Updated version in all .ini, .php, .md files to 02.01.08.
Added SHA256 checksum to updates.xml for install integrity validation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- MokoCassiopeia zip shipped at src/payload/mokocassiopeia.zip
- Install script uses local payload instead of downloading
- Removed getDownloadUrlFromUpdates (no longer needed)
- Added update-payload.yml workflow to refresh payload on merge to main
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The release zip is properly structured for Joomla installation.
Simplified extraction logic — release zips have templateDetails.xml
at root or one level deep. Added better error messages with the
failing URL for debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Send email to webmaster@mokoconsulting.tech on every install/update
with site name, version, PHP, Joomla version
- Changed locked=0 (allows uninstall by super users) but kept
protected=1 (prevents disabling)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instead of hardcoding the zip URL, fetches MokoCassiopeia's updates.xml
from the repo main branch and parses the downloadurl. This way the
download location is controlled by the MokoCassiopeia repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Joomla Installer::install() expects a directory path, not a zip file.
Now extracts the zip to a temp folder, finds the templateDetails.xml,
and passes the correct directory to the installer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Minor version bump to 02.01.01:
- Auto-install mokocassiopeia from GitHub if not present
- Lock and protect the template (cannot be disabled/uninstalled)
- Set mokocassiopeia as default site template
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On install/update, checks if mokocassiopeia template exists. If found,
locks and protects it. If missing, downloads latest release from
GitHub and installs it automatically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
install() only runs on first install. Moved enableAndLockPlugin() to
postflight() which runs on both install and update, ensuring existing
installs get locked when updating.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sets both locked=1 and protected=1 in #__extensions on install.
Prevents tenants from disabling or uninstalling the plugin through
the Extension Manager.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sets both locked=1 and protected=1 in #__extensions on install.
Prevents tenants from disabling or uninstalling the plugin through
the Extension Manager.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
First release of v02.00 — patch .00 reserved for development.
Version bumped across all files: manifest, PHP, language, docs,
composer, updates.xml, changelog, README.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added full v02.00 changelog entry with all features, fixes, changes
- Updated creationDate in manifest to 2026-04-07
- Consolidated revision history entries in config and testing guides
- Removed duplicate/stale date entries
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Atum reads color values from #__template_styles params (hue, link-color,
special-color) and outputs them as inline CSS variables at render time.
Our CSS variable injection was being overridden by Atum's own output.
Now enforceAtumBranding() sets the color params directly in the DB:
- color_primary → hue (hex→HSL converted) + special-color
- color_sidebar → header-color
- color_link → link-color
Added hexToHsl() helper for the conversion. Install script also sets
default Moko theme colors at install time.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After the verify file is created, credentials are stored as a session
flag. On every subsequent page load (including just a refresh),
handleEmergencyAccess checks if the flag is set and the verify file
has been deleted. If so, it completes the login automatically — the
user only needs to delete the file and refresh, no re-entering
credentials.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
app->login() triggers auth plugins again which reject the request
without a real password. Instead, load the User object, set it in the
session directly, and update lastvisitDate. This fully bypasses the
authentication dispatcher while establishing a valid admin session.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Joomla's authentication system uses an isolated dispatcher that only
loads authentication-group plugins. System plugins never receive
onUserAuthenticate events. Replaced with handleEmergencyAccess() that
intercepts the login POST in onAfterInitialise, validates credentials,
and calls \$app->login() directly to bypass the auth dispatcher.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jmiller
github-actions[bot]