", " ");
$replace = array(""", "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
return $text;
}
session_start();
if (!isset($_SESSION['users_lang']))
$_SESSION['users_lang'] = "English";
if (isset($_GET['localeset']))
$_SESSION['users_lang'] = $_GET['localeset'];
require_once("includes/helpers.php");
require_once("includes/view.php");
require_once("includes/lang.php");
require_once("includes/html_functions.php");
require_once("includes/functions.php");
ogpLang();
$view = new OGPView();
$view->setCharset(get_lang('lang_charset'));
?>
".get_lang('install_lang')."
";
echo "\n";
$counter = 0;
for ($i = 0; $i < count($locale_files); $i++) {
if ($counter != 0 && ($counter % $columns == 0)) echo "
\n\n";
echo "| ";
if ($locale_files[$i] == $_SESSION['users_lang'])
echo "".$locale_files[$i]."";
else
echo "".htmlspecialchars($locale_files[$i])."";
echo " | \n";
$counter++;
}
echo "
\n
\n";
echo "GSP / WDS Panel Installer
";
echo "Welcome to the GSP (Game Server Panel) installer, maintained by WDS.
";
echo "🔍 Run Dependency Check
";
echo "GSP is a heavily customized fork of OGP. This installer will:
";
echo "
- Write
includes/config.inc.php with your database credentials.
- Back up any existing database before reinstalling.
- Optionally migrate any existing
ogp_ tables to your chosen prefix.
- Install all modules found in the
modules/ directory.
- Create a default admin account (admin / admin) if none exists.
";
echo "".get_lang('next')."
";
echo "\n";
}
// ----------------------------------------------------------------
// Step 1 – Database settings form
// ----------------------------------------------------------------
elseif ($step == "1") {
if (is_readable('includes/config.inc.php'))
require_once "includes/config.inc.php";
echo "\n";
}
// ----------------------------------------------------------------
// Step 2 – Write config, migrate tables, install modules, create admin
// ----------------------------------------------------------------
elseif ($step == "2") {
echo "| \n";
if (!isset($_POST['db_host'])) {
print_failure("No form data received. Please go back and fill in the database settings.");
echo " ".get_lang('back')." ";
echo " |
\n";
return;
}
$db_host = stripinput($_POST['db_host']);
$db_port = stripinput($_POST['db_port']);
$db_user = stripinput($_POST['db_user']);
$db_pass = stripinput($_POST['db_pass']);
$db_name = stripinput($_POST['db_name']);
$table_prefix = stripinput($_POST['table_prefix']);
$db_type = "mysql";
// Default prefix to gsp_ if empty
if (empty($table_prefix)) $table_prefix = "gsp_";
// Default port to 3306 if empty
if (empty($db_port)) $db_port = "3306";
// --- Write config.inc.php ---
$config = "";
$temp = @fopen("includes/config.inc.php", "w");
if (!@fwrite($temp, $config)) {
print_failure(get_lang('unable_to_write_config'));
echo "".get_lang('back')."
";
fclose($temp);
echo "\n";
return;
}
fclose($temp);
print_success(get_lang('config_written'));
// --- Connect to database using port ---
$db = createDatabaseConnection($db_type, $db_host, $db_user, $db_pass, $db_name, $table_prefix, (int)$db_port);
$error_text = "";
if (get_db_error_text($db, $error_text)) {
print_failure($error_text);
echo "".get_lang('back')."
";
echo "\n";
return;
}
// --- Detect existing database and back it up before reinstall ---
gsp_backup_existing_db($db, $db_host, $db_user, $db_pass, $db_name, $db_port);
// --- Optional ogp_ → gsp_ migration ---
gsp_migrate_tables($db, $table_prefix);
// --- Create base module management tables ---
$db->query("DROP TABLE IF EXISTS `".$table_prefix."modules`");
$db->query("CREATE TABLE IF NOT EXISTS `".$table_prefix."modules` (
`id` smallint(5) unsigned NOT NULL auto_increment,
`title` varchar(100) NOT NULL default '',
`folder` varchar(100) NOT NULL default '',
`version` varchar(10) NOT NULL default '0',
`db_version` int(10) NOT NULL default '0',
PRIMARY KEY (`id`),
UNIQUE KEY `folder` (`folder`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;");
$db->query("DROP TABLE IF EXISTS `".$table_prefix."module_menus`");
$db->query("CREATE TABLE IF NOT EXISTS `".$table_prefix."module_menus` (
`module_id` int(11) NOT NULL COMMENT 'This references to modules.id',
`subpage` varchar(64) NOT NULL default '',
`group` varchar(32) NOT NULL,
`menu_name` varchar(128) NOT NULL,
`pos` INT UNSIGNED NOT NULL,
PRIMARY KEY (`module_id`, `subpage`, `group`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;");
// --- Install all modules ---
require_once("modules/modulemanager/module_handling.php");
@add_lang_module('modulemanager');
$modules = list_available_modules();
// Install modulemanager first
if (in_array('modulemanager', $modules)) {
gsp_install_module($db, 'modulemanager');
}
foreach ($modules as $module) {
if ($module == 'modulemanager') continue;
gsp_install_module($db, $module);
}
print_success(get_lang('database_created'));
// --- Default site settings ---
$site_settings = array(
"title" => "GSP - Game Server Panel",
"slogan" => get_lang('slogan'),
"ogp_version" => "0",
"version_type" => "GSP",
"theme" => "Revolution",
"welcome_title" => "1",
"welcome_title_message"=> "".get_lang('default_welcome_title_message')."",
"page_auto_refresh" => "1",
);
$db->setSettings($site_settings);
// --- Auto-create default admin user ---
// NOTE: The default password 'admin' is intentionally weak for first-boot convenience.
// The installer prominently warns the operator to change it. Passwords are stored as
// MD5 to match the existing panel login system (legacy behaviour).
$existing_admin = $db->getUser('admin');
if (!$existing_admin) {
$db->addUser('admin', 'admin', 'admin', 'admin@localhost');
print_success("Default admin account created (username: admin).");
} else {
echo "Admin user already exists – skipped creation.
";
}
// --- Update game configs ---
updateGameConfigsPostInstall();
echo "".get_lang('remove_install_and_secure_config')."
";
echo "SECURITY: The default admin password is admin. Change it immediately after your first login at Admin → User Management.
";
echo "".get_lang('go_to_panel')."
";
echo "\n";
// --- Disable the installer by renaming install.php to install.php.bak ---
gsp_disable_installer();
echo "\n";
}
else {
echo "Unknown step. Start over
";
}
}
/**
* Install a single module, treating prerequisite failures as warnings
* (not hard failures) per GSP policy: "Do not run prerequisite checks –
* our environment is customized."
*
* Returns the same values as install_module(), but the caller does not
* abort the overall install when -2 is returned.
*/
function gsp_install_module($db, $module) {
$result = install_module($db, $module, FALSE);
// -1 = module.php missing or malformed (genuine hard error)
// -2 = prereq missing or DB query failed; treat as warning
// 0 = already installed
// 1 = installed successfully
// 2 = optional, skipped
if ($result === -1) {
// Already printed by install_module(); just note it.
}
return $result;
}
/**
* Optional ogp_ → configured-prefix migration.
*
* Rules:
* - If a table named ogp_X exists AND the corresponding prefix_X does NOT
* exist, rename ogp_X -> prefix_X.
* - If prefix_X already exists, skip that table (never fail).
* - If no ogp_ tables exist at all, do nothing.
*/
function gsp_migrate_tables($db, $table_prefix) {
if ($table_prefix === 'ogp_') {
// Already using ogp_ prefix – nothing to migrate.
return;
}
// Fetch all tables starting with ogp_
$rows = $db->resultQuery("SHOW TABLES LIKE 'ogp\\_%'");
if (!$rows || !is_array($rows)) return;
$renamed = 0;
$skipped = 0;
foreach ($rows as $row) {
$ogp_table = array_values($row)[0]; // e.g. ogp_users
$suffix = substr($ogp_table, 4); // strip leading "ogp_"
$new_table = $table_prefix . $suffix;
// Check if destination table already exists
$exists = $db->resultQuery("SHOW TABLES LIKE '".str_replace("_", "\\_", $new_table)."'");
if ($exists && is_array($exists) && count($exists) > 0) {
$skipped++;
continue;
}
// Rename
$ok = $db->query("RENAME TABLE `".mysqli_real_escape_string_compat($ogp_table)."` TO `".mysqli_real_escape_string_compat($new_table)."`");
if ($ok) {
$renamed++;
}
}
if ($renamed > 0)
print_success("Migrated {$renamed} table(s) from ogp_ to {$table_prefix} prefix.");
if ($skipped > 0)
echo "{$skipped} table(s) already existed under the {$table_prefix} prefix – skipped.
";
}
/**
* Sanitize a MySQL identifier (table name) for use in RENAME TABLE.
*
* Table names sourced from SHOW TABLES consist only of alphanumeric
* characters and underscores in standard installations. This function
* enforces that invariant by stripping any other characters, making the
* identifier safe to embed between backticks in a SQL statement.
* If a table name ever contained characters outside [a-zA-Z0-9_] it would
* simply be skipped rather than cause an injection.
*/
function mysqli_real_escape_string_compat($identifier) {
return preg_replace('/[^a-zA-Z0-9_]/', '', $identifier);
}
/**
* Detect whether the target database already contains tables.
* If so, create a backup database (panel_BAK or panel_BAK_YYYYMMDD_HHMMSS)
* by copying schema + data, then drop all tables in the target database so
* the fresh install proceeds cleanly.
*
* The backup is performed entirely through the panel's own DB connection so
* no external mysqldump binary is required.
*/
function gsp_backup_existing_db($db, $db_host, $db_user, $db_pass, $db_name, $db_port) {
// Count tables in the target database
$tables_result = $db->resultQuery("SHOW TABLES");
if (!$tables_result || !is_array($tables_result) || count($tables_result) === 0) {
// Fresh database – nothing to back up
return;
}
$table_count = count($tables_result);
echo "⚠ Existing database detected (" . htmlspecialchars((string)$table_count, ENT_QUOTES, 'UTF-8') . " table(s)). Creating backup before reinstall…
";
// Determine backup DB name
$backup_name = $db_name . '_BAK';
$check_bak = $db->resultQuery("SHOW DATABASES LIKE '" . mysqli_real_escape_string_compat($backup_name) . "'");
if ($check_bak && is_array($check_bak) && count($check_bak) > 0) {
$backup_name = $db_name . '_BAK_' . date('Ymd_His');
}
// Create backup database
$safe_backup = '`' . mysqli_real_escape_string_compat($backup_name) . '`';
$safe_src = '`' . mysqli_real_escape_string_compat($db_name) . '`';
$created = $db->query("CREATE DATABASE IF NOT EXISTS {$safe_backup} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci");
if (!$created) {
echo "Could not create backup database " . htmlspecialchars($backup_name) . ". Skipping backup (install will continue).
";
return;
}
// Copy each table: CREATE … SELECT
$copied = 0;
$failed = 0;
foreach ($tables_result as $row) {
$tbl = array_values($row)[0];
$safe_tbl = '`' . mysqli_real_escape_string_compat($tbl) . '`';
// Copy structure
$ok1 = $db->query("CREATE TABLE {$safe_backup}.{$safe_tbl} LIKE {$safe_src}.{$safe_tbl}");
// Copy data
$ok2 = $ok1 && $db->query("INSERT INTO {$safe_backup}.{$safe_tbl} SELECT * FROM {$safe_src}.{$safe_tbl}");
if ($ok2) {
$copied++;
} else {
$failed++;
}
}
print_success("Backup created as " . htmlspecialchars($backup_name) . " — {$copied} table(s) copied" . ($failed > 0 ? ", {$failed} failed (non-fatal)" : "") . ".");
// Drop all tables in the target database so the fresh install is clean
$db->query("SET FOREIGN_KEY_CHECKS = 0");
foreach ($tables_result as $row) {
$tbl = array_values($row)[0];
$safe_tbl = '`' . mysqli_real_escape_string_compat($tbl) . '`';
$db->query("DROP TABLE IF EXISTS {$safe_src}.{$safe_tbl}");
}
$db->query("SET FOREIGN_KEY_CHECKS = 1");
print_success("Target database cleared. Fresh install will proceed.");
}
/**
* After a successful install, rename install.php to install.php.bak and write
* a minimal bootstrap stub as the new install.php that prevents accidental
* re-runs while giving an admin an easy path to restore the real installer.
*/
function gsp_disable_installer() {
$self = __FILE__;
$bak_path = dirname($self) . '/install.php.bak';
// Read the current file before we rename it
$installer_content = @file_get_contents($self);
if ($installer_content === false) {
echo "Could not read install.php for backup — installer not renamed (non-fatal).
";
return;
}
// Write the backup copy
if (@file_put_contents($bak_path, $installer_content) === false) {
echo "Could not write install.php.bak — installer not renamed (non-fatal).
";
return;
}
// Write the stub that replaces install.php
$stub = <<<'STUB'
Invalid or expired restore token. Please reload the page and try again.');
}
$bak = __DIR__ . '/install.php.bak';
if (!is_readable($bak)) {
die('install.php.bak not found. Restore manually.
');
}
$content = file_get_contents($bak);
if ($content === false || file_put_contents(__FILE__, $content) === false) {
die('Could not overwrite install.php. Check file permissions.
');
}
// Invalidate the token after use
unset($_SESSION['gsp_restore_token']);
header('Location: install.php');
exit;
}
$token = htmlspecialchars($_SESSION['gsp_restore_token'], ENT_QUOTES, 'UTF-8');
?>
GSP Installer — Disabled
⚠ Installer Disabled
The GSP installer has been disabled after a successful installation to prevent accidental re-runs.
The original installer is preserved at install.php.bak.
To restore manually:
cp install.php.bak install.php
Go to Panel
STUB;
if (@file_put_contents($self, $stub) === false) {
echo "Could not overwrite install.php with stub — installer not disabled (non-fatal). Delete or rename install.php manually.
";
return;
}
print_success("Installer disabled: install.php renamed to stub. Full installer preserved as install.php.bak.");
echo "To re-enable the installer, click Restore & Re-run Installer on the new install.php page, or run: cp install.php.bak install.php
";
}
$view->printView();
?>