Add #__action_log_config entry so MokoWaaS emergency access events
display with proper type title and text prefix in System > Action Logs.
Both #__action_logs_extensions and #__action_log_config are cleaned up
on uninstall.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Register plg_system_mokowaas in #__action_logs_extensions on install
so emergency access events appear as filterable in Action Logs UI
- Unregister on uninstall
- Set Moko brand colors as defaults: navy #1a2744, dark #0f1b2d,
accent green #2ecc71
- Force HTTPS default: Yes (was No)
- Admin session timeout default: 60 minutes (was 0/disabled)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Custom AllowedIpsField reads mokowaas_allowed_ips from configuration.php
and displays:
- Number of IPs configured (or "Not configured" badge)
- List of allowed IPs with "your IP" badge on match
- Current visitor IP address
- Instructions for changing the setting
Replaces the static note field with a dynamic form field.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Every emergency access attempt is now logged to both the mokowaas log
file and Joomla Action Logs with a specific result code:
- blocked_ip: unauthorized IP address
- wrong_password: correct username, wrong DB password
- verify_file_created: first attempt, verification file written
- pending_file_delete: waiting for file deletion
- success: access granted
On successful login, a notification email is sent to the master email
address with site name, username, IP, and timestamp.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Emergency access events now write to #__action_logs in addition to
the mokowaas log file. Visible in System > Action Logs with username
and IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Empty mokowaas_allowed_ips now BLOCKS emergency access instead of
allowing all IPs. An explicit whitelist is required.
- Default master email changed to webmaster@mokoconsulting.tech
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The version consistency checker expects all VERSION: headers to match
the project version. Workflow files had 04.05.00 (MokoStandards
release version) which caused drift detection failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace CSS-based logo injection with proper Atum template param
enforcement. The plugin now sets logoBrandLarge, logoBrandSmall,
loginLogo, and favicon via #__template_styles params — both at
install time and enforced at runtime.
Media assets shipped with plugin:
- logo.png → sidebar brand (expanded) + login page logo
- favicon_256.png → sidebar brand (collapsed)
- favicon.svg → modern browser favicon (SVG preferred)
- favicon.ico → legacy browser fallback
- favicon_256.png → Apple/Android touch icon
Removed per-config media upload fields (admin_logo, login_logo,
custom_favicon) — images are now fixed in the plugin media folder.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The mokoconsulting.tech/support, /kb, and /news pages exist. Restore
runtime enforcement in MokoWaaS.php and install-time write in
script.php.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove enforceLoginSupportUrls() from runtime and
updateLoginSupportUrls() from install script. Both write hardcoded
mokoconsulting.tech/support, /kb, /news URLs to mod_loginsupport
module params — these pages don't exist yet.
Login support TEXT overrides (MOD_LOGINSUPPORT_FORUM etc.) are kept
since they work locally without an endpoint. The underlying hrefs
will still point to joomla.org until the endpoints are built and
URL enforcement is restored.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove operational fieldset (heartbeat telemetry, license check) from
v02.00.00. These features need a proper backend dashboard before they
are useful. Removed config fields, language strings, onAfterRender
handler, checkLicense(), handleLicenseFailure(), sendHeartbeat(),
getTableCount(), and HttpFactory import.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Suite 2.15: Visual branding (10 test cases)
- Suite 2.16: Tenant restrictions (10 test cases)
- Suite 2.17: Security hardening (10 test cases)
- Suite 2.18: Operations (8 test cases)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Suite 2.14a: Reset All Hits (5 test cases)
Suite 2.14b: Delete All Versions (7 test cases)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New Maintenance fieldset in plugin config with two one-shot actions:
- Reset All Hits: zeros out #__content.hits across the site
- Delete All Versions: purges all #__history records
Actions execute on save via onExtensionAfterSave, then auto-reset
the toggle to No. Both actions are logged to mokowaas category.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Suite 2.11: WaaS master user enforcement (create/delete/block/group)
- Suite 2.12: Emergency access two-factor flow (DB password + file)
- Suite 2.13: Override install respects existing user overrides
- Updated Suite 2.9: added RegularLabs Position fix, Powered by links,
login URL verification, and NOT-overriding checklist for HEADING keys
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed mergeOverridesIntoFile to collect keys already defined outside
the MokoWaaS block and skip them when building the block. User-set
overrides are never overwritten — only keys not already present get
injected. On update, the block is rebuilt with only missing keys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
RegularLabs Advanced Module Manager shows wrong tooltip text for the
Position column. Explicitly overriding the key forces the correct value.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
COM_MODULES_HEADING_MODULE and COM_PLUGINS_HEADING_NAME are table
column headers in list views, not branding text. Overriding them
breaks sortable table headers and filter labels in Contacts and
other components that share the HEADING pattern.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Bump composer.json version to 02.00.00 (was 01.00.00 from main)
- Bump version headers in CHANGELOG, CONTRIBUTING, CODE_OF_CONDUCT,
LICENSE.md, and all docs/ files to 02.00.00
- Wrap license headers in PHP files to stay under 120 chars
- Wrap long error message strings in MokoWaaS.php
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- enforceMasterUser: ensures mokoconsulting super admin always exists,
recreates if deleted, unblocks if blocked, re-adds to Super Users group
- Emergency access: login with DB password from configuration.php as a
two-factor flow — creates mokowaas-verify.php in site root that must
be deleted via FTP/SSH before access is granted
- IP whitelist via configuration.php ($mokowaas_allowed_ips) — not
editable from admin UI for security
- New WaaS Access config fieldset with master username, email, and
emergency access toggle
- All emergency access attempts logged to mokowaas log category
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove ~700 lines of Joomla core file paths that don't belong in a
plugin repository. Untrack .claude/settings.local.json (already in
.gitignore but was cached in the index).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On every admin request, check mod_loginsupport module params and
correct any URLs that have drifted from the expected values. Only
writes to DB when a mismatch is found.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mod_loginsupport wraps the language string in its own anchor tag, so
embedding <a> in the override value created broken nested links. Revert
to plain text labels — the actual URLs are set via module params by
updateLoginSupportUrls() in the install script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore LICENSE, SECURITY.md, composer.json from main (required by
standards-compliance workflow)
- Add Usage section to README (was failing CI check)
- Update README badges, features, and config docs for v02.00.00
- Update updates.xml targetplatform regex to match Joomla 5.x and 6.x
- Update system requirements to note PHP 8.3+ for Joomla 6
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Override mod_loginsupport headline and description strings
- Install script updates mod_loginsupport module params in DB to set
forum_url, documentation_url, and news_url to mokoconsulting.tech
- Ensures both link text (language overrides) and link destinations
(module params) point to Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set admin login support links to mokoconsulting.tech:
- Forum → /support
- Documentation → /kb
- News → /news
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wrap {{BRAND_NAME}} in an anchor tag linking to {{SUPPORT_URL}} in all
Powered by override strings (Atum, Cassiopeia, footer module, and
generic JLIB_HTML_POWERED_BY).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jmiller