Flatboard Changelog

Version 5.2.0

Release date: March 7, 2026

Added

Analytics — Visit Tracking System

app/Services/AnalyticsService::recordVisit() · app/Middleware/VisitorTrackingMiddleware.php

Daily visit and unique-visitor counts are now recorded persistently in stockage/visit_log.json. Unique visitor deduplication uses a PHP session flag ($_SESSION['_fb_visit_YYYY-MM-DD']) — no IP address is stored (GDPR-friendly). VisitorTrackingMiddleware calls AnalyticsService::recordVisit() after each anonymous visitor tracking event.

Analytics — Traffic Source / Referrer Tracking

app/Services/AnalyticsService::recordReferrer() · stockage/referrer_log.json

HTTP Referer headers are parsed on every visit. Only the domain is stored (full URLs are never saved), www. is stripped, and internal self-referrers are ignored. Daily per-domain counts are aggregated in referrer_log.json with 90-day retention. getTopReferrers(int $days, int $limit) returns the top referring domains for any period.

Analytics — Admin Page Redesign

app/Views/admin/analytics.php · app/Controllers/Admin/AnalyticsController.php

The page no longer duplicates Dashboard totals or ForumMonitoring activity timelines. It now shows unique strategic data:

Growth comparison cards — new discussions / posts / members over 7 d vs 30 d, with trend arrows comparing daily pace against the prior 23-day period
Visit KPI cards — visits and unique visitors for 7 d and 30 d
30-day visit chart — using stats-activity bars (total + unique stacked)
Top pages — ranking (stats-ranking-item) based on discussion view counts
Traffic sources table — with favicon, domain link, visit count, and share progress bar
Engagement ratio cards — avg posts/discussion, avg posts/member, avg discussions/member, peak activity day
Member health bars — active 7 d / verified / banned % and content health bars (pinned / locked %) using stats.css progress-bar components
Loads shared stats.css and stats.js for animated counters and bar fills

Analytics — New Translation Keys

Added to all 5 admin language files (languages/{fr,en,de,pt,zh}/admin.json):

panel.analytics.visits, unique_visitors, total_page_views, unique_page_views, visit_chart, top_pages, no_visit_data, no_visit_data_hint, referrers, referrer_source, referrer_visits, referrer_share, last_30_days, no_referrer_data, no_referrer_data_hint, growth_7d, growth_30d, avg_posts_per_discussion, avg_posts_per_user, avg_discussions_per_user, content_health, recent_activity, top_categories, user_breakdown

Admin Sidebar — Analytics Link

Added to both the Premium theme backend header (themes/premium/views/layouts/backend/header.php) and the default backend header (app/Views/layouts/backend/header.php), positioned below the Dashboard link.

Plugin — FlatSEO Joins the Flatboard Pro Package

plugins/FlatSEO/

FlatSEO is a comprehensive SEO management plugin now included with Flatboard Pro. It covers the full spectrum of on-site optimisation:

Meta management — per-page title, description, canonical and robots overrides directly from the admin interface; global title-format template
Open Graph & Twitter Cards — automatic generation for all discussion, profile and category pages; custom OG image per discussion
JSON-LD structured data — WebSite, Organization, BreadcrumbList, DiscussionForumPosting, QAPage and ProfilePage schemas injected server-side with no JavaScript dependency
XML sitemap — auto-generated with per-type priority and changefreq; image sitemap support; live cache invalidation on discussion creation/update
robots.txt editor — editable from the admin panel, synced to the public file
301/302 redirect manager — add, edit and delete URL redirections without touching server configuration
Analytics integration — Google Analytics 4 and Google Tag Manager snippets injected via plugin settings; no hard-coded keys in templates
Webmaster verification — meta-tag support for Google Search Console, Bing, Yandex and Pinterest in a single settings screen
noindex controls — individually toggle indexing for search results, profile pages and tag pages
SEO audit tab — per-discussion scoring with cache invalidation on override saves; scores title length, description presence, keyword density and more
Breadcrumbs — fully translated, automatically inserted on all public pages

Fixed

Maintenance Mode Admin Notification

app/Controllers/Admin/DashboardController.php · languages/{fr,en,de,pt,zh}/main.json

When maintenance mode is active, a system notification is now sent to every admin on their next dashboard visit, using the same mechanism as the existing debug-mode notification. The notification links to Admin → Settings to disable it. Deduplication prevents repeated notifications as long as an unread one already exists. New translation keys added under notification.types.system.maintenance in all five language files (pt also gains notification.types.system.debug which was previously missing).

Plugin Translations Lost After Theme Switch

app/Core/Plugin.php

Plugin::loadPluginTranslations() was a no-op, causing all plugin translation domains to be wiped when Translator::reload() was called (e.g. by the ThemeSwitcher plugin after applying a session theme). The method now iterates over every loaded plugin and re-registers its language file via loadPluginTranslationsForPlugin(). This fixes plugin menu labels showing as raw keys (e.g. menu.messages instead of "Messages") on any page where a theme override was active.

Login — Redirect After Authentication

app/Middleware/AuthMiddleware.php · app/Controllers/Auth/LoginController.php · app/Views/discussions/show.php · themes/premium/views/discussions/show.php

When a guest tried to access a protected URL they were redirected to /login but after a successful login (including after 2FA) they were always sent to the home page. The requested URI is now saved in session (redirect_after_login) before the login redirect; LoginController::login() and verify2FA() consume it after a successful authentication and fall back to / if absent. The "Log in to reply" links and reply placeholder in discussion pages pass the discussion URL with #reply-form as a ?redirect= query parameter; LoginController::show() reads it and saves it to session. Protocol-relative URLs (//evil.com) are explicitly rejected in addition to absolute URLs to prevent open redirects. After redirect, #reply-form in the URL hash is detected on page load and showReplyEditor() is called automatically so the editor opens and scrolls into view without requiring a click.

Reported by arpinux — https://flatboard.org/d/124

Notifications — Broken Preferences Link in Email Notifications

app/Services/NotificationService.php

The HTML email template (app/Views/emails/notification.php) uses the variable $preferencesUrl but buildEmailBody() provided it as $preferencesUrlEscaped, so the "manage preferences" link was always empty. Renamed to $preferencesUrl so the template receives the correct value.

Reported by arpinux — https://flatboard.org/d/123

Premium Theme — Admin Page Title for `/admin/tags`

themes/premium/views/layouts/backend/header.php

/admin/tags was absent from $adminSections, and the preg_match used for dashboard detection matched any path containing /admin due to a missing ^ anchor. Fixed by adding /admin/tags to $adminSections, stripping the query string with strtok($requestUri, '?') before all matching, and replacing the preg_match loop with StringHelper::contains($requestPath, ...) ordered most-specific-first; the dashboard root is now matched with preg_match('#^/admin/?$#', $requestPath). Paths like /admin/tags?page=2 now resolve to the correct "Tags" title instead of falling back to "Dashboard".

Version 5.1.7

Release date: March 5, 2026

Added

Admin Analytics Page — Pro Gate + Dark Mode Fixes

Added requirePro() method to Controller base class; analytics page now redirects to a dedicated admin/pro-required.
pro-required.php view: gradient banner, blurred stats preview, feature checklist, upgrade CTA linking to FLATBOARD_UPGRADE_LINK; fully translated in 5 languages via new panel.pro_gate.* admin translation keys
Dark mode fixes: replaced Bootstrap table-light thead (rendered white in dark mode) with analytics-thead class; replaced table-primary peak row with analytics-row-peak; replaced bg-body-secondary bar track with analytics-bar-bg; all new classes defined in backend.css using var(--bs-*) tokens for automatic light/dark adaptation

Admin Analytics Page — Complete Redesign

Controller now calls getDetailedStats() to expose active_users, banned_users, verified_users, pinned_discussions, locked_discussions
Two rows of stat cards: main KPIs (users / discussions / posts / pending reports) + detailed stats (active members 7d / banned / pinned / locked)
Daily activity table completely rewritten to match the actual getActivity() data structure (date, discussions, posts, users per day); columns now show "New discussions / New posts / New members" with colour-coded badges, a mini inline bar chart, and a peak-day highlight
Summary totals row above the table
Fixed broken discussion.view.totalViews translation key (replaced with panel.dashboard.statistics.pending_reports)
Added panel.analytics.* translation keys to all 5 admin language files: active_users, banned_users, pinned_discussions, locked_discussions, new_discussions, new_posts, new_users, daily_activity, peak_day, trend, total, no_activity

Shared Stats Assets

themes/assets/css/shared/stats.css · themes/assets/js/shared/stats.js

Reusable CSS components (solid gradient stat cards for public pages; soft overlay admin cards; vertical column charts; horizontal activity timelines; period boxes; progress bars; ranking items; star ratings; tag clouds) and a lightweight JS helper (bar/counter animation). Plugins can opt in without any Chart.js dependency.

PrivateMessaging — Admin Stats Migrated to Shared stats.css

plugins/PrivateMessaging/views/admin.php

The inline <style> block (~330 lines) covering stat-cards, hour-chart (24h distribution), activity-timeline (30-day bars), and period stat-boxes has been removed. HTML classes renamed to the stats-card--soft, stats-vchart, stats-activity, and stats-period-box convention from stats.css. The stats.js counter animation now also targets .stats-card--soft__value.

Fixed

Admin Analytics — 5 UI Bugs Fixed

KPI card sub-text now separated from value with   to prevent number/text concatenation (e.g. "29 New discussions" instead of "29New discussions")
Detail cards: replaced fa-user-slash (not in FA subset used) with fa-ban on solid red background; replaced fa-lock text-secondary (near-zero contrast) with fa-lock on solid gray background; both use text-white
KPI cards redesigned with hover lift effect and sub-metric line (.analytics-kpi-card, .analytics-kpi-sub in backend.css)
Detail card hover effect added (.analytics-detail-card in backend.css)

PluginCard — `public_url` Support

app/Views/admin/components/PluginCard.php

A new optional public_url field in plugin.json lets any plugin declare its canonical public URL. PluginCard::renderViewButton() now uses it when present, falling back to /plugin/{pluginId}.

Version 5.1.6

Release date: March 3, 2026

Changed

Performance — `JsonStorage` Count Methods Now Use Caches

app/Storage/JsonStorage.php

countUserDiscussions(), countUserPosts(), countUserReplies(), countUserBestAnswers(), and countUserReceivedReactions() previously performed raw glob() scans across every category and discussion directory, re-reading files that were already in memory. They now call ensureDiscussionsLoaded() and iterate the shared caches, reducing disk I/O to zero when discussions are already loaded in the same request.

Performance — `instanceof SqliteStorage` Guard Removed from `UserStatsHelper`

app/Helpers/UserStatsHelper.php

getUserStats() previously guarded the optimised path behind instanceof SqliteStorage, falling back to manual getAllDiscussions() + getPostsByDiscussion() loops for JSON storage. Since the JSON count methods now use caches, the guard is gone; both backends call the same storage interface methods directly.

Fixed

Translations — "Load More" / "Loading" Button State No Longer Shows French

themes/assets/js/frontend/modules/load-more-manager.js · themes/assets/js/frontend/components/infinite-scroll.js · app/Views/users/profile.php

load-more-manager.js and infinite-scroll.js referenced window.Translations?.main?.loading, a path that never resolves because the key lives at common.status.loading inside the main domain. All occurrences corrected to window.Translations?.main?.common?.status?.loading. The profile-page JS object window.Flatboard.translations.profile was also missing loading and loadMore keys; both are now injected from the Translator via common.status.loading and common.button.loadMore.

Translations — `PrivateMessaging` Admin View Guard No Longer Echoes Hardcoded French

plugins/PrivateMessaging/views/admin.php

The access-denied guard now calls Translator::init() before any output and uses Translator::trans('http.403.title', [], 'errors') for the message.

Version 5.1.5

Release date: March 3, 2026

Performance audit — all identified regressions corrected. Estimated improvement: from 54/100 to 86/100 on the performance score, −75% queries on discussion list pages, −97% memory on large profile tabs.