Improve local password dialogs and add configurable online users footer panel

[guerricv]

Summary

This PR groups two UX-oriented improvements around user management and session visibility:

• improve local user password dialogs during user creation and administrator password reset,
• add a footer online-users panel with an admin setting controlling whether authenticated users can see the connected users list or only the online count.

Why

The first change makes generated passwords easier to handle and fixes a few inconsistencies in the administrator password reset flow.

The second change improves the footer online-users indicator by aligning it with the dashboard logic and by offering a lightweight connected-users panel. Because exposing the list of connected users can be considered sensitive information, this visibility is now controlled by an administrator setting.

Main changes

1. Local user password dialogs

• Added a copy-to-clipboard button to generated password dialogs.
• Covered both:
  • local user creation,
  • administrator-triggered local password reset.
• Switched clipboard handling to delegated event binding so dynamically injected modal buttons work reliably.
• Fixed the “show user password” checkbox behavior in the admin reset dialog.
• Set the “show user password” checkbox to unchecked by default in the admin reset flow.

2. Footer online users panel

• Added a floating footer panel opened from the bottom-left users icon.
• Aligned the footer online counter behavior with the dashboard online-users logic.
• Kept the footer icon itself lightweight while loading the detailed list only when needed.
• Improved visual integration:
  • the panel opens above the footer icon,
  • it can overflow outside the sidebar column for better readability,
  • the footer icons remain pinned at the bottom as before.
• Removed the dedicated close button from the panel since normal navigation already closes it.
• Ensured the tooltip is hidden when the panel is opened.
• Reduced row height to better handle larger numbers of connected users.
• Limited the visible list height to about 10 users before scrolling is required.

3. New administrator setting for online users visibility

• Added a new option in Options > Users.
• When enabled:
  • authenticated users can open the footer panel and see the connected users list.
• When disabled:
  • the footer still shows the online count in the tooltip,
  • but the detailed users list is not exposed.
• The default behavior remains conservative: count-only unless the administrator explicitly enables list visibility.

Security considerations

Showing the full list of connected users to every authenticated user may not be desirable in all environments. This PR therefore introduces an explicit administrator-controlled setting so each instance can decide whether that information should be exposed.

Implementation details

• includes/core/load.js.php
  • delegated clipboard handling for modal content,
  • footer online-users panel behavior,
  • tooltip hiding on open,
  • panel compact rendering and scrolling behavior.
• sources/users.js.php
  • copy button integration in local user password dialogs,
  • show-password checkbox behavior fixes in admin reset flows.
• index.php
  • footer online-users panel markup and final positioning integration.
• pages/admin.js.php
  • dashboard-side online users refresh integration.
• sources/main.queries.php
  • shared query endpoint for footer online users data.
• pages/options.php
  • new Users setting controlling connected-users list visibility.
• sources/admin.queries.php
  • setting persistence / option-save integration.
• includes/language/english.php and includes/language/french.php
  • new language entries for the online-users visibility setting and related messages.

Files changed

• includes/core/load.js.php
• sources/users.js.php
• index.php
• pages/admin.js.php
• sources/main.queries.php
• pages/options.php
• sources/admin.queries.php
• includes/language/english.php
• includes/language/french.php

Testing

• Tested local user creation flow.
• Tested administrator local password reset flow.
• Tested generated password copy buttons in modal dialogs.
• Verified the “show user password” checkbox behavior is now consistent and unchecked by default.
• Tested footer online-users tooltip and panel opening behavior.
• Verified the tooltip is no longer left visible when opening the panel.
• Verified the panel closes naturally during navigation without requiring a dedicated close button.
• Tested compact display and scrolling behavior with the footer panel.
• Verified no PHP or JavaScript errors were observed during testing.

Notes

This remains intentionally lightweight on the UI side:

• no heavy table component was introduced for the connected-users list,
• the footer panel stays compact,
• and visibility of the detailed list is explicitly configurable per instance.

[guerricv]

Small follow-up update on top of the initial implementation:

• removed the user login displayed under the full name in the online users popup, as it was not needed in this context,
• added avatar support in the popup by reusing the existing user avatar mechanism,
• kept the default TeamPass fallback image when no avatar is defined for a user.

This keeps the popup cleaner and more user-friendly while staying consistent with the existing profile/avatar behavior already used elsewhere in TeamPass.