monster_masterpiece wrote:Gift card on Rewarble means?
Reset password link send the link waiting nothing receive
This fix im doing now should fix everything, give me 10 minutes running a deep scan on the over the overall engine of thefishingforums.co.uk This should fix everything.
-- 11 Jun 2026, 17:32 --
Password rest now updated! Coming in a new email template and should go straight into your inbox also you will get alerts from thefishingforums.com straight into your inbox.
-- 11 Jun 2026, 17:39 --
Now all emails have a fancy html template and goes straight into your inbox just like a trusted company would
-- 11 Jun 2026, 17:42 --
Here are all 9 commits from today, oldest to newest:
---
## 1. — Fix internal error on forum pages
A SQL query on forum/thread listing pages was referencing a table alias that no longer existed after a previous refactor. MySQL was throwing a column-not-found error every time someone loaded a forum page, causing a 500. Removed the stale alias so the count query ran correctly again.
---
## 2. — Add login/logout success messages
When users logged in or out, the page just silently redirected with no feedback. Added flash messages ("Welcome back, username" / "You have been logged out") using the existing `$_SESSION['_flash']` system so users get a visual confirmation of what just happened.
---
## 3. `` — Fix login failure with multiple Chrome saved passwords
Chrome's password manager can autofill multiple saved credentials into the login form at once, which meant `$_POST['password']` arrived as an array rather than a string. PHP's `password_verify()` crashed when it received an array. Added a type check to take only the first value and cast it to string before attempting verification.
---
## 4. — Fix new thread page: trailing slash 404 and no-forum redirect
Two problems on the new thread page. First, URLs with a trailing slash (e.g. `/thread/new/`) were hitting a 404 because the router didn't normalise them. Second, if a user navigated to the new thread form without a forum pre-selected, the Cancel button was pointing to a broken link because `$forum` was null. Fixed the router to strip trailing slashes and fixed the Cancel button to fall back to the homepage when no forum is set.
---
## 5. — Fix CSRF race condition: disable submit button during bfcache token refresh
When a user navigated back to a form using the browser's back/forward cache (bfcache), the CSRF token in the hidden field was stale. If they submitted immediately, the CSRF check failed and the form was rejected. Added JavaScript to detect the `pageshow` event with `persisted: true` (which fires on bfcache restore) and disable the submit button while the page refreshes, preventing submission until a fresh token is in place.
---
## 6. `` — Fix 10 integrity scan findings
This was the biggest commit of the day — a full codebase audit that fixed 10 separate bugs:
- **AdminController `approvePost()`** — All post-approval counter updates (thread count, post count, last thread ID) were not inside a database transaction. If the server crashed mid-way, counters could get permanently out of sync. Wrapped everything in `beginTransaction/commit/rollBack` and added an idempotency guard so approving an already-approved post does nothing instead of double-counting.
- **AdminController `deleteCategory()`** — There was no guard preventing deletion of a category that still had forums inside it. You could silently orphan all child forums. Added a check that refuses deletion if any forums exist under the category.
- **AdminController `deleteThread()`** — The thread count and post count on the parent forum were not being decremented when a thread was deleted. Added logic to fetch the thread's forum and post counts before deletion, then update the forum counters and refresh the last thread pointer.
- **MarketplaceController `postCreate()`** — Marketplace listings were ignoring the `mod_require_approval` setting entirely. A new user posting a listing would always bypass the moderation queue. Fixed to use the same approval logic as ThreadController — moderators auto-approve, everyone else goes through the queue based on their post count threshold.
- **CartController `getCartItems()`** — Out-of-stock items were still being displayed in the cart and included in the total. Added a stock check so items with zero stock are silently skipped.
- **PageController `submitVenue/submitGuide/submitEvent()`** — If a database error occurred while saving a submission, the catch block logged the error but the code fell through and redirected to a success page anyway. The user thought their submission worked when it silently failed. Fixed to re-render the form with an error message on failure.
- **Submission model** — The detail pages were loading entire submission tables into PHP memory and filtering in PHP code. For large datasets this would cause memory issues. Replaced with two targeted SQL query methods that filter at the database level.
- **views/thread.php** — There was no user-facing error message for the `post_failed` error code. If a reply failed due to a server error, users saw a blank/broken state with no explanation. Added the missing error alert.
- **views/new-thread.php** — The Cancel button on the new thread form had a broken link when `$forum` was null (no forum pre-selected). Fixed to fall back to the homepage.
- **UserController login render** — A missing `'success' => []` key in the rate-limit render was causing a PHP notice and potential undefined variable in the view.
---
## 7. — Fix str_starts_with null crash on malformed request URIs
The page-view tracking code in `index.php` called `parse_url()` on the incoming request URI, then passed the result straight to `str_starts_with()`. `parse_url()` can return `null` when a bot sends a malformed URL, and `str_starts_with()` requires a string — so it was crashing with a fatal error on every such request. Added `?? '/'` as a null fallback so malformed URIs default to the root path and the crash never happens.
---
## 8. `— Add branded HTML email template system
All emails were previously plain text, which looks unprofessional and gets filtered by spam. Built a complete HTML email system:
- **`EmailTemplate` class** — A new core class with a `wrap()` layout method plus dedicated methods for password reset emails and order confirmation emails. Uses table-based layout with inline CSS for maximum compatibility across Gmail, Outlook, Apple Mail, and mobile clients.
- **`SmtpTransport` updated** — The `buildRfc5322()` method now detects when an HTML body is provided and switches to `multipart/alternative` MIME format, which contains both the HTML version and a plain-text fallback. Email clients that can't render HTML automatically show the plain text version.
- **`Mailer` updated** — Added an optional `$htmlBody` parameter threaded through `send()`, `sendViaSmtp()`, and `sendViaNativeMail()`. The native PHP `mail()` fallback also got upgraded to send multipart.
- **`UserController`** — Password reset emails now generate and send the HTML template alongside the plain text.
- **`CheckoutController`** — Order confirmation emails now generate and send the HTML template with a proper items table and payment instructions section.
---
## 9. — Restyle email template with green camouflage theme
Replaced the navy blue colour scheme on the email template with a green camouflage palette to match the fishing/outdoors feel of the site:
- Dark forest green header (`#2d4a1e`) with light lime-tinted text
- Olive accent stripes above and below the content area
- Khaki/tan outer background
- Sage green borders on the content panel
- Military green CTA buttons with a dark bottom edge for depth
- Matching dark green footer
Heres the updates right now!
by TalkBuildHost » Today, 14:11 
