Harden updater layout preflight patching and apache path repair

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/3f33f14d-259b-49a4-9fe6-5167a07102e0

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>

.github/module-map.md

@@ -33,7 +33,7 @@ This file captures how the control panel, storefront, agents, and helper scripts
 | `config_games` | `modules/config_games/add_mod.php`, `server_config_parser.php`, XML files under `server_configs/` | Admin UI for XML definitions. Controls what appears in storefront/service catalog. | Feeds `gamemanager`, billing catalog, cron installers. |
 | `steam_workshop` | `modules/steam_workshop/admin.php`, `user.php`, `Panel/includes/functions.php`, `navigation.xml` | Admin profile defaults + per-home mod management. Profile defaults can now be refreshed from game XML and the user route is explicitly exposed via `p=user`. | Uses `config_games` XML metadata + `server_homes`/assignment tables; feeds workshop agent updater. |
 | `user_games` | `modules/user_games/add_home.php`, `assign_home.php`, `edit_home.php` | Admin workflow to add homes manually or edit assignments. Shares DB tables with billing provisioner. | Uses `game_homes`, `remote_servers`, `billing_orders`. |
-| `administration` / `user_admin` | CRUD around users, groups, permissions, expire dates. | Sets roles consumed by storefront admin guard and provisioning ACLs. |
+| `administration` / `user_admin` | CRUD around users, groups, permissions, expire dates. Also hosts the panel updater (`modules/administration/panel_update.php`) with preflight checks, required pre-update patches (`modules/update/patches`), root-layout sync, backup/rollback, and Apache path scan/repair helpers. | Sets roles consumed by storefront admin guard and provisioning ACLs; updater now coordinates root `Panel/` + `Website/` deployment safety. |
 | `server` | `modules/server/*` | Remote server management (agents, IPs, ports, reinstall keys). Billing uses these tables for available nodes/locations. |
 | `modulemanager` | Manage module install/uninstall/menus. Billing module registers `navigation.xml` to surface `create_servers.php` & admin pages. |
 | `tickets`, `support` | Support ticketing/email utilities. | Pulls user info and logger records. |

Panel/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 2026-05-18
 - **Billing runtime relocation + portable path bootstrap:** Re-homed storefront runtime to `Panel/modules/billing`, added portable runtime helpers (`billing_bootstrap.php`, `site_config.php`, `site_config.example.php`) with env/local override support for base path and panel path, normalized critical storefront redirects/links to computed billing URLs, and added `Website` compatibility wrappers for key billing entrypoints.
 - **Panel updater panel-subtree safety:** Hardened updater logic to treat repository `/panel` as the update source when present (ZIP + git flows) so root-level docs/examples/scripts are no longer candidates for panel file overwrite during updates.
+- **Updater root-layout hardening + pre-update patch workflow:** Reworked the admin updater to treat `/var/www/html/GSP` as repo root (with explicit `Panel/` + `Website/` handling), added mandatory preflight + required patch execution (`Panel/modules/update/patches` + persisted patch-state file), implemented updater self-refresh detection/resume, expanded backups/rollback to include Panel+Website+`version.json` with retention, and added Apache stale-path scan/repair tooling with backups + `apache2ctl configtest` safeguards.
 - **Panel registration stability + captcha fallback hardening:** Fixed a fatal syntax error in `modules/register/register-exec.php`, removed hardcoded/legacy registration redirects, added structured registration logging to `modules/register/logs/register.log` (auto-creates missing log dir), added duplicate username checks, added optional `users_pass_hash` write for PHP 8.3-compatible auth upgrades, and implemented graceful reCAPTCHA fallback when keys are missing/legacy-invalid or the widget reports an error so the themed registration flow no longer crashes with raw PHP errors.
 
 ## 2026-05-13

Panel/docs/COPILOT_TODO.md

@@ -16,3 +16,4 @@
 - Add an admin/serverlist UI badge that shows detected service OS variant (Windows/Linux/Any) from XML metadata next to each purchasable service row.
 - Add a panel settings health check that validates reCAPTCHA site/secret keys against active panel/storefront domains and warns admins before registration users see widget errors.
 - Add an automated deployment check that fails when `Website/timestamp.txt` and `modules/billing/timestamp.txt` diverge after storefront/content changes.
+- Add an integration smoke test that exercises updater preflight, required patch state persistence, Apache path scan output, and rollback restore of Panel/Website/version.json artifacts.

Panel/modules/update/patches/20260518_layout_safety.php

@@ -0,0 +1,43 @@
+<?php
+
+if (!function_exists('gsp_patch_20260518_layout_safety')) {
+function gsp_patch_20260518_layout_safety($context)
+{
+$required_dirs = [
+GSP_ROOT_DIR,
+GSP_PANEL_DIR,
+GSP_WEBSITE_DIR,
+GSP_ROOT_DIR . '/examples',
+GSP_ROOT_DIR . '/backups',
+GSP_ROOT_DIR . '/logs',
+GSP_ROOT_DIR . '/includes',
+];
+
+foreach ($required_dirs as $dir) {
+if (!is_dir($dir) && !@mkdir($dir, 0755, true)) {
+return [
+'success' => false,
+'message' => 'Failed to create required layout directory: ' . $dir,
+];
+}
+if (!is_writable($dir)) {
+return [
+'success' => false,
+'message' => 'Required layout directory is not writable: ' . $dir,
+];
+}
+}
+
+return [
+'success' => true,
+'message' => 'Canonical GSP layout directories verified.',
+];
+}
+}
+
+return [
+'id' => '20260518_layout_safety',
+'title' => 'Ensure canonical GSP layout directories are present and writable',
+'required' => true,
+'handler' => 'gsp_patch_20260518_layout_safety',
+];