Enhance VirtFusion WHMCS module with security fixes, new features, and improved UX

Security improvements:
- Enable SSL/TLS certificate verification by default (was disabled, MITM risk)
- Remove error_reporting(0) that silenced all errors
- Add input sanitization on all user parameters (int casting, regex filtering)
- Return proper HTTP status codes (401, 403, 400, 500) instead of always 200
- Add XSS protection with htmlspecialchars and encodeURIComponent
- Add null checks on API response data before property access

New features:
- Power management: boot, shutdown, restart, and force power off controls
- Server rebuild: reinstall with any available OS template from client area
- Server rename: change server display name via PATCH API
- OS template fetching: client-side endpoint for rebuild OS selection
- TestConnection: validate API credentials from WHMCS server settings
- ServiceSingleSignOn: native WHMCS SSO integration for VirtFusion panel
- Server status badge: visual indicator of server state in overview
- Traffic usage display: show bandwidth used vs allocated
- Checkout validation: ShoppingCartValidateCheckout hook ensures OS selection

Ordering process improvements:
- Add default "Select Operating System" placeholder option
- Add "No SSH Key (Optional)" default for SSH dropdown
- Hide SSH key field/container when no keys available
- Wrap hook in try/catch to prevent checkout page breakage
- Sanitize template names with htmlspecialchars
- Use JSON_HEX_* flags for safe script injection

Theme compatibility:
- Properly formatted Smarty templates with readable indentation
- Dual panel/card CSS classes for Bootstrap 3/4/5 compatibility
- Responsive power button layout with mobile breakpoint
- Framework-agnostic HTML that works with Six, Twenty-One, Lagom, and custom themes
- Suspended service state messaging

Code quality:
- Readable, unminified JavaScript with JSDoc header
- Structured CSS with logical section organization
- Improved error messages throughout all provisioning functions
- Added PATCH method support to Curl wrapper
- Added curl error capture on connection failures
- Added connection and request timeouts (10s/30s)
- Fixed memory conversion to check key name instead of display name

Documentation:
- Complete README rewrite with installation, configuration, and troubleshooting guides
- API endpoint reference table
- Configurable options mapping documentation
- Theme override instructions
- Security considerations section

https://claude.ai/code/session_01TCsJ4WZCGuEX3zqh1tQ2zx

modules/servers/VirtFusionDirect/VirtFusionDirect.php

@@ -5,6 +5,8 @@ if (!defined("WHMCS")) {
 }
 
 use WHMCS\Module\Server\VirtFusionDirect\ModuleFunctions;
+use WHMCS\Module\Server\VirtFusionDirect\Module;
+use WHMCS\Module\Server\VirtFusionDirect\Database;
 
 function VirtFusionDirect_MetaData()
 {
@@ -12,7 +14,7 @@ function VirtFusionDirect_MetaData()
         'DisplayName' => 'VirtFusion Direct Provisioning',
         'APIVersion' => '1.1',
         'RequiresServer' => true,
-        'ServiceSingleSignOnLabel' => false,
+        'ServiceSingleSignOnLabel' => 'Login to VirtFusion Panel',
         'AdminSingleSignOnLabel' => false,
     ];
 }
@@ -24,39 +26,85 @@ function VirtFusionDirect_ConfigOptions()
             "FriendlyName" => "Hypervisor Group ID",
             "Type" => "text",
             "Size" => "20",
-            "Description" => "The default hypervisor group ID",
+            "Description" => "The default hypervisor group ID for server placement.",
             "Default" => "1",
         ],
         "packageID" => [
             "FriendlyName" => "Package ID",
             "Type" => "text",
             "Size" => "20",
-            "Description" => "The package ID",
+            "Description" => "The VirtFusion package ID that defines server resources.",
             "Default" => "1",
         ],
         "defaultIPv4" => [
             "FriendlyName" => "Default IPv4",
             "Type" => "dropdown",
             "Options" => "0,1,2,3,4,5,6,7,8,9,10",
-            "Description" => "The default amount of IPv4 addresses to assign to the server.",
+            "Description" => "The default number of IPv4 addresses to assign to each server.",
             "Default" => "1",
         ],
     ];
 }
 
+function VirtFusionDirect_TestConnection(array $params)
+{
+    try {
+        $module = new Module();
+        $cp = $module->getCP($params['serverid']);
+
+        if (!$cp) {
+            return ['success' => false, 'error' => 'Unable to retrieve server configuration. Please verify the server hostname and access hash/password.'];
+        }
+
+        $request = $module->initCurl($cp['token']);
+        $data = $request->get($cp['url'] . '/connect');
+
+        $httpCode = $request->getRequestInfo('http_code');
+
+        if ($httpCode == 200) {
+            return ['success' => true, 'error' => ''];
+        }
+
+        if ($httpCode == 401) {
+            return ['success' => false, 'error' => 'Authentication failed. Please verify your API token is correct and has not expired.'];
+        }
+
+        if ($httpCode == 0) {
+            $curlError = $request->getRequestInfo('curl_error');
+            return ['success' => false, 'error' => 'Connection failed: ' . ($curlError ?: 'Unable to reach the VirtFusion server. Verify the hostname and that SSL certificates are valid.')];
+        }
+
+        return ['success' => false, 'error' => 'Unexpected response from VirtFusion API (HTTP ' . $httpCode . '). Please check the server configuration.'];
+    } catch (\Exception $e) {
+        return ['success' => false, 'error' => 'Connection test failed: ' . $e->getMessage()];
+    }
+}
+
 function VirtFusionDirect_AdminCustomButtonArray()
 {
-    $buttonarray = array(
+    return [
         "Update Server Object" => "updateServerObject",
-    );
-    return $buttonarray;
+    ];
+}
+
+function VirtFusionDirect_ServiceSingleSignOn(array $params)
+{
+    try {
+        $module = new Module();
+        $token = $module->fetchLoginTokens($params['serviceid']);
+
+        if ($token) {
+            return ['success' => true, 'redirectTo' => $token];
+        }
+
+        return ['success' => false, 'errorMsg' => 'Unable to generate a login token. The server may not be active or the VirtFusion API may be unreachable.'];
+    } catch (\Exception $e) {
+        return ['success' => false, 'errorMsg' => $e->getMessage()];
+    }
 }
 
 /**
- *
- *
  * Service functions
- *
  */
 function VirtFusionDirect_CreateAccount(array $params)
 {
@@ -86,7 +134,6 @@ function VirtFusionDirect_updateServerObject(array $params)
 /**
  * Allows changing of the package of a server
  *
- * @author https://github.com/BlinkohHost/virtfusion-whmcs-module
  * @param array $params
  * @return string
  */
@@ -108,4 +155,4 @@ function VirtFusionDirect_AdminServicesTabFieldsSave(array $params)
 function VirtFusionDirect_ClientArea(array $params)
 {
     return (new ModuleFunctions())->clientArea($params);
-}
+}