website fix

This commit is contained in:
Frank Harris 2025-10-22 10:03:37 -04:00
parent e14794bc59
commit 309d08497b
58 changed files with 1690 additions and 363 deletions

View file

@ -0,0 +1,60 @@
<?php
// Admin authorization include — include early (before output) on admin pages
if (session_status() === PHP_SESSION_NONE) {
session_name("gameservers_website");
session_start();
}
// If not logged in, redirect to login
if (empty($_SESSION['website_user_id'])) {
// Build absolute login URL to avoid browser-relative resolution issues
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$siteRoot = '/';
$pos = strpos($script, '/_website');
if ($pos !== false) {
$siteRoot = substr($script, 0, $pos + strlen('/_website'));
} else {
$siteRoot = rtrim(dirname($script), '/\\');
}
$loginUrl = $siteRoot . '/login.php';
$returnTo = $siteRoot . '/' . basename($_SERVER['PHP_SELF']);
header('Location: ' . $loginUrl . '?return_to=' . urlencode($returnTo));
exit();
}
// Require DB config and check role live from panel DB
require_once(__DIR__ . '/config.inc.php');
// Use a local connection variable so we don't clash with pages that also use $db
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if (!$auth_db) {
// If DB unavailable, deny access gracefully
// Redirect to absolute login URL
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
header('Location: ' . $siteRoot . '/login.php');
exit();
}
$uid = intval($_SESSION['website_user_id']);
$role = '';
$res = mysqli_query($auth_db, "SELECT users_role FROM ogp_users WHERE user_id = $uid LIMIT 1");
if ($res && mysqli_num_rows($res) === 1) {
$row = mysqli_fetch_assoc($res);
$role = (string)($row['users_role'] ?? '');
}
mysqli_close($auth_db);
if (strtolower($role) !== 'admin') {
// Not an admin — redirect to login or home
// Redirect to absolute login URL
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
header('Location: ' . $siteRoot . '/login.php');
exit();
}
// If we reach here, user is an admin
?>

View file

@ -0,0 +1,22 @@
<?php
// Helper to read cart items stored in session and return count
// Non-invasive: reads $_SESSION['cart'] if present and returns total quantity or items count
if (session_status() === PHP_SESSION_NONE) {
@session_start();
}
function get_cart_count() {
if (!isset($_SESSION['cart']) || !is_array($_SESSION['cart'])) {
return 0;
}
$count = 0;
foreach ($_SESSION['cart'] as $item) {
if (is_array($item) && isset($item['quantity'])) {
$count += (int) $item['quantity'];
} else {
$count += 1;
}
}
return $count;
}

View file

@ -13,4 +13,20 @@ $db_pass="Pkloyn7yvpht!";
$db_name="panel";
$table_prefix="ogp_";
$db_type="mysql";
// Optional: base URL used by admin pages to build absolute image previews.
// Leave empty to prefer relative paths (local folder).
// To enable production base URL, uncomment and set it to your site, e.g.:
// $SITE_BASE_URL = 'https://gameservers.world/';
$SITE_BASE_URL = '';
// Normalize: ensure either empty or ends without trailing slash (we use join_base to handle joining)
$SITE_BASE_URL = trim((string)$SITE_BASE_URL);
// Site-wide background image (relative to site root). Change to your preferred background.
$SITE_BACKGROUND = 'images/dark.jpg';
// Normalize
$SITE_BACKGROUND = trim((string)$SITE_BACKGROUND);
// Data directory for persisted payment webhook JSON files (relative to repo root)
$SITE_DATA_DIR = realpath(__DIR__ . '/..') . DIRECTORY_SEPARATOR . 'data';
?>

View file

@ -0,0 +1,8 @@
<?php
// Simple footer include
?>
<footer class="gsw-footer">
<div class="container-wide">
<a href="privacy.php">Privacy</a> | <a href="tos.php">TOS</a> | <a href="https://worlddomination.dev" target="_blank" rel="noopener">Worlddomination.dev</a>
</div>
</footer>

View file

@ -0,0 +1,19 @@
<?php
if (session_status() === PHP_SESSION_NONE) {
session_name("gameservers_website");
session_start();
}
if (empty($_SESSION['website_user_id'])) {
// Build return_to pointing to current script + query and force absolute login URL
// Use raw REQUEST_URI (already absolute) and urlencode once when passing to login
$requestUri = $_SERVER['REQUEST_URI'] ?? '/index.php';
// Determine site root (prefer up to /_website)
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
$loginUrl = $siteRoot . '/login.php';
header('Location: ' . $loginUrl . '?return_to=' . urlencode($requestUri));
exit();
}
?>

View file

@ -13,43 +13,84 @@ if (session_status() === PHP_SESSION_NONE) {
// Check login status
$is_logged_in = isset($_SESSION['website_user_id']) && !empty($_SESSION['website_user_id']);
$username = $is_logged_in ? htmlspecialchars($_SESSION['website_username']) : '';
?>
<style>
.gsw-header{display:flex;justify-content:space-between;align-items:center;padding:16px 24px;background:rgba(102, 126, 234, 0.95);backdrop-filter:blur(10px);margin-bottom:20px;box-shadow:0 2px 4px rgba(0,0,0,0.1);}
.gsw-header-left{font-weight:700;font-size:1.2rem;color:#fff;}
.gsw-header-left a{color:#fff;text-decoration:none;}
.gsw-header-nav{display:flex;gap:20px;align-items:center;}
.gsw-nav-link{color:#fff;text-decoration:none;font-size:0.95rem;transition:opacity 0.2s;}
.gsw-nav-link:hover{opacity:0.8;text-decoration:underline;}
.gsw-header-right{display:flex;gap:12px;align-items:center;}
.gsw-user-info{color:#fff;font-size:0.95rem;}
.gsw-header-btn{padding:8px 16px;background:#fff;color:#667eea;border-radius:6px;text-decoration:none;font-weight:600;transition:transform 0.2s;}
.gsw-header-btn:hover{transform:translateY(-2px);}
@media(max-width:768px){
.gsw-header{flex-direction:column;gap:12px;}
.gsw-header-nav{flex-wrap:wrap;justify-content:center;}
// Determine if the logged-in user is an admin by checking the panel DB
$is_admin = false;
if ($is_logged_in) {
// load DB credentials
require_once(__DIR__ . '/config.inc.php');
// Prefer reusing an existing $db if present, otherwise open a local connection
$menu_db = null;
$menu_db_opened = false;
if (isset($db) && $db instanceof mysqli) {
$menu_db = $db;
} else {
$menu_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
$menu_db_opened = true;
}
</style>
if ($menu_db) {
$uid = intval($_SESSION['website_user_id']);
$res = mysqli_query($menu_db, "SELECT users_role FROM ogp_users WHERE user_id = $uid LIMIT 1");
if ($res && mysqli_num_rows($res) === 1) {
$row = mysqli_fetch_assoc($res);
if (strtolower((string)($row['users_role'] ?? '')) === 'admin') $is_admin = true;
}
if ($menu_db_opened) {
mysqli_close($menu_db);
}
}
}
?>
<link rel="stylesheet" href="css/header.css">
<div class="gsw-header">
<div class="gsw-header-left">
<a href="/">GameServers.World</a>
<a href="index.php">GameServers.World</a>
</div>
<nav class="gsw-header-nav">
<a href="/" class="gsw-nav-link">Home</a>
<a href="/serverlist.php" class="gsw-nav-link">Game Servers</a>
<a href="/cart.php" class="gsw-nav-link">Cart</a>
<?php if ($is_logged_in): ?>
<a href="/adminserverlist.php" class="gsw-nav-link">Admin</a>
<a href="index.php" class="gsw-nav-link">Home</a>
<a href="serverlist.php" class="gsw-nav-link">Game Servers</a>
<li>
<a href="cart.php">Cart
<?php
// show cart badge if helper available
$cart_count = 0;
if (file_exists(__DIR__ . '/cart_helper.php')) {
include_once __DIR__ . '/cart_helper.php';
if (function_exists('get_cart_count')) {
$cart_count = (int) get_cart_count();
}
}
if ($cart_count > 0) {
echo ' <span class="cart-badge">' . intval($cart_count) . '</span>';
}
?>
</a>
</li>
<?php if (basename($_SERVER['PHP_SELF']) === 'login.php'): ?>
<a href="register.php" class="gsw-nav-link">Register</a>
<?php endif; ?>
<?php if ($is_logged_in && $is_admin): ?>
<a href="admin.php" class="gsw-nav-link">Admin</a>
<?php endif; ?>
<a href="http://panel.iaregamer.com" class="gsw-nav-link" target="_blank">Panel Login</a>
</nav>
<div class="gsw-header-right">
<?php if ($is_logged_in): ?>
<span class="gsw-user-info">Welcome, <?php echo $username; ?>!</span>
<a href="/logout.php" class="gsw-header-btn">Logout</a>
<?php
// Build a safe absolute return_to under this site so logout redirects stay in _website
$script = $_SERVER['SCRIPT_NAME'] ?? '';
$pos = strpos($script, '/_website');
$siteRoot = $pos !== false ? substr($script, 0, $pos + strlen('/_website')) : rtrim(dirname($script), '/\\');
$current = $_SERVER['REQUEST_URI'] ?? $siteRoot . '/index.php';
// Ensure current is absolute and under site root; urlencode only when embedding in URL
$return_to_param = $current;
?>
<a href="logout.php?return_to=<?php echo urlencode($return_to_param); ?>" class="gsw-header-btn">Logout</a>
<?php else: ?>
<a href="/login.php" class="gsw-header-btn">Login</a>
<a href="login.php" class="gsw-header-btn">Login</a>
<?php endif; ?>
</div>
</div>

18
_website/includes/top.php Normal file
View file

@ -0,0 +1,18 @@
<?php
// Top include for all _website pages: logo + site name
?>
<link rel="stylesheet" href="css/header.css">
<?php
// Optionally set a background image from config
if (isset($SITE_BACKGROUND) && $SITE_BACKGROUND) {
$bg = htmlspecialchars($SITE_BACKGROUND, ENT_QUOTES, 'UTF-8');
echo "<style>body{background-image:url('". $bg ."');background-size:cover;background-position:center fixed;}</style>\n";
}
?>
<div class="gsw-top">
<div class="gsw-top-left">
<img src="images/logo-sm.png" alt="Gameservers World logo">
</div>
<div class="gsw-site-name">Gameservers World</div>
</div>