feat: move panel update UI to Update module, add backup-only button & DB logging, fix password input exposure

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/a08c8b94-1b12-4eec-86c6-770cb435bb06

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-05-01 21:34:49 +00:00 committed by GitHub
parent 98264975c0
commit 1a7502952c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 164 additions and 29 deletions

View file

@ -16,11 +16,11 @@
*/
// Panel root is two directories up from this file (modules/administration/panel_update.php)
define('GSP_PANEL_DIR', realpath(dirname(__FILE__) . '/../../'));
define('GSP_BACKUP_BASE', GSP_PANEL_DIR . '/backups');
define('GSP_UPDATE_LOG', GSP_PANEL_DIR . '/logs/panel_updates.log');
define('GSP_VERSION_FILE', GSP_PANEL_DIR . '/includes/panel_version.php');
define('GSP_VERSION_JSON', GSP_PANEL_DIR . '/version.json');
defined('GSP_PANEL_DIR') || define('GSP_PANEL_DIR', realpath(dirname(__FILE__) . '/../../'));
defined('GSP_BACKUP_BASE') || define('GSP_BACKUP_BASE', GSP_PANEL_DIR . '/backups');
defined('GSP_UPDATE_LOG') || define('GSP_UPDATE_LOG', GSP_PANEL_DIR . '/logs/panel_updates.log');
defined('GSP_VERSION_FILE') || define('GSP_VERSION_FILE', GSP_PANEL_DIR . '/includes/panel_version.php');
defined('GSP_VERSION_JSON') || define('GSP_VERSION_JSON', GSP_PANEL_DIR . '/version.json');
// ---------------------------------------------------------------------------
// Helper: write a line to the panel update log
@ -35,6 +35,35 @@ function gsp_update_log($message)
@file_put_contents(GSP_UPDATE_LOG, $line, FILE_APPEND | LOCK_EX);
}
// ---------------------------------------------------------------------------
// Helper: insert a row into gsp_panel_update_log (silently skips on failure)
// ---------------------------------------------------------------------------
function gsp_log_update_to_db($channel, $branch, $status, $message, $backup_path = null, $db_backup_path = null, $file_backup_path = null, $started_at = null, $finished_at = null)
{
global $db;
if (!isset($db) || !is_object($db)) {
return;
}
if ($started_at === null) {
$started_at = date('Y-m-d H:i:s');
}
$channel = $db->real_escape_string((string) $channel);
$branch = $branch !== null ? "'" . $db->real_escape_string((string) $branch) . "'" : 'NULL';
$status = $db->real_escape_string((string) $status);
$message_esc = $message !== null ? "'" . $db->real_escape_string((string) $message) . "'" : 'NULL';
$backup_path_esc = $backup_path !== null ? "'" . $db->real_escape_string((string) $backup_path) . "'" : 'NULL';
$db_backup_esc = $db_backup_path !== null ? "'" . $db->real_escape_string((string) $db_backup_path) . "'" : 'NULL';
$file_backup_esc = $file_backup_path !== null ? "'" . $db->real_escape_string((string) $file_backup_path) . "'" : 'NULL';
$started_esc = "'" . $db->real_escape_string($started_at) . "'";
$finished_esc = $finished_at !== null ? "'" . $db->real_escape_string((string) $finished_at) . "'" : 'NULL';
$db->query(
"INSERT INTO OGP_DB_PREFIXpanel_update_log"
. " (channel, branch, status, message, backup_path, db_backup_path, file_backup_path, started_at, finished_at)"
. " VALUES ('{$channel}', {$branch}, '{$status}', {$message_esc},"
. " {$backup_path_esc}, {$db_backup_esc}, {$file_backup_esc}, {$started_esc}, {$finished_esc})"
);
}
// ---------------------------------------------------------------------------
// Helper: read the installed version / branch from panel_version.php
// ---------------------------------------------------------------------------
@ -836,7 +865,7 @@ function gsp_do_update($repo_owner, $repo_name, $ref, $update_type)
}
gsp_update_log("Update to {$ref} (type={$update_type}) complete");
return ['success' => true, 'files_copied' => $files_copied];
return ['success' => true, 'files_copied' => $files_copied, 'backup_dir' => $backup['backup_dir']];
}
// ---------------------------------------------------------------------------
@ -1004,26 +1033,69 @@ function gsp_panel_update_section()
$user_label = htmlspecialchars($_SESSION['users_login'])
. ' (IP: ' . htmlspecialchars($_SERVER['REMOTE_ADDR']) . ')';
if ($action === 'update_release') {
if ($action === 'backup_only') {
$started_at = date('Y-m-d H:i:s');
$result = gsp_create_full_backup('backup-only', 'manual');
$finished_at = date('Y-m-d H:i:s');
if ($result['success']) {
$bk_dir = htmlspecialchars($result['backup_dir']);
print_success('Backup created successfully at <code>' . $bk_dir . '</code>.');
gsp_update_log("Admin {$user_label} created manual backup at {$result['backup_dir']}");
gsp_log_update_to_db(
'backup-only', null, 'success',
'Manual backup by ' . $_SESSION['users_login'],
$result['backup_dir'],
$result['backup_dir'] . '/database.sql',
$result['backup_dir'] . '/panel-files.tar.gz',
$started_at, $finished_at
);
} else {
print_failure('Backup failed: ' . htmlspecialchars($result['error']));
gsp_update_log("Admin {$user_label} manual backup FAILED: {$result['error']}");
gsp_log_update_to_db(
'backup-only', null, 'failed',
'Manual backup failed: ' . $result['error'],
null, null, null, $started_at, $finished_at
);
}
} elseif ($action === 'update_release') {
$version = isset($_POST['gsp_release_version']) ? trim($_POST['gsp_release_version']) : '';
if (!preg_match('/^[a-zA-Z0-9._\-]+$/', $version) || strlen($version) > 80) {
print_failure('Invalid release tag selected.');
} else {
$started_at = date('Y-m-d H:i:s');
$result = gsp_do_update($repo_owner, $repo_name, $version, 'release');
$finished_at = date('Y-m-d H:i:s');
if ($result['success']) {
print_success(
'Panel updated to release <strong>' . htmlspecialchars($version) . '</strong>. '
. intval($result['files_copied']) . ' file(s) updated. Source: <strong>GitHub Releases</strong>'
);
gsp_update_log("Admin {$user_label} updated panel to release {$version}");
gsp_log_update_to_db(
'release', $version, 'success',
'Updated to release ' . $version . ' by ' . $_SESSION['users_login'],
$result['backup_dir'] ?? null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/database.sql' : null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/panel-files.tar.gz': null,
$started_at, $finished_at
);
} else {
print_failure('Update failed: ' . htmlspecialchars($result['error']));
gsp_update_log("Admin {$user_label} update to release {$version} FAILED: {$result['error']}");
gsp_log_update_to_db(
'release', $version, 'failed',
'Update to release ' . $version . ' failed: ' . $result['error'],
null, null, null, $started_at, $finished_at
);
}
}
} elseif ($action === 'update_stable') {
$started_at = date('Y-m-d H:i:s');
$result = gsp_do_update($repo_owner, $repo_name, $stable_branch, 'development');
$finished_at = date('Y-m-d H:i:s');
if ($result['success']) {
print_success(
'Panel updated to development version (<strong>' . htmlspecialchars($stable_branch) . '</strong>). '
@ -1031,13 +1103,28 @@ function gsp_panel_update_section()
. htmlspecialchars($stable_branch) . '</strong>'
);
gsp_update_log("Admin {$user_label} updated panel to stable branch {$stable_branch}");
gsp_log_update_to_db(
'development', $stable_branch, 'success',
'Updated to stable branch ' . $stable_branch . ' by ' . $_SESSION['users_login'],
$result['backup_dir'] ?? null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/database.sql' : null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/panel-files.tar.gz': null,
$started_at, $finished_at
);
} else {
print_failure('Update failed: ' . htmlspecialchars($result['error']));
gsp_update_log("Admin {$user_label} update to stable branch {$stable_branch} FAILED: {$result['error']}");
gsp_log_update_to_db(
'development', $stable_branch, 'failed',
'Update to stable branch ' . $stable_branch . ' failed: ' . $result['error'],
null, null, null, $started_at, $finished_at
);
}
} elseif ($action === 'update_unstable') {
$started_at = date('Y-m-d H:i:s');
$result = gsp_do_update($repo_owner, $repo_name, $unstable_branch, 'cutting-edge');
$finished_at = date('Y-m-d H:i:s');
if ($result['success']) {
print_success(
'Panel updated to cutting edge version (<strong>' . htmlspecialchars($unstable_branch) . '</strong>). '
@ -1045,9 +1132,22 @@ function gsp_panel_update_section()
. htmlspecialchars($unstable_branch) . '</strong>'
);
gsp_update_log("Admin {$user_label} updated panel to unstable branch {$unstable_branch}");
gsp_log_update_to_db(
'cutting-edge', $unstable_branch, 'success',
'Updated to cutting-edge branch ' . $unstable_branch . ' by ' . $_SESSION['users_login'],
$result['backup_dir'] ?? null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/database.sql' : null,
isset($result['backup_dir']) ? $result['backup_dir'] . '/panel-files.tar.gz': null,
$started_at, $finished_at
);
} else {
print_failure('Update failed: ' . htmlspecialchars($result['error']));
gsp_update_log("Admin {$user_label} update to unstable branch {$unstable_branch} FAILED: {$result['error']}");
gsp_log_update_to_db(
'cutting-edge', $unstable_branch, 'failed',
'Update to cutting-edge branch ' . $unstable_branch . ' failed: ' . $result['error'],
null, null, null, $started_at, $finished_at
);
}
} elseif ($action === 'revert') {
@ -1055,16 +1155,31 @@ function gsp_panel_update_section()
if (!preg_match('/^\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}$/', $backup_ts)) {
print_failure('Invalid backup timestamp selected.');
} else {
$started_at = date('Y-m-d H:i:s');
$result = gsp_do_revert($backup_ts);
$finished_at = date('Y-m-d H:i:s');
if ($result['success']) {
print_success(
'Panel reverted to backup from <strong>' . htmlspecialchars($backup_ts) . '</strong>. '
. intval($result['files_restored']) . ' file(s) restored.'
);
gsp_update_log("Admin {$user_label} reverted panel to backup {$backup_ts}");
gsp_log_update_to_db(
'revert', $backup_ts, 'success',
'Reverted to backup ' . $backup_ts . ' by ' . $_SESSION['users_login'],
GSP_BACKUP_BASE . '/' . $backup_ts,
GSP_BACKUP_BASE . '/' . $backup_ts . '/database.sql',
GSP_BACKUP_BASE . '/' . $backup_ts . '/panel-files.tar.gz',
$started_at, $finished_at
);
} else {
print_failure('Revert failed: ' . htmlspecialchars($result['error']));
gsp_update_log("Admin {$user_label} revert to backup {$backup_ts} FAILED: {$result['error']}");
gsp_log_update_to_db(
'revert', $backup_ts, 'failed',
'Revert to backup ' . $backup_ts . ' failed: ' . $result['error'],
null, null, null, $started_at, $finished_at
);
}
}
}
@ -1130,6 +1245,20 @@ function gsp_panel_update_section()
}
echo "</table>\n<br>\n";
// ---- Backup Only --------------------------------------------------------
echo "<h3>Create Backup</h3>\n";
echo "<form method='POST'>\n";
echo "<input type='hidden' name='gsp_update_action' value='backup_only'>\n";
echo "<input type='hidden' name='gsp_update_csrf' value='" . htmlspecialchars($csrf_token) . "'>\n";
echo "<button type='submit'"
. " onclick='return confirm(\"Create a backup of panel files and the database now (no update). Continue?\");'>"
. "Create Backup Now</button>\n";
echo "<span style='margin-left:10px;color:#666;'>Saves to: <code>"
. htmlspecialchars(GSP_BACKUP_BASE) . "</code></span>\n";
echo "</form>\n";
echo "<br>\n";
// ---- Numbered Releases --------------------------------------------------
echo "<h3>Numbered Releases</h3>\n";
if (is_array($releases) && !empty($releases)) {