227227 </ li >
228228 < li class ="toctree-l3 "> < a class ="reference internal " href ="#new-feature-dns-record-type-customization "> New Feature: DNS Record Type Customization</ a >
229229 </ li >
230- < li class ="toctree-l3 "> < a class ="reference internal " href ="#enhanced-security-with-account-lockout "> Enhanced Security with Account Lockout</ a >
230+ < li class ="toctree-l3 "> < a class ="reference internal " href ="#new-features-in-v400 "> New Features in v4.0.0</ a >
231+ < ul >
232+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#enhanced-security-features "> Enhanced Security Features</ a >
233+ </ li >
234+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#api-management "> API Management</ a >
235+ </ li >
236+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#user-experience-improvements "> User Experience Improvements</ a >
237+ </ li >
238+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#lookup-and-integration-features "> Lookup and Integration Features</ a >
239+ </ li >
240+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#email-system-enhancements "> Email System Enhancements</ a >
241+ </ li >
242+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#zone-management-features "> Zone Management Features</ a >
243+ </ li >
244+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#administrative-features "> Administrative Features</ a >
245+ </ li >
246+ < li class ="toctree-l4 "> < a class ="reference internal " href ="#configuration-examples "> Configuration Examples</ a >
247+ </ li >
248+ </ ul >
231249 </ li >
232250 < li class ="toctree-l3 "> < a class ="reference internal " href ="#notes "> Notes</ a >
233251 </ li >
@@ -404,11 +422,15 @@ <h2 id="overview">Overview</h2>
404422< h2 id ="key-changes "> Key Changes</ h2 >
405423< ul >
406424< li > Configuration file format and location have changed</ li >
407- < li > Database schema updates including new login_attempts table</ li >
408- < li > New theming system</ li >
409- < li > Updated permission system</ li >
410- < li > Enhanced security with account lockout features</ li >
411- < li > Customizable DNS record types</ li >
425+ < li > Database schema updates including 8 new tables for enhanced functionality</ li >
426+ < li > New theming system with light/dark mode support</ li >
427+ < li > Enhanced security with multi-factor authentication (MFA)</ li >
428+ < li > Advanced account lockout and password reset features</ li >
429+ < li > API key management system</ li >
430+ < li > User preferences and agreements system</ li >
431+ < li > Google reCAPTCHA integration</ li >
432+ < li > WHOIS and RDAP lookup functionality</ li >
433+ < li > Enhanced email system with multiple transport options</ li >
412434< li > Improved object-oriented architecture with proper separation of concerns</ li >
413435</ ul >
414436< h2 id ="upgrade-instructions "> Upgrade Instructions</ h2 >
@@ -488,10 +510,6 @@ <h3 id="migration-prerequisites">Migration Prerequisites</h3>
488510< p > < strong > Note</ strong > : Users upgrading from versions earlier than v3.9.0 should first upgrade to v3.9.0 and run those migrations before upgrading to v4.0.0.</ p >
489511< h3 id ="verify-database-migration-completeness "> Verify Database Migration Completeness</ h3 >
490512< p > After running the migration, verify your database has all required tables for v4.0.0:</ p >
491- < p > < strong > Core Tables (should exist from previous versions):</ strong >
492- - < code > users</ code > , < code > zones</ code > , < code > zone_templ</ code > , < code > zone_templ_records</ code >
493- - < code > log_users</ code > , < code > log_zones</ code > (added in v3.2.0)
494- - < code > records_zone_templ</ code > (added in v2.1.7)</ p >
495513< p > < strong > New Tables for v4.0.0:</ strong >
496514- < code > login_attempts</ code > - Login tracking for security
497515- < code > migrations</ code > - Database migration tracking
@@ -504,10 +522,10 @@ <h3 id="verify-database-migration-completeness">Verify Database Migration Comple
504522< p > < strong > Verification Query (MySQL):</ strong > </ p >
505523< pre > < code class ="language-sql "> SELECT TABLE_NAME FROM information_schema.TABLES
506524WHERE TABLE_SCHEMA = 'your_database_name'
507- AND TABLE_NAME IN ('users', 'zones', 'zone_templ', 'zone_templ_records', 'log_users', 'log_zones', 'records_zone_templ', ' migrations', 'login_attempts', 'api_keys', 'user_mfa', 'user_preferences', 'zone_template_sync', 'password_reset_tokens', 'user_agreements');
525+ AND TABLE_NAME IN ('migrations', 'login_attempts', 'api_keys', 'user_mfa', 'user_preferences', 'zone_template_sync', 'password_reset_tokens', 'user_agreements');
508526</ code > </ pre >
509- < p > < strong > Expected Result:</ strong > You should see all 16 tables listed above.</ p >
510- < p > If any core tables are missing, you may need to run previous version migrations first .</ p >
527+ < p > < strong > Expected Result:</ strong > You should see all 8 new tables listed above.</ p >
528+ < p > If any new tables are missing, the migration may have failed. Check the migration logs for errors .</ p >
511529< h3 id ="upgrading-from-older-versions "> Upgrading from Older Versions</ h3 >
512530< p > If you're upgrading from a version earlier than v3.9.0, you should upgrade incrementally:</ p >
513531< ol >
@@ -535,30 +553,119 @@ <h2 id="new-feature-dns-record-type-customization">New Feature: DNS Record Type
535553]
536554</ code > </ pre >
537555< p > For full documentation on this feature, see < a href ="../../configuration/record-types/ "> Record Type Customization</ a > .</ p >
538- < h2 id ="enhanced-security-with-account-lockout "> Enhanced Security with Account Lockout</ h2 >
539- < p > Version 4.0.0 includes a new security feature to protect against brute force attacks:</ p >
540- < ul >
541- < li > Login attempt tracking system with database support (using the new login_attempts table)</ li >
542- < li > Configurable account lockout after failed login attempts</ li >
543- < li > IP address-based tracking and lockouts</ li >
544- < li > Whitelist and blacklist support for IP addresses (includes CIDR support)</ li >
545- </ ul >
546- < p > To configure these security features, add the following to your < code > config/settings.php</ code > file:</ p >
556+ < h2 id ="new-features-in-v400 "> New Features in v4.0.0</ h2 >
557+ < h3 id ="enhanced-security-features "> Enhanced Security Features</ h3 >
558+ < p > < strong > Multi-Factor Authentication (MFA)</ strong >
559+ - Support for authenticator apps (TOTP)
560+ - Email-based verification
561+ - Recovery codes for account recovery
562+ - Configurable recovery code generation</ p >
563+ < p > < strong > Advanced Account Lockout</ strong >
564+ - Login attempt tracking with database support
565+ - Configurable lockout attempts and duration
566+ - IP address-based tracking and lockouts
567+ - Whitelist and blacklist support (supports IPs, CIDRs, wildcards)</ p >
568+ < p > < strong > Password Reset System</ strong >
569+ - Secure password reset via email
570+ - Configurable token lifetime and rate limiting
571+ - Protection against brute force attacks</ p >
572+ < p > < strong > Google reCAPTCHA Integration</ strong >
573+ - Support for reCAPTCHA v2 and v3
574+ - Configurable score thresholds for v3
575+ - Login form protection</ p >
576+ < p > < strong > Enhanced Password Policies</ strong >
577+ - Configurable minimum length requirements
578+ - Character type requirements (uppercase, lowercase, numbers, special)
579+ - Custom special character sets</ p >
580+ < h3 id ="api-management "> API Management</ h3 >
581+ < p > < strong > API Key System</ strong >
582+ - Generate and manage API keys for external integrations
583+ - Key-based authentication for API endpoints
584+ - Request logging and monitoring
585+ - API documentation endpoints</ p >
586+ < h3 id ="user-experience-improvements "> User Experience Improvements</ h3 >
587+ < p > < strong > Theming System</ strong >
588+ - Light and dark mode support
589+ - Customizable theme base paths
590+ - Theme selection per user preference</ p >
591+ < p > < strong > User Preferences</ strong >
592+ - Personalized user settings storage
593+ - Individual user customization options</ p >
594+ < p > < strong > Enhanced Interface Options</ strong >
595+ - Display full names instead of usernames in zone lists
596+ - Improved reverse zone sorting (natural or hierarchical)
597+ - PowerDNS server status integration
598+ - Database consistency checks page
599+ - Email template previews</ p >
600+ < h3 id ="lookup-and-integration-features "> Lookup and Integration Features</ h3 >
601+ < p > < strong > WHOIS Lookup</ strong >
602+ - Built-in WHOIS query functionality
603+ - Configurable WHOIS servers
604+ - Socket timeout controls
605+ - Admin-only access controls</ p >
606+ < p > < strong > RDAP Lookup</ strong >
607+ - Registration Data Access Protocol support
608+ - HTTP-based domain information queries
609+ - Configurable RDAP servers
610+ - Request timeout controls</ p >
611+ < h3 id ="email-system-enhancements "> Email System Enhancements</ h3 >
612+ < p > < strong > Multiple Transport Options</ strong >
613+ - SMTP with authentication and encryption
614+ - Sendmail binary support
615+ - PHP mail() function
616+ - Configurable return paths</ p >
617+ < h3 id ="zone-management-features "> Zone Management Features</ h3 >
618+ < p > < strong > Zone Template Synchronization</ strong >
619+ - Automatic synchronization of zone templates
620+ - Template change tracking
621+ - Batch operations support</ p >
622+ < p > < strong > User Agreements System</ strong >
623+ - Version-controlled user agreements
624+ - Automatic re-acceptance on version changes
625+ - Compliance tracking</ p >
626+ < h3 id ="administrative-features "> Administrative Features</ h3 >
627+ < p > < strong > Enhanced Logging</ strong >
628+ - Improved logging levels and types
629+ - Database activity logging
630+ - API request logging
631+ - Syslog integration</ p >
632+ < p > < strong > Improved PowerDNS Integration</ strong >
633+ - Enhanced API connectivity
634+ - Server status monitoring
635+ - Better error handling</ p >
636+ < h3 id ="configuration-examples "> Configuration Examples</ h3 >
637+ < p > < strong > Enable MFA:</ strong > </ p >
547638< pre > < code class ="language-php "> 'security' => [
548- // Maximum number of failed attempts before lockout
549- 'max_login_attempts' => 5,
550-
551- // Time window in minutes for counting failed attempts
552- 'login_attempt_timeframe' => 30,
553-
554- // Lockout duration in minutes after max failed attempts
555- 'lockout_duration' => 30,
556-
557- // IP address whitelist (never locked out)
558- 'ip_whitelist' => ['127.0.0.1', '192.168.1.0/24'],
559-
560- // IP address blacklist (always blocked)
561- 'ip_blacklist' => [],
639+ 'mfa' => [
640+ 'enabled' => true,
641+ 'app_enabled' => true,
642+ 'email_enabled' => true,
643+ 'recovery_codes' => 8,
644+ ],
645+ ],
646+ </ code > </ pre >
647+ < p > < strong > Configure Account Lockout:</ strong > </ p >
648+ < pre > < code class ="language-php "> 'security' => [
649+ 'account_lockout' => [
650+ 'enable_lockout' => true,
651+ 'lockout_attempts' => 5,
652+ 'lockout_duration' => 15,
653+ 'whitelist_ip_addresses' => ['127.0.0.1', '192.168.1.0/24'],
654+ ],
655+ ],
656+ </ code > </ pre >
657+ < p > < strong > Enable API with reCAPTCHA:</ strong > </ p >
658+ < pre > < code class ="language-php "> 'api' => [
659+ 'enabled' => true,
660+ 'docs_enabled' => true,
661+ ],
662+ 'security' => [
663+ 'recaptcha' => [
664+ 'enabled' => true,
665+ 'site_key' => 'your_site_key',
666+ 'secret_key' => 'your_secret_key',
667+ 'version' => 'v3',
668+ ],
562669],
563670</ code > </ pre >
564671< h2 id ="notes "> Notes</ h2 >
0 commit comments