chore(version): pre-release bump to 01.45.05-dev [skip ci]

- Remove Run Backup / Backup Now buttons from profiles list, profile edit toolbar, and backup records view
- Move download, browse archive, and view log from backup list rows into individual backup record detail view
- Add download button to backup detail toolbar
- Link profile column in backup records list to profile edit
- Complete restore script filename customization across BackupEngine, SteppedBackupEngine, and MokoRestore
- Remove ordering field from profiles, default sort by ID ascending
- Fix untranslated JFIELD language keys
- Bump all manifests to 01.43.11-dev

.mokogitea/workflows/auto-release.yml

@@ -7,7 +7,7 @@
 # INGROUP: mokocli.Release
 # REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokocli
 # PATH: /templates/workflows/universal/auto-release.yml.template
-# VERSION: 05.01.00
+# VERSION: 05.00.00
 # BRIEF: Universal build & release � detects platform from manifest.xml
 #
 # +=======================================================================+
@@ -75,7 +75,6 @@ jobs:
         with:
           token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 1
-          submodules: recursive
 
       - name: Setup mokocli tools
         env:
@@ -174,7 +173,6 @@ jobs:
         with:
           token: ${{ secrets.MOKOGITEA_TOKEN }}
           fetch-depth: 0
-          submodules: recursive
 
       - name: Configure git for bot pushes
         run: |

.mokogitea/workflows/issue-branch.yml

@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 02.52.19
+# VERSION: 01.45.05
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"

CHANGELOG.md

@@ -1,17 +1,7 @@
 # Changelog
+
 ## [Unreleased]
 
-## [02.52.18] --- 2026-06-30
-
-## [02.52.18] --- 2026-06-30
-
-## [01.45.00] --- 2026-06-28
-
-
-## [01.45.00] --- 2026-06-28
-
-## [01.43.35] --- 2026-06-28
-
 ### Added
 - Customizable restore script filename per backup profile (reduces discoverability on remote servers)
 - MokoRestore standalone mode: multi-ZIP selector when multiple backup archives are present
@@ -27,7 +17,6 @@
 - MokoRestore cleanup and security messages now reference the actual script filename instead of hardcoded "restore.php"
 
 ### Fixed
-- SSH key indicator detection and missing delete language key
 - Bootstrap 5 modal conversion for snapshots view (data-bs-dismiss, modal-footer, getOrCreateInstance)
 - ntfy default URL changed from ntfy.sh to ntfy.mokoconsulting.tech
 - Untranslated JFIELD_ORDERING_ASC / JFIELD_ORDERING_LABEL language keys replaced with component-specific keys
@@ -36,3 +25,134 @@
 - MokoRestore stalling: unhandled promise rejections from network errors or non-JSON responses left UI in loading state
 
 ## [01.43.00] --- 2026-06-24
+
+
+## [01.43.00] --- 2026-06-24
+
+## [01.42.00] --- 2026-06-23
+
+
+## [01.42.00] --- 2026-06-23
+
+## [01.41.00] — 2026-06-23
+
+### Added — Multi-Remote Storage
+- New `#__mokosuitebackup_remotes` table for multiple destinations per profile
+- Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit
+- Engine uploads to ALL enabled destinations (BackupEngine + SteppedBackupEngine)
+- Migration auto-converts existing SFTP/S3/GDrive/FTP profile columns to new table
+- Backward compatibility: falls back to legacy single-remote columns if table empty
+- Secrets masked in API responses, merged from DB on save
+
+### Added — Content Snapshots
+- Lightweight JSON snapshots of articles, categories, and modules
+- Includes tags, custom fields, workflow associations, field values
+- Restore modes: Replace (clean slate), Merge (upsert), Selective (per-article)
+- Snapshot retention: max count + max age with automatic cleanup
+- Scheduled snapshot task via com_scheduler
+- CLI: `mokosuitebackup:snapshot create|restore|list|delete`
+- REST API: create, list, restore, delete, download snapshots
+- Tabbed browse modal: Articles / Categories / Modules with item counts
+
+### Added — SFTP Remote Storage
+- SFTP support with SSH key file authentication (key stored base64 in database)
+- Auth type dropdown: Password / Key File / Key File + Passphrase
+- SshKeyField: file upload via FileReader, key never exposed in HTML
+- SFTP remote directory browser for path selection
+- `__KEEP_EXISTING__` sentinel preserves key on profile re-save
+
+### Added — MokoRestore Wizard (9 steps)
+- Per-table conflict resolution: Replace / Skip / Merge / Data Only
+- Preset buttons: "All Replace", "All Skip", "Everything except users"
+- Post-restore actions: reset passwords, hits, versions, sessions, cache
+- Auto-detect sanitized passwords and prompt for reset (random temp password)
+- Standalone mode: restore.php scans directory for ZIP files
+- Wrapped mode: restore.php bundled inside backup ZIP
+- Security gate with filesystem verification + path traversal protection
+
+### Added — Data Sanitization
+- Sanitize user passwords: replace hashes with invalid sentinel
+- Sanitize user emails: replace with dummy values
+- Clear session data: exclude `#__session` table
+- Preserve super admin credentials (optional)
+- GDPR-friendly backup sharing for demos and staging sites
+
+### Added — Backup Engine
+- Pre-flight validation: directory, disk space, extensions, credentials, running backups
+- Auto-verify archive integrity after creation (ZIP, tar.gz, 7z)
+- 7z archive format via system 7za/7z CLI binary with native encryption
+- Streaming database dump to temp file (prevents OOM on large sites)
+- S3 streaming upload via CURLOPT_PUT (prevents OOM)
+- Graceful remote degradation: local backup preserved if upload fails
+- DatabaseDumper::dumpToFile() for memory-efficient operation
+
+### Added — Admin UI
+- Dashboard: snapshot widget, 30-day backup trend chart, per-profile storage breakdown
+- CPanel admin dashboard module (mod_mokosuitebackup_cpanel) with quick actions
+- Backup type filter dropdown in backups list
+- Backup comparison: select two backups for side-by-side diff
+- Archive browser: view files inside backup without extracting
+- Manual purge: delete backups older than a date with count preview
+- Backup count badges on profile list
+- "Do not navigate away" warning in backup/restore progress modals
+- Clickable placeholder pills for backup directory and archive name fields
+- Comprehensive help modal with absolute/relative/placeholder path documentation
+- Placeholder resolution display with EXAMPLE prefix
+- All placeholders UPPERCASE: [HOST], [SITE_NAME], [DATE], [DATETIME], etc.
+
+### Added — CLI & API
+- `mokosuitebackup:restore` with --files-only, --db-only, --password options
+- `mokosuitebackup:snapshot` with create, restore, list, delete actions
+- REST API for snapshots: create, list, restore, delete, download
+- Profile credentials masked in API responses
+
+### Added — Notifications & Logging
+- Email/ntfy notifications for site restore, snapshot create/restore
+- Joomla Action Logs for restore, snapshot, and snapshot restore events
+- Global ntfy server/topic/token settings (fallback for profiles)
+
+### Added — Security & Configuration
+- Webcron secret field with CSPRNG generator + strength meter
+- IP whitelist field with current IP detection + one-click "Add my IP"
+- 10 ACL permissions with full enforcement audit across all controllers
+- Config defaults: archive format, MokoRestore mode, sanitization settings
+- Path traversal protection on all archive extraction (ZIP, tar.gz, JPA)
+
+### Fixed
+- CLI RestoreCommand passed wrong arguments (filepath instead of record ID)
+- JPA path traversal: reject `../` in archive entry paths
+- S3Uploader OOM: streaming upload instead of file_get_contents
+- DatabaseDumper OOM: streaming to file instead of in-memory string
+- AkeebaImporter: removed unserialize() (PHP object injection risk)
+- BackupTable: delete DB row before file (prevents data loss)
+- RestoreEngine: staging path sanitized with preg_replace
+- API profiles: sensitive fields masked with `***`
+- Webcron: missing return after sendJsonResponse on auth failure
+- loadFormData(): cast array to object (PHP 8.x TypeError fix)
+- MokoRestore data-only mode: uses REPLACE INTO for existing rows
+- Plaintext archive deleted on encryption failure
+- TarGzArchiver: intermediate .tar cleaned in finally block
+- Install script: single-line comments converted to block comments
+- Orphaned root-level webservices plugin files removed
+- include_mokorestore column: TINYINT changed to VARCHAR(20)
+- Snapshot fields_values: scoped dump and restore to com_content.article (previously destroyed values for contacts, users, etc.)
+- Run Backup button: accept CSRF token from GET (fixes "token did not match" on profile edit)
+- SFTP fields: moved into remote fieldset for showon visibility; removed required attr that blocked non-SFTP saves
+- Script.php merge conflict markers resolved
+
+## [01.24.00] — 2026-06-02
+
+### Added
+- Initial release: full-site backup and restore for Joomla 6
+- Database, files, and configuration backup
+- ZIP and tar.gz archive formats with AES-256 encryption
+- Differential backups based on file manifests
+- FTP/FTPS, S3, Google Drive remote storage
+- MokoRestore standalone restore wizard
+- CLI backup and restore commands
+- REST API for remote management
+- Scheduled tasks via com_scheduler
+- Email and ntfy push notifications
+- Per-profile retention, exclusions, and notifications
+- Akeeba Backup migration tool
+- Admin dashboard with system health checks

SECURITY.md

@@ -23,7 +23,7 @@ DEFGROUP: Template-Joomla
 INGROUP: Template-Joomla.Documentation
 REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
 PATH: /SECURITY.md
-VERSION: 02.52.19
+VERSION: 01.45.05
 BRIEF: Security vulnerability reporting and handling policy
 -->
 

source/packages/com_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="component" method="upgrade">
 	<name>MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/com_mokosuitebackup/sql/updates/mysql/01.44.02.sql

@@ -0,0 +1 @@
+/* 01.44.02 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/01.44.03.sql

@@ -0,0 +1 @@
+/* 01.44.03 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/01.45.00.sql

@@ -1 +0,0 @@
-/* 01.45.00 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/01.45.02.sql

@@ -0,0 +1 @@
+/* 01.45.02 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/01.45.03.sql

@@ -0,0 +1 @@
+/* 01.45.03 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/01.45.05.sql

@@ -0,0 +1 @@
+/* 01.45.05 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/02.52.16.sql

@@ -1 +0,0 @@
-/* 02.52.16 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/02.52.17.sql

@@ -1 +0,0 @@
-/* 02.52.17 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/02.52.18.sql

@@ -1 +0,0 @@
-/* 02.52.18 — no schema changes */

source/packages/com_mokosuitebackup/sql/updates/mysql/02.52.19.sql

@@ -1 +0,0 @@
-/* 02.52.19 — no schema changes */

source/packages/com_mokosuitebackup/src/Controller/AjaxController.php

@@ -84,24 +84,6 @@ class AjaxController extends BaseController
 		$this->sendJson($result);
 	}
 
-	/**
-	 * Mark that the JS-driven pre-update backup has completed so the
-	 * server-side onExtensionBeforeUpdate handler skips its own run.
-	 * POST: task=ajax.markPreUpdateDone
-	 */
-	public function markPreUpdateDone(): void
-	{
-		if (!Session::checkToken('get') && !Session::checkToken('post')) {
-			$this->sendJson(['error' => true, 'message' => 'Invalid token'], 403);
-
-			return;
-		}
-
-		Factory::getSession()->set('mokosuitebackup.preupdate_js_done', true);
-
-		$this->sendJson(['success' => true]);
-	}
-
 	/**
 	 * Browse server directories for the folder picker field.
 	 * POST: task=ajax.browseDir&path=/some/path

source/packages/com_mokosuitebackup/src/Engine/BackupEngine.php

@@ -547,16 +547,7 @@ class BackupEngine
 	 */
 	private function createUploaderFromParams(string $type, array $params): RemoteUploaderInterface
 	{
-		$prefixMap = ['ftp' => 'ftp_', 'sftp' => 'sftp_', 's3' => 's3_', 'google_drive' => 'gdrive_'];
-		$prefix    = $prefixMap[$type] ?? '';
-
-		$prefixed = [];
-
-		foreach ($params as $key => $value) {
-			$prefixed[$prefix . $key] = $value;
-		}
-
-		$fake = (object) $prefixed;
+		$fake = (object) $params;
 
 		return match ($type) {
 			'ftp'          => new FtpUploader($fake),

source/packages/com_mokosuitebackup/src/Engine/MokoRestore.php

@@ -346,9 +346,6 @@ define('MOKOJOOMBACKUP_RESTORE', 1);
 define('RESTORE_DIR', __DIR__);
 define('BACKUP_FILE', RESTORE_DIR . '/site-backup.zip');
 
-error_log('MokoRestore: Script loaded — RESTORE_DIR=' . RESTORE_DIR);
-error_log('MokoRestore: PHP ' . PHP_VERSION . ', SAPI=' . php_sapi_name() . ', memory_limit=' . ini_get('memory_limit'));
-
 session_start();
 
 if (empty($_SESSION['restore_token'])) {
@@ -361,37 +358,25 @@ $token = $_SESSION['restore_token'];
 // Write a security file to the web root with a random code.
 // The user must read the code from the file and enter it in the browser
 // to prove they have filesystem access before any restore actions are allowed.
-$securityFile = RESTORE_DIR . '/mokorestore-security.php';
+$securityFile = RESTORE_DIR . '/.mokorestore-security.php';
 $securityCode = $_SESSION['security_code'] ?? '';
 
 if (empty($securityCode)) {
     $securityCode = strtoupper(substr(bin2hex(random_bytes(4)), 0, 8));
     $_SESSION['security_code'] = $securityCode;
     $_SESSION['security_verified'] = false;
-}
-
-// Write (or recreate) the security file whenever verification is still pending
-if (empty($_SESSION['security_verified']) && !is_file($securityFile)) {
-    error_log('MokoRestore: Writing security file: ' . $securityFile);
-    error_log('MokoRestore: Target directory: ' . RESTORE_DIR . ' (writable: ' . (is_writable(RESTORE_DIR) ? 'yes' : 'NO') . ')');
 
+    // Write security file with the code
     $securityContent = "<?php die('MokoRestore Security Code: " . $securityCode . "'); ?>\n"
         . "MokoRestore Security Verification\n"
         . "==================================\n"
         . "Code: " . $securityCode . "\n"
         . "Enter this code in the MokoRestore browser interface to proceed.\n"
         . "This file will be deleted automatically after verification.\n";
-
-    $written = @file_put_contents($securityFile, $securityContent);
-
-    if ($written === false) {
-        $err = error_get_last();
-        error_log('MokoRestore: FAILED to write security file — ' . ($err['message'] ?? 'unknown error'));
-        error_log('MokoRestore: Directory permissions: ' . decoct(@fileperms(RESTORE_DIR) & 0777) . ', owner: ' . @fileowner(RESTORE_DIR) . ', PHP user: ' . (function_exists('posix_getuid') ? posix_getuid() : 'n/a'));
-        error_log('MokoRestore: Security verification SKIPPED — user will not be challenged');
+    if (file_put_contents($securityFile, $securityContent) === false) {
+        // Cannot write security file — skip verification to avoid locking user out
         $_SESSION['security_verified'] = true;
-    } else {
-        error_log('MokoRestore: Security file created (' . $written . ' bytes)');
+        error_log('MokoRestore: Cannot write security file — verification skipped (check directory permissions)');
     }
 }
 
@@ -402,17 +387,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
 
     if ($inputCode === $securityCode) {
         $_SESSION['security_verified'] = true;
-        error_log('MokoRestore: Security code VERIFIED');
 
+        // Delete the security file
         if (is_file($securityFile)) {
             @unlink($securityFile);
-            error_log('MokoRestore: Security file deleted');
         }
 
         echo json_encode(['success' => true, 'message' => 'Security verified']);
     } else {
-        error_log('MokoRestore: Security code REJECTED (input=' . $inputCode . ')');
-        echo json_encode(['success' => false, 'message' => 'Incorrect security code. Check the file: mokorestore-security.php']);
+        echo json_encode(['success' => false, 'message' => 'Incorrect security code. Check the file: .mokorestore-security.php']);
     }
 
     exit;
@@ -431,7 +414,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
     }
 
     if (!$securityVerified) {
-        echo json_encode(['success' => false, 'message' => 'Security verification required. Enter the code from mokorestore-security.php']);
+        echo json_encode(['success' => false, 'message' => 'Security verification required. Enter the code from .mokorestore-security.php']);
         exit;
     }
 
@@ -441,12 +424,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
     @ignore_user_abort(true);
 
     try {
-        error_log('MokoRestore: Action dispatched — ' . $_POST['action']);
         $result = handleAction($_POST['action'], $_POST);
-        error_log('MokoRestore: Action ' . $_POST['action'] . ' completed — ' . ($result['success'] ? 'OK' : 'FAIL: ' . ($result['message'] ?? '')));
         echo json_encode($result);
     } catch (Throwable $e) {
-        error_log('MokoRestore: Action ' . $_POST['action'] . ' EXCEPTION — ' . $e->getMessage());
         echo json_encode(['success' => false, 'message' => $e->getMessage()]);
     }
 
@@ -571,14 +551,10 @@ function actionPreflight(): array
 
 function actionExtract(array $data): array
 {
-    error_log('MokoRestore: Extract — target=' . BACKUP_FILE . ', exists=' . (file_exists(BACKUP_FILE) ? 'yes' : 'no'));
-
     if (!file_exists(BACKUP_FILE)) {
         throw new RuntimeException('Backup file not found: site-backup.zip');
     }
 
-    error_log('MokoRestore: Extract — archive size=' . number_format(filesize(BACKUP_FILE) / 1048576, 2) . ' MB');
-
     $zip = new ZipArchive();
 
     if ($zip->open(BACKUP_FILE) !== true) {
@@ -615,8 +591,6 @@ function actionExtract(array $data): array
     $count = $zip->numFiles;
     $zip->close();
 
-    error_log('MokoRestore: Extract — ' . $count . ' files extracted to ' . RESTORE_DIR);
-
     // Pre-fill from configuration.php.bak (sanitized backup) or
     // configuration.php (legacy/unsanitized backup). Skip [SANITIZED:] values.
     $existingConfig = [];
@@ -745,8 +719,6 @@ function actionDatabase(array $data): array
     $user   = $data['db_user'] ?? '';
     $pass   = $data['db_pass'] ?? '';
 
-    error_log('MokoRestore: Database import — host=' . $host . ', db=' . $name . ', user=' . $user);
-
     if (empty($name) || empty($user)) {
         throw new RuntimeException('Database name and user are required');
     }
@@ -754,12 +726,9 @@ function actionDatabase(array $data): array
     $sqlFile = RESTORE_DIR . '/database.sql';
 
     if (!is_file($sqlFile)) {
-        error_log('MokoRestore: Database import — no database.sql found, skipping');
         return ['success' => true, 'message' => 'No database.sql found — skipped', 'statements' => 0, 'errors' => 0];
     }
 
-    error_log('MokoRestore: Database import — SQL file size=' . number_format(filesize($sqlFile) / 1048576, 2) . ' MB');
-
     $pdo = new PDO(
         "mysql:host={$host};dbname={$name};charset=utf8mb4",
         $user,
@@ -866,14 +835,6 @@ function actionDatabase(array $data): array
         $msg .= " ({$errors} warnings)";
     }
 
-    error_log('MokoRestore: Database import — ' . $msg);
-
-    if (!empty($errorList)) {
-        foreach ($errorList as $i => $err) {
-            error_log('MokoRestore: DB error ' . ($i + 1) . ': ' . $err);
-        }
-    }
-
     return [
         'success'    => ($statements > 0 || $errors === 0),
         'message'    => $msg,
@@ -886,7 +847,6 @@ function actionDatabase(array $data): array
 
 function actionConfig(array $data): array
 {
-    error_log('MokoRestore: Config rebuild started');
     $host     = $data['db_host'] ?? 'localhost';
     $dbName   = $data['db_name'] ?? '';
     $dbUser   = $data['db_user'] ?? '';
@@ -907,7 +867,6 @@ function actionConfig(array $data): array
     // debug, cache, SEF, editor, etc.). Fall back to existing config
     // for legacy/unsanitized backups, or build from scratch if neither exists.
     $basePath = is_file($bakPath) ? $bakPath : (is_file($configPath) ? $configPath : null);
-    error_log('MokoRestore: Config — base template: ' . ($basePath ?? 'none (building from scratch)'));
 
     if ($basePath !== null) {
         $config = file_get_contents($basePath);
@@ -960,12 +919,9 @@ function actionConfig(array $data): array
         }
 
         if (file_put_contents($configPath, $config) === false) {
-            error_log('MokoRestore: Config — FAILED to write ' . $configPath);
             return ['success' => false, 'message' => 'Failed to write Joomla config file — check directory permissions'];
         }
 
-        error_log('MokoRestore: Config — written to ' . $configPath . ' (' . filesize($configPath) . ' bytes)');
-
         // Remove .bak after successful rebuild
         if (is_file($bakPath)) {
             @unlink($bakPath);
@@ -1219,8 +1175,6 @@ function actionResetAdmin(array $data): array
     $userId   = (int) ($data['admin_id'] ?? 0);
     $password = $data['new_password'] ?? '';
 
-    error_log('MokoRestore: Admin password reset — user_id=' . $userId);
-
     if ($userId < 1 || strlen($password) < 8) {
         throw new RuntimeException('Select an admin and enter a password (8+ characters)');
     }
@@ -1234,7 +1188,6 @@ function actionResetAdmin(array $data): array
         throw new RuntimeException('User not found or password unchanged');
     }
 
-    error_log('MokoRestore: Admin password reset — success');
     return ['success' => true, 'message' => 'Admin password updated successfully'];
 }
 
@@ -1244,7 +1197,6 @@ function actionPostRestore(array $data): array
     $prefix  = getValidatedPrefix($data);
     $tasks   = json_decode($data['tasks'] ?? '[]', true) ?: [];
     $results = [];
-    error_log('MokoRestore: Post-restore — ' . count($tasks) . ' task(s): ' . implode(', ', $tasks));
 
     foreach ($tasks as $task) {
         try {
@@ -1367,7 +1319,6 @@ function actionProvision(array $data): array
     $prefix = getValidatedPrefix($data);
     $tasks  = json_decode($data['tasks'] ?? '[]', true) ?: [];
     $results = [];
-    error_log('MokoRestore: Provisioning — ' . count($tasks) . ' task(s): ' . implode(', ', $tasks));
 
     foreach ($tasks as $task) {
         try {
@@ -1444,24 +1395,16 @@ function actionProvision(array $data): array
 
 function actionCleanup(): array
 {
-    error_log('MokoRestore: Cleanup started');
     $removed = [];
 
-    foreach (['database.sql', 'site-backup.zip', 'mokorestore-security.php'] as $file) {
+    foreach (['database.sql', 'site-backup.zip'] as $file) {
         $path = RESTORE_DIR . '/' . $file;
 
-        if (is_file($path)) {
-            if (@unlink($path)) {
-                $removed[] = $file;
-                error_log('MokoRestore: Cleanup — removed ' . $file);
-            } else {
-                error_log('MokoRestore: Cleanup — FAILED to remove ' . $file);
-            }
+        if (is_file($path) && @unlink($path)) {
+            $removed[] = $file;
         }
     }
 
-    error_log('MokoRestore: Cleanup complete — removed ' . count($removed) . ' file(s)');
-
     return [
         'success' => true,
         'message' => 'Removed: ' . (empty($removed) ? '(none)' : implode(', ', $removed))
@@ -1627,14 +1570,14 @@ body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica N
     <!-- Step 0: Security Verification -->
     <div class="mr-panel <?php echo $securityVerified ? '' : 'visible'; ?>" id="panel0">
         <h2>Security Verification</h2>
-        <p class="mr-desc">To prevent unauthorized access, enter the security code from the file <code>mokorestore-security.php</code> in your site root.</p>
+        <p class="mr-desc">To prevent unauthorized access, enter the security code from the file <code>.mokorestore-security.php</code> in your site root.</p>
         <div style="border:1px solid #e2e8f0;border-radius:8px;padding:1.25rem;margin-bottom:1.25rem;background:#f8fafc">
             <div style="font-weight:600;font-size:0.9rem;color:#334155;margin-bottom:1rem;display:flex;align-items:center;gap:0.5rem">
                 <span style="font-size:1.1rem">&#128274;</span> How to find the code
             </div>
             <ol style="margin:0;padding-left:1.25rem;color:#475569;font-size:0.9rem;line-height:1.6">
                 <li>Connect to your server via FTP, SSH, or file manager</li>
-                <li>Open <code>mokorestore-security.php</code> in the site root directory</li>
+                <li>Open <code>.mokorestore-security.php</code> in the site root directory</li>
                 <li>Copy the 8-character code and enter it below</li>
             </ol>
         </div>

source/packages/com_mokosuitebackup/src/Engine/SteppedBackupEngine.php

@@ -394,14 +394,8 @@ class SteppedBackupEngine
 			$restoreScriptName = MokoRestore::sanitizeScriptName($restoreScriptName);
 			$restoreDir = dirname($session->archivePath);
 			$session->restoreScriptPath = $restoreDir . '/' . $restoreScriptName;
-
-			try {
-				MokoRestore::generateStandalone($session->restoreScriptPath);
-				$session->log('Standalone ' . $restoreScriptName . ' generated');
-			} catch (\Throwable $e) {
-				$session->log('MokoRestore error: ' . $e->getMessage() . ' in ' . $e->getFile() . ':' . $e->getLine());
-				$session->log('Stack trace: ' . $e->getTraceAsString());
-			}
+			MokoRestore::generateStandalone($session->restoreScriptPath);
+			$session->log('Standalone ' . $restoreScriptName . ' generated');
 		}
 
 		// Update record
@@ -889,16 +883,7 @@ class SteppedBackupEngine
 	 */
 	private function createUploaderFromParams(string $type, array $params): RemoteUploaderInterface
 	{
-		$prefixMap = ['ftp' => 'ftp_', 'sftp' => 'sftp_', 's3' => 's3_', 'google_drive' => 'gdrive_'];
-		$prefix    = $prefixMap[$type] ?? '';
-
-		$prefixed = [];
-
-		foreach ($params as $key => $value) {
-			$prefixed[$prefix . $key] = $value;
-		}
-
-		$fake = (object) $prefixed;
+		$fake = (object) $params;
 
 		return match ($type) {
 			'ftp'          => new FtpUploader($fake),

source/packages/mod_mokosuitebackup_cpanel/mod_mokosuitebackup_cpanel.xml

@@ -8,7 +8,7 @@
  -->
 <extension type="module" client="administrator" method="upgrade">
 	<name>mod_mokosuitebackup_cpanel</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-23</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="actionlog" method="upgrade">
 	<name>Action Log - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="console" method="upgrade">
 	<name>Console - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="content" method="upgrade">
 	<name>Content - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="plugin" group="quickicon" method="upgrade">
 	<name>Quick Icon - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="system" method="upgrade">
 	<name>System - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_system_mokosuitebackup/src/Extension/MokoSuiteBackup.php

@@ -28,7 +28,6 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 		return [
 			'onAfterInitialise'        => 'onAfterInitialise',
 			'onAfterRoute'             => 'onAfterRoute',
-			'onBeforeRender'           => 'onBeforeRender',
 			'onExtensionBeforeUpdate'  => 'onExtensionBeforeUpdate',
 			'onExtensionBeforeUninstall' => 'onExtensionBeforeUninstall',
 		];
@@ -348,52 +347,10 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 	}
 
 	/**
-	 * Inject JavaScript on installer/update pages to show a backup progress
-	 * modal before extension updates proceed.
-	 */
-	public function onBeforeRender(Event $event): void
-	{
-		$app = $this->getApplication();
-
-		if (!$app->isClient('administrator')) {
-			return;
-		}
-
-		$option = $app->input->getCmd('option', '');
-		$view   = $app->input->getCmd('view', '');
-
-		if ($option !== 'com_installer' && $option !== 'com_joomlaupdate') {
-			return;
-		}
-
-		$params = ComponentHelper::getParams('com_mokosuitebackup');
-
-		if (!(int) $params->get('backup_before_update', 0)) {
-			return;
-		}
-
-		$profileId = (int) $params->get('default_profile', 1);
-		$token     = \Joomla\CMS\Session\Session::getFormToken();
-
-		$js = $this->getPreUpdateBackupScript($profileId, $token);
-
-		$app->getDocument()->addScriptDeclaration($js);
-	}
-
-	/**
-	 * Run a backup before any extension is updated (server-side fallback
-	 * for CLI/API updates where JavaScript is not available).
+	 * Run a backup before any extension is updated.
 	 */
 	public function onExtensionBeforeUpdate(Event $event): void
 	{
-		$session = Factory::getSession();
-
-		if ($session->get('mokosuitebackup.preupdate_js_done', false)) {
-			$session->set('mokosuitebackup.preupdate_js_done', false);
-
-			return;
-		}
-
 		$this->runPreActionBackup('backup_before_update', 'Pre-update backup');
 	}
 
@@ -451,161 +408,6 @@ final class MokoSuiteBackup extends CMSPlugin implements SubscriberInterface
 		}
 	}
 
-	/**
-	 * Build the inline JavaScript that intercepts extension update actions
-	 * and runs a stepped backup with a progress modal first.
-	 */
-	private function getPreUpdateBackupScript(int $profileId, string $token): string
-	{
-		$baseUrl = \Joomla\CMS\Uri\Uri::base() . 'index.php?option=com_mokosuitebackup&format=json&' . $token . '=1';
-
-		return <<<JS
-document.addEventListener('DOMContentLoaded', function() {
-    var msbOrigSubmit = Joomla.submitbutton;
-    var msbBackupRunning = false;
-    var msbPendingTask = null;
-
-    // Create modal
-    var msbModal = document.createElement('div');
-    msbModal.id = 'msbPreUpdateModal';
-    msbModal.className = 'modal fade';
-    msbModal.setAttribute('tabindex', '-1');
-    msbModal.setAttribute('data-bs-backdrop', 'static');
-    msbModal.setAttribute('data-bs-keyboard', 'false');
-    msbModal.innerHTML = '<div class="modal-dialog modal-dialog-centered"><div class="modal-content">'
-        + '<div class="modal-header"><h5 class="modal-title"><span class="icon-archive me-2"></span>Pre-Update Backup</h5></div>'
-        + '<div class="modal-body">'
-        + '<p id="msbStatusText">Creating a backup before updating...</p>'
-        + '<div class="progress" style="height:24px"><div id="msbProgressBar" class="progress-bar progress-bar-striped progress-bar-animated" style="width:0%">0%</div></div>'
-        + '<div id="msbLogArea" style="max-height:120px;overflow-y:auto;font-size:0.8rem;color:#64748b;margin-top:12px;font-family:monospace;white-space:pre-wrap"></div>'
-        + '</div>'
-        + '<div class="modal-footer" id="msbFooter" style="display:none">'
-        + '<button type="button" class="btn btn-secondary" id="msbSkipBtn">Skip & Update</button>'
-        + '<button type="button" class="btn btn-danger" id="msbCancelBtn">Cancel</button>'
-        + '</div>'
-        + '</div></div>';
-    document.body.appendChild(msbModal);
-
-    var bsModal = new bootstrap.Modal(msbModal);
-
-    function msbUpdateProgress(pct, msg) {
-        var bar = document.getElementById('msbProgressBar');
-        bar.style.width = pct + '%';
-        bar.textContent = pct + '%';
-        if (msg) document.getElementById('msbStatusText').textContent = msg;
-    }
-
-    function msbLog(msg) {
-        var log = document.getElementById('msbLogArea');
-        log.textContent += msg + '\\n';
-        log.scrollTop = log.scrollHeight;
-    }
-
-    function msbShowFooter() {
-        document.getElementById('msbFooter').style.display = '';
-    }
-
-    function msbFinish(success) {
-        msbBackupRunning = false;
-        if (success && msbPendingTask) {
-            msbUpdateProgress(100, 'Backup complete — proceeding with update...');
-            // Mark JS backup done so server-side handler skips
-            fetch('{$baseUrl}&task=ajax.markPreUpdateDone', {method:'POST', headers:{'X-Requested-With':'XMLHttpRequest'}});
-            setTimeout(function() {
-                bsModal.hide();
-                msbOrigSubmit.call(Joomla, msbPendingTask);
-                msbPendingTask = null;
-            }, 800);
-        }
-    }
-
-    function msbRunStep(sessionId) {
-        fetch('{$baseUrl}&task=ajax.step&session_id=' + encodeURIComponent(sessionId), {
-            method: 'POST',
-            headers: {'X-Requested-With': 'XMLHttpRequest'}
-        })
-        .then(function(r) { return r.json(); })
-        .then(function(data) {
-            if (data.error) {
-                msbUpdateProgress(data.progress || 0, 'Backup error: ' + data.message);
-                msbLog('ERROR: ' + data.message);
-                msbShowFooter();
-                return;
-            }
-            msbUpdateProgress(data.progress || 0, data.message || data.phase || 'Working...');
-            if (data.message) msbLog(data.message);
-            if (data.done) {
-                msbFinish(true);
-            } else {
-                msbRunStep(sessionId);
-            }
-        })
-        .catch(function(err) {
-            msbUpdateProgress(0, 'Backup request failed');
-            msbLog('Network error: ' + err.message);
-            msbShowFooter();
-        });
-    }
-
-    function msbStartBackup() {
-        msbBackupRunning = true;
-        msbUpdateProgress(0, 'Initializing backup...');
-        msbLog('Starting pre-update backup (profile {$profileId})...');
-
-        fetch('{$baseUrl}&task=ajax.init&profile_id={$profileId}&description=Pre-update+backup', {
-            method: 'POST',
-            headers: {'X-Requested-With': 'XMLHttpRequest'}
-        })
-        .then(function(r) { return r.json(); })
-        .then(function(data) {
-            if (data.error) {
-                msbUpdateProgress(0, 'Backup init failed: ' + data.message);
-                msbLog('INIT ERROR: ' + data.message);
-                msbShowFooter();
-                return;
-            }
-            msbLog('Backup initialized — ' + data.message);
-            msbUpdateProgress(data.progress || 5, data.message || 'Running...');
-            msbRunStep(data.session_id);
-        })
-        .catch(function(err) {
-            msbUpdateProgress(0, 'Could not start backup');
-            msbLog('Network error: ' + err.message);
-            msbShowFooter();
-        });
-    }
-
-    // Intercept Joomla toolbar submit
-    Joomla.submitbutton = function(task) {
-        if ((task === 'update.update' || task === 'update.install') && !msbBackupRunning) {
-            msbPendingTask = task;
-            bsModal.show();
-            msbStartBackup();
-            return;
-        }
-        msbOrigSubmit.call(Joomla, task);
-    };
-
-    // Skip button — proceed without backup
-    document.getElementById('msbSkipBtn').addEventListener('click', function() {
-        bsModal.hide();
-        msbBackupRunning = false;
-        if (msbPendingTask) {
-            msbOrigSubmit.call(Joomla, msbPendingTask);
-            msbPendingTask = null;
-        }
-    });
-
-    // Cancel button — abort everything
-    document.getElementById('msbCancelBtn').addEventListener('click', function() {
-        bsModal.hide();
-        msbBackupRunning = false;
-        msbPendingTask = null;
-    });
-});
-JS;
-	}
-
 	/**
 	 * Send a JSON response and terminate — used by web cron handler.
 	 */

source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="task" method="upgrade">
 	<name>Task - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml

@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="webservices" method="upgrade">
 	<name>Web Services - MokoSuiteBackup</name>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>

source/pkg_mokosuitebackup.xml

@@ -8,14 +8,14 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoSuiteBackup</name>
 	<packagename>mokosuitebackup</packagename>
-	<version>02.52.19</version>
+	<version>01.45.05</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
 	<authorUrl>https://mokoconsulting.tech</authorUrl>
 	<copyright>Copyright (C) 2026 Moko Consulting. All rights reserved.</copyright>
 	<license>GPL-3.0-or-later</license>
-	<description>PKG_MOKOJOOMBACKUP_DESCRIPTION</description>
+	<description>PKG_MOKOJOOMBCKUP_DESCRIPTION</description>
 
 	<scriptfile>script.php</scriptfile>
 
@@ -29,7 +29,6 @@
 		<file type="plugin" id="mokosuitebackup" group="content">plg_content_mokosuitebackup.zip</file>
 		<file type="plugin" id="mokosuitebackup" group="actionlog">plg_actionlog_mokosuitebackup.zip</file>
 		<file type="module" id="mod_mokosuitebackup_cpanel" client="administrator">mod_mokosuitebackup_cpanel.zip</file>
-		<file type="package" id="pkg_mokosuiteclient">MokoSuiteClient.zip</file>
 	</files>
 
 	<languages>
@@ -37,7 +36,7 @@
 	</languages>
 
 	<updateservers>
-		<server type="extension" name="MokoSuiteBackup Updates">https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteBackup/updates.xml</server>
+		<server type="extension" name="MokoSuiteBackup Updates">https://git.mokoconsulting.tech/api/packages/MokoConsulting/generic/MokoSuiteBackup/latest/updates.xml</server>
 	</updateservers>
 	<dlid prefix="dlid=" suffix=""/>
 	<blockChildUninstall>true</blockChildUninstall>