From 4babef08eb2881328dd4334d44d6994055c51eaa Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 5 May 2026 20:21:59 +0000 Subject: [PATCH] fix: remove hardcoded Discord webhook URLs, centralize via discordmsg() helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Improve discordmsg() in includes/functions.php: add curl_init existence check, CURLOPT_TIMEOUT/CONNECTTIMEOUT, safe no-op when webhook is empty, correct false-return on curl_init failure - index.php: replace hardcoded webhook URL + 15-line inline cURL block with discordmsg() using $settings['discord_webhook_admin'] - modules/user_admin/edit_user.php: same — role-change notification now uses discordmsg() + discord_webhook_admin setting - modules/tickets/submitTicket.php: add global $settings; replace hardcoded webhook URL + inline cURL with discordmsg() using discord_webhook_main - modules/billing/create_servers.php: replace $settings['webhookurl'] + inline cURL blocks (x2) with discordmsg() using discord_webhook_main All modules now use the centralized discord_webhook_main / discord_webhook_admin settings already managed in Admin > Settings. No DB migration needed. Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/e4d38343-77ed-4c7a-afac-a2a815a059fd Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com> --- includes/functions.php | 31 ++++++++++++--------- index.php | 28 +++---------------- modules/billing/create_servers.php | 43 +++--------------------------- modules/tickets/submitTicket.php | 25 ++++------------- modules/user_admin/edit_user.php | 19 ++----------- 5 files changed, 34 insertions(+), 112 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index a153b7a8..755b1afc 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -62,19 +62,26 @@ $msg = json_decode(' ', true); */ function discordmsg($msg, $webhook) { - if($webhook != "") { - $ch = curl_init($webhook); - $msg = "payload_json=" . urlencode(json_encode($msg)).""; - - if(isset($ch)) { - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); - curl_setopt($ch, CURLOPT_POSTFIELDS, $msg); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - $result = curl_exec($ch); - curl_close($ch); - return $result; + if (empty($webhook)) { + return false; } - } + if (!function_exists('curl_init')) { + error_log("GSP Discord webhook skipped: PHP curl extension is not loaded."); + return false; + } + $ch = curl_init($webhook); + if ($ch === false) { + return false; + } + $payload = "payload_json=" . urlencode(json_encode($msg)); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); + curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_TIMEOUT, 5); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3); + $result = curl_exec($ch); + curl_close($ch); + return $result; } diff --git a/index.php b/index.php index e27aacd7..87350ed1 100644 --- a/index.php +++ b/index.php @@ -304,30 +304,10 @@ function ogpHome() //NOTIFY DISCORD WHEN ADMIN LOGS IN $trust_admins = array("iaregamer","dimrod","CJB","Bebiano","Syru"); - if ($userInfo['users_role'] == "admin" && in_array($userInfo['users_login'], $trust_admins) == false) { - //WEBHOOK Discord======================================================================================= - // Create new webhook in your Discord channel settings and copy&paste URL - //======================================================================================================= - $webhookurl = "https://discord.com/api/webhooks/1087810639390576650/sspI3frko8FLD6ybvzG-_BXhG4wjH7yujFBxffgtTw34uAL_AdrDxY36C-khqs--cEMu"; - //======================================================================================================== - $msg = "Admin Login :warning: \nIP:".$client_ip." \nID:".$userInfo['user_id']." \nUser:".$userInfo['users_login']; - $json_data = array ('content'=>"$msg"); - $make_json = json_encode($json_data); - if(!function_exists('curl_init')){ - error_log("OGP Discord webhook skipped: PHP curl extension is not loaded."); - }else{ - $ch = curl_init( $webhookurl ); - curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); - curl_setopt( $ch, CURLOPT_POST, 1); - curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json); - curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); - curl_setopt( $ch, CURLOPT_HEADER, 0); - curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1); - $response = curl_exec( $ch ); - curl_close($ch); - } - //end WEBHOOK Discord - } + if ($userInfo['users_role'] == "admin" && !in_array($userInfo['users_login'], $trust_admins)) { + $msg = "Admin Login :warning: \nIP:".$client_ip." \nID:".$userInfo['user_id']." \nUser:".$userInfo['users_login']; + discordmsg(array('content' => $msg), $settings['discord_webhook_admin'] ?? ''); + } $_SESSION['user_id'] = $userInfo['user_id']; $_SESSION['users_login'] = $userInfo['users_login']; diff --git a/modules/billing/create_servers.php b/modules/billing/create_servers.php index 7a6398ca..bf3027d1 100644 --- a/modules/billing/create_servers.php +++ b/modules/billing/create_servers.php @@ -147,24 +147,8 @@ function exec_ogp_module() $db->logger( "Email FAILED - Server Renewed " . $home_id); // END EMAIL - //WEBHOOK Discord======================================================================================= - - - $webhookurl = $settings['webhookurl']; - - $msg = "The ". $home_name ." server ID #". $home_id . " has just been renewed."; - $json_data = array ('content'=>"$msg"); - $make_json = json_encode($json_data); - $ch = curl_init( $webhookurl ); - curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); - curl_setopt( $ch, CURLOPT_POST, 1); - curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json); - curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); - curl_setopt( $ch, CURLOPT_HEADER, 0); - curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1); - $response = curl_exec( $ch ); - //If you need to debug, or find out why you can't send message uncomment line below, and execute script. - //echo $response; + //WEBHOOK Discord + discordmsg(array('content' => "The ". $home_name ." server ID #". $home_id . " has just been renewed."), $settings['discord_webhook_main'] ?? ''); //end WEBHOOK Discord } @@ -294,28 +278,9 @@ function exec_ogp_module() $db->logger( "Email FAILED - Server Created " . $home_id); - //WEBHOOK Discord======================================================================================= - - $webhookurl = !empty($settings['webhookurl']) ? $settings['webhookurl'] : ''; - - if (!empty($webhookurl)) { - - - $msg = "A new server, ". $home_name ." ID #". $home_id . ", has just been created."; - $json_data = array ('content'=>"$msg"); - $make_json = json_encode($json_data); - $ch = curl_init( $webhookurl ); - curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); - curl_setopt( $ch, CURLOPT_POST, 1); - curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json); - curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); - curl_setopt( $ch, CURLOPT_HEADER, 0); - curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1); - $response = curl_exec( $ch ); - //If you need to debug, or find out why you can't send message uncomment line below, and execute script. - //echo $response; + //WEBHOOK Discord + discordmsg(array('content' => "A new server, ". $home_name ." ID #". $home_id . ", has just been created."), $settings['discord_webhook_main'] ?? ''); //end WEBHOOK Discord - } } // END EMAIL diff --git a/modules/tickets/submitTicket.php b/modules/tickets/submitTicket.php index 5c641cf4..b8c66e89 100644 --- a/modules/tickets/submitTicket.php +++ b/modules/tickets/submitTicket.php @@ -9,7 +9,7 @@ require 'include/functions.php'; function exec_ogp_module() { - global $db, $view; + global $db, $view, $settings; $ticket = new Ticket($db); $TicketSettings = new TicketSettings($db); @@ -94,25 +94,10 @@ function exec_ogp_module() - //WEBHOOK Discord======================================================================================= - - $webhook = "https://discord.com/api/webhooks/1087807080657854484/yYtW8q63xKj3rTFYrNfW2LJk_GeC_WtuI8eJOyELxWbqTQ-uMzOO2I9qofoJCoHXFhC1"; - //$webhook = "https://discord.com/api/webhooks/710275918274363412/g5Tr-EUdEnLfFryOlscxJ6FuPiSJuE6EMKRYmh9UGMiqTUxU5-y9CQrBlDJW7znr0Tol"; - - $msg = "Server support ticket created:\n"."ServerID: " .$_POST['ticket_service'] ."\n". "Subject: " .$_POST['ticket_subject']; - $json_data = array ('content'=>"$msg"); - $make_json = json_encode($json_data); - $ch = curl_init( $webhook ); - curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); - curl_setopt( $ch, CURLOPT_POST, 1); - curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json); - curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); - curl_setopt( $ch, CURLOPT_HEADER, 0); - curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1); - $response = curl_exec( $ch ); - //If you need to debug, or find out why you can't send message uncomment line below, and execute script. - //echo $response; - //end WEBHOOK Discord + //TICKET SUBMITTED, POST ON DISCORD + $msg = "Server support ticket created:\n"."ServerID: " .$_POST['ticket_service'] ."\n". "Subject: " .$_POST['ticket_subject']; + discordmsg(array('content' => $msg), $settings['discord_webhook_main'] ?? ''); + //end discord diff --git a/modules/user_admin/edit_user.php b/modules/user_admin/edit_user.php index 3cc765ef..49b474f8 100644 --- a/modules/user_admin/edit_user.php +++ b/modules/user_admin/edit_user.php @@ -153,23 +153,8 @@ function exec_ogp_module() { //when someone changes the profile to admin if (isset($userInfo['users_role']) && isset($_POST['newrole']) && $userInfo['users_role'] != $_POST['newrole']) { $client_ip = getClientIPAddress(); - //WEBHOOK Discord======================================================================================= - // Create new webhook in your Discord channel settings and copy&paste URL - //======================================================================================================= - $webhookurl = "https://discord.com/api/webhooks/1087810639390576650/sspI3frko8FLD6ybvzG-_BXhG4wjH7yujFBxffgtTw34uAL_AdrDxY36C-khqs--cEMu"; - //======================================================================================================== - $msg = "User Role Changed :warning: \nIP: ".$client_ip." \nUser: ".$login." \nUser Role: ".$userInfo['users_role']." \nNew Role: ".$_POST['newrole']; - $json_data = array ('content'=>"$msg"); - $make_json = json_encode($json_data); - $ch = curl_init( $webhookurl ); - curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); - curl_setopt( $ch, CURLOPT_POST, 1); - curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json); - curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); - curl_setopt( $ch, CURLOPT_HEADER, 0); - curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1); - $response = curl_exec( $ch ); - //end WEBHOOK Discord + $msg = "User Role Changed :warning: \nIP: ".$client_ip." \nUser: ".$login." \nUser Role: ".$userInfo['users_role']." \nNew Role: ".$_POST['newrole']; + discordmsg(array('content' => $msg), $settings['discord_webhook_admin'] ?? ''); } if ( empty($theme) )