fix: harden billing module for standalone portability
- config_loader.php: prefer local billing config FIRST (root cause fix) - was: panel config loaded first, overriding local config with wrong db name - now: local modules/billing/includes/config.inc.php always wins when present - config.inc.php: add $db_port="3306" - config.example.php: new example config with all variables documented - menu.php: add $db_port to mysqli_connect - admin_auth.php: add $db_port; remove hardcoded /_website path detection - bootstrap.php billing_get_db(): add $db_port - login.php: fix /_website path detection - adminserverlist.php: add $db_port; fix hardcoded /modules/billing/ URL - All other mysqli_connect calls: add isset($db_port) port parameter (my_servers, forgot_password, serverlist, server_status, order, register, reset_password, payment_success, my_account, admin_invoices, admin_payments, diag_remote, admin_coupons, test_db_connection, tools/check_db_user, renew_server) - timestamp.txt: updated Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/a3e1e4bb-8eb1-4e6e-b1f8-7f3952301231 Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
GitHub
parent
834d56a506
commit
1247e5e7ca
25 changed files with 105 additions and 70 deletions
|
|
@ -4,17 +4,8 @@ require_once(__DIR__ . '/session_bridge.php');
|
|||
|
||||
// If not logged in, redirect to login
|
||||
if (empty($_SESSION['website_user_id'])) {
|
||||
// Build absolute login URL to avoid browser-relative resolution issues
|
||||
$script = $_SERVER['SCRIPT_NAME'] ?? '';
|
||||
$siteRoot = '/';
|
||||
$pos = strpos($script, '/_website');
|
||||
if ($pos !== false) {
|
||||
$siteRoot = substr($script, 0, $pos + strlen('/_website'));
|
||||
} else {
|
||||
$siteRoot = rtrim(dirname($script), '/\\');
|
||||
}
|
||||
$loginUrl = $siteRoot . '/login.php';
|
||||
$returnTo = $siteRoot . '/' . basename($_SERVER['PHP_SELF']);
|
||||
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
|
||||
$returnTo = $_SERVER['SCRIPT_NAME'] ?? '/';
|
||||
header('Location: ' . $loginUrl . '?return_to=' . urlencode($returnTo));
|
||||
exit();
|
||||
}
|
||||
|
|
@ -29,15 +20,13 @@ require_once(__DIR__ . '/config_loader.php');
|
|||
/** @var string $db_name Database name */
|
||||
/** @var string $table_prefix Table prefix for database tables */
|
||||
|
||||
$auth_db_port = isset($db_port) ? (int)$db_port : null;
|
||||
// Use a local connection variable so we don't clash with pages that also use $db
|
||||
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
|
||||
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name, $auth_db_port);
|
||||
if (!$auth_db) {
|
||||
// If DB unavailable, deny access gracefully
|
||||
// Redirect to absolute login URL
|
||||
$script = $_SERVER['SCRIPT_NAME'] ?? '';
|
||||
$pos = strpos($script, '/_website');
|
||||
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
|
||||
header('Location: ' . $siteRoot . '/login.php');
|
||||
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
|
||||
header('Location: ' . $loginUrl);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
@ -52,15 +41,10 @@ mysqli_close($auth_db);
|
|||
|
||||
if (strtolower($role) !== 'admin') {
|
||||
// Not an admin — redirect to login or home
|
||||
// Redirect to absolute login URL
|
||||
$script = $_SERVER['SCRIPT_NAME'] ?? '';
|
||||
$pos = strpos($script, '/_website');
|
||||
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
|
||||
header('Location: ' . $siteRoot . '/login.php');
|
||||
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
|
||||
header('Location: ' . $loginUrl);
|
||||
exit();
|
||||
}
|
||||
|
||||
// If we reach here, user is an admin
|
||||
?>
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue