EngineScript
diff --git a/‎.github/workflows/software-version-check.yml‎
Lines changed: 15 additions & 0 deletions b/‎.github/workflows/software-version-check.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 70 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 70 additions & 1 deletion
diff --git a/‎config/etc/enginescript/filemanager.conf‎
Lines changed: 3 additions & 6 deletions b/‎config/etc/enginescript/filemanager.conf‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎config/var/www/admin/control-panel/api.php‎
Lines changed: 14 additions & 38 deletions b/‎config/var/www/admin/control-panel/api.php‎
Lines changed: 14 additions & 38 deletions
diff --git a/‎config/var/www/admin/control-panel/filemanager.php‎
Lines changed: 5 additions & 125 deletions b/‎config/var/www/admin/control-panel/filemanager.php‎
Lines changed: 5 additions & 125 deletions
diff --git a/‎config/var/www/admin/control-panel/index.html‎
Lines changed: 1 addition & 1 deletion b/‎config/var/www/admin/control-panel/index.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/var/www/admin/tinyfilemanager/config.php‎
Lines changed: 60 additions & 0 deletions b/‎config/var/www/admin/tinyfilemanager/config.php‎
Lines changed: 60 additions & 0 deletions
@@ -256,6 +256,21 @@ jobs:
             grep "^FONTAWESOME_VER=" enginescript-variables.txt >> .github/temp_versions.txt
           fi
           
+          # TinyFileManager
+          echo "::debug::Fetching TinyFileManager version..."
+          TFM_API_RESPONSE=$(curl -s https://api.github.com/repos/prasathmani/tinyfilemanager/releases/latest)
+          echo "::debug::TinyFileManager API Response: $TFM_API_RESPONSE"
+          
+          LATEST_TFM=$(echo "$TFM_API_RESPONSE" | jq -r '.tag_name // empty')
+          echo "::debug::Parsed TinyFileManager version: '$LATEST_TFM'"
+          
+          if [[ -n "$LATEST_TFM" && "$LATEST_TFM" != "null" ]]; then
+            check_version "TINYFILEMANAGER_VER" "$LATEST_TFM"
+          else
+            echo "::warning::Failed to fetch TinyFileManager version, keeping current version"
+            grep "^TINYFILEMANAGER_VER=" enginescript-variables.txt >> .github/temp_versions.txt
+          fi
+          
           # Update date only if versions changed
           if [[ "$CHANGES_DETECTED" = true ]]; then
             echo "changes_detected=true" >> $GITHUB_OUTPUT
 
@@ -1,9 +1,78 @@
-# Changelog
+# Chan## 2025-07-07
+
+### 🏷️ OFFICIAL RELEASE INTEGRATION
+- **Version Management**: Switched TinyFileManager to official tagged releases instead of master branch
+  - **Release Tracking**: Added `TINYFILEMANAGER_VER="2.6"` to `enginescript-variables.txt`
+    - Uses official GitHub release tags instead of master branch
+    - Downloads from `https://github.com/prasathmani/tinyfilemanager/archive/refs/tags/{version}.tar.gz`
+    - Ensures stable, tested releases rather than development code
+  - **Automated Updates**: Integrated TinyFileManager into GitHub Actions version checking workflow
+    - Automatically detects new releases via GitHub API
+    - Updates version variable when new stable releases are available
+    - Includes in centralized dependency tracking system
+  - **Complete Reference Cleanup**: Removed all traces of deprecated custom wrapper system
+    - Eliminated all references to removed `filemanager.php` from API and control panel
+    - Removed all mentions of `/etc/enginescript/filemanager.conf` from scripts
+    - Updated control panel links to point directly to `/enginescript/tinyfilemanager/tinyfilemanager.php`
+    - Converted `reset-filemanager-password.sh` to informational notice about native configuration
+  - **Installation Updates**: Modified installation scripts to use versioned releases
+    - Admin control panel script now uses `${TINYFILEMANAGER_VER}` variable
+    - Proper TAR.GZ extraction instead of ZIP for better compatibility
+    - Removed filemanager.conf creation from installation and update scripts
+
+### 🔄 COMPLETE FILE MANAGER OVERHAULog
 
 All notable changes to EngineScript will be documented in this file.
 
 Changes are organized by date, with the most recent changes listed first.
 
+## 2025-07-07
+
+### � COMPLETE FILE MANAGER OVERHAUL
+- **Official TinyFileManager Integration**: Completely replaced custom wrapper with official GitHub repository
+  - **Repository Download**: Now downloads and extracts the complete official TinyFileManager from GitHub
+    - Downloads latest master branch as ZIP from `https://github.com/prasathmani/tinyfilemanager/archive/refs/heads/master.zip`
+    - Extracts to `/var/www/admin/enginescript/tinyfilemanager/` directory
+    - Includes all official files, documentation, and features from the upstream project
+  - **Custom Configuration Removal**: Eliminated complex custom authentication wrapper entirely
+    - Removed `filemanager.php` custom wrapper with 100+ lines of authentication logic
+    - Simplified to basic redirect: `header('Location: /enginescript/tinyfilemanager/');`
+    - No more rate limiting, session management, or custom security headers in wrapper
+  - **Native Configuration**: Uses official TinyFileManager configuration system
+    - Created `/config/var/www/admin/tinyfilemanager/config.php` with basic EngineScript defaults
+    - Default credentials: admin/admin (users can edit config.php directly)
+    - Root path restricted to `/var/www` for security
+    - Standard TinyFileManager settings with sensible defaults
+  - **Installation Simplification**: Streamlined installation process in admin control panel script
+    - Downloads official ZIP archive instead of single PHP file
+    - Extracts complete project structure with proper permissions
+    - Copies EngineScript configuration file during installation
+    - Comprehensive error handling for download and extraction
+  - **Legacy System Deprecation**: Marked custom configuration system as legacy
+    - Updated `update-config-files.sh` to indicate native configuration usage
+    - Removed dependency on `/etc/enginescript/filemanager.conf`
+    - Simplified to direct editing of TinyFileManager's native config.php
+
+### �🔧 FILE MANAGER SIMPLIFICATION
+- **Password Wrapper Removal**: Removed complex password wrapper and authentication workarounds from file manager
+  - **Configuration Cleanup**: Removed `fm_password_hash` from file manager configuration file
+    - Simplified `/config/etc/enginescript/filemanager.conf` to use basic username/password authentication
+    - Removed automatic password hashing functionality that was causing compatibility issues
+    - Streamlined configuration to focus on basic authentication settings
+  - **PHP Authentication Simplification**: Removed complex password validation and hashing logic from `filemanager.php`
+    - Eliminated password hash validation and placeholder checking routines
+    - Removed dependency on PHP password_hash() function for authentication
+    - Simplified credential loading to use direct username/password from configuration
+    - Added basic default values (admin/admin) for immediate functionality
+  - **Update Script Cleanup**: Removed password hashing logic from configuration update script
+    - Simplified `update-config-files.sh` to handle basic credential updates without hashing
+    - Removed PHP password_hash() calls that were causing authentication failures
+    - Streamlined credential transfer from main configuration to file manager config
+  - **Back to Basics Approach**: Returned to simple, straightforward file manager authentication
+    - Eliminated complex authentication wrapper that was preventing proper login
+    - Focused on reliable, basic authentication mechanism
+    - Removed unnecessary security layers that were creating usability issues
+
 ## 2025-07-06
 
 ### �🔧 DASHBOARD UX IMPROVEMENTS
 
@@ -1,21 +1,18 @@
 # EngineScript File Manager Configuration
 # 
 # This file contains the configuration for the Tiny File Manager integration
-# Default credentials for file manager access
+# Basic settings for file manager access
 #
-# Security: This file contains sensitive information
+# Security: This file contains configuration settings
 # Ensure proper file permissions: chmod 600 /etc/enginescript/filemanager.conf
 
 # File Manager Authentication
 # Username for file manager access
 fm_username=
 
-# Password for file manager access (will be populated from main credentials file)
+# Password for file manager access
 fm_password=
 
-# Hashed password (automatically generated from fm_password)
-fm_password_hash=
-
 # Root directory for file browsing (default: /var/www)
 fm_root_path=/var/www
 
 
@@ -415,52 +415,28 @@ function handleAlerts() {
 
 function handleFileManagerStatus() {
     try {
-        $fm_file = __DIR__ . '/filemanager.php';
-        $tfm_file = __DIR__ . '/tinyfilemanager.php';
-        $config_file = '/etc/enginescript/filemanager.conf';
-        $credentials_file = '/home/EngineScript/enginescript-install-options.txt';
-        
-        // Check if configuration exists and get username
-        $fm_username = null;
-        $config_exists = false;
-        $config_populated = false;
-        $credentials_configured = false;
-        
-        if (file_exists($config_file)) {
-            $config_content = file_get_contents($config_file);
-            if (preg_match('/fm_username=(.+)/m', $config_content, $matches)) {
-                $username = trim($matches[1]);
-                if (!empty($username)) {
-                    $fm_username = $username;
-                    $config_populated = true;
-                }
-            }
-            $config_exists = true;
+        // Load EngineScript variables to get current version
+        $variables = [];
+        if (file_exists('/usr/local/bin/enginescript/enginescript-variables.txt')) {
+            $content = file_get_contents('/usr/local/bin/enginescript/enginescript-variables.txt');
+            preg_match('/TINYFILEMANAGER_VER="([^"]*)"/', $content, $matches);
+            $current_version = isset($matches[1]) ? $matches[1] : '2.6';
+        } else {
+            $current_version = '2.6';
         }
 
-        // Check if main credentials are configured
-        if (file_exists($credentials_file)) {
-            $cred_content = file_get_contents($credentials_file);
-            if (strpos($cred_content, 'FILEMANAGER_USERNAME="PLACEHOLDER"') === false &&
-                strpos($cred_content, 'FILEMANAGER_PASSWORD="PLACEHOLDER"') === false) {
-                $credentials_configured = true;
-            }
-        }
+        $tfm_file = '/var/www/admin/enginescript/tinyfilemanager/tinyfilemanager.php';
+        $tfm_config = '/var/www/admin/enginescript/tinyfilemanager/config.php';
 
         $status = [
-            'available' => file_exists($fm_file),
-            'tfm_downloaded' => file_exists($tfm_file),
-            'tfm_age_days' => file_exists($tfm_file) ? round((time() - filemtime($tfm_file)) / (24 * 60 * 60)) : null,
-            'config_exists' => $config_exists,
-            'config_populated' => $config_populated,
-            'credentials_configured' => $credentials_configured,
-            'username' => $fm_username,
+            'available' => file_exists($tfm_file),
+            'config_exists' => file_exists($tfm_config),
             'writable_dirs' => [
                 '/var/www' => is_writable('/var/www'),
                 '/tmp' => is_writable('/tmp')
             ],
-            'url' => '/filemanager.php',
-            'password_reset_command' => 'sudo /usr/local/bin/enginescript/scripts/functions/shared/reset-filemanager-password.sh'
+            'url' => '/enginescript/tinyfilemanager/tinyfilemanager.php',
+            'version' => $current_version
         ];
 
         echo json_encode(sanitizeOutput($status)); // codacy:ignore - echo required for JSON API response
 
@@ -1,130 +1,10 @@
 <?php
 /**
- * Tiny File Manager Integration for EngineScript Admin
- * Secure file management interface with restricted access
- * 
- * @version 1.0.0
- * @security HIGH - File system access
+ * Simple redirect to Tiny File Manager
+ * Official TinyFileManager from GitHub repository
  */
 
-// Security checks - prevent direct access
-if (!isset($_SERVER['HTTP_HOST']) || !isset($_SERVER['REQUEST_URI'])) {
-    http_response_code(403);
-    die('Direct access forbidden');
-}
-
-// Basic authentication check (integrate with your auth system)
-session_start();
-$client_ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'unknown';
-
-// Rate limiting for file operations
-$rate_limit_key = 'fm_rate_' . hash('sha256', $client_ip);
-if (!isset($_SESSION[$rate_limit_key])) {
-    $_SESSION[$rate_limit_key] = ['count' => 0, 'reset' => time() + 300]; // 5 minute window
-}
-
-if (time() > $_SESSION[$rate_limit_key]['reset']) {
-    $_SESSION[$rate_limit_key] = ['count' => 0, 'reset' => time() + 300];
-}
-
-if ($_SESSION[$rate_limit_key]['count'] >= 50) { // 50 operations per 5 minutes
-    http_response_code(429);
-    die('Rate limit exceeded for file operations');
-}
-
-$_SESSION[$rate_limit_key]['count']++;
-
-// Load file manager configuration
-$fm_config_file = '/etc/enginescript/filemanager.conf';
-$fm_config = [];
-
-if (file_exists($fm_config_file)) {
-    $config_content = file_get_contents($fm_config_file);
-    $config_lines = explode("\n", $config_content);
-    
-    foreach ($config_lines as $line) {
-        $line = trim($line);
-        if (empty($line) || strpos($line, '#') === 0) {
-            continue; // Skip empty lines and comments
-        }
-        
-        if (strpos($line, '=') !== false) {
-            list($key, $value) = explode('=', $line, 2);
-            $fm_config[trim($key)] = trim($value);
-        }
-    }
-}
-
-// Set values from configuration file only - no defaults
-$fm_username = isset($fm_config['fm_username']) && !empty($fm_config['fm_username']) ? $fm_config['fm_username'] : null;
-$fm_password_hash = isset($fm_config['fm_password_hash']) && !empty($fm_config['fm_password_hash']) ? $fm_config['fm_password_hash'] : null;
-
-// Check if credentials are properly configured
-if (empty($fm_username) || empty($fm_password_hash)) {
-    // Check if main credentials file exists and has been configured
-    if (file_exists('/home/EngineScript/enginescript-install-options.txt')) {
-        $credentials_content = file_get_contents('/home/EngineScript/enginescript-install-options.txt');
-        
-        // Check if credentials are still PLACEHOLDER values
-        if (strpos($credentials_content, 'FILEMANAGER_USERNAME="PLACEHOLDER"') !== false ||
-            strpos($credentials_content, 'FILEMANAGER_PASSWORD="PLACEHOLDER"') !== false) {
-            
-            die('File Manager credentials not configured. Please edit your credentials file with command: es.config');
-        } else {
-            // Credentials configured but config file not updated
-            die('File Manager configuration needs to be updated. Please run: sudo /usr/local/bin/enginescript/scripts/functions/shared/update-config-files.sh');
-        }
-    } else {
-        die('EngineScript credentials file not found. Please ensure EngineScript is properly installed.');
-    }
-}
-
-$fm_root_path = isset($fm_config['fm_root_path']) && !empty($fm_config['fm_root_path']) ? $fm_config['fm_root_path'] : '/var/www';
-$fm_max_upload = isset($fm_config['fm_max_upload_size']) && !empty($fm_config['fm_max_upload_size']) ? (int)$fm_config['fm_max_upload_size'] : 104857600;
-$fm_readonly = isset($fm_config['fm_readonly']) && $fm_config['fm_readonly'] === 'true' ? true : false;
-
-// Additional security headers
-header('X-Frame-Options: SAMEORIGIN');
-header('X-Content-Type-Options: nosniff');
-header('X-XSS-Protection: 1; mode=block');
-header('Referrer-Policy: strict-origin-when-cross-origin');
-
-// Log file manager access
-$log_entry = date('Y-m-d H:i:s') . " [FILE_MANAGER] Access from IP: " . $client_ip . "\n";
-error_log($log_entry, 3, '/var/log/enginescript-filemanager.log');
-
-// Download and include Tiny File Manager
-$tfm_file = __DIR__ . '/tinyfilemanager.php';
-$tfm_url = 'https://raw.githubusercontent.com/prasathmani/tinyfilemanager/master/tinyfilemanager.php';
-
-// Download TFM if not exists or older than 30 days
-if (!file_exists($tfm_file) || (time() - filemtime($tfm_file)) > (30 * 24 * 60 * 60)) {
-    $tfm_content = @file_get_contents($tfm_url);
-    if ($tfm_content !== false) {
-        file_put_contents($tfm_file, $tfm_content);
-        chmod($tfm_file, 0644);
-    } else {
-        die('Unable to download Tiny File Manager. Please check internet connection.');
-    }
-}
-
-// Modify TFM file to use our credentials
-if (file_exists($tfm_file)) {
-    $tfm_content = file_get_contents($tfm_file);
-    
-    // Replace the hardcoded auth_users array with our credentials
-    $new_auth_array = '$auth_users = array(\'' . $fm_username . '\' => \'' . $fm_password_hash . '\');';
-    
-    // Pattern to match the existing $auth_users array (handles multi-line arrays)
-    $pattern = '/\$auth_users\s*=\s*array\s*\([^;]*\);/s';
-    
-    if (preg_match($pattern, $tfm_content)) {
-        $tfm_content = preg_replace($pattern, $new_auth_array, $tfm_content);
-        file_put_contents($tfm_file, $tfm_content);
-    }
-    
-    include $tfm_file;
-} else {
-    die('Tiny File Manager not found. Please check installation.');
-}
+// Redirect to the official TinyFileManager installation
+header('Location: /enginescript/tinyfilemanager/');
+exit;
 ?>
@@ -421,7 +421,7 @@ <h3>Adminer</h3>
                         </div>
                     </a>
 
-                    <a href="/filemanager.php" target="_blank" rel="noopener noreferrer" class="tool-card" id="filemanager-tool">
+                    <a href="/enginescript/tinyfilemanager/tinyfilemanager.php" target="_blank" rel="noopener noreferrer" class="tool-card" id="filemanager-tool">
                         <div class="tool-icon">
                             <i class="fas fa-folder-open"></i>
                         </div>
 
@@ -0,0 +1,60 @@
+<?php
+/**
+ * EngineScript TinyFileManager Configuration
+ * Basic configuration for official TinyFileManager
+ */
+
+// Basic authentication - users can modify this file directly
+$auth_users = array(
+    'admin' => '$2y$10$3F7VnbFpPHIyFODrUQOgXKvGLgKfBgHZQT7xU8xvQ9qLpG3Rn7bCy' // password: admin
+);
+
+// Set as non-global auth
+$use_auth = true;
+$readonly_users = array();
+
+// Root path for file browsing - restrict to web directories
+$root_path = '/var/www';
+
+// Root URL for links (leave blank for auto-detection)
+$root_url = '';
+
+// Max upload size in bytes (100MB)
+$max_upload_size_bytes = 104857600;
+
+// Exclude specific files/folders from listing
+$exclude_items = array(
+    '.git',
+    '.github',
+    '.gitignore',
+    '.htaccess',
+    'config.php'
+);
+
+// Theme (light, dark)
+$theme = 'light';
+
+// Default timezone
+date_default_timezone_set('UTC');
+
+// Edit files in popup or same window
+$edit_files = true;
+
+// Enable/disable file and folder management
+$readonly = false;
+
+// Session name for authentication
+$session_name = 'filemanager';
+
+// Show directory size
+$show_dirs_size = false;
+
+// Check for updates
+$check_for_updates = false;
+
+// Online office viewer
+$online_viewer = false;
+
+// Sticky navbar
+$sticky_navbar = true;
+?>