Panel/_website/FEATURES.md

Website Features Documentation

This document describes the new features added to the GameServers.World website (_website folder).

Table of Contents

1. Password Reset System
2. My Servers Dashboard
3. Server Status Page
4. UI Improvements
5. Apache Configuration

---

Password Reset System

A complete password reset workflow has been implemented to allow users to recover their accounts.

Files Created

• forgot_password.php - Request password reset
• reset_password.php - Reset password with token

How It Works

1. User visits the login page and clicks "Forgot Password?"
2. User enters their username or email on forgot_password.php
3. System generates a secure token and stores it in ogp_password_reset_tokens table
4. Email is sent with reset link (falls back to displaying link if email fails)
5. User clicks link and is taken to reset_password.php?token=XXX
6. User enters new password (min 8 characters)
7. Password is updated using both MD5 (panel compatibility) and modern hash (if shadow column exists)
8. Token is marked as used

Database Table

The system automatically creates this table if it doesn't exist:

CREATE TABLE ogp_password_reset_tokens (
    id INT AUTO_INCREMENT PRIMARY KEY,
    user_id INT NOT NULL,
    token VARCHAR(64) NOT NULL,
    expires DATETIME NOT NULL,
    used TINYINT(1) DEFAULT 0,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    INDEX idx_token (token),
    INDEX idx_user_id (user_id)
)

Security Features

• Tokens expire after 1 hour
• Tokens can only be used once
• Secure random token generation (64 hex characters)
• Password requirements enforced (min 8 chars)
• Passwords hashed with both MD5 (panel) and bcrypt (modern)
• User enumeration protection (doesn't reveal if account exists)

Email Configuration

The system uses PHP's mail() function. For production:

1. Configure your server's mail system (sendmail, postfix, etc.)
2. Or integrate with an email service (SendGrid, Mailgun, etc.)
3. Update the email headers in forgot_password.php as needed

---

My Servers Dashboard

A user dashboard showing all active game servers with renewal options.

File Created

• my_servers.php - User's server management dashboard
• renew_server.php - Server renewal page

Features

• Server List: Shows all servers owned by logged-in user
• Server Details: Name, game type, location, status
• Expiration Tracking: Shows expiration date for each server
• Status Indicators: Active, Inactive, Expired
• Renewal Links: Quick access to renew each server
• Empty State: Helpful message when user has no servers

Access

• Menu link "My Servers" appears when user is logged in
• Requires authentication via login_required.php

Database Query

Joins multiple tables:

• ogp_home - Server instances
• ogp_remote_servers - Server locations
• ogp_game_configs - Game information
• ogp_billing_orders - Order/expiration data
• ogp_billing_services - Service pricing

---

Server Status Page

Public page showing real-time status of all game server infrastructure.

File Created

• server_status.php - Server infrastructure status

Features

• Real-time Status: Online, Offline, Maintenance, Unknown
• Resource Usage: CPU, Memory, Disk usage percentages
• Uptime Display: How long each server has been running
• Last Updated: Time since last status update
• Color-coded Badges: Visual status indicators
• Notes Support: Display maintenance or status messages

Database Table

Automatically creates table if it doesn't exist:

CREATE TABLE ogp_server_status (
    status_id INT AUTO_INCREMENT PRIMARY KEY,
    remote_server_id INT NOT NULL,
    server_name VARCHAR(255) NOT NULL,
    ip_address VARCHAR(45),
    status ENUM('online', 'offline', 'maintenance') DEFAULT 'offline',
    cpu_usage DECIMAL(5,2),
    memory_usage DECIMAL(5,2),
    disk_usage DECIMAL(5,2),
    uptime VARCHAR(50),
    last_updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
    notes TEXT,
    INDEX idx_remote_server (remote_server_id),
    UNIQUE KEY unique_server (remote_server_id)
)

Server Updates

The page displays data from ogp_server_status. Servers should update this table:

// Example server update code (run on each server periodically)
$stmt = $db->prepare("INSERT INTO ogp_server_status 
    (remote_server_id, server_name, ip_address, status, cpu_usage, memory_usage, disk_usage, uptime, notes)
    VALUES (?, ?, ?, 'online', ?, ?, ?, ?, ?)
    ON DUPLICATE KEY UPDATE 
    status = VALUES(status),
    cpu_usage = VALUES(cpu_usage),
    memory_usage = VALUES(memory_usage),
    disk_usage = VALUES(disk_usage),
    uptime = VALUES(uptime),
    notes = VALUES(notes),
    last_updated = NOW()");

Access

• Link in footer: "Server Status"
• Public page (no login required)

---

UI Improvements

Server List Page

Before: "Order Server" was a plain link
After: Styled as a button with gradient background

<a href="order.php?service_id=X" class="gsw-btn" 
   style="display:inline-block;padding:12px 24px;background:linear-gradient(135deg,#667eea 0%,#764ba2 100%);color:white;text-decoration:none;border-radius:8px;font-weight:600;transition:transform 0.2s;">
   Order Now
</a>

Order Page

Fixed: Game images now display correctly

• Changed from src="<?php echo $img_url; ?>"
• To src="../<?php echo $img_url; ?>"
• Assumes images are stored relative to panel root

Login Page

Added: "Forgot Password?" link next to Register link

Navigation Menu

Added: "My Servers" link for logged-in users

• Only visible when user is authenticated
• Positioned between "Game Servers" and "Cart"

Footer

Added: "Server Status" link

• Public access to infrastructure status
• Positioned in footer with other utility links

---

Apache Configuration

Three Apache virtual host configuration files have been created in the GSP root directory.

Files Created

• panel.conf - Panel dashboard configuration
• website.conf - Storefront website configuration
• fileserver.conf - File server configuration
• APACHE_SETUP.md - Detailed installation guide

panel.conf

Main Open Game Panel dashboard:

• Domain: panel.yourdomain.com
• Document Root: /var/www/GSP
• PHP settings optimized for panel operations
• Security headers enabled

website.conf

GameServers.World storefront:

• Domain: gameservers.world
• Document Root: /var/www/GSP/_website
• Protected includes and data directories
• Static asset caching
• Compression enabled
• Separate session handling

fileserver.conf

Game file distribution:

• Domain: files.yourdomain.com
• Document Root: /var/www/fileserver
• Directory browsing enabled
• Large file support
• Script execution disabled in uploads
• Bandwidth limiting support (optional)

Installation

See APACHE_SETUP.md for complete installation instructions including:

• Copying configuration files
• Enabling sites and modules
• SSL/HTTPS setup with Let's Encrypt
• DNS configuration
• Firewall rules
• Troubleshooting

---

Testing

Password Reset

1. Visit login.php
2. Click "Forgot Password?"
3. Enter username or email
4. Check email or view on-screen link (development mode)
5. Click reset link
6. Enter new password (min 8 chars)
7. Confirm password matches
8. Submit and verify redirect to login

My Servers

1. Login as a user with servers
2. Click "My Servers" in navigation
3. Verify all servers are listed
4. Check expiration dates
5. Click "Renew" on a server
6. Verify renewal page displays correctly

Server Status

1. Visit footer link "Server Status"
2. Verify all remote servers are displayed
3. Check status badges (color coding)
4. Verify "Last Updated" formatting
5. Confirm public access (no login required)

UI Changes

1. Visit serverlist.php
2. Verify "Order Now" displays as styled button
3. Click button to go to order.php
4. Verify game images display correctly
5. Check footer has "Server Status" link
6. Login and verify "My Servers" appears in menu

---

Security Considerations

Password Reset

• ✅ Tokens expire after 1 hour
• ✅ One-time use tokens
• ✅ Secure random generation
• ✅ User enumeration protection
• ✅ Password strength requirements
• ⚠️ Email delivery depends on server mail config

My Servers

• ✅ Login required
• ✅ User can only see own servers
• ✅ SQL injection prevention with prepared statements
• ✅ XSS prevention with htmlspecialchars()

Server Status

• ✅ Read-only public page
• ✅ No sensitive information exposed
• ✅ SQL injection prevention
• ℹ️ Server updates should be authenticated (implement separately)

Apache Configs

• ✅ Security headers enabled
• ✅ Sensitive directories protected
• ✅ Directory listing disabled (except fileserver)
• ✅ HTTPS configurations ready
• ⚠️ Update domain names before deployment
• ⚠️ Configure SSL certificates for production

---

Future Enhancements

Password Reset

• Email template customization
• Integration with email service provider
• Rate limiting for reset requests
• SMS/2FA backup recovery

My Servers

• Server control buttons (start/stop/restart)
• Real-time server metrics
• Configuration editor
• File manager integration
• Console access
• Backup/restore functionality

Server Status

• Automated server monitoring agent
• Alert notifications
• Historical uptime graphs
• Incident history
• Scheduled maintenance display
• Status API for external monitoring

General

• User profile management
• Invoice history
• Support ticket system
• Knowledge base integration
• Multi-language support
• Dark/light theme toggle

---

Support

For issues or questions:

1. Check the main GSP documentation
2. Review Apache configuration in APACHE_SETUP.md
3. Check PHP error logs
4. Verify database connectivity
5. Ensure proper file permissions

License

All new features follow the same license as the main Open Game Panel project.