A forward-looking plan for upcoming features, improvements, and maintenance of the DataDock self-hosted file manager. Items are grouped by area; checkboxes indicate implementation status.
Legend: ✓ Done · — Planned
✅ User & Account Settings
Status
Feature
Description
✓
User registration, login, and dashboard
Core auth and user home.
✓
Session-based authentication
Native PHP sessions.
✓
Change user roles and delete users (admin only)
Role management in admin panel.
✓
Enable/disable user registration
Site-wide registration toggle.
✓
Optional guest uploads with quota enforcement
File count and size limits for unauthenticated uploads.
✓
Enforce max storage and file limits per user
Per-user quotas.
✓
User account & profile system
Profile page and editable account details; profile statistics (files, storage, downloads, sharing, file types).
✓
Public user profile page
View by username (user.php); avatar, bio, stats, public files list; usernames site-wide link to profile.
✓
Profile avatar and bio
Optional avatar (URL or upload), bio (500 chars); profile completion reminder when empty.
✓
Public file browsing
Anonymous access to uploads when enabled; public files on homepage.
✓
Default file expiry duration setting
Site default for new uploads (e.g. 1 hour, 1 day, never).
✓
Enforce unique email toggle
Strict (unique email) vs relaxed (username only unique).
✓
Invite-only registration
Signups only via link/token created by admin.
✓
Password reset flow
Admin-initiated or token-based reset for forgotten passwords.
✓
User-to-user file sharing
Share files with specific usernames; "Shared with You" on dashboard.
🗂️ File Upload & Storage Settings
Status
Feature
Description
✓
File upload with optional expiry
Per-file expiry at upload time.
✓
Auto-thumbnail generation for image files
Thumbnails via GD; toggle in settings.
✓
Upload file size validation
Frontend and backend validation.
✓
Drag-and-drop + preview file upload
Hero and card-style upload UI with progress.
✓
Date/time storage in UTC
Stored in UTC with frontend conversion.
✓
Max number of files per user
Configurable file count limit.
✓
Max total storage per user (quota)
Total bytes per user.
✓
File management view for all users
Admin panel file list and actions.
✓
Bulk actions on dashboard
Multi-select: zip download, toggle public/private, delete.
✓
Allowed file types
Restrict by extension and/or MIME type.
✓
Enable/disable thumbnail generation
Site setting to turn thumbnails off.
✓
Custom storage path support
Uploads and thumbnails outside web root.
✓
File upload progress bar
Progress feedback during upload.
✓
Zip multiple files for download
Multi-select and download as single .zip.
✓
Download as QR code
QR code for one-time link (e.g. mobile sharing).
✓
One-time download links
Token-based link that expires after one use.
✓
File checksum display
MD5 and SHA256 with copy buttons.
✓
Terms of Service / Acceptable Use
Configurable ToS; users must accept before uploading.
✓
Download counter per file
Count and display downloads.
✓
File search and filter
Search by filename, date, type; filter by visibility, expiry.
✓
File metadata editing
Rename, change expiry, add description without re-upload.
✓
Soft delete / trash
Deleted files in trash, restorable for a period.
✓
Folders
Nested folders per user; breadcrumb, create, move; uploads can target a folder (upload.php?folder=).
✓
Tags
Comma-separated tags on edit file; optional tag filter on dashboard; can disable in settings.
✓
SHA-256 deduplication
Optional per storage partition (storage_objects); identical content shares one blob; refs decremented on delete/purge.
✓
Partition-aware storage paths
includes/storage.php resolves paths for downloads, thumbnails, ZIP, one-time links, uploads, delete/purge across partitions.
Status
Feature
Description
✓
Admin panel with user and file management
Central admin UI.
✓
Update site settings with card-based layout
Grouped sections: General, User Permissions, Storage, etc.
✓
File size and storage inputs with units
Bytes, KB, MB, GB selectors; optional .user.ini override for PHP upload limits.
✓
Enable/disable brute force protection
Configurable thresholds and lockout.
✓
Configure guest upload limits
Max files and storage for guests.
✓
Manual purging of expired files
Purge with stats.
✓
View all uploaded files with summary stats
File list with delete/download options.
✓
Reset site to post-install state
Remove all users, files, settings except admin.
✓
Sidebar-based admin panel UI
Clear navigation.
✓
Maintenance mode toggle
Admin-only access when enabled.
✓
Debug mode toggle
Control PHP error display (disable in production).
✓
Log file path and verbosity setting
File-based logging with level.
✓
Site stats overview
Uploads, storage, user count, file types, expiring soon.
✓
Activity / audit log
activity_log + Admin → Activity log; actor, file, detail JSON, IP; optional purge of entries older than N days.
✓
Storage / quota alerts
Site Settings → Operational alerts; warnings on partition disk usage and user/guest quota approach; shown on Admin → Overview.
✓
Backup / export
Admin → Backup & integrity: full SQL dump or JSON files metadata (backup_download.php).
✓
Hotlink log
Optional referer logging for downloads, ZIP, thumbnails, avatars from other hostnames; Admin → Hotlink log; Site Settings → Hotlink monitoring.
✓
Storage partitions
Admin UI: multiple roots, default partition, per-user assignment; usage listing.
💬 Interface & Branding Settings
Status
Feature
Description
✓
Install.php warning if not deleted
Toggleable in settings.
✓
Custom logo and favicon URLs
Branding in site settings.
✓
Welcome banner or message field
Editable homepage message.
✓
Install.php warning toggle
Turn warning off if needed.
✓
Dark mode / light mode UI toggle
Theme switcher; preference via cookie.
✓
Responsive layout
Sections and file tables scale; horizontal scroll on small screens.
—
Localization/multilanguage support
Multiple languages; string extraction and locale selection.
—
Mobile responsiveness refinements
Extra polish on small screens.
✓
Accessibility (WCAG) improvements
Improve accessibility.
✓
Custom file icons
Flat SVG icons per type; custom URLs in settings.
📧 Email / Notification Settings
Status
Feature
Description
✓
Admin contact email field
Shown in footer and admin sidebar.
—
Email notifications on upload, expiry, etc.
Notify users or admin on events.
—
SMTP configuration
Host, port, user, pass, encryption.
—
Email registration confirmation
Confirm email on signup.
Status
Feature
Description
✓
Secure password hashing
password_hash (bcrypt/argon2).
✓
Session management and role-based access
Sessions and role checks.
✓
config/ directory secured via .htaccess
Protect config from web access.
✓
CSRF-safe architecture
Form-only POST; tokens where needed.
✓
Brute-force login protection
Configurable limits and lockout window.
—
CAPTCHA on login/register forms
Reduce automated abuse.
✓
Rate limiting on uploads
Throttle upload frequency per user or IP.
✓
Session timeout duration setting
Configurable session lifetime.
Status
Feature
Description
✓
Version display in admin panel / footer
Show current version.
✓
One-click update system
GitHub release fetcher with semver comparison.
✓
Changelog viewer
Most recent changelog section and release notes in admin.
Status
Feature
Description
✓
Users can report files
Report files for malicious or inappropriate content.
✓
Admin handling of reports
Review, dismiss, and take moderation action.
🔐 Access Control (Stronger, Still Simple)
Improvements that keep access control simple while adding stronger options (v2.3.0).
Status
Feature
Description
✓
Per-file access passwords
Optional password gate before download; no full encryption. Edit file + session unlock on download.php / thumbnails.
✓
IP-restricted downloads
Restrict anonymous downloads to listed IPs/CIDR (JSON on files.ip_allowlist). Owners and logged-in shared access bypass.
✓
Download expiration by count + time
download_tokens: max_uses, use_count, expires_at. Share link (token) flow (create_onetime.php).
✓
Signed URLs
Time-limited HMAC (download.php?id=&exp=&sig=), secret in app_secrets. Signed link (create_signed.php).
🛠️ Operational Robustness
Admin and ops tools without introducing daemons or heavy infrastructure.
Status
Feature
Description
✓
Background purge via cron
scripts/datadock-cron-purge.php; purges expired files and trash past retention; flags --no-trash / --no-expired; shared logic with Admin purge (includes/purge_ops.php).
✓
Disk usage integrity checker
Admin → Backup & integrity: scan uploads vs database per partition (DB rows missing on disk; on-disk blobs not in DB).
✓
File integrity verification
Verify MD5/SHA256 vs bytes on disk (optional row limit); re-hash from disk to update DB (optional limit).
✓
Storage partition support
Multiple roots (storage_partitions); user assignment; default partition; empty root inherits custom storage base path.
🛡️ Security Hardening (Minimal)
Additional hardening with minimal complexity.
Status
Feature
Description
✓
Content-Disposition enforcement
Force download for risky types to prevent inline execution.
✓
Optional file extension rewriting
Store files without original extension; restore on download.
✓
Upload quarantine mode
New uploads invisible until admin approval (for public instances).
✓
Automatic MIME anomaly detection
Flag when extension and MIME type disagree for admin review.
✓
Upload hardening (v2.0.0)
Reject dangerous filename segments; MIME + magic-byte checks for images; scan image/SVG bodies for embedded PHP; expanded forbidden extensions; upload UI mirrors checks.
👤 User Trust & Transparency
Lightweight transparency and control for users (v2.3.0).
Status
Feature
Description
✓
User activity page
Activity nav: uploads list, file_download_events tail, IP / optional country (e.g. CF-IPCountry).
✓
Storage usage graph
user_storage_snapshots (hourly cap), line chart on Activity page.
✓
Data export
export_data.php : JSON with account, files metadata, own activity log rows, download events for owned files.
Light collaboration without a full folder/collab system.
Status
Feature
Description
✓
Temporary share folders
One share container, multiple files, one link, expiry (no full folder system).
✓
Comment field per file
Optional recipient note per file on share-folder page (v2.4+).
Makes DataDock easier to deploy and operate in production environments.
Status
Feature
Description
✓
CLI installer
scripts/datadock-install.php (alongside web install.php).
✓
Environment-based config override
DATADOCK_* env vars via includes/settings_loader.php.
✓
Docker support
Dockerfile and docker-compose.example.yml.
✓
Health check endpoint
health.php returns JSON for uptime monitoring.
⏱️ Rate Limiting (Extended)
Status
Feature
Description
✓
Per-IP upload throttling
Throttle uploads per IP or per account.
✓
Adaptive cooldown
Progressive slowdown for repeated failed logins from one IP across usernames.
📥 Archive / Read-Only Mode
Status
Feature
Description
✓
Read-only instance mode
Admin toggle + DATADOCK_READ_ONLY; no uploads, no new accounts, downloads only.
🔗 Automation & Integrations
Scripting and external systems without requiring email.
Status
Feature
Description
—
HTTP webhooks
POST callbacks for selected events (e.g. upload, share created, expiry warning); optional signing secret.
—
Scoped API tokens
Issued per user or admin; rate-limited access for automation.
—
Minimal JSON API
Authenticated endpoints for common operations (e.g. list, upload) aligned with CLI and container use.
📡 Observability (Extended)
Beyond the health check planned in System Maturity .
Status
Feature
Description
—
Structured JSON logging
Optional machine-readable log lines for aggregation stacks (e.g. ELK, Loki).
—
Metrics endpoint
Counters/gauges or Prometheus exposition; complements /health for monitoring.
👤 Account Security (Extended)
Status
Feature
Description
—
TOTP two-factor authentication
Authenticator-app 2FA; typically admin-first, then optional for all users.
—
Session / device management
e.g. list active sessions and revoke others (optional; schedule with 2FA or later).
🌐 HTTP & Deployment Security
Status
Feature
Description
✓
Documented security headers
PHP modes + README; nginx/apache examples under examples/ (v2.5+).
For release history and detailed changes, see CHANGELOG.md .