GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add comprehensive documentation for new features

Browse source 
Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-10-22 14:42:09 +00:00
parent 5f93c6728e
commit 4ec7efc304
2 changed files with 677 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

294
IMPLEMENTATION_NOTES.md Normal file
View file

@ -0,0 +1,294 @@
# Password Reset and Website Features - Implementation Summary
## Overview
This implementation adds password reset functionality, user server management, infrastructure status monitoring, and Apache configuration files to the GameServerPanel website.
## Changes Made
### New Website Pages (7 files)
1. **forgot_password.php** - Password reset request page
- Accept username or email
- Generate secure token
- Send email with reset link
- Auto-create database table
2. **reset_password.php** - Password reset handler
- Validate token (expiry, usage)
- Set new password
- Update both MD5 and modern hash
- Mark token as used
3. **my_servers.php** - User server dashboard
- Display user's game servers
- Show expiration dates
- Server status indicators
- Renewal links
4. **renew_server.php** - Server renewal page
- Select renewal duration
- Display pricing
- Proceed to payment
5. **server_status.php** - Infrastructure status
- Display all remote servers
- Show resource usage (CPU/Memory/Disk)
- Status badges (Online/Offline/Maintenance)
- Last update timestamps
- Auto-create database table
### Modified Website Files (5 files)
6. **login.php** - Added "Forgot Password?" link
7. **serverlist.php** - Changed "Order Server" to styled button
8. **order.php** - Fixed game image paths (added ../ prefix)
9. **includes/menu.php** - Added "My Servers" link for logged-in users
10. **includes/footer.php** - Added "Server Status" link
### Apache Configuration Files (4 files)
11. **panel.conf** - Main panel virtual host configuration
12. **website.conf** - Storefront website virtual host
13. **fileserver.conf** - File server virtual host
14. **APACHE_SETUP.md** - Complete Apache setup guide
### Documentation (1 file)
15. **_website/FEATURES.md** - Comprehensive feature documentation
## Database Tables Created
### ogp_password_reset_tokens
Stores password reset tokens with expiration and usage tracking.
```sql
CREATE TABLE ogp_password_reset_tokens (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(64) NOT NULL,
expires DATETIME NOT NULL,
used TINYINT(1) DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
INDEX idx_token (token),
INDEX idx_user_id (user_id)
)
```
### ogp_server_status
Stores server infrastructure status and metrics.
```sql
CREATE TABLE ogp_server_status (
status_id INT AUTO_INCREMENT PRIMARY KEY,
remote_server_id INT NOT NULL,
server_name VARCHAR(255) NOT NULL,
ip_address VARCHAR(45),
status ENUM('online', 'offline', 'maintenance') DEFAULT 'offline',
cpu_usage DECIMAL(5,2),
memory_usage DECIMAL(5,2),
disk_usage DECIMAL(5,2),
uptime VARCHAR(50),
last_updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
notes TEXT,
INDEX idx_remote_server (remote_server_id),
UNIQUE KEY unique_server (remote_server_id)
)
```
Both tables are created automatically when the respective pages are first accessed.
## Key Features
### Password Reset
- ✅ Request reset by username or email
- ✅ Secure token generation (64 hex chars)
- ✅ Tokens expire after 1 hour
- ✅ One-time use tokens
- ✅ Email sending (with fallback display)
- ✅ MD5 + modern hash support
- ✅ Password requirements (min 8 chars)
- ✅ User enumeration protection
### My Servers Dashboard
- ✅ Login required
- ✅ Display all user servers
- ✅ Server status indicators
- ✅ Expiration date tracking
- ✅ Renewal links
- ✅ Empty state message
- ✅ Menu link when logged in
### Server Status Page
- ✅ Public access (no login required)
- ✅ Display all remote servers
- ✅ Real-time status badges
- ✅ Resource usage metrics
- ✅ Uptime display
- ✅ Last update timestamps
- ✅ Maintenance notes support
- ✅ Footer link
### UI Improvements
- ✅ "Forgot Password?" link on login page
- ✅ "Order Now" button styled (not plain link)
- ✅ Fixed game images on order page
- ✅ "My Servers" in navigation (when logged in)
- ✅ "Server Status" in footer
### Apache Configurations
- ✅ Panel virtual host (panel.conf)
- ✅ Website virtual host (website.conf)
- ✅ File server virtual host (fileserver.conf)
- ✅ SSL/HTTPS ready
- ✅ Security headers
- ✅ Compression enabled
- ✅ Static asset caching
- ✅ Complete setup guide
## Security Measures
### Password Reset
- Secure random token generation
- Token expiration (1 hour)
- One-time use enforcement
- SQL injection prevention (prepared statements)
- XSS prevention (htmlspecialchars)
- User enumeration protection
### My Servers
- Authentication required
- User isolation (only see own servers)
- Prepared statements
- Output escaping
### Server Status
- Read-only operations
- No sensitive data exposed
- SQL injection prevention
### Apache Configs
- Security headers enabled
- Directory restrictions
- File access controls
- HTTPS configurations ready
## Testing Performed
### Syntax Validation
✅ All PHP files pass syntax check (`php -l`)
- forgot_password.php
- reset_password.php
- my_servers.php
- renew_server.php
- server_status.php
- login.php (modified)
- order.php (modified)
- serverlist.php (modified)
- includes/footer.php (modified)
- includes/menu.php (modified)
### File Structure
✅ All files created in correct locations
✅ Apache configs in GSP root
✅ Website features in _website folder
✅ Documentation in appropriate locations
### Database Safety
✅ Auto-creation with IF NOT EXISTS
✅ Proper indexes defined
✅ Prepared statements used
✅ No breaking changes to existing tables
## Production Checklist
Before deploying to production:
### Password Reset
- [ ] Configure server mail system (sendmail/postfix)
- [ ] Or integrate email service (SendGrid, Mailgun, etc.)
- [ ] Test email delivery
- [ ] Consider rate limiting
- [ ] Monitor reset requests
### My Servers
- [ ] Verify user data is accurate
- [ ] Test with multiple users
- [ ] Verify expiration calculations
- [ ] Test renewal workflow
### Server Status
- [ ] Implement server monitoring agent
- [ ] Set up automatic status updates
- [ ] Test with real server data
- [ ] Configure update frequency
### Apache
- [ ] Update domain names in configs
- [ ] Set correct DocumentRoot paths
- [ ] Obtain SSL certificates
- [ ] Test virtual hosts
- [ ] Configure firewall
- [ ] Set up DNS records
- [ ] Test HTTPS redirects
### General
- [ ] Review all file permissions
- [ ] Test on production-like environment
- [ ] Backup database before deployment
- [ ] Monitor error logs
- [ ] Test user workflows end-to-end
## File Statistics
- **New Files**: 12 (7 website pages + 3 Apache configs + 2 docs)
- **Modified Files**: 5 (login, serverlist, order, menu, footer)
- **Total Changes**: 17 files
- **Database Tables**: 2 (auto-created)
- **Lines of Code**: ~1,580 new lines
## Alignment with Requirements
All requirements from the problem statement have been addressed:
**Password reset on login page** - Added "Forgot Password?" link and complete workflow
**Password reset via username or email** - Both methods supported
**Email password reset link** - Implemented with email sending
**Reset password page** - Created with token validation
**Fix order page images** - Changed to use ../ prefix
**Server list "Order Now" as button** - Styled as gradient button
**My servers page** - Shows active servers with expiration and renewal
**Server status page** - Created with database table
**Server status link in footer** - Added
**Apache configs** - All three created (panel, website, fileserver)
**Documentation** - APACHE_SETUP.md and FEATURES.md created
## Next Steps
1. **Review** this implementation
2. **Test** in development environment
3. **Configure** email settings
4. **Update** Apache configs with real domains
5. **Deploy** to production
6. **Monitor** logs and user feedback
7. **Implement** server monitoring agent for status updates
## Support
- Main documentation: See FEATURES.md
- Apache setup: See APACHE_SETUP.md
- Issues: Check PHP error logs and database connectivity
- Questions: Review existing GSP documentation
---
**Implementation Date**: 2025-10-22
**Repository**: GameServerPanel/GSP
**Branch**: copilot/add-password-reset-feature
**Status**: Ready for review and testing

383
_website/FEATURES.md Normal file
View file

@ -0,0 +1,383 @@
# Website Features Documentation
This document describes the new features added to the GameServers.World website (_website folder).
## Table of Contents
1. [Password Reset System](#password-reset-system)
2. [My Servers Dashboard](#my-servers-dashboard)
3. [Server Status Page](#server-status-page)
4. [UI Improvements](#ui-improvements)
5. [Apache Configuration](#apache-configuration)
---
## Password Reset System
A complete password reset workflow has been implemented to allow users to recover their accounts.
### Files Created
- **forgot_password.php** - Request password reset
- **reset_password.php** - Reset password with token
### How It Works
1. User visits the login page and clicks "Forgot Password?"
2. User enters their username or email on `forgot_password.php`
3. System generates a secure token and stores it in `ogp_password_reset_tokens` table
4. Email is sent with reset link (falls back to displaying link if email fails)
5. User clicks link and is taken to `reset_password.php?token=XXX`
6. User enters new password (min 8 characters)
7. Password is updated using both MD5 (panel compatibility) and modern hash (if shadow column exists)
8. Token is marked as used
### Database Table
The system automatically creates this table if it doesn't exist:
```sql
CREATE TABLE ogp_password_reset_tokens (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(64) NOT NULL,
expires DATETIME NOT NULL,
used TINYINT(1) DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
INDEX idx_token (token),
INDEX idx_user_id (user_id)
)
```
### Security Features
- Tokens expire after 1 hour
- Tokens can only be used once
- Secure random token generation (64 hex characters)
- Password requirements enforced (min 8 chars)
- Passwords hashed with both MD5 (panel) and bcrypt (modern)
- User enumeration protection (doesn't reveal if account exists)
### Email Configuration
The system uses PHP's `mail()` function. For production:
1. Configure your server's mail system (sendmail, postfix, etc.)
2. Or integrate with an email service (SendGrid, Mailgun, etc.)
3. Update the email headers in `forgot_password.php` as needed
---
## My Servers Dashboard
A user dashboard showing all active game servers with renewal options.
### File Created
- **my_servers.php** - User's server management dashboard
- **renew_server.php** - Server renewal page
### Features
- **Server List**: Shows all servers owned by logged-in user
- **Server Details**: Name, game type, location, status
- **Expiration Tracking**: Shows expiration date for each server
- **Status Indicators**: Active, Inactive, Expired
- **Renewal Links**: Quick access to renew each server
- **Empty State**: Helpful message when user has no servers
### Access
- Menu link "My Servers" appears when user is logged in
- Requires authentication via `login_required.php`
### Database Query
Joins multiple tables:
- `ogp_home` - Server instances
- `ogp_remote_servers` - Server locations
- `ogp_game_configs` - Game information
- `ogp_billing_orders` - Order/expiration data
- `ogp_billing_services` - Service pricing
---
## Server Status Page
Public page showing real-time status of all game server infrastructure.
### File Created
- **server_status.php** - Server infrastructure status
### Features
- **Real-time Status**: Online, Offline, Maintenance, Unknown
- **Resource Usage**: CPU, Memory, Disk usage percentages
- **Uptime Display**: How long each server has been running
- **Last Updated**: Time since last status update
- **Color-coded Badges**: Visual status indicators
- **Notes Support**: Display maintenance or status messages
### Database Table
Automatically creates table if it doesn't exist:
```sql
CREATE TABLE ogp_server_status (
status_id INT AUTO_INCREMENT PRIMARY KEY,
remote_server_id INT NOT NULL,
server_name VARCHAR(255) NOT NULL,
ip_address VARCHAR(45),
status ENUM('online', 'offline', 'maintenance') DEFAULT 'offline',
cpu_usage DECIMAL(5,2),
memory_usage DECIMAL(5,2),
disk_usage DECIMAL(5,2),
uptime VARCHAR(50),
last_updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
notes TEXT,
INDEX idx_remote_server (remote_server_id),
UNIQUE KEY unique_server (remote_server_id)
)
```
### Server Updates
The page displays data from `ogp_server_status`. Servers should update this table:
```php
// Example server update code (run on each server periodically)
$stmt = $db->prepare("INSERT INTO ogp_server_status
(remote_server_id, server_name, ip_address, status, cpu_usage, memory_usage, disk_usage, uptime, notes)
VALUES (?, ?, ?, 'online', ?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE
status = VALUES(status),
cpu_usage = VALUES(cpu_usage),
memory_usage = VALUES(memory_usage),
disk_usage = VALUES(disk_usage),
uptime = VALUES(uptime),
notes = VALUES(notes),
last_updated = NOW()");
```
### Access
- Link in footer: "Server Status"
- Public page (no login required)
---
## UI Improvements
### Server List Page
**Before**: "Order Server" was a plain link
**After**: Styled as a button with gradient background
```html
<a href="order.php?service_id=X" class="gsw-btn"
style="display:inline-block;padding:12px 24px;background:linear-gradient(135deg,#667eea 0%,#764ba2 100%);color:white;text-decoration:none;border-radius:8px;font-weight:600;transition:transform 0.2s;">
Order Now
</a>
```
### Order Page
**Fixed**: Game images now display correctly
- Changed from `src="<?php echo $img_url; ?>"`
- To `src="../<?php echo $img_url; ?>"`
- Assumes images are stored relative to panel root
### Login Page
**Added**: "Forgot Password?" link next to Register link
### Navigation Menu
**Added**: "My Servers" link for logged-in users
- Only visible when user is authenticated
- Positioned between "Game Servers" and "Cart"
### Footer
**Added**: "Server Status" link
- Public access to infrastructure status
- Positioned in footer with other utility links
---
## Apache Configuration
Three Apache virtual host configuration files have been created in the GSP root directory.
### Files Created
- **panel.conf** - Panel dashboard configuration
- **website.conf** - Storefront website configuration
- **fileserver.conf** - File server configuration
- **APACHE_SETUP.md** - Detailed installation guide
### panel.conf
Main Open Game Panel dashboard:
- Domain: panel.yourdomain.com
- Document Root: /var/www/GSP
- PHP settings optimized for panel operations
- Security headers enabled
### website.conf
GameServers.World storefront:
- Domain: gameservers.world
- Document Root: /var/www/GSP/_website
- Protected includes and data directories
- Static asset caching
- Compression enabled
- Separate session handling
### fileserver.conf
Game file distribution:
- Domain: files.yourdomain.com
- Document Root: /var/www/fileserver
- Directory browsing enabled
- Large file support
- Script execution disabled in uploads
- Bandwidth limiting support (optional)
### Installation
See `APACHE_SETUP.md` for complete installation instructions including:
- Copying configuration files
- Enabling sites and modules
- SSL/HTTPS setup with Let's Encrypt
- DNS configuration
- Firewall rules
- Troubleshooting
---
## Testing
### Password Reset
1. Visit `login.php`
2. Click "Forgot Password?"
3. Enter username or email
4. Check email or view on-screen link (development mode)
5. Click reset link
6. Enter new password (min 8 chars)
7. Confirm password matches
8. Submit and verify redirect to login
### My Servers
1. Login as a user with servers
2. Click "My Servers" in navigation
3. Verify all servers are listed
4. Check expiration dates
5. Click "Renew" on a server
6. Verify renewal page displays correctly
### Server Status
1. Visit footer link "Server Status"
2. Verify all remote servers are displayed
3. Check status badges (color coding)
4. Verify "Last Updated" formatting
5. Confirm public access (no login required)
### UI Changes
1. Visit `serverlist.php`
2. Verify "Order Now" displays as styled button
3. Click button to go to `order.php`
4. Verify game images display correctly
5. Check footer has "Server Status" link
6. Login and verify "My Servers" appears in menu
---
## Security Considerations
### Password Reset
- ✅ Tokens expire after 1 hour
- ✅ One-time use tokens
- ✅ Secure random generation
- ✅ User enumeration protection
- ✅ Password strength requirements
- ⚠️ Email delivery depends on server mail config
### My Servers
- ✅ Login required
- ✅ User can only see own servers
- ✅ SQL injection prevention with prepared statements
- ✅ XSS prevention with htmlspecialchars()
### Server Status
- ✅ Read-only public page
- ✅ No sensitive information exposed
- ✅ SQL injection prevention
- Server updates should be authenticated (implement separately)
### Apache Configs
- ✅ Security headers enabled
- ✅ Sensitive directories protected
- ✅ Directory listing disabled (except fileserver)
- ✅ HTTPS configurations ready
- ⚠️ Update domain names before deployment
- ⚠️ Configure SSL certificates for production
---
## Future Enhancements
### Password Reset
- Email template customization
- Integration with email service provider
- Rate limiting for reset requests
- SMS/2FA backup recovery
### My Servers
- Server control buttons (start/stop/restart)
- Real-time server metrics
- Configuration editor
- File manager integration
- Console access
- Backup/restore functionality
### Server Status
- Automated server monitoring agent
- Alert notifications
- Historical uptime graphs
- Incident history
- Scheduled maintenance display
- Status API for external monitoring
### General
- User profile management
- Invoice history
- Support ticket system
- Knowledge base integration
- Multi-language support
- Dark/light theme toggle
---
## Support
For issues or questions:
1. Check the main GSP documentation
2. Review Apache configuration in `APACHE_SETUP.md`
3. Check PHP error logs
4. Verify database connectivity
5. Ensure proper file permissions
## License
All new features follow the same license as the main Open Game Panel project.