From 0bf30ff3627b3836ab5667a0a08fc23f8d6d40b2 Mon Sep 17 00:00:00 2001
From: Pinga <help@namingo.org>
Date: Tue, 1 Jul 2025 17:57:42 +0300
Subject: [PATCH] Fixed #223

---
 cp/bootstrap/helper.php | 9 +++++++++
 cp/env-sample           | 4 +++-
 docs/configuration.md   | 8 ++++++++
 docs/update1021.sh      | 2 ++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php
index c3a6412..e433d04 100644
--- a/cp/bootstrap/helper.php
+++ b/cp/bootstrap/helper.php
@@ -884,6 +884,15 @@ function checkPasswordComplexity($password) {
 }
 
 function checkPasswordRenewal($lastPasswordUpdateTimestamp) {
+    // Check if expiration should be skipped for this user
+    $skipList = envi('PASSWORD_EXPIRATION_SKIP_USERS');
+    if ($skipList) {
+        $skipUsers = array_map('trim', explode(',', $skipList));
+        if (in_array($_SESSION['auth_username'], $skipUsers, true)) {
+            return null;
+        }
+    }
+
     // Use configured or default password expiration days
     $passwordExpiryDays = envi('PASSWORD_EXPIRATION_DAYS') ?: 90; // Default to 90 days
 
diff --git a/cp/env-sample b/cp/env-sample
index c8f90fd..1816672 100644
--- a/cp/env-sample
+++ b/cp/env-sample
@@ -47,4 +47,6 @@ NICKY_API_KEY='nicky-api-key'
 SUMSUB_TOKEN=
 SUMSUB_KEY=
 
-TEST_TLDS=.test,.com.test
\ No newline at end of file
+TEST_TLDS=.test,.com.test
+
+PASSWORD_EXPIRATION_SKIP_USERS=admin,superadmin
\ No newline at end of file
diff --git a/docs/configuration.md b/docs/configuration.md
index f840e1e..c548ae7 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -104,6 +104,14 @@ PASSWORD_EXPIRATION_DAYS=180
 
 This will extend the password expiration to **180** days.
 
+If you wish to **exclude specific accounts from password expiration**, open `/var/www/cp/.env` and **edit the existing** `PASSWORD_EXPIRATION_SKIP_USERS` line (or add it if missing):
+
+```bash
+PASSWORD_EXPIRATION_SKIP_USERS=admin,superadmin
+```
+
+Add usernames separated by commas. These accounts will **not be subject to password expiration**.
+
 **How to Apply Changes**
 - Edit the `.env` file located at `/var/www/cp/.env`
 - Save the file and restart Caddy if necessary.
diff --git a/docs/update1021.sh b/docs/update1021.sh
index 8430a59..d4ed459 100644
--- a/docs/update1021.sh
+++ b/docs/update1021.sh
@@ -248,6 +248,8 @@ awk '
 
 echo "Automation config modified successfully."
 
+sed -i '/^TEST_TLDS/ a\\nPASSWORD_EXPIRATION_SKIP_USERS=admin,superadmin' /var/www/cp/.env
+
 # Start services
 echo "Starting services..."
 systemctl start epp