EngineScript
diff --git a/‎.github/workflows/software-version-check.yml‎
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/software-version-check.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 147 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 147 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 1 deletion b/‎README.md‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎config/var/www/admin/control-panel/README.md‎
Lines changed: 41 additions & 9 deletions b/‎config/var/www/admin/control-panel/README.md‎
Lines changed: 41 additions & 9 deletions
@@ -226,6 +226,36 @@ jobs:
             grep '^NGINX_DYN_TLS_PATCH_SHA=' enginescript-variables.txt >> .github/temp_versions.txt
           fi
           
+          # Chart.js
+          echo "::debug::Fetching Chart.js version..."
+          CHARTJS_API_RESPONSE=$(curl -s https://api.github.com/repos/chartjs/Chart.js/releases/latest)
+          echo "::debug::Chart.js API Response: $CHARTJS_API_RESPONSE"
+          
+          LATEST_CHARTJS=$(echo "$CHARTJS_API_RESPONSE" | jq -r '.tag_name // empty' | sed 's/v//')
+          echo "::debug::Parsed Chart.js version: '$LATEST_CHARTJS'"
+          
+          if [[ -n "$LATEST_CHARTJS" && "$LATEST_CHARTJS" != "null" ]]; then
+            check_version "CHARTJS_VER" "$LATEST_CHARTJS"
+          else
+            echo "::warning::Failed to fetch Chart.js version, keeping current version"
+            grep "^CHARTJS_VER=" enginescript-variables.txt >> .github/temp_versions.txt
+          fi
+          
+          # Font Awesome
+          echo "::debug::Fetching Font Awesome version..."
+          FONTAWESOME_API_RESPONSE=$(curl -s https://api.github.com/repos/FortAwesome/Font-Awesome/releases/latest)
+          echo "::debug::Font Awesome API Response: $FONTAWESOME_API_RESPONSE"
+          
+          LATEST_FONTAWESOME=$(echo "$FONTAWESOME_API_RESPONSE" | jq -r '.tag_name // empty' | sed 's/[^0-9\.]//g')
+          echo "::debug::Parsed Font Awesome version: '$LATEST_FONTAWESOME'"
+          
+          if [[ -n "$LATEST_FONTAWESOME" && "$LATEST_FONTAWESOME" != "null" ]]; then
+            check_version "FONTAWESOME_VER" "$LATEST_FONTAWESOME"
+          else
+            echo "::warning::Failed to fetch Font Awesome version, keeping current version"
+            grep "^FONTAWESOME_VER=" enginescript-variables.txt >> .github/temp_versions.txt
+          fi
+          
           # Update date only if versions changed
           if [[ "$CHANGES_DETECTED" = true ]]; then
             echo "changes_detected=true" >> $GITHUB_OUTPUT
@@ -311,6 +341,8 @@ jobs:
           NGINX_DYN_TLS_PATCH_SHA=$(get_var NGINX_DYN_TLS_PATCH_SHA)
           SSE_PLUGIN_VER=$(get_var SSE_PLUGIN_VER)
           SWPO_PLUGIN_VER=$(get_var SWPO_PLUGIN_VER)
+          CHARTJS_VER=$(get_var CHARTJS_VER)
+          FONTAWESOME_VER=$(get_var FONTAWESOME_VER)
 
           # Get patch date (Last-Modified header or today)
           PATCH_URL="https://github.com/kn007/patch/raw/master/nginx_dynamic_tls_records.patch"
@@ -336,6 +368,8 @@ jobs:
             -e "/|MARIADB|/s/|[^|]*|/|$MARIADB_VER|/2" \
             -e "/|PLUGIN: EngineScript: Simple Site Exporter|/s/|[^|]*|/|$SSE_PLUGIN_VER|/2" \
             -e "/|PLUGIN: EngineScript: Simple WP Optimizer|/s/|[^|]*|/|$SWPO_PLUGIN_VER|/2" \
+            -e "/|Chart.js|/s/|[^|]*|/|$CHARTJS_VER|/2" \
+            -e "/|Font Awesome|/s/|[^|]*|/|$FONTAWESOME_VER|/2" \
             README.md
           
           # Always cleanup the temp file
 
@@ -6,6 +6,97 @@ Changes are organized by date, with the most recent changes listed first.
 
 ## 2025-07-01
 
+### 🎨 ADMIN CONTROL PANEL MODERNIZATION
+- **Complete Admin Dashboard Redesign**: Fully modernized the admin control panel with a professional, interactive dashboard
+  - **Modern UI/UX**: Replaced basic HTML template with responsive, dark-themed dashboard using modern CSS Grid and Flexbox
+  - **Interactive Features**: Added real-time system monitoring, service status indicators, and performance charts
+  - **Multi-page Dashboard**: Implemented single-page application with Overview, Sites, System, Security, Backups, Logs, and Tools sections
+  - **Real-time Data**: Integrated Chart.js for interactive performance monitoring and resource usage visualization
+  - **Responsive Design**: Mobile-first design that works seamlessly on desktop, tablet, and mobile devices
+  - **Enhanced Navigation**: Sidebar navigation with active states and smooth transitions
+  - **Live Server Clock**: Real-time server time display with automatic updates
+  - **Service Monitoring**: Live status indicators for Nginx, PHP-FPM, MariaDB, and Redis with version information
+  - **System Metrics**: Real-time CPU, memory, and disk usage monitoring with visual indicators
+  - **Activity Feed**: Recent system activity and alerts with contextual icons and timestamps
+  - **WordPress Site Management**: Enhanced site overview with status, SSL, and backup information
+  - **Security Dashboard**: SSL certificate status, firewall monitoring, and malware scanning overview
+  - **Log Viewer**: Real-time log viewing with filtering for different services (EngineScript, Nginx, PHP, MariaDB)
+  - **Admin Tools Integration**: Quick access to phpMyAdmin, PHPinfo, phpSysinfo, and Adminer with availability checking
+  - **Command Reference**: Complete EngineScript command reference with descriptions and usage examples
+- **Backend API Implementation**: Created comprehensive PHP-based REST API for dashboard functionality
+  - **System Information API**: Real-time system stats including CPU, memory, disk usage, uptime, and load averages
+  - **Service Status API**: Live monitoring of all EngineScript services with version detection
+  - **WordPress Sites API**: Automated detection and management of WordPress installations
+  - **Security Status API**: SSL certificate monitoring, firewall status, and malware scanner integration
+  - **Backup Status API**: Integration with EngineScript backup systems for status reporting
+  - **Log Access API**: Secure log file access with filtering and real-time updates
+  - **Activity Monitoring**: System activity logging and alert generation for proactive monitoring
+  - **Error Handling**: Comprehensive error handling with graceful fallbacks and user-friendly messages
+- **Enhanced Installation Process**: Updated admin control panel deployment script
+  - **API Setup**: Automatic API endpoint configuration with proper routing
+  - **Permission Management**: Secure file permissions and ownership configuration
+  - **Feature Detection**: Dynamic feature availability based on installed components (e.g., Adminer availability)
+  - **Nginx Integration**: Added nginx configuration snippets for optimal performance and security
+- **Security Enhancements**: Implemented robust security measures for the admin panel
+  - **Access Control**: Restricted access to sensitive files and directories
+  - **Security Headers**: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Referrer-Policy
+  - **Input Validation**: Server-side validation for all API endpoints
+  - **Error Sanitization**: Prevents information disclosure through error messages
+- **Performance Optimizations**: Optimized dashboard for fast loading and smooth operation
+  - **Asset Caching**: Proper cache headers for static assets with versioning support
+  - **Compressed Delivery**: Gzip compression for text-based resources
+  - **Lazy Loading**: Progressive loading of dashboard components to improve perceived performance
+  - **Efficient API Design**: Optimized API endpoints to minimize server load and response times
+- **Documentation**: Comprehensive documentation for the new dashboard
+  - **Feature Overview**: Complete feature documentation with usage examples
+  - **API Documentation**: Detailed API endpoint documentation for future enhancements
+  - **Installation Guide**: Step-by-step setup and configuration instructions
+  - **Future Roadmap**: Planned enhancements including authentication, WebSocket integration, and advanced monitoring
+
+### 🔧 NEW ENGINESCRIPT COMMAND
+- **Added es.sites Command**: New EngineScript alias to list all WordPress sites installed on the server
+  - **Site Discovery**: Automatically discovers all WordPress installations in `/var/www/sites/*/html`
+  - **Status Checking**: Tests HTTPS/HTTP connectivity for each site with color-coded status indicators
+  - **Formatted Output**: Clean table format showing domain, document root, and online status
+  - **WordPress Validation**: Verifies actual WordPress installations by checking for `wp-config.php`
+  - **Configuration Status**: Shows whether sites are configured for automated tasks (backups, maintenance)
+  - **Command Integration**: Integrates with existing EngineScript alias system and help documentation
+  - **Error Handling**: Graceful handling of missing directories and inaccessible sites
+  - **Usage Instructions**: Provides helpful commands for further site management
+
+### 🛡️ SECURITY & AUTOMATION IMPROVEMENTS
+- **Frontend Dashboard Security**: Completed comprehensive security audit and hardening of the JavaScript dashboard
+  - **Input Validation & Sanitization**: Implemented strict client-side input validation with parameter whitelisting
+    - Added validation for page names, log types, time ranges, and tool names against predefined whitelists
+    - Comprehensive input sanitization removing HTML special characters, JavaScript protocols, and dangerous patterns
+    - Length limits implemented (1000 chars for general input, 50KB for log content)
+  - **XSS Prevention**: Complete protection against Cross-Site Scripting attacks
+    - Replaced unsafe `innerHTML` usage with secure `textContent` and `createElement()` methods
+    - All dynamic content created using DOM manipulation instead of HTML string injection
+    - API response data sanitized before display with comprehensive content filtering
+    - Eliminated inline event handlers and prevented `eval()` usage
+  - **URL & Navigation Security**: Secure handling of external URLs and navigation
+    - Domain validation with regex patterns before opening external links
+    - `window.open()` enhanced with `noopener,noreferrer` security flags
+    - Dangerous protocols (`javascript:`, `data:`, `vbscript:`) filtered and removed
+    - Frame protection implemented to prevent embedding in malicious frames
+  - **Data Handling Security**: Secure processing of all API responses and user data
+    - Strict type validation for all data objects received from API
+    - Safe URL handling with domain validation before creating clickable links
+    - Proper memory management with cleanup of charts and event listeners
+    - Secure error handling without information disclosure
+  - **Production Security Features**: Enhanced security for production environments
+    - Console access disabled in production environments to prevent debugging
+    - Error message sanitization to prevent sensitive information disclosure
+    - Resource validation before loading external dependencies
+    - Secure initialization and cleanup procedures
+- **Enhanced Security Documentation**: Updated comprehensive security documentation covering both frontend and backend
+  - **Frontend Security Guide**: Detailed documentation of all JavaScript security measures
+  - **Security Architecture**: Defense-in-depth approach with multiple security layers
+  - **Testing Procedures**: Comprehensive security testing checklists for both frontend and backend
+  - **Incident Response**: Updated emergency response procedures for security incidents
+  - **Monitoring Integration**: Enhanced security monitoring and logging procedures
+
 ### 🔧 CODE QUALITY
 - **CI/CD Workflow Enhancement**: Comprehensively improved the GitHub Actions software-version-check workflow
   - **Robust Error Handling**: Added comprehensive error handling for all GitHub API calls to prevent "null" version values
@@ -379,3 +470,59 @@ Each entry is dated to show when changes were implemented. For questions about a
 - EUID is explicitly set to 0 in CI environment to bypass root checks
 - Enhanced debugging shows exact point of failure when scripts hang
 - Timeout failures now provide detailed log output for debugging
+
+---
+
+## 2025-07-01 - Security Update
+
+### � DEPENDENCY MANAGEMENT
+- **Frontend Dependency Tracking**: Added Chart.js and Font Awesome to the automated software version checker
+  - **Chart.js**: Now automatically monitored for updates (currently v4.5.0)
+  - **Font Awesome**: Now automatically monitored for updates (currently v6.7.2)
+  - **Version Variables**: Added `CHARTJS_VER` and `FONTAWESOME_VER` to `enginescript-variables.txt`
+  - **Dynamic Substitution**: Admin control panel installation script now substitutes versions automatically
+  - **GitHub Actions Integration**: Extended software-version-check.yml workflow to monitor frontend dependencies
+  - **README Documentation**: Added Chart.js and Font Awesome to the software versions table
+
+### �🔒 COMPREHENSIVE SECURITY HARDENING
+- **Frontend Dashboard Security**: Completed comprehensive security audit and hardening of the JavaScript dashboard
+  - **Input Validation & Sanitization**: Implemented strict client-side input validation with parameter whitelisting
+    - Added validation for page names, log types, time ranges, and tool names against predefined whitelists
+    - Comprehensive input sanitization removing HTML special characters, JavaScript protocols, and dangerous patterns
+    - Length limits implemented (1000 chars for general input, 50KB for log content)
+  - **XSS Prevention**: Complete protection against Cross-Site Scripting attacks
+    - Replaced unsafe `innerHTML` usage with secure `textContent` and `createElement()` methods
+    - All dynamic content created using DOM manipulation instead of HTML string injection
+    - API response data sanitized before display with comprehensive content filtering
+    - Eliminated inline event handlers and prevented `eval()` usage
+  - **URL & Navigation Security**: Secure handling of external URLs and navigation
+    - Domain validation with regex patterns before opening external links
+    - `window.open()` enhanced with `noopener,noreferrer` security flags
+    - Dangerous protocols (`javascript:`, `data:`, `vbscript:`) filtered and removed
+    - Frame protection implemented to prevent embedding in malicious frames
+  - **Data Handling Security**: Secure processing of all API responses and user data
+    - Strict type validation for all data objects received from API
+    - Safe URL handling with domain validation before creating clickable links
+    - Proper memory management with cleanup of charts and event listeners
+    - Secure error handling without information disclosure
+  - **Production Security Features**: Enhanced security for production environments
+    - Console access disabled in production environments to prevent debugging
+    - Error message sanitization to prevent sensitive information disclosure
+    - Resource validation before loading external dependencies
+    - Secure initialization and cleanup procedures
+- **Enhanced Security Documentation**: Updated comprehensive security documentation covering both frontend and backend
+  - **Frontend Security Guide**: Detailed documentation of all JavaScript security measures
+  - **Security Architecture**: Defense-in-depth approach with multiple security layers
+  - **Testing Procedures**: Comprehensive security testing checklists for both frontend and backend
+  - **Incident Response**: Updated emergency response procedures for security incidents
+  - **Monitoring Integration**: Enhanced security monitoring and logging procedures
+
+### 🛡️ BACKEND API SECURITY (Previously Implemented)
+- **Complete API Security Audit**: Comprehensive security review and hardening of PHP API backend
+  - **Input Validation**: Strict validation and sanitization of all API inputs
+  - **Command Injection Prevention**: Eliminated shell command vulnerabilities
+  - **Path Traversal Protection**: Prevented directory traversal attacks
+  - **Rate Limiting**: Implemented rate limiting with IP-based tracking
+  - **Security Headers**: Added comprehensive security headers for all responses
+  - **Error Handling**: Secure error handling without information disclosure
+  - **Logging**: Comprehensive security event logging and monitoring
@@ -153,6 +153,7 @@ Want to support EngineScript? [Sponsor this project](https://github.com/sponsors
 |**`es.menu`**       |EngineScript menu |
 |**`es.permissions`** |Resets the permissions of all files in the WordPress directory *(server-wide)* |
 |**`es.restart`**    |Restart Nginx and PHP |
+|**`es.sites`**      |Lists all WordPress sites installed on the server with status information |
 |**`es.update`**     |Update EngineScript |
 |**`es.variables`**  |Opens the variable file in Nano. This file resets when EngineScript is updated |
 
@@ -187,6 +188,11 @@ Want to support EngineScript? [Sponsor this project](https://github.com/sponsors
 |PHPMYADMIN|5.2.2|https://www.phpmyadmin.net/downloads/ |
 ||
 ||
+|**Admin Control Panel**|
+|Chart.js|4.5.0|https://github.com/chartjs/Chart.js |
+|Font Awesome|6.7.2|https://github.com/FortAwesome/Font-Awesome |
+||
+||
 |**Object Cache**|
 |REDIS|Latest|https://redis.io/ |
 ||
@@ -232,6 +238,5 @@ Want to support EngineScript? [Sponsor this project](https://github.com/sponsors
 |LIBURING|2.9|https://github.com/axboe/liburing |
 |MYSQLTUNER|Latest|https://github.com/major/MySQLTuner-perl |
 |ZLIB|1.3.1|https://github.com/madler/zlib |
-|Admin Control Panel Template|-|https://github.com/bhjoco/onepage-medium |
 
 ----------
@@ -1,15 +1,47 @@
-# onepager-medium
+# EngineScript Admin Dashboard
 
-Live Preview: https://op.1lp.org/medium
+This directory contains the modern admin dashboard for EngineScript server management.
 
-Simple (only HTML &amp; CSS), responsive one-pager for small businesses. Minimalist, clean design for longer content. 
+## Files
 
-It's possible to display smaller image galleries, lists, tables, but also to insert a YouTube/Vimeo video or a Google/Wufoo form.
+- `index.html` - Main dashboard HTML file with modern, responsive design
+- `dashboard.css` - Modern CSS styling with dark theme and smooth animations
+- `dashboard.js` - Interactive JavaScript for real-time dashboard functionality
+- `favicon.png` - Dashboard favicon (simple placeholder)
 
-The template comes with a navigation bar (removable), facilitating jumping between sections (e.g., introduction, services, references, gallery, etc.). However, keep in mind that everything appears on one page, there are no subpages, so let's keep the wording concise. 
+## Features
 
-It could be ideal for small, individual entrepreneurs who want to quickly and succinctly present their activities to potential clients, but it can also function as an online resume.
+- **Responsive Design**: Works on desktop, tablet, and mobile devices
+- **Real-time Monitoring**: Live server statistics and service status
+- **Interactive Charts**: Performance monitoring with Chart.js
+- **Multi-page Dashboard**: Overview, Sites, System, Security, Backups, Logs, and Tools
+- **Service Management**: Monitor Nginx, PHP, MariaDB, and Redis
+- **WordPress Site Management**: View and manage WordPress installations
+- **Security Monitoring**: SSL certificates, firewall, and malware scanning
+- **Log Viewer**: Real-time log viewing with filtering
+- **Admin Tools**: Quick access to phpMyAdmin, PHPinfo, and other tools
 
-Created by József Balázs-Hegedűs (www.balazshegedus.com).
-First published on www.egylapon.hu in 2023.
-Made public in 16.04.2024.
+## API Integration
+
+The dashboard is designed to work with RESTful API endpoints for real-time data:
+
+- `/api/system/*` - System information and statistics
+- `/api/sites/*` - WordPress site management
+- `/api/security/*` - Security status and alerts
+- `/api/backups/*` - Backup status and management
+- `/api/logs/*` - Log file access
+- `/api/services/*` - Service status monitoring
+
+## Future Enhancements
+
+- Real backend API implementation
+- User authentication and role-based access
+- WebSocket connections for real-time updates
+- Advanced monitoring and alerting
+- Site deployment and management tools
+- Automated backup scheduling
+- Security scanning and hardening tools
+
+## Installation
+
+The dashboard is automatically deployed by the EngineScript installation process to `/var/www/admin/enginescript/`.