Update instant login

mbadmin.jps

@@ -1,6 +1,6 @@
 type: update
 id: mbadmin
-version: '2.6'
+version: '2.7'
 name: MB Administration
 description: Mighty Box Control Panel Administration
 
@@ -16,6 +16,7 @@ onInstall:
         - mkdir -p /home/litespeed/mbmanager/relay
         - mkdir -p /home/litespeed/mbmanager/ssl-manager
         - mkdir -p /home/litespeed/mbmanager/scripts
+        - mkdir -p /home/litespeed/mbmanager/pma-gateway
         # Download OPCache scripts with verification
         - cd /home/litespeed/mbmanager/scripts
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/check_opcache.php
@@ -26,6 +27,9 @@ onInstall:
         - if [ ! -f clear_opcache.php ]; then echo "Failed to download clear_opcache.php"; exit 1; fi
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/update_opcache_settings.sh
         - if [ ! -f update_opcache_settings.sh ]; then echo "Failed to download update_opcache_settings.sh"; exit 1; fi
+        # Download MariaDB root password reset script
+        - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/dbreset.sh
+        - if [ ! -f dbreset.sh ]; then echo "Failed to download dbreset.sh"; exit 1; fi
         # Download WP search-replace wrapper script with verification
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/wp-search-replace.sh
         - if [ ! -f wp-search-replace.sh ]; then echo "Failed to download wp-search-replace.sh"; exit 1; fi
@@ -82,6 +86,10 @@ onInstall:
         - if [ ! -f ssl_remover.sh ]; then echo "Failed to download ssl_remover.sh"; exit 1; fi
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/xmlchecker.sh
         - if [ ! -f xmlchecker.sh ]; then echo "Failed to download xmlchecker.sh"; exit 1; fi
+        # Download phpMyAdmin gateway script
+        - cd /home/litespeed/mbmanager/pma-gateway
+        - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/pma-gateway/create_pma_gateway.sh
+        - if [ ! -f create_pma_gateway.sh ]; then echo "Failed to download create_pma_gateway.sh"; exit 1; fi
         - chmod +x *.sh
         # Install Certbot for AlmaLinux with memory constraints
         - echo "Installing Certbot... (this may take a few minutes)"
@@ -329,6 +337,12 @@ menu:
     action: install_wordpress
     settings: wpInstallConfig
     successText: "WordPress installed successfully with the provided credentials."
+  - confirmText: Access phpMyAdmin via secure gateway?
+    loadingText: Generating secure gateway...
+    caption: Create phpMyAdmin Gateway
+    action: create_pma_gateway
+    settings: pmaGatewayConfig
+    successText: "${response.out}"
 
 settings:
   checkDomainConfig:
@@ -544,6 +558,17 @@ settings:
         caption: WordPress Admin Email
         default: "admin@example.com"
         required: true
+  pmaGatewayConfig:
+    submitUnchanged: true
+    fields:
+      - name: validity
+        type: text
+        caption: Validity (minutes)
+        default: "30"
+      - name: slug
+        type: text
+        caption: Custom Alias (optional)
+        required: false
 
 actions:
   dynamic_wp_cli:
@@ -981,6 +1006,15 @@ actions:
     - return:
         type: info
         message: "${response.out}"
+  create_pma_gateway:
+    - cmd[cp]:
+        user: root
+        commands:
+          - bash /home/litespeed/mbmanager/scripts/dbreset.sh
+          - bash /home/litespeed/mbmanager/pma-gateway/create_pma_gateway.sh --validity="${settings.validity}" $( [ -n "${settings.slug}" ] && echo --slug="${settings.slug}")
+    - return:
+        type: info
+        message: "${response.out}"
 
 responses:
   enableSuccess:

scripts/dbreset.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Generate a secure password
+new_password=$(openssl rand -base64 12)
+echo "🔐 New MariaDB root password will be: $new_password"
+
+# Stop MariaDB
+echo "🛑 Stopping MariaDB service..."
+sudo systemctl stop mariadb
+sleep 3
+
+# Start MariaDB in safe mode
+echo "🔧 Starting MariaDB in safe mode (skip-grant-tables)..."
+sudo mysqld_safe --skip-grant-tables --skip-networking --skip-name-resolve &
+sleep 5
+
+# Check if mysqld is running
+if ! pgrep mysqld > /dev/null; then
+    echo "❌ Failed to start mysqld_safe. Exiting."
+    exit 1
+fi
+
+# Reset root password
+echo "🔄 Resetting root password..."
+mysql -u root << EOF
+FLUSH PRIVILEGES;
+ALTER USER 'root'@'localhost' IDENTIFIED BY '$new_password';
+ALTER USER 'root'@'127.0.0.1' IDENTIFIED BY '$new_password';
+FLUSH PRIVILEGES;
+EOF
+
+# Check if reset succeeded
+if [ $? -ne 0 ]; then
+    echo "❌ Failed to reset password. Cleaning up..."
+    sudo pkill -f mysqld
+    exit 1
+fi
+
+# Stop safe mode
+echo "🛑 Stopping safe mode..."
+sudo pkill -f mysqld_safe
+sudo pkill -f mysqld
+sleep 3
+
+# Start MariaDB normally
+echo "🟢 Starting MariaDB normally..."
+sudo systemctl start mariadb
+
+if sudo systemctl is-active --quiet mariadb; then
+    echo "✅ MariaDB is running."
+    echo "🔐 Root password has been reset to: $new_password"
+    echo ""
+    echo "📌 IMPORTANT:"
+    echo "   1. Update /etc/phpMyAdmin/config.inc.php:"
+    echo "      \$cfg['Servers'][\$i]['user'] = 'root';"
+    echo "      \$cfg['Servers'][\$i]['password'] = '$new_password';"
+    echo "      \$cfg['Servers'][\$i]['auth_type'] = 'config';"
+    echo ""
+    echo "   2. Restart the database node in the Virtuozzo control panel!"
+    echo "      This ensures Apache/phpMyAdmin can reconnect."
+else
+    echo "❌ Failed to start MariaDB. Run: sudo systemctl status mariadb"
+    exit 1
+fi
+
+sudo sed -i "s/\(\['password'\]\s*=\s*'\)[^']*'/\1$new_password'/" /etc/phpMyAdmin/config.inc.php
+sudo sed -i "s/\(\['auth_type'\]\s*=\s*'\)[^']*'/\1config'/" /etc/phpMyAdmin/config.inc.php
+sudo sed -i "s/\(\['user'\]\s*=\s*'\)[^']*'/\1root'/" /etc/phpMyAdmin/config.inc.php

scripts/pma-gateway/create_pma_gateway.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+# ==============================================================================
+# Script: create_pma_gateway.sh
+# Purpose: Create a time-limited gateway URL for phpMyAdmin on Virtuozzo LLSMP.
+# Usage:   create_pma_gateway.sh --validity=30 [--slug=myalias]
+# Outputs: Prints the generated URL.
+# ==============================================================================
+set -euo pipefail
+
+SLUG=""
+VALIDITY=30  # minutes
+
+for arg in "$@"; do
+  case $arg in
+    --slug=*)     SLUG="${arg#*=}" ;;
+    --validity=*) VALIDITY="${arg#*=}" ;;
+    *) echo "Unknown argument $arg"; exit 1 ;;
+  esac
+done
+
+if [[ -z "$SLUG" ]]; then
+  SLUG=$(openssl rand -hex 4)   # 8-char random
+fi
+
+# Determine environment public host (no node prefix)
+if [[ -n "${JELASTIC_ENV_DOMAIN:-}" ]]; then
+  ENV_HOST="$JELASTIC_ENV_DOMAIN"
+else
+  ENV_HOST=$(hostname -f)
+  ENV_HOST=${ENV_HOST#node*-}   # strip nodeXXXX-
+fi
+
+PMADB_DIR="/usr/share/phpMyAdmin"
+GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php"
+
+SECRET_FILE="/var/lib/jelastic/keys/mbadmin_secret"
+sudo mkdir -p "$(dirname $SECRET_FILE)"
+if [[ ! -f "$SECRET_FILE" ]]; then
+  sudo sh -c "openssl rand -hex 32 > $SECRET_FILE"
+  sudo chmod 600 "$SECRET_FILE"
+fi
+SECRET=$(sudo cat "$SECRET_FILE")
+
+now=$(date +%s)
+expires=$((now + VALIDITY*60))
+# token = base64("$SLUG:$expires") . '.' . HMAC_SHA256(secret, data)
+data="$SLUG:$expires"
+base=$(printf "%s" "$data" | base64 -w0)
+mac=$(printf "%s" "$data" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
+token="$base.$mac"
+
+sudo tee "$GATEWAY_FILE" >/dev/null <<PHP
+<?php
+// auto-generated gateway, valid until $expires
+ini_set('session.cookie_httponly', 1);
+
+function fail() { header('HTTP/1.1 403 Forbidden'); echo 'Access denied'; exit; }
+
+if (!isset(
+  
+_PHPMYADMIN_PMA_GATEWAY_TOKEN')){fail();}
+$token = 
+_PHPMYADMIN_PMA_GATEWAY_TOKEN;
+if (!strpos($token,'.')){fail();}
+list(
+  
+base, $sig) = explode('.', $token, 2);
+$data = base64_decode($base, true);
+if ($data === false){fail();}
+list(
+  
+slug, $exp) = explode(':', $data, 2);
+if (time()>intval($exp)){fail();}
+$secret = trim(file_get_contents('$SECRET_FILE'));
+if (hash_equals($sig, hash_hmac('sha256', $data, $secret)) === false){fail();}
+// set auth cookie then redirect
+setcookie('pma_token', $sig, intval($exp), '/', '', true, true);
+header('Location: /');
+exit;
+?>
+PHP
+
+sudo chmod 640 "$GATEWAY_FILE"
+
+URL="https://$ENV_HOST:8443/access-db-$SLUG.php?token=$token"
+echo "$URL"