Skip to content
GitLab

Modernize admin, media, config, and i18n across Emalmvarious changes

Merged Onne Ronda requested to merge fix/bugs into master

Summary

This MR is a broad modernization pass across the Emalm application.

It improves the admin panel structure and styling, hardens several risky request paths, expands the supported media types and upload flows, moves most runtime config into the database, improves stats collection, and brings the i18n layer up to date so newer features no longer silently leak hardcoded English.

Highlights

Security and runtime hardening

  • disabled unsafe public conversion/maintenance surfaces
  • changed destructive media deletion to POST + CSRF
  • enforced session expiry server-side
  • hardened auth cookies
  • added a low-syntax PHP runtime guard for unsupported PHP versions
  • improved failure handling around upload and media flows

Admin and config improvements

  • redesigned the admin shell to be more structured and CMS-like
  • grouped admin navigation and config sections more logically
  • split the config panel into sub-tabs
  • moved most app config into the database while keeping env-specific path/URL overrides on disk
  • added DB-backed config handling for newer feature toggles and player settings
  • made SQL debug available globally when enabled

Stats and observability

  • replaced the broken legacy counters with a best-effort server-side stats system
  • added daily page views, uploads, media views, sessions, and unique-visitor rollups
  • added admin charts, CSV export, and better stats surfaces
  • fixed page-view overcounting and several related tracking issues

Media and upload features

  • added Docs as a first-class multi-file text/snippet media type
  • added SWF support with Ruffle-backed playback
  • added MIDI support with browser playback and configurable player settings
  • added admin-only native video serving without conversion
  • added ephemeral uploads with expiry handling across media types
  • enabled and fixed the admin yt-dlp video URL import path
  • integrated new media types into listings, profiles, stats, admin, and related viewers

UX and front-end cleanup

  • moved utility links out of the crowded header into the footer
  • fixed several settings/profile/users rendering issues
  • removed menu/auth flicker by rendering the top bar from server state
  • improved mobile and profile media rendering
  • tightened placeholder and viewer behavior for newer media types

Internationalization

  • added a real i18n sync/completeness tool
  • updated the translation catalogs to include the full current key set
  • moved more upload/viewer/admin strings into the translation layer
  • added coverage so locale files cannot silently fall behind English structure again

Notes

  • config.local.php is intentionally included.
  • conn.php is intentionally not included.

Validation

Validated with targeted PHP linting, JS tests, admin smoke coverage, and focused local runtime checks during development.

Known unrelated red in the workspace:

  • two pre-existing stats assertions in php tests/run.php are still failing and are not introduced by this MR