GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/modules/billing/renew_server.php
Frank Harris 2347205469 website fixes
2025-10-24 17:27:59 -04:00

219 lines
8.5 KiB
PHP
Raw Blame History

<?php
// Silent renew endpoint: mark an existing order as 'renew' and redirect back.
// This endpoint produces no visible output — it always redirects back to the referrer.
// Require login and configuration
if (session_status() === PHP_SESSION_NONE) {
session_name("gameservers_website");
session_start();
}
require_once(__DIR__ . '/includes/config.inc.php');
require_once(__DIR__ . '/includes/login_required.php');
require_once(__DIR__ . '/includes/log.php');
// Connect to DB (use mysqli like other website modules)
$db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if (!$db) {
// fail silently and redirect back
$back = $_SERVER['HTTP_REFERER'] ?? 'my_account.php';
header('Location: ' . $back);
exit;
}
// Resolve user id from session (same logic as other pages)
$user_id = intval($_SESSION['website_user_id'] ?? $_SESSION['user_id'] ?? 0);
if ($user_id <= 0 && isset($_SESSION['website_username']) && !empty($_SESSION['website_username'])) {
$safe_uname = mysqli_real_escape_string($db, $_SESSION['website_username']);
$qr = mysqli_query($db, "SELECT user_id FROM ogp_users WHERE users_login = '$safe_uname' LIMIT 1");
if ($qr && mysqli_num_rows($qr) === 1) {
$rr = mysqli_fetch_assoc($qr);
$user_id = intval($rr['user_id'] ?? 0);
if ($user_id > 0) {
$_SESSION['website_user_id'] = $user_id;
}
}
}
// Always accept order_id from GET (link-based) or POST (form)
$order_id = intval($_REQUEST['order_id'] ?? 0);
// Allow optional duration override via ?duration=year
$duration = (isset($_REQUEST['duration']) && $_REQUEST['duration'] === 'year') ? 'year' : 'month';
$redirect_to = 'cart.php';
if ($order_id <= 0 || $user_id <= 0) {
header('Location: ' . $redirect_to);
exit;
}
// Fetch order and verify ownership
$stmt = $db->prepare('SELECT order_id, user_id, service_id, qty, invoice_duration, price, home_id FROM ogp_billing_orders WHERE order_id = ? LIMIT 1');
if (!$stmt) {
header('Location: ' . $redirect_to);
exit;
}
$stmt->bind_param('i', $order_id);
$stmt->execute();
$res = $stmt->get_result();
if (!$res || $res->num_rows === 0) {
$stmt->close();
header('Location: ' . $redirect_to);
exit;
}
$order = $res->fetch_assoc();
$stmt->close();
if (intval($order['user_id']) !== intval($user_id)) {
// Not the owner — silently redirect
header('Location: ' . $redirect_to);
exit;
}
// Determine price for selected duration by looking up service prices
$service_id = intval($order['service_id'] ?? 0);
$price_val = floatval($order['price'] ?? 0.0);
if ($service_id > 0) {
$sstmt = $db->prepare('SELECT price_monthly, price_year FROM ogp_billing_services WHERE service_id = ? LIMIT 1');
if ($sstmt) {
$sstmt->bind_param('i', $service_id);
$sstmt->execute();
$sres = $sstmt->get_result();
if ($sres && $sres->num_rows > 0) {
$srow = $sres->fetch_assoc();
if ($duration === 'year' && !empty($srow['price_year']) && floatval($srow['price_year']) > 0) {
$price_val = floatval($srow['price_year']);
} else {
$price_val = floatval($srow['price_monthly']);
}
}
$sstmt->close();
}
}
// Update order: set status='renew', invoice_duration, qty, price
$new_status = 'renew';
$qty = 1;
$price_formatted = number_format($price_val, 2, '.', '');
$upd = $db->prepare('UPDATE ogp_billing_orders SET status = ?, invoice_duration = ?, qty = ?, price = ? WHERE order_id = ? AND user_id = ? LIMIT 1');
if ($upd) {
// types: status (s), invoice_duration (s), qty (i), price (d), order_id (i), user_id (i)
$upd->bind_param('ssiddi', $new_status, $duration, $qty, $price_formatted, $order_id, $user_id);
$ok = $upd->execute();
$affected = $upd->affected_rows;
$upd->close();
if ($ok && $affected > 0) {
// Insert a row into ogp_logger if table exists (best-effort)
$client_ip = $_SERVER['REMOTE_ADDR'] ?? '';
$msg = "USER-RENEW: User {$user_id} marked order {$order_id} as renew";
// Try insert into ogp_logger table
$escaped_msg = mysqli_real_escape_string($db, $msg);
$escaped_ip = mysqli_real_escape_string($db, $client_ip);
// Determine logger table name (best-effort). Try standard name then any table that ends with 'logger'.
$logger_table = null;
$check = mysqli_query($db, "SHOW TABLES LIKE 'ogp_logger'");
if ($check && mysqli_num_rows($check) > 0) {
$logger_table = 'ogp_logger';
} else {
$reslt = mysqli_query($db, "SHOW TABLES LIKE '%logger'");
if ($reslt && mysqli_num_rows($reslt) > 0) {
$row = mysqli_fetch_row($reslt);
$logger_table = $row[0];
}
}
if ($logger_table) {
$dt = date('Y-m-d H:i:s');
$ins = "INSERT INTO `" . $logger_table . "` (`date`, `user_id`, `ip`, `message`) VALUES ('{$dt}', " . intval($user_id) . ", '{$escaped_ip}', '{$escaped_msg}')";
@mysqli_query($db, $ins);
}
}
}
// Done — redirect back silently
header('Location: ' . $redirect_to);
exit;
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Renew Server - GameServers.World</title>
</head>
<body>
// Process renewal: mark the existing order as a 'renew' so it appears in the cart
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['confirm_renewal'])) {
$duration = isset($_POST['duration']) ? $_POST['duration'] : 'month';
$invoice_duration = ($duration === 'year') ? 'year' : 'month';
$qty = 1;
// Determine price based on duration (fall back to monthly if missing)
$price = ($duration === 'year' && !empty($order['price_year']) && floatval($order['price_year']) > 0) ? floatval($order['price_year']) : floatval($order['price_monthly']);
// Prepare update to set this order into renew state
if ($upd = $db->prepare("UPDATE ogp_billing_orders SET status = ?, invoice_duration = ?, qty = ?, price = ? WHERE order_id = ? AND user_id = ? LIMIT 1")) {
$new_status = 'renew';
$orderIdInt = intval($order_id);
$userIdInt = intval($user_id);
$price_val = number_format($price, 2, '.', '');
$upd->bind_param('ssiids', $new_status, $invoice_duration, $qty, $price_val, $orderIdInt, $userIdInt);
$ok = $upd->execute();
$affected = $upd->affected_rows;
$upd->close();
if ($ok && $affected > 0) {
// Log to panel logger that the order was marked for renewal
if (isset($db) && method_exists($db, 'logger')) {
$db->logger("USER-RENEW: User " . intval($userIdInt) . " marked order " . intval($orderIdInt) . " as renew");
}
// Successfully transitioned to renew — go to cart
header('Location: cart.php');
exit;
} else {
$err = mysqli_error($db);
echo '<div class="site-panel"><div class="alert alert-danger">Failed to mark order for renewal: ' . htmlspecialchars($err) . '</div></div>';
}
} else {
$err = mysqli_error($db);
echo '<div class="site-panel"><div class="alert alert-danger">Failed to prepare renewal update: ' . htmlspecialchars($err) . '</div></div>';
}
}
?>
<div class="site-panel">
<div class="site-panel-title">Renew Server</div>
<div class="panel" style="max-width:600px;margin:20px auto;">
<h3><?php echo htmlspecialchars($order['service_name']); ?></h3>
<form method="POST" action="">
<div class="form-group">
<label>
<input type="radio" name="duration" value="month" checked>
1 Month - $<?php echo number_format($order['price_monthly'], 2); ?>
</label>
<?php if ($order['price_year'] > 0): ?>
<label>
<input type="radio" name="duration" value="year">
1 Year - $<?php echo number_format($order['price_year'], 2); ?>
</label>
<?php endif; ?>
</div>
<button type="submit" name="confirm_renewal" class="gsw-btn">
Proceed to Payment
</button>
<a href="my_servers.php" class="account-edit-summary" style="margin-left:20px;">Cancel</a>
</form>
</div>
</div>
<?php
// Close database connection
mysqli_close($db);
?>
</body>
<?php include(__DIR__ . '/includes/footer.php'); ?>
</html>
Reference in a new issue View git blame Copy permalink