+ Accurate PHP CLI path in the CRON job setup page

Signed-off-by: Nicholas K. Dionysopoulos <nicholas@akeeba.com>

CHANGELOG

@@ -5,6 +5,7 @@ Akeeba Panopticon 1.2.3
 + Force MFA for specific user groups, superusers, or administrators [gh-723]
 + Option to treat MFA failures as login failures [gh-723]
 + Enforce a maximum number of MFA attempts [gh-723]
++ Accurate PHP CLI path in the CRON job setup page
 # [HIGH] Cannot connect to really old WordPress installations (WordPress 5.5 and earlier)
 # [HIGH] Cannot connect to old Akeeba Backup for WordPress (version 7)
 # [HIGH] PHP error when WordPress fails to provide version information

RELEASENOTES.md

@@ -1,14 +1,18 @@
 This version is a maintenance release. We implemented some new features to make your lives easier.
 
-**Optional environment variables-only configuration of containerized Panopticon** [gh-696]. You can now configure a containerized Panopticon installation (e.g. one running in Docker) using nothing but environment variables.
+**Domain registration and expiration warnings**. You can now see when the domain itself was registered, and when it's expiring. You can receive an email notification before the expiration of your domain name, so you have enough time to renew it.
 
-**Clear the cache when relinking a site to Akeeba Backup**. Not strictly necessary, but it should alleviate the need to click on the refresh button after relinking to Akeeba Backup before you see an up-to-date list of backup records for that site.
+**Force MFA for specific user groups, superusers, or administrators [gh-723]**. You can tell Panopticon to enforce use of Multi-factor Authentication for Superusers, Administrators, or specific user groups. Users with forced MFA who have not yet set up MFA on their accounts will be taken to a captive page which requires them to set up MFA before being allowed to proceed any further.
 
-**Do not log CMS Update Found more than once per version**. The site actions report would log the CMS update found every time Panopticon checked for an update. This was rather obnoxious and would effectively make useful information hard to find among the endless spam of that message if updates to a site were not installed right away.
+**Option to treat MFA failures as login failures [gh-723]**. You now have the option to treat Multi-factor Authentication failures as login failures for the purposes of automated IP blocking. This ensures that a malicious actor who has subverted the login information of a user will be locked out after a number of failed MFA attempts, preventing them from brute-forcing a weaker MFA method (e.g. six digit authenticator codes).
+
+**Enforce a maximum number of MFA attempts [gh-723]**. You can now set a limit on how many times a user can fail to provide a valid MFA method. Once that limit is reached the user is logged out. This ensures that a malicious actor who has subverted the login information of a user will not be able to brute force their way through a weaker MFA method (e.g. six digit authenticator codes) by adding this hurdle which greatly increases the necessary time and complexity of an attack to something impractical.
+
+**Accurate PHP CLI path in the CRON job setup page**. In the past we were using the generic placeholder `/path/to/php` to indicate that you needed to replace this with the path to PHP CLI given to you by your host. Unfortunately, many hosts have under-trained first level support staff which can't provide this information, and does not understand the difference between PHP CLI and PHP CGI. We have now added code which tries to identify the PHP CLI binary automatically using our experience of where these files are usually to be found on a very large sample of live and local server environments across all major operating systems (Windows, Linux, macOS, FreeBSD etc.). In most cases, the command line you are given will be one you can just copy and paste into your host's CRON management page without having to do any thinking, or contacting your host. Simplicity, yay!
 
 ## 🖥️ System Requirements
 
-* PHP 8.1, 8.2, or 8.3. PHP 8.3 recommended.
+* PHP 8.1, 8.2, or 8.3. PHP 8.3 recommended. Experimental support for the upcoming PHP 8.4 release.
 * MySQL 5.7 or later, or MariaDB 10.3 or later. MySQL 8.0 recommended.
 * Ability to run CRON jobs, either command-line (recommended) or URLs with a frequency of once every minute, and an execution time of at least 30 seconds (up to 180 seconds is strongly preferred).
 * Obviously, the server it runs on must be connected to the Internet, so it can communicate with your sites.
@@ -19,13 +23,7 @@ Development of Akeeba Panopticon takes place _in public_. You can see what we're
 
 ## 📋 CHANGELOG
 
-* ✨ Optional environment variables-only configuration of containerized Panopticon [gh-696]
-* ✨ Clear the cache when relinking a site to Akeeba Backup
-* ✏️ Do not log CMS Update Found more than once per version
-* 🐞 Repeated emails for WordPress plugin updates
-* 🐞 Wrong lang string used in WordPress plugin/theme update emails
-* 🐞 PHP warnings running Connection Doctor on WordPress sites
-* 🐞 Wrong "email" label on Backup options [gh-771]
+**TBD**
 
 Legend:
 

ViewTemplates/Setup/cron.php

@@ -12,7 +12,8 @@
 /** @var \Akeeba\Panopticon\View\Setup\Html $this */
 
 $whatsNextClass = ($hideWhatsNext ?? false) ? 'd-none' : '';
-
+$phpPath        = \Akeeba\PHPFinder\PHPFinder::make()->getBestPath(PHP_VERSION);
+$displayPhpPath = $phpPath ?? (PHP_OS_FAMILY === 'Windows' ? 'C:\\path\\to\\php.exe' : '/path/to/php');
 ?>
 
 <!-- Instructions -->
@@ -58,11 +59,13 @@ class="nav-link" id="webTab"
 						<?= $this->getLanguage()->text('PANOPTICON_SETUP_LBL_CRON_CLI_CREATE_A_JOB') ?>
 					</p>
 					<p>
-						<code><i>/path/to/php</i> <?= APATH_ROOT ?>/cli/panopticon.php task:run --loop >/dev/null 2>&1</code>
+						<code><i><?= $displayPhpPath ?></i> <?= APATH_ROOT ?>/cli/panopticon.php task:run --loop >/dev/null 2>&1</code>
 					</p>
+					<?php if ($phpPath === null): ?>
 					<p>
 						<?= $this->getLanguage()->sprintf('PANOPTICON_SETUP_LBL_CRON_REPLACE_PHP_CLI', PHP_VERSION) ?>
 					</p>
+					<?php endif ?>
 					<p class="small text-muted">
 						<?= $this->getLanguage()->text('PANOPTICON_SETUP_LBL_CRON_IF_UNSURE') ?>
 					</p>

composer.json

@@ -40,6 +40,7 @@
 		"ext-zip": "*",
 		"akeeba/awf": "dev-development",
 		"akeeba/json-backup-api": "^1.0.0",
+		"akeeba/phpfinder": "@dev",
 		"akeeba/stats_collector": "dev-main",
 		"cesargb/php-log-rotation": "^2.7.1",
 		"chillerlan/php-qrcode": "^5.0.0",