website fixes
This commit is contained in:
parent
2efbe27a03
commit
2347205469
13 changed files with 500 additions and 418 deletions
|
|
@ -1,3 +1,138 @@
|
|||
<?php
|
||||
// Silent renew endpoint: mark an existing order as 'renew' and redirect back.
|
||||
// This endpoint produces no visible output — it always redirects back to the referrer.
|
||||
|
||||
// Require login and configuration
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_name("gameservers_website");
|
||||
session_start();
|
||||
}
|
||||
require_once(__DIR__ . '/includes/config.inc.php');
|
||||
require_once(__DIR__ . '/includes/login_required.php');
|
||||
require_once(__DIR__ . '/includes/log.php');
|
||||
|
||||
// Connect to DB (use mysqli like other website modules)
|
||||
$db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
|
||||
if (!$db) {
|
||||
// fail silently and redirect back
|
||||
$back = $_SERVER['HTTP_REFERER'] ?? 'my_account.php';
|
||||
header('Location: ' . $back);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Resolve user id from session (same logic as other pages)
|
||||
$user_id = intval($_SESSION['website_user_id'] ?? $_SESSION['user_id'] ?? 0);
|
||||
if ($user_id <= 0 && isset($_SESSION['website_username']) && !empty($_SESSION['website_username'])) {
|
||||
$safe_uname = mysqli_real_escape_string($db, $_SESSION['website_username']);
|
||||
$qr = mysqli_query($db, "SELECT user_id FROM ogp_users WHERE users_login = '$safe_uname' LIMIT 1");
|
||||
if ($qr && mysqli_num_rows($qr) === 1) {
|
||||
$rr = mysqli_fetch_assoc($qr);
|
||||
$user_id = intval($rr['user_id'] ?? 0);
|
||||
if ($user_id > 0) {
|
||||
$_SESSION['website_user_id'] = $user_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Always accept order_id from GET (link-based) or POST (form)
|
||||
$order_id = intval($_REQUEST['order_id'] ?? 0);
|
||||
// Allow optional duration override via ?duration=year
|
||||
$duration = (isset($_REQUEST['duration']) && $_REQUEST['duration'] === 'year') ? 'year' : 'month';
|
||||
|
||||
$redirect_to = 'cart.php';
|
||||
|
||||
if ($order_id <= 0 || $user_id <= 0) {
|
||||
header('Location: ' . $redirect_to);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Fetch order and verify ownership
|
||||
$stmt = $db->prepare('SELECT order_id, user_id, service_id, qty, invoice_duration, price, home_id FROM ogp_billing_orders WHERE order_id = ? LIMIT 1');
|
||||
if (!$stmt) {
|
||||
header('Location: ' . $redirect_to);
|
||||
exit;
|
||||
}
|
||||
$stmt->bind_param('i', $order_id);
|
||||
$stmt->execute();
|
||||
$res = $stmt->get_result();
|
||||
if (!$res || $res->num_rows === 0) {
|
||||
$stmt->close();
|
||||
header('Location: ' . $redirect_to);
|
||||
exit;
|
||||
}
|
||||
$order = $res->fetch_assoc();
|
||||
$stmt->close();
|
||||
|
||||
if (intval($order['user_id']) !== intval($user_id)) {
|
||||
// Not the owner — silently redirect
|
||||
header('Location: ' . $redirect_to);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Determine price for selected duration by looking up service prices
|
||||
$service_id = intval($order['service_id'] ?? 0);
|
||||
$price_val = floatval($order['price'] ?? 0.0);
|
||||
if ($service_id > 0) {
|
||||
$sstmt = $db->prepare('SELECT price_monthly, price_year FROM ogp_billing_services WHERE service_id = ? LIMIT 1');
|
||||
if ($sstmt) {
|
||||
$sstmt->bind_param('i', $service_id);
|
||||
$sstmt->execute();
|
||||
$sres = $sstmt->get_result();
|
||||
if ($sres && $sres->num_rows > 0) {
|
||||
$srow = $sres->fetch_assoc();
|
||||
if ($duration === 'year' && !empty($srow['price_year']) && floatval($srow['price_year']) > 0) {
|
||||
$price_val = floatval($srow['price_year']);
|
||||
} else {
|
||||
$price_val = floatval($srow['price_monthly']);
|
||||
}
|
||||
}
|
||||
$sstmt->close();
|
||||
}
|
||||
}
|
||||
|
||||
// Update order: set status='renew', invoice_duration, qty, price
|
||||
$new_status = 'renew';
|
||||
$qty = 1;
|
||||
$price_formatted = number_format($price_val, 2, '.', '');
|
||||
$upd = $db->prepare('UPDATE ogp_billing_orders SET status = ?, invoice_duration = ?, qty = ?, price = ? WHERE order_id = ? AND user_id = ? LIMIT 1');
|
||||
if ($upd) {
|
||||
// types: status (s), invoice_duration (s), qty (i), price (d), order_id (i), user_id (i)
|
||||
$upd->bind_param('ssiddi', $new_status, $duration, $qty, $price_formatted, $order_id, $user_id);
|
||||
$ok = $upd->execute();
|
||||
$affected = $upd->affected_rows;
|
||||
$upd->close();
|
||||
if ($ok && $affected > 0) {
|
||||
// Insert a row into ogp_logger if table exists (best-effort)
|
||||
$client_ip = $_SERVER['REMOTE_ADDR'] ?? '';
|
||||
$msg = "USER-RENEW: User {$user_id} marked order {$order_id} as renew";
|
||||
// Try insert into ogp_logger table
|
||||
$escaped_msg = mysqli_real_escape_string($db, $msg);
|
||||
$escaped_ip = mysqli_real_escape_string($db, $client_ip);
|
||||
// Determine logger table name (best-effort). Try standard name then any table that ends with 'logger'.
|
||||
$logger_table = null;
|
||||
$check = mysqli_query($db, "SHOW TABLES LIKE 'ogp_logger'");
|
||||
if ($check && mysqli_num_rows($check) > 0) {
|
||||
$logger_table = 'ogp_logger';
|
||||
} else {
|
||||
$reslt = mysqli_query($db, "SHOW TABLES LIKE '%logger'");
|
||||
if ($reslt && mysqli_num_rows($reslt) > 0) {
|
||||
$row = mysqli_fetch_row($reslt);
|
||||
$logger_table = $row[0];
|
||||
}
|
||||
}
|
||||
if ($logger_table) {
|
||||
$dt = date('Y-m-d H:i:s');
|
||||
$ins = "INSERT INTO `" . $logger_table . "` (`date`, `user_id`, `ip`, `message`) VALUES ('{$dt}', " . intval($user_id) . ", '{$escaped_ip}', '{$escaped_msg}')";
|
||||
@mysqli_query($db, $ins);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Done — redirect back silently
|
||||
header('Location: ' . $redirect_to);
|
||||
exit;
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
|
@ -6,65 +141,41 @@
|
|||
<title>Renew Server - GameServers.World</title>
|
||||
</head>
|
||||
<body>
|
||||
<?php
|
||||
// Require login for this page
|
||||
require_once(__DIR__ . '/includes/login_required.php');
|
||||
|
||||
// Include database configuration
|
||||
require_once(__DIR__ . '/includes/config.inc.php');
|
||||
|
||||
// Create database connection
|
||||
$db = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
|
||||
if (!$db) {
|
||||
die("Connection failed: " . mysqli_connect_error());
|
||||
}
|
||||
|
||||
// Include top bar and menu
|
||||
include(__DIR__ . '/includes/top.php');
|
||||
include(__DIR__ . '/includes/menu.php');
|
||||
|
||||
// Get order ID from URL
|
||||
$order_id = isset($_GET['order_id']) ? intval($_GET['order_id']) : 0;
|
||||
$user_id = intval($_SESSION['website_user_id']);
|
||||
|
||||
if ($order_id === 0) {
|
||||
echo '<div class="site-panel"><p class="text-danger">Invalid order ID.</p></div>';
|
||||
include(__DIR__ . '/includes/footer.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Fetch order details
|
||||
$query = "SELECT o.*, bs.service_name, bs.price_monthly, bs.price_year
|
||||
FROM ogp_billing_orders o
|
||||
LEFT JOIN ogp_billing_services bs ON o.service_id = bs.service_id
|
||||
WHERE o.order_id = $order_id AND o.user_id = $user_id
|
||||
LIMIT 1";
|
||||
$result = mysqli_query($db, $query);
|
||||
|
||||
if (!$result || mysqli_num_rows($result) === 0) {
|
||||
echo '<div class="site-panel"><p class="text-danger">Order not found or you do not have permission to renew this server.</p></div>';
|
||||
mysqli_close($db);
|
||||
include(__DIR__ . '/includes/footer.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$order = mysqli_fetch_assoc($result);
|
||||
|
||||
// Process renewal
|
||||
// Process renewal: mark the existing order as a 'renew' so it appears in the cart
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['confirm_renewal'])) {
|
||||
$duration = isset($_POST['duration']) ? $_POST['duration'] : 'month';
|
||||
$price = ($duration === 'year') ? $order['price_year'] : $order['price_monthly'];
|
||||
|
||||
// Create a new order for renewal
|
||||
// In a real system, this would redirect to payment gateway
|
||||
// For now, we'll just show a message
|
||||
|
||||
$message = "Renewal initiated for " . htmlspecialchars($order['service_name']) . ". ";
|
||||
$message .= "Duration: " . ($duration === 'year' ? '1 year' : '1 month') . ". ";
|
||||
$message .= "Total: $" . number_format($price, 2) . ". ";
|
||||
$message .= "In a production system, you would be redirected to payment processing.";
|
||||
|
||||
echo '<div class="site-panel"><div class="alert alert-success">' . $message . '</div></div>';
|
||||
$invoice_duration = ($duration === 'year') ? 'year' : 'month';
|
||||
$qty = 1;
|
||||
|
||||
// Determine price based on duration (fall back to monthly if missing)
|
||||
$price = ($duration === 'year' && !empty($order['price_year']) && floatval($order['price_year']) > 0) ? floatval($order['price_year']) : floatval($order['price_monthly']);
|
||||
|
||||
// Prepare update to set this order into renew state
|
||||
if ($upd = $db->prepare("UPDATE ogp_billing_orders SET status = ?, invoice_duration = ?, qty = ?, price = ? WHERE order_id = ? AND user_id = ? LIMIT 1")) {
|
||||
$new_status = 'renew';
|
||||
$orderIdInt = intval($order_id);
|
||||
$userIdInt = intval($user_id);
|
||||
$price_val = number_format($price, 2, '.', '');
|
||||
$upd->bind_param('ssiids', $new_status, $invoice_duration, $qty, $price_val, $orderIdInt, $userIdInt);
|
||||
$ok = $upd->execute();
|
||||
$affected = $upd->affected_rows;
|
||||
$upd->close();
|
||||
if ($ok && $affected > 0) {
|
||||
// Log to panel logger that the order was marked for renewal
|
||||
if (isset($db) && method_exists($db, 'logger')) {
|
||||
$db->logger("USER-RENEW: User " . intval($userIdInt) . " marked order " . intval($orderIdInt) . " as renew");
|
||||
}
|
||||
// Successfully transitioned to renew — go to cart
|
||||
header('Location: cart.php');
|
||||
exit;
|
||||
} else {
|
||||
$err = mysqli_error($db);
|
||||
echo '<div class="site-panel"><div class="alert alert-danger">Failed to mark order for renewal: ' . htmlspecialchars($err) . '</div></div>';
|
||||
}
|
||||
} else {
|
||||
$err = mysqli_error($db);
|
||||
echo '<div class="site-panel"><div class="alert alert-danger">Failed to prepare renewal update: ' . htmlspecialchars($err) . '</div></div>';
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -73,27 +184,27 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['confirm_renewal'])) {
|
|||
<div class="site-panel-title">Renew Server</div>
|
||||
|
||||
<div class="panel" style="max-width:600px;margin:20px auto;">
|
||||
<h3 style="margin-bottom:20px;"><?php echo htmlspecialchars($order['service_name']); ?></h3>
|
||||
<h3><?php echo htmlspecialchars($order['service_name']); ?></h3>
|
||||
|
||||
<form method="POST" action="">
|
||||
<div class="form-group" style="margin-bottom:20px;">
|
||||
<label style="display:block;margin-bottom:10px;">
|
||||
<div class="form-group">
|
||||
<label>
|
||||
<input type="radio" name="duration" value="month" checked>
|
||||
1 Month - $<?php echo number_format($order['price_monthly'], 2); ?>
|
||||
</label>
|
||||
<?php if ($order['price_year'] > 0): ?>
|
||||
<label style="display:block;">
|
||||
<label>
|
||||
<input type="radio" name="duration" value="year">
|
||||
1 Year - $<?php echo number_format($order['price_year'], 2); ?>
|
||||
</label>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<button type="submit" name="confirm_renewal" class="btn-primary" style="padding:12px 24px;border-radius:8px;">
|
||||
<button type="submit" name="confirm_renewal" class="gsw-btn">
|
||||
Proceed to Payment
|
||||
</button>
|
||||
|
||||
<a href="my_servers.php" style="margin-left:20px;color:#667eea;">Cancel</a>
|
||||
<a href="my_servers.php" class="account-edit-summary" style="margin-left:20px;">Cancel</a>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -103,27 +214,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['confirm_renewal'])) {
|
|||
mysqli_close($db);
|
||||
?>
|
||||
|
||||
<style>
|
||||
.alert-success {
|
||||
background-color: #d1fae5;
|
||||
border: 1px solid #6ee7b7;
|
||||
color: #065f46;
|
||||
padding: 16px;
|
||||
border-radius: 8px;
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
.form-group label {
|
||||
cursor: pointer;
|
||||
padding: 12px;
|
||||
border: 2px solid #e1e8ed;
|
||||
border-radius: 8px;
|
||||
background: rgba(255,255,255,0.05);
|
||||
}
|
||||
.form-group label:hover {
|
||||
background: rgba(255,255,255,0.1);
|
||||
}
|
||||
</style>
|
||||
|
||||
</body>
|
||||
<?php include(__DIR__ . '/includes/footer.php'); ?>
|
||||
</html>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue