fix: address code review nits - table name escaping, prefix fallback, gamemanager default, admin.php site vars

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/35af6b7c-2518-4105-b4d2-ba1f3fe754cd

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>

modules/billing/admin.php

@@ -4,8 +4,25 @@ require_once(__DIR__ . '/includes/admin_auth.php');
 require_once(__DIR__ . '/includes/config_loader.php');
 
 // Ensure site variables are defined regardless of which config was loaded.
-// The panel config (loaded first by config_loader) does not define these, so
-// we fall back to safe defaults when they are absent.
+// The panel config (loaded first by config_loader) does not define these billing-specific
+// variables. Try loading them from the billing config.inc.php if not already set.
+if (!isset($SITE_BASE_URL) || !isset($SITE_DATA_DIR)) {
+    $billingLocalCfg = __DIR__ . '/includes/config.inc.php';
+    if (is_readable($billingLocalCfg) && defined('BILLING_CONFIG_PATH') && BILLING_CONFIG_PATH !== $billingLocalCfg) {
+        // Panel config was loaded; read billing config vars without re-running DB setup.
+        // Use a temporary scope to avoid overwriting DB credentials.
+        $__billing_cfg_vars = (static function() use ($billingLocalCfg) {
+            $SITE_BASE_URL = '';
+            $SITE_DATA_DIR = '';
+            @include $billingLocalCfg;
+            return ['base' => $SITE_BASE_URL ?? '', 'data' => $SITE_DATA_DIR ?? ''];
+        })();
+        if (!isset($SITE_BASE_URL)) $SITE_BASE_URL = $__billing_cfg_vars['base'];
+        if (!isset($SITE_DATA_DIR)) $SITE_DATA_DIR = $__billing_cfg_vars['data'];
+        unset($__billing_cfg_vars, $billingLocalCfg);
+    }
+}
+// Final safe defaults if still not set.
 if (!isset($SITE_BASE_URL)) {
     $SITE_BASE_URL = '';
 }

modules/billing/adminserverlist.php

@@ -77,8 +77,7 @@ function sync_billing_services(mysqli $db, string $prefix): array
 
     foreach ($autoRepairCols as $col => $alterFragment) {
         if (!col_exists($db, $tableName, $col)) {
-            $t = $db->real_escape_string($tableName);
-            if ($db->query("ALTER TABLE `{$t}` {$alterFragment}")) {
+            if ($db->query("ALTER TABLE `{$tableName}` {$alterFragment}")) {
                 $messages[] = "✔ Auto-repaired: added column '{$col}' to {$tableName}.";
             } else {
                 $messages[] = "✖ Could not add column '{$col}' to {$tableName}: " . $db->error;

modules/billing/module.php

@@ -96,7 +96,8 @@ $install_queries[0] = array(
         KEY `home_id` (`home_id`)
     ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;",
 
-    // Billing Invoices — created on cart add, paid after payment capture
+    // Billing Invoices — created on cart add, paid after payment capture.
+    // home_id is 0 until the service is provisioned after payment.
     "CREATE TABLE IF NOT EXISTS `".OGP_DB_PREFIX."billing_invoices` (
         `invoice_id`             INT(11)          NOT NULL AUTO_INCREMENT,
         `order_id`               INT(11)          NOT NULL DEFAULT 0,

modules/billing/tools/check_db_user.php

@@ -5,7 +5,7 @@ if (!$db) {
     echo "DB connect failed: " . mysqli_connect_error() . PHP_EOL;
     exit(1);
 }
-$prefix    = isset($table_prefix) ? $table_prefix : '';
+$prefix    = defined('OGP_DB_PREFIX') ? OGP_DB_PREFIX : (isset($table_prefix) ? $table_prefix : 'gsp_');
 $user      = $argv[1] ?? 'iaregamer';
 $user_safe = mysqli_real_escape_string($db, $user);
 $has_shadow = false;

modules/gamemanager/module.php

@@ -35,7 +35,7 @@ $install_queries[0] = array(
         `ip_id` int(11) NOT NULL,
         `port` int(11) NOT NULL,
         `home_id` int(11) NOT NULL,
-        `force_mod_id` int(11) NOT NULL DEFAULT '0',
+        `force_mod_id` int(11) NOT NULL DEFAULT 0,
         PRIMARY KEY  (`ip_id`,`port`)
     ) ENGINE=MyISAM DEFAULT CHARSET=latin1;",