📖Game Management App
The most complete web-based administration panel for FiveM servers. Manage players, economy, vehicles, societies, licenses, inventories, and much more — with native support for ESX Legacy, QBCore, QBo
Overview
XeX Panel is a self-hosted PHP administration panel that connects directly to your FiveM server database. It provides a modern, secure interface for your staff to manage every aspect of your server — from player data and economy, to advanced business intelligence and anomaly detection.
Key highlights:
Zero dependencies on FiveM resources — works directly with your database
Framework-agnostic architecture through configurable table/column mapping
Full role-based access control with granular permissions
Enterprise-grade security (CSRF, XSS, prepared statements, rate limiting)
Multi-endpoint webhook system (Discord, Slack, generic JSON)
Complete audit trail for all staff actions
Supported Frameworks
ESX Legacy
✅ Full native support
Pre-configured. Zero modifications needed.
QBCore
✅ Full native support
Pre-configured. Auto-detects players table and citizenid.
QBox
✅ Compatible
QBox uses the same DB schema as QBCore. Select QBCore during installation.
Custom
✅ Configurable
Full manual table/column mapping via config.php.
How framework detection works
During installation, the auto-installer analyzes your database:
If it finds a
userstable withidentifierandaccountscolumns → ESXIf it finds a
playerstable withcitizenidcolumn → QBCore / QBoxOtherwise → Custom (manual configuration required)
QBox users: QBox is a modern fork of QBCore that maintains the same database schema. Select
qbcoreas your framework, and the panel will work out of the box.
Framework table mapping
The panel uses a $DB_TABLES mapping array in config.php that translates abstract keys into your actual database table/column names. This is what makes the panel framework-agnostic — every SQL query references these mapped names instead of hardcoded values.
ESX mapping (default):
users
users
users_identifier
identifier
users_firstname
firstname
users_lastname
lastname
users_accounts
accounts (JSON: {"bank":X,"money":X,"black_money":X})
users_job
job
users_job_grade
job_grade
vehicles
owned_vehicles
licenses
user_licenses
societies
addon_account
QBCore / QBox mapping (default):
users
players
users_identifier
citizenid
users_firstname
charinfo (JSON field)
users_lastname
charinfo (JSON field)
users_accounts
money (JSON: {"bank":X,"cash":X,"crypto":X})
users_job
job (JSON field)
users_job_grade
job (embedded in job JSON)
vehicles
player_vehicles
licenses
player_licenses
societies
management_funds
See the full mapping in Configuration → Table Mapping.
Features
Core Management
Dashboard
Real-time server overview: player count, total economy, vehicles, houses, VIPs
User Management
View & edit player data, accounts, jobs, inventory, skins, and licenses
Vehicle Management
Search, view, remove, and send vehicles to garage
Society Manager
View all society/company funds and inventories
Housing
Property listing and owner management
Job Grades
Full job and grade structure viewer
License Management
Add and remove player licenses
Item Finder
Search who owns specific items across all inventories (ESX + OX Inventory)
Live Server
Real-time connected player list via FiveM public API
Advanced Operations
Character Kill (CK)
Complete character wipe — deletes across all mapped tables dynamically
Player Swap
Transfer all player data between identifiers (e.g., license migration)
Global Search
Search players by name, identifier, or any field from anywhere in the panel
Intelligence Suite
Economy Dashboard
Global economy stats, wealth distribution, top richest players
Business Analytics
Job rankings, society funds, activity health, abandoned businesses
Anomaly Detection
Automated alerts for extreme wealth, negative balances, suspicious patterns
Money Analytics
Historical money trends over time with Chart.js graphs (requires cron job)
Staff Activity
Staff action tracking, daily trends, hourly heatmaps, category breakdown
Administration
Audit Log
Complete staff action trail with 7 filters, pagination, CSV export, and auto-purge
Webhook System
Multi-endpoint webhooks with Discord embeds, Slack payloads, and generic JSON
Settings
Full dynamic configuration panel (no file editing needed for most settings)
Permissions
Granular per-role page and action permissions stored in database
Staff Management
Create, edit, and remove panel staff accounts
Profile
Personal account management with password changes
Visual Features
Inventory cards — Rich item rendering with labels, counts, and icons
Skin viewer — Grouped sections (Identity, Hair, Face, Makeup, Clothing, Damage) with 80+ friendly field names
Trunk/glovebox — Parse and display vehicle storage contents
Chart.js visualizations — Pie charts, bar charts, line graphs, and heatmaps throughout the panel
Requirements
Server Requirements
PHP
8.0+
8.1+
MySQL
5.7+
8.0+
MariaDB
10.3+
10.6+
Web Server
Apache 2.4+ / Nginx
Apache with mod_rewrite
Required PHP Extensions
pdo_mysql
Database connectivity
json
JSON parsing (accounts, inventory, skins)
mbstring
Multi-byte string handling
openssl
CSRF token generation
Most PHP installations include these extensions by default. On Linux, install them with:
Supported Environments
XAMPP (Windows) — Recommended for local/development setups
LAMP (Linux) — Apache + MySQL + PHP on Ubuntu/Debian/CentOS
Nginx + PHP-FPM — For advanced or production deployments
Docker — Any PHP 8.0+ image with MySQL access
Shared hosting — Any cPanel/Plesk host with PHP 8.0+ and MySQL
Installation
Method 1: Auto-Installer (Recommended)
The auto-installer is a guided wizard that handles everything for you.
Step 3 — Database connection
Enter your FiveM database credentials:
Host
MySQL server address
localhost or 127.0.0.1
Username
Database user
root
Password
Database password
(your password)
Database
Your FiveM database name
es_extended or qbcore
The installer will:
✅ Test the database connection
✅ Auto-detect your framework (ESX / QBCore)
✅ Show which panel tables already exist (if upgrading)
✅ Create all panel tables safely (
IF NOT EXISTS)✅ Generate
config.phpautomatically✅ Create your admin account
Method 2: Manual Installation
If you prefer to set up everything by hand:
Post-Installation Steps
Configure the FiveM API (for Live page)
To use the Live Server feature, you need your FiveM server's public API URL:
Find your server on servers.fivem.net
Copy your server ID from the URL
Set it in
config.php:
The Live page requires your server to be publicly listed on FiveM. Private servers won't have API data available.
Set up item labels (optional, for OX Inventory)
If your server uses ox_inventory, update the item database:
Export your server's items to JSON format
Replace
assets/data/ox_inv_items.jsonwith your item listThe format should be:
[{"name": "water", "label": "Water Bottle"}, ...]
This enables the panel to show friendly item names instead of internal identifiers.
Set up Analytics cron job (optional)
To track money trends over time, schedule the analytics cron:
Linux (crontab):
Windows (Task Scheduler):
Open Task Scheduler → Create Basic Task
Name:
XeX Panel AnalyticsTrigger: Daily, repeat every 6 hours
Action: Start a program
Program:
C:\xampp\php\php.exeArguments:
C:\xampp\htdocs\xex-panel\setup\cronjob_money_analytics.php
The cron job takes a snapshot of total bank, cash, and black money across all players and stores it for the Analytics charts. Without this cron, the Analytics page will be empty.
Configuration
All configuration is managed through config.php and the in-panel Settings page.
Application Mode
Database Connection
Framework Selection
Framework-Specific Table Mapping
The $DB_TABLES array maps abstract panel keys to your actual database structure. These are the defaults — modify only if your server uses non-standard table names.
Custom framework — How to configure
If your framework isn't ESX or QBCore, set $FRAMEWORK = "custom" and manually edit each key in the $DB_TABLES array to match your database. Tips:
Set any table to
nullto disable that feature (e.g.,'housing' => nullif you don't have a housing system)The
account_*keys must match the JSON keys inside your accounts/money columnThe
users_accountscolumn must be a JSON column containing at leastbankandcashkeysTest each page after configuration to verify data loads correctly
Panel Settings (in-panel)
Most settings can be changed directly from Settings → General without editing files:
Panel Name
Displayed in header and browser title
Admin Panel
Currency Symbol
Currency prefix for money displays
$
FiveM API URL
Your server's FiveM API endpoint
—
Session Timeout
Auto-logout after inactivity (seconds)
3600 (1 hour)
Cache TTL
Dashboard cache duration (seconds)
300 (5 minutes)
Max Login Attempts
Before temporary lockout
5
Login Lockout Time
Lockout duration (seconds)
900 (15 minutes)
Game Configuration (in-panel)
Under Settings → Game Config:
Account Labels
Rename bank/cash/black display labels
License Types
Define available license types (e.g., drive, weapon, pilot)
Job Configuration
Configure default job for CK/reset operations
Vehicle Job Filter
Filter vehicles by owner job in vehicle management
Economy Thresholds (in-panel)
Under Settings → Economy:
Anomaly Wealth Multiplier
Flag players with wealth > X× average
5
Cash Intensity Threshold
Flag players with > X% in cash/black
0.8 (80%)
Wealth Brackets
Define wealth distribution ranges for charts
Configurable
Display Limits (in-panel)
Top Richest Players
Number of players in Top Richest table
25
Top Jobs
Number of jobs in Economy job table
20
Anomaly Display Limit
Max anomalies shown per page
50
Panel Modules
Dashboard (home.php)
home.php)The dashboard provides a real-time overview of your server:
Player count — Total unique registered players
Economy totals — Total bank, cash, black money, and coins across all players
Vehicle count — Total registered vehicles
House count — Total properties (if housing is configured)
Society count — Total companies/factions
VIP count — Active premium accounts (if premium table is configured)
Data is cached for performance (configurable TTL).
Users (users.php → view-user.php)
users.php → view-user.php)Users list:
Paginated table with search and sort (DataTables)
Shows identifier, name, job, group for each player
Click any player to open their full profile
User detail view:
Personal data: Name, identifier, group, job & grade, pincode, created/last seen dates
Accounts: Bank, cash, black money, coins — editable with permission
Inventory: Full item list with labels, counts, and slot info (supports ESX JSON and OX inventory formats)
Skin/Appearance: Grouped into logical sections (Identity, Hair, Face, Makeup, Clothing, Damage) with friendly field names
Licenses: Full license list with remove capability
Vehicles: All owned vehicles with plates
Houses: Properties owned (if housing is configured)
OX Inventory: Player stash contents from ox_inventory
Trunk/Glovebox: Vehicle storage parsing
Notes: Staff notes on this player (Moderator+)
All editable fields require appropriate role permissions and are protected by CSRF tokens.
Vehicles (vehicles.php)
vehicles.php)Search vehicles by plate number
View vehicle owner information
Remove vehicles from the database
Send vehicles to the garage (update garage state)
Filter by job (configurable)
Societies (societies.php → view-societies.php)
societies.php → view-societies.php)List all societies/companies with fund balances
View detailed society info: funds, inventory, members
Supports ESX
addon_accountand QBCoremanagement_fundstables
Houses (houses.php)
houses.php)List all properties with owner information
Supports configurable housing tables (
loaf_properties,player_houses, or custom)Disabled automatically if
housingis set tonullin config
Item Finder (itemsFinder.php → search-items.php)
itemsFinder.php → search-items.php)Browse all available items from your item database
Search for a specific item to find which players own it
Searches across player inventories, OX inventory stashes, and datastores
Shows player name, quantity, and stash/slot location
Job Grades (grades.php)
grades.php)View all defined jobs and their grade structures
Displays grade names, labels, and salary values
Reads from the
job_gradestable
Live Server (live.php)
live.php)Real-time view of currently connected players
Pulls data from the FiveM public API
Shows player IDs, names, and identifiers
Requires
$API_FIVEM_URLto be configured
Character Kill (ck_user.php → makeck.php)
ck_user.php → makeck.php)Performs a complete character wipe by deleting player data across all mapped tables:
Player record from the users/players table
All owned vehicles
All licenses
Housing ownership
OX inventory data
Billing records
Datastore/stash data
Phone data
The CK system is framework-aware: it dynamically iterates through all tables defined in
$DB_TABLESand skips any that are set tonullor don't exist. No hardcoded table names.
Required role: Superadmin (configurable)
Player Swap (swaps.php → controllers/swap-controller.php)
swaps.php → controllers/swap-controller.php)Transfers all player data from one identifier to another. Useful for:
License migrations (player got a new Rockstar account)
Character transfers between accounts
Fixing duplicate/incorrect identifiers
The swap process:
Validates the old identifier exists
Performs a CK on the new identifier (cleans any existing data)
Updates the identifier across all mapped tables
Required role: Superadmin (configurable)
Analytics (analytics.php)
analytics.php)Historical money trends displayed with Chart.js line graphs
Tracks total bank, cash, and black money over time
Requires the cron job to collect data snapshots
Configurable snapshot frequency (recommended: every 6 hours)
Role & Permission System
Built-in Roles
The panel ships with 4 system roles that cannot be deleted:
Viewer
0
Gray
Read-only access to basic pages
Moderator
1
Green
Can view player details, manage licenses, add notes
Admin
2
Amber
Full player management, vehicles, CK, economy intelligence
Superadmin
3
Red
Everything — including settings, staff, permissions, webhooks
Custom Roles
Superadmins can create additional custom roles from the Permissions page:
Set a custom name, level, and color
Assign specific page and action permissions
Role level determines hierarchy (higher level = more authority)
Page Permissions
Controls which pages each role can access:
Dashboard
✅
✅
✅
✅
Live Server
✅
✅
✅
✅
Users List
✅
✅
✅
✅
User Detail
❌
✅
✅
✅
Societies
✅
✅
✅
✅
Society Detail
❌
✅
✅
✅
Houses
✅
✅
✅
✅
Items / Item Finder
✅
✅
✅
✅
Job Grades
✅
✅
✅
✅
Analytics
✅
✅
✅
✅
Vehicles
❌
❌
✅
✅
Licenses
❌
✅
✅
✅
Character Kill
❌
❌
✅
✅
Player Swap
❌
❌
✅
✅
Economy Intelligence
❌
❌
✅
✅
Business Analytics
❌
❌
✅
✅
Anomaly Detection
❌
❌
✅
✅
Staff Activity
❌
❌
✅
✅
Audit Log
❌
❌
✅
✅
Webhooks
❌
❌
❌
✅
Settings
❌
❌
❌
✅
Permissions
❌
❌
❌
✅
Action Permissions
Write operations are controlled separately from page access. Default configuration:
edit_user_data
Admin
Modify player personal data
edit_user_money
Admin
Modify player account balances
delete_job
Admin
Reset player job to unemployed
manage_vehicles
Admin
Remove/send vehicles
manage_licenses
Moderator
Add/remove player licenses
manage_notes
Moderator
Add/edit staff notes on players
character_kill
Superadmin
Perform character kill
swap_players
Superadmin
Swap player identifiers
create_staff
Superadmin
Create new panel accounts
remove_staff
Superadmin
Delete panel accounts
change_password
Moderator
Change own password
view_economy
Admin
Access Economy Intelligence page
view_anomalies
Admin
Access Anomaly Detection page
view_business
Admin
Access Business Analytics page
view_staff_activity
Admin
Access Staff Activity page
view_settings
Superadmin
Access Settings page
manage_permissions
Superadmin
Edit role permissions
All action permissions can be customized in config.php under $actionPermissions.
Webhook System
The webhook system allows the panel to send real-time notifications to external services whenever specific events occur.
Supported Formats
Discord
URL contains discord.com/api/webhooks
Rich embed with color, fields, author, footer, timestamp
Slack
URL contains hooks.slack.com
Attachment format with color, fields, pretext, footer
Generic JSON
Everything else
Standard JSON payload with event, data, and timestamp
Available Events (13)
user.money_changed
Player account balance modified
user.data_changed
Player personal data edited
user.license_added
License assigned to a player
user.license_swapped
Player identifier swapped
user.character_killed
Character kill performed
user.job_reset
Player job reset to default
vehicle.deleted
Vehicle removed from database
vehicle.sent_garage
Vehicle sent to garage
staff.created
New panel staff account created
staff.removed
Panel staff account deleted
staff.password_changed
Staff password changed
panel.login
Successful panel login
panel.login_failed
Failed login attempt
Setting Up a Webhook
Navigate to Webhooks in the sidebar
Click Create Webhook
Enter a name and the webhook URL
Select which events should trigger this webhook
Save and test with the Test button
You can create multiple webhooks pointing to different URLs with different event subscriptions — for example, one Discord channel for staff actions and another for security alerts.
Webhook Delivery Logs
Every webhook delivery is logged in the database with:
HTTP status code
Response body
Timestamp
Event that triggered it
View delivery history from the Webhooks page.
Audit & Compliance
Audit Log
Every staff action is recorded in the panel_audit_log table and can be viewed from the Audit Log page.
Recorded information:
Timestamp
Staff username and role
Action performed
Category (user, vehicle, staff, security, etc.)
Target (affected player/entity)
Details (what was changed)
IP address
User agent
Features:
7 filter options: Username, action, category, date range, IP, target
Pagination: 50 entries per page
Stats cards: Today's actions, this week, active staff, failed logins (24h)
CSV export: Download filtered results for external analysis
Log purge: Clean up old entries (Superadmin only)
Category icons: Visual distinction with colored icons per category
Discord Legacy Webhook
In addition to the modern webhook system, the panel supports a legacy Discord webhook in config.php:
This is separate from the multi-endpoint webhook system and will be deprecated in future versions. Use the in-panel webhook system instead.
Intelligence Suite
The Intelligence Suite provides advanced analytics and monitoring tools for server administrators.
Economy Dashboard (economy.php)
economy.php)Global stats: Total bank, cash, black money, average wealth, max wealth
Top 25 richest players with full wealth breakdown
Money distribution by job — see which jobs concentrate the most wealth
Wealth distribution brackets — configurable ranges (e.g., 0–10k, 10k–100k, etc.)
Anomaly quick-view — players with extreme wealth (>5× average)
Cash-heavy players — detect players with >80% in cash/black money
Chart.js visualizations — pie charts and bar graphs
Business Analytics (business-analytics.php)
business-analytics.php)Job rankings by total employees
Society fund balances across all factions
Activity health analysis — active (7d), semi-active (30d), inactive players per job
Abandoned business detection — jobs with zero recent activity
Unemployed player count
Grade distribution by job
Chart.js bar charts for visual comparison
Anomaly Detection (anomalies.php)
anomalies.php)Automated system that flags suspicious economic patterns:
Extreme wealth
Critical
Player wealth exceeds mean + 3 standard deviations
Negative balance
High
Player has negative bank, cash, or black money
Features:
Auto-generates alerts on page load
Severity levels: Critical, High, Medium, Low
Filterable by severity and type
Dismiss workflow (acknowledged alerts are hidden)
Stores alerts in
panel_anomaly_alertstableAuto-creates the table on first visit
Staff Activity (staff-activity.php)
staff-activity.php)Total actions in selected period
Active staff count and average actions per day
Daily activity line chart — trend over time
Category breakdown — pie chart showing action types
Hourly heatmap — when are staff most active
Staff ranking — leaderboard of most active admins
Most common actions — frequently performed operations
Date range selector: 7, 14, 30, 60, 90 days
Customization
Translations
All UI text is centralized in translations.php. Edit the $T_* variables to translate or customize any label:
The panel currently ships in English. You can translate all strings to any language by editing this file.
Theming
The panel uses CSS custom properties for easy theming. Edit style.css:
Adding Custom Tables to Monitoring
Add the table name to the appropriate key in
$DB_TABLESinconfig.phpSet any unused table to
nullto disable itBuild your PHP page reading from the new table using
getDB()for database access
Database Reference
Panel Tables (created by installer)
These tables are created in your FiveM database alongside your game tables. They use safe IF NOT EXISTS statements and can be re-run without risk.
superadmins
Panel staff accounts
username, password (bcrypt), email, role
analytics_money
Economy snapshots
date, value, money type
panel_audit_log
Staff action trail
timestamp, username, action, category, target, details, IP
panel_webhooks
Webhook configurations
name, URL, events (JSON), enabled
panel_webhook_logs
Webhook delivery history
webhook_id, event, payload, status_code, response
panel_roles
Role definitions
name, level, color, permissions (JSON)
panel_player_notes
Staff notes on players
player_id, note text, author, timestamp
panel_anomaly_alerts
Anomaly detection alerts
player, type, severity, details, dismissed
panel_settings
Dynamic configuration
key, value
FiveM Tables (read/modified by the panel)
These are your existing game tables. The panel never creates, drops, or alters them.
Players
users
players
Read / Write
Vehicles
owned_vehicles
player_vehicles
Read / Delete
Licenses
user_licenses
player_licenses
Read / Write / Delete
Societies
addon_account
management_funds
Read
Society Funds
addon_account_data
management_funds
Read
Job Grades
job_grades
job_grades
Read
Billing
billing
phone_invoices
Read / Delete (CK)
Datastores
datastore_data
stashitems
Read / Delete (CK)
OX Inventory
ox_inventory
ox_inventory
Read / Delete (CK)
Housing
loaf_properties
player_houses
Read / Delete (CK)
Phone
phone_phones
phone_phones
Read / Delete (CK)
Premium/VIP
user_premium
—
Read
File Structure
Troubleshooting
Common Issues
"Database connection error"
Wrong credentials or MySQL not running
Check $DDBB_HOST, $DDBB_USER, $DDBB_PASSWORD, $DATABASE_NAME in config.php. Ensure MySQL/MariaDB service is running.
Login page loops
$HOST doesn't match your URL path
If panel is at http://localhost/xex-panel/, set $HOST = "xex-panel". Clear browser cookies after changing.
Blank pages
PHP error hidden in production mode
Set $MODE = "development" in config.php to see errors. Check PHP error log.
Missing table errors
Panel tables not created
Run the installer at /install/ or manually import setup/schema.sql into your FiveM database.
"Invalid security token"
CSRF token expired (session timeout)
Log in again. Consider increasing session timeout in Settings.
Analytics page empty
No historical data collected
Set up the cron job (see Installation → Analytics cron job).
Live page shows nothing
FiveM API URL not configured or server is private
Set $API_FIVEM_URL in config.php. Server must be publicly listed on FiveM.
Items show internal names
Item label file not configured
Replace assets/data/ox_inv_items.json with your server's item database.
Housing page empty
Housing table not configured
Set housing to your housing table name in $DB_TABLES, or null to disable.
Installer blocked
Already installed
Delete install/installed.lock to re-run the installer.
Permissions not saving
Database permissions issue
Ensure the MySQL user has INSERT/UPDATE rights on the panel_roles table.
Debug Mode
To enable verbose error reporting:
⚠️ Never use development mode in production — it exposes file paths and error details.
Log Files
PHP errors: Check your web server's PHP error log (XAMPP:
C:\xampp\php\logs\php_error_log)Webhook delivery: View in Webhooks → Delivery Log or query
panel_webhook_logsLogin attempts: Stored in
cache/login_attempts.jsonAudit trail: View in Audit Log or query
panel_audit_log
Security
XeX Panel implements multiple layers of security:
Authentication & Sessions
Password hashing with bcrypt (
PASSWORD_DEFAULT) and automatic rehashForced password change on first login
Password strength policy: 8+ characters, uppercase + lowercase + number
Session regeneration on login
Secure cookie flags:
HttpOnly,SameSite=StrictConfigurable automatic session timeout (default: 1 hour)
IP-based login rate limiting (persistent, not session-based)
Request Protection
CSRF tokens on all forms with automatic rotation
POST-only for all state-changing operations (no GET-based mutations)
Prepared statements (PDO) for every database query
XSS protection via output escaping (
e(),attr(),json_encode()for JS contexts)SQL identifier validation for all
$DB_TABLESvalues
Access Control
Role-based page access control
Granular action permissions (read vs. write separation)
Self-deletion protection for admin accounts
No sensitive data exposed in URLs or HTML source
HTTP Security Headers
The panel sets the following headers automatically:
X-Frame-Options: DENY— Prevents clickjackingContent-Security-Policy— Restricts resource loadingX-Content-Type-Options: nosniff— Prevents MIME sniffingReferrer-Policy: strict-origin-when-cross-origin— Controls referrer leaksStrict-Transport-Security— Enforces HTTPS (when available)
File Protection
.htaccess rules block direct browser access to:
controllers/— POST-only backend handlersincludes/— Internal PHP librariessetup/— Installation filescache/— Runtime cache dataconfig.php— Database credentials
Production Recommendations
Always use HTTPS — Configure SSL/TLS on your web server
Restrict access — Place the panel behind a firewall, VPN, or IP whitelist
Use strong passwords — Enforce the builtin password policy for all staff
Monitor the audit log — Regularly review staff actions
Keep PHP updated — Use PHP 8.1+ for latest security patches
Set production mode — Ensure
$MODE = "production"at all timesBack up regularly — Schedule database backups including panel tables
Delete the installer — After installation, remove or protect the
install/folder
Changelog
v2.1.0
Intelligence Suite — Economy Dashboard, Business Analytics, Anomaly Detection, Staff Activity
Dynamic Settings — Full in-panel configuration (no file editing for most settings)
Granular Permissions — DB-backed per-role permissions engine with custom role creation
Webhook System — Multi-endpoint webhooks with Discord, Slack, and generic JSON support (13 events)
Player Notes — Staff-to-staff notes on player profiles
Advanced Audit Log — 7 filters, CSV export, stats cards, auto-purge
Wealth Brackets — Configurable wealth distribution ranges
Staff Activity Tracking — Heatmaps, trend charts, ranking, category breakdown
v2.0.0
Multi-framework support — ESX Legacy, QBCore, and custom framework table mapping
Role-based access control — 4 built-in roles with configurable page and action permissions
CSRF protection — All forms and state-changing requests
XSS protection — Output escaping on all user-generated data
Secure caching — JSON-based cache replacing insecure PHP serialization
Rate limiting — Login attempt throttling with configurable lockout
Modernized UI — Dark theme with Inter font family, CSS variables, responsive design
Updated dependencies — jQuery 3.7, DataTables 1.13, Font Awesome 6.5
Security hardening — Removed exposed password hashes, POST-only controllers, self-deletion protection, debug cleanup
Last updated