release(v3.11.1): shared-hosting worker fallback and deleted-user session invalidation (closes #110)

- transfer(shared-hosting): fall back from shell_exec to exec or foreground workers so move/copy/zip jobs stay usable on restrictive hosts (#110)
- compat(shell): degrade ClamAV, archive, and admin diagnostics paths cleanly when PHP command execution is unavailable
- auth(delete-user): invalidate deleted-account sessions and revoke remember-me tokens so removed users cannot regain access on subsequent requests

Author: error311

CHANGELOG.md

@@ -1,5 +1,37 @@
 # Changelog
 
+## Changes 03/24/2026 (v3.11.1)
+
+`release(v3.11.1): shared-hosting worker fallback and deleted-user session invalidation (closes #110)`
+
+**Commit message**  
+
+```text
+release(v3.11.1): shared-hosting worker fallback and deleted-user session invalidation (closes #110)
+
+- transfer(shared-hosting): fall back from shell_exec to exec or foreground workers so move/copy/zip jobs stay usable on restrictive hosts (#110)
+- compat(shell): degrade ClamAV, archive, and admin diagnostics paths cleanly when PHP command execution is unavailable
+- auth(delete-user): invalidate deleted-account sessions and revoke remember-me tokens so removed users cannot regain access on subsequent requests
+```
+
+**Fixed**  
+
+- **Shared-hosting transfer compatibility**
+  - Fixed a case where move/copy jobs could fail with `500` on hosts that disable `proc_open()` / `shell_exec()` and similar process-launch functions, leaving folder operations unusable.
+  - FileRise now falls back to safer worker-launch paths and foreground execution where appropriate so transfer and ZIP workflows remain usable on more restrictive shared-hosting environments.
+
+- **Deleted-account session invalidation**
+  - Fixed a case where a deleted account could continue using an already-established session until the PHP session expired or the web service was restarted.
+  - Deleted users can no longer regain access through remember-me restoration, and user deletion now revokes stored remember-me tokens for that account.
+
+**Changed**  
+
+- **Shell-dependent feature degradation**
+  - Shell-backed features now report clearer host limitations when PHP command execution is unavailable instead of failing with less actionable worker or command errors.
+  - ClamAV diagnostics, archive operations, and related admin/runtime checks now degrade more cleanly on locked-down hosts.
+
+---
+
 ## Changes 03/20/2026 (v3.11.0)
 
 `release(v3.11.0): snippet ownership enforcement and phpseclib security update`

config/config.php

@@ -155,6 +155,18 @@
         define('FR_WEBDAV_MAX_UPLOAD_BYTES', 0);
     }
 }
+// Background worker mode for transfer / zip / scan jobs.
+// auto  = prefer background workers, fallback when unavailable
+// async = require background workers
+// sync  = force foreground execution where supported
+if (!defined('FR_WORKER_MODE')) {
+    $envVal = getenv('FR_WORKER_MODE');
+    $mode = strtolower(trim($envVal === false ? '' : (string)$envVal));
+    if (!in_array($mode, ['auto', 'async', 'sync'], true)) {
+        $mode = 'auto';
+    }
+    define('FR_WORKER_MODE', $mode);
+}
 // Antivirus / ClamAV (optional)
 // If VIRUS_SCAN_ENABLED is set in the environment, it overrides the admin setting.
 // If it is not set, we don't define the constant and the admin checkbox controls scanning.
@@ -342,6 +354,38 @@ function loadUserPermissions($username)
     return is_array($row) ? $row : false;
 }
 
+function fr_local_user_exists($username): bool
+{
+    $username = trim((string)$username);
+    if ($username === '') {
+        return false;
+    }
+
+    return \FileRise\Domain\UserModel::getUserRole($username) !== null;
+}
+
+function fr_forget_authenticated_user(bool $clearRememberCookie = false): void
+{
+    if ($clearRememberCookie && !empty($_COOKIE['remember_me_token']) && class_exists(\FileRise\Domain\AuthModel::class)) {
+        $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
+        \FileRise\Domain\AuthModel::revokeRememberToken((string)$_COOKIE['remember_me_token']);
+        setcookie('remember_me_token', '', time() - 3600, '/', '', $secure, true);
+        unset($_COOKIE['remember_me_token']);
+    }
+
+    unset(
+        $_SESSION['authenticated'],
+        $_SESSION['username'],
+        $_SESSION['isAdmin'],
+        $_SESSION['folderOnly'],
+        $_SESSION['readOnly'],
+        $_SESSION['disableUpload'],
+        $_SESSION['pending_login_user'],
+        $_SESSION['pending_login_secret'],
+        $_SESSION['pending_login_remember_me']
+    );
+}
+
 // Determine HTTPS usage
 $envSecure = getenv('SECURE');
 $secure = ($envSecure !== false)
@@ -394,6 +438,10 @@ function loadUserPermissions($username)
     $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
 }
 
+if (!empty($_SESSION['authenticated']) && !fr_local_user_exists((string)($_SESSION['username'] ?? ''))) {
+    fr_forget_authenticated_user(true);
+}
+
 // Auto-login via persistent token
 if (empty($_SESSION["authenticated"]) && !empty($_COOKIE['remember_me_token'])) {
     $payload = \FileRise\Domain\AuthModel::consumeRememberToken($_COOKIE['remember_me_token']);

src/FileRise/Domain/AuthModel.php

@@ -15,6 +15,11 @@ class AuthModel
     private const FAIL2BAN_LOG_MAX_BYTES = 50 * 1024 * 1024;
     private const FAIL2BAN_LOG_MAX_FILES = 5;
 
+    public static function userExists(string $username): bool
+    {
+        return UserModel::getUserRole($username) !== null;
+    }
+
     public static function isOidcDemoteAllowed(): bool
     {
     // 1) Container / env always wins if set
@@ -586,6 +591,13 @@ public static function validateRememberToken(string $token): ?array
             return null;
         }
 
+        $username = (string)($payload['username'] ?? '');
+        if ($username === '' || !self::userExists($username)) {
+            unset($all[$hash], $all[$token]);
+            self::saveRememberTokenStore($all);
+            return null;
+        }
+
         return $payload;
     }
 
@@ -632,6 +644,15 @@ public static function consumeRememberToken(string $token): ?array
             return null;
         }
 
+        if (!self::userExists($username)) {
+            unset($all[$hash]);
+            if ($legacyKey !== null) {
+                unset($all[$legacyKey]);
+            }
+            self::saveRememberTokenStore($all);
+            return null;
+        }
+
         $expiry = (int)$payload['expiry'];
         $isAdmin = !empty($payload['isAdmin']);
 
@@ -713,6 +734,27 @@ public static function revokeRememberToken(string $token): void
         }
     }
 
+    public static function revokeRememberTokensForUser(string $username): void
+    {
+        $all = self::loadRememberTokenStore();
+        if (!$all) {
+            return;
+        }
+
+        $changed = false;
+        foreach ($all as $key => $payload) {
+            $storedUser = is_array($payload) ? (string)($payload['username'] ?? '') : '';
+            if ($storedUser !== '' && strcasecmp($storedUser, $username) === 0) {
+                unset($all[$key]);
+                $changed = true;
+            }
+        }
+
+        if ($changed) {
+            self::saveRememberTokenStore($all);
+        }
+    }
+
     protected static function rememberTokenHash(string $token): string
     {
         $key = $GLOBALS['encryptionKey'] ?? '';

src/FileRise/Domain/DiskUsageScanLauncher.php

@@ -4,6 +4,7 @@
 
 namespace FileRise\Domain;
 
+use FileRise\Support\WorkerLauncher;
 use RuntimeException;
 
 require_once PROJECT_ROOT . '/config/config.php';
@@ -32,6 +33,9 @@ public static function launch(string $sourceId = ''): array
 
         $pid = self::launchBackground($php, $worker, $logFile, $sourceId);
         if ($pid <= 0) {
+            if (!WorkerLauncher::allowsForegroundFallback()) {
+                throw new RuntimeException('Background disk usage worker is unavailable in async mode.');
+            }
             self::launchForeground($php, $worker, $logFile, $sourceId);
             $pid = null;
         }
@@ -55,49 +59,38 @@ private static function resolveWorkerPath(): string
 
     private static function resolvePhpCli(): string
     {
-        $candidates = array_values(array_filter([
-            PHP_BINARY ?: null,
-            '/usr/local/bin/php',
-            '/usr/bin/php',
-            '/bin/php',
-        ]));
-
-        foreach ($candidates as $bin) {
-            $rc = 1;
-            $out = [];
-            @exec(escapeshellcmd((string)$bin) . ' -v >/dev/null 2>&1', $out, $rc);
-            if ($rc === 0) {
-                return (string)$bin;
-            }
+        $php = WorkerLauncher::resolvePhpCli();
+        if ($php) {
+            return $php;
         }
 
         throw new RuntimeException('No working php CLI found.');
     }
 
     private static function launchBackground(string $php, string $worker, string $logFile, string $sourceId): int
     {
+        if (WorkerLauncher::prefersSync()) {
+            return 0;
+        }
+
         $cmdStr =
             'nohup ' . escapeshellcmd($php) . ' ' . escapeshellarg($worker) .
             ($sourceId !== '' ? (' ' . escapeshellarg($sourceId)) : '') .
             ' >> ' . escapeshellarg($logFile) . ' 2>&1 & echo $!';
 
-        $pidRaw = @shell_exec('/bin/sh -c ' . escapeshellarg($cmdStr));
-        return is_string($pidRaw) ? (int)trim($pidRaw) : 0;
+        $spawn = WorkerLauncher::spawnBackgroundShell($cmdStr);
+        return !empty($spawn['ok']) ? (int)($spawn['pid'] ?? 0) : 0;
     }
 
     private static function launchForeground(string $php, string $worker, string $logFile, string $sourceId): void
     {
-        $rc = 1;
-        $out = [];
-        @exec(
+        $run = WorkerLauncher::runForegroundCommand(
             escapeshellcmd($php) . ' ' . escapeshellarg($worker) .
             ($sourceId !== '' ? (' ' . escapeshellarg($sourceId)) : '') .
-            ' >> ' . escapeshellarg($logFile) . ' 2>&1',
-            $out,
-            $rc
+            ' >> ' . escapeshellarg($logFile) . ' 2>&1'
         );
 
-        if ($rc !== 0) {
+        if (empty($run['ok'])) {
             throw new RuntimeException('Failed to launch disk usage scan (exec/whitelist issue?). See log: ' . $logFile);
         }
     }

src/FileRise/Domain/FileModel.php

@@ -6,6 +6,7 @@
 use FileRise\Support\CryptoAtRest;
 use FileRise\Support\FS;
 use FileRise\Support\UploadNamePolicy;
+use FileRise\Support\WorkerLauncher;
 use FileRise\Storage\StorageAdapterInterface;
 use FileRise\Storage\SourceContext;
 use FileRise\Storage\StorageRegistry;
@@ -1850,11 +1851,18 @@ public static function extractZipArchive($folder, $files)
             return ['name' => '', 'type' => null, 'mapped' => null];
         };
 
+        $archiveExecAvailable = WorkerLauncher::canRunForeground();
+        $archiveExecError = 'Archive operations for this format are unavailable on this host because PHP command execution (exec) is disabled.';
+
         $sevenZipBin = null;
-        $findSevenZip = function () use (&$sevenZipBin): ?string {
+        $findSevenZip = function () use (&$sevenZipBin, $archiveExecAvailable): ?string {
             if ($sevenZipBin !== null) {
                 return $sevenZipBin ?: null;
             }
+            if (!$archiveExecAvailable) {
+                $sevenZipBin = '';
+                return null;
+            }
             $candidates = [
                 '7zz',
                 '/usr/bin/7zz',
@@ -1889,10 +1897,14 @@ public static function extractZipArchive($folder, $files)
         };
 
         $unarBin = null;
-        $findUnar = function () use (&$unarBin): ?string {
+        $findUnar = function () use (&$unarBin, $archiveExecAvailable): ?string {
             if ($unarBin !== null) {
                 return $unarBin ?: null;
             }
+            if (!$archiveExecAvailable) {
+                $unarBin = '';
+                return null;
+            }
             $candidates = [
                 'unar',
                 '/usr/bin/unar',
@@ -2355,7 +2367,9 @@ public static function extractZipArchive($folder, $files)
 
             $sevenZip = $findSevenZip();
             if (!$sevenZip) {
-                $errors[] = "7z is not available on the server; cannot extract $archiveBase.";
+                $errors[] = !$archiveExecAvailable
+                    ? "$archiveBase blocked: {$archiveExecError}"
+                    : "7z is not available on the server; cannot extract $archiveBase.";
                 $allSuccess = false;
                 continue;
             }

src/FileRise/Domain/GatewayTestService.php

@@ -6,6 +6,7 @@
 
 use FileRise\Storage\SourceContext;
 use FileRise\Support\FS;
+use FileRise\Support\WorkerLauncher;
 use RuntimeException;
 
 require_once PROJECT_ROOT . '/config/config.php';
@@ -105,8 +106,8 @@ public static function run(string $id, bool $includeSecrets = false): array
     private static function findRclonePath(): string
     {
         $rclonePath = '';
-        if (function_exists('shell_exec')) {
-            $out = @shell_exec('command -v rclone 2>/dev/null');
+        $out = WorkerLauncher::captureCommand('command -v rclone 2>/dev/null');
+        if (is_string($out)) {
             $rclonePath = is_string($out) ? trim($out) : '';
         }