GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed missing login and billing pages

Browse source
This commit is contained in:
Frank Harris 2026-06-17 13:10:27 -05:00
parent 28533be24d
commit dbecad8606
755 changed files with 1205 additions and 106715 deletions
Download patch file Download diff file Expand all files Collapse all files

303
Panel/modules/website/includes/bootstrap.php
View file

@ -3,6 +3,9 @@
declare(strict_types=1);
require_once __DIR__ . '/paths.php';
if (is_readable(WEBSITE_PANEL_INCLUDE_DIR . '/sso.php')) {
require_once WEBSITE_PANEL_INCLUDE_DIR . '/sso.php';
}
if (defined('GSP_WEBSITE_BOOTSTRAPPED')) {
return;
@ -41,6 +44,7 @@ $websiteDefaults = [
'billing_base_url' => '/billing',
'panel_url' => 'https://panel.iaregamer.com/',
'login_url' => 'https://panel.iaregamer.com/',
'panel_sso_url' => 'https://panel.iaregamer.com/sso.php',
'company' => [
'name' => 'Runlevel Systems',
'url' => 'https://runlevelsystems.com/',
@ -64,6 +68,43 @@ $websiteDefaults = [
$websiteConfig = array_replace_recursive($websiteDefaults, $websiteConfig);
function website_start_session(): void
{
if (session_status() === PHP_SESSION_ACTIVE) {
return;
}
$secure = website_request_scheme() === 'https';
session_set_cookie_params([
'lifetime' => 0,
'path' => website_base_path() === '' ? '/' : website_base_path(),
'secure' => $secure,
'httponly' => true,
'samesite' => 'Lax',
]);
session_start();
$now = time();
$inactiveLimit = 3600;
$absoluteLimit = 43200;
if (!isset($_SESSION['website_session_started_at'])) {
$_SESSION['website_session_started_at'] = $now;
}
if (isset($_SESSION['website_last_seen_at']) && ($now - (int)$_SESSION['website_last_seen_at']) > $inactiveLimit) {
$_SESSION = [];
session_destroy();
session_start();
$_SESSION['website_session_started_at'] = $now;
}
if (($now - (int)($_SESSION['website_session_started_at'] ?? $now)) > $absoluteLimit) {
$_SESSION = [];
session_destroy();
session_start();
$_SESSION['website_session_started_at'] = $now;
}
$_SESSION['website_last_seen_at'] = $now;
}
function website_config(?string $key = null, mixed $default = null): mixed
{
global $websiteConfig;
@ -337,6 +378,266 @@ function website_billing_available(): bool
return website_db() instanceof mysqli;
}
function website_table_exists(string $tableName): bool
{
$db = website_db();
if (!$db instanceof mysqli || $tableName === '') {
return false;
}
$stmt = $db->prepare('SHOW TABLES LIKE ?');
if (!$stmt) {
return false;
}
$stmt->bind_param('s', $tableName);
$stmt->execute();
$result = $stmt->get_result();
$exists = $result instanceof mysqli_result && $result->num_rows > 0;
$stmt->close();
return $exists;
}
function website_table_columns(string $tableName): array
{
$db = website_db();
if (!$db instanceof mysqli || $tableName === '') {
return [];
}
$safeTable = str_replace('`', '``', $tableName);
$result = @$db->query("SHOW COLUMNS FROM `{$safeTable}`");
if (!$result instanceof mysqli_result) {
return [];
}
$columns = [];
while ($row = $result->fetch_assoc()) {
$columns[(string)$row['Field']] = true;
}
$result->free();
return $columns;
}
function website_panel_user_by_id(int $userId): ?array
{
$db = website_db();
$prefix = website_table_prefix();
if (!$db instanceof mysqli || $prefix === '' || $userId <= 0) {
return null;
}
$table = $db->real_escape_string($prefix . 'users');
$stmt = $db->prepare("SELECT * FROM `{$table}` WHERE `user_id` = ? LIMIT 1");
if (!$stmt) {
return null;
}
$stmt->bind_param('i', $userId);
$stmt->execute();
$result = $stmt->get_result();
$user = $result instanceof mysqli_result ? $result->fetch_assoc() : null;
$stmt->close();
return is_array($user) ? $user : null;
}
function website_panel_user_by_login(string $login): ?array
{
$db = website_db();
$prefix = website_table_prefix();
if (!$db instanceof mysqli || $prefix === '' || $login === '') {
return null;
}
$table = $db->real_escape_string($prefix . 'users');
$stmt = $db->prepare("SELECT * FROM `{$table}` WHERE `users_login` = ? LIMIT 1");
if (!$stmt) {
return null;
}
$stmt->bind_param('s', $login);
$stmt->execute();
$result = $stmt->get_result();
$user = $result instanceof mysqli_result ? $result->fetch_assoc() : null;
$stmt->close();
return is_array($user) ? $user : null;
}
function website_verify_panel_password(array $user, string $password): bool
{
$hash = (string)($user['users_passwd'] ?? '');
if ($hash === '') {
return false;
}
return hash_equals($hash, md5($password));
}
function website_authenticate_user(string $login, string $password): ?array
{
$user = website_panel_user_by_login($login);
if (!$user || !website_verify_panel_password($user, $password)) {
return null;
}
return $user;
}
function website_set_user_session(array $user): void
{
website_start_session();
session_regenerate_id(true);
$_SESSION['website_user_id'] = (int)$user['user_id'];
$_SESSION['website_users_login'] = (string)$user['users_login'];
$_SESSION['website_users_role'] = (string)$user['users_role'];
$_SESSION['website_login_at'] = time();
}
function website_logout_user(): void
{
website_start_session();
$_SESSION = [];
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'] ?? '', (bool)$params['secure'], (bool)$params['httponly']);
}
session_destroy();
}
function website_current_user(): ?array
{
website_start_session();
$userId = (int)($_SESSION['website_user_id'] ?? 0);
if ($userId <= 0) {
return null;
}
$user = website_panel_user_by_id($userId);
if (!$user) {
website_logout_user();
return null;
}
return $user;
}
function website_is_logged_in(): bool
{
return website_current_user() !== null;
}
function website_current_user_is_staff(): bool
{
$user = website_current_user();
return $user !== null && (string)($user['users_role'] ?? '') === 'admin';
}
function website_log_activity(string $message, int $userId = 0, string $eventType = 'website'): void
{
$db = website_db();
$prefix = website_table_prefix();
if (!$db instanceof mysqli || $prefix === '') {
return;
}
$table = $prefix . 'logger';
if (!website_table_exists($table)) {
return;
}
$safeTable = $db->real_escape_string($table);
$ip = substr((function_exists('gsp_sso_client_ip') ? gsp_sso_client_ip() : (string)($_SERVER['REMOTE_ADDR'] ?? '')), 0, 255);
$stmt = $db->prepare(
"INSERT INTO `{$safeTable}` (`date`, `user_id`, `ip`, `message`, `source_type`, `category`, `event_type`, `severity`)
VALUES (FROM_UNIXTIME(UNIX_TIMESTAMP(), '%d-%m-%Y %H:%i:%s'), ?, ?, ?, 'website', 'authentication', ?, 'info')"
);
if (!$stmt) {
return;
}
$message = substr($message, 0, 1000);
$eventType = substr($eventType, 0, 80);
$stmt->bind_param('isss', $userId, $ip, $message, $eventType);
@$stmt->execute();
$stmt->close();
}
function website_safe_return_path(string $returnPath, string $default = 'index.php'): string
{
if (function_exists('gsp_sso_safe_return_path')) {
return gsp_sso_safe_return_path($returnPath, $default);
}
if ($returnPath === '' || preg_match('#^[a-z][a-z0-9+.-]*://#i', $returnPath) === 1 || str_starts_with($returnPath, '//')) {
return $default;
}
return ltrim($returnPath, '/');
}
function website_login_url(string $returnPath = ''): string
{
$path = 'login.php';
if ($returnPath !== '') {
$path .= '?return=' . rawurlencode(website_safe_return_path($returnPath, 'index.php'));
}
return website_url($path);
}
function website_panel_sso_url(string $returnPath = 'home.php?m=dashboard&p=dashboard'): string
{
$path = 'sso.php?destination=panel&return=' . rawurlencode(website_safe_return_path($returnPath, 'home.php?m=dashboard&p=dashboard'));
return website_url($path);
}
function website_control_panel_url(string $returnPath = 'home.php?m=dashboard&p=dashboard'): string
{
return website_is_logged_in() ? website_panel_sso_url($returnPath) : website_login_url('panel');
}
function website_order_url(int|string $serviceId): string
{
return website_url('order.php?service_id=' . rawurlencode((string)$serviceId));
}
function website_fetch_service_by_id(int $serviceId): ?array
{
$db = website_db();
$prefix = website_table_prefix();
if (!$db instanceof mysqli || $prefix === '' || $serviceId <= 0) {
return null;
}
$serviceTable = $prefix . 'billing_services';
if (!website_table_exists($serviceTable)) {
return null;
}
$safeServiceTable = $db->real_escape_string($serviceTable);
$safeConfigTable = $db->real_escape_string($prefix . 'config_homes');
$stmt = $db->prepare(
"SELECT bs.*, ch.game_name AS cfg_game_name, ch.game_key AS cfg_game_key, ch.home_cfg_file AS cfg_file
FROM `{$safeServiceTable}` bs
LEFT JOIN `{$safeConfigTable}` ch ON ch.home_cfg_id = bs.home_cfg_id
WHERE bs.service_id = ?
LIMIT 1"
);
if (!$stmt) {
return null;
}
$stmt->bind_param('i', $serviceId);
$stmt->execute();
$result = $stmt->get_result();
$service = $result instanceof mysqli_result ? $result->fetch_assoc() : null;
$stmt->close();
if (!is_array($service)) {
return null;
}
if (array_key_exists('enabled', $service) && (int)$service['enabled'] !== 1) {
return null;
}
return $service;
}
function website_billing_docs_root(): ?string
{
if (is_dir(WEBSITE_BILLING_DOCS_DIR)) {
@ -537,3 +838,5 @@ function website_render(string $pageTemplate, array $context = []): void
require WEBSITE_ROOT_DIR . '/pages/' . $pageTemplate;
require WEBSITE_INCLUDE_DIR . '/footer.php';
}
website_start_session();