    const confirmed = await showCustomConfirmModal("Are you sure you want to delete user " + usernameToRemove + "?");
-    if (!confirmed) return;
-    fetch("removeUser.php", {
-      method: "POST",
-      credentials: "include",
-      headers: { "Content-Type": "application/json", "X-CSRF-Token": window.csrfToken },
-      body: JSON.stringify({ username: usernameToRemove })
-    })
-      .then(response => response.json())
-      .then(data => {
-        if (data.success) {
-          showToast("User removed successfully!");
-          closeRemoveUserModal();
-          loadUserList();
-        } else {
-          showToast("Error: " + (data.error || "Could not remove user"));
-        }
-      })
-      .catch(() => { });
-  });
-  document.getElementById("cancelRemoveUserBtn").addEventListener("click", closeRemoveUserModal);
-  document.getElementById("changePasswordBtn").addEventListener("click", function () {
-    document.getElementById("changePasswordModal").style.display = "block";
-    document.getElementById("oldPassword").focus();
-  });
-  document.getElementById("closeChangePasswordModal").addEventListener("click", function () {
-    document.getElementById("changePasswordModal").style.display = "none";
-  });
-  document.getElementById("saveNewPasswordBtn").addEventListener("click", function () {
-    const oldPassword = document.getElementById("oldPassword").value.trim();
-    const newPassword = document.getElementById("newPassword").value.trim();
-    const confirmPassword = document.getElementById("confirmPassword").value.trim();
-    if (!oldPassword || !newPassword || !confirmPassword) {
-      showToast("Please fill in all fields.");
-      return;
-    }
-    if (newPassword !== confirmPassword) {
-      showToast("New passwords do not match.");
-      return;
-    }
-    const data = { oldPassword, newPassword, confirmPassword };
-    fetch("changePassword.php", {
-      method: "POST",
-      credentials: "include",
-      headers: { "Content-Type": "application/json", "X-CSRF-Token": window.csrfToken },
-      body: JSON.stringify(data)
-    })
-      .then(response => response.json())
-      .then(result => {
-        if (result.success) {
-          showToast(result.success);
-          document.getElementById("oldPassword").value = "";
-          document.getElementById("newPassword").value = "";
-          document.getElementById("confirmPassword").value = "";
-          document.getElementById("changePasswordModal").style.display = "none";
-        } else {
-          showToast("Error: " + (result.error || "Could not change password."));
-        }
-      })
-      .catch(() => { showToast("Error changing password."); });
-  });
-}
-
-document.addEventListener("DOMContentLoaded", function () {
-  updateItemsPerPageSelect();
-  updateLoginOptionsUI({
-    disableFormLogin: localStorage.getItem("disableFormLogin") === "true",
-    disableBasicAuth: localStorage.getItem("disableBasicAuth") === "true",
-    disableOIDCLogin: localStorage.getItem("disableOIDCLogin") === "true"
-  });
-
-  const oidcLoginBtn = document.getElementById("oidcLoginBtn");
-  if (oidcLoginBtn) {
-    oidcLoginBtn.addEventListener("click", () => {
-      window.location.href = "auth.php?oidc=initiate";
-    });
-  }
-
-  // If TOTP is pending, show modal and skip normal auth init
-  if (window.pendingTOTP) {
-    openTOTPLoginModal();
-    return;
-  }
-});
-
-export { initAuth, checkAuthentication };
--- a/js/authModals.js
+++ b/js/authModals.js
@@ -1,882 +0,0 @@
-import { showToast, toggleVisibility, attachEnterKeyListener } from './domUtils.js';
-import { sendRequest } from './networkUtils.js';
-import { t, applyTranslations, setLocale } from './i18n.js';
-
-const version = "v1.1.2";
-const adminTitle = `Admin Panel <small style="font-size: 12px; color: gray;">${version}</small>`;
-
-let lastLoginData = null;
-export function setLastLoginData(data) {
-  lastLoginData = data;
-  // expose to auth.js so it can tell form-login vs basic/oidc
-  //window.__lastLoginData = data;
-}
-
-export function openTOTPLoginModal() {
-  let totpLoginModal = document.getElementById("totpLoginModal");
-  const isDarkMode = document.body.classList.contains("dark-mode");
-  const modalBg = isDarkMode ? "#2c2c2c" : "#fff";
-  const textColor = isDarkMode ? "#e0e0e0" : "#000";
-
-  if (!totpLoginModal) {
-    totpLoginModal = document.createElement("div");
-    totpLoginModal.id = "totpLoginModal";
-    totpLoginModal.style.cssText = `
-      position: fixed;
-      top: 0; left: 0;
-      width: 100vw; height: 100vh;
-      background-color: rgba(0,0,0,0.5);
-      display: flex; justify-content: center; align-items: center;
-      z-index: 3200;
-    `;
-    totpLoginModal.innerHTML = `
-      <div style="background: ${modalBg}; padding:20px; border-radius:8px; text-align:center; position:relative; color:${textColor};">
-        <span id="closeTOTPLoginModal" style="position:absolute; top:10px; right:10px; cursor:pointer; font-size:24px;">&times;</span>
-        <div id="totpSection">
-          <h3>${t("enter_totp_code")}</h3>
-          <input type="text" id="totpLoginInput" maxlength="6"
-                 style="font-size:24px; text-align:center; width:100%; padding:10px;"
-                 placeholder="6-digit code" />
-        </div>
-        <a href="#" id="toggleRecovery" style="display:block; margin-top:10px; font-size:14px;">${t("use_recovery_code_instead")}</a>
-        <div id="recoverySection" style="display:none; margin-top:10px;">
-          <h3>${t("enter_recovery_code")}</h3>
-          <input type="text" id="recoveryInput"
-                 style="font-size:24px; text-align:center; width:100%; padding:10px;"
-                 placeholder="Recovery code" />
-          <button type="button" id="submitRecovery" class="btn btn-secondary" style="margin-top:10px;">Submit Recovery Code</button>
-        </div>
-      </div>
-    `;
-    document.body.appendChild(totpLoginModal);
-
-    // Close button
-    document.getElementById("closeTOTPLoginModal").addEventListener("click", () => {
-      totpLoginModal.style.display = "none";
-    });
-
-    // Toggle between TOTP and Recovery
-    document.getElementById("toggleRecovery").addEventListener("click", function (e) {
-      e.preventDefault();
-      const totpSection = document.getElementById("totpSection");
-      const recoverySection = document.getElementById("recoverySection");
-      const toggleLink = this;
-
-      if (recoverySection.style.display === "none") {
-        // Switch to recovery
-        totpSection.style.display = "none";
-        recoverySection.style.display = "block";
-        toggleLink.textContent = "Use TOTP Code instead";
-      } else {
-        // Switch back to TOTP
-        recoverySection.style.display = "none";
-        totpSection.style.display = "block";
-        toggleLink.textContent = "Use Recovery Code instead";
-      }
-    });
-
-    // Recovery submission
-    document.getElementById("submitRecovery").addEventListener("click", () => {
-      const recoveryCode = document.getElementById("recoveryInput").value.trim();
-      if (!recoveryCode) {
-        showToast("Please enter your recovery code.");
-        return;
-      }
-      fetch("totp_recover.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ recovery_code: recoveryCode })
-      })
-        .then(res => res.json())
-        .then(json => {
-          if (json.status === "ok") {
-            // recovery succeeded → finalize login
-            window.location.href = "index.html";
-          } else {
-            showToast(json.message || "Recovery code verification failed");
-          }
-        })
-        .catch(() => {
-          showToast("Error verifying recovery code.");
-        });
-    });
-
-    // TOTP submission
-    const totpInput = document.getElementById("totpLoginInput");
-    totpInput.focus();
-    totpInput.addEventListener("input", function () {
-      const code = this.value.trim();
-      if (code.length === 6) {
-        fetch("totp_verify.php", {
-          method: "POST",
-          credentials: "include",
-          headers: {
-            "Content-Type": "application/json",
-            "X-CSRF-Token": window.csrfToken
-          },
-          body: JSON.stringify({ totp_code: code })
-        })
-          .then(res => res.json())
-          .then(json => {
-            if (json.status === "ok") {
-              window.location.href = "index.html";
-            } else {
-              showToast(json.message || "TOTP verification failed");
-              this.value = "";
-              totpLoginModal.style.display = "flex";
-              totpInput.focus();
-            }
-          })
-          .catch(() => {
-            showToast("TOTP verification failed");
-            this.value = "";
-            totpLoginModal.style.display = "flex";
-            totpInput.focus();
-          });
-      }
-    });
-  } else {
-    // Re-open existing modal
-    totpLoginModal.style.display = "flex";
-    const totpInput = document.getElementById("totpLoginInput");
-    totpInput.value = "";
-    totpInput.style.display = "block";
-    totpInput.focus();
-    document.getElementById("recoverySection").style.display = "none";
-  }
-}
-
-export function openUserPanel() {
-  const username = localStorage.getItem("username") || "User";
-  let userPanelModal = document.getElementById("userPanelModal");
-  const isDarkMode = document.body.classList.contains("dark-mode");
-  const overlayBackground = isDarkMode ? "rgba(0,0,0,0.7)" : "rgba(0,0,0,0.3)";
-  const modalContentStyles = `
-    background: ${isDarkMode ? "#2c2c2c" : "#fff"};
-    color: ${isDarkMode ? "#e0e0e0" : "#000"};
-    padding: 20px;
-    max-width: 600px;
-    width: 90%;
-    border-radius: 8px;
-    position: fixed;
-    overflow-y: auto;
-    max-height: 350px !important;
-    border: ${isDarkMode ? "1px solid #444" : "1px solid #ccc"};
-    transform: none;
-    transition: none;
-  `;
-  // Retrieve the language setting from local storage, default to English ("en")
-  const savedLanguage = localStorage.getItem("language") || "en";
-  if (!userPanelModal) {
-    userPanelModal = document.createElement("div");
-    userPanelModal.id = "userPanelModal";
-    userPanelModal.style.cssText = `
-        position: fixed;
-        top: 0;
-        left: 0;
-        width: 100vw;
-        height: 100vh;
-        background-color: ${overlayBackground};
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        z-index: 3000;
-      `;
-    userPanelModal.innerHTML = `
-        <div class="modal-content user-panel-content" style="${modalContentStyles}">
-          <span id="closeUserPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Panel (${username})</h3>
-          <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">Change Password</button>
-          <fieldset style="margin-bottom: 15px;">
-            <legend>TOTP Settings</legend>
-            <div class="form-group">
-              <label for="userTOTPEnabled">Enable TOTP:</label>
-              <input type="checkbox" id="userTOTPEnabled" style="vertical-align: middle;" />
-            </div>
-          </fieldset>
-          <fieldset style="margin-bottom: 15px;">
-            <legend>Language</legend>
-            <div class="form-group">
-              <label for="languageSelector">Select Language:</label>
-              <select id="languageSelector">
-                <option value="en">English</option>
-                <option value="es">Español</option>
-                <option value="fr">Français</option>
-                <option value="de">Deutsch</option>
-              </select>
-            </div>
-          </fieldset>
-        </div>
-      `;
-    document.body.appendChild(userPanelModal);
-    // Close button handler
-    document.getElementById("closeUserPanel").addEventListener("click", () => {
-      userPanelModal.style.display = "none";
-    });
-    // Change Password button
-    document.getElementById("openChangePasswordModalBtn").addEventListener("click", () => {
-      document.getElementById("changePasswordModal").style.display = "block";
-    });
-    // TOTP checkbox behavior
-    const totpCheckbox = document.getElementById("userTOTPEnabled");
-    totpCheckbox.checked = localStorage.getItem("userTOTPEnabled") === "true";
-    totpCheckbox.addEventListener("change", function () {
-      localStorage.setItem("userTOTPEnabled", this.checked ? "true" : "false");
-      const enabled = this.checked;
-      fetch("updateUserPanel.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ totp_enabled: enabled })
-      })
-        .then(r => r.json())
-        .then(result => {
-          if (!result.success) {
-            showToast("Error updating TOTP setting: " + result.error);
-          } else if (enabled) {
-            openTOTPModal();
-          }
-        })
-        .catch(() => { showToast("Error updating TOTP setting."); });
-    });
-    // Language dropdown initialization
-    const languageSelector = document.getElementById("languageSelector");
-    languageSelector.value = savedLanguage;
-    languageSelector.addEventListener("change", function () {
-      const selectedLanguage = this.value;
-      localStorage.setItem("language", selectedLanguage);
-      setLocale(selectedLanguage);
-      applyTranslations();
-    });
-  } else {
-    // If the modal already exists, update its colors
-    userPanelModal.style.backgroundColor = overlayBackground;
-    const modalContent = userPanelModal.querySelector(".modal-content");
-    modalContent.style.background = isDarkMode ? "#2c2c2c" : "#fff";
-    modalContent.style.color = isDarkMode ? "#e0e0e0" : "#000";
-    modalContent.style.border = isDarkMode ? "1px solid #444" : "1px solid #ccc";
-  }
-  userPanelModal.style.display = "flex";
-}
-
-function showRecoveryCodeModal(recoveryCode) {
-  const recoveryModal = document.createElement("div");
-  recoveryModal.id = "recoveryModal";
-  recoveryModal.style.cssText = `
-    position: fixed;
-    top: 0;
-    left: 0;
-    width: 100vw;
-    height: 100vh;
-    background-color: rgba(0,0,0,0.3);
-    display: flex;
-    justify-content: center;
-    align-items: center;
-    z-index: 3200;
-  `;
-  recoveryModal.innerHTML = `
-    <div style="background: #fff; color: #000; padding: 20px; max-width: 400px; width: 90%; border-radius: 8px; text-align: center;">
-      <h3>Your Recovery Code</h3>
-      <p>Please save this code securely. It will not be shown again and can only be used once.</p>
-      <code style="display: block; margin: 10px 0; font-size: 20px;">${recoveryCode}</code>
-      <button type="button" id="closeRecoveryModal" class="btn btn-primary">OK</button>
-    </div>
-  `;
-  document.body.appendChild(recoveryModal);
-
-  document.getElementById("closeRecoveryModal").addEventListener("click", () => {
-    recoveryModal.remove();
-  });
-}
-
-export function openTOTPModal() {
-  let totpModal = document.getElementById("totpModal");
-  const isDarkMode = document.body.classList.contains("dark-mode");
-  const overlayBackground = isDarkMode ? "rgba(0,0,0,0.7)" : "rgba(0,0,0,0.3)";
-  const modalContentStyles = `
-    background: ${isDarkMode ? "#2c2c2c" : "#fff"};
-    color: ${isDarkMode ? "#e0e0e0" : "#000"};
-    padding: 20px;
-    max-width: 400px;
-    width: 90%;
-    border-radius: 8px;
-    position: relative;
-  `;
-  if (!totpModal) {
-    totpModal = document.createElement("div");
-    totpModal.id = "totpModal";
-    totpModal.style.cssText = `
-      position: fixed;
-      top: 0;
-      left: 0;
-      width: 100vw;
-      height: 100vh;
-      background-color: ${overlayBackground};
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      z-index: 3100;
-    `;
-    totpModal.innerHTML = `
-    <div class="modal-content" style="${modalContentStyles}">
-      <span id="closeTOTPModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-      <h3>TOTP Setup</h3>
-      <p>Scan this QR code with your authenticator app:</p>
-      <!-- Create an image placeholder without the CSRF token in the src -->
-      <img id="totpQRCodeImage" src="" alt="TOTP QR Code" style="max-width: 100%; height: auto; display: block; margin: 0 auto;">
-      <br/>
-      <p>Enter the 6-digit code from your app to confirm setup:</p>
-      <input type="text" id="totpConfirmInput" maxlength="6" style="font-size:24px; text-align:center; width:100%; padding:10px;" placeholder="6-digit code" />
-      <br/><br/>
-      <button type="button" id="confirmTOTPBtn" class="btn btn-primary">Confirm</button>
-    </div>
-  `;
-    document.body.appendChild(totpModal);
-    loadTOTPQRCode();
-
-    document.getElementById("closeTOTPModal").addEventListener("click", () => {
-      closeTOTPModal(true);
-    });
-
-    document.getElementById("confirmTOTPBtn").addEventListener("click", function () {
-      const code = document.getElementById("totpConfirmInput").value.trim();
-      if (code.length !== 6) {
-        showToast("Please enter a valid 6-digit code.");
-        return;
-      }
-      fetch("totp_verify.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ totp_code: code })
-      })
-        .then(r => r.json())
-        .then(result => {
-          if (result.status === 'ok') {
-            showToast("TOTP successfully enabled.");
-            // After successful TOTP verification, fetch the recovery code
-            fetch("totp_saveCode.php", {
-              method: "POST",
-              credentials: "include",
-              headers: {
-                "Content-Type": "application/json",
-                "X-CSRF-Token": window.csrfToken
-              }
-            })
-              .then(r => r.json())
-              .then(data => {
-                if (data.status === 'ok' && data.recoveryCode) {
-                  // Show the recovery code in a secure modal
-                  showRecoveryCodeModal(data.recoveryCode);
-                } else {
-                  showToast("Error generating recovery code: " + (data.message || "Unknown error."));
-                }
-              })
-              .catch(() => { showToast("Error generating recovery code."); });
-            closeTOTPModal(false);
-          } else {
-            showToast("TOTP verification failed: " + (result.message || "Invalid code."));
-          }
-        })
-        .catch(() => { showToast("Error verifying TOTP code."); });
-    });
-
-    // Focus the input and attach enter key listener
-    const totpConfirmInput = document.getElementById("totpConfirmInput");
-    if (totpConfirmInput) {
-      setTimeout(() => {
-        const totpConfirmInput = document.getElementById("totpConfirmInput");
-        if (totpConfirmInput) totpConfirmInput.focus();
-      }, 100);
-    }
-    attachEnterKeyListener("totpModal", "confirmTOTPBtn");
-
-  } else {
-    totpModal.style.display = "flex";
-    totpModal.style.backgroundColor = overlayBackground;
-    const modalContent = totpModal.querySelector(".modal-content");
-    modalContent.style.background = isDarkMode ? "#2c2c2c" : "#fff";
-    modalContent.style.color = isDarkMode ? "#e0e0e0" : "#000";
-
-    // Clear any previous QR code src if needed and then load it:
-    const qrImg = document.getElementById("totpQRCodeImage");
-    if (qrImg) {
-      qrImg.src = "";
-    }
-    loadTOTPQRCode();
-
-    // Focus the input and attach enter key listener
-    const totpConfirmInput = document.getElementById("totpConfirmInput");
-    if (totpConfirmInput) {
-      totpConfirmInput.value = "";
-      setTimeout(() => {
-        const totpConfirmInput = document.getElementById("totpConfirmInput");
-        if (totpConfirmInput) totpConfirmInput.focus();
-      }, 100);
-    }
-    attachEnterKeyListener("totpModal", "confirmTOTPBtn");
-  }
-}
-
-function loadTOTPQRCode() {
-  fetch("totp_setup.php", {
-    method: "GET",
-    credentials: "include",
-    headers: {
-      "X-CSRF-Token": window.csrfToken  // Send your CSRF token here
-    }
-  })
-    .then(response => {
-      if (!response.ok) {
-        throw new Error("Failed to fetch QR code. Status: " + response.status);
-      }
-      return response.blob();
-    })
-    .then(blob => {
-      const imageURL = URL.createObjectURL(blob);
-      const qrImg = document.getElementById("totpQRCodeImage");
-      if (qrImg) {
-        qrImg.src = imageURL;
-      }
-    })
-    .catch(error => {
-      console.error("Error loading TOTP QR code:", error);
-      showToast("Error loading QR code.");
-    });
-}
-
-// Updated closeTOTPModal function with a disable parameter
-export function closeTOTPModal(disable = true) {
-  const totpModal = document.getElementById("totpModal");
-  if (totpModal) totpModal.style.display = "none";
-
-  if (disable) {
-    // Uncheck the Enable TOTP checkbox
-    const totpCheckbox = document.getElementById("userTOTPEnabled");
-    if (totpCheckbox) {
-      totpCheckbox.checked = false;
-      localStorage.setItem("userTOTPEnabled", "false");
-    }
-    // Call endpoint to remove the TOTP secret from the user's record
-    fetch("totp_disable.php", {
-      method: "POST",
-      credentials: "include",
-      headers: {
-        "Content-Type": "application/json",
-        "X-CSRF-Token": window.csrfToken
-      }
-    })
-      .then(r => r.json())
-      .then(result => {
-        if (!result.success) {
-          showToast("Error disabling TOTP setting: " + result.error);
-        }
-      })
-      .catch(() => { showToast("Error disabling TOTP setting."); });
-  }
-}
-
-export function openAdminPanel() {
-  fetch("getConfig.php", { credentials: "include" })
-    .then(response => response.json())
-    .then(config => {
-      if (config.oidc) Object.assign(window.currentOIDCConfig, config.oidc);
-      if (config.globalOtpauthUrl) window.currentOIDCConfig.globalOtpauthUrl = config.globalOtpauthUrl;
-      const isDarkMode = document.body.classList.contains("dark-mode");
-      const overlayBackground = isDarkMode ? "rgba(0,0,0,0.7)" : "rgba(0,0,0,0.3)";
-      const modalContentStyles = `
-          background: ${isDarkMode ? "#2c2c2c" : "#fff"};
-          color: ${isDarkMode ? "#e0e0e0" : "#000"};
-          padding: 20px;
-          max-width: 600px;
-          width: 90%;
-          border-radius: 8px;
-          position: relative;
-          overflow-y: auto;
-          max-height: 90vh;
-          border: ${isDarkMode ? "1px solid #444" : "1px solid #ccc"};
-        `;
-      let adminModal = document.getElementById("adminPanelModal");
-
-      if (!adminModal) {
-        adminModal = document.createElement("div");
-        adminModal.id = "adminPanelModal";
-        adminModal.style.cssText = `
-            position: fixed;
-            top: 0;
-            left: 0;
-            width: 100vw;
-            height: 100vh;
-            background-color: ${overlayBackground};
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            z-index: 3000;
-          `;
-        // Added a version number next to "Admin Panel"
-        adminModal.innerHTML = `
-          <div class="modal-content" style="${modalContentStyles}">
-            <span id="closeAdminPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-            <h3>
-              <h3>${adminTitle}</h3>
-            </h3>
-            <form id="adminPanelForm">
-              <fieldset style="margin-bottom: 15px;">
-                <legend>User Management</legend>
-                <div style="display: flex; gap: 10px;">
-                  <button type="button" id="adminOpenAddUser" class="btn btn-success">Add User</button>
-                  <button type="button" id="adminOpenRemoveUser" class="btn btn-danger">Remove User</button>
-                  <button type="button" id="adminOpenUserPermissions" class="btn btn-secondary">User Permissions</button>
-                </div>
-              </fieldset>
-              <fieldset style="margin-bottom: 15px;">
-                <legend>OIDC Configuration</legend>
-                <div class="form-group">
-                  <label for="oidcProviderUrl">OIDC Provider URL:</label>
-                  <input type="text" id="oidcProviderUrl" class="form-control" value="${window.currentOIDCConfig.providerUrl}" />
-                </div>
-                <div class="form-group">
-                  <label for="oidcClientId">OIDC Client ID:</label>
-                  <input type="text" id="oidcClientId" class="form-control" value="${window.currentOIDCConfig.clientId}" />
-                </div>
-                <div class="form-group">
-                  <label for="oidcClientSecret">OIDC Client Secret:</label>
-                  <input type="text" id="oidcClientSecret" class="form-control" value="${window.currentOIDCConfig.clientSecret}" />
-                </div>
-                <div class="form-group">
-                  <label for="oidcRedirectUri">OIDC Redirect URI:</label>
-                  <input type="text" id="oidcRedirectUri" class="form-control" value="${window.currentOIDCConfig.redirectUri}" />
-                </div>
-              </fieldset>
-              <fieldset style="margin-bottom: 15px;">
-                <legend>Global TOTP Settings</legend>
-                <div class="form-group">
-                  <label for="globalOtpauthUrl">Global OTPAuth URL:</label>
-                  <input type="text" id="globalOtpauthUrl" class="form-control" value="${window.currentOIDCConfig.globalOtpauthUrl || 'otpauth://totp/{label}?secret={secret}&issuer=FileRise'}" />
-                </div>
-              </fieldset>
-              <fieldset style="margin-bottom: 15px;">
-                <legend>Login Options</legend>
-                <div class="form-group">
-                  <input type="checkbox" id="disableFormLogin" />
-                  <label for="disableFormLogin">Disable Login Form</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableBasicAuth" />
-                  <label for="disableBasicAuth">Disable Basic HTTP Auth</label>
-                </div>
-                <div class="form-group">
-                  <input type="checkbox" id="disableOIDCLogin" />
-                  <label for="disableOIDCLogin">Disable OIDC Login</label>
-                </div>
-              </fieldset>
-              <div style="display: flex; justify-content: space-between;">
-                <button type="button" id="cancelAdminSettings" class="btn btn-secondary">Cancel</button>
-                <button type="button" id="saveAdminSettings" class="btn btn-primary">Save Settings</button>
-              </div>
-            </form>
-          </div>
-        `;
-        document.body.appendChild(adminModal);
-
-        document.getElementById("closeAdminPanel").addEventListener("click", closeAdminPanel);
-        adminModal.addEventListener("click", (e) => {
-          if (e.target === adminModal) closeAdminPanel();
-        });
-        document.getElementById("cancelAdminSettings").addEventListener("click", closeAdminPanel);
-        document.getElementById("adminOpenAddUser").addEventListener("click", () => {
-          toggleVisibility("addUserModal", true);
-          document.getElementById("newUsername").focus();
-        });
-        document.getElementById("adminOpenRemoveUser").addEventListener("click", () => {
-          if (typeof window.loadUserList === "function") {
-            window.loadUserList();
-          }
-          toggleVisibility("removeUserModal", true);
-        });
-        // New event binding for the User Permissions button:
-        document.getElementById("adminOpenUserPermissions").addEventListener("click", () => {
-          openUserPermissionsModal();
-        });
-        document.getElementById("saveAdminSettings").addEventListener("click", () => {
-          const disableFormLoginCheckbox = document.getElementById("disableFormLogin");
-          const disableBasicAuthCheckbox = document.getElementById("disableBasicAuth");
-          const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
-          const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
-          if (totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
-            disableOIDCLoginCheckbox.checked = false;
-            localStorage.setItem("disableOIDCLogin", "false");
-            if (typeof window.updateLoginOptionsUI === "function") {
-              window.updateLoginOptionsUI({
-                disableFormLogin: disableFormLoginCheckbox.checked,
-                disableBasicAuth: disableBasicAuthCheckbox.checked,
-                disableOIDCLogin: disableOIDCLoginCheckbox.checked
-              });
-            }
-            return;
-          }
-          const newOIDCConfig = {
-            providerUrl: document.getElementById("oidcProviderUrl").value.trim(),
-            clientId: document.getElementById("oidcClientId").value.trim(),
-            clientSecret: document.getElementById("oidcClientSecret").value.trim(),
-            redirectUri: document.getElementById("oidcRedirectUri").value.trim()
-          };
-          const disableFormLogin = disableFormLoginCheckbox.checked;
-          const disableBasicAuth = disableBasicAuthCheckbox.checked;
-          const disableOIDCLogin = disableOIDCLoginCheckbox.checked;
-          const globalOtpauthUrl = document.getElementById("globalOtpauthUrl").value.trim();
-          sendRequest("updateConfig.php", "POST", {
-            oidc: newOIDCConfig,
-            disableFormLogin,
-            disableBasicAuth,
-            disableOIDCLogin,
-            globalOtpauthUrl
-          }, { "X-CSRF-Token": window.csrfToken })
-            .then(response => {
-              if (response.success) {
-                showToast("Settings updated successfully.");
-                localStorage.setItem("disableFormLogin", disableFormLogin);
-                localStorage.setItem("disableBasicAuth", disableBasicAuth);
-                localStorage.setItem("disableOIDCLogin", disableOIDCLogin);
-                if (typeof window.updateLoginOptionsUI === "function") {
-                  window.updateLoginOptionsUI({ disableFormLogin, disableBasicAuth, disableOIDCLogin });
-                }
-                closeAdminPanel();
-              } else {
-                showToast("Error updating settings: " + (response.error || "Unknown error"));
-              }
-            })
-            .catch(() => { });
-        });
-        const disableFormLoginCheckbox = document.getElementById("disableFormLogin");
-        const disableBasicAuthCheckbox = document.getElementById("disableBasicAuth");
-        const disableOIDCLoginCheckbox = document.getElementById("disableOIDCLogin");
-        function enforceLoginOptionConstraint(changedCheckbox) {
-          const totalDisabled = [disableFormLoginCheckbox, disableBasicAuthCheckbox, disableOIDCLoginCheckbox].filter(cb => cb.checked).length;
-          if (changedCheckbox.checked && totalDisabled === 3) {
-            showToast("At least one login method must remain enabled.");
-            changedCheckbox.checked = false;
-          }
-        }
-        disableFormLoginCheckbox.addEventListener("change", function () { enforceLoginOptionConstraint(this); });
-        disableBasicAuthCheckbox.addEventListener("change", function () { enforceLoginOptionConstraint(this); });
-        disableOIDCLoginCheckbox.addEventListener("change", function () { enforceLoginOptionConstraint(this); });
-
-        document.getElementById("disableFormLogin").checked = config.loginOptions.disableFormLogin === true;
-        document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
-        document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
-      } else {
-        adminModal.style.backgroundColor = overlayBackground;
-        const modalContent = adminModal.querySelector(".modal-content");
-        if (modalContent) {
-          modalContent.style.background = isDarkMode ? "#2c2c2c" : "#fff";
-          modalContent.style.color = isDarkMode ? "#e0e0e0" : "#000";
-          modalContent.style.border = isDarkMode ? "1px solid #444" : "1px solid #ccc";
-        }
-        document.getElementById("oidcProviderUrl").value = window.currentOIDCConfig.providerUrl;
-        document.getElementById("oidcClientId").value = window.currentOIDCConfig.clientId;
-        document.getElementById("oidcClientSecret").value = window.currentOIDCConfig.clientSecret;
-        document.getElementById("oidcRedirectUri").value = window.currentOIDCConfig.redirectUri;
-        document.getElementById("globalOtpauthUrl").value = window.currentOIDCConfig.globalOtpauthUrl || 'otpauth://totp/{label}?secret={secret}&issuer=FileRise';
-        document.getElementById("disableFormLogin").checked = config.loginOptions.disableFormLogin === true;
-        document.getElementById("disableBasicAuth").checked = config.loginOptions.disableBasicAuth === true;
-        document.getElementById("disableOIDCLogin").checked = config.loginOptions.disableOIDCLogin === true;
-        adminModal.style.display = "flex";
-      }
-    })
-    .catch(() => {
-      let adminModal = document.getElementById("adminPanelModal");
-      if (adminModal) {
-        adminModal.style.backgroundColor = "rgba(0,0,0,0.5)";
-        const modalContent = adminModal.querySelector(".modal-content");
-        if (modalContent) {
-          modalContent.style.background = "#fff";
-          modalContent.style.color = "#000";
-          modalContent.style.border = "1px solid #ccc";
-        }
-        document.getElementById("oidcProviderUrl").value = window.currentOIDCConfig.providerUrl;
-        document.getElementById("oidcClientId").value = window.currentOIDCConfig.clientId;
-        document.getElementById("oidcClientSecret").value = window.currentOIDCConfig.clientSecret;
-        document.getElementById("oidcRedirectUri").value = window.currentOIDCConfig.redirectUri;
-        document.getElementById("globalOtpauthUrl").value = window.currentOIDCConfig.globalOtpauthUrl || 'otpauth://totp/{label}?secret={secret}&issuer=FileRise';
-        document.getElementById("disableFormLogin").checked = localStorage.getItem("disableFormLogin") === "true";
-        document.getElementById("disableBasicAuth").checked = localStorage.getItem("disableBasicAuth") === "true";
-        document.getElementById("disableOIDCLogin").checked = localStorage.getItem("disableOIDCLogin") === "true";
-        adminModal.style.display = "flex";
-      } else {
-        openAdminPanel();
-      }
-    });
-}
-
-export function closeAdminPanel() {
-  const adminModal = document.getElementById("adminPanelModal");
-  if (adminModal) adminModal.style.display = "none";
-}
-
-// --- New: User Permissions Modal ---
-
-export function openUserPermissionsModal() {
-  let userPermissionsModal = document.getElementById("userPermissionsModal");
-  const isDarkMode = document.body.classList.contains("dark-mode");
-  const overlayBackground = isDarkMode ? "rgba(0,0,0,0.7)" : "rgba(0,0,0,0.3)";
-  const modalContentStyles = `
-      background: ${isDarkMode ? "#2c2c2c" : "#fff"};
-      color: ${isDarkMode ? "#e0e0e0" : "#000"};
-      padding: 20px;
-      max-width: 500px;
-      width: 90%;
-      border-radius: 8px;
-      position: relative;
-    `;
-
-  if (!userPermissionsModal) {
-    userPermissionsModal = document.createElement("div");
-    userPermissionsModal.id = "userPermissionsModal";
-    userPermissionsModal.style.cssText = `
-        position: fixed;
-        top: 0;
-        left: 0;
-        width: 100vw;
-        height: 100vh;
-        background-color: ${overlayBackground};
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        z-index: 3500;
-      `;
-    userPermissionsModal.innerHTML = `
-        <div class="modal-content" style="${modalContentStyles}">
-          <span id="closeUserPermissionsModal" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
-          <h3>User Permissions</h3>
-          <div id="userPermissionsList" style="max-height: 300px; overflow-y: auto; margin-bottom: 15px;">
-            <!-- User rows will be loaded here -->
-          </div>
-          <div style="display: flex; justify-content: flex-end; gap: 10px;">
-            <button type="button" id="cancelUserPermissionsBtn" class="btn btn-secondary">Cancel</button>
-            <button type="button" id="saveUserPermissionsBtn" class="btn btn-primary">Save Permissions</button>
-          </div>
-        </div>
-      `;
-    document.body.appendChild(userPermissionsModal);
-    document.getElementById("closeUserPermissionsModal").addEventListener("click", () => {
-      userPermissionsModal.style.display = "none";
-    });
-    document.getElementById("cancelUserPermissionsBtn").addEventListener("click", () => {
-      userPermissionsModal.style.display = "none";
-    });
-    document.getElementById("saveUserPermissionsBtn").addEventListener("click", () => {
-      // Collect permissions data from each user row.
-      const rows = userPermissionsModal.querySelectorAll(".user-permission-row");
-      const permissionsData = [];
-      rows.forEach(row => {
-        const username = row.getAttribute("data-username");
-        const folderOnlyCheckbox = row.querySelector("input[data-permission='folderOnly']");
-        const readOnlyCheckbox = row.querySelector("input[data-permission='readOnly']");
-        const disableUploadCheckbox = row.querySelector("input[data-permission='disableUpload']");
-        permissionsData.push({
-          username,
-          folderOnly: folderOnlyCheckbox.checked,
-          readOnly: readOnlyCheckbox.checked,
-          disableUpload: disableUploadCheckbox.checked
-        });
-      });
-      // Send the permissionsData to the server.
-      sendRequest("updateUserPermissions.php", "POST", { permissions: permissionsData }, { "X-CSRF-Token": window.csrfToken })
-        .then(response => {
-          if (response.success) {
-            showToast("User permissions updated successfully.");
-            userPermissionsModal.style.display = "none";
-          } else {
-            showToast("Error updating permissions: " + (response.error || "Unknown error"));
-          }
-        })
-        .catch(() => {
-          showToast("Error updating permissions.");
-        });
-    });
-  } else {
-    userPermissionsModal.style.display = "flex";
-  }
-  // Load the list of users into the modal.
-  loadUserPermissionsList();
-}
-
-function loadUserPermissionsList() {
-  const listContainer = document.getElementById("userPermissionsList");
-  if (!listContainer) return;
-  listContainer.innerHTML = "";
-
-  // First, fetch the current permissions from the server.
-  fetch("getUserPermissions.php", { credentials: "include" })
-    .then(response => response.json())
-    .then(permissionsData => {
-      // Then, fetch the list of users.
-      return fetch("getUsers.php", { credentials: "include" })
-        .then(response => response.json())
-        .then(usersData => {
-          const users = Array.isArray(usersData) ? usersData : (usersData.users || []);
-          if (users.length === 0) {
-            listContainer.innerHTML = "<p>No users found.</p>";
-            return;
-          }
-          users.forEach(user => {
-            // Skip admin users.
-            if ((user.role && user.role === "1") || user.username.toLowerCase() === "admin") return;
-
-            // Use stored permissions if available; otherwise fall back to localStorage defaults.
-            const defaultPerm = {
-              folderOnly: false,
-              readOnly: false,
-              disableUpload: false,
-            };
-
-            // Normalize the username key to match server storage (e.g., lowercase)
-            const usernameKey = user.username.toLowerCase();
-
-            const userPerm = (permissionsData && typeof permissionsData === "object" && (usernameKey in permissionsData))
-              ? permissionsData[usernameKey]
-              : defaultPerm;
-
-            // Create a row for the user.
-            const row = document.createElement("div");
-            row.classList.add("user-permission-row");
-            row.setAttribute("data-username", user.username);
-            row.style.padding = "10px 0";
-            row.innerHTML = `
-                <div style="font-weight: bold; margin-bottom: 5px;">${user.username}</div>
-                <div style="display: flex; flex-direction: column; gap: 5px;">
-                  <label style="display: flex; align-items: center; gap: 5px;">
-                    <input type="checkbox" data-permission="folderOnly" ${userPerm.folderOnly ? "checked" : ""} />
-                    User Folder Only
-                  </label>
-                  <label style="display: flex; align-items: center; gap: 5px;">
-                    <input type="checkbox" data-permission="readOnly" ${userPerm.readOnly ? "checked" : ""} />
-                    Read Only
-                  </label>
-                  <label style="display: flex; align-items: center; gap: 5px;">
-                    <input type="checkbox" data-permission="disableUpload" ${userPerm.disableUpload ? "checked" : ""} />
-                    Disable Upload
-                  </label>
-                </div>
-                <hr style="margin-top: 10px; border: 0; border-bottom: 1px solid #ccc;">
-              `;
-            listContainer.appendChild(row);
-          });
-        });
-    })
-    .catch(() => {
-      listContainer.innerHTML = "<p>Error loading users.</p>";
-    });
-}
--- a/js/dragAndDrop.js
+++ b/js/dragAndDrop.js
@@ -1,599 +0,0 @@
-// dragAndDrop.js
-// This file handles drag-and-drop functionality for cards in the sidebar, header and top drop zones.
-// It also manages the visibility of the sidebar and header drop zones based on the current state of the application.
-// It includes functions to save and load the order of cards in the sidebar and header from localStorage.
-// It also includes functions to handle the drag-and-drop events, including mouse movements and drop zones.
-// It uses CSS classes to manage the appearance of the sidebar and header drop zones during drag-and-drop operations.
-
-// Moves cards into the sidebar based on the saved order in localStorage.
-export function loadSidebarOrder() {
-    const sidebar = document.getElementById('sidebarDropArea');
-    if (!sidebar) return;
-    const orderStr = localStorage.getItem('sidebarOrder');
-    if (orderStr) {
-      const order = JSON.parse(orderStr);
-      if (order.length > 0) {
-        // Ensure main wrapper is visible.
-        const mainWrapper = document.querySelector('.main-wrapper');
-        if (mainWrapper) {
-          mainWrapper.style.display = 'flex';
-        }
-        // For each saved ID, move the card into the sidebar.
-        order.forEach(id => {
-          const card = document.getElementById(id);
-          if (card && card.parentNode.id !== 'sidebarDropArea') {
-            sidebar.appendChild(card);
-            // Animate vertical slide for sidebar card
-            animateVerticalSlide(card);
-          }
-        });
-      }
-    }
-    updateSidebarVisibility();
-  }
-  
-  // NEW: Load header order from localStorage.
-  export function loadHeaderOrder() {
-    const headerDropArea = document.getElementById('headerDropArea');
-    if (!headerDropArea) return;
-    const orderStr = localStorage.getItem('headerOrder');
-    if (orderStr) {
-      const order = JSON.parse(orderStr);
-      if (order.length > 0) {
-        order.forEach(id => {
-          const card = document.getElementById(id);
-          // Only load if card is not already in header drop zone.
-          if (card && card.parentNode.id !== 'headerDropArea') {
-            insertCardInHeader(card, null);
-          }
-        });
-      }
-    }
-  }
-  
-  // Internal helper: update sidebar visibility based on its content.
-  function updateSidebarVisibility() {
-    const sidebar = document.getElementById('sidebarDropArea');
-    if (sidebar) {
-      const cards = sidebar.querySelectorAll('#uploadCard, #folderManagementCard');
-      if (cards.length > 0) {
-        sidebar.classList.add('active');
-        sidebar.style.display = 'block';
-      } else {
-        sidebar.classList.remove('active');
-        sidebar.style.display = 'none';
-      }
-      // Save the current order in localStorage.
-      saveSidebarOrder();
-    }
-  }
-  
-  // NEW: Save header order to localStorage.
-  function saveHeaderOrder() {
-    const headerDropArea = document.getElementById('headerDropArea');
-    if (headerDropArea) {
-      const icons = Array.from(headerDropArea.children);
-      // Each header icon stores its associated card in the property cardElement.
-      const order = icons.map(icon => icon.cardElement.id);
-      localStorage.setItem('headerOrder', JSON.stringify(order));
-    }
-  }
-  
-  // Internal helper: update top zone layout (center a card if one column is empty).
-  function updateTopZoneLayout() {
-    const leftCol = document.getElementById('leftCol');
-    const rightCol = document.getElementById('rightCol');
-  
-    const leftIsEmpty = !leftCol.querySelector('#uploadCard');
-    const rightIsEmpty = !rightCol.querySelector('#folderManagementCard');
-  
-    if (leftIsEmpty && !rightIsEmpty) {
-      leftCol.style.display = 'none';
-      rightCol.style.margin = '0 auto';
-    } else if (rightIsEmpty && !leftIsEmpty) {
-      rightCol.style.display = 'none';
-      leftCol.style.margin = '0 auto';
-    } else {
-      leftCol.style.display = '';
-      rightCol.style.display = '';
-      leftCol.style.margin = '';
-      rightCol.style.margin = '';
-    }
-  }
-  
-  // When a card is being dragged, if the top drop zone is empty, set its min-height.
-  function addTopZoneHighlight() {
-    const topZone = document.getElementById('uploadFolderRow');
-    if (topZone) {
-      topZone.classList.add('highlight');
-      if (topZone.querySelectorAll('#uploadCard, #folderManagementCard').length === 0) {
-        topZone.style.minHeight = '375px';
-      }
-    }
-  }
-  
-  // When the drag ends, remove the extra min-height.
-  function removeTopZoneHighlight() {
-    const topZone = document.getElementById('uploadFolderRow');
-    if (topZone) {
-      topZone.classList.remove('highlight');
-      topZone.style.minHeight = '';
-    }
-  }
-  
-  // Vertical slide/fade animation helper.
-  function animateVerticalSlide(card) {
-    card.style.transform = 'translateY(30px)';
-    card.style.opacity = '0';
-    // Force reflow.
-    card.offsetWidth;
-    requestAnimationFrame(() => {
-      card.style.transition = 'transform 0.3s ease, opacity 0.3s ease';
-      card.style.transform = 'translateY(0)';
-      card.style.opacity = '1';
-    });
-    setTimeout(() => {
-      card.style.transition = '';
-      card.style.transform = '';
-      card.style.opacity = '';
-    }, 310);
-  }
-  
-  // Internal helper: insert card into sidebar at a proper position based on event.clientY.
-  function insertCardInSidebar(card, event) {
-    const sidebar = document.getElementById('sidebarDropArea');
-    if (!sidebar) return;
-    const existingCards = Array.from(sidebar.querySelectorAll('#uploadCard, #folderManagementCard'));
-    let inserted = false;
-    for (const currentCard of existingCards) {
-      const rect = currentCard.getBoundingClientRect();
-      const midY = rect.top + rect.height / 2;
-      if (event.clientY < midY) {
-        sidebar.insertBefore(card, currentCard);
-        inserted = true;
-        break;
-      }
-    }
-    if (!inserted) {
-      sidebar.appendChild(card);
-    }
-    // Ensure card fills the sidebar.
-    card.style.width = '100%';
-    animateVerticalSlide(card);
-  }
-  
-  // Internal helper: save the current sidebar card order to localStorage.
-  function saveSidebarOrder() {
-    const sidebar = document.getElementById('sidebarDropArea');
-    if (sidebar) {
-      const cards = sidebar.querySelectorAll('#uploadCard, #folderManagementCard');
-      const order = Array.from(cards).map(card => card.id);
-      localStorage.setItem('sidebarOrder', JSON.stringify(order));
-    }
-  }
-  
-  // Helper: move cards from sidebar back to the top drop area when on small screens.
-  function moveSidebarCardsToTop() {
-    if (window.innerWidth < 1205) {
-      const sidebar = document.getElementById('sidebarDropArea');
-      if (!sidebar) return;
-      const cards = Array.from(sidebar.querySelectorAll('#uploadCard, #folderManagementCard'));
-      cards.forEach(card => {
-        const orig = document.getElementById(card.dataset.originalContainerId);
-        if (orig) {
-          orig.appendChild(card);
-          animateVerticalSlide(card);
-        }
-      });
-      updateSidebarVisibility();
-      updateTopZoneLayout();
-    }
-  }
-  
-  // Listen for window resize to automatically move sidebar cards back to top on small screens.
-  window.addEventListener('resize', function () {
-    if (window.innerWidth < 1205) {
-      moveSidebarCardsToTop();
-    }
-  });
-  
-  // This function ensures the top drop zone (#uploadFolderRow) has a stable width when empty.
-  function ensureTopZonePlaceholder() {
-    const topZone = document.getElementById('uploadFolderRow');
-    if (!topZone) return;
-    if (topZone.querySelectorAll('#uploadCard, #folderManagementCard').length === 0) {
-      let placeholder = topZone.querySelector('.placeholder');
-      if (!placeholder) {
-        placeholder = document.createElement('div');
-        placeholder.className = 'placeholder';
-        placeholder.style.visibility = 'hidden';
-        placeholder.style.display = 'block';
-        placeholder.style.width = '100%';
-        placeholder.style.height = '375px';
-        topZone.appendChild(placeholder);
-      }
-    } else {
-      const placeholder = topZone.querySelector('.placeholder');
-      if (placeholder) placeholder.remove();
-    }
-  }
-    
-  // --- NEW HELPER FUNCTIONS FOR HEADER DROP ZONE ---
-  
-  // Show header drop zone and add a "drag-active" class so that the pseudo-element appears.
-  function showHeaderDropZone() {
-    const headerDropArea = document.getElementById('headerDropArea');
-    if (headerDropArea) {
-      headerDropArea.style.display = 'inline-flex';
-      headerDropArea.classList.add('drag-active');
-    }
-  }
-    
-  // Hide header drop zone by removing the "drag-active" class.
-  // If a header icon is present (i.e. a card was dropped), the drop zone remains visible without the dashed border.
-  function hideHeaderDropZone() {
-    const headerDropArea = document.getElementById('headerDropArea');
-    if (headerDropArea) {
-      headerDropArea.classList.remove('drag-active');
-      if (headerDropArea.children.length === 0) {
-        headerDropArea.style.display = 'none';
-      }
-    }
-  }
-    
-  // === NEW FUNCTION: Insert card into header drop zone as a material icon ===
-  function insertCardInHeader(card, event) {
-      const headerDropArea = document.getElementById('headerDropArea');
-      if (!headerDropArea) return;
-      
-      // For folder management and upload cards, preserve the original by moving it to a hidden container.
-      if (card.id === 'folderManagementCard' || card.id === 'uploadCard') {
-        let hiddenContainer = document.getElementById('hiddenCardsContainer');
-        if (!hiddenContainer) {
-          hiddenContainer = document.createElement('div');
-          hiddenContainer.id = 'hiddenCardsContainer';
-          hiddenContainer.style.display = 'none';
-          document.body.appendChild(hiddenContainer);
-        }
-        // Move the original card to the hidden container if it's not already there.
-        if (card.parentNode.id !== 'hiddenCardsContainer') {
-          hiddenContainer.appendChild(card);
-        }
-      } else {
-        // For other cards, simply remove from current container.
-        if (card.parentNode) {
-          card.parentNode.removeChild(card);
-        }
-      }
-      
-      // Create the header icon button.
-      const iconButton = document.createElement('button');
-      iconButton.className = 'header-card-icon';
-      // Remove default button styling.
-      iconButton.style.border = 'none';
-      iconButton.style.background = 'none';
-      iconButton.style.outline = 'none';
-      iconButton.style.cursor = 'pointer';
-        
-      // Choose an icon based on the card type with 24px size.
-      if (card.id === 'uploadCard') {
-        iconButton.innerHTML = '<i class="material-icons" style="font-size:24px;">cloud_upload</i>';
-      } else if (card.id === 'folderManagementCard') {
-        iconButton.innerHTML = '<i class="material-icons" style="font-size:24px;">folder</i>';
-      } else {
-        iconButton.innerHTML = '<i class="material-icons" style="font-size:24px;">insert_drive_file</i>';
-      }
-      
-      // Save a reference to the card in the icon button.
-      iconButton.cardElement = card;
-      // Associate this icon with the card for future removal.
-      card.headerIconButton = iconButton;
-      
-      let modal = null;
-      let isLocked = false;
-      let hoverActive = false;
-      
-      // showModal: When triggered, ensure the card is attached to the modal.
-      function showModal() {
-        if (!modal) {
-          modal = document.createElement('div');
-          modal.className = 'header-card-modal';
-          modal.style.position = 'fixed';
-          modal.style.top = '55px';
-          modal.style.right = '80px';
-          modal.style.zIndex = '11000';
-          // Render the modal but initially keep it hidden.
-          modal.style.display = 'block';
-          modal.style.visibility = 'hidden';
-          modal.style.opacity = '0';
-          modal.style.background = 'none';
-          modal.style.border = 'none';
-          modal.style.padding = '0';
-          modal.style.boxShadow = 'none';
-          document.body.appendChild(modal);
-          // Attach modal hover events.
-          modal.addEventListener('mouseover', handleMouseOver);
-          modal.addEventListener('mouseout', handleMouseOut);
-          iconButton.modalInstance = modal;
-        }
-        // If the card isn't already in the modal, remove it from the hidden container and attach it.
-        if (!modal.contains(card)) {
-          const hiddenContainer = document.getElementById('hiddenCardsContainer');
-          if (hiddenContainer && hiddenContainer.contains(card)) {
-            hiddenContainer.removeChild(card);
-          }
-          modal.appendChild(card);
-        }
-        // Reveal the modal.
-        modal.style.visibility = 'visible';
-        modal.style.opacity = '1';
-      }
-      
-      // hideModal: Hide the modal and return the card to the hidden container.
-      function hideModal() {
-        if (modal && !isLocked && !hoverActive) {
-          modal.style.visibility = 'hidden';
-          modal.style.opacity = '0';
-          // Return the card to the hidden container.
-          const hiddenContainer = document.getElementById('hiddenCardsContainer');
-          if (hiddenContainer && modal.contains(card)) {
-            hiddenContainer.appendChild(card);
-          }
-        }
-      }
-      
-      function handleMouseOver() {
-        hoverActive = true;
-        showModal();
-      }
-      
-      function handleMouseOut() {
-        hoverActive = false;
-        setTimeout(() => {
-          if (!hoverActive && !isLocked) {
-            hideModal();
-          }
-        }, 300);
-      }
-      
-      // Attach hover events to the icon.
-      iconButton.addEventListener('mouseover', handleMouseOver);
-      iconButton.addEventListener('mouseout', handleMouseOut);
-      
-      // Toggle the locked state on click so the modal stays open.
-      iconButton.addEventListener('click', (e) => {
-        isLocked = !isLocked;
-        if (isLocked) {
-          showModal();
-        } else {
-          hideModal();
-        }
-        e.stopPropagation();
-      });
-      
-      // Append the header icon button into the header drop zone.
-      headerDropArea.appendChild(iconButton);
-      // Save the updated header order.
-      saveHeaderOrder();
-    }
-    
-  // === Main Drag and Drop Initialization ===
-  export function initDragAndDrop() {
-    function run() {
-      const draggableCards = document.querySelectorAll('#uploadCard, #folderManagementCard');
-      draggableCards.forEach(card => {
-        if (!card.dataset.originalContainerId) {
-          card.dataset.originalContainerId = card.parentNode.id;
-        }
-        const header = card.querySelector('.card-header');
-        if (header) {
-          header.classList.add('drag-header');
-        }
-    
-        let isDragging = false;
-        let dragTimer = null;
-        let offsetX = 0, offsetY = 0;
-        let initialLeft, initialTop;
-    
-        if (header) {
-          header.addEventListener('mousedown', function (e) {
-            e.preventDefault();
-            const card = this.closest('.card');
-            // Capture the card's initial bounding rectangle.
-            const initialRect = card.getBoundingClientRect();
-            const originX = ((e.clientX - initialRect.left) / initialRect.width) * 100;
-            const originY = ((e.clientY - initialRect.top) / initialRect.height) * 100;
-            card.style.transformOrigin = `${originX}% ${originY}%`;
-    
-            // Store the initial rect so we use it later.
-            dragTimer = setTimeout(() => {
-              isDragging = true;
-              card.classList.add('dragging');
-              card.style.pointerEvents = 'none';
-              addTopZoneHighlight();
-    
-              const sidebar = document.getElementById('sidebarDropArea');
-              if (sidebar) {
-                sidebar.classList.add('active');
-                sidebar.style.display = 'block';
-                sidebar.classList.add('highlight');
-                sidebar.style.height = '800px';
-              }
-    
-              // Show header drop zone while dragging.
-              showHeaderDropZone();
-    
-              // Use the stored initialRect.
-              initialLeft = initialRect.left + window.pageXOffset;
-              initialTop = initialRect.top + window.pageYOffset;
-              offsetX = e.pageX - initialLeft;
-              offsetY = e.pageY - initialTop;
-    
-              // Remove any associated header icon if present.
-              if (card.headerIconButton) {
-                if (card.headerIconButton.parentNode) {
-                  card.headerIconButton.parentNode.removeChild(card.headerIconButton);
-                }
-                if (card.headerIconButton.modalInstance && card.headerIconButton.modalInstance.parentNode) {
-                  card.headerIconButton.modalInstance.parentNode.removeChild(card.headerIconButton.modalInstance);
-                }
-                card.headerIconButton = null;
-                saveHeaderOrder();
-              }
-    
-              // Append card to body and fix its dimensions.
-              document.body.appendChild(card);
-              card.style.position = 'absolute';
-              card.style.left = initialLeft + 'px';
-              card.style.top = initialTop + 'px';
-              card.style.width = initialRect.width + 'px';
-              card.style.height = initialRect.height + 'px';
-              card.style.minWidth = initialRect.width + 'px';
-              card.style.flexShrink = '0';
-              card.style.zIndex = '10000';
-            }, 500);
-          });
-          header.addEventListener('mouseup', function () {
-            clearTimeout(dragTimer);
-          });
-        }
-    
-        document.addEventListener('mousemove', function (e) {
-          if (isDragging) {
-            card.style.left = (e.pageX - offsetX) + 'px';
-            card.style.top = (e.pageY - offsetY) + 'px';
-          }
-        });
-    
-        document.addEventListener('mouseup', function (e) {
-          if (isDragging) {
-            isDragging = false;
-            card.style.pointerEvents = '';
-            card.classList.remove('dragging');
-            removeTopZoneHighlight();
-    
-            const sidebar = document.getElementById('sidebarDropArea');
-            if (sidebar) {
-              sidebar.classList.remove('highlight');
-              sidebar.style.height = '';
-            }
-    
-            // Remove any existing header icon if present.
-            if (card.headerIconButton) {
-              if (card.headerIconButton.parentNode) {
-                card.headerIconButton.parentNode.removeChild(card.headerIconButton);
-              }
-              if (card.headerIconButton.modalInstance && card.headerIconButton.modalInstance.parentNode) {
-                card.headerIconButton.modalInstance.parentNode.removeChild(card.headerIconButton.modalInstance);
-              }
-              card.headerIconButton = null;
-              saveHeaderOrder();
-            }
-    
-            let droppedInSidebar = false;
-            let droppedInTop = false;
-            let droppedInHeader = false;
-    
-            // Check if dropped in sidebar drop zone.
-            const sidebarElem = document.getElementById('sidebarDropArea');
-            if (sidebarElem) {
-              const rect = sidebarElem.getBoundingClientRect();
-              const dropZoneBottom = rect.top + 800; // Virtual drop zone height.
-              if (
-                e.clientX >= rect.left &&
-                e.clientX <= rect.right &&
-                e.clientY >= rect.top &&
-                e.clientY <= dropZoneBottom
-              ) {
-                insertCardInSidebar(card, e);
-                droppedInSidebar = true;
-              }
-            }
-            // Check the top drop zone.
-            const topRow = document.getElementById('uploadFolderRow');
-            if (!droppedInSidebar && topRow) {
-              const rect = topRow.getBoundingClientRect();
-              if (
-                e.clientX >= rect.left &&
-                e.clientX <= rect.right &&
-                e.clientY >= rect.top &&
-                e.clientY <= rect.bottom
-              ) {
-                let container;
-                if (card.id === 'uploadCard') {
-                  container = document.getElementById('leftCol');
-                } else if (card.id === 'folderManagementCard') {
-                  container = document.getElementById('rightCol');
-                }
-                if (container) {
-                  ensureTopZonePlaceholder();
-                  updateTopZoneLayout();
-                  container.appendChild(card);
-                  droppedInTop = true;
-                  // Set a fixed width during animation.
-                  card.style.width = "363px";
-                  animateVerticalSlide(card);
-                  setTimeout(() => {
-                    card.style.removeProperty('width');
-                  }, 210);
-                }
-              }
-            }
-            // Check the header drop zone.
-            const headerDropArea = document.getElementById('headerDropArea');
-            if (!droppedInSidebar && !droppedInTop && headerDropArea) {
-              const rect = headerDropArea.getBoundingClientRect();
-              if (
-                e.clientX >= rect.left &&
-                e.clientX <= rect.right &&
-                e.clientY >= rect.top &&
-                e.clientY <= rect.bottom
-              ) {
-                insertCardInHeader(card, e);
-                droppedInHeader = true;
-              }
-            }
-            // If card was not dropped in any zone, return it to its original container.
-            if (!droppedInSidebar && !droppedInTop && !droppedInHeader) {
-              const orig = document.getElementById(card.dataset.originalContainerId);
-              if (orig) {
-                orig.appendChild(card);
-                card.style.removeProperty('width');
-              }
-            }
-    
-            // Clear inline drag-related styles.
-            [
-              'position',
-              'left',
-              'top',
-              'z-index',
-              'height',
-              'min-width',
-              'flex-shrink',
-              'transition',
-              'transform',
-              'opacity'
-            ].forEach(prop => card.style.removeProperty(prop));
-    
-            // For sidebar drops, force width to 100%.
-            if (droppedInSidebar) {
-              card.style.width = '100%';
-            }
-    
-            updateTopZoneLayout();
-            updateSidebarVisibility();
-    
-            // Hide header drop zone if no icon is present.
-            hideHeaderDropZone();
-          }
-        });
-      });
-    }
-    
-    if (document.readyState === 'loading') {
-      document.addEventListener('DOMContentLoaded', run);
-    } else {
-      run();
-    }
-  }
--- a/js/fileActions.js
+++ b/js/fileActions.js
@@ -1,576 +0,0 @@
-// fileActions.js
-import { showToast, attachEnterKeyListener } from './domUtils.js';
-import { loadFileList } from './fileListView.js';
-import { formatFolderName } from './fileListView.js';
-import { t } from './i18n.js';
-
-export function handleDeleteSelected(e) {
-  e.preventDefault();
-  e.stopImmediatePropagation();
-  const checkboxes = document.querySelectorAll(".file-checkbox:checked");
-  if (checkboxes.length === 0) {
-    showToast("no_files_selected");
-    return;
-  }
-
-  window.filesToDelete = Array.from(checkboxes).map(chk => chk.value);
-  const count = window.filesToDelete.length;
-  document.getElementById("deleteFilesMessage").textContent = t("confirm_delete_files", { count: count });
-  document.getElementById("deleteFilesModal").style.display = "block";
-  attachEnterKeyListener("deleteFilesModal", "confirmDeleteFiles");
-}
-
-document.addEventListener("DOMContentLoaded", function () {
-  const cancelDelete = document.getElementById("cancelDeleteFiles");
-  if (cancelDelete) {
-    cancelDelete.addEventListener("click", function () {
-      document.getElementById("deleteFilesModal").style.display = "none";
-      window.filesToDelete = [];
-    });
-  }
-
-  const confirmDelete = document.getElementById("confirmDeleteFiles");
-  if (confirmDelete) {
-    confirmDelete.addEventListener("click", function () {
-      fetch("deleteFiles.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ folder: window.currentFolder, files: window.filesToDelete })
-      })
-        .then(response => response.json())
-        .then(data => {
-          if (data.success) {
-            showToast("Selected files deleted successfully!");
-            loadFileList(window.currentFolder);
-          } else {
-            showToast("Error: " + (data.error || "Could not delete files"));
-          }
-        })
-        .catch(error => console.error("Error deleting files:", error))
-        .finally(() => {
-          document.getElementById("deleteFilesModal").style.display = "none";
-          window.filesToDelete = [];
-        });
-    });
-  }
-});
-
-attachEnterKeyListener("downloadZipModal", "confirmDownloadZip");
-export function handleDownloadZipSelected(e) {
-  e.preventDefault();
-  e.stopImmediatePropagation();
-  const checkboxes = document.querySelectorAll(".file-checkbox:checked");
-  if (checkboxes.length === 0) {
-    showToast("No files selected for download.");
-    return;
-  }
-  window.filesToDownload = Array.from(checkboxes).map(chk => chk.value);
-  document.getElementById("downloadZipModal").style.display = "block";
-  setTimeout(() => {
-    const input = document.getElementById("zipFileNameInput");
-    input.focus();
-  }, 100);
-};
-
-export function openDownloadModal(fileName, folder) {
-  // Store file details globally for the download confirmation function.
-  window.singleFileToDownload = fileName;
-  window.currentFolder = folder || "root";
-  
-  // Optionally pre-fill the file name input in the modal.
-  const input = document.getElementById("downloadFileNameInput");
-  if (input) {
-    input.value = fileName; // Use file name as-is (or modify if desired)
-  }
-  
-  // Show the single file download modal (a new modal element).
-  document.getElementById("downloadFileModal").style.display = "block";
-  
-  // Optionally focus the input after a short delay.
-  setTimeout(() => {
-    if (input) input.focus();
-  }, 100);
-}
-
-export function confirmSingleDownload() {
-  // Get the file name from the modal. Users can change it if desired.
-  let fileName = document.getElementById("downloadFileNameInput").value.trim();
-  if (!fileName) {
-    showToast("Please enter a name for the file.");
-    return;
-  }
-  
-  // Hide the download modal.
-  document.getElementById("downloadFileModal").style.display = "none";
-  // Show the progress modal (same as in your ZIP download flow).
-  document.getElementById("downloadProgressModal").style.display = "block";
-  
-  // Build the URL for download.php using GET parameters.
-  const folder = window.currentFolder || "root";
-  const downloadURL = "download.php?folder=" + encodeURIComponent(folder) +
-                      "&file=" + encodeURIComponent(window.singleFileToDownload);
-  
-  fetch(downloadURL, {
-    method: "GET",
-    credentials: "include"
-  })
-    .then(response => {
-      if (!response.ok) {
-        return response.text().then(text => {
-          throw new Error("Failed to download file: " + text);
-        });
-      }
-      return response.blob();
-    })
-    .then(blob => {
-      if (!blob || blob.size === 0) {
-        throw new Error("Received empty file.");
-      }
-      const url = window.URL.createObjectURL(blob);
-      const a = document.createElement("a");
-      a.style.display = "none";
-      a.href = url;
-      a.download = fileName;
-      document.body.appendChild(a);
-      a.click();
-      window.URL.revokeObjectURL(url);
-      a.remove();
-      // Hide the progress modal.
-      document.getElementById("downloadProgressModal").style.display = "none";
-      showToast("Download started.");
-    })
-    .catch(error => {
-      // Hide progress modal and show error.
-      document.getElementById("downloadProgressModal").style.display = "none";
-      console.error("Error downloading file:", error);
-      showToast("Error downloading file: " + error.message);
-    });
-}
-
-export function handleExtractZipSelected(e) {
-  if (e) {
-    e.preventDefault();
-    e.stopImmediatePropagation();
-  }
-  const checkboxes = document.querySelectorAll(".file-checkbox:checked");
-  if (!checkboxes.length) {
-    showToast("No files selected.");
-    return;
-  }
-  const zipFiles = Array.from(checkboxes)
-    .map(chk => chk.value)
-    .filter(name => name.toLowerCase().endsWith(".zip"));
-  if (!zipFiles.length) {
-    showToast("No zip files selected.");
-    return;
-  }
-  
-  // Change progress modal text to "Extracting files..."
-  const progressText = document.querySelector("#downloadProgressModal p");
-  if (progressText) {
-    progressText.textContent = "Extracting files...";
-  }
-  
-  // Show the progress modal.
-  document.getElementById("downloadProgressModal").style.display = "block";
-  
-  fetch("extractZip.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": window.csrfToken
-    },
-    body: JSON.stringify({
-      folder: window.currentFolder || "root",
-      files: zipFiles
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      // Hide the progress modal once the request has completed.
-      document.getElementById("downloadProgressModal").style.display = "none";
-      if (data.success) {
-        let toastMessage = "Zip file(s) extracted successfully!";
-        if (data.extractedFiles && Array.isArray(data.extractedFiles) && data.extractedFiles.length) {
-          toastMessage = "Extracted: " + data.extractedFiles.join(", ");
-        }
-        showToast(toastMessage);
-        loadFileList(window.currentFolder);
-      } else {
-        showToast("Error extracting zip: " + (data.error || "Unknown error"));
-      }
-    })
-    .catch(error => {
-      // Hide the progress modal on error.
-      document.getElementById("downloadProgressModal").style.display = "none";
-      console.error("Error extracting zip files:", error);
-      showToast("Error extracting zip files.");
-    });
-}
-
-const extractZipBtn = document.getElementById("extractZipBtn");
-if (extractZipBtn) {
-  extractZipBtn.replaceWith(extractZipBtn.cloneNode(true));
-  document.getElementById("extractZipBtn").addEventListener("click", handleExtractZipSelected);
-}
-
-document.addEventListener("DOMContentLoaded", function () {
-  const cancelDownloadZip = document.getElementById("cancelDownloadZip");
-  if (cancelDownloadZip) {
-    cancelDownloadZip.addEventListener("click", function () {
-      document.getElementById("downloadZipModal").style.display = "none";
-    });
-  }
-
-  // This part remains in your confirmDownloadZip event handler:
-  const confirmDownloadZip = document.getElementById("confirmDownloadZip");
-  if (confirmDownloadZip) {
-    confirmDownloadZip.addEventListener("click", function () {
-      let zipName = document.getElementById("zipFileNameInput").value.trim();
-      if (!zipName) {
-        showToast("Please enter a name for the zip file.");
-        return;
-      }
-      if (!zipName.toLowerCase().endsWith(".zip")) {
-        zipName += ".zip";
-      }
-      // Hide the ZIP name input modal
-      document.getElementById("downloadZipModal").style.display = "none";
-      // Show the progress modal here only on confirm
-      console.log("Download confirmed. Showing progress modal.");
-      document.getElementById("downloadProgressModal").style.display = "block";
-      const folder = window.currentFolder || "root";
-      fetch("downloadZip.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ folder: folder, files: window.filesToDownload })
-      })
-        .then(response => {
-          if (!response.ok) {
-            return response.text().then(text => {
-              throw new Error("Failed to create zip file: " + text);
-            });
-          }
-          return response.blob();
-        })
-        .then(blob => {
-          if (!blob || blob.size === 0) {
-            throw new Error("Received empty zip file.");
-          }
-          const url = window.URL.createObjectURL(blob);
-          const a = document.createElement("a");
-          a.style.display = "none";
-          a.href = url;
-          a.download = zipName;
-          document.body.appendChild(a);
-          a.click();
-          window.URL.revokeObjectURL(url);
-          a.remove();
-          // Hide the progress modal after download starts
-          document.getElementById("downloadProgressModal").style.display = "none";
-          showToast("Download started.");
-        })
-        .catch(error => {
-          // Hide the progress modal on error
-          document.getElementById("downloadProgressModal").style.display = "none";
-          console.error("Error downloading zip:", error);
-          showToast("Error downloading selected files as zip: " + error.message);
-        });
-    });
-  }
-});
-
-export function handleCopySelected(e) {
-  e.preventDefault();
-  e.stopImmediatePropagation();
-  const checkboxes = document.querySelectorAll(".file-checkbox:checked");
-  if (checkboxes.length === 0) {
-    showToast("No files selected for copying.", 5000);
-    return;
-  }
-  window.filesToCopy = Array.from(checkboxes).map(chk => chk.value);
-  document.getElementById("copyFilesModal").style.display = "block";
-  loadCopyMoveFolderListForModal("copyTargetFolder");
-}
-
-export async function loadCopyMoveFolderListForModal(dropdownId) {
-  const folderSelect = document.getElementById(dropdownId);
-  folderSelect.innerHTML = "";
-
-  if (window.userFolderOnly) {
-    const username = localStorage.getItem("username") || "root";
-    try {
-      const response = await fetch("getFolderList.php?restricted=1");
-      let folders = await response.json();
-      if (Array.isArray(folders) && folders.length && typeof folders[0] === "object" && folders[0].folder) {
-        folders = folders.map(item => item.folder);
-      }
-      folders = folders.filter(folder =>
-        folder.toLowerCase() !== "trash" &&
-        (folder === username || folder.indexOf(username + "/") === 0)
-      );
-
-      const rootOption = document.createElement("option");
-      rootOption.value = username;
-      rootOption.textContent = formatFolderName(username);
-      folderSelect.appendChild(rootOption);
-
-      folders.forEach(folder => {
-        if (folder !== username) {
-          const option = document.createElement("option");
-          option.value = folder;
-          option.textContent = formatFolderName(folder);
-          folderSelect.appendChild(option);
-        }
-      });
-    } catch (error) {
-      console.error("Error loading folder list for modal:", error);
-    }
-    return;
-  }
-
-  try {
-    const response = await fetch("getFolderList.php");
-    let folders = await response.json();
-    if (Array.isArray(folders) && folders.length && typeof folders[0] === "object" && folders[0].folder) {
-      folders = folders.map(item => item.folder);
-    }
-    folders = folders.filter(folder => folder !== "root" && folder.toLowerCase() !== "trash");
-
-    const rootOption = document.createElement("option");
-    rootOption.value = "root";
-    rootOption.textContent = "(Root)";
-    folderSelect.appendChild(rootOption);
-
-    if (Array.isArray(folders) && folders.length > 0) {
-      folders.forEach(folder => {
-        const option = document.createElement("option");
-        option.value = folder;
-        option.textContent = folder;
-        folderSelect.appendChild(option);
-      });
-    }
-  } catch (error) {
-    console.error("Error loading folder list for modal:", error);
-  }
-}
-
-export function handleMoveSelected(e) {
-  e.preventDefault();
-  e.stopImmediatePropagation();
-  const checkboxes = document.querySelectorAll(".file-checkbox:checked");
-  if (checkboxes.length === 0) {
-    showToast("No files selected for moving.");
-    return;
-  }
-  window.filesToMove = Array.from(checkboxes).map(chk => chk.value);
-  document.getElementById("moveFilesModal").style.display = "block";
-  loadCopyMoveFolderListForModal("moveTargetFolder");
-}
-
-document.addEventListener("DOMContentLoaded", function () {
-  const cancelCopy = document.getElementById("cancelCopyFiles");
-  if (cancelCopy) {
-    cancelCopy.addEventListener("click", function () {
-      document.getElementById("copyFilesModal").style.display = "none";
-      window.filesToCopy = [];
-    });
-  }
-  const confirmCopy = document.getElementById("confirmCopyFiles");
-  if (confirmCopy) {
-    confirmCopy.addEventListener("click", function () {
-      const targetFolder = document.getElementById("copyTargetFolder").value;
-      if (!targetFolder) {
-        showToast("Please select a target folder for copying.", 5000);
-        return;
-      }
-      if (targetFolder === window.currentFolder) {
-        showToast("Error: Cannot copy files to the same folder.");
-        return;
-      }
-      fetch("copyFiles.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({
-          source: window.currentFolder,
-          files: window.filesToCopy,
-          destination: targetFolder
-        })
-      })
-        .then(response => response.json())
-        .then(data => {
-          if (data.success) {
-            showToast("Selected files copied successfully!", 5000);
-            loadFileList(window.currentFolder);
-          } else {
-            showToast("Error: " + (data.error || "Could not copy files"), 5000);
-          }
-        })
-        .catch(error => console.error("Error copying files:", error))
-        .finally(() => {
-          document.getElementById("copyFilesModal").style.display = "none";
-          window.filesToCopy = [];
-        });
-    });
-  }
-});
-
-document.addEventListener("DOMContentLoaded", function () {
-  const cancelMove = document.getElementById("cancelMoveFiles");
-  if (cancelMove) {
-    cancelMove.addEventListener("click", function () {
-      document.getElementById("moveFilesModal").style.display = "none";
-      window.filesToMove = [];
-    });
-  }
-  const confirmMove = document.getElementById("confirmMoveFiles");
-  if (confirmMove) {
-    confirmMove.addEventListener("click", function () {
-      const targetFolder = document.getElementById("moveTargetFolder").value;
-      if (!targetFolder) {
-        showToast("Please select a target folder for moving.");
-        return;
-      }
-      if (targetFolder === window.currentFolder) {
-        showToast("Error: Cannot move files to the same folder.");
-        return;
-      }
-      fetch("moveFiles.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({
-          source: window.currentFolder,
-          files: window.filesToMove,
-          destination: targetFolder
-        })
-      })
-        .then(response => response.json())
-        .then(data => {
-          if (data.success) {
-            showToast("Selected files moved successfully!");
-            loadFileList(window.currentFolder);
-          } else {
-            showToast("Error: " + (data.error || "Could not move files"));
-          }
-        })
-        .catch(error => console.error("Error moving files:", error))
-        .finally(() => {
-          document.getElementById("moveFilesModal").style.display = "none";
-          window.filesToMove = [];
-        });
-    });
-  }
-});
-
-export function renameFile(oldName, folder) {
-  window.fileToRename = oldName;
-  window.fileFolder = folder || window.currentFolder || "root";
-  document.getElementById("newFileName").value = oldName;
-  document.getElementById("renameFileModal").style.display = "block";
-  setTimeout(() => {
-    const input = document.getElementById("newFileName");
-    input.focus();
-    const lastDot = oldName.lastIndexOf('.');
-    if (lastDot > 0) {
-      input.setSelectionRange(0, lastDot);
-    } else {
-      input.select();
-    }
-  }, 100);
-}
-
-document.addEventListener("DOMContentLoaded", () => {
-  const cancelBtn = document.getElementById("cancelRenameFile");
-  if (cancelBtn) {
-    cancelBtn.addEventListener("click", function () {
-      document.getElementById("renameFileModal").style.display = "none";
-      document.getElementById("newFileName").value = "";
-    });
-  }
-
-  const submitBtn = document.getElementById("submitRenameFile");
-  if (submitBtn) {
-    submitBtn.addEventListener("click", function () {
-      const newName = document.getElementById("newFileName").value.trim();
-      if (!newName || newName === window.fileToRename) {
-        document.getElementById("renameFileModal").style.display = "none";
-        return;
-      }
-      const folderUsed = window.fileFolder;
-      fetch("renameFile.php", {
-        method: "POST",
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          "X-CSRF-Token": window.csrfToken
-        },
-        body: JSON.stringify({ folder: folderUsed, oldName: window.fileToRename, newName: newName })
-      })
-        .then(response => response.json())
-        .then(data => {
-          if (data.success) {
-            showToast("File renamed successfully!");
-            loadFileList(folderUsed);
-          } else {
-            showToast("Error renaming file: " + (data.error || "Unknown error"));
-          }
-        })
-        .catch(error => {
-          console.error("Error renaming file:", error);
-          showToast("Error renaming file");
-        })
-        .finally(() => {
-          document.getElementById("renameFileModal").style.display = "none";
-          document.getElementById("newFileName").value = "";
-        });
-    });
-  }
-});
-
-// Expose initFileActions so it can be called from fileManager.js
-export function initFileActions() {
-  const deleteSelectedBtn = document.getElementById("deleteSelectedBtn");
-  if (deleteSelectedBtn) {
-    deleteSelectedBtn.replaceWith(deleteSelectedBtn.cloneNode(true));
-    document.getElementById("deleteSelectedBtn").addEventListener("click", handleDeleteSelected);
-  }
-  const copySelectedBtn = document.getElementById("copySelectedBtn");
-  if (copySelectedBtn) {
-    copySelectedBtn.replaceWith(copySelectedBtn.cloneNode(true));
-    document.getElementById("copySelectedBtn").addEventListener("click", handleCopySelected);
-  }
-  const moveSelectedBtn = document.getElementById("moveSelectedBtn");
-  if (moveSelectedBtn) {
-    moveSelectedBtn.replaceWith(moveSelectedBtn.cloneNode(true));
-    document.getElementById("moveSelectedBtn").addEventListener("click", handleMoveSelected);
-  }
-  const downloadZipBtn = document.getElementById("downloadZipBtn");
-  if (downloadZipBtn) {
-    downloadZipBtn.replaceWith(downloadZipBtn.cloneNode(true));
-    document.getElementById("downloadZipBtn").addEventListener("click", handleDownloadZipSelected);
-  }
-  const extractZipBtn = document.getElementById("extractZipBtn");
-  if (extractZipBtn) {
-    extractZipBtn.replaceWith(extractZipBtn.cloneNode(true));
-    document.getElementById("extractZipBtn").addEventListener("click", handleExtractZipSelected);
-  }
-}
-
-window.renameFile = renameFile;
--- a/js/fileDragDrop.js
+++ b/js/fileDragDrop.js
@@ -1,125 +0,0 @@
-// fileDragDrop.js
-import { showToast } from './domUtils.js';
-import { loadFileList } from './fileListView.js';
-
-export function fileDragStartHandler(event) {
-  const row = event.currentTarget;
-  let fileNames = [];
-
-  const selectedCheckboxes = document.querySelectorAll("#fileList .file-checkbox:checked");
-  if (selectedCheckboxes.length > 1) {
-    selectedCheckboxes.forEach(chk => {
-      const parentRow = chk.closest("tr");
-      if (parentRow) {
-        const cell = parentRow.querySelector("td:nth-child(2)");
-        if (cell) {
-          let rawName = cell.textContent.trim();
-          const tagContainer = cell.querySelector(".tag-badges");
-          if (tagContainer) {
-            const tagText = tagContainer.innerText.trim();
-            if (rawName.endsWith(tagText)) {
-              rawName = rawName.slice(0, -tagText.length).trim();
-            }
-          }
-          fileNames.push(rawName);
-        }
-      }
-    });
-  } else {
-    const fileNameCell = row.querySelector("td:nth-child(2)");
-    if (fileNameCell) {
-      let rawName = fileNameCell.textContent.trim();
-      const tagContainer = fileNameCell.querySelector(".tag-badges");
-      if (tagContainer) {
-        const tagText = tagContainer.innerText.trim();
-        if (rawName.endsWith(tagText)) {
-          rawName = rawName.slice(0, -tagText.length).trim();
-        }
-      }
-      fileNames.push(rawName);
-    }
-  }
-
-  if (fileNames.length === 0) return;
-
-  const dragData = fileNames.length === 1 
-    ? { fileName: fileNames[0], sourceFolder: window.currentFolder || "root" }
-    : { files: fileNames, sourceFolder: window.currentFolder || "root" };
-
-  event.dataTransfer.setData("application/json", JSON.stringify(dragData));
-
-  let dragImage = document.createElement("div");
-  dragImage.style.display = "inline-flex";
-  dragImage.style.width = "auto";
-  dragImage.style.maxWidth = "fit-content";
-  dragImage.style.padding = "6px 10px";
-  dragImage.style.backgroundColor = "#333";
-  dragImage.style.color = "#fff";
-  dragImage.style.border = "1px solid #555";
-  dragImage.style.borderRadius = "4px";
-  dragImage.style.alignItems = "center";
-  dragImage.style.boxShadow = "2px 2px 6px rgba(0,0,0,0.3)";
-  const icon = document.createElement("span");
-  icon.className = "material-icons";
-  icon.textContent = "insert_drive_file";
-  icon.style.marginRight = "4px";
-  const label = document.createElement("span");
-  label.textContent = fileNames.length === 1 ? fileNames[0] : fileNames.length + " files";
-  dragImage.appendChild(icon);
-  dragImage.appendChild(label);
-  
-  document.body.appendChild(dragImage);
-  event.dataTransfer.setDragImage(dragImage, 5, 5);
-  setTimeout(() => {
-    document.body.removeChild(dragImage);
-  }, 0);
-}
-
-export function folderDragOverHandler(event) {
-  event.preventDefault();
-  event.currentTarget.classList.add("drop-hover");
-}
-
-export function folderDragLeaveHandler(event) {
-  event.currentTarget.classList.remove("drop-hover");
-}
-
-export function folderDropHandler(event) {
-  event.preventDefault();
-  event.currentTarget.classList.remove("drop-hover");
-  const dropFolder = event.currentTarget.getAttribute("data-folder");
-  let dragData;
-  try {
-    dragData = JSON.parse(event.dataTransfer.getData("application/json"));
-  } catch (e) {
-    console.error("Invalid drag data");
-    return;
-  }
-  if (!dragData || !dragData.fileName) return;
-  fetch("moveFiles.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": document.querySelector('meta[name="csrf-token"]').getAttribute("content")
-    },
-    body: JSON.stringify({
-      source: dragData.sourceFolder,
-      files: [dragData.fileName],
-      destination: dropFolder
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast(`File "${dragData.fileName}" moved successfully to ${dropFolder}!`);
-        loadFileList(dragData.sourceFolder);
-      } else {
-        showToast("Error moving file: " + (data.error || "Unknown error"));
-      }
-    })
-    .catch(error => {
-      console.error("Error moving file via drop:", error);
-      showToast("Error moving file.");
-    });
-}
--- a/js/fileEditor.js
+++ b/js/fileEditor.js
@@ -1,179 +0,0 @@
-// fileEditor.js
-import { escapeHTML, showToast } from './domUtils.js';
-import { loadFileList } from './fileListView.js';
-import { t } from './i18n.js';
-
-function getModeForFile(fileName) {
-  const ext = fileName.slice(fileName.lastIndexOf('.') + 1).toLowerCase();
-  switch (ext) {
-    case "css":
-      return "css";
-    case "json":
-      return { name: "javascript", json: true };
-    case "js":
-      return "javascript";
-    case "html":
-    case "htm":
-      return "text/html";
-    case "xml":
-      return "xml";
-    default:
-      return "text/plain";
-  }
-}
-export { getModeForFile };
-
-function adjustEditorSize() {
-  const modal = document.querySelector(".editor-modal");
-  if (modal && window.currentEditor) {
-    const headerHeight = 60; // adjust as needed
-    const availableHeight = modal.clientHeight - headerHeight;
-    window.currentEditor.setSize("100%", availableHeight + "px");
-  }
-}
-export { adjustEditorSize };
-
-function observeModalResize(modal) {
-  if (!modal) return;
-  const resizeObserver = new ResizeObserver(() => {
-    adjustEditorSize();
-  });
-  resizeObserver.observe(modal);
-}
-export { observeModalResize };
-
-export function editFile(fileName, folder) {
-  let existingEditor = document.getElementById("editorContainer");
-  if (existingEditor) {
-    existingEditor.remove();
-  }
-  const folderUsed = folder || window.currentFolder || "root";
-  const folderPath = folderUsed === "root"
-    ? "uploads/"
-    : "uploads/" + folderUsed.split("/").map(encodeURIComponent).join("/") + "/";
-  const fileUrl = folderPath + encodeURIComponent(fileName) + "?t=" + new Date().getTime();
-
-  fetch(fileUrl, { method: "HEAD" })
-    .then(response => {
-      const contentLength = response.headers.get("Content-Length");
-      if (contentLength !== null && parseInt(contentLength) > 10485760) {
-        showToast("This file is larger than 10 MB and cannot be edited in the browser.");
-        throw new Error("File too large.");
-      }
-      return fetch(fileUrl);
-    })
-    .then(response => {
-      if (!response.ok) {
-        throw new Error("HTTP error! Status: " + response.status);
-      }
-      return response.text();
-    })
-    .then(content => {
-      const modal = document.createElement("div");
-      modal.id = "editorContainer";
-      modal.classList.add("modal", "editor-modal");
-      modal.innerHTML = `
-      <div class="editor-header">
-        <h3 class="editor-title">${t("editing")}: ${escapeHTML(fileName)}</h3>
-        <div class="editor-controls">
-           <button id="decreaseFont" class="btn btn-sm btn-secondary">${t("decrease_font")}</button>
-           <button id="increaseFont" class="btn btn-sm btn-secondary">${t("increase_font")}</button>
-        </div>
-        <button id="closeEditorX" class="editor-close-btn">&times;</button>
-      </div>
-      <textarea id="fileEditor" class="editor-textarea">${escapeHTML(content)}</textarea>
-      <div class="editor-footer">
-        <button id="saveBtn" class="btn btn-primary">${t("save")}</button>
-        <button id="closeBtn" class="btn btn-secondary">${t("close")}</button>
-      </div>
-    `;
-      document.body.appendChild(modal);
-      modal.style.display = "block";
-
-      const mode = getModeForFile(fileName);
-      const isDarkMode = document.body.classList.contains("dark-mode");
-      const theme = isDarkMode ? "material-darker" : "default";
-
-      const editor = CodeMirror.fromTextArea(document.getElementById("fileEditor"), {
-        lineNumbers: true,
-        mode: mode,
-        theme: theme,
-        viewportMargin: Infinity
-      });
-
-      window.currentEditor = editor;
-
-      setTimeout(() => {
-        adjustEditorSize();
-      }, 50);
-
-      observeModalResize(modal);
-
-      let currentFontSize = 14;
-      editor.getWrapperElement().style.fontSize = currentFontSize + "px";
-      editor.refresh();
-
-      document.getElementById("closeEditorX").addEventListener("click", function () {
-        modal.remove();
-      });
-
-      document.getElementById("decreaseFont").addEventListener("click", function () {
-        currentFontSize = Math.max(8, currentFontSize - 2);
-        editor.getWrapperElement().style.fontSize = currentFontSize + "px";
-        editor.refresh();
-      });
-
-      document.getElementById("increaseFont").addEventListener("click", function () {
-        currentFontSize = Math.min(32, currentFontSize + 2);
-        editor.getWrapperElement().style.fontSize = currentFontSize + "px";
-        editor.refresh();
-      });
-
-      document.getElementById("saveBtn").addEventListener("click", function () {
-        saveFile(fileName, folderUsed);
-      });
-
-      document.getElementById("closeBtn").addEventListener("click", function () {
-        modal.remove();
-      });
-
-      function updateEditorTheme() {
-        const isDarkMode = document.body.classList.contains("dark-mode");
-        editor.setOption("theme", isDarkMode ? "material-darker" : "default");
-      }
-
-      document.getElementById("darkModeToggle").addEventListener("click", updateEditorTheme);
-    })
-    .catch(error => console.error("Error loading file:", error));
-}
-
-
-export function saveFile(fileName, folder) {
-  const editor = window.currentEditor;
-  if (!editor) {
-    console.error("Editor not found!");
-    return;
-  }
-  const folderUsed = folder || window.currentFolder || "root";
-  const fileDataObj = {
-    fileName: fileName,
-    content: editor.getValue(),
-    folder: folderUsed
-  };
-  fetch("saveFile.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": window.csrfToken
-    },
-    body: JSON.stringify(fileDataObj)
-  })
-    .then(response => response.json())
-    .then(result => {
-      showToast(result.success || result.error);
-      document.getElementById("editorContainer")?.remove();
-      loadFileList(folderUsed);
-    })
-    .catch(error => console.error("Error saving file:", error));
-}
--- a/js/fileListView.js
+++ b/js/fileListView.js
@@ -1,495 +0,0 @@
-// fileListView.js
-import {
-    escapeHTML,
-    debounce,
-    buildSearchAndPaginationControls,
-    buildFileTableHeader,
-    buildFileTableRow,
-    buildBottomControls,
-    updateFileActionButtons,
-    showToast,
-    updateRowHighlight,
-    toggleRowSelection,
-    attachEnterKeyListener
-} from './domUtils.js';
-import { t } from './i18n.js';
-import { bindFileListContextMenu } from './fileMenu.js';
-import { openDownloadModal } from './fileActions.js';
-import { openTagModal, openMultiTagModal } from './fileTags.js';
-
-export let fileData = [];
-export let sortOrder = { column: "uploaded", ascending: true };
-
-window.itemsPerPage = window.itemsPerPage || 10;
-window.currentPage = window.currentPage || 1;
-window.viewMode = localStorage.getItem("viewMode") || "table"; // "table" or "gallery"
-
-/**
- * --- Helper Functions ---
- */
-
-/**
- * Convert a file size string (e.g. "456.9KB", "1.2 MB", "1024") into bytes.
- */
-function parseSizeToBytes(sizeStr) {
-    if (!sizeStr) return 0;
-    let s = sizeStr.trim();
-    let value = parseFloat(s);
-    let upper = s.toUpperCase();
-    if (upper.includes("KB")) {
-        value *= 1024;
-    } else if (upper.includes("MB")) {
-        value *= 1024 * 1024;
-    } else if (upper.includes("GB")) {
-        value *= 1024 * 1024 * 1024;
-    }
-    return value;
-}
-
-/**
- * Format the total bytes as a human-readable string.
- */
-function formatSize(totalBytes) {
-    if (totalBytes < 1024) {
-        return totalBytes + " Bytes";
-    } else if (totalBytes < 1024 * 1024) {
-        return (totalBytes / 1024).toFixed(2) + " KB";
-    } else if (totalBytes < 1024 * 1024 * 1024) {
-        return (totalBytes / (1024 * 1024)).toFixed(2) + " MB";
-    } else {
-        return (totalBytes / (1024 * 1024 * 1024)).toFixed(2) + " GB";
-    }
-}
-
-/**
- * Build the folder summary HTML using the filtered file list.
- */
-function buildFolderSummary(filteredFiles) {
-    const totalFiles = filteredFiles.length;
-    const totalBytes = filteredFiles.reduce((sum, file) => {
-        return sum + parseSizeToBytes(file.size);
-    }, 0);
-    const sizeStr = formatSize(totalBytes);
-    return `<strong>Total Files:</strong> ${totalFiles} &nbsp;|&nbsp; <strong>Total Size:</strong> ${sizeStr}`;
-}
-
-/**
- * --- Fuse.js Search Helper ---
- * Uses Fuse.js to perform a fuzzy search on fileData.
- * Searches over file name, uploader, and tag names.
- */
-function searchFiles(searchTerm) {
-    if (!searchTerm) return fileData;
-    // Define search options – adjust threshold as needed.
-    const options = {
-        keys: ['name', 'uploader', 'tags.name'],
-        threshold: 0.3
-    };
-    const fuse = new Fuse(fileData, options);
-    // Fuse returns an array of results where each result has an "item" property.
-    return fuse.search(searchTerm).map(result => result.item);
-}
-
-/**
- * --- VIEW MODE TOGGLE BUTTON & Helpers ---
- */
-export function createViewToggleButton() {
-    let toggleBtn = document.getElementById("toggleViewBtn");
-    if (!toggleBtn) {
-        toggleBtn = document.createElement("button");
-        toggleBtn.id = "toggleViewBtn";
-        toggleBtn.classList.add("btn", "btn-secondary");
-        const titleElem = document.getElementById("fileListTitle");
-        if (titleElem) {
-            titleElem.parentNode.insertBefore(toggleBtn, titleElem.nextSibling);
-        }
-    }
-    toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
-    toggleBtn.onclick = () => {
-        window.viewMode = window.viewMode === "gallery" ? "table" : "gallery";
-        localStorage.setItem("viewMode", window.viewMode);
-        loadFileList(window.currentFolder);
-        toggleBtn.textContent = window.viewMode === "gallery" ? t("switch_to_table_view") : t("switch_to_gallery_view");
-    };
-    return toggleBtn;
-}
-
-export function formatFolderName(folder) {
-    if (folder === "root") return "(Root)";
-    return folder
-        .replace(/[_-]+/g, " ")
-        .replace(/\b\w/g, char => char.toUpperCase());
-}
-
-// Expose inline DOM helpers.
-window.toggleRowSelection = toggleRowSelection;
-window.updateRowHighlight = updateRowHighlight;
-
-/**
- * --- FILE LIST & VIEW RENDERING ---
- */
-export function loadFileList(folderParam) {
-    const folder = folderParam || "root";
-    const fileListContainer = document.getElementById("fileList");
-
-    fileListContainer.style.visibility = "hidden";
-    fileListContainer.innerHTML = "<div class='loader'>Loading files...</div>";
-
-    return fetch("getFileList.php?folder=" + encodeURIComponent(folder) + "&recursive=1&t=" + new Date().getTime())
-        .then(response => {
-            if (response.status === 401) {
-                showToast("Session expired. Please log in again.");
-                window.location.href = "logout.php";
-                throw new Error("Unauthorized");
-            }
-            return response.json();
-        })
-        .then(data => {
-            fileListContainer.innerHTML = ""; // Clear loading message.
-            if (data.files && Object.keys(data.files).length > 0) {
-                // In case the returned "files" is an object instead of an array, transform it.
-                if (!Array.isArray(data.files)) {
-                    data.files = Object.entries(data.files).map(([name, meta]) => {
-                        meta.name = name;
-                        return meta;
-                    });
-                }
-                // Process each file – add computed properties.
-                data.files = data.files.map(file => {
-                    file.fullName = (file.path || file.name).trim().toLowerCase();
-                    file.editable = canEditFile(file.name);
-                    file.folder = folder;
-                    if (!file.type && /\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(file.name)) {
-                        file.type = "image";
-                    }
-                    return file;
-                });
-                fileData = data.files;
-
-                // Update file summary.
-                const actionsContainer = document.getElementById("fileListActions");
-                if (actionsContainer) {
-                    let summaryElem = document.getElementById("fileSummary");
-                    if (!summaryElem) {
-                        summaryElem = document.createElement("div");
-                        summaryElem.id = "fileSummary";
-                        summaryElem.style.float = "right";
-                        summaryElem.style.marginLeft = "auto";
-                        summaryElem.style.marginRight = "60px";
-                        summaryElem.style.fontSize = "0.9em";
-                        actionsContainer.appendChild(summaryElem);
-                    } else {
-                        summaryElem.style.display = "block";
-                    }
-                    summaryElem.innerHTML = buildFolderSummary(fileData);
-                }
-
-                // Render view based on the view mode.
-                if (window.viewMode === "gallery") {
-                    renderGalleryView(folder);
-                } else {
-                    renderFileTable(folder);
-                }
-            } else {
-                fileListContainer.textContent = t("no_files_found");
-                const summaryElem = document.getElementById("fileSummary");
-                if (summaryElem) {
-                    summaryElem.style.display = "none";
-                }
-                updateFileActionButtons();
-            }
-            return data.files || [];
-        })
-        .catch(error => {
-            console.error("Error loading file list:", error);
-            if (error.message !== "Unauthorized") {
-                fileListContainer.textContent = "Error loading files.";
-            }
-            return [];
-        })
-        .finally(() => {
-            fileListContainer.style.visibility = "visible";
-        });
-}
-
-/**
- * Update renderFileTable so it writes its content into the provided container.
- */
-export function renderFileTable(folder, container) {
-    const fileListContent = container || document.getElementById("fileList");
-    const searchTerm = (window.currentSearchTerm || "").toLowerCase();
-    const itemsPerPageSetting = parseInt(localStorage.getItem("itemsPerPage") || "10", 10);
-    let currentPage = window.currentPage || 1;
-
-    // Use Fuse.js search via our helper function.
-    const filteredFiles = searchFiles(searchTerm);
-    
-    const totalFiles = filteredFiles.length;
-    const totalPages = Math.ceil(totalFiles / itemsPerPageSetting);
-    if (currentPage > totalPages) {
-        currentPage = totalPages > 0 ? totalPages : 1;
-        window.currentPage = currentPage;
-    }
-    const folderPath = folder === "root"
-        ? "uploads/"
-        : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
-
-    const topControlsHTML = buildSearchAndPaginationControls({
-        currentPage,
-        totalPages,
-        searchTerm: window.currentSearchTerm || ""
-    });
-    let headerHTML = buildFileTableHeader(sortOrder);
-    const startIndex = (currentPage - 1) * itemsPerPageSetting;
-    const endIndex = Math.min(startIndex + itemsPerPageSetting, totalFiles);
-    let rowsHTML = "<tbody>";
-    if (totalFiles > 0) {
-        filteredFiles.slice(startIndex, endIndex).forEach((file, idx) => {
-            let rowHTML = buildFileTableRow(file, folderPath);
-            rowHTML = rowHTML.replace("<tr", `<tr id="file-row-${encodeURIComponent(file.name)}-${startIndex + idx}"`);
-
-            let tagBadgesHTML = "";
-            if (file.tags && file.tags.length > 0) {
-                tagBadgesHTML = '<div class="tag-badges" style="display:inline-block; margin-left:5px;">';
-                file.tags.forEach(tag => {
-                    tagBadgesHTML += `<span style="background-color: ${tag.color}; color: #fff; padding: 2px 4px; border-radius: 3px; margin-right: 2px; font-size: 0.8em;">${escapeHTML(tag.name)}</span>`;
-                });
-                tagBadgesHTML += "</div>";
-            }
-            rowHTML = rowHTML.replace(/(<td class="file-name-cell">)(.*?)(<\/td>)/, (match, p1, p2, p3) => {
-                return p1 + p2 + tagBadgesHTML + p3;
-            });
-            rowHTML = rowHTML.replace(/(<\/div>\s*<\/td>\s*<\/tr>)/, `<button class="share-btn btn btn-sm btn-secondary" data-file="${escapeHTML(file.name)}" title="Share">
-                <i class="material-icons">share</i>
-              </button>$1`);
-            rowsHTML += rowHTML;
-        });
-    } else {
-        rowsHTML += `<tr><td colspan="8">No files found.</td></tr>`;
-    }
-    rowsHTML += "</tbody></table>";
-    const bottomControlsHTML = buildBottomControls(itemsPerPageSetting);
-
-    fileListContent.innerHTML = topControlsHTML + headerHTML + rowsHTML + bottomControlsHTML;
-
-    createViewToggleButton();
-
-    // Setup event listeners.
-    const newSearchInput = document.getElementById("searchInput");
-    if (newSearchInput) {
-        newSearchInput.addEventListener("input", debounce(function () {
-            window.currentSearchTerm = newSearchInput.value;
-            window.currentPage = 1;
-            renderFileTable(folder, container);
-            setTimeout(() => {
-                const freshInput = document.getElementById("searchInput");
-                if (freshInput) {
-                    freshInput.focus();
-                    const len = freshInput.value.length;
-                    freshInput.setSelectionRange(len, len);
-                }
-            }, 0);
-        }, 300));
-    }
-    document.querySelectorAll("table.table thead th[data-column]").forEach(cell => {
-        cell.addEventListener("click", function () {
-            const column = this.getAttribute("data-column");
-            sortFiles(column, folder);
-        });
-    });
-    document.querySelectorAll("#fileList .file-checkbox").forEach(checkbox => {
-        checkbox.addEventListener("change", function (e) {
-            updateRowHighlight(e.target);
-            updateFileActionButtons();
-        });
-    });
-    document.querySelectorAll(".share-btn").forEach(btn => {
-        btn.addEventListener("click", function (e) {
-            e.stopPropagation();
-            const fileName = this.getAttribute("data-file");
-            const file = fileData.find(f => f.name === fileName);
-            if (file) {
-                import('./filePreview.js').then(module => {
-                    module.openShareModal(file, folder);
-                });
-            }
-        });
-    });
-    updateFileActionButtons();
-    document.querySelectorAll("#fileList tbody tr").forEach(row => {
-        row.setAttribute("draggable", "true");
-        import('./fileDragDrop.js').then(module => {
-            row.addEventListener("dragstart", module.fileDragStartHandler);
-        });
-    });
-    document.querySelectorAll(".download-btn, .edit-btn, .rename-btn").forEach(btn => {
-        btn.addEventListener("click", e => e.stopPropagation());
-    });
-    bindFileListContextMenu();
-}
-
-/**
- * Similarly, update renderGalleryView to accept an optional container.
- */
-export function renderGalleryView(folder, container) {
-    const fileListContent = container || document.getElementById("fileList");
-    const searchTerm = (window.currentSearchTerm || "").toLowerCase();
-    // Use Fuse.js search for gallery view as well.
-    const filteredFiles = searchFiles(searchTerm);
-    const folderPath = folder === "root"
-        ? "uploads/"
-        : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
-    const gridStyle = "display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 10px; padding: 10px;";
-    let galleryHTML = `<div class="gallery-container" style="${gridStyle}">`;
-    filteredFiles.forEach((file) => {
-        let thumbnail;
-        if (/\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(file.name)) {
-            thumbnail = `<img src="${folderPath + encodeURIComponent(file.name)}?t=${new Date().getTime()}" class="gallery-thumbnail" alt="${escapeHTML(file.name)}" style="max-width: 100%; max-height: 150px; display: block; margin: 0 auto;">`;
-        } else if (/\.(mp3|wav|m4a|ogg|flac|aac|wma|opus)$/i.test(file.name)) {
-            thumbnail = `<span class="material-icons gallery-icon">audiotrack</span>`;
-        } else {
-            thumbnail = `<span class="material-icons gallery-icon">insert_drive_file</span>`;
-        }
-        let tagBadgesHTML = "";
-        if (file.tags && file.tags.length > 0) {
-            tagBadgesHTML = `<div class="tag-badges" style="margin-top:4px;">`;
-            file.tags.forEach(tag => {
-                tagBadgesHTML += `<span style="background-color: ${tag.color}; color: #fff; padding: 2px 4px; border-radius: 3px; margin-right: 2px; font-size: 0.8em;">${escapeHTML(tag.name)}</span>`;
-            });
-            tagBadgesHTML += `</div>`;
-        }
-        galleryHTML += `<div class="gallery-card" style="border: 1px solid #ccc; padding: 5px; text-align: center;">
-        <div class="gallery-preview" style="cursor: pointer;" onclick="previewFile('${folderPath + encodeURIComponent(file.name)}?t=' + new Date().getTime(), '${file.name}')">
-          ${thumbnail}
-        </div>
-        <div class="gallery-info" style="margin-top: 5px;">
-          <span class="gallery-file-name" style="display: block; white-space: normal; overflow-wrap: break-word; word-wrap: break-word;">${escapeHTML(file.name)}</span>
-          ${tagBadgesHTML}
-          <div class="button-wrap" style="display: flex; justify-content: center; gap: 5px;">
-            <button type="button" class="btn btn-sm btn-success download-btn" 
-                onclick="openDownloadModal('${file.name}', '${file.folder || 'root'}')" 
-                title="Download">
-                <i class="material-icons">file_download</i>
-            </button>
-            ${file.editable ? `
-              <button class="btn btn-sm edit-btn" onclick='editFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Edit">
-                <i class="material-icons">edit</i>
-              </button>
-            ` : ""}
-            <button class="btn btn-sm btn-warning rename-btn" onclick='renameFile(${JSON.stringify(file.name)}, ${JSON.stringify(file.folder || "root")})' title="Rename">
-               <i class="material-icons">drive_file_rename_outline</i>
-            </button>
-            <button class="btn btn-sm btn-secondary share-btn" data-file="${escapeHTML(file.name)}" title="Share">
-               <i class="material-icons">share</i>
-            </button>
-          </div>
-        </div>
-      </div>`;
-    });
-    galleryHTML += "</div>";
-    fileListContent.innerHTML = galleryHTML;
-    createViewToggleButton();
-    updateFileActionButtons();
-    document.querySelectorAll(".share-btn").forEach(btn => {
-        btn.addEventListener("click", e => {
-            e.stopPropagation();
-            const fileName = btn.getAttribute("data-file");
-            const file = fileData.find(f => f.name === fileName);
-            import('./filePreview.js').then(module => {
-                module.openShareModal(file, folder);
-            });
-        });
-    });
-}
-
-export function sortFiles(column, folder) {
-    if (sortOrder.column === column) {
-        sortOrder.ascending = !sortOrder.ascending;
-    } else {
-        sortOrder.column = column;
-        sortOrder.ascending = true;
-    }
-    fileData.sort((a, b) => {
-        let valA = a[column] || "";
-        let valB = b[column] || "";
-        if (column === "modified" || column === "uploaded") {
-            const parsedA = parseCustomDate(valA);
-            const parsedB = parseCustomDate(valB);
-            valA = parsedA;
-            valB = parsedB;
-        } else if (typeof valA === "string") {
-            valA = valA.toLowerCase();
-            valB = valB.toLowerCase();
-        }
-        if (valA < valB) return sortOrder.ascending ? -1 : 1;
-        if (valA > valB) return sortOrder.ascending ? 1 : -1;
-        return 0;
-    });
-    if (window.viewMode === "gallery") {
-        renderGalleryView(folder);
-    } else {
-        renderFileTable(folder);
-    }
-}
-
-function parseCustomDate(dateStr) {
-    dateStr = dateStr.replace(/\s+/g, " ").trim();
-    const parts = dateStr.split(" ");
-    if (parts.length !== 2) {
-        return new Date(dateStr).getTime();
-    }
-    const datePart = parts[0];
-    const timePart = parts[1];
-    const dateComponents = datePart.split("/");
-    if (dateComponents.length !== 3) {
-        return new Date(dateStr).getTime();
-    }
-    let month = parseInt(dateComponents[0], 10);
-    let day = parseInt(dateComponents[1], 10);
-    let year = parseInt(dateComponents[2], 10);
-    if (year < 100) {
-        year += 2000;
-    }
-    const timeRegex = /^(\d{1,2}):(\d{2})(AM|PM)$/i;
-    const match = timePart.match(timeRegex);
-    if (!match) {
-        return new Date(dateStr).getTime();
-    }
-    let hour = parseInt(match[1], 10);
-    const minute = parseInt(match[2], 10);
-    const period = match[3].toUpperCase();
-    if (period === "PM" && hour !== 12) {
-        hour += 12;
-    }
-    if (period === "AM" && hour === 12) {
-        hour = 0;
-    }
-    return new Date(year, month - 1, day, hour, minute).getTime();
-}
-
-export function canEditFile(fileName) {
-    const allowedExtensions = [
-        "txt", "html", "htm", "css", "js", "json", "xml",
-        "md", "py", "ini", "csv", "log", "conf", "config", "bat",
-        "rtf", "doc", "docx"
-    ];
-    const ext = fileName.slice(fileName.lastIndexOf('.') + 1).toLowerCase();
-    return allowedExtensions.includes(ext);
-}
-
-// Expose global functions for pagination and preview.
-window.changePage = function (newPage) {
-    window.currentPage = newPage;
-    renderFileTable(window.currentFolder);
-};
-window.changeItemsPerPage = function (newCount) {
-    window.itemsPerPage = parseInt(newCount);
-    window.currentPage = 1;
-    renderFileTable(window.currentFolder);
-};
-
-// fileListView.js (bottom)
-window.loadFileList = loadFileList;
-window.renderFileTable = renderFileTable;
-window.renderGalleryView = renderGalleryView;
-window.sortFiles = sortFiles;
--- a/js/fileMenu.js
+++ b/js/fileMenu.js
@@ -1,156 +0,0 @@
-// fileMenu.js
-import { updateRowHighlight, showToast } from './domUtils.js';
-import { handleDeleteSelected, handleCopySelected, handleMoveSelected, handleDownloadZipSelected, handleExtractZipSelected, renameFile } from './fileActions.js';
-import { previewFile } from './filePreview.js';
-import { editFile } from './fileEditor.js';
-import { canEditFile, fileData } from './fileListView.js';
-import { openTagModal, openMultiTagModal } from './fileTags.js';
-import { t } from './i18n.js';
-
-export function showFileContextMenu(x, y, menuItems) {
-  let menu = document.getElementById("fileContextMenu");
-  if (!menu) {
-    menu = document.createElement("div");
-    menu.id = "fileContextMenu";
-    menu.style.position = "fixed";
-    menu.style.backgroundColor = "#fff";
-    menu.style.border = "1px solid #ccc";
-    menu.style.boxShadow = "2px 2px 6px rgba(0,0,0,0.2)";
-    menu.style.zIndex = "9999";
-    menu.style.padding = "5px 0";
-    menu.style.minWidth = "150px";
-    document.body.appendChild(menu);
-  }
-  menu.innerHTML = "";
-  menuItems.forEach(item => {
-    let menuItem = document.createElement("div");
-    menuItem.textContent = item.label;
-    menuItem.style.padding = "5px 15px";
-    menuItem.style.cursor = "pointer";
-    menuItem.addEventListener("mouseover", () => {
-      menuItem.style.backgroundColor = document.body.classList.contains("dark-mode") ? "#444" : "#f0f0f0";
-    });
-    menuItem.addEventListener("mouseout", () => {
-      menuItem.style.backgroundColor = "";
-    });
-    menuItem.addEventListener("click", () => {
-      item.action();
-      hideFileContextMenu();
-    });
-    menu.appendChild(menuItem);
-  });
-  
-  menu.style.left = x + "px";
-  menu.style.top = y + "px";
-  menu.style.display = "block";
-  
-  const menuRect = menu.getBoundingClientRect();
-  const viewportHeight = window.innerHeight;
-  if (menuRect.bottom > viewportHeight) {
-    let newTop = viewportHeight - menuRect.height;
-    if (newTop < 0) newTop = 0;
-    menu.style.top = newTop + "px";
-  }
-}
-
-export function hideFileContextMenu() {
-  const menu = document.getElementById("fileContextMenu");
-  if (menu) {
-    menu.style.display = "none";
-  }
-}
-
-export function fileListContextMenuHandler(e) {
-  e.preventDefault();
-  
-  let row = e.target.closest("tr");
-  if (row) {
-    const checkbox = row.querySelector(".file-checkbox");
-    if (checkbox && !checkbox.checked) {
-      checkbox.checked = true;
-      updateRowHighlight(checkbox);
-    }
-  }
-  
-  const selected = Array.from(document.querySelectorAll("#fileList .file-checkbox:checked")).map(chk => chk.value);
-  
-  let menuItems = [
-    { label: t("delete_selected"), action: () => { handleDeleteSelected(new Event("click")); } },
-    { label: t("copy_selected"), action: () => { handleCopySelected(new Event("click")); } },
-    { label: t("move_selected"), action: () => { handleMoveSelected(new Event("click")); } },
-    { label: t("download_zip"), action: () => { handleDownloadZipSelected(new Event("click")); } }
-  ];
-  
-  if (selected.some(name => name.toLowerCase().endsWith(".zip"))) {
-    menuItems.push({
-      label: t("extract_zip"),
-      action: () => { handleExtractZipSelected(new Event("click")); }
-    });
-  }
-  
-  if (selected.length > 1) {
-    menuItems.push({
-      label: t("tag_selected"),
-      action: () => {
-        const files = fileData.filter(f => selected.includes(f.name));
-        openMultiTagModal(files);
-      }
-    });
-  }
-  else if (selected.length === 1) {
-    const file = fileData.find(f => f.name === selected[0]);
-    
-    menuItems.push({
-      label: t("preview"),
-      action: () => {
-        const folder = window.currentFolder || "root";
-        const folderPath = folder === "root"
-          ? "uploads/"
-          : "uploads/" + folder.split("/").map(encodeURIComponent).join("/") + "/";
-        previewFile(folderPath + encodeURIComponent(file.name) + "?t=" + new Date().getTime(), file.name);
-      }
-    });
-    
-    if (canEditFile(file.name)) {
-      menuItems.push({
-        label: t("edit"),
-        action: () => { editFile(selected[0], window.currentFolder); }
-      });
-    }
-    
-    menuItems.push({
-      label: t("rename"),
-      action: () => { renameFile(selected[0], window.currentFolder); }
-    });
-    
-    menuItems.push({
-      label: t("tag_file"),
-      action: () => { openTagModal(file); }
-    });
-  }
-  
-  showFileContextMenu(e.clientX, e.clientY, menuItems);
-}
-
-export function bindFileListContextMenu() {
-  const fileListContainer = document.getElementById("fileList");
-  if (fileListContainer) {
-    fileListContainer.oncontextmenu = fileListContextMenuHandler;
-  }
-}
-
-document.addEventListener("click", function(e) {
-  const menu = document.getElementById("fileContextMenu");
-  if (menu && menu.style.display === "block") {
-    hideFileContextMenu();
-  }
-});
-
-// Rebind context menu after file table render.
-(function() {
-  const originalRenderFileTable = window.renderFileTable;
-  window.renderFileTable = function(folder) {
-    originalRenderFileTable(folder);
-    bindFileListContextMenu();
-  };
-})();
--- a/js/filePreview.js
+++ b/js/filePreview.js
@@ -1,270 +0,0 @@
-// filePreview.js
-import { escapeHTML, showToast } from './domUtils.js';
-import { fileData } from './fileListView.js';
-import { t } from './i18n.js';
-
-export function openShareModal(file, folder) {
-  const existing = document.getElementById("shareModal");
-  if (existing) existing.remove();
-
-  const modal = document.createElement("div");
-  modal.id = "shareModal";
-  modal.classList.add("modal");
-  modal.innerHTML = `
-    <div class="modal-content share-modal-content" style="width: 600px; max-width:90vw;">
-      <div class="modal-header">
-        <h3>${t("share_file")}: ${escapeHTML(file.name)}</h3>
-        <span class="close-image-modal" id="closeShareModal" title="Close">&times;</span>
-      </div>
-      <div class="modal-body">
-        <p>${t("set_expiration")}</p>
-        <select id="shareExpiration">
-          <option value="30">30 minutes</option>
-          <option value="60" selected>60 minutes</option>
-          <option value="120">120 minutes</option>
-          <option value="180">180 minutes</option>
-          <option value="240">240 minutes</option>
-          <option value="1440">1 Day</option>
-        </select>
-        <p>Password (optional):</p>
-        <input type="text" id="sharePassword" placeholder=${t("password_optional")} style="width: 100%;"/>
-        <br>
-        <button id="generateShareLinkBtn" class="btn btn-primary" style="margin-top:10px;">${t("generate_share_link")}</button>
-        <div id="shareLinkDisplay" style="margin-top: 10px; display:none;">
-          <p>${t("shareable_link")}</p>
-          <input type="text" id="shareLinkInput" readonly style="width:100%;"/>
-          <button id="copyShareLinkBtn" class="btn btn-primary" style="margin-top:5px;">${t("copy_link")}</button>
-        </div>
-      </div>
-    </div>
-  `;
-  document.body.appendChild(modal);
-  modal.style.display = "block";
-
-  document.getElementById("closeShareModal").addEventListener("click", () => {
-    modal.remove();
-  });
-
-  document.getElementById("generateShareLinkBtn").addEventListener("click", () => {
-    const expiration = document.getElementById("shareExpiration").value;
-    const password = document.getElementById("sharePassword").value;
-    fetch("createShareLink.php", {
-      method: "POST",
-      credentials: "include",
-      headers: {
-        "Content-Type": "application/json",
-        "X-CSRF-Token": window.csrfToken
-      },
-      body: JSON.stringify({
-        folder: folder,
-        file: file.name,
-        expirationMinutes: parseInt(expiration),
-        password: password
-      })
-    })
-      .then(response => response.json())
-      .then(data => {
-        if (data.token) {
-          let shareEndpoint = document.querySelector('meta[name="share-url"]')
-            ? document.querySelector('meta[name="share-url"]').getAttribute('content')
-            : (window.SHARE_URL || "share.php");
-          const shareUrl = `${shareEndpoint}?token=${encodeURIComponent(data.token)}`;
-          const displayDiv = document.getElementById("shareLinkDisplay");
-          const inputField = document.getElementById("shareLinkInput");
-          inputField.value = shareUrl;
-          displayDiv.style.display = "block";
-        } else {
-          showToast("Error generating share link: " + (data.error || "Unknown error"));
-        }
-      })
-      .catch(err => {
-        console.error("Error generating share link:", err);
-        showToast("Error generating share link.");
-      });
-  });
-
-  document.getElementById("copyShareLinkBtn").addEventListener("click", () => {
-    const input = document.getElementById("shareLinkInput");
-    input.select();
-    document.execCommand("copy");
-    showToast("Link copied to clipboard!");
-  });
-}
-
-export function previewFile(fileUrl, fileName) {
-  let modal = document.getElementById("filePreviewModal");
-  if (!modal) {
-    modal = document.createElement("div");
-    modal.id = "filePreviewModal";
-    Object.assign(modal.style, {
-      position: "fixed",
-      top: "0",
-      left: "0",
-      width: "100vw",
-      height: "100vh",
-      backgroundColor: "rgba(0,0,0,0.7)",
-      display: "flex",
-      justifyContent: "center",
-      alignItems: "center",
-      zIndex: "1000"
-    });
-    modal.innerHTML = `
-      <div class="modal-content image-preview-modal-content" style="position: relative; max-width: 90vw; max-height: 90vh;">
-        <span id="closeFileModal" class="close-image-modal" style="position: absolute; top: 10px; right: 10px; font-size: 24px; cursor: pointer;">&times;</span>
-        <h4 class="image-modal-header"></h4>
-        <div class="file-preview-container" style="position: relative; text-align: center;"></div>
-      </div>`;
-    document.body.appendChild(modal);
-
-    function closeModal() {
-      const mediaElements = modal.querySelectorAll("video, audio");
-      mediaElements.forEach(media => {
-        media.pause();
-        if (media.tagName.toLowerCase() !== 'video') {
-          try {
-            media.currentTime = 0;
-          } catch(e) { }
-        }
-      });
-      modal.style.display = "none";
-    }
-
-    document.getElementById("closeFileModal").addEventListener("click", closeModal);
-    modal.addEventListener("click", function (e) {
-      if (e.target === modal) {
-        closeModal();
-      }
-    });
-  }
-  modal.querySelector("h4").textContent = fileName;
-  const container = modal.querySelector(".file-preview-container");
-  container.innerHTML = "";
-
-  const extension = fileName.split('.').pop().toLowerCase();
-  const isImage = /\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(fileName);
-  if (isImage) {
-    const img = document.createElement("img");
-    img.src = fileUrl;
-    img.className = "image-modal-img";
-    img.style.maxWidth = "80vw";
-    img.style.maxHeight = "80vh";
-    container.appendChild(img);
-
-    const images = fileData.filter(file => /\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(file.name));
-    if (images.length > 1) {
-      modal.galleryImages = images;
-      modal.galleryCurrentIndex = images.findIndex(f => f.name === fileName);
-
-      const prevBtn = document.createElement("button");
-      prevBtn.textContent = "‹";
-      prevBtn.className = "gallery-nav-btn";
-      prevBtn.style.cssText = "position: absolute; top: 50%; left: 10px; transform: translateY(-50%); background: transparent; border: none; color: white; font-size: 48px; cursor: pointer;";
-      prevBtn.addEventListener("click", function (e) {
-        e.stopPropagation();
-        modal.galleryCurrentIndex = (modal.galleryCurrentIndex - 1 + modal.galleryImages.length) % modal.galleryImages.length;
-        let newFile = modal.galleryImages[modal.galleryCurrentIndex];
-        modal.querySelector("h4").textContent = newFile.name;
-        img.src = ((window.currentFolder === "root")
-          ? "uploads/"
-          : "uploads/" + window.currentFolder.split("/").map(encodeURIComponent).join("/") + "/")
-          + encodeURIComponent(newFile.name) + "?t=" + new Date().getTime();
-      });
-      const nextBtn = document.createElement("button");
-      nextBtn.textContent = "›";
-      nextBtn.className = "gallery-nav-btn";
-      nextBtn.style.cssText = "position: absolute; top: 50%; right: 10px; transform: translateY(-50%); background: transparent; border: none; color: white; font-size: 48px; cursor: pointer;";
-      nextBtn.addEventListener("click", function (e) {
-        e.stopPropagation();
-        modal.galleryCurrentIndex = (modal.galleryCurrentIndex + 1) % modal.galleryImages.length;
-        let newFile = modal.galleryImages[modal.galleryCurrentIndex];
-        modal.querySelector("h4").textContent = newFile.name;
-        img.src = ((window.currentFolder === "root")
-          ? "uploads/"
-          : "uploads/" + window.currentFolder.split("/").map(encodeURIComponent).join("/") + "/")
-          + encodeURIComponent(newFile.name) + "?t=" + new Date().getTime();
-      });
-      container.appendChild(prevBtn);
-      container.appendChild(nextBtn);
-    }
-  } else {
-    if (extension === "pdf") {
-      const embed = document.createElement("embed");
-      const separator = fileUrl.indexOf('?') === -1 ? '?' : '&';
-      embed.src = fileUrl + separator + 't=' + new Date().getTime();
-      embed.type = "application/pdf";
-      embed.style.width = "80vw";
-      embed.style.height = "80vh";
-      embed.style.border = "none";
-      container.appendChild(embed);
-    } else if (/\.(mp4|mkv|webm|mov|ogv)$/i.test(fileName)) {
-      const video = document.createElement("video");
-      video.src = fileUrl;
-      video.controls = true;
-      video.className = "image-modal-img";
-    
-      const progressKey = 'videoProgress-' + fileUrl;
-    
-      video.addEventListener("loadedmetadata", () => {
-        const savedTime = localStorage.getItem(progressKey);
-        if (savedTime) {
-          video.currentTime = parseFloat(savedTime);
-        }
-      });
-    
-      video.addEventListener("timeupdate", () => {
-        localStorage.setItem(progressKey, video.currentTime);
-      });
-
-      video.addEventListener("ended", () => {
-        localStorage.removeItem(progressKey);
-      });
-    
-      container.appendChild(video);
-
-    } else if (/\.(mp3|wav|m4a|ogg|flac|aac|wma|opus)$/i.test(fileName)) {
-      const audio = document.createElement("audio");
-      audio.src = fileUrl;
-      audio.controls = true;
-      audio.className = "audio-modal";
-      audio.style.maxWidth = "80vw";
-      container.appendChild(audio);
-    } else {
-      container.textContent = "Preview not available for this file type.";
-    }
-  }
-  modal.style.display = "flex";
-}
-
-// Added to preserve the original functionality.
-export function displayFilePreview(file, container) {
-  const actualFile = file.file || file;
-  
-  // Validate that actualFile is indeed a File
-  if (!(actualFile instanceof File)) {
-    console.error("displayFilePreview called with an invalid file object");
-    return;
-  }
-  
-  container.style.display = "inline-block";
-  
-  // Clear the container safely without using innerHTML
-  while (container.firstChild) {
-    container.removeChild(container.firstChild);
-  }
-  
-  if (/\.(jpg|jpeg|png|gif|bmp|webp|svg|ico)$/i.test(actualFile.name)) {
-    const img = document.createElement("img");
-    // Set the image source using a Blob URL (this is considered safe)
-    img.src = URL.createObjectURL(actualFile);
-    img.classList.add("file-preview-img");
-    container.appendChild(img);
-  } else {
-    const iconSpan = document.createElement("span");
-    iconSpan.classList.add("material-icons", "file-icon");
-    iconSpan.textContent = "insert_drive_file";
-    container.appendChild(iconSpan);
-  }
-}
-
-window.previewFile = previewFile;
-window.openShareModal = openShareModal;
--- a/js/fileTags.js
+++ b/js/fileTags.js
@@ -1,467 +0,0 @@
-// fileTags.js
-// This module provides functions for opening the tag modal,
-// adding tags to files (with a global tag store for reuse),
-// updating the file row display with tag badges,
-// filtering the file list by tag, and persisting tag data.
-import { escapeHTML } from './domUtils.js';
-import { t } from './i18n.js';
-
-export function openTagModal(file) {
-  // Create the modal element.
-  let modal = document.createElement('div');
-  modal.id = 'tagModal';
-  modal.className = 'modal';
-  modal.innerHTML = `
-    <div class="modal-content" style="width: 400px; max-width:90vw;">
-      <div class="modal-header" style="display:flex; justify-content:space-between; align-items:center;">
-        <h3 style="margin:0;">${t("tag_file")}: ${file.name}</h3>
-        <span id="closeTagModal" style="cursor:pointer; font-size:24px;">&times;</span>
-      </div>
-      <div class="modal-body" style="margin-top:10px;">
-        <label for="tagNameInput">${t("tag_name")}</label>
-        <input type="text" id="tagNameInput" placeholder="Enter tag name" style="width:100%; padding:5px;"/>
-        <br><br>
-        <label for="tagColorInput">${t("tag_name")}</label>
-        <input type="color" id="tagColorInput" value="#ff0000" style="width:100%; padding:5px;"/>
-        <br><br>
-        <div id="customTagDropdown" style="max-height:150px; overflow-y:auto; border:1px solid #ccc; margin-top:5px; padding:5px;">
-          <!-- Custom tag options will be populated here -->
-        </div>
-        <br>
-        <div style="text-align:right;">
-          <button id="saveTagBtn" class="btn btn-primary">${t("save_tag")}</button>
-        </div>
-        <div id="currentTags" style="margin-top:10px; font-size:0.9em;">
-          <!-- Existing tags will be listed here -->
-        </div>
-      </div>
-    </div>
-  `;
-  document.body.appendChild(modal);
-  modal.style.display = 'block';
-
-  updateCustomTagDropdown();
-
-  document.getElementById('closeTagModal').addEventListener('click', () => {
-    modal.remove();
-  });
-
-  updateTagModalDisplay(file);
-
-  document.getElementById('tagNameInput').addEventListener('input', (e) => {
-    updateCustomTagDropdown(e.target.value);
-  });
-
-  document.getElementById('saveTagBtn').addEventListener('click', () => {
-    const tagName = document.getElementById('tagNameInput').value.trim();
-    const tagColor = document.getElementById('tagColorInput').value;
-    if (!tagName) {
-      alert('Please enter a tag name.');
-      return;
-    }
-    addTagToFile(file, { name: tagName, color: tagColor });
-    updateTagModalDisplay(file);
-    updateFileRowTagDisplay(file);
-    saveFileTags(file);
-    document.getElementById('tagNameInput').value = '';
-    updateCustomTagDropdown();
-  });
-}
-
-/**
- * Open a modal to tag multiple files.
- * @param {Array} files - Array of file objects to tag.
- */
-export function openMultiTagModal(files) {
-  let modal = document.createElement('div');
-  modal.id = 'multiTagModal';
-  modal.className = 'modal';
-  modal.innerHTML = `
-    <div class="modal-content" style="width: 400px; max-width:90vw;">
-      <div class="modal-header" style="display:flex; justify-content:space-between; align-items:center;">
-        <h3 style="margin:0;">Tag Selected Files (${files.length})</h3>
-        <span id="closeMultiTagModal" style="cursor:pointer; font-size:24px;">&times;</span>
-      </div>
-      <div class="modal-body" style="margin-top:10px;">
-        <label for="multiTagNameInput">Tag Name:</label>
-        <input type="text" id="multiTagNameInput" placeholder="Enter tag name" style="width:100%; padding:5px;"/>
-        <br><br>
-        <label for="multiTagColorInput">Tag Color:</label>
-        <input type="color" id="multiTagColorInput" value="#ff0000" style="width:100%; padding:5px;"/>
-        <br><br>
-        <div id="multiCustomTagDropdown" style="max-height:150px; overflow-y:auto; border:1px solid #ccc; margin-top:5px; padding:5px;">
-          <!-- Custom tag options will be populated here -->
-        </div>
-        <br>
-        <div style="text-align:right;">
-          <button id="saveMultiTagBtn" class="btn btn-primary">Save Tag to Selected</button>
-        </div>
-      </div>
-    </div>
-  `;
-  document.body.appendChild(modal);
-  modal.style.display = 'block';
-
-  updateMultiCustomTagDropdown();
-
-  document.getElementById('closeMultiTagModal').addEventListener('click', () => {
-    modal.remove();
-  });
-
-  document.getElementById('multiTagNameInput').addEventListener('input', (e) => {
-    updateMultiCustomTagDropdown(e.target.value);
-  });
-
-  document.getElementById('saveMultiTagBtn').addEventListener('click', () => {
-    const tagName = document.getElementById('multiTagNameInput').value.trim();
-    const tagColor = document.getElementById('multiTagColorInput').value;
-    if (!tagName) {
-      alert('Please enter a tag name.');
-      return;
-    }
-    files.forEach(file => {
-      addTagToFile(file, { name: tagName, color: tagColor });
-      updateFileRowTagDisplay(file);
-      saveFileTags(file);
-    });
-    modal.remove();
-  });
-}
-
-/**
- * Update the custom dropdown for multi-tag modal.
- * Similar to updateCustomTagDropdown but includes a remove icon.
- */
-function updateMultiCustomTagDropdown(filterText = "") {
-  const dropdown = document.getElementById("multiCustomTagDropdown");
-  if (!dropdown) return;
-  dropdown.innerHTML = "";
-  let tags = window.globalTags || [];
-  if (filterText) {
-    tags = tags.filter(tag => tag.name.toLowerCase().includes(filterText.toLowerCase()));
-  }
-  if (tags.length > 0) {
-    tags.forEach(tag => {
-      const item = document.createElement("div");
-      item.style.cursor = "pointer";
-      item.style.padding = "5px";
-      item.style.borderBottom = "1px solid #eee";
-      // Display colored square and tag name with remove icon.
-      item.innerHTML = `
-        <span style="display:inline-block; width:16px; height:16px; background-color:${tag.color}; border:1px solid #ccc; margin-right:5px; vertical-align:middle;"></span>
-        ${escapeHTML(tag.name)}
-        <span class="global-remove" style="color:red; font-weight:bold; margin-left:5px; cursor:pointer;">×</span>
-      `;
-      item.addEventListener("click", function(e) {
-        if (e.target.classList.contains("global-remove")) return;
-        document.getElementById("multiTagNameInput").value = tag.name;
-        document.getElementById("multiTagColorInput").value = tag.color;
-      });
-      item.querySelector('.global-remove').addEventListener("click", function(e){
-        e.stopPropagation();
-        removeGlobalTag(tag.name);
-      });
-      dropdown.appendChild(item);
-    });
-  } else {
-    dropdown.innerHTML = "<div style='padding:5px;'>No tags available</div>";
-  }
-}
-
-function updateCustomTagDropdown(filterText = "") {
-  const dropdown = document.getElementById("customTagDropdown");
-  if (!dropdown) return;
-  dropdown.innerHTML = "";
-  let tags = window.globalTags || [];
-  if (filterText) {
-    tags = tags.filter(tag => tag.name.toLowerCase().includes(filterText.toLowerCase()));
-  }
-  if (tags.length > 0) {
-    tags.forEach(tag => {
-      const item = document.createElement("div");
-      item.style.cursor = "pointer";
-      item.style.padding = "5px";
-      item.style.borderBottom = "1px solid #eee";
-      item.innerHTML = `
-        <span style="display:inline-block; width:16px; height:16px; background-color:${tag.color}; border:1px solid #ccc; margin-right:5px; vertical-align:middle;"></span>
-        ${escapeHTML(tag.name)}
-        <span class="global-remove" style="color:red; font-weight:bold; margin-left:5px; cursor:pointer;">×</span>
-      `;
-      item.addEventListener("click", function(e){
-        if (e.target.classList.contains('global-remove')) return;
-        document.getElementById("tagNameInput").value = tag.name;
-        document.getElementById("tagColorInput").value = tag.color;
-      });
-      item.querySelector('.global-remove').addEventListener("click", function(e){
-        e.stopPropagation();
-        removeGlobalTag(tag.name);
-      });
-      dropdown.appendChild(item);
-    });
-  } else {
-    dropdown.innerHTML = "<div style='padding:5px;'>No tags available</div>";
-  }
-}
-    
-// Update the modal display to show current tags on the file.
-function updateTagModalDisplay(file) {
-  const container = document.getElementById('currentTags');
-  if (!container) return;
-  container.innerHTML = '<strong>Current Tags:</strong> ';
-  if (file.tags && file.tags.length > 0) {
-    file.tags.forEach(tag => {
-      const tagElem = document.createElement('span');
-      tagElem.textContent = tag.name;
-      tagElem.style.backgroundColor = tag.color;
-      tagElem.style.color = '#fff';
-      tagElem.style.padding = '2px 6px';
-      tagElem.style.marginRight = '5px';
-      tagElem.style.borderRadius = '3px';
-      tagElem.style.display = 'inline-block';
-      tagElem.style.position = 'relative';
-      
-      const removeIcon = document.createElement('span');
-      removeIcon.textContent = ' ✕';
-      removeIcon.style.fontWeight = 'bold';
-      removeIcon.style.marginLeft = '3px';
-      removeIcon.style.cursor = 'pointer';
-      
-      removeIcon.addEventListener('click', (e) => {
-        e.stopPropagation();
-        removeTagFromFile(file, tag.name);
-      });
-      
-      tagElem.appendChild(removeIcon);
-      container.appendChild(tagElem);
-    });
-  } else {
-    container.innerHTML += 'None';
-  }
-}
-
-function removeTagFromFile(file, tagName) {
-  file.tags = file.tags.filter(t => t.name.toLowerCase() !== tagName.toLowerCase());
-  updateTagModalDisplay(file);
-  updateFileRowTagDisplay(file);
-  saveFileTags(file);
-}
-
-/**
- * Remove a tag from the global tag store.
- * This function updates window.globalTags and calls the backend endpoint
- * to remove the tag from the persistent store.
- */
-function removeGlobalTag(tagName) {
-  window.globalTags = window.globalTags.filter(t => t.name.toLowerCase() !== tagName.toLowerCase());
-  localStorage.setItem('globalTags', JSON.stringify(window.globalTags));
-  updateCustomTagDropdown();
-  updateMultiCustomTagDropdown();
-  saveGlobalTagRemoval(tagName);
-}
-
-// NEW: Save global tag removal to the server.
-function saveGlobalTagRemoval(tagName) {
-  fetch("saveFileTag.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": window.csrfToken
-    },
-    body: JSON.stringify({
-      folder: "root",
-      file: "global",
-      deleteGlobal: true,
-      tagToDelete: tagName,
-      tags: []
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        console.log("Global tag removed:", tagName);
-        if (data.globalTags) {
-          window.globalTags = data.globalTags;
-          localStorage.setItem('globalTags', JSON.stringify(window.globalTags));
-          updateCustomTagDropdown();
-          updateMultiCustomTagDropdown();
-        }
-      } else {
-        console.error("Error removing global tag:", data.error);
-      }
-    })
-    .catch(err => {
-      console.error("Error removing global tag:", err);
-    });
-}
-  
-// Global store for reusable tags.
-window.globalTags = window.globalTags || [];
-if (localStorage.getItem('globalTags')) {
-  try {
-    window.globalTags = JSON.parse(localStorage.getItem('globalTags'));
-  } catch (e) { }
-}
-  
-// New function to load global tags from the server's persistent JSON.
-export function loadGlobalTags() {
-  fetch("getFileTag.php", { credentials: "include" })
-    .then(response => {
-      if (!response.ok) {
-        // If the file doesn't exist, assume there are no global tags.
-        return [];
-      }
-      return response.json();
-    })
-    .then(data => {
-      window.globalTags = data;
-      localStorage.setItem('globalTags', JSON.stringify(window.globalTags));
-      updateCustomTagDropdown();
-      updateMultiCustomTagDropdown();
-    })
-    .catch(err => {
-      console.error("Error loading global tags:", err);
-      window.globalTags = [];
-      updateCustomTagDropdown();
-      updateMultiCustomTagDropdown();
-    });
-}
-  
-loadGlobalTags();
-  
-// Add (or update) a tag in the file object.
-export function addTagToFile(file, tag) {
-  if (!file.tags) {
-    file.tags = [];
-  }
-  const exists = file.tags.find(t => t.name.toLowerCase() === tag.name.toLowerCase());
-  if (exists) {
-    exists.color = tag.color;
-  } else {
-    file.tags.push(tag);
-  }
-  const globalExists = window.globalTags.find(t => t.name.toLowerCase() === tag.name.toLowerCase());
-  if (!globalExists) {
-    window.globalTags.push(tag);
-    localStorage.setItem('globalTags', JSON.stringify(window.globalTags));
-  }
-}
-  
-// Update the file row (in table view) to show tag badges.
-export function updateFileRowTagDisplay(file) {
-  const rows = document.querySelectorAll(`[id^="file-row-${encodeURIComponent(file.name)}"]`);
-  console.log('Updating tags for rows:', rows);
-  rows.forEach(row => {
-    let cell = row.querySelector('.file-name-cell');
-    if (cell) {
-      let badgeContainer = cell.querySelector('.tag-badges');
-      if (!badgeContainer) {
-        badgeContainer = document.createElement('div');
-        badgeContainer.className = 'tag-badges';
-        badgeContainer.style.display = 'inline-block';
-        badgeContainer.style.marginLeft = '5px';
-        cell.appendChild(badgeContainer);
-      }
-      badgeContainer.innerHTML = '';
-      if (file.tags && file.tags.length > 0) {
-        file.tags.forEach(tag => {
-          const badge = document.createElement('span');
-          badge.textContent = tag.name;
-          badge.style.backgroundColor = tag.color;
-          badge.style.color = '#fff';
-          badge.style.padding = '2px 4px';
-          badge.style.marginRight = '2px';
-          badge.style.borderRadius = '3px';
-          badge.style.fontSize = '0.8em';
-          badge.style.verticalAlign = 'middle';
-          badgeContainer.appendChild(badge);
-        });
-      }
-    }
-  });
-}
-  
-export function initTagSearch() {
-  const searchInput = document.getElementById('searchInput');
-  if (searchInput) {
-    let tagSearchInput = document.getElementById('tagSearchInput');
-    if (!tagSearchInput) {
-      tagSearchInput = document.createElement('input');
-      tagSearchInput.id = 'tagSearchInput';
-      tagSearchInput.placeholder = 'Filter by tag';
-      tagSearchInput.style.marginLeft = '10px';
-      tagSearchInput.style.padding = '5px';
-      searchInput.parentNode.insertBefore(tagSearchInput, searchInput.nextSibling);
-      tagSearchInput.addEventListener('input', () => {
-        window.currentTagFilter = tagSearchInput.value.trim().toLowerCase();
-        if (window.currentFolder) {
-          renderFileTable(window.currentFolder);
-        }
-      });
-    }
-  }
-}
-  
-export function filterFilesByTag(files) {
-  if (window.currentTagFilter && window.currentTagFilter !== '') {
-    return files.filter(file => {
-      if (file.tags && file.tags.length > 0) {
-        return file.tags.some(tag => tag.name.toLowerCase().includes(window.currentTagFilter));
-      }
-      return false;
-    });
-  }
-  return files;
-}
-  
-function updateGlobalTagList() {
-  const dataList = document.getElementById("globalTagList");
-  if (dataList) {
-    dataList.innerHTML = "";
-    window.globalTags.forEach(tag => {
-      const option = document.createElement("option");
-      option.value = tag.name;
-      dataList.appendChild(option);
-    });
-  }
-}
-  
-export function saveFileTags(file, deleteGlobal = false, tagToDelete = null) {
-  const folder = file.folder || "root";
-  const payload = {
-    folder: folder,
-    file: file.name,
-    tags: file.tags
-  };
-  if (deleteGlobal && tagToDelete) {
-    payload.file = "global";
-    payload.deleteGlobal = true;
-    payload.tagToDelete = tagToDelete;
-  }
-  fetch("saveFileTag.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": window.csrfToken
-    },
-    body: JSON.stringify(payload)
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        console.log("Tags saved:", data);
-        if (data.globalTags) {
-          window.globalTags = data.globalTags;
-          localStorage.setItem('globalTags', JSON.stringify(window.globalTags));
-          updateCustomTagDropdown();
-          updateMultiCustomTagDropdown();
-        }
-      } else {
-        console.error("Error saving tags:", data.error);
-      }
-    })
-    .catch(err => {
-      console.error("Error saving tags:", err);
-    });
-}
--- a/js/folderManager.js
+++ b/js/folderManager.js
@@ -1,810 +0,0 @@
-// folderManager.js
-
-import { loadFileList } from './fileListView.js';
-import { showToast, escapeHTML, attachEnterKeyListener } from './domUtils.js';
-import { t } from './i18n.js';
-import { openFolderShareModal } from './folderShareModal.js';
-
-/* ----------------------
-   Helper Functions (Data/State)
----------------------*/
-
-// Formats a folder name for display (e.g. adding indentations).
-export function formatFolderName(folder) {
-  if (typeof folder !== "string") return "";
-  if (folder.indexOf("/") !== -1) {
-    let parts = folder.split("/");
-    let indent = "";
-    for (let i = 1; i < parts.length; i++) {
-      indent += "\u00A0\u00A0\u00A0\u00A0"; // 4 non-breaking spaces per level
-    }
-    return indent + parts[parts.length - 1];
-  } else {
-    return folder;
-  }
-}
-
-// Build a tree structure from a flat array of folder paths.
-function buildFolderTree(folders) {
-  const tree = {};
-  folders.forEach(folderPath => {
-    if (typeof folderPath !== "string") return;
-    const parts = folderPath.split('/');
-    let current = tree;
-    parts.forEach(part => {
-      if (!current[part]) {
-        current[part] = {};
-      }
-      current = current[part];
-    });
-  });
-  return tree;
-}
-
-/* ----------------------
-   Folder Tree State (Save/Load)
----------------------*/
-function loadFolderTreeState() {
-  const state = localStorage.getItem("folderTreeState");
-  return state ? JSON.parse(state) : {};
-}
-
-function saveFolderTreeState(state) {
-  localStorage.setItem("folderTreeState", JSON.stringify(state));
-}
-
-// Helper for getting the parent folder.
-function getParentFolder(folder) {
-  if (folder === "root") return "root";
-  const lastSlash = folder.lastIndexOf("/");
-  return lastSlash === -1 ? "root" : folder.substring(0, lastSlash);
-}
-
-/* ----------------------
-    Breadcrumb Functions
- ----------------------*/
-
-function renderBreadcrumb(normalizedFolder) {
-  if (!normalizedFolder || normalizedFolder === "") return "";
-  const parts = normalizedFolder.split("/");
-  let breadcrumbItems = [];
-  // Use the first segment as the root.
-  breadcrumbItems.push(`<span class="breadcrumb-link" data-folder="${parts[0]}">${escapeHTML(parts[0])}</span>`);
-  let cumulative = parts[0];
-  parts.slice(1).forEach(part => {
-    cumulative += "/" + part;
-    breadcrumbItems.push(`<span class="breadcrumb-separator"> / </span>`);
-    breadcrumbItems.push(`<span class="breadcrumb-link" data-folder="${cumulative}">${escapeHTML(part)}</span>`);
-  });
-  return breadcrumbItems.join('');
-}
-
-// --- NEW: Breadcrumb Delegation Setup ---
-// bindBreadcrumbEvents(); removed in favor of delegation
-export function setupBreadcrumbDelegation() {
-  const container = document.getElementById("fileListTitle");
-  if (!container) {
-    console.error("Breadcrumb container (fileListTitle) not found.");
-    return;
-  }
-  // Remove any existing event listeners to avoid duplicates.
-  container.removeEventListener("click", breadcrumbClickHandler);
-  container.removeEventListener("dragover", breadcrumbDragOverHandler);
-  container.removeEventListener("dragleave", breadcrumbDragLeaveHandler);
-  container.removeEventListener("drop", breadcrumbDropHandler);
-
-  // Attach delegated listeners
-  container.addEventListener("click", breadcrumbClickHandler);
-  container.addEventListener("dragover", breadcrumbDragOverHandler);
-  container.addEventListener("dragleave", breadcrumbDragLeaveHandler);
-  container.addEventListener("drop", breadcrumbDropHandler);
-}
-
-// Click handler via delegation
-function breadcrumbClickHandler(e) {
-  const link = e.target.closest(".breadcrumb-link");
-  if (!link) return;
-  e.stopPropagation();
-  e.preventDefault();
-
-  const folder = link.getAttribute("data-folder");
-  window.currentFolder = folder;
-  localStorage.setItem("lastOpenedFolder", folder);
-
-  // Update the container with sanitized breadcrumbs.
-  const container = document.getElementById("fileListTitle");
-  const sanitizedBreadcrumb = DOMPurify.sanitize(renderBreadcrumb(folder));
-  container.innerHTML = t("files_in") + " (" + sanitizedBreadcrumb + ")";
-
-  expandTreePath(folder);
-  document.querySelectorAll(".folder-option").forEach(item => item.classList.remove("selected"));
-  const targetOption = document.querySelector(`.folder-option[data-folder="${folder}"]`);
-  if (targetOption) targetOption.classList.add("selected");
-  loadFileList(folder);
-}
-
-// Dragover handler via delegation
-function breadcrumbDragOverHandler(e) {
-  const link = e.target.closest(".breadcrumb-link");
-  if (!link) return;
-  e.preventDefault();
-  link.classList.add("drop-hover");
-}
-
-// Dragleave handler via delegation
-function breadcrumbDragLeaveHandler(e) {
-  const link = e.target.closest(".breadcrumb-link");
-  if (!link) return;
-  link.classList.remove("drop-hover");
-}
-
-// Drop handler via delegation
-function breadcrumbDropHandler(e) {
-  const link = e.target.closest(".breadcrumb-link");
-  if (!link) return;
-  e.preventDefault();
-  link.classList.remove("drop-hover");
-  const dropFolder = link.getAttribute("data-folder");
-  let dragData;
-  try {
-    dragData = JSON.parse(e.dataTransfer.getData("application/json"));
-  } catch (err) {
-    console.error("Invalid drag data on breadcrumb:", err);
-    return;
-  }
-  const filesToMove = dragData.files ? dragData.files : (dragData.fileName ? [dragData.fileName] : []);
-  if (filesToMove.length === 0) return;
-  fetch("moveFiles.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": document.querySelector('meta[name="csrf-token"]').getAttribute("content")
-    },
-    body: JSON.stringify({
-      source: dragData.sourceFolder,
-      files: filesToMove,
-      destination: dropFolder
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast(`File(s) moved successfully to ${dropFolder}!`);
-        loadFileList(dragData.sourceFolder);
-      } else {
-        showToast("Error moving files: " + (data.error || "Unknown error"));
-      }
-    })
-    .catch(error => {
-      console.error("Error moving files via drop on breadcrumb:", error);
-      showToast("Error moving files.");
-    });
-}
-
-
-/* ----------------------
-   Check Current User's Folder-Only Permission
----------------------*/
-// This function uses localStorage values (set during login) to determine if the current user is restricted.
-// If folderOnly is "true", then the personal folder (i.e. username) is forced as the effective root.
-function checkUserFolderPermission() {
-  const username = localStorage.getItem("username");
-  console.log("checkUserFolderPermission: username =", username);
-  if (!username) {
-    console.warn("No username in localStorage; skipping getUserPermissions fetch.");
-    return Promise.resolve(false);
-  }
-  if (localStorage.getItem("folderOnly") === "true") {
-    window.userFolderOnly = true;
-    console.log("checkUserFolderPermission: using localStorage.folderOnly = true");
-    localStorage.setItem("lastOpenedFolder", username);
-    window.currentFolder = username;
-    return Promise.resolve(true);
-  }
-  return fetch("getUserPermissions.php", { credentials: "include" })
-    .then(response => response.json())
-    .then(permissionsData => {
-      console.log("checkUserFolderPermission: permissionsData =", permissionsData);
-      if (permissionsData && permissionsData[username] && permissionsData[username].folderOnly) {
-        window.userFolderOnly = true;
-        localStorage.setItem("folderOnly", "true");
-        localStorage.setItem("lastOpenedFolder", username);
-        window.currentFolder = username;
-        return true;
-      } else {
-        window.userFolderOnly = false;
-        localStorage.setItem("folderOnly", "false");
-        return false;
-      }
-    })
-    .catch(err => {
-      console.error("Error fetching user permissions:", err);
-      window.userFolderOnly = false;
-      return false;
-    });
-}
-
-/* ----------------------
-   DOM Building Functions for Folder Tree
----------------------*/
-function renderFolderTree(tree, parentPath = "", defaultDisplay = "block") {
-  const state = loadFolderTreeState();
-  let html = `<ul class="folder-tree ${defaultDisplay === 'none' ? 'collapsed' : 'expanded'}">`;
-  for (const folder in tree) {
-    if (folder.toLowerCase() === "trash") continue;
-    const fullPath = parentPath ? parentPath + "/" + folder : folder;
-    const hasChildren = Object.keys(tree[folder]).length > 0;
-    const displayState = state[fullPath] !== undefined ? state[fullPath] : defaultDisplay;
-    html += `<li class="folder-item">`;
-    if (hasChildren) {
-      const toggleSymbol = (displayState === 'none') ? '[+]' : '[' + '<span class="custom-dash">-</span>' + ']';
-      html += `<span class="folder-toggle" data-folder="${fullPath}">${toggleSymbol}</span>`;
-    } else {
-      html += `<span class="folder-indent-placeholder"></span>`;
-    }
-    html += `<span class="folder-option" data-folder="${fullPath}">${escapeHTML(folder)}</span>`;
-    if (hasChildren) {
-      html += renderFolderTree(tree[folder], fullPath, displayState);
-    }
-    html += `</li>`;
-  }
-  html += `</ul>`;
-  return html;
-}
-
-function expandTreePath(path) {
-  const parts = path.split("/");
-  let cumulative = "";
-  parts.forEach((part, index) => {
-    cumulative = index === 0 ? part : cumulative + "/" + part;
-    const option = document.querySelector(`.folder-option[data-folder="${cumulative}"]`);
-    if (option) {
-      const li = option.parentNode;
-      const nestedUl = li.querySelector("ul");
-      if (nestedUl && (nestedUl.classList.contains("collapsed") || !nestedUl.classList.contains("expanded"))) {
-        nestedUl.classList.remove("collapsed");
-        nestedUl.classList.add("expanded");
-        const toggle = li.querySelector(".folder-toggle");
-        if (toggle) {
-          toggle.innerHTML = "[" + '<span class="custom-dash">-</span>' + "]";
-          let state = loadFolderTreeState();
-          state[cumulative] = "block";
-          saveFolderTreeState(state);
-        }
-      }
-    }
-  });
-}
-
-/* ----------------------
-   Drag & Drop Support for Folder Tree Nodes
----------------------*/
-function folderDragOverHandler(event) {
-  event.preventDefault();
-  event.currentTarget.classList.add("drop-hover");
-}
-
-function folderDragLeaveHandler(event) {
-  event.currentTarget.classList.remove("drop-hover");
-}
-
-function folderDropHandler(event) {
-  event.preventDefault();
-  event.currentTarget.classList.remove("drop-hover");
-  const dropFolder = event.currentTarget.getAttribute("data-folder");
-  let dragData;
-  try {
-    dragData = JSON.parse(event.dataTransfer.getData("application/json"));
-  } catch (e) {
-    console.error("Invalid drag data", e);
-    return;
-  }
-  const filesToMove = dragData.files ? dragData.files : (dragData.fileName ? [dragData.fileName] : []);
-  if (filesToMove.length === 0) return;
-  fetch("moveFiles.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": document.querySelector('meta[name="csrf-token"]').getAttribute("content")
-    },
-    body: JSON.stringify({
-      source: dragData.sourceFolder,
-      files: filesToMove,
-      destination: dropFolder
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast(`File(s) moved successfully to ${dropFolder}!`);
-        loadFileList(dragData.sourceFolder);
-      } else {
-        showToast("Error moving files: " + (data.error || "Unknown error"));
-      }
-    })
-    .catch(error => {
-      console.error("Error moving files via drop:", error);
-      showToast("Error moving files.");
-    });
-}
-
-/* ----------------------
-   Main Folder Tree Rendering and Event Binding
----------------------*/
-export async function loadFolderTree(selectedFolder) {
-  try {
-    // Check if the user has folder-only permission.
-    await checkUserFolderPermission();
-    
-    // Determine effective root folder.
-    const username = localStorage.getItem("username") || "root";
-    let effectiveRoot = "root";
-    let effectiveLabel = "(Root)";
-    if (window.userFolderOnly) {
-      effectiveRoot = username; // Use the username as the personal root.
-      effectiveLabel = `(Root)`;
-      // Force override of any saved folder.
-      localStorage.setItem("lastOpenedFolder", username);
-      window.currentFolder = username;
-    } else {
-      window.currentFolder = localStorage.getItem("lastOpenedFolder") || "root";
-    }
-    
-    // Build fetch URL.
-    let fetchUrl = 'getFolderList.php';
-    if (window.userFolderOnly) {
-      fetchUrl += '?restricted=1';
-    }
-    console.log("Fetching folder list from:", fetchUrl);
-    
-    // Fetch folder list from the server.
-    const response = await fetch(fetchUrl);
-    if (response.status === 401) {
-      console.error("Unauthorized: Please log in to view folders.");
-      showToast("Session expired. Please log in again.");
-      window.location.href = "logout.php";
-      return;
-    }
-    let folderData = await response.json();
-    console.log("Folder data received:", folderData);
-    let folders = [];
-    if (Array.isArray(folderData) && folderData.length && typeof folderData[0] === "object" && folderData[0].folder) {
-      folders = folderData.map(item => item.folder);
-    } else if (Array.isArray(folderData)) {
-      folders = folderData;
-    }
-    
-    // Remove any global "root" entry.
-    folders = folders.filter(folder => folder.toLowerCase() !== "root");
-    
-    // If restricted, filter folders: keep only those that start with effectiveRoot + "/" (do not include effectiveRoot itself).
-    if (window.userFolderOnly && effectiveRoot !== "root") {
-      folders = folders.filter(folder => folder.startsWith(effectiveRoot + "/"));
-      // Force current folder to be the effective root.
-      localStorage.setItem("lastOpenedFolder", effectiveRoot);
-      window.currentFolder = effectiveRoot;
-    }
-    
-    localStorage.setItem("lastOpenedFolder", window.currentFolder);
-    
-    // Render the folder tree.
-    const container = document.getElementById("folderTreeContainer");
-    if (!container) {
-      console.error("Folder tree container not found.");
-      return;
-    }
-    
-    let html = `<div id="rootRow" class="root-row">
-      <span class="folder-toggle" data-folder="${effectiveRoot}">[<span class="custom-dash">-</span>]</span>
-      <span class="folder-option root-folder-option" data-folder="${effectiveRoot}">${effectiveLabel}</span>
-    </div>`;
-    if (folders.length > 0) {
-      const tree = buildFolderTree(folders);
-      html += renderFolderTree(tree, "", "block");
-    }
-    container.innerHTML = html;
-    
-    // Attach drag/drop event listeners.
-    container.querySelectorAll(".folder-option").forEach(el => {
-      el.addEventListener("dragover", folderDragOverHandler);
-      el.addEventListener("dragleave", folderDragLeaveHandler);
-      el.addEventListener("drop", folderDropHandler);
-    });
-    
-    if (selectedFolder) {
-      window.currentFolder = selectedFolder;
-    }
-    localStorage.setItem("lastOpenedFolder", window.currentFolder);
-    
-    const titleEl = document.getElementById("fileListTitle");
-    titleEl.innerHTML = t("files_in") + " (" + renderBreadcrumb(window.currentFolder) + ")";
-    setupBreadcrumbDelegation();
-    loadFileList(window.currentFolder);
-    
-    const folderState = loadFolderTreeState();
-    if (window.currentFolder !== effectiveRoot && folderState[window.currentFolder] !== "none") {
-      expandTreePath(window.currentFolder);
-    }
-    
-    const selectedEl = container.querySelector(`.folder-option[data-folder="${window.currentFolder}"]`);
-    if (selectedEl) {
-      container.querySelectorAll(".folder-option").forEach(item => item.classList.remove("selected"));
-      selectedEl.classList.add("selected");
-    }
-    
-    container.querySelectorAll(".folder-option").forEach(el => {
-      el.addEventListener("click", function (e) {
-        e.stopPropagation();
-        container.querySelectorAll(".folder-option").forEach(item => item.classList.remove("selected"));
-        this.classList.add("selected");
-        const selected = this.getAttribute("data-folder");
-        window.currentFolder = selected;
-        localStorage.setItem("lastOpenedFolder", selected);
-        const titleEl = document.getElementById("fileListTitle");
-        titleEl.innerHTML = t("files_in") + " (" + renderBreadcrumb(selected) + ")";
-        setupBreadcrumbDelegation();
-        loadFileList(selected);
-      });
-    });
-    
-    const rootToggle = container.querySelector("#rootRow .folder-toggle");
-    if (rootToggle) {
-      rootToggle.addEventListener("click", function (e) {
-        e.stopPropagation();
-        const nestedUl = container.querySelector("#rootRow + ul");
-        if (nestedUl) {
-          let state = loadFolderTreeState();
-          if (nestedUl.classList.contains("collapsed") || !nestedUl.classList.contains("expanded")) {
-            nestedUl.classList.remove("collapsed");
-            nestedUl.classList.add("expanded");
-            this.innerHTML = "[" + '<span class="custom-dash">-</span>' + "]";
-            state[effectiveRoot] = "block";
-          } else {
-            nestedUl.classList.remove("expanded");
-            nestedUl.classList.add("collapsed");
-            this.textContent = "[+]";
-            state[effectiveRoot] = "none";
-          }
-          saveFolderTreeState(state);
-        }
-      });
-    }
-    
-    container.querySelectorAll(".folder-toggle").forEach(toggle => {
-      toggle.addEventListener("click", function (e) {
-        e.stopPropagation();
-        const siblingUl = this.parentNode.querySelector("ul");
-        const folderPath = this.getAttribute("data-folder");
-        let state = loadFolderTreeState();
-        if (siblingUl) {
-          if (siblingUl.classList.contains("collapsed") || !siblingUl.classList.contains("expanded")) {
-            siblingUl.classList.remove("collapsed");
-            siblingUl.classList.add("expanded");
-            this.innerHTML = "[" + '<span class="custom-dash">-</span>' + "]";
-            state[folderPath] = "block";
-          } else {
-            siblingUl.classList.remove("expanded");
-            siblingUl.classList.add("collapsed");
-            this.textContent = "[+]";
-            state[folderPath] = "none";
-          }
-          saveFolderTreeState(state);
-        }
-      });
-    });
-    
-  } catch (error) {
-    console.error("Error loading folder tree:", error);
-  }
-}
-
-// For backward compatibility.
-export function loadFolderList(selectedFolder) {
-  loadFolderTree(selectedFolder);
-}
-
-/* ----------------------
-   Folder Management (Rename, Delete, Create)
----------------------*/
-document.getElementById("renameFolderBtn").addEventListener("click", openRenameFolderModal);
-document.getElementById("deleteFolderBtn").addEventListener("click", openDeleteFolderModal);
-
-function openRenameFolderModal() {
-  const selectedFolder = window.currentFolder || "root";
-  if (!selectedFolder || selectedFolder === "root") {
-    showToast("Please select a valid folder to rename.");
-    return;
-  }
-  const parts = selectedFolder.split("/");
-  document.getElementById("newRenameFolderName").value = parts[parts.length - 1];
-  document.getElementById("renameFolderModal").style.display = "block";
-  setTimeout(() => {
-    const input = document.getElementById("newRenameFolderName");
-    input.focus();
-    input.select();
-  }, 100);
-}
-
-document.getElementById("cancelRenameFolder").addEventListener("click", function () {
-  document.getElementById("renameFolderModal").style.display = "none";
-  document.getElementById("newRenameFolderName").value = "";
-});
-attachEnterKeyListener("renameFolderModal", "submitRenameFolder");
-document.getElementById("submitRenameFolder").addEventListener("click", function (event) {
-  event.preventDefault();
-  const selectedFolder = window.currentFolder || "root";
-  const newNameBasename = document.getElementById("newRenameFolderName").value.trim();
-  if (!newNameBasename || newNameBasename === selectedFolder.split("/").pop()) {
-    showToast("Please enter a valid new folder name.");
-    return;
-  }
-  const parentPath = getParentFolder(selectedFolder);
-  const newFolderFull = parentPath === "root" ? newNameBasename : parentPath + "/" + newNameBasename;
-  const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
-  if (!csrfToken) {
-    showToast("CSRF token not loaded yet! Please try again.");
-    return;
-  }
-  fetch("renameFolder.php", {
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": csrfToken
-    },
-    body: JSON.stringify({ oldFolder: window.currentFolder, newFolder: newFolderFull })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast("Folder renamed successfully!");
-        window.currentFolder = newFolderFull;
-        localStorage.setItem("lastOpenedFolder", newFolderFull);
-        loadFolderList(newFolderFull);
-      } else {
-        showToast("Error: " + (data.error || "Could not rename folder"));
-      }
-    })
-    .catch(error => console.error("Error renaming folder:", error))
-    .finally(() => {
-      document.getElementById("renameFolderModal").style.display = "none";
-      document.getElementById("newRenameFolderName").value = "";
-    });
-});
-
-function openDeleteFolderModal() {
-  const selectedFolder = window.currentFolder || "root";
-  if (!selectedFolder || selectedFolder === "root") {
-    showToast("Please select a valid folder to delete.");
-    return;
-  }
-  document.getElementById("deleteFolderMessage").textContent =
-    "Are you sure you want to delete folder " + selectedFolder + "?";
-  document.getElementById("deleteFolderModal").style.display = "block";
-}
-
-document.getElementById("cancelDeleteFolder").addEventListener("click", function () {
-  document.getElementById("deleteFolderModal").style.display = "none";
-});
-attachEnterKeyListener("deleteFolderModal", "confirmDeleteFolder");
-document.getElementById("confirmDeleteFolder").addEventListener("click", function () {
-  const selectedFolder = window.currentFolder || "root";
-  const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
-  fetch("deleteFolder.php", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": csrfToken
-    },
-    body: JSON.stringify({ folder: selectedFolder })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast("Folder deleted successfully!");
-        window.currentFolder = getParentFolder(selectedFolder);
-        localStorage.setItem("lastOpenedFolder", window.currentFolder);
-        loadFolderList(window.currentFolder);
-      } else {
-        showToast("Error: " + (data.error || "Could not delete folder"));
-      }
-    })
-    .catch(error => console.error("Error deleting folder:", error))
-    .finally(() => {
-      document.getElementById("deleteFolderModal").style.display = "none";
-    });
-});
-
-document.getElementById("createFolderBtn").addEventListener("click", function () {
-  document.getElementById("createFolderModal").style.display = "block";
-  document.getElementById("newFolderName").focus();
-});
-
-document.getElementById("cancelCreateFolder").addEventListener("click", function () {
-  document.getElementById("createFolderModal").style.display = "none";
-  document.getElementById("newFolderName").value = "";
-});
-attachEnterKeyListener("createFolderModal", "submitCreateFolder");
-document.getElementById("submitCreateFolder").addEventListener("click", function () {
-  const folderInput = document.getElementById("newFolderName").value.trim();
-  if (!folderInput) {
-    showToast("Please enter a folder name.");
-    return;
-  }
-  let selectedFolder = window.currentFolder || "root";
-  let fullFolderName = folderInput;
-  if (selectedFolder && selectedFolder !== "root") {
-    fullFolderName = selectedFolder + "/" + folderInput;
-  }
-  const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
-  fetch("createFolder.php", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "X-CSRF-Token": csrfToken
-    },
-    body: JSON.stringify({
-      folderName: folderInput,
-      parent: selectedFolder === "root" ? "" : selectedFolder
-    })
-  })
-    .then(response => response.json())
-    .then(data => {
-      if (data.success) {
-        showToast("Folder created successfully!");
-        window.currentFolder = fullFolderName;
-        localStorage.setItem("lastOpenedFolder", fullFolderName);
-        loadFolderList(fullFolderName);
-      } else {
-        showToast("Error: " + (data.error || "Could not create folder"));
-      }
-      document.getElementById("createFolderModal").style.display = "none";
-      document.getElementById("newFolderName").value = "";
-    })
-    .catch(error => {
-      console.error("Error creating folder:", error);
-      document.getElementById("createFolderModal").style.display = "none";
-    });
-});
-
-// ---------- CONTEXT MENU SUPPORT FOR FOLDER MANAGER ----------
-function showFolderManagerContextMenu(x, y, menuItems) {
-  let menu = document.getElementById("folderManagerContextMenu");
-  if (!menu) {
-    menu = document.createElement("div");
-    menu.id = "folderManagerContextMenu";
-    menu.style.position = "absolute";
-    menu.style.padding = "5px 0";
-    menu.style.minWidth = "150px";
-    menu.style.zIndex = "9999";
-    document.body.appendChild(menu);
-  }
-  if (document.body.classList.contains("dark-mode")) {
-    menu.style.backgroundColor = "#2c2c2c";
-    menu.style.border = "1px solid #555";
-    menu.style.color = "#e0e0e0";
-  } else {
-    menu.style.backgroundColor = "#fff";
-    menu.style.border = "1px solid #ccc";
-    menu.style.color = "#000";
-  }
-  menu.innerHTML = "";
-  menuItems.forEach(item => {
-    const menuItem = document.createElement("div");
-    menuItem.textContent = item.label;
-    menuItem.style.padding = "5px 15px";
-    menuItem.style.cursor = "pointer";
-    menuItem.addEventListener("mouseover", () => {
-      if (document.body.classList.contains("dark-mode")) {
-        menuItem.style.backgroundColor = "#444";
-      } else {
-        menuItem.style.backgroundColor = "#f0f0f0";
-      }
-    });
-    menuItem.addEventListener("mouseout", () => {
-      menuItem.style.backgroundColor = "";
-    });
-    menuItem.addEventListener("click", () => {
-      item.action();
-      hideFolderManagerContextMenu();
-    });
-    menu.appendChild(menuItem);
-  });
-  menu.style.left = x + "px";
-  menu.style.top = y + "px";
-  menu.style.display = "block";
-}
-
-function hideFolderManagerContextMenu() {
-  const menu = document.getElementById("folderManagerContextMenu");
-  if (menu) {
-    menu.style.display = "none";
-  }
-}
-
-function folderManagerContextMenuHandler(e) {
-  e.preventDefault();
-  e.stopPropagation();
-  const target = e.target.closest(".folder-option, .breadcrumb-link");
-  if (!target) return;
-  const folder = target.getAttribute("data-folder");
-  if (!folder) return;
-  window.currentFolder = folder;
-  document.querySelectorAll(".folder-option, .breadcrumb-link").forEach(el => el.classList.remove("selected"));
-  target.classList.add("selected");
-  const menuItems = [
-    {
-      label: t("create_folder"),
-      action: () => {
-        document.getElementById("createFolderModal").style.display = "block";
-        document.getElementById("newFolderName").focus();
-      }
-    },
-    {
-      label: t("rename_folder"),
-      action: () => { openRenameFolderModal(); }
-    },
-    {
-      label: t("folder_share"),
-      action: () => { openFolderShareModal(); }
-    },
-    {
-      label: t("delete_folder"),
-      action: () => { openDeleteFolderModal(); }
-    }
-  ];
-  showFolderManagerContextMenu(e.pageX, e.pageY, menuItems);
-}
-
-function bindFolderManagerContextMenu() {
-  const container = document.getElementById("folderTreeContainer");
-  if (container) {
-    container.removeEventListener("contextmenu", folderManagerContextMenuHandler);
-    container.addEventListener("contextmenu", folderManagerContextMenuHandler, false);
-  }
-  const breadcrumbNodes = document.querySelectorAll(".breadcrumb-link");
-  breadcrumbNodes.forEach(node => {
-    node.removeEventListener("contextmenu", folderManagerContextMenuHandler);
-    node.addEventListener("contextmenu", folderManagerContextMenuHandler, false);
-  });
-}
-
-document.addEventListener("click", function () {
-  hideFolderManagerContextMenu();
-});
-
-document.addEventListener("DOMContentLoaded", function () {
-  document.addEventListener("keydown", function (e) {
-    const tag = e.target.tagName.toLowerCase();
-    if (tag === "input" || tag === "textarea" || e.target.isContentEditable) {
-      return;
-    }
-    if (e.key === "Delete" || e.key === "Backspace" || e.keyCode === 46 || e.keyCode === 8) {
-      if (window.currentFolder && window.currentFolder !== "root") {
-        e.preventDefault();
-        openDeleteFolderModal();
-      }
-    }
-  });
-});
-
-document.addEventListener("DOMContentLoaded", function () {
-  const shareFolderBtn = document.getElementById("shareFolderBtn");
-  if (shareFolderBtn) {
-    shareFolderBtn.addEventListener("click", () => {
-      const selectedFolder = window.currentFolder || "root";
-      if (!selectedFolder || selectedFolder === "root") {
-        showToast("Please select a valid folder to share.");
-        return;
-      }
-      // Call the folder share modal from the module.
-      openFolderShareModal(selectedFolder);
-    });
-  } else {
-    console.warn("shareFolderBtn element not found in the DOM.");
-  }
-});
-
-bindFolderManagerContextMenu();
--- a/js/folderShareModal.js
+++ b/js/folderShareModal.js
@@ -1,107 +0,0 @@
-// folderShareModal.js
-import { escapeHTML, showToast } from './domUtils.js';
-import { t } from './i18n.js';
-
-export function openFolderShareModal(folder) {
-  // Remove any existing folder share modal
-  const existing = document.getElementById("folderShareModal");
-  if (existing) existing.remove();
-
-  // Create the modal container
-  const modal = document.createElement("div");
-  modal.id = "folderShareModal";
-  modal.classList.add("modal");
-  modal.innerHTML = `
-    <div class="modal-content share-modal-content" style="width: 600px; max-width: 90vw;">
-      <div class="modal-header">
-        <h3>${t("share_folder")}: ${escapeHTML(folder)}</h3>
-        <span class="close-image-modal" id="closeFolderShareModal" title="Close">&times;</span>
-      </div>
-      <div class="modal-body">
-        <p>${t("set_expiration")}</p>
-        <select id="folderShareExpiration">
-          <option value="30">30 ${t("minutes")}</option>
-          <option value="60" selected>60 ${t("minutes")}</option>
-          <option value="120">120 ${t("minutes")}</option>
-          <option value="180">180 ${t("minutes")}</option>
-          <option value="240">240 ${t("minutes")}</option>
-          <option value="1440">1 ${t("day")}</option>
-        </select>
-        <p>${t("password_optional")}</p>
-        <input type="text" id="folderSharePassword" placeholder="${t("password")}" style="width: 100%;"/>
-        <br>
-        <label>
-          <input type="checkbox" id="folderShareAllowUpload"> ${t("allow_uploads")}
-        </label>
-        <br><br>
-        <button id="generateFolderShareLinkBtn" class="btn btn-primary" style="margin-top: 10px;">${t("generate_share_link")}</button>
-        <div id="folderShareLinkDisplay" style="margin-top: 10px; display: none;">
-          <p>${t("shareable_link")}</p>
-          <input type="text" id="folderShareLinkInput" readonly style="width: 100%;"/>
-          <button id="copyFolderShareLinkBtn" class="btn btn-primary" style="margin-top: 5px;">${t("copy_link")}</button>
-        </div>
-      </div>
-    </div>
-  `;
-  document.body.appendChild(modal);
-  modal.style.display = "block";
-
-  // Close button handler
-  document.getElementById("closeFolderShareModal").addEventListener("click", () => {
-    modal.remove();
-  });
-
-  // Handler for generating the share link
-  document.getElementById("generateFolderShareLinkBtn").addEventListener("click", () => {
-    const expiration = document.getElementById("folderShareExpiration").value;
-    const password = document.getElementById("folderSharePassword").value;
-    const allowUpload = document.getElementById("folderShareAllowUpload").checked ? 1 : 0;
-    
-    // Retrieve the CSRF token from the meta tag.
-    const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute("content");
-    if (!csrfToken) {
-      showToast(t("csrf_error"));
-      return;
-    }
-    // Post to the createFolderShareLink endpoint.
-    fetch("/createFolderShareLink.php", {
-      method: "POST",
-      credentials: "include",
-      headers: {
-        "Content-Type": "application/json",
-        "X-CSRF-Token": csrfToken
-      },
-      body: JSON.stringify({
-        folder: folder,
-        expirationMinutes: parseInt(expiration, 10),
-        password: password,
-        allowUpload: allowUpload
-      })
-    })
-      .then(response => response.json())
-      .then(data => {
-        if (data.token && data.link) {
-          const shareUrl = data.link;
-          const displayDiv = document.getElementById("folderShareLinkDisplay");
-          const inputField = document.getElementById("folderShareLinkInput");
-          inputField.value = shareUrl;
-          displayDiv.style.display = "block";
-          showToast(t("share_link_generated"));
-        } else {
-          showToast(t("error_generating_share_link") + ": " + (data.error || t("unknown_error")));
-        }
-      })
-      .catch(err => {
-        console.error("Error generating folder share link:", err);
-        showToast(t("error_generating_share_link") + ": " + (err.error || t("unknown_error")));
-      });
-  });
-
-  // Copy share link button handler
-  document.getElementById("copyFolderShareLinkBtn").addEventListener("click", () => {
-    const input = document.getElementById("folderShareLinkInput");
-    input.select();
-    document.execCommand("copy");
-    showToast(t("link_copied"));
-  });
-}
--- a/js/i18n.js
+++ b/js/i18n.js
@@ -1,611 +0,0 @@
-/* i18n.js */
-const translations = {
-    en: { /* English translations */
-      "please_log_in_to_continue": "Please log in to continue.",
-      "no_files_selected": "No files selected.",
-      "confirm_delete_files": "Are you sure you want to delete {count} selected file(s)?",
-      "element_not_found": "Element with id \"{id}\" not found.",
-      "search_placeholder": "Search files, tags, or uploader...",
-      "file_name": "File Name",
-      "date_modified": "Date Modified",
-      "upload_date": "Upload Date",
-      "file_size": "File Size",
-      "uploader": "Uploader",
-      "enter_totp_code": "Enter TOTP Code",
-      "use_recovery_code_instead": "Use Recovery Code instead",
-      "enter_recovery_code": "Enter Recovery Code",
-      "editing": "Editing",
-      "decrease_font": "A-",
-      "increase_font": "A+",
-      "save": "Save",
-      "close": "Close",
-      "no_files_found": "No files found.",
-      "switch_to_table_view": "Switch to Table View",
-      "switch_to_gallery_view": "Switch to Gallery View",
-      "share_file": "Share File",
-      "set_expiration": "Set Expiration:",
-      "password_optional": "Password (optional):",
-      "generate_share_link": "Generate Share Link",
-      "shareable_link": "Shareable Link:",
-      "copy_link": "Copy Link",
-      "tag_file": "Tag File",
-      "tag_name": "Tag Name:",
-      "tag_color": "Tag Color:",
-      "save_tag": "Save Tag",
-      "files_in": "Files in",
-      "light_mode": "Light Mode",
-      "dark_mode": "Dark Mode",
-      "upload_instruction": "Drop files/folders here or click 'Choose files'",
-      "no_files_selected_default": "No files selected",
-      "choose_files": "Choose files",
-      "delete_selected": "Delete Selected",
-      "copy_selected": "Copy Selected",
-      "move_selected": "Move Selected",
-      "tag_selected": "Tag Selected",
-      "download_zip": "Download Zip",
-      "extract_zip": "Extract Zip",
-      "preview": "Preview",
-      "edit": "Edit",
-      "rename": "Rename",
-      "trash_empty": "Trash is empty.",
-      "no_trash_selected": "No trash items selected for restore.",
-  
-      // Additional keys for HTML translations:
-      "title": "FileRise",
-      "header_title": "FileRise",
-      "logout": "Logout",
-      "change_password": "Change Password",
-      "restore_text": "Restore or",
-      "delete_text": "Delete Trash Items",
-      "restore_selected": "Restore Selected",
-      "restore_all": "Restore All",
-      "delete_selected_trash": "Delete Selected",
-      "delete_all": "Delete All",
-      "upload_header": "Upload Files/Folders",
-  
-      // Folder Management keys:
-      "folder_navigation": "Folder Navigation & Management",
-      "create_folder": "Create Folder",
-      "create_folder_title": "Create Folder",
-      "enter_folder_name": "Enter folder name",
-      "cancel": "Cancel",
-      "create": "Create",
-      "rename_folder": "Rename Folder",
-      "rename_folder_title": "Rename Folder",
-      "rename_folder_placeholder": "Enter new folder name",
-      "delete_folder": "Delete Folder",
-      "delete_folder_title": "Delete Folder",
-      "delete_folder_message": "Are you sure you want to delete this folder?",
-      "folder_help": "Folder Help",
-      "folder_help_item_1": "Click on a folder in the tree to view its files.",
-      "folder_help_item_2": "Use [-] to collapse and [+] to expand folders.",
-      "folder_help_item_3": "Select a folder and click \"Create Folder\" to add a subfolder.",
-      "folder_help_item_4": "To rename or delete a folder, select it and then click the appropriate button.",
-  
-      // File List keys:
-      "file_list_title": "Files in (Root)",
-      "files_in": "Files in",
-      "delete_files": "Delete Files",
-      "delete_selected_files_title": "Delete Selected Files",
-      "delete_files_message": "Are you sure you want to delete the selected files?",
-      "copy_files": "Copy Files",
-      "copy_files_title": "Copy Selected Files",
-      "copy_files_message": "Select a target folder for copying the selected files:",
-      "move_files": "Move Files",
-      "move_files_title": "Move Selected Files",
-      "move_files_message": "Select a target folder for moving the selected files:",
-      "move": "Move",
-      "extract_zip_button": "Extract Zip",
-      "download_zip_title": "Download Selected Files as Zip",
-      "download_zip_prompt": "Enter a name for the zip file:",
-      "zip_placeholder": "files.zip",
-  
-      // Login Form keys:
-      "login": "Login",
-      "remember_me": "Remember me",
-      "login_oidc": "Login with OIDC",
-      "basic_http_login": "Use Basic HTTP Login",
-  
-      // Change Password keys:
-      "change_password_title": "Change Password",
-      "old_password": "Old Password",
-      "new_password": "New Password",
-      "confirm_new_password": "Confirm New Password",
-  
-      // Add User keys:
-      "create_new_user_title": "Create New User",
-      "username": "Username:",
-      "password": "Password:",
-      "grant_admin": "Grant Admin Access",
-      "save_user": "Save User",
-  
-      // Remove User keys:
-      "remove_user_title": "Remove User",
-      "select_user_remove": "Select a user to remove:",
-      "delete_user": "Delete User",
-  
-      // Rename File keys:
-      "rename_file_title": "Rename File",
-      "rename_file_placeholder": "Enter new file name",
-
-      // Folder Share
-      "share_folder": "Share Folder",
-      "allow_uploads": "Allow Uploads",
-      "share_link_generated": "Share Link Generated",
-      "error_generating_share_link": "Error Generating Share Link",
-
-      // Folder
-      "create_folder": "Create Folder",
-      "rename_folder": "Rename Folder",
-      "folder_share": "Share Folder",
-      "delete_folder": "Delete Folder",
-  
-      // Custom Confirm Modal keys:
-      "yes": "Yes",
-      "no": "No",
-      "delete": "Delete",
-      "download": "Download",
-      "upload": "Upload",
-      "copy": "Copy",
-      "extract": "Extract",
-      "user": "User:",
-      "unknown_error": "Unknown Error",
-      "link_copied": "Link Copied to Clipboard",
-      "minutes": "minutes",
-        "hours": "hours",
-        "days": "days",
-        "weeks": "weeks",
-        "months": "months",
-        "seconds": "seconds",
-  
-      // Dark Mode Toggle
-      "dark_mode_toggle": "Dark Mode",
-      "light_mode_toggle": "Light Mode"
-    },
-    es: { /* Spanish translations */
-        "please_log_in_to_continue": "Por favor, inicie sesión para continuar.",
-        "no_files_selected": "No se seleccionaron archivos.",
-        "confirm_delete_files": "¿Está seguro de que desea eliminar {count} archivo(s) seleccionado(s)?",
-        "element_not_found": "Elemento con id \"{id}\" no encontrado.",
-        "search_placeholder": "Buscar archivos o etiqueta...",
-        "file_name": "Nombre del archivo",
-        "date_modified": "Fecha de modificación",
-        "upload_date": "Fecha de carga",
-        "file_size": "Tamaño del archivo",
-        "uploader": "Cargado por",
-        "enter_totp_code": "Ingrese el código TOTP",
-        "use_recovery_code_instead": "Usar código de recuperación en su lugar",
-        "enter_recovery_code": "Ingrese el código de recuperación",
-        "editing": "Editando",
-        "decrease_font": "A-",
-        "increase_font": "A+",
-        "save": "Guardar",
-        "close": "Cerrar",
-        "no_files_found": "No se encontraron archivos.",
-        "switch_to_table_view": "Cambiar a vista de tabla",
-        "switch_to_gallery_view": "Cambiar a vista de galería",
-        "share_file": "Compartir archivo",
-        "set_expiration": "Establecer vencimiento:",
-        "password_optional": "Contraseña (opcional):",
-        "generate_share_link": "Generar enlace para compartir",
-        "shareable_link": "Enlace para compartir:",
-        "copy_link": "Copiar enlace",
-        "tag_file": "Etiquetar archivo",
-        "tag_name": "Nombre de la etiqueta:",
-        "tag_color": "Color de la etiqueta:",
-        "save_tag": "Guardar etiqueta",
-        "files_in": "Archivos en",
-        "light_mode": "Modo claro",
-        "dark_mode": "Modo oscuro",
-        "upload_instruction": "Suelte archivos/carpetas o haga clic en 'Elegir archivos'",
-        "no_files_selected_default": "No se seleccionaron archivos",
-        "choose_files": "Elegir archivos",
-        "delete_selected": "Eliminar seleccionados",
-        "copy_selected": "Copiar seleccionados",
-        "move_selected": "Mover seleccionados",
-        "tag_selected": "Etiquetar seleccionados",
-        "download_zip": "Descargar Zip",
-        "extract_zip": "Extraer Zip",
-        "preview": "Vista previa",
-        "edit": "Editar",
-        "rename": "Renombrar",
-        "trash_empty": "La papelera está vacía.",
-        "no_trash_selected": "No se seleccionaron elementos de la papelera para restaurar.",
-      
-        // Additional keys for HTML translations:
-        "title": "FileRise",
-        "header_title": "FileRise",
-        "logout": "Cerrar sesión",
-        "change_password": "Cambiar contraseña",
-        "restore_text": "Restaurar o",
-        "delete_text": "Eliminar elementos de la papelera",
-        "restore_selected": "Restaurar seleccionados",
-        "restore_all": "Restaurar todo",
-        "delete_selected_trash": "Eliminar seleccionados",
-        "delete_all": "Eliminar todo",
-        "upload_header": "Cargar archivos/carpetas",
-      
-        // Folder Management keys:
-        "folder_navigation": "Navegación y gestión de carpetas",
-        "create_folder": "Crear carpeta",
-        "create_folder_title": "Crear carpeta",
-        "enter_folder_name": "Ingrese el nombre de la carpeta",
-        "cancel": "Cancelar",
-        "create": "Crear",
-        "rename_folder": "Renombrar carpeta",
-        "rename_folder_title": "Renombrar carpeta",
-        "rename_folder_placeholder": "Ingrese el nuevo nombre de la carpeta",
-        "delete_folder": "Eliminar carpeta",
-        "delete_folder_title": "Eliminar carpeta",
-        "delete_folder_message": "¿Está seguro de que desea eliminar esta carpeta?",
-        "folder_help": "Ayuda de carpetas",
-        "folder_help_item_1": "Haga clic en una carpeta en el árbol para ver sus archivos.",
-        "folder_help_item_2": "Utilice [-] para colapsar y [+] para expandir carpetas.",
-        "folder_help_item_3": "Seleccione una carpeta y haga clic en \"Crear carpeta\" para agregar una subcarpeta.",
-        "folder_help_item_4": "Para renombrar o eliminar una carpeta, selecciónela y luego haga clic en el botón correspondiente.",
-      
-        // File List keys:
-        "file_list_title": "Archivos en (Raíz)",
-        "delete_files": "Eliminar archivos",
-        "delete_selected_files_title": "Eliminar archivos seleccionados",
-        "delete_files_message": "¿Está seguro de que desea eliminar los archivos seleccionados?",
-        "copy_files": "Copiar archivos",
-        "copy_files_title": "Copiar archivos seleccionados",
-        "copy_files_message": "Seleccione una carpeta destino para copiar los archivos seleccionados:",
-        "move_files": "Mover archivos",
-        "move_files_title": "Mover archivos seleccionados",
-        "move_files_message": "Seleccione una carpeta destino para mover los archivos seleccionados:",
-        "move": "Mover",
-        "extract_zip_button": "Extraer Zip",
-        "download_zip_title": "Descargar archivos seleccionados en Zip",
-        "download_zip_prompt": "Ingrese un nombre para el archivo Zip:",
-        "zip_placeholder": "archivos.zip",
-      
-        // Login Form keys:
-        "login": "Iniciar sesión",
-        "remember_me": "Recuérdame",
-        "login_oidc": "Iniciar sesión con OIDC",
-        "basic_http_login": "Usar autenticación HTTP básica",
-      
-        // Change Password keys:
-        "change_password_title": "Cambiar contraseña",
-        "old_password": "Contraseña antigua",
-        "new_password": "Nueva contraseña",
-        "confirm_new_password": "Confirmar nueva contraseña",
-      
-        // Add User keys:
-        "create_new_user_title": "Crear nuevo usuario",
-        "username": "Usuario:",
-        "password": "Contraseña:",
-        "grant_admin": "Otorgar acceso de administrador",
-        "save_user": "Guardar usuario",
-      
-        // Remove User keys:
-        "remove_user_title": "Eliminar usuario",
-        "select_user_remove": "Seleccione un usuario para eliminar:",
-        "delete_user": "Eliminar usuario",
-      
-        // Rename File keys:
-        "rename_file_title": "Renombrar archivo",
-        "rename_file_placeholder": "Ingrese el nuevo nombre del archivo",
-      
-        // Custom Confirm Modal keys:
-        "yes": "Sí",
-        "no": "No",
-        "delete": "Eliminar",
-        "download": "Descargar",
-        "upload": "Cargar",
-        "copy": "Copiar",
-        "extract": "Extraer",
-      
-        // Dark Mode Toggle
-        "dark_mode_toggle": "Modo oscuro"
-      },
-      fr: { /* French translations */
-        "please_log_in_to_continue": "Veuillez vous connecter pour continuer.",
-        "no_files_selected": "Aucun fichier sélectionné.",
-        "confirm_delete_files": "Êtes-vous sûr de vouloir supprimer {count} fichier(s) sélectionné(s) ?",
-        "element_not_found": "Élément avec l'id \"{id}\" non trouvé.",
-        "search_placeholder": "Rechercher des fichiers ou un tag...",
-        "file_name": "Nom du fichier",
-        "date_modified": "Date de modification",
-        "upload_date": "Date de téléchargement",
-        "file_size": "Taille du fichier",
-        "uploader": "Téléversé par",
-        "enter_totp_code": "Entrez le code TOTP",
-        "use_recovery_code_instead": "Utilisez le code de récupération à la place",
-        "enter_recovery_code": "Entrez le code de récupération",
-        "editing": "Modification",
-        "decrease_font": "A-",
-        "increase_font": "A+",
-        "save": "Enregistrer",
-        "close": "Fermer",
-        "no_files_found": "Aucun fichier trouvé.",
-        "switch_to_table_view": "Passer à la vue tableau",
-        "switch_to_gallery_view": "Passer à la vue galerie",
-        "share_file": "Partager le fichier",
-        "set_expiration": "Définir l'expiration :",
-        "password_optional": "Mot de passe (facultatif) :",
-        "generate_share_link": "Générer un lien de partage",
-        "shareable_link": "Lien partageable :",
-        "copy_link": "Copier le lien",
-        "tag_file": "Marquer le fichier",
-        "tag_name": "Nom du tag :",
-        "tag_color": "Couleur du tag :",
-        "save_tag": "Enregistrer le tag",
-        "files_in": "Fichiers dans",
-        "light_mode": "Mode clair",
-        "dark_mode": "Mode sombre",
-        "upload_instruction": "Déposez vos fichiers/dossiers ici ou cliquez sur 'Choisir des fichiers'",
-        "no_files_selected_default": "Aucun fichier sélectionné",
-        "choose_files": "Choisir des fichiers",
-        "delete_selected": "Supprimer la sélection",
-        "copy_selected": "Copier la sélection",
-        "move_selected": "Déplacer la sélection",
-        "tag_selected": "Marquer la sélection",
-        "download_zip": "Télécharger en Zip",
-        "extract_zip": "Extraire le Zip",
-        "preview": "Aperçu",
-        "edit": "Modifier",
-        "rename": "Renommer",
-        "trash_empty": "La corbeille est vide.",
-        "no_trash_selected": "Aucun élément de la corbeille sélectionné pour restauration.",
-      
-        // Additional keys for HTML translations:
-        "title": "FileRise",
-        "header_title": "FileRise",
-        "logout": "Se déconnecter",
-        "change_password": "Changer le mot de passe",
-        "restore_text": "Restaurer ou",
-        "delete_text": "Supprimer les éléments de la corbeille",
-        "restore_selected": "Restaurer la sélection",
-        "restore_all": "Restaurer tout",
-        "delete_selected_trash": "Supprimer la sélection",
-        "delete_all": "Supprimer tout",
-        "upload_header": "Téléverser des fichiers/dossiers",
-      
-        // Folder Management keys:
-        "folder_navigation": "Navigation et gestion des dossiers",
-        "create_folder": "Créer un dossier",
-        "create_folder_title": "Créer un dossier",
-        "enter_folder_name": "Entrez le nom du dossier",
-        "cancel": "Annuler",
-        "create": "Créer",
-        "rename_folder": "Renommer le dossier",
-        "rename_folder_title": "Renommer le dossier",
-        "rename_folder_placeholder": "Entrez le nouveau nom du dossier",
-        "delete_folder": "Supprimer le dossier",
-        "delete_folder_title": "Supprimer le dossier",
-        "delete_folder_message": "Êtes-vous sûr de vouloir supprimer ce dossier ?",
-        "folder_help": "Aide des dossiers",
-        "folder_help_item_1": "Cliquez sur un dossier dans l'arborescence pour voir ses fichiers.",
-        "folder_help_item_2": "Utilisez [-] pour réduire et [+] pour développer les dossiers.",
-        "folder_help_item_3": "Sélectionnez un dossier et cliquez sur \"Créer un dossier\" pour ajouter un sous-dossier.",
-        "folder_help_item_4": "Pour renommer ou supprimer un dossier, sélectionnez-le puis cliquez sur le bouton approprié.",
-      
-        // File List keys:
-        "file_list_title": "Fichiers dans (Racine)",
-        "delete_files": "Supprimer les fichiers",
-        "delete_selected_files_title": "Supprimer les fichiers sélectionnés",
-        "delete_files_message": "Êtes-vous sûr de vouloir supprimer les fichiers sélectionnés ?",
-        "copy_files": "Copier les fichiers",
-        "copy_files_title": "Copier les fichiers sélectionnés",
-        "copy_files_message": "Sélectionnez un dossier de destination pour copier les fichiers sélectionnés :",
-        "move_files": "Déplacer les fichiers",
-        "move_files_title": "Déplacer les fichiers sélectionnés",
-        "move_files_message": "Sélectionnez un dossier de destination pour déplacer les fichiers sélectionnés :",
-        "move": "Déplacer",
-        "extract_zip_button": "Extraire le Zip",
-        "download_zip_title": "Télécharger les fichiers sélectionnés en Zip",
-        "download_zip_prompt": "Entrez un nom pour le fichier Zip :",
-        "zip_placeholder": "fichiers.zip",
-      
-        // Login Form keys:
-        "login": "Connexion",
-        "remember_me": "Se souvenir de moi",
-        "login_oidc": "Connexion avec OIDC",
-        "basic_http_login": "Utiliser l'authentification HTTP basique",
-      
-        // Change Password keys:
-        "change_password_title": "Changer le mot de passe",
-        "old_password": "Ancien mot de passe",
-        "new_password": "Nouveau mot de passe",
-        "confirm_new_password": "Confirmer le nouveau mot de passe",
-      
-        // Add User keys:
-        "create_new_user_title": "Créer un nouvel utilisateur",
-        "username": "Nom d'utilisateur :",
-        "password": "Mot de passe :",
-        "grant_admin": "Accorder les droits d'administrateur",
-        "save_user": "Enregistrer l'utilisateur",
-      
-        // Remove User keys:
-        "remove_user_title": "Supprimer l'utilisateur",
-        "select_user_remove": "Sélectionnez un utilisateur à supprimer :",
-        "delete_user": "Supprimer l'utilisateur",
-      
-        // Rename File keys:
-        "rename_file_title": "Renommer le fichier",
-        "rename_file_placeholder": "Entrez le nouveau nom du fichier",
-      
-        // Custom Confirm Modal keys:
-        "yes": "Oui",
-        "no": "Non",
-        "delete": "Supprimer",
-        "download": "Télécharger",
-        "upload": "Téléverser",
-        "copy": "Copier",
-        "extract": "Extraire",
-      
-        // Dark Mode Toggle
-        "dark_mode_toggle": "Mode sombre"
-      },
-      de: {
-        "please_log_in_to_continue": "Bitte melden Sie sich an, um fortzufahren.",
-        "no_files_selected": "Keine Dateien ausgewählt.",
-        "confirm_delete_files": "Sind Sie sicher, dass Sie {count} ausgewählte Datei(en) löschen möchten?",
-        "element_not_found": "Element mit der ID \"{id}\" wurde nicht gefunden.",
-        "search_placeholder": "Suche nach Dateien oder Tags...",
-        "file_name": "Dateiname",
-        "date_modified": "Änderungsdatum",
-        "upload_date": "Hochladedatum",
-        "file_size": "Dateigröße",
-        "uploader": "Hochgeladen von",
-        "enter_totp_code": "Geben Sie den TOTP-Code ein",
-        "use_recovery_code_instead": "Verwenden Sie stattdessen den Wiederherstellungscode",
-        "enter_recovery_code": "Geben Sie den Wiederherstellungscode ein",
-        "editing": "Bearbeitung",
-        "decrease_font": "A-",
-        "increase_font": "A+",
-        "save": "Speichern",
-        "close": "Schließen",
-        "no_files_found": "Keine Dateien gefunden.",
-        "switch_to_table_view": "Zur Tabellenansicht wechseln",
-        "switch_to_gallery_view": "Zur Galerieansicht wechseln",
-        "share_file": "Datei teilen",
-        "set_expiration": "Ablauf festlegen:",
-        "password_optional": "Passwort (optional):",
-        "generate_share_link": "Freigabelink generieren",
-        "shareable_link": "Freigabelink:",
-        "copy_link": "Link kopieren",
-        "tag_file": "Datei taggen",
-        "tag_name": "Tagname:",
-        "tag_color": "Tagfarbe:",
-        "save_tag": "Tag speichern",
-        "files_in": "Dateien in",
-        "light_mode": "Heller Modus",
-        "dark_mode": "Dunkler Modus",
-        "upload_instruction": "Ziehen Sie Dateien/Ordner hierher oder klicken Sie auf 'Dateien auswählen'",
-        "no_files_selected_default": "Keine Dateien ausgewählt",
-        "choose_files": "Dateien auswählen",
-        "delete_selected": "Ausgewählte löschen",
-        "copy_selected": "Ausgewählte kopieren",
-        "move_selected": "Ausgewählte verschieben",
-        "tag_selected": "Ausgewählte taggen",
-        "download_zip": "Zip herunterladen",
-        "extract_zip": "Zip entpacken",
-        "preview": "Vorschau",
-        "edit": "Bearbeiten",
-        "rename": "Umbenennen",
-        "trash_empty": "Papierkorb ist leer.",
-        "no_trash_selected": "Keine Elemente im Papierkorb für die Wiederherstellung ausgewählt.",
-     
-        // Additional keys for HTML translations:
-        "title": "FileRise",
-        "header_title": "FileRise",
-        "logout": "Abmelden",
-        "change_password": "Passwort ändern",
-        "restore_text": "Wiederherstellen oder",
-        "delete_text": "Papierkorbeinträge löschen",
-        "restore_selected": "Ausgewählte wiederherstellen",
-        "restore_all": "Alle wiederherstellen",
-        "delete_selected_trash": "Ausgewählte löschen",
-        "delete_all": "Alle löschen",
-        "upload_header": "Dateien/Ordner hochladen",
-     
-        // Folder Management keys:
-        "folder_navigation": "Ordnernavigation & Verwaltung",
-        "create_folder": "Ordner erstellen",
-        "create_folder_title": "Ordner erstellen",
-        "enter_folder_name": "Geben Sie den Ordnernamen ein",
-        "cancel": "Abbrechen",
-        "create": "Erstellen",
-        "rename_folder": "Ordner umbenennen",
-        "rename_folder_title": "Ordner umbenennen",
-        "rename_folder_placeholder": "Neuen Ordnernamen eingeben",
-        "delete_folder": "Ordner löschen",
-        "delete_folder_title": "Ordner löschen",
-        "delete_folder_message": "Sind Sie sicher, dass Sie diesen Ordner löschen möchten?",
-        "folder_help": "Ordnerhilfe",
-        "folder_help_item_1": "Klicken Sie auf einen Ordner, um dessen Dateien anzuzeigen.",
-        "folder_help_item_2": "Verwenden Sie [-] um zu minimieren und [+] um zu erweitern.",
-        "folder_help_item_3": "Klicken Sie auf \"Ordner erstellen\", um einen Unterordner hinzuzufügen.",
-        "folder_help_item_4": "Um einen Ordner umzubenennen oder zu löschen, wählen Sie ihn und klicken Sie auf die entsprechende Schaltfläche.",
-     
-        // File List keys:
-        "file_list_title": "Dateien in (Root)",
-        "delete_files": "Dateien löschen",
-        "delete_selected_files_title": "Ausgewählte Dateien löschen",
-        "delete_files_message": "Sind Sie sicher, dass Sie die ausgewählten Dateien löschen möchten?",
-        "copy_files": "Dateien kopieren",
-        "copy_files_title": "Ausgewählte Dateien kopieren",
-        "copy_files_message": "Wählen Sie einen Zielordner, um die ausgewählten Dateien zu kopieren:",
-        "move_files": "Dateien verschieben",
-        "move_files_title": "Ausgewählte Dateien verschieben",
-        "move_files_message": "Wählen Sie einen Zielordner, um die ausgewählten Dateien zu verschieben:",
-        "move": "Verschieben",
-        "extract_zip_button": "Zip entpacken",
-        "download_zip_title": "Ausgewählte Dateien als Zip herunterladen",
-        "download_zip_prompt": "Geben Sie einen Namen für die Zip-Datei ein:",
-        "zip_placeholder": "dateien.zip",
-     
-        // Login Form keys:
-        "login": "Anmelden",
-        "remember_me": "Angemeldet bleiben",
-        "login_oidc": "Mit OIDC anmelden",
-        "basic_http_login": "HTTP-Basisauthentifizierung verwenden",
-     
-        // Change Password keys:
-        "change_password_title": "Passwort ändern",
-        "old_password": "Altes Passwort",
-        "new_password": "Neues Passwort",
-        "confirm_new_password": "Neues Passwort bestätigen",
-     
-        // Add User keys:
-        "create_new_user_title": "Neuen Benutzer erstellen",
-        "username": "Benutzername:",
-        "password": "Passwort:",
-        "grant_admin": "Admin-Rechte vergeben",
-        "save_user": "Benutzer speichern",
-     
-        // Remove User keys:
-        "remove_user_title": "Benutzer entfernen",
-        "select_user_remove": "Wählen Sie einen Benutzer zum Entfernen:",
-        "delete_user": "Benutzer löschen",
-     
-        // Rename File keys:
-        "rename_file_title": "Datei umbenennen",
-        "rename_file_placeholder": "Neuen Dateinamen eingeben",
-     
-        // Custom Confirm Modal keys:
-        "yes": "Ja",
-        "no": "Nein",
-        "delete": "Löschen",
-        "download": "Herunterladen",
-        "upload": "Hochladen",
-        "copy": "Kopieren",
-        "extract": "Entpacken",
-     
-        // Dark Mode Toggle
-        "dark_mode_toggle": "Dunkler Modus"
-      }
-  };
-  
-  let currentLocale = 'en';
-  
-  export function setLocale(locale) {
-    currentLocale = locale;
-  }
-  
-  export function t(key, placeholders) {
-    const localeTranslations = translations[currentLocale] || {};
-    let translation = localeTranslations[key] || key;
-    if (placeholders) {
-      Object.keys(placeholders).forEach(ph => {
-        translation = translation.replace(`{${ph}}`, placeholders[ph]);
-      });
-    }
-    return translation;
-  }
-
-  export function applyTranslations() {
-    document.querySelectorAll('[data-i18n-key]').forEach(el => {
-      el.innerText = t(el.getAttribute('data-i18n-key'));
-    });
-    document.querySelectorAll('[data-i18n-placeholder]').forEach(el => {
-      el.setAttribute('placeholder', t(el.getAttribute('data-i18n-placeholder')));
-    });
-    document.querySelectorAll('[data-i18n-title]').forEach(el => {
-      el.setAttribute('title', t(el.getAttribute('data-i18n-title')));
-    });
-  }
--- a/js/main.js
+++ b/js/main.js
@@ -1,181 +0,0 @@
-import { sendRequest } from './networkUtils.js';
-import { toggleVisibility, toggleAllCheckboxes, updateFileActionButtons, showToast } from './domUtils.js';
-import { loadFolderTree } from './folderManager.js';
-import { initUpload } from './upload.js';
-import { initAuth, checkAuthentication } from './auth.js';
-import { setupTrashRestoreDelete } from './trashRestoreDelete.js';
-import { initDragAndDrop, loadSidebarOrder, loadHeaderOrder } from './dragAndDrop.js';
-import { initTagSearch, openTagModal, filterFilesByTag } from './fileTags.js';
-import { displayFilePreview } from './filePreview.js';
-import { loadFileList } from './fileListView.js';
-import { initFileActions, renameFile, openDownloadModal, confirmSingleDownload } from './fileActions.js';
-import { editFile, saveFile } from './fileEditor.js';
-import { t, applyTranslations, setLocale } from './i18n.js';
-
-// Remove the retry logic version and just use loadCsrfToken directly:
-function loadCsrfToken() {
-  return fetch('token.php', { credentials: 'include' })
-    .then(response => {
-      if (!response.ok) {
-        throw new Error("Token fetch failed with status: " + response.status);
-      }
-      return response.json();
-    })
-    .then(data => {
-      window.csrfToken = data.csrf_token;
-      window.SHARE_URL = data.share_url;
-      
-      let metaCSRF = document.querySelector('meta[name="csrf-token"]');
-      if (!metaCSRF) {
-        metaCSRF = document.createElement('meta');
-        metaCSRF.name = 'csrf-token';
-        document.head.appendChild(metaCSRF);
-      }
-      metaCSRF.setAttribute('content', data.csrf_token);
-
-      let metaShare = document.querySelector('meta[name="share-url"]');
-      if (!metaShare) {
-        metaShare = document.createElement('meta');
-        metaShare.name = 'share-url';
-        document.head.appendChild(metaShare);
-      }
-      metaShare.setAttribute('content', data.share_url);
-
-      return data;
-    });
-}
-
-
-// Expose functions for inline handlers.
-window.sendRequest = sendRequest;
-window.toggleVisibility = toggleVisibility;
-window.toggleAllCheckboxes = toggleAllCheckboxes;
-window.editFile = editFile;
-window.saveFile = saveFile;
-window.renameFile = renameFile;
-window.confirmSingleDownload = confirmSingleDownload;
-window.openDownloadModal = openDownloadModal;
-
-// Global variable for the current folder.
-window.currentFolder = "root";
-
-document.addEventListener("DOMContentLoaded", function () {
-  // Retrieve the saved language from localStorage; default to "en"
-  const savedLanguage = localStorage.getItem("language") || "en";
-  // Set the locale based on the saved language
-  setLocale(savedLanguage);
-  // Apply the translations to update the UI
-  applyTranslations();
-  // First, load the CSRF token (with retry).
-  loadCsrfToken().then(() => {
-    // Once CSRF token is loaded, initialize authentication.
-    initAuth();
-
-    // Continue with initializations that rely on a valid CSRF token:
-    checkAuthentication().then(authenticated => {
-      if (authenticated) {
-        window.currentFolder = "root";
-        initTagSearch();
-        loadFileList(window.currentFolder);
-        initDragAndDrop();
-        loadSidebarOrder();
-        loadHeaderOrder();
-        initFileActions();
-        initUpload();
-        loadFolderTree();
-        setupTrashRestoreDelete();
-
-        const helpBtn = document.getElementById("folderHelpBtn");
-        const helpTooltip = document.getElementById("folderHelpTooltip");
-        helpBtn.addEventListener("click", function () {
-          // Toggle display of the tooltip.
-          if (helpTooltip.style.display === "none" || helpTooltip.style.display === "") {
-            helpTooltip.style.display = "block";
-          } else {
-            helpTooltip.style.display = "none";
-          }
-        });
-      } else {
-        console.warn("User not authenticated. Data loading deferred.");
-      }
-    });
-
-    // Other DOM initialization that can happen after CSRF is ready.
-    const newPasswordInput = document.getElementById("newPassword");
-    if (newPasswordInput) {
-      newPasswordInput.addEventListener("input", function () {
-        console.log("newPassword input event:", this.value);
-      });
-    } else {
-      console.error("newPassword input not found!");
-    }
-
-    // --- Dark Mode Persistence ---
-    const darkModeToggle = document.getElementById("darkModeToggle");
-    const storedDarkMode = localStorage.getItem("darkMode");
-
-    if (storedDarkMode === "true") {
-      document.body.classList.add("dark-mode");
-    } else if (storedDarkMode === "false") {
-      document.body.classList.remove("dark-mode");
-    } else {
-      if (window.matchMedia && window.matchMedia("(prefers-color-scheme: dark)").matches) {
-        document.body.classList.add("dark-mode");
-      } else {
-        document.body.classList.remove("dark-mode");
-      }
-    }
-
-    if (darkModeToggle) {
-      darkModeToggle.textContent = document.body.classList.contains("dark-mode")
-        ? "Light Mode"
-        : "Dark Mode";
-
-      darkModeToggle.addEventListener("click", function () {
-        if (document.body.classList.contains("dark-mode")) {
-          document.body.classList.remove("dark-mode");
-          localStorage.setItem("darkMode", "false");
-          darkModeToggle.textContent = "Dark Mode";
-        } else {
-          document.body.classList.add("dark-mode");
-          localStorage.setItem("darkMode", "true");
-          darkModeToggle.textContent = "Light Mode";
-        }
-      });
-    }
-
-    if (localStorage.getItem("darkMode") === null && window.matchMedia) {
-      window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", (event) => {
-        if (event.matches) {
-          document.body.classList.add("dark-mode");
-          if (darkModeToggle) darkModeToggle.textContent = t("light_mode");
-        } else {
-          document.body.classList.remove("dark-mode");
-          if (darkModeToggle) darkModeToggle.textContent = t("dark_mode");
-        }
-      });
-    }
-    // --- End Dark Mode Persistence ---
-
-    const message = sessionStorage.getItem("welcomeMessage");
-    if (message) {
-      showToast(message);
-      sessionStorage.removeItem("welcomeMessage");
-    }
-  }).catch(error => {
-    console.error("Initialization halted due to CSRF token load failure.", error);
-  });
-
-  // --- Auto-scroll During Drag ---
-  // Adjust these values as needed:
-  const SCROLL_THRESHOLD = 50; // pixels from edge to start scrolling
-  const SCROLL_SPEED = 20;     // pixels to scroll per event
-
-  document.addEventListener("dragover", function (e) {
-    if (e.clientY < SCROLL_THRESHOLD) {
-      window.scrollBy(0, -SCROLL_SPEED);
-    } else if (e.clientY > window.innerHeight - SCROLL_THRESHOLD) {
-      window.scrollBy(0, SCROLL_SPEED);
-    }
-  });
-});
--- a/js/networkUtils.js
+++ b/js/networkUtils.js
@@ -1,31 +0,0 @@
-export function sendRequest(url, method = "GET", data = null, customHeaders = {}) {
-  const options = {
-    method,
-    credentials: 'include',
-    headers: {}
-  };
-
-  // Merge custom headers
-  Object.assign(options.headers, customHeaders);
-
-  // If data is provided and is not FormData, assume JSON.
-  if (data && !(data instanceof FormData)) {
-    if (!options.headers["Content-Type"]) {
-      options.headers["Content-Type"] = "application/json";
-    }
-    options.body = JSON.stringify(data);
-  } else if (data instanceof FormData) {
-    options.body = data;
-  }
-
-  return fetch(url, options)
-    .then(response => {
-      if (!response.ok) {
-        return response.text().then(text => {
-          throw new Error(`HTTP error ${response.status}: ${text}`);
-        });
-      }
-      const clonedResponse = response.clone();
-      return response.json().catch(() => clonedResponse.text());
-    });
-}
--- a/js/upload.js
+++ b/js/upload.js
@@ -1,809 +0,0 @@
-import { initFileActions } from './fileActions.js';
-import { displayFilePreview } from './filePreview.js';
-import { showToast, escapeHTML } from './domUtils.js';
-import { loadFolderTree } from './folderManager.js';
-import { loadFileList } from './fileListView.js';
-import { t } from './i18n.js';
-
-/* -----------------------------------------------------
-   Helpers for Drag–and–Drop Folder Uploads (Original Code)
----------------------------------------------------- */
-// Recursively traverse a dropped folder.
-function traverseFileTreePromise(item, path = "") {
-  return new Promise((resolve) => {
-    if (item.isFile) {
-      item.file(file => {
-        // Store relative path for folder uploads.
-        Object.defineProperty(file, 'customRelativePath', {
-          value: path + file.name,
-          writable: true,
-          configurable: true
-        });
-        resolve([file]);
-      });
-    } else if (item.isDirectory) {
-      const dirReader = item.createReader();
-      dirReader.readEntries(entries => {
-        const promises = [];
-        for (let i = 0; i < entries.length; i++) {
-          promises.push(traverseFileTreePromise(entries[i], path + item.name + "/"));
-        }
-        Promise.all(promises).then(results => resolve(results.flat()));
-      });
-    } else {
-      resolve([]);
-    }
-  });
-}
-
-// Recursively retrieve files from DataTransfer items.
-function getFilesFromDataTransferItems(items) {
-  const promises = [];
-  for (let i = 0; i < items.length; i++) {
-    const entry = items[i].webkitGetAsEntry();
-    if (entry) {
-      promises.push(traverseFileTreePromise(entry));
-    }
-  }
-  return Promise.all(promises).then(results => results.flat());
-}
-
-function setDropAreaDefault() {
-  const dropArea = document.getElementById("uploadDropArea");
-  if (dropArea) {
-    dropArea.innerHTML = `
-      <div id="uploadInstruction" class="upload-instruction">
-       ${t("upload_instruction")}
-      </div>
-      <div id="uploadFileRow" class="upload-file-row">
-        <button id="customChooseBtn" type="button">${t("choose_files")}</button>
-      </div>
-      <div id="fileInfoWrapper" class="file-info-wrapper">
-        <div id="fileInfoContainer" class="file-info-container">
-          <span id="fileInfoDefault"> ${t("no_files_selected_default")}</span>
-        </div>
-      </div>
-      <!-- File input for file picker (files only) -->
-      <input type="file" id="file" name="file[]" class="form-control-file" multiple style="opacity:0; position:absolute; width:1px; height:1px;" />
-    `;
-  }
-}
-
-function adjustFolderHelpExpansion() {
-  const uploadCard = document.getElementById("uploadCard");
-  const folderHelpDetails = document.querySelector(".folder-help-details");
-  if (uploadCard && folderHelpDetails) {
-    if (uploadCard.offsetHeight > 400) {
-      folderHelpDetails.setAttribute("open", "");
-    } else {
-      folderHelpDetails.removeAttribute("open");
-    }
-  }
-}
-
-function adjustFolderHelpExpansionClosed() {
-  const folderHelpDetails = document.querySelector(".folder-help-details");
-  if (folderHelpDetails) {
-    folderHelpDetails.removeAttribute("open");
-  }
-}
-
-function updateFileInfoCount() {
-  const fileInfoContainer = document.getElementById("fileInfoContainer");
-  if (fileInfoContainer && window.selectedFiles) {
-    if (window.selectedFiles.length === 0) {
-      fileInfoContainer.innerHTML = `<span id="fileInfoDefault">No files selected</span>`;
-    } else if (window.selectedFiles.length === 1) {
-      fileInfoContainer.innerHTML = `
-        <div id="filePreviewContainer" class="file-preview-container" style="display:inline-block;">
-          <span class="material-icons file-icon">insert_drive_file</span>
-        </div>
-        <span id="fileNameDisplay" class="file-name-display">${escapeHTML(window.selectedFiles[0].name || window.selectedFiles[0].fileName || "Unnamed File")}</span>
-      `;
-    } else {
-      fileInfoContainer.innerHTML = `
-        <div id="filePreviewContainer" class="file-preview-container" style="display:inline-block;">
-          <span class="material-icons file-icon">insert_drive_file</span>
-        </div>
-        <span id="fileCountDisplay" class="file-name-display">${window.selectedFiles.length} files selected</span>
-      `;
-    }
-    const previewContainer = document.getElementById("filePreviewContainer");
-    if (previewContainer && window.selectedFiles.length > 0) {
-      previewContainer.innerHTML = "";
-      // For image files, try to show a preview (if available from the file object).
-      displayFilePreview(window.selectedFiles[0].file || window.selectedFiles[0], previewContainer);
-    }
-  }
-}
-
-// Helper function to repeatedly call removeChunks.php
-function removeChunkFolderRepeatedly(identifier, csrfToken, maxAttempts = 3, interval = 1000) {
-  let attempt = 0;
-  const removalInterval = setInterval(() => {
-    attempt++;
-    const params = new URLSearchParams();
-    // Prefix with "resumable_" to match your PHP regex.
-    params.append('folder', 'resumable_' + identifier);
-    params.append('csrf_token', csrfToken);
-    fetch('removeChunks.php', {
-      method: 'POST',
-      credentials: 'include',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded'
-      },
-      body: params.toString()
-    })
-      .then(response => response.json())
-      .then(data => {
-        console.log(`Chunk folder removal attempt ${attempt}:`, data);
-      })
-      .catch(err => {
-        console.error(`Error on removal attempt ${attempt}:`, err);
-      });
-    if (attempt >= maxAttempts) {
-      clearInterval(removalInterval);
-    }
-  }, interval);
-}
-
-/* -----------------------------------------------------
-   File Entry Creation (with Pause/Resume and Restart)
----------------------------------------------------- */
-// Create a file entry element with a remove button and a pause/resume button.
-function createFileEntry(file) {
-  const li = document.createElement("li");
-  li.classList.add("upload-progress-item");
-  li.style.display = "flex";
-  li.dataset.uploadIndex = file.uploadIndex;
-
-  // Remove button (always added)
-  const removeBtn = document.createElement("button");
-  removeBtn.classList.add("remove-file-btn");
-  removeBtn.textContent = "×";
-// In your remove button event listener, replace the fetch call with:
-removeBtn.addEventListener("click", function (e) {
-  e.stopPropagation();
-  const uploadIndex = file.uploadIndex;
-  window.selectedFiles = window.selectedFiles.filter(f => f.uploadIndex !== uploadIndex);
-  
-  // Cancel the file upload if possible.
-  if (typeof file.cancel === "function") {
-    file.cancel();
-    console.log("Canceled file upload:", file.fileName);
-  }
-  
-  // Remove file from the resumable queue.
-  if (resumableInstance && typeof resumableInstance.removeFile === "function") {
-    resumableInstance.removeFile(file);
-  }
-  
-  // Call our helper repeatedly to remove the chunk folder.
-  if (file.uniqueIdentifier) {
-    removeChunkFolderRepeatedly(file.uniqueIdentifier, window.csrfToken, 3, 1000);
-  }
-  
-  li.remove();
-  updateFileInfoCount();
-});
-  li.removeBtn = removeBtn;
-  li.appendChild(removeBtn);
-
-  // Add pause/resume/restart button if the file supports pause/resume.
-// Conditionally add the pause/resume button only if file.pause is available
-// Pause/Resume button (for resumable file–picker uploads)
-if (typeof file.pause === "function") {
-  const pauseResumeBtn = document.createElement("button");
-  pauseResumeBtn.setAttribute("type", "button"); // not a submit button
-  pauseResumeBtn.classList.add("pause-resume-btn");
-  // Start with pause icon and disable button until upload starts
-  pauseResumeBtn.innerHTML = '<span class="material-icons pauseResumeBtn">pause_circle_outline</span>';
-  pauseResumeBtn.disabled = true; 
-  pauseResumeBtn.addEventListener("click", function (e) {
-    e.stopPropagation();
-    if (file.isError) {
-      // If the file previously failed, try restarting upload.
-      if (typeof file.retry === "function") {
-        file.retry();
-        file.isError = false;
-        pauseResumeBtn.innerHTML = '<span class="material-icons pauseResumeBtn">pause_circle_outline</span>';
-      }
-    } else if (!file.paused) {
-      // Pause the upload (if possible)
-      if (typeof file.pause === "function") {
-        file.pause();
-        file.paused = true;
-        pauseResumeBtn.innerHTML = '<span class="material-icons pauseResumeBtn">play_circle_outline</span>';
-      } else {
-      }
-    } else if (file.paused) {
-      // Resume sequence: first call to resume (or upload() fallback)
-      if (typeof file.resume === "function") {
-        file.resume();
-      } else {
-        resumableInstance.upload();
-      }
-      // After a short delay, pause again then resume
-      setTimeout(() => {
-        if (typeof file.pause === "function") {
-          file.pause();
-        } else {
-          resumableInstance.upload();
-        }
-        setTimeout(() => {
-          if (typeof file.resume === "function") {
-            file.resume();
-          } else {
-            resumableInstance.upload();
-          }
-        }, 100);
-      }, 100);
-      file.paused = false;
-      pauseResumeBtn.innerHTML = '<span class="material-icons pauseResumeBtn">pause_circle_outline</span>';
-    } else {
-      console.error("Pause/resume function not available for file", file);
-    }
-  });
-  li.appendChild(pauseResumeBtn);
-}
-
-  // Preview element
-  const preview = document.createElement("div");
-  preview.className = "file-preview";
-  displayFilePreview(file, preview);
-  li.appendChild(preview);
-
-  // File name display
-  const nameDiv = document.createElement("div");
-  nameDiv.classList.add("upload-file-name");
-  nameDiv.textContent = file.name || file.fileName || "Unnamed File";
-  li.appendChild(nameDiv);
-
-  // Progress bar container
-  const progDiv = document.createElement("div");
-  progDiv.classList.add("progress", "upload-progress-div");
-  progDiv.style.flex = "0 0 250px";
-  progDiv.style.marginLeft = "5px";
-  const progBar = document.createElement("div");
-  progBar.classList.add("progress-bar");
-  progBar.style.width = "0%";
-  progBar.innerText = "0%";
-  progDiv.appendChild(progBar);
-  li.appendChild(progDiv);
-
-  li.progressBar = progBar;
-  li.startTime = Date.now();
-  return li;
-}
-
-/* -----------------------------------------------------
-   Processing Files
-   - For drag–and–drop, use original processing (supports folders).
-   - For file picker, if using Resumable, those files use resumable.
----------------------------------------------------- */
-function processFiles(filesInput) {
-  const fileInfoContainer = document.getElementById("fileInfoContainer");
-  const files = Array.from(filesInput);
-
-  if (fileInfoContainer) {
-    if (files.length > 0) {
-      if (files.length === 1) {
-        fileInfoContainer.innerHTML = `
-          <div id="filePreviewContainer" class="file-preview-container" style="display:inline-block;">
-            <span class="material-icons file-icon">insert_drive_file</span>
-          </div>
-          <span id="fileNameDisplay" class="file-name-display">${escapeHTML(files[0].name || files[0].fileName || "Unnamed File")}</span>
-        `;
-      } else {
-        fileInfoContainer.innerHTML = `
-          <div id="filePreviewContainer" class="file-preview-container" style="display:inline-block;">
-            <span class="material-icons file-icon">insert_drive_file</span>
-          </div>
-          <span id="fileCountDisplay" class="file-name-display">${files.length} files selected</span>
-        `;
-      }
-      const previewContainer = document.getElementById("filePreviewContainer");
-      if (previewContainer) {
-        previewContainer.innerHTML = "";
-        displayFilePreview(files[0], previewContainer);
-      }
-    } else {
-      fileInfoContainer.innerHTML = `<span id="fileInfoDefault">No files selected</span>`;
-    }
-  }
-
-  files.forEach((file, index) => {
-    file.uploadIndex = index;
-  });
-
-  const progressContainer = document.getElementById("uploadProgressContainer");
-  progressContainer.innerHTML = "";
-
-  if (files.length > 0) {
-    const maxDisplay = 10;
-    const list = document.createElement("ul");
-    list.classList.add("upload-progress-list");
-
-    // Check for relative paths (for folder uploads).
-    const hasRelativePaths = files.some(file => {
-      const rel = file.webkitRelativePath || file.customRelativePath || "";
-      return rel.trim() !== "";
-    });
-
-    if (hasRelativePaths) {
-      // Group files by folder.
-      const fileGroups = {};
-      files.forEach(file => {
-        let folderName = "Root";
-        const relativePath = file.webkitRelativePath || file.customRelativePath || "";
-        if (relativePath.trim() !== "") {
-          const parts = relativePath.split("/");
-          if (parts.length > 1) {
-            folderName = parts.slice(0, parts.length - 1).join("/");
-          }
-        }
-        if (!fileGroups[folderName]) {
-          fileGroups[folderName] = [];
-        }
-        fileGroups[folderName].push(file);
-      });
-
-      Object.keys(fileGroups).forEach(folderName => {
-        // Only show folder grouping if folderName is not "Root"
-        if (folderName !== "Root") {
-          const folderLi = document.createElement("li");
-          folderLi.classList.add("upload-folder-group");
-          folderLi.innerHTML = `<i class="material-icons folder-icon" style="vertical-align:middle; margin-right:8px;">folder</i> ${folderName}:`;
-          list.appendChild(folderLi);
-        }
-        const nestedUl = document.createElement("ul");
-        nestedUl.classList.add("upload-folder-group-list");
-        fileGroups[folderName]
-          .sort((a, b) => a.uploadIndex - b.uploadIndex)
-          .forEach(file => {
-            const li = createFileEntry(file);
-            nestedUl.appendChild(li);
-          });
-        list.appendChild(nestedUl);
-      });
-    } else {
-      // No relative paths – list files directly.
-      files.forEach((file, index) => {
-        const li = createFileEntry(file);
-        li.style.display = (index < maxDisplay) ? "flex" : "none";
-        li.dataset.uploadIndex = index;
-        list.appendChild(li);
-      });
-      if (files.length > maxDisplay) {
-        const extra = document.createElement("li");
-        extra.classList.add("upload-progress-extra");
-        extra.textContent = `Uploading additional ${files.length - maxDisplay} file(s)...`;
-        extra.style.display = "flex";
-        list.appendChild(extra);
-      }
-    }
-    const listWrapper = document.createElement("div");
-    listWrapper.classList.add("upload-progress-wrapper");
-    listWrapper.style.maxHeight = "300px";
-    listWrapper.style.overflowY = "auto";
-    listWrapper.appendChild(list);
-    progressContainer.appendChild(listWrapper);
-  }
-
-  adjustFolderHelpExpansion();
-  window.addEventListener("resize", adjustFolderHelpExpansion);
-
-  window.selectedFiles = files;
-  updateFileInfoCount();
-}
-
-/* -----------------------------------------------------
-   Resumable.js Integration for File Picker Uploads
-   (Only files chosen via file input use Resumable; folder uploads use original code.)
----------------------------------------------------- */
-const useResumable = true; // Enable resumable for file picker uploads
-let resumableInstance;
-function initResumableUpload() {
-  resumableInstance = new Resumable({
-    target: "upload.php",
-    query: { folder: window.currentFolder || "root", upload_token: window.csrfToken },
-    chunkSize: 1.5 * 1024 * 1024, // 1.5 MB chunks
-    simultaneousUploads: 3,
-    testChunks: false,
-    throttleProgressCallbacks: 1,
-    headers: { "X-CSRF-Token": window.csrfToken }
-  });
-
-  const fileInput = document.getElementById("file");
-  if (fileInput) {
-    // Assign Resumable to file input for file picker uploads.
-    resumableInstance.assignBrowse(fileInput);
-    fileInput.addEventListener("change", function () {
-      for (let i = 0; i < fileInput.files.length; i++) {
-        resumableInstance.addFile(fileInput.files[i]);
-      }
-    });
-  }
-
-  resumableInstance.on("fileAdded", function (file) {
-    // Initialize custom paused flag
-    file.paused = false;
-    file.uploadIndex = file.uniqueIdentifier;
-    if (!window.selectedFiles) {
-      window.selectedFiles = [];
-    }
-    window.selectedFiles.push(file);
-    const progressContainer = document.getElementById("uploadProgressContainer");
-
-    // Check if a wrapper already exists; if not, create one with a UL inside.
-    let listWrapper = progressContainer.querySelector(".upload-progress-wrapper");
-    let list;
-    if (!listWrapper) {
-      listWrapper = document.createElement("div");
-      listWrapper.classList.add("upload-progress-wrapper");
-      listWrapper.style.maxHeight = "300px";
-      listWrapper.style.overflowY = "auto";
-      list = document.createElement("ul");
-      list.classList.add("upload-progress-list");
-      listWrapper.appendChild(list);
-      progressContainer.appendChild(listWrapper);
-    } else {
-      list = listWrapper.querySelector("ul.upload-progress-list");
-    }
-
-    const li = createFileEntry(file);
-    li.dataset.uploadIndex = file.uniqueIdentifier;
-    list.appendChild(li);
-    updateFileInfoCount();
-  });
-
-  resumableInstance.on("fileProgress", function(file) {
-    const progress = file.progress(); // value between 0 and 1
-    const percent = Math.floor(progress * 100);
-    const li = document.querySelector(`li.upload-progress-item[data-upload-index="${file.uniqueIdentifier}"]`);
-    if (li && li.progressBar) {
-      if (percent < 99) {
-        li.progressBar.style.width = percent + "%";
-        
-        // Calculate elapsed time and speed.
-        const elapsed = (Date.now() - li.startTime) / 1000;
-        let speed = "";
-        if (elapsed > 0) {
-          const bytesUploaded = progress * file.size;
-          const spd = bytesUploaded / elapsed;
-          if (spd < 1024) {
-            speed = spd.toFixed(0) + " B/s";
-          } else if (spd < 1048576) {
-            speed = (spd / 1024).toFixed(1) + " KB/s";
-          } else {
-            speed = (spd / 1048576).toFixed(1) + " MB/s";
-          }
-        }
-        li.progressBar.innerText = percent + "% (" + speed + ")";
-      } else {
-        // When progress reaches 99% or higher, show only a spinner icon.
-        li.progressBar.style.width = "100%";
-        li.progressBar.innerHTML = '<i class="material-icons spinning" style="vertical-align: middle;">autorenew</i>';
-      }
-      
-      // Enable the pause/resume button once progress starts.
-      const pauseResumeBtn = li.querySelector(".pause-resume-btn");
-      if (pauseResumeBtn) {
-        pauseResumeBtn.disabled = false;
-      }
-    }
-  });
-  
-  resumableInstance.on("fileSuccess", function(file, message) {
-    const li = document.querySelector(`li.upload-progress-item[data-upload-index="${file.uniqueIdentifier}"]`);
-    if (li && li.progressBar) {
-      li.progressBar.style.width = "100%";
-      li.progressBar.innerText = "Done";
-      // Hide pause/resume and remove buttons for successful files.
-      const pauseResumeBtn = li.querySelector(".pause-resume-btn");
-      if (pauseResumeBtn) {
-        pauseResumeBtn.style.display = "none";
-      }
-      const removeBtn = li.querySelector(".remove-file-btn");
-      if (removeBtn) {
-        removeBtn.style.display = "none";
-      }
-      // Schedule removal of the file entry after 5 seconds.
-      setTimeout(() => {
-        li.remove();
-        window.selectedFiles = window.selectedFiles.filter(f => f.uniqueIdentifier !== file.uniqueIdentifier);
-        updateFileInfoCount();
-      }, 5000);
-    }
-    loadFileList(window.currentFolder);
-  });
-  
-
-
-  resumableInstance.on("fileError", function (file, message) {
-    const li = document.querySelector(`li.upload-progress-item[data-upload-index="${file.uniqueIdentifier}"]`);
-    if (li && li.progressBar) {
-      li.progressBar.innerText = "Error";
-    }
-    // Mark file as errored so that the pause/resume button acts as a restart button.
-    file.isError = true;
-    const pauseResumeBtn = li ? li.querySelector(".pause-resume-btn") : null;
-    if (pauseResumeBtn) {
-      pauseResumeBtn.innerHTML = '<span class="material-icons pauseResumeBtn">replay</span>';
-      pauseResumeBtn.disabled = false;
-    }
-    showToast("Error uploading file: " + file.fileName);
-  });
-
-  resumableInstance.on("complete", function () {
-    // If any file is marked with an error, leave the list intact.
-    const hasError = window.selectedFiles.some(f => f.isError);
-    if (!hasError) {
-      // All files succeeded—clear the file input and progress container after 5 seconds.
-      setTimeout(() => {
-        const fileInput = document.getElementById("file");
-        if (fileInput) fileInput.value = "";
-        const progressContainer = document.getElementById("uploadProgressContainer");
-        progressContainer.innerHTML = "";
-        window.selectedFiles = [];
-        adjustFolderHelpExpansionClosed();
-        const fileInfoContainer = document.getElementById("fileInfoContainer");
-        if (fileInfoContainer) {
-          fileInfoContainer.innerHTML = `<span id="fileInfoDefault">No files selected</span>`;
-        }
-        const dropArea = document.getElementById("uploadDropArea");
-        if (dropArea) setDropAreaDefault();
-      }, 5000);
-    } else {
-      showToast("Some files failed to upload. Please check the list.");
-    }
-  });
-}
-
-/* -----------------------------------------------------
-   XHR-based submitFiles for Drag–and–Drop (Folder) Uploads
----------------------------------------------------- */
-function submitFiles(allFiles) {
-  const folderToUse = window.currentFolder || "root";
-  const progressContainer = document.getElementById("uploadProgressContainer");
-  const fileInput = document.getElementById("file");
-
-  const progressElements = {};
-  const listItems = progressContainer.querySelectorAll("li.upload-progress-item");
-  listItems.forEach(item => {
-    progressElements[item.dataset.uploadIndex] = item;
-  });
-
-  let finishedCount = 0;
-  let allSucceeded = true;
-  const uploadResults = new Array(allFiles.length).fill(false);
-
-  allFiles.forEach(file => {
-    const formData = new FormData();
-    formData.append("file[]", file);
-    formData.append("folder", folderToUse);
-    // Append CSRF token as "upload_token"
-    formData.append("upload_token", window.csrfToken);
-    const relativePath = file.webkitRelativePath || file.customRelativePath || "";
-    if (relativePath.trim() !== "") {
-      formData.append("relativePath", relativePath);
-    }
-    const xhr = new XMLHttpRequest();
-    let currentPercent = 0;
-
-    xhr.upload.addEventListener("progress", function (e) {
-      if (e.lengthComputable) {
-        currentPercent = Math.round((e.loaded / e.total) * 100);
-        const li = progressElements[file.uploadIndex];
-        if (li) {
-          const elapsed = (Date.now() - li.startTime) / 1000;
-          let speed = "";
-          if (elapsed > 0) {
-            const spd = e.loaded / elapsed;
-            if (spd < 1024) speed = spd.toFixed(0) + " B/s";
-            else if (spd < 1048576) speed = (spd / 1024).toFixed(1) + " KB/s";
-            else speed = (spd / 1048576).toFixed(1) + " MB/s";
-          }
-          li.progressBar.style.width = currentPercent + "%";
-          li.progressBar.innerText = currentPercent + "% (" + speed + ")";
-        }
-      }
-    });
-
-    xhr.addEventListener("load", function () {
-      let jsonResponse;
-      try {
-        jsonResponse = JSON.parse(xhr.responseText);
-      } catch (e) {
-        jsonResponse = null;
-      }
-      const li = progressElements[file.uploadIndex];
-      if (xhr.status >= 200 && xhr.status < 300 && (!jsonResponse || !jsonResponse.error)) {
-        if (li) {
-          li.progressBar.style.width = "100%";
-          li.progressBar.innerText = "Done";
-          if (li.removeBtn) li.removeBtn.style.display = "none";
-        }
-        uploadResults[file.uploadIndex] = true;
-      } else {
-        if (li) {
-          li.progressBar.innerText = "Error";
-        }
-        allSucceeded = false;
-      }
-      finishedCount++;
-      if (finishedCount === allFiles.length) {
-        refreshFileList(allFiles, uploadResults, progressElements);
-      }
-    });
-
-    xhr.addEventListener("error", function () {
-      const li = progressElements[file.uploadIndex];
-      if (li) {
-        li.progressBar.innerText = "Error";
-      }
-      uploadResults[file.uploadIndex] = false;
-      allSucceeded = false;
-      finishedCount++;
-      if (finishedCount === allFiles.length) {
-        refreshFileList(allFiles, uploadResults, progressElements);
-      }
-    });
-
-    xhr.addEventListener("abort", function () {
-      const li = progressElements[file.uploadIndex];
-      if (li) {
-        li.progressBar.innerText = "Aborted";
-      }
-      uploadResults[file.uploadIndex] = false;
-      allSucceeded = false;
-      finishedCount++;
-      if (finishedCount === allFiles.length) {
-        refreshFileList(allFiles, uploadResults, progressElements);
-      }
-    });
-
-    xhr.open("POST", "upload.php", true);
-    xhr.setRequestHeader("X-CSRF-Token", window.csrfToken);
-    xhr.send(formData);
-  });
-
-  function refreshFileList(allFiles, uploadResults, progressElements) {
-    loadFileList(folderToUse)
-      .then(serverFiles => {
-        initFileActions();
-        serverFiles = (serverFiles || []).map(item => item.name.trim().toLowerCase());
-        let overallSuccess = true;
-        allFiles.forEach(file => {
-          const clientFileName = file.name.trim().toLowerCase();
-          const li = progressElements[file.uploadIndex];
-          if (!uploadResults[file.uploadIndex] || !serverFiles.includes(clientFileName)) {
-            if (li) {
-              li.progressBar.innerText = "Error";
-            }
-            overallSuccess = false;
-          } else if (li) {
-            // Schedule removal of successful file entry after 5 seconds.
-            setTimeout(() => {
-              li.remove();
-              delete progressElements[file.uploadIndex];
-              updateFileInfoCount();
-              const progressContainer = document.getElementById("uploadProgressContainer");
-              if (progressContainer && progressContainer.querySelectorAll("li.upload-progress-item").length === 0) {
-                const fileInput = document.getElementById("file");
-                if (fileInput) fileInput.value = "";
-                progressContainer.innerHTML = "";
-                adjustFolderHelpExpansionClosed();
-                const fileInfoContainer = document.getElementById("fileInfoContainer");
-                if (fileInfoContainer) {
-                  fileInfoContainer.innerHTML = `<span id="fileInfoDefault">No files selected</span>`;
-                }
-                const dropArea = document.getElementById("uploadDropArea");
-                if (dropArea) setDropAreaDefault();
-              }
-            }, 5000);
-          }
-        });
-        
-        if (!overallSuccess) {
-          showToast("Some files failed to upload. Please check the list.");
-        }
-      })
-      .catch(error => {
-        console.error("Error fetching file list:", error);
-        showToast("Some files may have failed to upload. Please check the list.");
-      })
-      .finally(() => {
-        loadFolderTree(window.currentFolder);
-      });
-  }
-}
-
-/* -----------------------------------------------------
-   Main initUpload: Sets up file input, drop area, and form submission.
----------------------------------------------------- */
-function initUpload() {
-  const fileInput = document.getElementById("file");
-  const dropArea = document.getElementById("uploadDropArea");
-  const uploadForm = document.getElementById("uploadFileForm");
-
-  // For file picker, remove directory attributes so only files can be chosen.
-  if (fileInput) {
-    fileInput.removeAttribute("webkitdirectory");
-    fileInput.removeAttribute("mozdirectory");
-    fileInput.removeAttribute("directory");
-    fileInput.setAttribute("multiple", "");
-  }
-
-  setDropAreaDefault();
-
-  // Drag–and–drop events (for folder uploads) use original processing.
-  if (dropArea) {
-    dropArea.classList.add("upload-drop-area");
-    dropArea.addEventListener("dragover", function (e) {
-      e.preventDefault();
-      dropArea.style.backgroundColor = document.body.classList.contains("dark-mode") ? "#333" : "#f8f8f8";
-    });
-    dropArea.addEventListener("dragleave", function (e) {
-      e.preventDefault();
-      dropArea.style.backgroundColor = "";
-    });
-    dropArea.addEventListener("drop", function (e) {
-      e.preventDefault();
-      dropArea.style.backgroundColor = "";
-      const dt = e.dataTransfer;
-      if (dt.items && dt.items.length > 0) {
-        getFilesFromDataTransferItems(dt.items).then(files => {
-          if (files.length > 0) {
-            processFiles(files);
-          }
-        });
-      } else if (dt.files && dt.files.length > 0) {
-        processFiles(dt.files);
-      }
-    });
-    // Clicking drop area triggers file input.
-    dropArea.addEventListener("click", function () {
-      if (fileInput) fileInput.click();
-    });
-  }
-
-  if (fileInput) {
-    fileInput.addEventListener("change", function () {
-      if (useResumable) {
-        // For file picker, if resumable is enabled, let it handle the files.
-        for (let i = 0; i < fileInput.files.length; i++) {
-          resumableInstance.addFile(fileInput.files[i]);
-        }
-      } else {
-        processFiles(fileInput.files);
-      }
-    });
-  }
-
-  if (uploadForm) {
-    uploadForm.addEventListener("submit", function (e) {
-      e.preventDefault();
-      const files = window.selectedFiles || (fileInput ? fileInput.files : []);
-      if (!files || files.length === 0) {
-        showToast("No files selected.");
-        return;
-      }
-      // If files come from file picker (no relative path), use Resumable.
-      if (useResumable && (!files[0].customRelativePath || files[0].customRelativePath === "")) {
-        // Ensure current folder is updated.
-        resumableInstance.opts.query.folder = window.currentFolder || "root";
-        resumableInstance.upload();
-        showToast("Resumable upload started...");
-      } else {
-        submitFiles(files);
-      }
-    });
-  }
-
-  if (useResumable) {
-    initResumableUpload();
-  }
-}
-
-export { initUpload };
--- a/licenses/NOTICE_GOOGLE_FONTS.txt
+++ b/licenses/NOTICE_GOOGLE_FONTS.txt
@@ -0,0 +1,5 @@
+Google Fonts & Icons NOTICE
+
+This product bundles font files from Google Fonts (Roboto, Material Icons, and/or Material Symbols).
+Copyright 2012–present Google Inc. All Rights Reserved.
+Licensed under the Apache License, Version 2.0 (see ../apache-2.0.txt).
--- a/licenses/apache-2.0.txt
+++ b/licenses/apache-2.0.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- a/licenses/mit.txt
+++ b/licenses/mit.txt
@@ -0,0 +1,19 @@
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
--- a/login_basic.php
+++ b/login_basic.php
@@ -1,120 +0,0 @@
-<?php
-require_once 'config.php';
-
-$usersFile = USERS_DIR . USERS_FILE;  // Make sure the users file path is defined
-
-// Helper: retrieve a user's TOTP secret from users.txt
-function getUserTOTPSecret($username) {
-    global $encryptionKey, $usersFile;
-    if (!file_exists($usersFile)) return null;
-    foreach (file($usersFile, FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES) as $line) {
-        $parts = explode(':', trim($line));
-        if (count($parts) >= 4 && $parts[0] === $username && !empty($parts[3])) {
-            return decryptData($parts[3], $encryptionKey);
-        }
-    }
-    return null;
-}
-
-// Reuse the same authentication function
-function authenticate($username, $password)
-{
-    global $usersFile;
-    if (!file_exists($usersFile)) {
-        error_log("authenticate(): users file not found");
-        return false;
-    }
-    $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-    foreach ($lines as $line) {
-        list($storedUser, $storedPass, $storedRole) = explode(':', trim($line), 3);
-        if ($username === $storedUser && password_verify($password, $storedPass)) {
-            return $storedRole; // Return the user's role
-        }
-    }
-    error_log("authenticate(): authentication failed for '$username'");
-    return false;
-}
-
-// Define helper function to get a user's role from users.txt
-function getUserRole($username) {
-    global $usersFile;
-    if (file_exists($usersFile)) {
-        $lines = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-        foreach ($lines as $line) {
-            $parts = explode(":", trim($line));
-            if (count($parts) >= 3 && $parts[0] === $username) {
-                return trim($parts[2]);
-            }
-        }
-    }
-    return null;
-}
-
-// Add the loadFolderPermission function here:
-function loadFolderPermission($username) {
-    global $encryptionKey;
-    $permissionsFile = USERS_DIR . 'userPermissions.json';
-    if (file_exists($permissionsFile)) {
-        $content = file_get_contents($permissionsFile);
-        $decrypted = decryptData($content, $encryptionKey);
-        $permissions = $decrypted !== false ? json_decode($decrypted, true) : json_decode($content, true);
-        if (is_array($permissions)) {
-            foreach ($permissions as $storedUsername => $data) {
-                if (strcasecmp($storedUsername, $username) === 0 && isset($data['folderOnly'])) {
-                    return (bool)$data['folderOnly'];
-                }
-            }
-        }
-    }
-    return false;
-}
-
-// Check if the user has sent HTTP Basic auth credentials.
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
-    header('WWW-Authenticate: Basic realm="FileRise Login"');
-    header('HTTP/1.0 401 Unauthorized');
-    echo 'Authorization Required';
-    exit;
-}
-
-$username = trim($_SERVER['PHP_AUTH_USER']);
-$password = trim($_SERVER['PHP_AUTH_PW']);
-
-// Validate username format (optional)
-if (!preg_match(REGEX_USER, $username)) {
-    header('WWW-Authenticate: Basic realm="FileRise Login"');
-    header('HTTP/1.0 401 Unauthorized');
-    echo 'Invalid username format';
-    exit;
-}
-
-// Attempt authentication
-$roleFromAuth = authenticate($username, $password);
-if ($roleFromAuth !== false) {
-    // --- NEW: check for TOTP secret ---
-    $secret = getUserTOTPSecret($username);
-    if ($secret) {
-        // hold user & secret in session and ask client for TOTP
-        $_SESSION['pending_login_user']   = $username;
-        $_SESSION['pending_login_secret'] = $secret;
-        header("Location: index.html?totp_required=1");
-        exit;
-    }
-
-    // no TOTP, proceed as before
-    session_regenerate_id(true);
-    $_SESSION["authenticated"] = true;
-    $_SESSION["username"]      = $username;
-    $_SESSION["isAdmin"]       = (getUserRole($username) === "1");
-    $_SESSION["folderOnly"]    = loadFolderPermission($username);
-
-    header("Location: index.html");
-    exit;
-}
-
-// Invalid credentials; prompt again
-header('WWW-Authenticate: Basic realm="FileRise Login"');
-header('HTTP/1.0 401 Unauthorized');
-echo 'Invalid credentials';
-exit;
-?>
--- a/logout.php
+++ b/logout.php
@@ -1,50 +0,0 @@
-<?php
-require_once 'config.php';
-
-// Retrieve headers and check CSRF token.
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-
-// Log CSRF mismatch but proceed with logout.
-if (isset($_SESSION['csrf_token']) && $receivedToken !== $_SESSION['csrf_token']) {
-    error_log("CSRF token mismatch on logout. Proceeding with logout.");
-}
-
-// Remove the remember_me token.
-if (isset($_COOKIE['remember_me_token'])) {
-    $token = $_COOKIE['remember_me_token'];
-    $persistentTokensFile = USERS_DIR . 'persistent_tokens.json';
-    if (file_exists($persistentTokensFile)) {
-        $encryptedContent = file_get_contents($persistentTokensFile);
-        $decryptedContent = decryptData($encryptedContent, $encryptionKey);
-        $persistentTokens = json_decode($decryptedContent, true);
-        if (is_array($persistentTokens) && isset($persistentTokens[$token])) {
-            unset($persistentTokens[$token]);
-            $newEncryptedContent = encryptData(json_encode($persistentTokens, JSON_PRETTY_PRINT), $encryptionKey);
-            file_put_contents($persistentTokensFile, $newEncryptedContent, LOCK_EX);
-        }
-    }
-    // Clear the cookie.
-    // Ensure $secure is defined; for example:
-    $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
-    setcookie('remember_me_token', '', time() - 3600, '/', '', $secure, true);
-}
-
-// Clear session data and remove session cookie.
-$_SESSION = [];
-
-// Clear the session cookie.
-if (ini_get("session.use_cookies")) {
-    $params = session_get_cookie_params();
-    setcookie(session_name(), '', time() - 42000,
-        $params["path"], $params["domain"],
-        $params["secure"], $params["httponly"]
-    );
-}
-
-// Destroy the session.
-session_destroy();
-
-header("Location: index.html?logout=1");
-exit;
-?>
--- a/moveFiles.php
+++ b/moveFiles.php
@@ -1,164 +0,0 @@
-<?php
-require_once 'config.php';
-header('Content-Type: application/json');
-
-// --- CSRF Protection ---
-$headers = array_change_key_case(getallheaders(), CASE_LOWER);
-$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
-if ($receivedToken !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token"]);
-    http_response_code(403);
-    exit;
-}
-
-// Ensure user is authenticated
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    http_response_code(401);
-    exit;
-}
-$username = $_SESSION['username'] ?? '';
-$userPermissions = loadUserPermissions($username);
-if ($username) {
-    $userPermissions = loadUserPermissions($username);
-    if (isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-        echo json_encode(["error" => "Read-only users are not allowed to move files."]);
-        exit();
-    }
-}
-
-$data = json_decode(file_get_contents("php://input"), true);
-if (
-    !$data ||
-    !isset($data['source']) ||
-    !isset($data['destination']) ||
-    !isset($data['files'])
-) {
-    echo json_encode(["error" => "Invalid request"]);
-    exit;
-}
-
-$sourceFolder = trim($data['source']) ?: 'root';
-$destinationFolder = trim($data['destination']) ?: 'root';
-
-// Allow only letters, numbers, underscores, dashes, spaces, and forward slashes in folder names.
-$folderPattern = REGEX_FOLDER_NAME;
-if ($sourceFolder !== 'root' && !preg_match($folderPattern, $sourceFolder)) {
-    echo json_encode(["error" => "Invalid source folder name."]);
-    exit;
-}
-if ($destinationFolder !== 'root' && !preg_match($folderPattern, $destinationFolder)) {
-    echo json_encode(["error" => "Invalid destination folder name."]);
-    exit;
-}
-
-// Remove any leading/trailing slashes.
-$sourceFolder = trim($sourceFolder, "/\\ ");
-$destinationFolder = trim($destinationFolder, "/\\ ");
-
-// Build the source and destination directories.
-$baseDir = rtrim(UPLOAD_DIR, '/\\');
-$sourceDir = ($sourceFolder === 'root')
-    ? $baseDir . DIRECTORY_SEPARATOR
-    : $baseDir . DIRECTORY_SEPARATOR . $sourceFolder . DIRECTORY_SEPARATOR;
-$destDir = ($destinationFolder === 'root')
-    ? $baseDir . DIRECTORY_SEPARATOR
-    : $baseDir . DIRECTORY_SEPARATOR . $destinationFolder . DIRECTORY_SEPARATOR;
-
-// Ensure destination directory exists.
-if (!is_dir($destDir)) {
-    if (!mkdir($destDir, 0775, true)) {
-        echo json_encode(["error" => "Could not create destination folder"]);
-        exit;
-    }
-}
-
-// Helper: Generate the metadata file path for a given folder.
-function getMetadataFilePath($folder) {
-    if (strtolower($folder) === 'root' || $folder === '') {
-        return META_DIR . "root_metadata.json";
-    }
-    return META_DIR . str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json';
-}
-
-// Helper: Generate a unique file name if a file with the same name exists.
-function getUniqueFileName($destDir, $fileName) {
-    $fullPath = $destDir . $fileName;
-    clearstatcache(true, $fullPath);
-    if (!file_exists($fullPath)) {
-        return $fileName;
-    }
-    $basename = pathinfo($fileName, PATHINFO_FILENAME);
-    $extension = pathinfo($fileName, PATHINFO_EXTENSION);
-    $counter = 1;
-    do {
-        $newName = $basename . " (" . $counter . ")" . ($extension ? "." . $extension : "");
-        $newFullPath = $destDir . $newName;
-        clearstatcache(true, $newFullPath);
-        $counter++;
-    } while (file_exists($destDir . $newName));
-    return $newName;
-}
-
-// Prepare metadata files.
-$srcMetaFile = getMetadataFilePath($sourceFolder);
-$destMetaFile = getMetadataFilePath($destinationFolder);
-
-$srcMetadata = file_exists($srcMetaFile) ? json_decode(file_get_contents($srcMetaFile), true) : [];
-$destMetadata = file_exists($destMetaFile) ? json_decode(file_get_contents($destMetaFile), true) : [];
-
-$errors = [];
-$safeFileNamePattern = REGEX_FILE_NAME;
-
-foreach ($data['files'] as $fileName) {
-    // Save the original name for metadata lookup.
-    $originalName = basename(trim($fileName));
-    $basename = $originalName; // Start with the original name.
-    
-    // Validate the file name.
-    if (!preg_match($safeFileNamePattern, $basename)) {
-        $errors[] = "$basename has invalid characters.";
-        continue;
-    }
-    
-    $srcPath = $sourceDir . $originalName;
-    $destPath = $destDir . $basename;
-    
-    clearstatcache();
-    if (!file_exists($srcPath)) {
-        $errors[] = "$originalName does not exist in source.";
-        continue;
-    }
-    
-    // If a file with the same name exists in destination, generate a unique name.
-    if (file_exists($destPath)) {
-        $uniqueName = getUniqueFileName($destDir, $basename);
-        $basename = $uniqueName;
-        $destPath = $destDir . $uniqueName;
-    }
-    
-    if (!rename($srcPath, $destPath)) {
-        $errors[] = "Failed to move $basename";
-        continue;
-    }
-    
-    // Update metadata: if there is metadata for the original file, move it under the new name.
-    if (isset($srcMetadata[$originalName])) {
-        $destMetadata[$basename] = $srcMetadata[$originalName];
-        unset($srcMetadata[$originalName]);
-    }
-}
-
-if (file_put_contents($srcMetaFile, json_encode($srcMetadata, JSON_PRETTY_PRINT)) === false) {
-    $errors[] = "Failed to update source metadata.";
-}
-if (file_put_contents($destMetaFile, json_encode($destMetadata, JSON_PRETTY_PRINT)) === false) {
-    $errors[] = "Failed to update destination metadata.";
-}
-
-if (empty($errors)) {
-    echo json_encode(["success" => "Files moved successfully"]);
-} else {
-    echo json_encode(["error" => implode("; ", $errors)]);
-}
-?>
--- a/openapi.json.dist
+++ b/openapi.json.dist
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -0,0 +1,129 @@
+# --------------------------------
+# FileRise portable .htaccess
+# --------------------------------
+Options -Indexes -Multiviews
+DirectoryIndex index.html
+
+# Allow PATH_INFO for routes like /webdav.php/foo/bar
+AcceptPathInfo On
+
+# ---------------- Security: dotfiles ----------------
+<IfModule mod_authz_core.c>
+  # Block direct access to dotfiles like .env, .gitignore, etc.
+  <FilesMatch "^\..*">
+    Require all denied
+  </FilesMatch>
+</IfModule>
+
+# ---------------- Rewrites ----------------
+<IfModule mod_rewrite.c>
+RewriteEngine On
+
+# 0) Let ACME http-01 pass BEFORE any other rule (needed for auto-renew)
+RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge/
+RewriteRule - - [L]
+
+# 1) Block hidden files/dirs anywhere EXCEPT .well-known (path-aware)
+#    Prevents requests like /.env, /.git/config, /.ssh/id_rsa, etc.
+RewriteRule "(^|/)\.(?!well-known/)" - [F]
+RewriteRule ^portal/([A-Za-z0-9_-]+)$ portal.html?slug=$1 [L,QSA]
+
+# 2) Deny direct access to PHP except the API endpoints and WebDAV front controller
+#    - allow /api/*.php (API endpoints)
+#    - allow /api.php     (ReDoc/spec page)
+#    - allow /webdav.php  (SabreDAV front)
+RewriteCond %{REQUEST_URI} !^/api/ [NC]
+RewriteCond %{REQUEST_URI} !^/api\.php$ [NC]
+RewriteCond %{REQUEST_URI} !^/webdav\.php$ [NC]
+RewriteRule \.php$ - [F,L]
+
+# 3) Never redirect local/dev hosts
+RewriteCond %{HTTP_HOST} ^(localhost|127\.0\.0\.1|fr\.local|192\.168\.[0-9]+\.[0-9]+)$ [NC]
+RewriteRule ^ - [L]
+
+# 4) HTTPS redirect (enable ONE of these, comment the other)
+
+# A) Direct TLS on this server
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
+# B) Behind reverse proxy that sets X-Forwarded-Proto
+#RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
+#RewriteCond %{HTTP:X-Forwarded-Proto} ^$
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
+# 5) Mark versioned assets (?v=...) with env flag for caching rules below
+RewriteCond %{QUERY_STRING} (^|&)v= [NC]
+RewriteRule ^ - [E=IS_VER:1]
+</IfModule>
+
+# ---------------- MIME types ----------------
+<IfModule mod_mime.c>
+  AddType font/woff2 .woff2
+  AddType font/woff  .woff
+  AddType image/svg+xml .svg
+  AddType application/javascript .mjs
+</IfModule>
+
+# ---------------- Security headers ----------------
+<IfModule mod_headers.c>
+  Header always set X-Frame-Options "SAMEORIGIN"
+  Header always set X-XSS-Protection "1; mode=block"
+  Header always set X-Content-Type-Options "nosniff"
+  Header always set Referrer-Policy "strict-origin-when-cross-origin"
+  Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+  Header always set X-Download-Options "noopen"
+  Header always set Expect-CT "max-age=86400, enforce"
+  Header always set Cross-Origin-Resource-Policy "same-origin"
+  Header always set X-Permitted-Cross-Domain-Policies "none"
+
+  # HSTS only when HTTPS (safe for .htaccess)
+  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
+
+  # CSP — keep this SHA-256 in sync with your inline pre-theme script
+  Header always set Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'sha256-ajmGY+5VJOY6+8JHgzCqsqI8w9dCQfAmqIkFesOKItM='; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; media-src 'self' blob:; worker-src 'self' blob:; form-action 'self'"
+</IfModule>
+
+# ---------------- Caching ----------------
+<IfModule mod_headers.c>
+  # HTML/PHP: no cache
+  <FilesMatch "\.(html?|php)$">
+    Header setifempty Cache-Control "no-cache, no-store, must-revalidate"
+    Header setifempty Pragma "no-cache"
+    Header setifempty Expires "0"
+  </FilesMatch>
+
+  # version.js: never cache
+  <FilesMatch "^js/version\.js$">
+    Header set Cache-Control "no-cache, no-store, must-revalidate"
+    Header set Pragma "no-cache"
+    Header set Expires "0"
+  </FilesMatch>
+
+  # JS/CSS: long cache if ?v= present, else 1h
+  <FilesMatch "\.(?:m?js|css)$">
+    Header set Cache-Control "public, max-age=31536000, immutable" env=IS_VER
+    Header set Cache-Control "public, max-age=3600, must-revalidate" env=!IS_VER
+  </FilesMatch>
+
+  # Images/fonts: long cache if ?v= present, else 7d
+  <FilesMatch "\.(?:png|jpe?g|gif|webp|svg|ico|woff2?|ttf|otf)$">
+    Header set Cache-Control "public, max-age=31536000, immutable" env=IS_VER
+    Header set Cache-Control "public, max-age=604800" env=!IS_VER
+  </FilesMatch>
+</IfModule>
+
+# ---------------- Compression ----------------
+<IfModule mod_brotli.c>
+  AddOutputFilterByType BROTLI_COMPRESS text/html text/css application/javascript application/json image/svg+xml
+</IfModule>
+<IfModule mod_deflate.c>
+  AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json image/svg+xml
+</IfModule>
+
+# ---------------- Disable TRACE ----------------
+<IfModule mod_rewrite.c>
+RewriteCond %{REQUEST_METHOD} ^TRACE
+RewriteRule .* - [F]
+</IfModule>
--- a/public/api.php
+++ b/public/api.php
@@ -0,0 +1,29 @@
+<?php
+// public/api.php
+require_once __DIR__ . '/../config/config.php'; 
+
+if (empty($_SESSION['authenticated'])) {
+  header('Location: /index.html?redirect=/api.php');
+  exit;
+}
+
+if (isset($_GET['spec'])) {
+  header('Content-Type: application/json');
+  readfile(__DIR__ . '/../openapi.json.dist');
+  exit;
+}
+
+?><!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1"/>
+  <title>FileRise API Docs</title>
+  <script defer src="/vendor/redoc/redoc.standalone.js?v={{APP_QVER}}"></script>
+  <script defer src="/js/redoc-init.js?v={{APP_QVER}}"></script>
+</head>
+<body>
+  <redoc spec-url="/api.php?spec=1"></redoc>
+  <div id="redoc-container"></div>
+</body>
+</html>
--- a/public/api/addUser.php
+++ b/public/api/addUser.php
@@ -0,0 +1,42 @@
+<?php
+// public/api/addUser.php
+
+    /**
+     * @OA\Post(
+     *     path="/api/addUser.php",
+     *     summary="Add a new user",
+     *     description="Adds a new user to the system. In setup mode, the new user is automatically made admin.",
+     *     operationId="addUser",
+     *     tags={"Users"},
+     *     @OA\RequestBody(
+     *         required=true,
+     *         @OA\JsonContent(
+     *             required={"username", "password"},
+     *             @OA\Property(property="username", type="string", example="johndoe"),
+     *             @OA\Property(property="password", type="string", example="securepassword"),
+     *             @OA\Property(property="isAdmin", type="boolean", example=true)
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=200,
+     *         description="User added successfully",
+     *         @OA\JsonContent(
+     *             @OA\Property(property="success", type="string", example="User added successfully")
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=400,
+     *         description="Bad Request"
+     *     ),
+     *     @OA\Response(
+     *         response=401,
+     *         description="Unauthorized"
+     *     )
+     * )
+     */
+
+require_once __DIR__ . '/../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/UserController.php';
+
+$userController = new UserController();
+$userController->addUser();
--- a/public/api/admin/acl/getGrants.php
+++ b/public/api/admin/acl/getGrants.php
@@ -0,0 +1,28 @@
+<?php
+// public/api/admin/acl/getGrants.php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AclAdminController.php';
+
+if (session_status() !== PHP_SESSION_ACTIVE) session_start();
+header('Content-Type: application/json');
+
+if (empty($_SESSION['authenticated']) || empty($_SESSION['isAdmin'])) {
+  http_response_code(401);
+  echo json_encode(['error' => 'Unauthorized']);
+  exit;
+}
+
+$user = trim((string)($_GET['user'] ?? ''));
+try {
+  $ctrl   = new AclAdminController();
+  $grants = $ctrl->getUserGrants($user);
+  echo json_encode(['grants' => $grants], JSON_UNESCAPED_SLASHES);
+} catch (InvalidArgumentException $e) {
+  http_response_code(400);
+  echo json_encode(['error' => $e->getMessage()]);
+} catch (Throwable $e) {
+  http_response_code(500);
+  echo json_encode(['error' => 'Failed to load grants', 'detail' => $e->getMessage()]);
+}
--- a/public/api/admin/acl/saveGrants.php
+++ b/public/api/admin/acl/saveGrants.php
@@ -0,0 +1,39 @@
+<?php
+// public/api/admin/acl/saveGrants.php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AclAdminController.php';
+
+if (session_status() !== PHP_SESSION_ACTIVE) session_start();
+header('Content-Type: application/json');
+
+if (empty($_SESSION['authenticated']) || empty($_SESSION['isAdmin'])) {
+  http_response_code(401);
+  echo json_encode(['error' => 'Unauthorized']);
+  exit;
+}
+
+$headers = function_exists('getallheaders') ? array_change_key_case(getallheaders(), CASE_LOWER) : [];
+$csrf    = trim($headers['x-csrf-token'] ?? ($_POST['csrfToken'] ?? ''));
+
+if (empty($_SESSION['csrf_token']) || $csrf !== $_SESSION['csrf_token']) {
+  http_response_code(403);
+  echo json_encode(['error' => 'Invalid CSRF token']);
+  exit;
+}
+
+$raw = file_get_contents('php://input');
+$in  = json_decode((string)$raw, true);
+
+try {
+  $ctrl = new AclAdminController();
+  $res  = $ctrl->saveUserGrantsPayload($in ?? []);
+  echo json_encode($res, JSON_UNESCAPED_SLASHES);
+} catch (InvalidArgumentException $e) {
+  http_response_code(400);
+  echo json_encode(['error' => $e->getMessage()]);
+} catch (Throwable $e) {
+  http_response_code(500);
+  echo json_encode(['error' => 'Failed to save grants', 'detail' => $e->getMessage()]);
+}
--- a/public/api/admin/diskUsageSummary.php
+++ b/public/api/admin/diskUsageSummary.php
@@ -0,0 +1,41 @@
+<?php
+// public/api/admin/diskUsageSummary.php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/models/DiskUsageModel.php';
+
+if (session_status() !== PHP_SESSION_ACTIVE) {
+    session_start();
+}
+
+header('Content-Type: application/json; charset=utf-8');
+
+$authenticated = !empty($_SESSION['authenticated']);
+$isAdmin       = !empty($_SESSION['isAdmin']) || (!empty($_SESSION['admin']) && $_SESSION['admin'] === '1');
+
+if (!$authenticated || !$isAdmin) {
+    http_response_code(401);
+    echo json_encode([
+        'ok'    => false,
+        'error' => 'Unauthorized',
+    ]);
+    exit;
+}
+
+// Optional tuning via query params
+$topFolders = isset($_GET['topFolders']) ? max(1, (int)$_GET['topFolders']) : 5;
+$topFiles   = isset($_GET['topFiles'])   ? max(0, (int)$_GET['topFiles'])   : 0;
+
+try {
+    $summary = DiskUsageModel::getSummary($topFolders, $topFiles);
+    http_response_code($summary['ok'] ? 200 : 404);
+    echo json_encode($summary, JSON_UNESCAPED_SLASHES);
+} catch (Throwable $e) {
+    http_response_code(500);
+    echo json_encode([
+        'ok'      => false,
+        'error'   => 'internal_error',
+        'message' => $e->getMessage(),
+    ]);
+}
--- a/public/api/admin/diskUsageTriggerScan.php
+++ b/public/api/admin/diskUsageTriggerScan.php
@@ -0,0 +1,102 @@
+<?php
+// public/api/admin/diskUsageTriggerScan.php
+declare(strict_types=1);
+
+header('Content-Type: application/json; charset=utf-8');
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/models/DiskUsageModel.php';
+
+// Basic auth / admin check
+if (session_status() !== PHP_SESSION_ACTIVE) {
+    session_start();
+}
+
+$username = (string)($_SESSION['username'] ?? '');
+$isAdmin  = !empty($_SESSION['isAdmin']) || (!empty($_SESSION['admin']) && $_SESSION['admin'] === '1');
+
+if ($username === '' || !$isAdmin) {
+    http_response_code(403);
+    echo json_encode([
+        'ok'    => false,
+        'error' => 'Forbidden',
+    ]);
+    return;
+}
+
+// Release session lock early so the scanner/other requests aren't blocked
+@session_write_close();
+
+// NOTE: previously this endpoint was Pro-only. Now it works on all instances.
+// Pro-only gate removed so free FileRise can also use the Rescan button.
+
+/*
+if (!defined('FR_PRO_ACTIVE') || !FR_PRO_ACTIVE) {
+    http_response_code(403);
+    echo json_encode([
+        'ok'    => false,
+        'error' => 'FileRise Pro is not active on this instance.',
+    ]);
+    return;
+}
+*/
+
+try {
+    $worker = realpath(PROJECT_ROOT . '/src/cli/disk_usage_scan.php');
+    if (!$worker || !is_file($worker)) {
+        throw new RuntimeException('disk_usage_scan.php not found.');
+    }
+
+    // Find a PHP CLI binary that actually works (same idea as zip_worker)
+    $candidates = array_values(array_filter([
+        PHP_BINARY ?: null,
+        '/usr/local/bin/php',
+        '/usr/bin/php',
+        '/bin/php',
+    ]));
+
+    $php = null;
+    foreach ($candidates as $bin) {
+        if (!$bin) {
+            continue;
+        }
+        $rc = 1;
+        @exec(escapeshellcmd($bin) . ' -v >/dev/null 2>&1', $out, $rc);
+        if ($rc === 0) {
+            $php = $bin;
+            break;
+        }
+    }
+
+    if (!$php) {
+        throw new RuntimeException('No working php CLI found.');
+    }
+
+    $meta   = rtrim((string)META_DIR, '/\\');
+    $logDir = $meta . DIRECTORY_SEPARATOR . 'logs';
+    @mkdir($logDir, 0775, true);
+    $logFile = $logDir . DIRECTORY_SEPARATOR . 'disk_usage_scan.log';
+
+    // nohup php disk_usage_scan.php >> log 2>&1 & echo $!
+    $cmdStr =
+        'nohup ' . escapeshellcmd($php) . ' ' . escapeshellarg($worker) .
+        ' >> ' . escapeshellarg($logFile) . ' 2>&1 & echo $!';
+
+    $pid = @shell_exec('/bin/sh -c ' . escapeshellarg($cmdStr));
+    $pid = is_string($pid) ? (int)trim($pid) : 0;
+
+    http_response_code(200);
+    echo json_encode([
+        'ok'      => true,
+        'pid'     => $pid > 0 ? $pid : null,
+        'message' => 'Disk usage scan started in the background.',
+        'logFile' => $logFile,
+    ], JSON_UNESCAPED_SLASHES);
+} catch (Throwable $e) {
+    http_response_code(500);
+    echo json_encode([
+        'ok'      => false,
+        'error'   => 'internal_error',
+        'message' => $e->getMessage(),
+    ]);
+}
--- a/public/api/admin/getConfig.php
+++ b/public/api/admin/getConfig.php
@@ -0,0 +1,32 @@
+<?php
+// public/api/admin/getConfig.php
+
+/**
+ * @OA\Get(
+ *   path="/api/admin/getConfig.php",
+ *   tags={"Admin"},
+ *   summary="Get UI configuration",
+ *   description="Returns a public subset for everyone; authenticated admins receive additional loginOptions fields.",
+ *   operationId="getAdminConfig",
+ *   @OA\Response(
+ *     response=200,
+ *     description="Configuration loaded",
+ *     @OA\JsonContent(
+ *       oneOf={
+ *         @OA\Schema(ref="#/components/schemas/AdminGetConfigPublic"),
+ *         @OA\Schema(ref="#/components/schemas/AdminGetConfigAdmin")
+ *       }
+ *     )
+ *   ),
+ *   @OA\Response(response=500, description="Server error")
+ * )
+ *
+ * Retrieves the admin configuration settings and outputs JSON.
+ * @return void
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AdminController.php';
+
+$adminController = new AdminController();
+$adminController->getConfig();
--- a/public/api/admin/installProBundle.php
+++ b/public/api/admin/installProBundle.php
@@ -0,0 +1,8 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AdminController.php';
+
+$controller = new AdminController();
+$controller->installProBundle();
--- a/public/api/admin/readMetadata.php
+++ b/public/api/admin/readMetadata.php
@@ -0,0 +1,92 @@
+<?php
+// public/api/admin/readMetadata.php
+
+/**
+ * @OA\Get(
+ *   path="/api/admin/readMetadata.php",
+ *   summary="Read share metadata JSON",
+ *   description="Admin-only: returns the cleaned metadata for file or folder share links.",
+ *   tags={"Admin"},
+ *   operationId="readMetadata",
+ *   security={{"cookieAuth":{}}},
+ *   @OA\Parameter(
+ *     name="file",
+ *     in="query",
+ *     required=true,
+ *     description="Which metadata file to read",
+ *     @OA\Schema(type="string", enum={"share_links.json","share_folder_links.json"})
+ *   ),
+ *   @OA\Response(
+ *     response=200,
+ *     description="OK",
+ *     @OA\JsonContent(oneOf={
+ *       @OA\Schema(ref="#/components/schemas/ShareLinksMap"),
+ *       @OA\Schema(ref="#/components/schemas/ShareFolderLinksMap")
+ *     })
+ *   ),
+ *   @OA\Response(response=400, description="Missing or invalid file param"),
+ *   @OA\Response(response=403, description="Forbidden (admin only)"),
+ *   @OA\Response(response=500, description="Corrupted JSON")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+
+// Only admins may read these
+if (empty($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Forbidden']);
+    exit;
+}
+
+// Must supply ?file=share_links.json or share_folder_links.json
+if (empty($_GET['file'])) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Missing `file` parameter']);
+    exit;
+}
+
+$file = basename($_GET['file']);
+$allowed = ['share_links.json', 'share_folder_links.json'];
+if (!in_array($file, $allowed, true)) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Invalid file requested']);
+    exit;
+}
+
+$path = META_DIR . $file;
+if (!file_exists($path)) {
+    // Return empty object so JS sees `{}` not an error
+    http_response_code(200);
+    header('Content-Type: application/json');
+    echo json_encode((object)[]);
+    exit;
+}
+
+$jsonData = file_get_contents($path);
+$data = json_decode($jsonData, true);
+if (json_last_error() !== JSON_ERROR_NONE || !is_array($data)) {
+    http_response_code(500);
+    echo json_encode(['error' => 'Corrupted JSON']);
+    exit;
+}
+
+// ——— Clean up expired entries ———
+$now = time();
+$changed = false;
+foreach ($data as $token => $entry) {
+    if (!empty($entry['expires']) && $entry['expires'] < $now) {
+        unset($data[$token]);
+        $changed = true;
+    }
+}
+if ($changed) {
+    // overwrite file with cleaned data
+    file_put_contents($path, json_encode($data, JSON_PRETTY_PRINT));
+}
+
+// ——— Send cleaned data back ———
+http_response_code(200);
+header('Content-Type: application/json');
+echo json_encode($data);
+exit;
--- a/public/api/admin/setLicense.php
+++ b/public/api/admin/setLicense.php
@@ -0,0 +1,8 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AdminController.php';
+
+$ctrl = new AdminController();
+$ctrl->setLicense();
--- a/public/api/admin/updateConfig.php
+++ b/public/api/admin/updateConfig.php
@@ -0,0 +1,47 @@
+<?php
+// public/api/admin/updateConfig.php
+
+/**
+ * @OA\Put(
+ *   path="/api/admin/updateConfig.php",
+ *   summary="Update admin configuration",
+ *   description="Merges the provided settings into the on-disk configuration and persists them. Requires an authenticated admin session and a valid CSRF token. When OIDC is enabled (disableOIDCLogin=false), `providerUrl`, `redirectUri`, and `clientId` are required and must be HTTPS (HTTP allowed only for localhost).",
+ *   operationId="updateAdminConfig",
+ *   tags={"Admin"},
+ *   security={ {{"cookieAuth": {}, "CsrfHeader": {}}} },
+ *
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(ref="#/components/schemas/AdminUpdateConfigRequest")
+ *   ),
+ *
+ *   @OA\Response(
+ *     response=200,
+ *     description="Configuration updated",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleSuccess")
+ *   ),
+ *   @OA\Response(
+ *     response=400,
+ *     description="Validation error (e.g., bad authHeaderName, missing OIDC fields when enabled, or negative upload limit)",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *   ),
+ *   @OA\Response(
+ *     response=403,
+ *     description="Unauthorized access or invalid CSRF token",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *     // or: ref to the reusable response
+ *     // ref="#/components/responses/Forbidden"
+ *   ),
+ *   @OA\Response(
+ *     response=500,
+ *     description="Server error while loading or saving configuration",
+ *     @OA\JsonContent(ref="#/components/schemas/SimpleError")
+ *   )
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AdminController.php';
+
+$adminController = new AdminController();
+$adminController->updateConfig();
--- a/public/api/auth/auth.php
+++ b/public/api/auth/auth.php
@@ -0,0 +1,55 @@
+<?php
+// public/api/auth/auth.php
+
+/**
+     * @OA\Post(
+     *     path="/api/auth/auth.php",
+     *     summary="Authenticate user",
+     *     description="Handles user authentication via OIDC or form-based credentials. For OIDC flows, processes callbacks; otherwise, performs standard authentication with optional TOTP verification.",
+     *     operationId="authUser",
+     *     tags={"Auth"},
+     *     @OA\RequestBody(
+     *         required=true,
+     *         @OA\JsonContent(
+     *             required={"username", "password"},
+     *             @OA\Property(property="username", type="string", example="johndoe"),
+     *             @OA\Property(property="password", type="string", example="secretpassword"),
+     *             @OA\Property(property="remember_me", type="boolean", example=true),
+     *             @OA\Property(property="totp_code", type="string", example="123456")
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=200,
+     *         description="Login successful; returns user info and status",
+     *         @OA\JsonContent(
+     *             @OA\Property(property="status", type="string", example="ok"),
+     *             @OA\Property(property="success", type="string", example="Login successful"),
+     *             @OA\Property(property="username", type="string", example="johndoe"),
+     *             @OA\Property(property="isAdmin", type="boolean", example=true)
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=400,
+     *         description="Bad Request (e.g., missing credentials)"
+     *     ),
+     *     @OA\Response(
+     *         response=401,
+     *         description="Unauthorized (e.g., invalid credentials, too many attempts)"
+     *     ),
+     *     @OA\Response(
+     *         response=429,
+     *         description="Too many failed login attempts"
+     *     )
+     * )
+     *
+     * Handles user authentication via OIDC or form-based login.
+     *
+     * @return void Redirects on success or outputs JSON error.
+     */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/vendor/autoload.php';
+require_once PROJECT_ROOT . '/src/controllers/AuthController.php';
+
+$authController = new AuthController();
+$authController->auth();
--- a/public/api/auth/checkAuth.php
+++ b/public/api/auth/checkAuth.php
@@ -0,0 +1,37 @@
+<?php
+// public/api/auth/checkAuth.php
+
+/**
+ * @OA\Get(
+ *   path="/api/auth/checkAuth.php",
+ *   summary="Check authentication status",
+ *   operationId="checkAuth",
+ *   tags={"Auth"},
+ *   @OA\Response(
+ *     response=200,
+ *     description="Authenticated status or setup flag",
+ *     @OA\JsonContent(
+ *       oneOf={
+ *         @OA\Schema(
+ *           type="object",
+ *           @OA\Property(property="authenticated", type="boolean", example=true),
+ *           @OA\Property(property="isAdmin", type="boolean", example=true),
+ *           @OA\Property(property="totp_enabled", type="boolean", example=false),
+ *           @OA\Property(property="username", type="string", example="johndoe"),
+ *           @OA\Property(property="folderOnly", type="boolean", example=false)
+ *         ),
+ *         @OA\Schema(
+ *           type="object",
+ *           @OA\Property(property="setup", type="boolean", example=true)
+ *         )
+ *       }
+ *     )
+ *   )
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AuthController.php';
+
+$authController = new AuthController();
+$authController->checkAuth();
--- a/public/api/auth/login_basic.php
+++ b/public/api/auth/login_basic.php
@@ -0,0 +1,34 @@
+<?php
+// public/api/auth/login_basic.php
+
+    /**
+     * @OA\Get(
+     *     path="/api/auth/login_basic.php",
+     *     summary="Authenticate using HTTP Basic Authentication",
+     *     description="Performs HTTP Basic authentication. If credentials are missing, sends a 401 response prompting for Basic auth. On valid credentials, optionally handles TOTP verification and finalizes session login.",
+     *     operationId="loginBasic",
+     *     tags={"Auth"},
+     *     @OA\Response(
+     *         response=200,
+     *         description="Login successful; redirects to index.html",
+     *         @OA\JsonContent(
+     *             type="object",
+     *             @OA\Property(property="success", type="string", example="Login successful")
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=401,
+     *         description="Unauthorized due to missing credentials or invalid credentials."
+     *     )
+     * )
+     *
+     * Handles HTTP Basic authentication (with optional TOTP) and logs the user in.
+     *
+     * @return void Redirects on success or sends a 401 header.
+     */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AuthController.php';
+
+$authController = new AuthController();
+$authController->loginBasic();
--- a/public/api/auth/logout.php
+++ b/public/api/auth/logout.php
@@ -0,0 +1,30 @@
+<?php
+// public/api/auth/logout.php
+
+    /**
+     * @OA\Post(
+     *     path="/api/auth/logout.php",
+     *     summary="Logout user",
+     *     description="Clears the session, removes persistent login tokens, and redirects the user to the login page.",
+     *     operationId="logoutUser",
+     *     tags={"Auth"},
+     *     @OA\Response(
+     *         response=302,
+     *         description="Redirects to the login page with a logout flag."
+     *     ),
+     *     @OA\Response(
+     *         response=401,
+     *         description="Unauthorized"
+     *     )
+     * )
+     *
+     * Logs the user out by clearing session data, removing persistent tokens, and destroying the session.
+     *
+     * @return void Redirects to index.html with a logout flag.
+     */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AuthController.php';
+
+$authController = new AuthController();
+$authController->logout();
--- a/public/api/auth/token.php
+++ b/public/api/auth/token.php
@@ -0,0 +1,31 @@
+<?php
+// public/api/auth/token.php
+
+    /**
+     * @OA\Get(
+     *     path="/api/auth/token.php",
+     *     summary="Retrieve CSRF token and share URL",
+     *     description="Returns the current CSRF token along with the configured share URL.",
+     *     operationId="getToken",
+     *     tags={"Auth"},
+     *     @OA\Response(
+     *         response=200,
+     *         description="CSRF token and share URL",
+     *         @OA\JsonContent(
+     *             type="object",
+     *             @OA\Property(property="csrf_token", type="string", example="0123456789abcdef..."),
+     *             @OA\Property(property="share_url", type="string", example="https://yourdomain.com/share.php")
+     *         )
+     *     )
+     * )
+     *
+     * Returns the CSRF token and share URL.
+     *
+     * @return void Outputs the JSON response.
+     */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/AuthController.php';
+
+$authController = new AuthController();
+$authController->getToken();
--- a/public/api/changePassword.php
+++ b/public/api/changePassword.php
@@ -0,0 +1,46 @@
+<?php
+// public/api/changePassword.php
+
+    /**
+     * @OA\Post(
+     *     path="/api/changePassword.php",
+     *     summary="Change user password",
+     *     description="Allows an authenticated user to change their password by verifying the old password and updating to a new one.",
+     *     operationId="changePassword",
+     *     tags={"Users"},
+     *     @OA\RequestBody(
+     *         required=true,
+     *         @OA\JsonContent(
+     *             required={"oldPassword", "newPassword", "confirmPassword"},
+     *             @OA\Property(property="oldPassword", type="string", example="oldpass123"),
+     *             @OA\Property(property="newPassword", type="string", example="newpass456"),
+     *             @OA\Property(property="confirmPassword", type="string", example="newpass456")
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=200,
+     *         description="Password updated successfully",
+     *         @OA\JsonContent(
+     *             @OA\Property(property="success", type="string", example="Password updated successfully.")
+     *         )
+     *     ),
+     *     @OA\Response(
+     *         response=400,
+     *         description="Bad Request"
+     *     ),
+     *     @OA\Response(
+     *         response=401,
+     *         description="Unauthorized"
+     *     ),
+     *     @OA\Response(
+     *         response=403,
+     *         description="Invalid CSRF token"
+     *     )
+     * )
+     */
+
+require_once __DIR__ . '/../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/UserController.php';
+
+$userController = new UserController();
+$userController->changePassword();
--- a/public/api/file/copyFiles.php
+++ b/public/api/file/copyFiles.php
@@ -0,0 +1,38 @@
+<?php
+// public/api/file/copyFiles.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/copyFiles.php",
+ *   summary="Copy files between folders",
+ *   description="Requires read access on source and write access on destination. Enforces folder scope and ownership.",
+ *   operationId="copyFiles",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(
+ *     name="X-CSRF-Token", in="header", required=true,
+ *     description="CSRF token from the current session",
+ *     @OA\Schema(type="string")
+ *   ),
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"source","destination","files"},
+ *       @OA\Property(property="source", type="string", example="root"),
+ *       @OA\Property(property="destination", type="string", example="userA/projects"),
+ *       @OA\Property(property="files", type="array", @OA\Items(type="string"), example={"report.pdf","notes.txt"})
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Copy result (model-defined)"),
+ *   @OA\Response(response=400, description="Invalid request or folder name"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->copyFiles();
--- a/public/api/file/createFile.php
+++ b/public/api/file/createFile.php
@@ -0,0 +1,39 @@
+<?php
+// public/api/file/createFile.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/createFile.php",
+ *   summary="Create an empty file",
+ *   description="Requires write access on the target folder. Enforces folder-only scope.",
+ *   operationId="createFile",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"folder","name"},
+ *       @OA\Property(property="folder", type="string", example="root"),
+ *       @OA\Property(property="name", type="string", example="new.txt")
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Creation result (model-defined)"),
+ *   @OA\Response(response=400, description="Invalid input"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+header('Content-Type: application/json');
+if (empty($_SESSION['authenticated'])) {
+  http_response_code(401);
+  echo json_encode(['success'=>false,'error'=>'Unauthorized']);
+  exit;
+}
+
+$fc = new FileController();
+$fc->createFile();
--- a/public/api/file/createShareLink.php
+++ b/public/api/file/createShareLink.php
@@ -0,0 +1,44 @@
+<?php
+// public/api/file/createShareLink.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/createShareLink.php",
+ *   summary="Create a share link for a file",
+ *   description="Requires share permission on the folder. Non-admins must own the file unless bypassOwnership.",
+ *   operationId="createShareLink",
+ *   tags={"Shares"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"folder","file"},
+ *       @OA\Property(property="folder", type="string", example="root"),
+ *       @OA\Property(property="file", type="string", example="invoice.pdf"),
+ *       @OA\Property(property="expirationValue", type="integer", example=60),
+ *       @OA\Property(property="expirationUnit", type="string", enum={"seconds","minutes","hours","days"}, example="minutes"),
+ *       @OA\Property(property="password", type="string", example="")
+ *     )
+ *   ),
+ *   @OA\Response(
+ *     response=200,
+ *     description="Share link created",
+ *     @OA\JsonContent(
+ *       type="object",
+ *       @OA\Property(property="token", type="string", example="abc123"),
+ *       @OA\Property(property="url", type="string", example="/api/file/share.php?token=abc123"),
+ *       @OA\Property(property="expires", type="integer", example=1700000000)
+ *     )
+ *   ),
+ *   @OA\Response(response=400, description="Invalid input"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->createShareLink();
--- a/public/api/file/deleteFiles.php
+++ b/public/api/file/deleteFiles.php
@@ -0,0 +1,36 @@
+<?php
+// public/api/file/deleteFiles.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/deleteFiles.php",
+ *   summary="Delete files to Trash",
+ *   description="Requires write access on the folder and (for non-admins) ownership of the files.",
+ *   operationId="deleteFiles",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(
+ *     name="X-CSRF-Token", in="header", required=true,
+ *     @OA\Schema(type="string")
+ *   ),
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"folder","files"},
+ *       @OA\Property(property="folder", type="string", example="root"),
+ *       @OA\Property(property="files", type="array", @OA\Items(type="string"), example={"old.docx","draft.md"})
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Delete result (model-defined)"),
+ *   @OA\Response(response=400, description="Invalid input"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->deleteFiles();
--- a/public/api/file/deleteShareLink.php
+++ b/public/api/file/deleteShareLink.php
@@ -0,0 +1,27 @@
+<?php
+
+
+/**
+ * @OA\Post(
+ *   path="/api/file/deleteShareLink.php",
+ *   summary="Delete a share link by token",
+ *   description="Deletes a share token. NOTE: Current implementation does not require authentication.",
+ *   operationId="deleteShareLink",
+ *   tags={"Shares"},
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"token"},
+ *       @OA\Property(property="token", type="string", example="abc123")
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Deletion result (success or not found)")
+ * )
+ */
+
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->deleteShareLink();
--- a/public/api/file/deleteTrashFiles.php
+++ b/public/api/file/deleteTrashFiles.php
@@ -0,0 +1,38 @@
+<?php
+// public/api/file/deleteTrashFiles.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/deleteTrashFiles.php",
+ *   summary="Permanently delete Trash items (admin only)",
+ *   operationId="deleteTrashFiles",
+ *   tags={"Trash"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="X-CSRF-Token", in="header", required=true, @OA\Schema(type="string")),
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       oneOf={
+ *         @OA\Schema(
+ *           required={"deleteAll"},
+ *           @OA\Property(property="deleteAll", type="boolean", example=true)
+ *         ),
+ *         @OA\Schema(
+ *           required={"files"},
+ *           @OA\Property(property="files", type="array", @OA\Items(type="string"), example={"trash/abc","trash/def"})
+ *         )
+ *       }
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Deletion result (model-defined)"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Admin only"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->deleteTrashFiles();
--- a/public/api/file/download.php
+++ b/public/api/file/download.php
@@ -0,0 +1,36 @@
+<?php
+// public/api/file/download.php
+
+
+/**
+ * @OA\Get(
+ *   path="/api/file/download.php",
+ *   summary="Download a file",
+ *   description="Requires view access (or own-only with ownership). Streams the file with appropriate Content-Type.",
+ *   operationId="downloadFile",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="folder", in="query", required=true, @OA\Schema(type="string"), example="root"),
+ *   @OA\Parameter(name="file", in="query", required=true, @OA\Schema(type="string"), example="photo.jpg"),
+ *   @OA\Response(
+ *     response=200,
+ *     description="Binary file",
+ *     content={
+ *       "application/octet-stream": @OA\MediaType(
+ *         mediaType="application/octet-stream",
+ *         @OA\Schema(type="string", format="binary")
+ *       )
+ *     }
+ *   ),
+ *   @OA\Response(response=400, description="Invalid folder/file"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=404, description="Not found")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->downloadFile();
--- a/public/api/file/downloadZip.php
+++ b/public/api/file/downloadZip.php
@@ -0,0 +1,43 @@
+<?php
+// public/api/file/downloadZip.php
+
+
+/**
+ * @OA\Post(
+ *   path="/api/file/downloadZip.php",
+ *   summary="Download multiple files as a ZIP",
+ *   description="Requires view access (or own-only with ownership). May be gated by account flag.",
+ *   operationId="downloadZip",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="X-CSRF-Token", in="header", required=true, @OA\Schema(type="string")),
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"folder","files"},
+ *       @OA\Property(property="folder", type="string", example="root"),
+ *       @OA\Property(property="files", type="array", @OA\Items(type="string"), example={"a.jpg","b.png"})
+ *     )
+ *   ),
+ *   @OA\Response(
+ *     response=200,
+ *     description="ZIP archive",
+ *     content={
+ *       "application/zip": @OA\MediaType(
+ *         mediaType="application/zip",
+ *         @OA\Schema(type="string", format="binary")
+ *       )
+ *     }
+ *   ),
+ *   @OA\Response(response=400, description="Invalid input"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->downloadZip();
--- a/public/api/file/downloadZipFile.php
+++ b/public/api/file/downloadZipFile.php
@@ -0,0 +1,24 @@
+<?php
+// public/api/file/downloadZipFile.php
+
+/**
+ * @OA\Get(
+ *   path="/api/file/downloadZipFile.php",
+ *   summary="Download a finished ZIP by token",
+ *   description="Streams the zip once; token is one-shot.",
+ *   operationId="downloadZipFile",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="k", in="query", required=true, @OA\Schema(type="string"), description="Job token"),
+ *   @OA\Parameter(name="name", in="query", required=false, @OA\Schema(type="string"), description="Suggested filename"),
+ *   @OA\Response(response=200, description="ZIP stream"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=404, description="Not found")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$controller = new FileController();
+$controller->downloadZipFile();
--- a/public/api/file/extractZip.php
+++ b/public/api/file/extractZip.php
@@ -0,0 +1,33 @@
+<?php
+// public/api/file/extractZip.php
+
+/**
+ * @OA\Post(
+ *   path="/api/file/extractZip.php",
+ *   summary="Extract ZIP file(s) into a folder",
+ *   description="Requires write access on the target folder.",
+ *   operationId="extractZip",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="X-CSRF-Token", in="header", required=true, @OA\Schema(type="string")),
+ *   @OA\RequestBody(
+ *     required=true,
+ *     @OA\JsonContent(
+ *       required={"folder","files"},
+ *       @OA\Property(property="folder", type="string", example="root"),
+ *       @OA\Property(property="files", type="array", @OA\Items(type="string"), example={"archive.zip"})
+ *     )
+ *   ),
+ *   @OA\Response(response=200, description="Extraction result (model-defined)"),
+ *   @OA\Response(response=400, description="Invalid input"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->extractZip();
--- a/public/api/file/getFileList.php
+++ b/public/api/file/getFileList.php
@@ -0,0 +1,25 @@
+<?php
+// public/api/file/getFileList.php
+
+/**
+ * @OA\Get(
+ *   path="/api/file/getFileList.php",
+ *   summary="List files in a folder",
+ *   description="Requires view access (full) or read_own (own-only results).",
+ *   operationId="getFileList",
+ *   tags={"Files"},
+ *   security={{"cookieAuth": {}}},
+ *   @OA\Parameter(name="folder", in="query", required=true, @OA\Schema(type="string"), example="root"),
+ *   @OA\Response(response=200, description="Listing result (model-defined JSON)"),
+ *   @OA\Response(response=400, description="Invalid folder"),
+ *   @OA\Response(response=401, description="Unauthorized"),
+ *   @OA\Response(response=403, description="Forbidden"),
+ *   @OA\Response(response=500, description="Internal error")
+ * )
+ */
+
+require_once __DIR__ . '/../../../config/config.php';
+require_once PROJECT_ROOT . '/src/controllers/FileController.php';
+
+$fileController = new FileController();
+$fileController->getFileList();
--- a/Show More
+++ b/Show More