v1.2.6

Security patch, bug fix, and feature release. What's changed?

• User IDs are now properly logged
• The PEAR mail library is now fully compatible with PHP 5.4 (used to send SMTP mail)
• Multiple forums are now properly displayed on the P2H admin page
• Fixed issues where the save option would not be the default when editing a package and server. In multiple server environments, this might cause you to accidentally change the server of a package without even realizing it. Nasty.
• SMF 2 forums are now supported
• The Change Client Password operation is now functional again
• Addressed a possible CSRF attack vector on the mass email page
• Improved reliability of the mass email function (might have addressed the blank mass email problem, not certain)
• Real support for decimal package prices/invoices
• Resolved bugs relating to invoice management and paid package signups. It's not bulletproof but now it actually works and you will no longer be receiving CSRF errors when trying to pay with PayPal.

v1.2.5

This release includes critical CSRF security patches and you should upgrade as soon as possible. In addition to those lovely security improvements we're looking at:

• open_basedir warnings are no longer shown
• MySQL password validation would sometimes fail on install. No longer!
• Support for decimal-based prices. e.g. $3.99
• "THT Order" is now replaced with your site name on PayPal invoices.
• PHP 5.2 is now the minimum supported version of PHP.
• PHP 5.4 is now supported.
• Added default navigation actions. For instance, when you click on Tickets in the client control panel navbar you'll be brought directly to the view tickets page instead of a page that asks you to choose another page.
• Some minor, under-the-hood improvements.

v1.2.4

This release is a summary of 13 closed issue reports and just about 100 Subversion commits. Here are the highlights...

• HTTPS is now supported without any modification to your configuration.
• Misc. JavaScript and UI bugs (lots of these)
• You can now test the connectivity between your server and THT under Servers in the ACP
• Fixed the PHP warning on the tickets page
• Snazzy tooltips are back!
• More server status information
• Installer MySQL bugs
• Now using CodeMirror for CSS and TPL editing in the Look & Feel Center
• THT now only ships with Reloaded2 and OrangeLegacy themes
• If your Admin CP session expires you'll be redirected back to the page that you were previously on after logging back in
• Overhaul of P2H code
• Confirmation dialogs for critical user actions making it more difficult to accidentally do something horrific.
• WHM secure connection option is now on by default
• Rewrote THT's versioning system
• Added support for any timezone PHP can handle. Default is UTC. Change it in General Settings -> General Configuration
• Admin Area tab is now hidden by default
• The Look & Feel Center's NavBar editor is now working again
• Improved automatic site URL generation in the installer
• Step 3 fields are now checked before you can move on to step 4
• You can now choose between 3 different "WWW Subdomain" modes of operation. More Info
• \r\n issues in various locations. Let me know if you find more!
• You can now customize the SMTP server port and it now also supports secure connections. Clients -> Email Configuration
• Email confirmation. This is on by default can be toggled in General Settings -> Signup Form. More Info
• Clients will now be automatically logged out if their account no longer exists
  P2H cron bug fixes

v1.2.3

This release patches some major security exploits. Please upgrade as soon as humanly (or inhumanly) possible. We've implemented a few very small new "features" but all the rest are bug fixes, performance enhancements, and visual improvements.

PS: Those ugly painful-to-look-at colors in the Admin CP Ticket Center have been replaced. ;)

v1.2.2

This release includes over 40 Subversion revisions, and many user contributions. Here's just some of the things covered:

Changes from the SVN Repo

• Made a much more reliable security check to make sure the installation file is being called directly. r5
• Fixed a problem where the Next Step button wouldn't be disabled when there was an error. r6
• Fixed a buggy installer. This includes the problems where you would get a red number instead of a more helpful error message when entering your SQL details. r8
• On install, it will now try to automatically generate a working Site URL. Hopefully this will help a few of you. r9
• Anything related to the API was deleted. Not happening in the 1.2 series. r11, r44, r45
• Fixes to the footer. r12, r13
• The RSS Reader on the admin home is now PHP 5.3 compatible. r14
• Changed database encoding/collation to utf8(_general_ci) r15, r42
• Fixed multiple FPD (full path disclosure) exploits. r16, r17, r19.
• Fixed a major exploit relating to the mass mailing system. r21
• P2H fixes. r22
• Email template fixes. r23
• Platform-specific installer fixes. r24, r25
• Fixes to the service status checker. r26
• Complete rewrite of the change user password function. r27
• When passwords are reset, they are now synced between cPanel/WHM and THT. r28
• The pesky subdomain bug. r32
• [Issue 7] Invoice "due date" bug + patch r34
• [Issue 10] Wrong caption when searching for users r36
• [Issue 12] Unparsed data on client invoice page. r38
• [Issue 13] Client search does not recognize status 4 r39
• WHM Importer now imports emails too. Thanks to Zack. r40

Special Upgrade Instructions
If upgrading, please delete your "xml-api" or "api" folders from the main THT directory if they still exist. Development on them in the 1.2 series has ceased and leaving them there may add security risks to your installation. As always, remember to backup both your MySQL Database and your files just in case something goes wrong.

v1.2.2-beta

Client Area:

• Added more information, client details, and package details.
• Moved the Ticket system into the Client Area.
• Removed the ability to delete account and replaced with the ability to cancel account (if allowed).
• Added the ability to change cPanel passwords for packages.
• Added a check for config(delacc) in client area so that if disabled the option no longer appears in the navigation menu (if accessed directly it results in an error).

Support Area:

• Renamed to Knowledge Base.
• Removed login from Knowledge Base.

Order Form:

• Added check to prevent clients from placing an order while logged in when multiple packages is disabled.
• Added AJAX and PHP checking to ensure usernames are alphanumeric.
• Added AJAX checking for e-mail format.
• Added AJAX and PHP checking for all new client details.
• Added CAPTCHA (AJAX and PHP checking).
• Added a PHP check for duplicate e-mail addresses.
• Added the ability to order package by ID.
• Removed the ability to order multiple packages on one account.

Admin Area:

• Added account statuses.
• Added package status "9" (cancelled) and added better checking for suspending, unsuspending, and validating packages.
• Added the ability to cancel an account.
• Added a "view account" link on validation page.
• Removed the ability to terminate an account from the search page and added a second step in cancelling/terminating an account to prevent accidental removal of accounts.
• Added "Cancelled" e-mail template.
• Added status icons on tickets.
• Added color coding on tickets to reflect urgency.
• Tickets are now ordered from newest to oldest.
• Added the ability to set packages as hidden.
• Added the ability to set packages as disabled.
• Added the ability to order packages by ID and included a direct link on the package page.
• Added IP display and WHOIS lookup.
• Added links on Client Statistics page that brings up a list of all accounts of that status.
• Renamed the "Edit Servers" page to "View Servers".
• Added online/offline status for common services (HTTP, FTP, MySQL, POP3, SSH) on the View Servers page.
• Added a basic activity log with the ability to filter events (Account registered, Package created, Suspended with reason, Unsuspended, Cancelled with reason, Terminated with reason, Client Login Success with IP, Client Login Failed with IP, Staff Login Succes with IP, Staff Login Failed with IP, Account approved with user_pack ID, Account declined with user_pack ID, and cPanel password updated).
• Added the ability to specify the reason for cancelling and terminating an account.
• Removed "suspended" and "unsuspended" e-mails during account validation process.
• Restricted access to "Paid Configuration" and "P2H Forums" to head staff (user ID 1).

Other:

• Fixed typos and syntax errors.
• Updated install.sql and upgrade.sql.
• Added GNu GPL v3 license document to main directory.
• Added flag images to directory to /themes/flags/ which are used in replacement of country names.
• Added 3 new images to /themes/icons/ for support ticket status.
• Fixed invoice system so once an invoice is paid it will unsuspend the package.
• Added 2 new database tables for users and user_packs backups incase of accidental deletion (users_bak and user_packs_bak).

v1.2.1

This is a bugfix release. There are also quite a few nice little features and enhancements too. Here's a semi-complete list of changes since 1.2:

Bugs Fixed:

• Fixed the cant re declare fatal error bug
• Fixed bug where redirects to payment for every type.
• Fixed the delete ticket problem with some physically attractive AJAX.
• Made a better check_email function, validEmail. validEmail is included in includes/class_main.php so it can be used just about anywhere. validEmail does not use the deprecated ereg function. (PHP 5.3 support) Wink
• Fixed two things. If a username is over eight characters then it is considered invalid. Also, anything put in the username field is automatically converted to lowercase.
• THT will no longer accept usernames that begin with a number.
• Fixed bug described here: http://thehostingtool.com/forum/thread-423.html
• Fixed bug in footer as described here: http://thehostingtool.com/forum/thread-395.html

Features / Enhancements:

• Updated order form message when paid completed
• Order Form now redirects straight to payment once completed
• Updated compiler.php and info.tpl with some update information.
• Added Drupal P2H support!
• Changed invoices box in client area to look nicer. More JS.
• Fixed a notice here and there. Gave compiler.php a new checkForDependencies function that runs at the beginning of every load and checks for basic functions that it needs. Such as MySQL and cURL. More to be added as needed.
• Added tool tip about keeping the username under 8 characters.
• Upgraded jquery.js to jQuery 1.4. It doesn't seem to have broken anything after some basic testing.
• Staff can change a client's cPanel account password
• Changed XML-API folder to API and added a readme.

v1.2

Look and Feel Center
The Look and Feel Center (LOF Center) replaces the old style chooser that was originally placed in
the Settings. There you can edit the contents of your navigation bar. Like add custom links, modify
existing ones and change the order of the links. You can also edit your CSS file as well as the header and footer template files directly from within THT. Another function the LOF Center provides is the option to upload a style in a zip file and have it automatically extracted into your style folder for use.

Paid Hosting
This was the most requested (and important) feature for 1.2. The paid hosting can be used in
conjunction with your PayPal account to sell hosting on a monthly or weekly basis. It can even
support multiple currencies. The paid hosting solution is the best way to make a profit from your
webhost. If your users do not make their payment, their accounts will automatically be suspended.

XML-API
The API is still a work in progress but the base of the API shipped in 1.2 with just a few features.
This API also has yet to be fully documented on how to use it. You may be wondering how this is
gonna help or even change your THT experience. Simply put, this allows for outside applications to
interact with TheHostingTool. So, if you wanted, you could create an application that would use
this API to notify you in some fashion when a new user signs up. The possibilities can be endless.
Stay tuned for updates on this!

Suspensions (affects cPanel/WHM users only)
Before, when THT suspended users for not posting their monthly amount (p2h) it gave WHM no
suspension reason. Now it gives a reason in the following format: Username (forumUsername):
Suspended for not posting monthly amount! (numberOfPostsMade out of requiredPosts)� Another
thing you can do that you couldn't before is suspending an account manually with a custom reason.