GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/modules/billing/includes/admin_auth.php
copilot-swe-agent[bot] 1247e5e7ca
fix: harden billing module for standalone portability 
- config_loader.php: prefer local billing config FIRST (root cause fix)
  - was: panel config loaded first, overriding local config with wrong db name
  - now: local modules/billing/includes/config.inc.php always wins when present
- config.inc.php: add $db_port="3306"
- config.example.php: new example config with all variables documented
- menu.php: add $db_port to mysqli_connect
- admin_auth.php: add $db_port; remove hardcoded /_website path detection
- bootstrap.php billing_get_db(): add $db_port
- login.php: fix /_website path detection
- adminserverlist.php: add $db_port; fix hardcoded /modules/billing/ URL
- All other mysqli_connect calls: add isset($db_port) port parameter
  (my_servers, forgot_password, serverlist, server_status, order, register,
   reset_password, payment_success, my_account, admin_invoices, admin_payments,
   diag_remote, admin_coupons, test_db_connection, tools/check_db_user,
   renew_server)
- timestamp.txt: updated

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/a3e1e4bb-8eb1-4e6e-b1f8-7f3952301231

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
2026-05-02 13:15:50 +00:00

50 lines
1.8 KiB
PHP
Raw Blame History

<?php
// Admin authorization include — include early (before output) on admin pages
require_once(__DIR__ . '/session_bridge.php');
// If not logged in, redirect to login
if (empty($_SESSION['website_user_id'])) {
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
$returnTo = $_SERVER['SCRIPT_NAME'] ?? '/';
header('Location: ' . $loginUrl . '?return_to=' . urlencode($returnTo));
exit();
}
// Require DB config and check role live from panel DB
require_once(__DIR__ . '/config_loader.php');
// Variables from config.inc.php (helps IDEs understand scope)
/** @var string $db_host Database host */
/** @var string $db_user Database user */
/** @var string $db_pass Database password */
/** @var string $db_name Database name */
/** @var string $table_prefix Table prefix for database tables */
$auth_db_port = isset($db_port) ? (int)$db_port : null;
// Use a local connection variable so we don't clash with pages that also use $db
$auth_db = @mysqli_connect($db_host, $db_user, $db_pass, $db_name, $auth_db_port);
if (!$auth_db) {
// If DB unavailable, deny access gracefully
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
header('Location: ' . $loginUrl);
exit();
}
$uid = intval($_SESSION['website_user_id']);
$role = '';
$res = mysqli_query($auth_db, "SELECT users_role FROM {$table_prefix}users WHERE user_id = $uid LIMIT 1");
if ($res && mysqli_num_rows($res) === 1) {
$row = mysqli_fetch_assoc($res);
$role = (string)($row['users_role'] ?? '');
}
mysqli_close($auth_db);
if (strtolower($role) !== 'admin') {
// Not an admin — redirect to login or home
$loginUrl = rtrim(dirname($_SERVER['SCRIPT_NAME'] ?? '/'), '/\\') . '/login.php';
header('Location: ' . $loginUrl);
exit();
}
// If we reach here, user is an admin
?>
Reference in a new issue View git blame Copy permalink