Project Changelog & Feature Library

Added a sticky live news ticker bar below the navbar. The ticker shows 3 rotating categories: (1) 24 Server Country Flags (name + flag icon, gold-filtered), (2) 26 Communication App icons from connection_apps/, (3) 14 Payment Gateway logos from payment_ic/. Items are grouped in sets of 5 with a ◇ separator. Category labels (SERVERS / APPS / PAYMENTS) appear between groups. The ticker is sticky (stays below navbar at all times, even on scroll). Navbar height is dynamically measured via JS offsetHeight for accurate sticky top positioning. Images use loading=lazy + decoding=async for performance. Animation: pure CSS transform translateX, 110s linear infinite, pauses on hover. Gold filter: sepia(0.4) saturate(2) hue-rotate(8deg) brightness(1.2).

Added two side-by-side CTA buttons in the homepage hero section. Button 1: "Neon Tunnel Panel & APK" — uses the existing rotating neon-green conic-gradient border (btn-explore). Button 2: "Purchase Source Code & Application" — same size, different blue/purple conic-gradient glow (btn-src-code). Auto-cycling hero text: after 5 seconds the title/subtitle smoothly transitions to Phase 2 ("Admin Panel & Source Code / Kharidne ke liye.") with re-triggered typing + circle-reveal animations, then loops every 8 seconds between phases. Mobile: both buttons side by side (flex:1, align-items:stretch), smaller font, no stacking. No existing animations or functionality modified.

Added a live Server Access Preview card inside the Create Plan and Edit Plan modals, placed just above the Description field. The card shows all accessible servers as compact pill-chips. Servers within the server_limit are shown as green/unlocked chips; servers beyond the limit are shown as grey/locked chips. When the \u221e Unlimited toggle is checked, all chips turn green. The count badge (e.g. 3 / 12) updates live as the admin types in the limit field. Servers are fetched role-aware: Main Admin sees all 50 servers, Sub-Admin sees assigned servers, Reseller sees parent-pool servers. CSS class .plan-srv-preview added to admin.css.

Added Unlimited option (server_limit=0 sentinel) for VPN subscription plans. Plan create/edit modals now have an ∞ Unlimited toggle checkbox. When checked, the number input is locked and value=0 is submitted. All display locations (plan cards, active subscription banners, server-list active plan card, category unlock badges) show ∞ Unlimited instead of 0 when server_limit=0. Backend: getServersForActivePlan() already treated 0 as PHP_INT_MAX (no change needed). server-list.php unlock logic: planServerLimit=0 unlocks all servers in active category. api/index.php: server_limit=0 removes the SQL LIMIT clause entirely (all servers returned). API response includes server_limit="unlimited" string for Android APK awareness.

Fixed the dashboard dual-grid visual height mismatch where the Recent Activity section appeared shorter than Active Servers. Root fix: .dual-grid > .data-section now uses flex-direction:column, .dash-scroll-box uses flex:1 to fill remaining space. Both columns are now always equal height via CSS Grid stretch + flexbox fill. All 3 documentation files and catalog updated with Session 6 (P79-P83) changes.

Improved server-edit.php: session_write_close() added before detect_ip HTTP call, auto-migration session-cached (sedit_migrated flag). Supported Protocols section moved above Status dropdown to reduce scrolling. Added CSS :has(input:checked) rule so selected protocols glow with neon-green border/background — instantly distinguishable from unchecked. server-add.php also received session_write_close() in suggest_ip and detect_ip handlers.

Root cause found for slow page navigation: ping AJAX requests hold PHP session file lock for 2-6 seconds (exec ping -W 2 + fsockopen × 4 ports × 1.5s each). When user navigates to any page, session_start() is blocked by concurrent ping requests. Fix: session_write_close() added immediately before slow network operations in all AJAX handlers. JS ping initialization delayed by 2.5 seconds so navigation within first 2.5s is also unblocked.

Fixed mobile card layout: switched from absolute-left label approach (caused Location row wrapping: "Phoenix, United States" split across 2 lines) to label-top approach (::before display:block on separate line). Available content width now 287px vs 183px previously — location text fits on one line on all screen sizes. table-scroll-container on mobile now uses overflow-y:auto max-height:600px (proper scroll box) instead of overflow:visible max-height:none.

Added internal scroll (max-height + overflow-y:auto) to all major data containers so page scroll is replaced with container-level scroll. servers.php/configs.php: 500px limit (~6 rows). server-list.php .srv-grid: 450px (2 rows of 3 cards = 6 cards on desktop, 640px mobile). dashboard.php Active Servers: 360px, Recent Activity: 245px. Mobile table containers: 600px. All containers use neon-green scrollbar styling.

Fixed empty left cells on mobile for servers.php and configs.php. Converted table-scroll-container tables to stacked card layout on mobile using CSS data-label technique. Added data-label attributes to all <td> elements. Removed expensive backdrop-filter from sidebar on mobile. Reduced modal blur. Slowed cube animation. Overall mobile performance significantly improved with no UI design changes.

Added real-time ping display on all three server views (management table, server list cards, config list). Ping uses 2-tier: ICMP exec (Linux VPS) with TCP socket fallback (ports 443→80→22→8080). Color-coded badges: green <100ms, yellow 100-200ms, red >200ms. Users column shows red if active_conns > max_users. Added 195-country smart search dropdown on server-add.php with substring match highlighting. Auto IP detection and suggestion with NTP pool + ccTLD NS + 195-country static fallback. Country name shown in IP suggestion bar.

Fixed "Plan not found or unauthorized" error for Sub Admin wallet purchase (hardcoded created_by=1 bug). Fixed reseller seeing ALL sub-admin plans instead of only their parent's. Added purchased_from column for dynamic server hierarchy. Added duplicate plan block. Added active subscription banner + Already Active badge on plan cards. Enhanced getAccessibleServers() with purchased_from awareness. Added getServersForActivePlan() with MIN(plan_limit, pool) logic.

Complete overhaul of the subscription and server-access system. "Recharge Plans" renamed to "Subscription Plans" everywhere. Added real-time expiry countdown on VPN Users, auto-expiry engine, wallet auto-renew logic, hierarchical server access (Admin→SubAdmin→Reseller), and plan server_limit enforcement in API. All roles now see only servers they are entitled to based on subscription hierarchy.

Conducted a complete top-to-bottom audit of the admin panel codebase (NeonTunnelVPN_APK/ excluded). Verified every file, cross-reference, role gate, and financial flow. Identified previously undocumented production components and added them to all 3 documentation files + this catalog. Zero code changes — pure documentation synchronization.

Built a comprehensive Feature Catalog & Changelog system accessible from admin panel sidebar and public homepage. Integrates all 73 documented updates with search, filter, copy buttons, and role-based access.

Removed the navbar clock widget after user clarification. User only wanted chat message timestamps fixed, not a persistent clock on every admin page.

Fixed false notification re-trigger: updateSidebarBadge() in support-chat.php now writes unread count to localStorage so the sidebar global poll starts from the correct baseline when user navigates away from chat.

Stopped toast and sound notifications from firing when user is already on the /admin/support-chat page. Badge still updates silently.

Added chat notification system to landing page for logged-in admins. Fixed Web Audio not playing due to AudioContext lifecycle mismanagement.

If any sent message is seen (blue tick), all previous sent messages in the conversation now also show blue ticks — matching WhatsApp-style behavior.

Fixed chat timestamps showing wrong time (e.g., 2PM IST when actual time was 7:43PM IST). Root cause: MySQL TIMESTAMP stores UTC; JavaScript was treating it as local time.

Click the avatar or name in the chat header to view the contact's profile card — showing name, email, phone, role, username, joined date, and online status.

PayU callback was ignoring the actual mihpayid from POST and using a timestamp fallback, meaning real PayU transaction IDs were never stored in Payment History.

Eliminated the manual UTR input fallback entirely. All gateways now operate in real-time only. Unsupported gateways are visually locked (greyed out, OFFLINE badge).

Integrated bKash Tokenized Checkout API v1.2. Requires 4 credentials: App Key, App Secret, Username, Password. Full token grant → create → redirect → execute flow.

Established mandatory deep-dive analysis protocol before any code edit. No future update to be applied without verifying backend references, breakage risk, and cross-dependencies.

All 13 payment gateways now pre-selected by default when creating a Sub-Admin. Compact single-badge dropdown replaces multi-badge column in Sub-Admin table.

Created separate card grid for Sub-Admin's active gateway configurations, visually separated from Main Admin's own gateways on the payment-gateways.php page.

Fixed bug: new Sub-Admin/Reseller creations with ₹0.00 balance were not creating payments table entries. Fund Wallet modal also missing MTXN logging.

Fixed payment history column misalignment across different roles. Synchronized thead/tbody column positions globally.

Main Admin can assign specific payment gateways to each Sub-Admin. Sub-Admins only see and use their assigned gateways.

Created a full card-based payment gateway management page. Supports 13 global gateways with per-gateway API key management, on/off toggle, and role-based access.

All roles now have Settings accessible from sidebar. Admin → full global settings page. Sub-Admin and Reseller → redirected to profile modal instead.

Moved Recharge Plans from Management section to Finance section for logical grouping. Renamed org section labels for clarity.

Completely removed the Master Password concept and all its legacy code. Sub-Admins no longer see the "Sub Admins" menu item. Servers/Configs locked to Main Admin only.

Added professional favicon set (32×32, 16×16, Apple Touch, ICO) to all admin pages including balance.php which was missing.

Renamed "Plans" to "Recharge Plans" across all admin pages, sidebar, headers, and page titles for professional clarity.

Switched Razorpay from Test mode to LIVE mode with real bank credentials. All financial transactions are now real-money operations.

Unified topup chip presets across all roles (Admin, Sub-Admin, Reseller). Same ₹5k/₹10k/₹25k/₹35k/₹50k chips for all.

Added high-value funding chips (₹5k–₹50k) to Admin's manual credit form with auto-fill logic for large transactions.

Developed GPay/PhonePe-style interactive receipt popups for all financial transactions. Single-page visibility guaranteed on all devices.

Built card-based Recharge Plans system with role-based CRUD, purchase flow, and subscription history. Synchronized payments and transactions tables for atomic entries.

Granted Sub-Admins and Resellers access to Activity Logs with hierarchical data filtering. Removed sidebar locks.

Rebuilt login activity log with internal table scrolling, telemetry parsing, country flag emojis, OS icons, and expanded browser detection.

Conducted a comprehensive codebase audit including database schema verification, logic flow validation, and cross-reference check across all 19 active files.

Split activity logs into System and Login sections. Added Geo-IP tracking, City detection, device/browser tracking. Full documentation rewrite to structured roadmap format.

Corrected financial logic so all incoming funds are credits. Enabled PIN recharge for Resellers with strict UI pruning (Redeem-only view, no Generate section).

Complete redesign of pins.php to ATM-style interface. Added live-sync.js for real-time dashboard data without page reloads.

Refactored addBalance() to fix nested transaction crash when called inside an already-open PDO transaction (e.g., PIN redemption inside financial flow).

Built the complete hierarchical wallet system. Main Admin funds Sub-Admins, Sub-Admins fund Resellers. Balance displayed live, atomic transfer with debit/credit logging.

Created full SQL-based authentication with hashed passwords, session management, and role-based access control.

Integrated the admin panel with Hostinger remote MySQL database. PDO connection with error handling, UTF8MB4 charset, and strict exception mode.

Added cursor-based radial glow on feature cards. Created AgentRules.md for project governance. Added infinite cross-fading logo animation.

Built IntersectionObserver-based scroll reveal system with 10 animation types. Added typing animation and circular reveal effect on hero title.

Built full-screen mobile drawer with glassmorphism effect, smooth slide-in animation, overlay backdrop, and auto-close on link click.

Integrated "VPN" text into the 3D cube design. Added mini-cube to the navbar logo area. Refined all font sizes and spacing for cross-device consistency.

Stabilized mobile viewport, scaled the 3D cube for mobile screens, and ensured touch-friendly navigation.

Established clean directory structure separating public, admin, includes, api, css, and assets folders.

Built the hexagonal icon system for feature cards using clip-path. Added glowing icon hexagons with neon-green borders.

Moved authentication to admin/login.php. Clean separation of public landing page from admin area.

Built the entire public landing page from scratch. Features a 3D CSS animated VPN cube, neon-dark theme, hero section, feature cards, security info section, and footer.