История коммитов

Move registration moderation to RegistrationModerationController:
list pending (preg=0) + approve/approve-all/delete/delete-all/delete-by-ip.
Add RegistrationModerationRepositoryInterface (Eloquent User/IpHistory),
GetPendingRegistrations/Approve/Delete use cases and RegistrationRowMapper
(adds raw integer IP for the remove-by-IP action). Convert GET ?mod= mutations
to POST forms with CSRF and PRG redirects. Remove includes/reg.php and the
dispatcher entry; point both sidebars at /admin/registrations.

Move language management to LanguagesController (rights>=9 super-group):
index/save (default language + list rescan), manage, install/update/delete.
Replace the static Languages.php with injectable use cases and infrastructure
adapters: FileSystemLanguageFilesManager (scan/remove/writability) and
HttpLanguageCatalog (external johncms.com catalog + zip install) behind domain
interfaces. Config writes reuse SystemConfigRepositoryInterface. Convert
install/update/delete GET links to POST forms with CSRF; add PRG redirects.
Remove includes/languages/, Languages.php and the dispatcher entry; point both
sidebars at /admin/languages.

Move smilies cache rebuild to EmoticonsController (GET landing /admin/emoticons
+ POST /admin/emoticons rebuild). Scan filesystem behind SmiliesScannerInterface
(FileSystemSmiliesScanner) and persist via SmiliesCacheRepositoryInterface
(FileSmiliesCacheRepository), preserving the existing serialized cache contract.
Add CSRF and PRG redirect (legacy rebuilt on plain GET). Remove includes/emoticons.php
and its dispatcher entry; point both sidebars at /admin/emoticons.

Move system settings to SystemSettingsController (GET/POST /admin/settings).
Introduce the rights>=9 gate pattern: SuperAdminAccessMiddleware mirrors
AdminAccessMiddleware with the SUPER_ADMIN threshold and is self-contained,
since group middleware does not propagate into nested route groups. Settings
live in a nested super-group; future rights>=9 actions go there too. Extract
the theme list behind ThemeListProviderInterface. Reuse the config writer; add
CSRF and PRG redirect. Remove includes/settings.php and its dispatcher entry;
point both sidebars at /admin/settings.

Move antiflood settings to AntifloodSettingsController (GET/POST /admin/antiflood).
Reuse the config writer (SystemConfigRepositoryInterface) introduced for the
modules-access page; clamp ranges in UpdateAntifloodSettingsUseCase. Add CSRF
and PRG redirect (legacy had neither). Remove includes/antiflood.php and its
dispatcher entry; point both sidebars at /admin/antiflood.

Move ?act=access to GET/POST /admin/modules-access in the admin group.
Introduce a reusable config writer (SystemConfigRepositoryInterface +
FileSystemConfigRepository writing the johncms key to system.local.php,
throwing ConfigWriteException on failure) for the upcoming settings pages.
UpdateModulesAccessUseCase + ModulesAccessDTO carry the eight access flags.

Add CSRF protection to the form and switch to PRG (flash + redirect) on
success. Both sidebars now link to /admin/modules-access.

Move the ?act=ban_panel list to GET /admin/bans (+ /admin/bans/by-violations)
in the admin group. GetBanListUseCase + BanListRepositoryInterface with
EloquentBanListRepository (User joined to the most-recent ban per user via
joinSub, correlated bancount). BanListRowMapper composes AdminUserRowMapper
with active-ban highlight and violations-history button.

Amnesty (write, rights >= 9) is left in the legacy include for now (phase 4);
the Amnesty button points to /admin/ban_panel/?mod=amnesty. Both sidebars
now link to /admin/bans.

Move ?act=search_ip to GET /admin/ip-search (+ /admin/ip-search/history)
in the admin group. IP range parsing (single/range/mask) extracted to
IpRangeParser; SearchUsersByIpUseCase + IpSearchRepositoryInterface with
EloquentIpSearchRepository (paginateUsers, paginateHistory via joinSub on
most-recent history record). Switch the search form from POST to GET.

Rename /admin/search_ip to /admin/ip-search and update all link generators
across forum, downloads, mail, news, guestbook, profile, online and the
central User/GuestSession mutators and UserProperties.

Move ?act=ip_whois to GET /admin/ip-whois (admin.ip_whois) in the admin
group. Controller in Application/Controllers/Ip/; fsockopen logic extracted
to Infrastructure/Whois/SocketWhoisClient behind WhoisClientInterface.
Highlighting and nl2br moved to the template after output escaping.
Update whois links in UserMutators and online IpController to the new URL.

- Add UserListController (GET /admin/users[/by-nick|/by-ip]) backed by GetUserListUseCase + UserListResultDTO
- Add UserListSort enum (whitelisted sort columns) and UserListRepositoryInterface + EloquentUserListRepository (paginate preg=1)
- Reuse AdminUserRowMapper for table rows; paginate via Tools::displayPagination + PageMeta
- Remove legacy includes/userlist.php and its $actions entry; point both sidebars to /admin/users
- Pagination total now counts approved users only (matches the listed set), fixing the legacy count-all mismatch