fix: harden billing module for standalone portability

- config_loader.php: prefer local billing config FIRST (root cause fix)
  - was: panel config loaded first, overriding local config with wrong db name
  - now: local modules/billing/includes/config.inc.php always wins when present
- config.inc.php: add $db_port="3306"
- config.example.php: new example config with all variables documented
- menu.php: add $db_port to mysqli_connect
- admin_auth.php: add $db_port; remove hardcoded /_website path detection
- bootstrap.php billing_get_db(): add $db_port
- login.php: fix /_website path detection
- adminserverlist.php: add $db_port; fix hardcoded /modules/billing/ URL
- All other mysqli_connect calls: add isset($db_port) port parameter
  (my_servers, forgot_password, serverlist, server_status, order, register,
   reset_password, payment_success, my_account, admin_invoices, admin_payments,
   diag_remote, admin_coupons, test_db_connection, tools/check_db_user,
   renew_server)
- timestamp.txt: updated

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/a3e1e4bb-8eb1-4e6e-b1f8-7f3952301231

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-05-02 13:15:50 +00:00 committed by GitHub
parent 834d56a506
commit 1247e5e7ca
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 105 additions and 70 deletions

View file

@ -4,17 +4,8 @@ require_once(__DIR__ . '/session_bridge.php');
// If not logged in, redirect to login
if (empty($_SESSION['website_user_id'])) {
// Build absolute login URL to avoid browser-relative resolution issues
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$siteRoot = '/';
$pos = strpos($script, '/_website');
if ($pos !== false) {
$siteRoot = substr($script, 0, $pos + strlen('/_website'));
} else {
$siteRoot = rtrim(dirname($script), '/\\');
}
$loginUrl = $siteRoot . '/login.php';
$returnTo = $siteRoot . '/' . basename($_SERVER['PHP_SELF']);
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
$returnTo = $_SERVER['SCRIPT_NAME'] ?? '/';
header('Location: ' . $loginUrl . '?return_to=' . urlencode($returnTo));
exit();
}
@ -29,15 +20,13 @@ require_once(__DIR__ . '/config_loader.php');
/** @var string $db_name Database name */
/** @var string $table_prefix Table prefix for database tables */
$auth_db_port = isset($db_port) ? (int)$db_port : null;
// Use a local connection variable so we don't clash with pages that also use $db
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name, $auth_db_port);
if (!$auth_db) {
// If DB unavailable, deny access gracefully
// Redirect to absolute login URL
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
header('Location: ' . $siteRoot . '/login.php');
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
header('Location: ' . $loginUrl);
exit();
}
@ -52,15 +41,10 @@ mysqli_close($auth_db);
if (strtolower($role) !== 'admin') {
// Not an admin — redirect to login or home
// Redirect to absolute login URL
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
header('Location: ' . $siteRoot . '/login.php');
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
header('Location: ' . $loginUrl);
exit();
}
// If we reach here, user is an admin
?>

View file

@ -0,0 +1,43 @@
<?php
###############################################
# Billing Website Configuration Example
#
# Copy this file to config.inc.php and fill in
# your actual settings.
# config.inc.php is excluded from version control.
#
# This file is used by modules/billing/ both as a
# standalone website and as a panel-integrated module.
# The billing module reads ONLY this file — it does NOT
# depend on the parent panel's includes/config.inc.php.
###############################################
# --- Database connection ---
$db_host = "localhost";
$db_port = "3306"; // MySQL port (default 3306)
$db_user = "your_db_user";
$db_pass = "your_db_password";
$db_name = "your_db_name"; // Panel database name (e.g. "gsp" or "panel")
$table_prefix = "gsp_"; // Table prefix used in the panel database
$db_type = "mysql";
# --- Site base URL ---
# Leave empty to use relative paths (works for any install path).
# Set to your full base URL (without trailing slash) if you need absolute URLs:
# e.g. "https://gameservers.world" or "http://173.208.136.11/testing/modules/billing"
$SITE_BASE_URL = '';
# --- Background image ---
# Relative to the billing site root.
$SITE_BACKGROUND = 'images/dark.jpg';
# --- Data directory ---
# Absolute path where payment webhook JSON files are stored.
# Default: modules/billing/data/
$SITE_DATA_DIR = realpath(__DIR__ . '/..') . DIRECTORY_SEPARATOR . 'data';
# --- PayPal settings ---
$paypal_sandbox = true; // Set to false for live payments
$paypal_client_id = ''; // Your PayPal Client ID
$paypal_client_secret = ''; // Your PayPal Client Secret
$paypal_webhook_id = ''; // Your PayPal Webhook ID (for webhook signature verification)

View file

@ -8,6 +8,7 @@
# database configuration in includes/config.inc.php
###############################################
$db_host="localhost";
$db_port="3306";
$db_user="localuser";
$db_pass="Pkloyn7yvpht!";
$db_name="panel";

View file

@ -2,27 +2,44 @@
/**
* Billing config loader
*
* Attempts to load the main panel config file first (../includes/config.inc.php).
* If that file is not readable, falls back to a module-local config.inc.php copy.
* When neither file exists, output a plain-text error and stop execution so that
* the admin knows to copy the config locally.
* Priority order (standalone-first):
* 1. modules/billing/includes/config.inc.php (local billing config always wins when present)
* 2. <panel_root>/includes/config.inc.php (panel config fallback when no local config)
*
* This ensures that copying modules/billing/ to any web root works correctly
* after editing its own config.inc.php, without being overridden by a parent
* panel installation that may have a different database name.
*/
if (defined('BILLING_CONFIG_LOADED')) {
return;
}
$localConfig = __DIR__ . '/config.inc.php';
$attempted = [];
// Always prefer the local billing config so the module is self-contained.
if (is_readable($localConfig)) {
$attempted[] = $localConfig;
require_once $localConfig;
if (!defined('BILLING_CONFIG_PATH')) {
define('BILLING_CONFIG_PATH', $localConfig);
}
define('BILLING_CONFIG_LOADED', true);
return;
}
$attempted[] = $localConfig;
// Fallback: try to load the panel's config (useful when running embedded inside the panel
// and no local copy has been made yet).
$panelConfig = null;
$projectRoot = realpath(__DIR__ . '/../../..');
if ($projectRoot !== false) {
$panelConfig = $projectRoot . '/includes/config.inc.php';
} else {
// Fallback relative path without resolving symlinks
$panelConfig = __DIR__ . '/../../..' . '/includes/config.inc.php';
}
$localConfig = __DIR__ . '/config.inc.php';
$attempted = [];
if ($panelConfig && is_readable($panelConfig)) {
$attempted[] = $panelConfig;
require_once $panelConfig;
@ -34,17 +51,6 @@ if ($panelConfig && is_readable($panelConfig)) {
}
$attempted[] = $panelConfig;
if (is_readable($localConfig)) {
$attempted[] = $localConfig;
require_once $localConfig;
if (!defined('BILLING_CONFIG_PATH')) {
define('BILLING_CONFIG_PATH', $localConfig);
}
define('BILLING_CONFIG_LOADED', true);
return;
}
$attempted[] = $localConfig;
$message = "GSP Billing module cannot find config.inc.php.\n";
$message .= "Looked in:\n";

View file

@ -58,7 +58,8 @@ if ($is_logged_in) {
if (isset($db) && $db instanceof mysqli) {
$menu_db = $db;
} else {
$menu_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
$menu_db_port = isset($db_port) ? (int)$db_port : null;
$menu_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name, $menu_db_port);
$menu_db_opened = true;
}