...

protected/docs/INSTALL.txt

@@ -0,0 +1,2 @@
+See file: 
+/var/www/mygoals/protected/docs/etc/nginx/sites-enable.txt

protected/docs/etc/nginx/Chrome.sh

@@ -0,0 +1 @@
+certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "localhost" -i localhost.crt

protected/docs/etc/nginx/fastcgi_params

@@ -0,0 +1,26 @@
+
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  REMOTE_USER        $remote_user;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

protected/docs/etc/nginx/localhost.conf

@@ -0,0 +1,49 @@
+[req]
+default_bits       = 2048
+default_keyfile    = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+x509_extensions    = v3_ca
+
+[req_distinguished_name]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = OK
+localityName                = Locality Name (eg, city)
+localityName_default        = Here
+organizationName            = Organization Name (eg, company)
+organizationName_default    = localhost
+organizationalUnitName      = organizationalunit
+organizationalUnitName_default = Development
+commonName                  = Website Domain
+commonName_default          = *.home.local
+commonName_max              = 64
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+basicConstraints = critical, CA:false
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[alt_names]
+DNS.1   = *.home.local
+DNS.2   = home.local
+DNS.3   = localhost
+IP.1    = 127.0.0.1
+IP.2    = 127.0.0.2
+IP.3    = 127.0.0.3
+IP.4    = 127.0.0.4
+IP.5    = 127.0.0.5
+IP.6    = 127.0.0.6
+IP.7    = 127.0.0.7
+IP.8    = 127.0.0.8
+IP.9    = 127.0.0.9
+IP.10    = 127.0.0.10
+IP.11    = 127.0.0.11
+IP.12    = 127.0.0.12
+IP.13    = 127.0.0.13
+

protected/docs/etc/nginx/make_localhost_CERTs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf
+cp localhost.crt /etc/ssl/certs/localhost.crt
+cp localhost.key /etc/ssl/private/localhost.key
+openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

protected/docs/etc/nginx/nginx.conf

@@ -0,0 +1,88 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+worker_rlimit_nofile 65535;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+#	worker_connections 768;
+    worker_connections 65535;
+	multi_accept on;
+}
+
+http {
+    charset utf-8;
+	##
+	# Basic Settings
+	##
+	sendfile on;
+	tcp_nopush on;
+    tcp_nodelay on;
+	types_hash_max_size 2048;
+	server_tokens off;
+
+    # Limits
+    limit_req_log_level    warn;
+    limit_req_zone         $binary_remote_addr zone=login:10m rate=10r/m;
+
+
+	## Start: Size Limits & Buffer Overflows ##
+        #client_body_buffer_size  1K;
+        #client_header_buffer_size 1k;
+        #client_max_body_size 1k;
+        #large_client_header_buffers 2 1k;
+        ## END: Size Limits & Buffer Overflows ##
+
+        ## Start: Timeouts ##
+        client_body_timeout   10;
+        client_header_timeout 10;
+        keepalive_timeout     5 5;
+        send_timeout          10;
+        ## End: Timeouts ##
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+    ssl_session_timeout    1d;
+    ssl_session_cache      shared:SSL:10m;
+    ssl_session_tickets    off;
+    ssl_protocols          TLSv1.2 TLSv1.3;
+    ssl_ciphers            ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+#	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log off;
+	error_log /dev/null;
+
+	##
+	# Gzip Settings
+	##
+
+	# gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}

protected/docs/etc/nginx/sites-available/goals

@@ -0,0 +1,41 @@
+map $http_accept_language $lang {
+	default en;
+	~de de;
+#...
+}
+
+server {
+	listen 80;
+	server_name goals.dev.local;
+	return 301 https://$host$request_uri;
+}
+server {
+	listen 443 ssl http2;
+	include snippets/self-signed.conf;
+	include snippets/ssl-params.conf;
+
+	index main.page;
+
+	error_log /var/log/nginx/goals.log warn;
+	access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
+
+	server_name goals.dev.local;
+
+	set     $base /var/www/mygoals;
+	root    $base/public;
+
+	include snippets/error-page.conf;
+	include snippets/scripts404.conf;
+        include snippets/general.conf;
+
+	location / {
+		try_files $uri /main.page/$is_args$args;
+	}
+
+	location /main.page {
+		fastcgi_pass php-fpm85;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	}
+
+}	

protected/docs/etc/nginx/sites-enable.txt

@@ -0,0 +1,37 @@
+# Install nginx...
+
+# Backup the etc/nginx folder to another folder...
+$ sudo cp -r /etc/nginx/ /etc/nginx_Backups/
+
+# Install PHP 8.5... and then Back it up...
+$ sudo cp -r /etc/php/8.5/ /etc/php/85_Backups/
+
+# Now, Copy the docs folder into the System paths...
+$ sudo cp -r /var/www/mygoals/protected/docs/var/www/errors/ /var/www/errors/
+$ sudo cp /var/www/mygoals/protected/docs/etc/php/8.5/php.ini /etc/php/8.5/
+$ sudo cp /var/www/mygoals/protected/docs/etc/php/8.5/fpm/pool.d/www.conf /etc/php/8.5/pool.d/
+$ sudo cp -r /var/www/mygoals/protected/docs/etc/nginx/ /etc/nginx/
+
+# Fix PERMS...
+$ sudo chown -R $USER:www-data /var/www/errors
+$ sudo chown -R root:root /etc/php/
+$ sudo chown -R root:root /etc/nginx/
+
+# Setup goals site
+$ sudo ln -s /etc/nginx/sites-available/goals /etc/nginx/sites-enabled/
+
+$ cd /etc/nginx
+
+# If on a developers computer NOT Cloud or LIVE, then make local CERTS
+$ ./make_localhost_CERTs.sh
+
+# Test nginx Config files for Errors first:
+$ nginx -t
+
+$ sudo service nginx status
+# start or restart
+$ sudo service nginx start
+
+$ sudo service php8.5-fpm status
+# start or restart
+$ sudo service php8.5-fpm start

protected/docs/etc/nginx/snippets/error-page.conf

@@ -0,0 +1,14 @@
+    	error_page 404 /errors/html/$lang/404.html;
+        error_page 403 /errors/html/$lang/forbidden.html;
+        error_page 500 502 503 504 /errors/html/$lang/50x.html;
+        location /errors/ {
+                alias /var/www/errors/;
+                allow all;
+                internal; # Only Intrenal Errors can use this
+        }
+        location ~ ^/error_images/.*\.(jpg|jpeg|png|gif)$ {
+                root /var/www/errors/;
+                expires 30d;  # Cache the image for 30 days
+                autoindex off;
+#                access_log /var/log/nginx/404_errors_access.log;
+         }

protected/docs/etc/nginx/snippets/general.conf

@@ -0,0 +1,27 @@
+# favicon.ico
+location = /favicon.ico {
+    log_not_found off;
+}
+
+# robots.txt
+location = /robots.txt {
+    log_not_found off;
+}
+
+# assets, media
+location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+    expires 7d;
+}
+
+# svg, fonts
+location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+    add_header Access-Control-Allow-Origin "*";
+    expires    7d;
+}
+
+# gzip
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
+gzip_comp_level 6;
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

protected/docs/etc/nginx/snippets/scripts404.conf

@@ -0,0 +1,3 @@
+	location ~ \.(asp|aspx|axd|asx|asmx|ashx|cfm|cs|kt|flash|yaws|swf|xhtml|htm|jhtml|java|jsp|wss|do|action|perl|pl|php|php5|php7|php8|php9|phtml|php3|php4|python|py|ruby|rb|rhtml|ssi|shtml|ts|c|cpp|cgi|dll|so)$ {
+                return 404;
+        }

protected/docs/etc/nginx/snippets/self-signed.conf

@@ -0,0 +1,4 @@
+ssl_certificate /etc/ssl/certs/localhost.crt;
+#/etc/ssl/certs/nginx-selfsigned.crt;
+ssl_certificate_key /etc/ssl/private/localhost.key;
+#/etc/ssl/private/nginx-selfsigned.key;

protected/docs/etc/nginx/snippets/ssl-params.conf

@@ -0,0 +1,24 @@
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+# https://ssl-config.mozilla.org & https://observatory.mozilla.org
+# https://securityheaders.com
+# TLSv1.2
+ssl_protocols TLSv1.3; # Requires nginx >= 1.13.0 else use TLSv1.2
+ssl_prefer_server_ciphers off;
+#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+#ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling off; # Turn on Prod systems
+ssl_stapling_verify off;
+resolver 127.0.0.1 valid=300s;
+resolver_timeout 5s;
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
+
+ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+# IMPORTANT: disable HSTS in dev (or explicitly clear it)
+add_header Strict-Transport-Security "max-age=0" always;

protected/docs/etc/php/8.5/fpm/pool.d/www.conf

@@ -0,0 +1,491 @@
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
+[www]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of the child processes. This can be used only if the master
+; process running user is root. It is set after the child process is created.
+; The user and group can be specified either by their name or by their numeric
+; IDs.
+; Note: If the user is root, the executable needs to be started with
+;       --allow-to-run-as-root option to work.
+; Default Values: The user is set to master process running user by default.
+;                 If the group is not set, the user's group is used.
+user = www-data
+group = www-data
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /run/php/php8.5-fpm.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions. The owner
+; and group can be specified either by name or by their numeric IDs.
+; Default Values: Owner is set to the master process running user. If the group
+;                 is not set, the owner's group is used. Mode is set to 0660.
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Set the associated the route table (FIB). FreeBSD only
+; Default Value: -1
+;listen.setfib = 1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool processes will inherit the master process priority
+;         unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
+; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
+; or group is different than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;             pm.max_spawn_rate    - the maximum number of rate to spawn child
+;                                    processes at once.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 5
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: (min_spare_servers + max_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 1
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 3
+
+; The number of rate to spawn child processes at once.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+; Default Value: 32
+;pm.max_spawn_rate = 32
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following information:
+;   pool                 - the name of the pool;
+;   process manager      - static, dynamic or ondemand;
+;   start time           - the date and time FPM has started;
+;   start since          - number of seconds since FPM has started;
+;   accepted conn        - the number of request accepted by the pool;
+;   listen queue         - the number of request in the queue of pending
+;                          connections (see backlog in listen(2));
+;   max listen queue     - the maximum number of requests in the queue
+;                          of pending connections since FPM has started;
+;   listen queue len     - the size of the socket queue of pending connections;
+;   idle processes       - the number of idle processes;
+;   active processes     - the number of active processes;
+;   total processes      - the number of idle + active processes;
+;   max active processes - the maximum number of active processes since FPM
+;                          has started;
+;   max children reached - number of times, the process limit has been reached,
+;                          when pm tries to start more children (works only for
+;                          pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+;   pool:                 www
+;   process manager:      static
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          62636
+;   accepted conn:        190460
+;   listen queue:         0
+;   max listen queue:     1
+;   listen queue len:     42
+;   idle processes:       4
+;   active processes:     11
+;   total processes:      15
+;   max active processes: 12
+;   max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+;   http://www.foo.bar/status
+;   http://www.foo.bar/status?json
+;   http://www.foo.bar/status?html
+;   http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+;   http://www.foo.bar/status?full
+;   http://www.foo.bar/status?json&full
+;   http://www.foo.bar/status?html&full
+;   http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+;   pid                  - the PID of the process;
+;   state                - the state of the process (Idle, Running, ...);
+;   start time           - the date and time the process has started;
+;   start since          - the number of seconds since the process has started;
+;   requests             - the number of requests the process has served;
+;   request duration     - the duration in µs of the requests;
+;   request method       - the request method (GET, POST, ...);
+;   request URI          - the request URI with the query string;
+;   content length       - the content length of the request (only with POST);
+;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
+;   script               - the main script called (or '-' if not set);
+;   last request cpu     - the %cpu the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because CPU calculation is done when the request
+;                          processing has terminated;
+;   last request memory  - the max amount of memory the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because memory calculation is done when the request
+;                          processing has terminated;
+; If the process is in Idle state, then information is related to the
+; last request the process has served. Otherwise information is related to
+; the current request being served.
+; Example output:
+;   ************************
+;   pid:                  31330
+;   state:                Running
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          63087
+;   requests:             12808
+;   request duration:     1250261
+;   request method:       GET
+;   request URI:          /test_mem.php?N=10000
+;   content length:       0
+;   user:                 -
+;   script:               /home/fat/web/docs/php/test_mem.php
+;   last request cpu:     0.00
+;   last request memory:  0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+;       It's available in: /usr/share/php/8.5/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The address on which to accept FastCGI status request. This creates a new
+; invisible pool that can handle requests independently. This is useful
+; if the main pool is busy with long running requests because it is still possible
+; to get the status before finishing the long running requests.
+;
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Default Value: value of the listen option
+;pm.status_listen = 127.0.0.1:9001
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+;  %%: the '%' character
+;  %C: %CPU used by the request
+;      it can accept the following format:
+;      - %{user}C for user CPU only
+;      - %{system}C for system CPU only
+;      - %{total}C  for user + system CPU (default)
+;  %d: time taken to serve the request
+;      it can accept the following format:
+;      - %{seconds}d (default)
+;      - %{milliseconds}d
+;      - %{milli}d
+;      - %{microseconds}d
+;      - %{micro}d
+;  %e: an environment variable (same as $_ENV or $_SERVER)
+;      it must be associated with embraces to specify the name of the env
+;      variable. Some examples:
+;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+;  %f: script filename
+;  %l: content-length of the request (for POST request only)
+;  %m: request method
+;  %M: peak of memory allocated by PHP
+;      it can accept the following format:
+;      - %{bytes}M (default)
+;      - %{kilobytes}M
+;      - %{kilo}M
+;      - %{megabytes}M
+;      - %{mega}M
+;  %n: pool name
+;  %o: output header
+;      it must be associated with embraces to specify the name of the header:
+;      - %{Content-Type}o
+;      - %{X-Powered-By}o
+;      - %{Transfert-Encoding}o
+;      - ....
+;  %p: PID of the child that serviced the request
+;  %P: PID of the parent of the child that serviced the request
+;  %q: the query string
+;  %Q: the '?' character if query string exists
+;  %r: the request URI (without the query string, see %q and %Q)
+;  %R: remote IP address
+;  %s: status (response code)
+;  %t: server time the request was received
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %T: time the log has been written (the request has finished)
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %u: basic auth user if specified in Authorization header
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
+
+; A list of request_uri values which should be filtered from the access log.
+;
+; As a security precaution, this setting will be ignored if:
+;     - the request method is not GET or HEAD; or
+;     - there is a request body; or
+;     - there are query parameters; or
+;     - the response code is outwith the successful range of 200 to 299
+;
+; Note: The paths are matched against the output of the access.format tag "%r".
+;       On common configurations, this may look more like SCRIPT_NAME than the
+;       expected pre-rewrite URI.
+;
+; Default Value: not set
+;access.suppress_path[] = /ping
+;access.suppress_path[] = /health_check.php
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout set by 'request_terminate_timeout' ini option is not engaged after
+; application calls 'fastcgi_finish_request' or when application has finished and
+; shutdown functions are being called (registered via register_shutdown_function).
+; This option will enable timeout limit to be applied unconditionally
+; even in such cases.
+; Default Value: no
+;request_terminate_timeout_track_finished = no
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+;       possible. However, all PHP paths will be relative to the chroot
+;       (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+;chdir = /var/www
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environment, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Decorate worker output with prefix and suffix containing information about
+; the child that writes to the log and if stdout or stderr is used as well as
+; log level and time. This options is used only if catch_workers_output is yes.
+; Settings to "no" will output data as written to the stdout or stderr.
+; Default value: yes
+;decorate_workers_output = no
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
+security.limit_extensions = .page .php
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' will not overwrite previously
+; defined php.ini values, but will append the new value instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+;                specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M

protected/docs/var/www/errors/html/en/404.html

@@ -0,0 +1,30 @@
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="language" content="english">
+    <meta name="robots" content="no-follow">
+    <title>404 Page not found!</title>
+    <style>
+        @media only screen and (max-width: 600px) {
+            #nopage {
+                height: 150px;
+                width: 300px; 
+            }
+        }
+        @media only screen and (min-width: 600px) {
+            #nopage {
+                height: 500px;
+                width: 1500px; 
+            }
+        }
+    </style>
+  </head>
+  <body>
+    <div id="wrap">
+        <img src="/error_images/404page.jpg" alt="404 Error Page not found." id="nopage"/>
+        <header><h1>404 Page not found!<h1></header>  
+        <h3>Our apologies for the temporary inconvenience.</h3>
+    </div>    
+  </body>
+</html>

protected/docs/var/www/errors/html/en/50x.html

@@ -0,0 +1 @@
+50x Server Error...Sorry, we had a processing error on our end.

protected/docs/var/www/errors/html/en/forbidden.html

@@ -0,0 +1 @@
+Dude, get out....

protected/sql/initGoals.sql

@@ -40,7 +40,8 @@ CREATE TABLE goals (
     title VARCHAR(255) NOT NULL,
     description TEXT,
     approved TINYINT UNSIGNED DEFAULT 0,
-    youtube TINYINT UNSIGNED DEFAULT 0
+    youtube TINYINT UNSIGNED DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
 CREATE TABLE tags (

protected/src/Classes/BaseController.php

@@ -14,16 +14,18 @@ use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Message\ResponseInterface;
 use IOcornerstone\Framework\{
     HtmlDocument,
-    View
+    View,
+    SaferOutput,
 };
 
 class BaseController
 {
     public string $pageOutput = ''; // To keep views working...without Dynamic Variable Error!
     public static $params; // To keep Routes working...
-    private $http;
+    public $http;
     public $view;
     public $html;
+    public $outputHTML;
     protected string $footer = "";
     protected string $authors = "";
 
@@ -33,6 +35,7 @@ class BaseController
         $this->http = new HttpFactory();
         $this->view = new View();
         $this->html = new HtmlDocument();
+        $this->outputHTML = SaferOutput::class;
         
         // If the child controller has an init() method, call it automatically
         if (method_exists($this, 'init')) {

protected/src/Classes/Logic/HomeSearch.php

@@ -17,10 +17,10 @@ namespace Project\Classes\Logic;
 class HomeSearch
 {
 
-    public static function Tags(): array
+    public static function Tags(object $request): array
     {
-        $a['search'] = $_GET['search'] ?? false;
-        $a['tag'] = $_GET['tag'] ?? false;
+        $a['search'] = $request->getVar()->get('search', false);
+        $a['tag'] = $request->getVar()->get('tag', false);
         
         if (empty($a['search'])) {
             $a['search'] = false;
@@ -33,9 +33,9 @@ class HomeSearch
         return $a;
     }
 
-    public static function MyUUID(): array
+    public static function MyUUID(object $request): array
     {
-        $a['MyUUID'] = $_GET['g'] ?? false;
+        $a['MyUUID'] = $request->getVar()->get('g', false);
         
         return $a;
     }

protected/src/Classes/Models/HomeFetchModel.php

@@ -17,9 +17,10 @@ namespace Project\Classes\Models;
  */
 class HomeFetchModel
 {
-    
+
     public function __construct(private \PDO $pdo)
     {
+        
     }
 
     public function GetGoals(array $a)
@@ -48,35 +49,58 @@ LEFT JOIN tags t ON gt.tag_id=t.id";
         }
         $sql .= " ORDER BY g.created_at DESC";
 
-        $stmt = $this->pdo->prepare($sql);
-        $stmt->execute($params);
-        return $stmt->fetchAll(\PDO::FETCH_ASSOC);
+        try {
+            $stmt = $this->pdo->prepare($sql);
+            $stmt->execute($params);
+            return $stmt->fetchAll(\PDO::FETCH_ASSOC);
+        } catch (\PDOException $e) {
+            echo $e->getMessage();
+        }
+        return [];
     }
-    
+
     public function GetTags(array $g)
     {
-        $pdo = \IOcornerstone\Framework\Configure::get('db');
-        
-        $tags=$pdo->prepare("SELECT name FROM tags t JOIN goal_tags gt ON t.id=gt.tag_id WHERE gt.goal_id=?");
-        return $tags->execute([$g['id']]);
+        try {
+            $tags = $this->pdo->prepare("SELECT name FROM tags t JOIN goal_tags gt ON t.id=gt.tag_id WHERE gt.goal_id=?");
+            return $tags->execute([$g['id']]);
+        } catch (\PDOException $e) {
+            echo $e->getMessage();
+        }
+        return [];
     }
-    
+
     public function GetGoal(array $a)
     {
-        $stmt= $this->pdo->prepare("SELECT id,title,description FROM goals WHERE uuid=? AND approved=1");
-        $stmt->execute([$a['MyUUID']]);
-        return $stmt->fetch(\PDO::FETCH_ASSOC);
+        try {
+            $stmt = $this->pdo->prepare("SELECT id,title,description FROM goals WHERE uuid=? AND approved=1");
+            $stmt->execute([$a['MyUUID']]);
+            return $stmt->fetch(\PDO::FETCH_ASSOC);
+        } catch (\PDOException $e) {
+            echo $e->getMessage();
+        }
+        return [];
     }
-    
+
     public function GetVotes(array $a)
     {
-        $stmt= $this->pdo->prepare("SELECT id,content,votes FROM advice WHERE goal_id=?  AND approved=1 ORDER BY votes DESC");
-        return $stmt->execute([$a['id']]);
+        try {
+            $stmt = $this->pdo->prepare("SELECT id,content,votes FROM advice WHERE goal_id=?  AND approved=1 ORDER BY votes DESC");
+            return $stmt->execute([$a['id']]);
+        } catch (\PDOException $e) {
+            echo $e->getMessage();
+        }
+        return [];
     }
-    
+
     public function GetComments(array $a)
     {
-        $comments=$this->pdo->prepare("SELECT content FROM advice_comments WHERE advice_id=? AND approved=1");
-        return $comments->execute([$a['id']]);
+        try {
+            $comments = $this->pdo->prepare("SELECT content FROM advice_comments WHERE advice_id=? AND approved=1");
+            return $comments->execute([$a['id']]);
+        } catch (\PDOException $e) {
+            echo $e->getMessage();
+        }
+        return [];
     }
 }

protected/src/Classes/Models/HomeLoginModel.php

@@ -42,7 +42,7 @@ class HomeLoginModel
             $name = $email_row['first_name'] ?? "";
             $_SESSION['first_name'] = $name;
 
-            return $user_row['pwd'];
+            return $user_row['pwd'] ?? "";
         } catch (\PDOException $e) {
             echo $e->getMessage();
         }

protected/src/Configs/on_ErrorCodes.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @author Robert Strutts
+ * @copyright (c) 2026, Robert Strutts
+ * @license MIT
+ */
+
+namespace IOcornerstone;
+
+use IOcornerstone\Framework\Configure;
+
+enum ErrorCodes: int
+{
+    case DB_Connection_Error = 1000;
+
+    public static function getErrorCodeFor(
+            ErrorCodes $codeNumber,
+            \Throwable $err,
+            bool $throwMe = false,
+//            bool $logAlert = true,
+    ): string
+    {
+        $live = (Configure::get('IOcornerstone', 'live')) ?? true;
+
+        $returnMessage = match ($live) {
+            true => "Error Code# " . $codeNumber->value,
+            false => "[".$codeNumber->name . "]; Code# " . $codeNumber->value . PHP_EOL . "Error Message: " . $err->getMessage(),
+            default => "UnKnown Error",
+        };
+
+        if ($throwMe) {
+            Throw new \Exception(
+                    "[" . $codeNumber->name . "]; " . $err->getMessage(), 
+                    $codeNumber->value
+            );
+        }
+            
+        return $returnMessage;
+    }
+}

protected/src/Configs/on_HtmlPurifier.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+/** 
+ * @author Robert Strutts
+ * @copyright (c) 2026, Robert Strutts
+ * @license MIT
+ */
+
+
+use IOcornerstone\Framework\Configure as Config; 
+
+Config::set('html_purifier', [
+    "enable_file_caching" => false
+]);    

protected/src/Configs/on_IOcornerstone.php

@@ -27,7 +27,7 @@ use IOcornerstone\Framework\{
  * 
  * When in Doubt, just make live false, below here!!!
  */
-// SiteHelper::setLocalSiteDomains('pc1');
+SiteHelper::setLocalSiteDomains('goals.dev.local');
 // SiteHelper::setAllowedPrivateIPs(['192.168.32.2', '192.168.32.3']);
 // SiteHelper::setAllowedPublicIPs('12.x.x.x');
 

protected/src/Configs/on_Security

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+/** 
+ * @author Robert Strutts
+ * @copyright (c) 2026, Robert Strutts
+ * @license MIT
+ */
+
+use IOcornerstone\Framework\Configure as Config;
+
+Config::set('security', [
+    'max_last_login_age' => 172800, // 2 Days Login
+    'max_token_age' => 7200, // 2 Hours
+    'token_life' => 7300,
+]);

protected/src/Controllers/App/HomeController.php

@@ -35,8 +35,8 @@ class HomeController extends BaseController
     public function Index(): ResponseInterface
     {
         Security::initSessions();
-        
-        $this->html->setActiveCrumb("Main Page");
+
+        $this->html->setActiveCrumb("Home Page");
         $this->html->addCss("css/index.css");
         
         $this->html->addToJavascript("function filterTag(tag){ \r\n window.location='?tag='+encodeURIComponent(tag); \r\n }");
@@ -50,13 +50,13 @@ class HomeController extends BaseController
         $this->view->setView("App/Home/Index");
         $this->view->set("Model", $model);        
         
-        $inputs = HomeSearch::Tags();
+        $inputs = HomeSearch::Tags($this->request);
         $goals = $model->GetGoals($inputs);
         $this->view->set("Goals", $goals);
 
         IndexAuthContainer::Logins($this);
 
-        $uid = HomeSearch::MyUUID();
+        $uid = HomeSearch::MyUUID($this->request);
         $this->view->set("Uid", $uid);
 
         $bb = new BbCodeParser();
@@ -70,11 +70,11 @@ class HomeController extends BaseController
     public function Register(): ResponseInterface
     {
         $this->html->setActiveCrumb("Registion");
-        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]);
+        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]);
         
         $this->html->addCss("css/registration.css");
         $this->html->addJS("js/registration.js");
-        $this->html->setTitleAndHeader("Register");        
+        $this->html->setTitleAndHeader("Register");
         $this->view->set('html', $this->html);
         
         $this->view->setPhpTemplate('main');
@@ -89,7 +89,7 @@ class HomeController extends BaseController
     public function Login(): ResponseInterface
     {
         $this->html->setActiveCrumb("LogIn");
-        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]);
+        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]);
 
         Security::initSessions();
         
@@ -110,7 +110,7 @@ class HomeController extends BaseController
     public function Logout(): ResponseInterface
     {
         $this->html->setActiveCrumb("LogOut");
-        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]);
+        $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]);
 
         $this->html->setTitleAndHeader("Logged Out");
         
@@ -118,11 +118,11 @@ class HomeController extends BaseController
 
         $_SESSION = [];
         unset($_SESSION);
-
         session_destroy();
         
         $this->view->set('html', $this->html);
         $this->view->setPhpTemplate('main');
+        $this->view->setView("App/Home/Logout");
         $myView = $this->view->fetch($this);
         
         return $this->returnResponse($myView);

protected/src/LoadServices/on_Db.php

@@ -12,6 +12,7 @@ namespace IOcornerstone;
 
 use IOcornerstone\Framework\Configure;
 use IOcornerstone\Framework\Common;
+use IOcornerstone\ErrorCodes;
 
 class Database
 {
@@ -31,10 +32,12 @@ class Database
 
             $pdo = new \PDO($dsn, $this->user, $this->password, [\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION]);
         } catch (\PDOException $e) {
-            die('DB Connection failed');
+            echo ErrorCodes::getErrorCodeFor(ErrorCodes::DB_Connection_Error, $e, throwMe: true);
+        }
+        
+        if (isset($pdo)) {
+            Configure::set('db', $pdo);
         }
-
-        Configure::set('db', $pdo);
         
         Common::wipe($_ENV['DB_PASSWORD']);
         Common::wipe($this->password);

protected/src/LoadServices/on_HtmlFilter.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+/** 
+ * @author Robert Strutts
+ * @copyright (c) 2026, Robert Strutts
+ * @license MIT
+ */
+
+use IOcornerstone\Framework\Registry as Reg; 
+use IOcornerstone\Framework\Configure as Config; 
+
+Reg::get('di')->register('html_filter', function() {
+    
+    $use_file_cache = Config::get('html_purifier', "enable_file_caching") ?? false;    
+    return new IOcornerstone\Framework\Services\HtmlFilter(
+        $use_file_cache
+    );
+});

protected/src/LoadServices/on_Repository.php

@@ -6,6 +6,8 @@ declare(strict_types=1);
  * @author Robert Strutts
  * @copyright (c) 2026, Robert Strutts
  * @license MIT
+ * 
+ * Used for Database Connections...
  */
 
 namespace IOcornerstone;

protected/src/Views/Common/App/Home/Index.php

@@ -24,9 +24,10 @@ function end_of_the_line(): void
 </form>
 
 <h2>All Goals</h2>
+
 <?php foreach($Goals as $g): ?>
 <div class="goal-item">
-<a href="?g=<?= $g['uuid'] ?>"><b><?= htmlspecialchars($g['title']) ?></b></a>
+<a href="?g=<?= $g['uuid'] ?>"><b><?= $local->outputHTML::get($g['title']) ?></b></a>
 
 <?php
 $Tags = $Model->GetTags($g);
@@ -48,15 +49,15 @@ if ($goal === false) { end_of_the_line(); } else {
 ?>
 
 <hr>
-<h2><?= htmlspecialchars($goal['title']) ?></h2>
-<p><?= $Bb->parse(nl2br(htmlspecialchars($goal['description']))) ?></p>
+<h2><?= $local->outputHTML::get($goal['title']) ?></h2>
+<p><?= $Bb->parse(nl2br($local->outputHTML::get($goal['description']))) ?></p>
 
 <?php
 $stmt = $Model->GetVotes($goal);
 foreach($stmt as $a): ?>
 
 <div class="advice-box">
-<p><?= $Bb->parse(htmlspecialchars($a['content'])) ?></p>
+<p><?= $Bb->parse($local->outputHTML::get($a['content'])) ?></p>
 
 <div class="vote">👍 <span><?= $a['votes'] ?></span></div>
 
@@ -66,7 +67,7 @@ foreach($stmt as $a): ?>
 <?php
 $comments = $Model->GetComments($a);
 foreach($comments as $c): ?>
-<div class="comment"><?= $Bb->parse(htmlspecialchars($c['content'])) ?></div>
+<div class="comment"><?= $Bb->parse($local->outputHTML::get($c['content'])) ?></div>
 <?php endforeach; ?>
 </div>
 

protected/src/Views/Common/App/Home/Logout.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+/** 
+ * @author Robert Strutts
+ * @copyright (c) 2026, Robert Strutts
+ * @license MIT
+ */
+
+?>
+
+<h1><?= $html->getHeader(); ?></h1>
+
+<p>Thanks, for using the StickingToGoals.com site. I hope you enjoyed your stay...</p>

protected/src/composer.json

@@ -12,6 +12,7 @@
         }
     },
     "require": {
-        "vlucas/phpdotenv": "^5.6"
+        "vlucas/phpdotenv": "^5.6",
+        "ezyang/htmlpurifier": "^4.19"
     }
 }

protected/src/composer.lock

@@ -4,8 +4,69 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "1f06c8427699f747776f24f4389f751e",
+    "content-hash": "20810c164fd612d2733ce60863e76b0f",
     "packages": [
+        {
+            "name": "ezyang/htmlpurifier",
+            "version": "v4.19.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ezyang/htmlpurifier.git",
+                "reference": "b287d2a16aceffbf6e0295559b39662612b77fcf"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/b287d2a16aceffbf6e0295559b39662612b77fcf",
+                "reference": "b287d2a16aceffbf6e0295559b39662612b77fcf",
+                "shasum": ""
+            },
+            "require": {
+                "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0"
+            },
+            "require-dev": {
+                "cerdic/css-tidy": "^1.7 || ^2.0",
+                "simpletest/simpletest": "dev-master"
+            },
+            "suggest": {
+                "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
+                "ext-bcmath": "Used for unit conversion and imagecrash protection",
+                "ext-iconv": "Converts text to and from non-UTF-8 encodings",
+                "ext-tidy": "Used for pretty-printing HTML"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "library/HTMLPurifier.composer.php"
+                ],
+                "psr-0": {
+                    "HTMLPurifier": "library/"
+                },
+                "exclude-from-classmap": [
+                    "/library/HTMLPurifier/Language/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-2.1-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "Edward Z. Yang",
+                    "email": "admin@htmlpurifier.org",
+                    "homepage": "http://ezyang.com"
+                }
+            ],
+            "description": "Standards compliant HTML filter written in PHP",
+            "homepage": "http://htmlpurifier.org/",
+            "keywords": [
+                "html"
+            ],
+            "support": {
+                "issues": "https://github.com/ezyang/htmlpurifier/issues",
+                "source": "https://github.com/ezyang/htmlpurifier/tree/v4.19.0"
+            },
+            "time": "2025-10-17T16:34:55+00:00"
+        },
         {
             "name": "graham-campbell/result-type",
             "version": "v1.1.4",

public/assets/css/breadcrumbs.css

@@ -1,6 +1,6 @@
 /* Style the list */
 ul.breadcrumb {
-  padding: 10px 16px;
+  padding: 6px 8px;
   list-style: none;
   background-color: #eee;
 }
@@ -28,4 +28,11 @@ ul.breadcrumb li a {
 ul.breadcrumb li a:hover {
   color: #01447e;
   text-decoration: underline;
+}
+
+.homecrumb {
+  color: black; 
+  width: 14px; 
+  height: 14px;
+  padding-right: 5px;
 }

public/assets/css/index.css

@@ -53,6 +53,7 @@ input,textarea{
 }
 
 .auth-container {
+    float: right;
     display: flex;
     gap: 20px;
 }