Admin Footer
Admin Footer Include (Annotate)
File:
ct/includes/annotateftr.phpType: Backend Include File
Access Level: All Admin Pages
Last Updated: 2025-01-02
Overview
The Admin Footer include file (annotateftr.php) provides a comprehensive footer interface for every admin page. It includes a tabbed interface with user comments/discussion, bug reporting, help resources, and license information. The footer supports page-specific annotations, bug report submission to the ComusThumbz support system, and quick access to documentation.
Key capabilities include:
- Page-specific user comments and discussion
- Bug report submission (API with database fallback)
- Quick access to wiki documentation and support forums
- License information display
- CSRF-protected form submissions
- Tab preference persistence via localStorage
- Responsive design for mobile viewing
System Requirements
PHP Requirements
PHP Extensions Required
mysqli- Database connectivity for annotationssession- Session management for CSRF protectioncurl- Bug report API submissionjson- JSON encoding for API payloads
PHP Functions Required
sessionstart()- Session initializationbin2hex(),randombytes()- CSRF token generationhashequals()- Secure CSRF comparisoncurlinit(),curlexec()- API communication
PHP Settings
session.autostart = Off
date.timezone = Your/TimezoneInstallation Requirements
Database Tables
-- Annotations Table (page comments)
CREATE TABLE IF NOT EXISTS tblannotation (
id INT(11) NOT NULL AUTOINCREMENT,
WebmasterID INT(11) NOT NULL DEFAULT 1,
pageid VARCHAR(255) NOT NULL,
email VARCHAR(255) DEFAULT NULL,
comment TEXT,
datetime DATETIME DEFAULT CURRENTTIMESTAMP,
url VARCHAR(255) DEFAULT NULL,
ip VARCHAR(45) DEFAULT NULL,
name VARCHAR(100) DEFAULT NULL,
siteid INT(11) DEFAULT 1,
PRIMARY KEY (id),
KEY idxpageid (pageid),
KEY idxwebmaster (WebmasterID),
KEY idxdatetime (datetime)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4unicodeci;
Note: The footer also submits bug reports to the external ComusThumbz license database (
admincomuslicense.bugreports) via API or direct connection fallback.
Config Variables
From ct/dat/config.inc.php:
$dbhost,$dbuser,$dbpasswd,$db- Database connection$sitename- Site name for display$tgpemail- Admin email address$pwhash- Password hash for authentication$licensekey- License key for bug reports$licenseconfig- License configuration array:licensekey- License keydomain- Registered domainemail- Contact email
File Dependencies
ct/dat/config.inc.php- Main configurationct/includes/config.inc.php- Fallback configuration- Font Awesome 6+ - Icon library (CDN)
External Services
- ComusThumbz License API (
https://comusthumbz.com/projects/api.php) - Endpoint:
/bugs/report - Used for bug report submission
- ComusThumbz Wiki (
https://comusthumbz.com/wiki/manual/) - Documentation and help resources
- ComusThumbz Forums (
http://comusthumbs.com/forum/) - Community support
Features & UI Elements
Tab Interface
[Screenshot: annotate-ftr-tabs]
The footer uses a tabbed interface with four sections:
Tab Behavior:
- Uses unique class prefix (
ftr-) to avoid conflicts with page tabs - Preference saved to localStorage (
ftrActiveTab) - Persists across page navigation
Comments & Discussion Tab
[Screenshot: annotate-ftr-comments]
Displays and manages page-specific comments:
Comment Display:
- Chronological order (oldest first)
- Shows email (clickable mailto), user ID, timestamp
- Comment content with preserved whitespace
- Edit and Delete actions for authorized users
Comment Form:
- Email field (shown for guest users only)
- Comment textarea with placeholder
- CSRF token protection
- Submit button ("Post Comment")
Authorization Levels:
Report Bug Tab
[Screenshot: annotate-ftr-bug-report]
Bug submission form for licensed users:
Form Fields:
Auto-Included Data:
- PHP Version
- Server Software
- Page URL
- License Key (masked)
- Domain
- User Agent
- IP Address
API Status:
- Shows endpoint being used
- Debug info with masked license key, domain, email
Warning: Bug reports require a valid license key. Without one, the form displays an error message.
Help Resources Tab
[Screenshot: annotate-ftr-resources]
Quick links to documentation and support:
Resource Links:
- Wiki Manual - ComusThumbz documentation
- Development Wiki - Page-specific discussion
- Support Forums - Community forums
- License Dashboard - License management portal
- Email Support - Direct support email
Quick Help Topics:
- Installation Guide
- Configuration Help
- Troubleshooting
- Frequently Asked Questions
- Community Forums
Contact Information:
- Email: support@comusthumbz.com
- Response Time: Usually within 24 hours
- License Support Status: Active/Not Found
License Info Tab
[Screenshot: annotate-ftr-license]
Displays license information (only shown if license key exists):
Displayed Information:
- License Key (first 16 characters + ...)
- Registered Domain
- Contact Email
- Link to License Dashboard
Step-by-Step Usage
Including the Footer
<?php
// At the end of any admin page
includeonce('../includes/annotateftr.php');
?>Posting a Comment
- Navigate to any admin page with the footer
- Click the Comments & Discussion tab
- Enter your comment in the textarea
- Click Post Comment
- Page refreshes with new comment displayed
Tip: Comments are page-specific. Each admin page has its own comment thread identified by the page URL.
Editing a Comment
- Find your comment in the Comments tab
- Click edit link (if authorized)
- Comment text loads in edit form
- Modify the comment
- Click Update This Comment
Deleting a Comment
- Find the comment to delete
- Click delete link (if authorized)
- Confirm the deletion in popup
- Comment is permanently removed
Submitting a Bug Report
- Click the Report Bug tab
- Fill in all required fields:
- Bug Title: Clear, concise summary
- Category: Select the most relevant category
- Priority: Rate the severity
- Description: Include:
- What you were doing
- What happened (actual behavior)
- What you expected
- Steps to reproduce
- Error messages
- Click Submit Bug Report
- Confirmation message appears with Report ID
Note: Bug reports are submitted to the ComusThumbz support system via API. If the API is unavailable, a direct database fallback is used.
Accessing Help Resources
- Click the Help Resources tab
- Click any quick link to open in new tab
- Use Quick Help Topics for specific guidance
- Contact support via email if needed
Best Practices
Comment Guidelines
- Be Specific: Include page name and context
- Stay On Topic: Comments are page-specific
- Use Markdown: Basic formatting is preserved
- Include Details: Error messages, versions, etc.
Bug Report Quality
For faster resolution, include:
1. WHAT YOU WERE DOING:
[Describe the action you were performing]
- WHAT HAPPENED:
[Describe the actual behavior/error]
- WHAT YOU EXPECTED:
[Describe expected behavior]
- STEPS TO REPRODUCE:
- Go to [page]
- Click [button]
- Enter [data]
- See error
- ERROR MESSAGES:
[Copy exact error text if any]Session Security
- CSRF tokens are generated per session
- Tokens validated on all POST actions
- Session auto-starts if not active
Troubleshooting
Common Issues
Comments Not Saving
Cause: Database connection or CSRF validation failure
Solutions:
- Verify database connection in config.inc.php
- Check that
tblannotationtable exists:
SHOW TABLES LIKE 'tblannotation';
- Check session is active (CSRF token requires session)
- Review
ct/logs/php-error.logfor errors
Bug Report Submission Failed
Cause: API connection or license validation issue
Solutions:
- Verify license key is configured
- Check curl extension is enabled:
vardump(extensionloaded('curl'));
- Test API connectivity manually
- Check fallback database connection credentials
- Review error log for detailed message
Delete Not Working
Cause: Permission or CSRF validation issue
Solutions:
- Ensure you have delete permission (owner or admin)
- Check CSRF token is valid (session not expired)
- Verify POST method is being used (not GET)
- Check browser console for JavaScript errors
Tabs Not Switching
Cause: JavaScript error or CSS conflict
Solutions:
- Check browser console for errors
- Verify Font Awesome is loading
- Clear localStorage:
localStorage.removeItem('ftrActiveTab') - Check for CSS conflicts with page styles
Debug Queries
-- Check annotations for a page
SELECT id, pageid, email, LEFT(comment, 50) as commentpreview, datetime
FROM tblannotation
WHERE pageid LIKE '%config.setup.php%'
ORDER BY datetime DESC;
-- Check annotation count by page
SELECT pageid, COUNT() as commentcount
FROM tblannotation
GROUP BY pageid
ORDER BY commentcount DESC
LIMIT 20;
-- Check recent annotations
SELECT id, pageid, name, datetime
FROM tblannotation
ORDER BY datetime DESC
LIMIT 10;
Security Considerations
CSRF Protection
- Token generated using
randombytes(16)+bin2hex() - Token stored in
$SESSION['csrf'] - All POST actions validate CSRF token using
hashequals() - Token regenerated per session (not per request)
Configuration Required: CSRF tokens use timing-safe comparison via
hashequals() to prevent timing attacks.
Input Validation
- All inputs sanitized with
htmlspecialchars()for output - Database queries use prepared statements
- Integer values validated with
intval() - Paths validated before use
Authentication
- Comment deletion checks:
- User level >= 50000 (super admin)
- Owner of comment (WebmasterID match)
- Site admin (level >= 5000) for same site
- Support cookie (
support=ok) - Login cookie matching password hash
Bug Report Security
- License key masked in display (first 16 chars)
- API communication over HTTPS
- Direct database fallback uses separate credentials
- IP address logged for audit trail
Technical Details
CSRF Token Generation
$SESSION['csrf'] = $SESSION['csrf'] ?? bin2hex(randombytes(16));
function csrftoken(): string {
return $SESSION['csrf'];
}
function checkcsrf(?string $t): bool {
return isset($SESSION['csrf'], $t) && hashequals($SESSION['csrf'], $t);
}
Bug Report Submission Flow
- User submits form
submitBugReport()called with bug data- Attempts API submission to
/bugs/report - On success: Returns bug ID
- On failure: Falls back to
submitBugReportDirectly() - Direct function connects to license database
- Looks up license ID by key/domain/email
- Inserts bug report with license association
- Returns bug ID or error
Tab Switching JavaScript
function switchFooterTab(tabName, evt) {
// Uses 'ftr-' prefix to avoid conflicts
var tabs = document.querySelectorAll('.ftr-tab-content');
tabs.forEach(function(t) { t.classList.remove('active'); });
var btns = document.querySelectorAll('.ftr-tab-button');
btns.forEach(function(b) { b.classList.remove('active'); });
var el = document.getElementById('ftr-' + tabName + '-tab');
if (el) { el.classList.add('active'); }
if (evt && evt.target) { evt.target.classList.add('active'); }
try { localStorage.setItem('ftrActiveTab', tabName); } catch(e) {}
}
Translatable Strings
{
"footercommentstitle": "Comments & Discussion",
"footerbugreporttitle": "Report Bug",
"footerresourcestitle": "Help Resources",
"footerlicensetitle": "License Info",
"footerusercomments": "User Comments & Discussion",
"footernocomments": "No user comments yet. Be the first to share your thoughts!",
"footeremaillabel": "Email (optional):",
"footeremailplaceholder": "your@email.com",
"footercommentslabel": "Your Comments:",
"footercommentsplaceholder": "Share your thoughts, ask questions, or provide feedback...",
"footerpostcomment": "Post Comment",
"footerdelete": "delete",
"footeredit": "edit",
"footerconfirmdelete": "Delete this comment?",
"footercommentnotfound": "Comment not found.",
"footerdbconnectionerror": "Database connection error.",
"footerupdatecomment": "Update This Comment",
"footerreportbug": "Report a Bug",
"footerbugintro": "Found a bug or issue? Report it directly to our development team for quick resolution.",
"footerapistatus": "API Status",
"footerdebuginfo": "Debug Info",
"footerbugtitlelabel": "Bug Title ",
"footerbugtitleplaceholder": "Brief description of the issue",
"footercategorylabel": "Category ",
"footercategoryinstallation": "Installation Issues",
"footercategoryconfiguration": "Configuration Problems",
"footercategorythumbnails": "Thumbnail Generation",
"footercategorygallery": "Gallery Display",
"footercategoryadmin": "Admin Panel",
"footercategoryother": "Other",
"footerprioritylabel": "Priority ",
"footerprioritylow": "Low - Minor issue",
"footerprioritymedium": "Medium - Normal issue",
"footerpriorityhigh": "High - Important issue",
"footerprioritycritical": "Critical - Site breaking",
"footerdescriptionlabel": "Detailed Description *",
"footerdescriptionplaceholder": "Please provide:\\n1. What you were trying to do\\n2. What happened (actual behavior)\\n3. What you expected to happen\\n4. Steps to reproduce the issue\\n5. Any error messages you saw",
"footerautoincluded": "Automatically included",
"footersubmitbug": "Submit Bug Report",
"footernolicense": "License Key Not Found",
"footernolicensedetail": "Unable to submit bug reports without a valid license key. Please ensure your license is properly configured in the config.inc.php file.",
"footerbugsubmitted": "Bug report submitted successfully! Report ID:",
"footerbugerror": "Error submitting bug report:",
"footerresourcesintro": "Access documentation, support forums, and other helpful resources.",
"footerwikimanual": "Wiki Manual",
"footerdevwiki": "Development Wiki",
"footersupportforums": "Support Forums",
"footerlicensedashboard": "License Dashboard",
"footeremailsupport": "Email Support",
"footerquickhelp": "Quick Help Topics",
"footerinstallationguide": "Installation Guide",
"footerconfigurationhelp": "Configuration Help",
"footertroubleshooting": "Troubleshooting",
"footerfaq": "Frequently Asked Questions",
"footercommunityforums": "Community Forums",
"footercontactsupport": "Contact Support",
"footeremail": "Email",
"footerresponsetime": "Response Time",
"footerusually24hours": "Usually within 24 hours",
"footerlicensesupport": "License Support",
"footeractive": "Active",
"footernolicensefound": "No License Found",
"footerlicensekey": "License Key",
"footerdomain": "Domain",
"footeropendashboard": "Open License Dashboard"
}Related Documentation
- Admin Header - Header include with navigation
- License Configuration - License setup
- Bug Report System - Bug tracking documentation