$_SERVER['REMOTE_ADDR'] ?? '', 'script'=>$_SERVER['SCRIPT_NAME'] ?? '']);
$debug_messages[] = 'missing username or password';
} else {
$safe = mysqli_real_escape_string($db, $username);
$sql = "SELECT * FROM {$table_prefix}users WHERE users_login = '$safe' LIMIT 1";
$res = mysqli_query($db, $sql);
if ($res && mysqli_num_rows($res) === 1) {
$row = mysqli_fetch_assoc($res);
$userId = intval($row['user_id']);
$legacyHash = $row['users_passwd'] ?? '';
$modernHash = $row['users_pass_hash'] ?? '';
$authOk = false;
if (!empty($modernHash) && function_exists('password_verify')) {
$authOk = password_verify($password, $modernHash);
}
if (!$authOk && !empty($legacyHash)) {
$authOk = (md5($password) === $legacyHash);
}
if ($authOk) {
session_regenerate_id(true);
$_SESSION['user_id'] = $userId;
$_SESSION['users_login'] = $row['users_login'] ?? $username;
$_SESSION['users_passwd'] = $legacyHash;
$_SESSION['users_group'] = $row['users_role'] ?? 'user';
$_SESSION['users_lang'] = $row['users_lang'] ?? '';
$_SESSION['users_theme'] = $row['users_theme'] ?? '';
$_SESSION['website_user_id'] = $userId;
$_SESSION['website_username'] = $row['users_login'] ?? $username;
$_SESSION['website_user_role'] = $row['users_role'] ?? '';
$_SESSION['website_login_time'] = time();
require_once(__DIR__ . '/includes/panel_bridge.php');
$panelCtx = billing_panel_bootstrap();
if ($panelCtx && isset($panelCtx['db']) && $panelCtx['db'] instanceof OGPDatabase) {
$_SESSION['users_api_key'] = $panelCtx['db']->getApiToken($userId);
} else {
$_SESSION['users_api_key'] = $_SESSION['users_api_key'] ?? '';
}
site_log_info('login_success', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
$returnToParam = $_POST['return_to'] ?? '';
$destination = $sanitize_return_path($returnToParam);
if ($destination === '') {
$destination = $SITE_ROOT_PATH . '/index.php';
}
header('Location: ' . $destination);
exit();
}
}
$error_message = 'Invalid username or password.';
site_log_warn('login_failed_invalid_credentials', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
}
}
// Keep DB connection open for includes (menu.php may query the DB). The
// connection lifecycle is handled centrally; avoid closing here.
?>
Login - GameServers.World