SachaelHD
diff --git a/‎CHANGELOG.md‎
Lines changed: 11 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 180 additions & 2 deletions b/‎README.md‎
Lines changed: 180 additions & 2 deletions
diff --git a/‎README.txt‎
Lines changed: 29 additions & 0 deletions b/‎README.txt‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎assets/styles.css‎
Lines changed: 56 additions & 0 deletions b/‎assets/styles.css‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎config/auth.php‎
Lines changed: 69 additions & 0 deletions b/‎config/auth.php‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎config/bans.json.example‎
Lines changed: 4 additions & 0 deletions b/‎config/bans.json.example‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎config/servers.json.example‎
Lines changed: 12 additions & 0 deletions b/‎config/servers.json.example‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎config/users.json.example‎
Lines changed: 9 additions & 0 deletions b/‎config/users.json.example‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎includes/footer.php‎
Lines changed: 7 additions & 0 deletions b/‎includes/footer.php‎
Lines changed: 7 additions & 0 deletions
@@ -0,0 +1,11 @@
+# Changelog
+
+## v1.0.0 – First Public GitHub Release
+
+- Cleaned up bans page UI and website‑managed ban storage (`config/bans.json`).
+- Ensured tempban / ban buttons use `tempBanClient` and `banClient` for CoD4x.
+- Added per‑server logs under `rcon_logs/servers/<serverId>/...` when using saved servers.
+- Centralized user auth in `config/auth.php` with JSON‑backed users and roles.
+- Added `.gitignore` to keep local config and runtime logs out of version control.
+- Added example config files in `config/*.json.example` for safer deployment.
+- Added MIT license.
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 SachaelHD
+Copyright (c) 2025 Dylan Baxter
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 
@@ -1,2 +1,180 @@
-# cod4x-web-rcon-tool
-A modern, lightweight PHP web tool for managing Call of Duty 4x servers (CoD4X). Includes RCON command control, player management, bans, logs, multi-server support, first-time installer, secure auth, and clean UI.
+# CoD4X Web RCON Tool
+
+A lightweight, single-folder PHP RCON web tool for Call of Duty 4x servers.
+
+- Send RCON commands from a browser
+- Saved servers (name/IP/port/RCON) with per‑server logs
+- Kick / tempban / permaban players via `clientKick`, `tempBanClient`, and `banClient`
+- Simple website‑managed ban list backed by `config/bans.json` and mirrored to `rcon_logs/banlist.log`
+- Auth system with JSON‑backed users, login throttling, and admin / mod roles
+
+> **Status:** First public GitHub release (v1.0.0). Tool is designed to be dropped into `/var/www/html/rcon` on a typical Apache + PHP stack.
+
+---
+
+## Features
+
+### RCON Control
+- Select a saved server or manually type IP / port / RCON
+- Execute any RCON command
+- View raw RCON response in the browser
+
+### Player Management
+- Kick a player by slot
+- Tempban via `tempBanClient <slot> <seconds>`
+- Permanent ban via `banClient <slot>`
+
+All actions are logged to `rcon_logs/` (and per‑server subfolders when a saved server is used).
+
+### Logs Tab
+- View tail of auth, commands, kicks, tempbans, bans, etc.
+- Switch **scope** between:
+  - **Global logs** (`rcon_logs/*.log`)
+  - **Per‑server logs** (`rcon_logs/servers/<serverId>/*.log`) when a saved server is selected
+
+### Website Ban List
+- Bans page lets you:
+  - View current website‑managed bans from `config/bans.json`
+  - Unban by **GUID** or **Ban ID**
+- Bans are also mirrored to `rcon_logs/banlist.log` for auditing.
+
+### Users & Roles
+- Users stored in `config/users.json`
+- Supports:
+  - **Admins**: full control; can see and edit RCON passwords and server list
+  - **Moderators**: can use the panel without seeing raw RCON passwords
+- Login protection:
+  - Throttling after too many failures
+  - Logs login success/failure to `rcon_logs/auth.log`
+
+---
+
+## Requirements
+
+- PHP 7.4+ (no external libraries required)
+- Apache or Nginx with PHP‑FPM
+- CoD4x server(s) reachable from the webserver
+- HTTPS strongly recommended (panel is security‑sensitive)
+
+---
+
+## Installation
+
+1. **Copy files**
+
+   ```bash
+   sudo mkdir -p /var/www/html/rcon
+   sudo cp -r . /var/www/html/rcon
+   sudo chown -R www-data:www-data /var/www/html/rcon
+   sudo chmod -R 750 /var/www/html/rcon
+   ```
+
+2. **Config & logs directories**
+
+   ```bash
+   sudo -u www-data mkdir -p /var/www/html/rcon/config /var/www/html/rcon/rcon_logs
+   ```
+
+3. **Create real config from examples**
+
+   ```bash
+   cd /var/www/html/rcon/config
+   sudo -u www-data cp users.json.example users.json
+   sudo -u www-data cp servers.json.example servers.json
+   sudo -u www-data cp bans.json.example bans.json
+
+   sudo chmod 640 /var/www/html/rcon/config/*.json
+   ```
+
+   - Default login (first‑run) is:
+
+     - **Username:** `admin`
+     - **Password:** `changeme`
+
+     Change this immediately after logging in.
+
+4. **Apache (example)**
+
+   Make sure your VirtualHost points to `/var/www/html/rcon` and PHP is enabled. Example:
+
+   ```apacheconf
+   <VirtualHost *:80>
+     ServerName yourpanel.example.com
+     DocumentRoot /var/www/html/rcon
+
+     <Directory /var/www/html/rcon>
+       AllowOverride All
+       Require all granted
+     </Directory>
+   </VirtualHost>
+   ```
+
+   Then:
+
+   ```bash
+   sudo a2enmod rewrite
+   sudo systemctl reload apache2
+   ```
+
+---
+
+## Usage
+
+1. Browse to the panel’s URL (e.g. `http://yourpanel.example.com`).
+2. Log in with the admin account.
+3. Go to **Users** and update the admin password (and/or create more users).
+4. Go to **Servers** and:
+   - Add each CoD4x server by name, host/IP, port, and RCON password.
+5. Use the **Control** tab to:
+   - Select a saved server
+   - Send RCON commands
+   - Kick / tempban / ban players from the live player list
+6. Use the **Logs** tab to monitor auth, commands, kicks, and bans.
+7. Use the **Bans** tab to manage website‑stored bans.
+
+---
+
+## Security Notes
+
+- **Always use HTTPS** in production.
+- Restrict access:
+  - IP‑whitelist the panel if possible (e.g. only your home/office).
+  - Or put it behind a VPN.
+- Change the default admin password on first login.
+- Keep `config/` and `rcon_logs/` owned by the web user (e.g. `www-data`) and not world‑readable.
+- Never expose this panel directly to the public internet without additional protections.
+
+---
+
+## Development
+
+This project is intentionally simple:
+
+- No database – all state is JSON (`config/*.json`) and text logs (`rcon_logs/*.log`).
+- No frameworks – plain PHP and a single CSS file in `assets/`.
+
+If you want to hack on it:
+
+- Start a PHP built‑in server:
+
+  ```bash
+  php -S 127.0.0.1:8080 -t .
+  ```
+
+- Point your browser at `http://127.0.0.1:8080/login.php`.
+
+---
+
+## Roadmap / Ideas
+
+- Optional 2FA for admin accounts
+- Per‑user permissions (e.g. ban‑only mods)
+- JSON export/import for bans
+- Dark theme toggle
+- Dockerfile for one‑command deployment
+
+---
+
+## License
+
+Released under the **MIT License**. See [`LICENSE`](LICENSE) for details.
@@ -0,0 +1,29 @@
+Hotfix: Login reads users.json; settings save hardened
+=======================================================
+
+**What’s fixed**
+- `login.php` now authenticates against **config/users.json** via `auth_load_users()`
+  (fallbacks to inline `$USERS` only if JSON doesn’t exist).
+- `settings.php` unchanged functionally, but messages improved and save path verified.
+
+**Deploy**
+```bash
+sudo cp /var/www/html/rcon/login.php /var/www/html/rcon/login.php.bak-$(date +%s) || true
+sudo cp /var/www/html/rcon/settings.php /var/www/html/rcon/settings.php.bak-$(date +%s) || true
+
+sudo cp hotfix/login.php /var/www/html/rcon/login.php
+sudo cp hotfix/settings.php /var/www/html/rcon/settings.php
+sudo chown www-data:www-data /var/www/html/rcon/login.php /var/www/html/rcon/settings.php
+sudo chmod 640 /var/www/html/rcon/login.php /var/www/html/rcon/settings.php
+```
+
+**Permissions check (only if needed)**
+```bash
+sudo chown -R www-data:www-data /var/www/html/rcon/config
+sudo chmod -R 750 /var/www/html/rcon/config
+sudo touch /var/www/html/rcon/config/users.json
+sudo chown www-data:www-data /var/www/html/rcon/config/users.json
+sudo chmod 640 /var/www/html/rcon/config/users.json
+```
+
+Generated 2025-11-12.
@@ -0,0 +1,56 @@
+/* Dark clean theme */
+:root{--bg:#0b1220;--card:#0f172a;--ink:#e5e7eb;--muted:#94a3b8;--brand:#38bdf8;--outline:#334155;--danger:#ef4444;--border:#1f2937;--shadow:0 10px 30px rgba(0,0,0,.35)}
+*{box-sizing:border-box}
+body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Arial;margin:20px;background:var(--bg);color:var(--ink)}
+.container{max-width:1100px;margin:0 auto;background:var(--card);padding:18px;border-radius:14px;box-shadow:var(--shadow);border:1px solid var(--border)}
+h2{margin:0}
+h3{margin:4px 0 8px 0}
+label{display:block;margin-top:12px}
+input[type=text],input[type=password],input[type=number],textarea,select{width:100%;padding:10px;border:1px solid var(--outline);border-radius:10px;background:#0b1220;color:var(--ink)}
+button{margin-top:12px;padding:10px 14px;border:0;background:var(--brand);color:#0b1220;border-radius:10px;cursor:pointer;font-weight:700}
+pre{background:#0b1220;color:#e5e7eb;padding:12px;border-radius:10px;overflow:auto;border:1px solid var(--outline)}
+small{color:var(--muted)}
+.error{background:#3f1d1e;padding:10px;border-radius:10px;color:#fecaca;margin-top:12px;border:1px solid #7f1d1d}
+.flash{background:#0b2a1b;padding:10px;border-radius:10px;color:#b7f0d1;margin-top:12px;border:1px solid #14532d}
+.table-wrap{overflow:auto;margin-top:14px}
+table{width:100%;border-collapse:collapse;margin-top:8px}
+th,td{padding:10px 12px;border-bottom:1px solid var(--outline);text-align:left;white-space:nowrap}
+th{background:#0b1220;font-weight:700}
+.name{max-width:320px;overflow:hidden;text-overflow:ellipsis}
+.actions{display:flex;gap:6px;align-items:center;flex-wrap:wrap}
+.actions form{display:inline-flex;margin:0}
+.actions button{margin-top:0;padding:8px 10px}
+.actions .ban{background:#ef4444;color:#0b1220}
+.actions .kick{background:#f59e0b;color:#0b1220}
+.section-title{margin-top:22px}
+.row{display:grid;grid-template-columns:1fr 1fr;gap:16px}
+@media (max-width:800px){.row{grid-template-columns:1fr}}
+hr{border:0;border-top:1px solid var(--outline);margin:18px 0}
+.tempban-controls{display:inline-flex;gap:8px;align-items:center;flex-wrap:wrap}
+.tempban-controls select{width:auto}
+.tempban-controls input[type=text]{width:320px;max-width:100%}
+.small-note{font-size:.9em;color:var(--muted);margin-top:6px}
+.logwarn{background:#2b1f0f;border:1px solid #7c4a03;color:#fcd34d;padding:10px;border-radius:10px;margin-top:10px}
+.topbar{display:flex;justify-content:space-between;align-items:center;margin-bottom:10px}
+.linkbtn{background:#0b1220;color:var(--brand);border:1px solid var(--outline);border-radius:10px;padding:8px 12px;text-decoration:none;display:inline-block}
+.linkbtn:hover{filter:brightness(1.15)}
+.linkbtn.danger{border-color:#7f1d1d;background:#3f1d1e;color:#fecaca}
+.tabbar{display:flex;gap:8px;margin-top:8px}
+.tab{padding:8px 12px;border-radius:10px;background:#0b1220;text-decoration:none;color:var(--ink);border:1px solid var(--outline)}
+.tab.active{background:var(--brand);color:#0b1220;border-color:var(--brand)}
+.card{background:#0b1220;border:1px solid var(--outline);padding:12px;border-radius:12px;margin-top:10px}
+.controls-inline{display:flex;gap:10px;align-items:center;flex-wrap:wrap}
+.controls-row{display:flex;gap:10px;align-items:center;flex-wrap:wrap}
+mark{background:#fde047;color:#0b1220;padding:0 .1em;border-radius:2px}
+code{background:#0b1220;padding:2px 6px;border-radius:6px;border:1px solid var(--outline);color:#e5e7eb}
+.login-card{max-width:420px;margin:8vh auto;background:#0f172a;padding:22px;border-radius:14px;box-shadow:var(--shadow);border:1px solid var(--outline)}
+.login-title{margin:0 0 12px 0}
+.filter-inline{display:flex;gap:10px;align-items:center;flex-wrap:wrap;margin-top:8px}
+.footer{margin-top:18px;font-size:12px;color:var(--muted);text-align:center;opacity:.8}
+
+
+.topbar{display:flex;align-items:center;justify-content:space-between;gap:12px;margin-bottom:10px}
+.logo-wrap{display:flex;align-items:center;gap:10px}
+.logo-pill{display:inline-flex;align-items:center;justify-content:center;padding:4px 12px;border-radius:999px;background:linear-gradient(135deg,#22d3ee,#6366f1);font-size:11px;font-weight:600;letter-spacing:.08em;text-transform:uppercase;color:#e5e7eb;box-shadow:0 4px 12px rgba(15,23,42,.6)}
+button,.linkbtn,.kick,.ban{transition:background-color .12s ease,transform .12s ease,box-shadow .12s ease,filter .12s ease}
+button:hover,.linkbtn:hover,.kick:hover,.ban:hover{filter:brightness(1.08);transform:translateY(-1px);box-shadow:0 6px 16px rgba(0,0,0,.35)}
@@ -0,0 +1,69 @@
+<?php
+// config/auth.php — users + helpers
+
+ini_set('display_errors','0');
+error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
+function panel_log_error($msg){ if(is_string($msg)&&$msg!==''){ error_log('RCON Panel: '.$msg); } }
+
+$USERS = [
+  'admin' => 'PLAINTEXT:changeme',
+];
+
+$SITE_NAME = 'CoD4X Web RCON Tool';
+$LOGIN_MAX_ATTEMPTS = 8;
+$LOGIN_WINDOW_SECONDS = 900;
+
+function _auth_users_json_path(){ return __DIR__ . '/users.json'; }
+
+function auth_load_users(){
+  $json = _auth_users_json_path();
+  if (is_file($json)){
+    $raw = @file_get_contents($json);
+    if ($raw !== false){
+      $d = @json_decode($raw, true);
+      if (is_array($d) && isset($d['users']) && is_array($d['users'])) return $d['users'];
+    }
+  }
+  $res = [];
+  foreach ($GLOBALS['USERS'] as $u => $h){
+    $res[$u] = ['hash'=>$h, 'role'=>($u==='admin' ? 'admin' : 'mod')];
+  }
+  return $res;
+}
+
+function auth_has_persisted_users(){
+  $json = _auth_users_json_path();
+  if (!is_file($json)) return false;
+  $raw = @file_get_contents($json);
+  if ($raw === false) return false;
+  $d = @json_decode($raw, true);
+  if (!is_array($d) || !isset($d['users']) || !is_array($d['users'])) return false;
+  return count($d['users']) > 0;
+}
+
+function auth_save_users($users_assoc, &$error=null){
+  $json = _auth_users_json_path();
+  $dir = dirname($json);
+  if (!is_dir($dir)) {
+    if (!@mkdir($dir, 0750, true)) { $error = 'Cannot create config dir: '.$dir; return false; }
+  }
+  if (!is_writable($dir)) {
+    @chmod($dir, 0750);
+    if (!is_writable($dir)) { $error = 'Config dir not writable: '.$dir; return false; }
+  }
+  $payload = ['users'=>$users_assoc, 'updated'=>date('c')];
+  $tmp = $json . '.tmp';
+  $enc = json_encode($payload, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES);
+  if ($enc === false){ $error = 'Failed to encode JSON.'; return false; }
+  if (@file_put_contents($tmp, $enc, LOCK_EX) === false){ $error='Failed to write temp file'; return false; }
+  if (!@rename($tmp, $json)){
+    if (!@copy($tmp, $json) || !@unlink($tmp)){ $error='Failed to move users.json into place'; return false; }
+  }
+  @chmod($json, 0640);
+  return true;
+}
+
+function auth_is_admin($username){
+  $users = auth_load_users();
+  return isset($users[$username]) && (($users[$username]['role'] ?? 'mod') === 'admin');
+}
@@ -0,0 +1,4 @@
+{
+  "bans": [],
+  "updated": "2025-11-13T09:17:14.649232Z"
+}
@@ -0,0 +1,12 @@
+{
+  "servers": [
+    {
+      "id": "example-server-id",
+      "name": "My CoD4x Server",
+      "host": "127.0.0.1",
+      "port": 28960,
+      "rcon": "changeme"
+    }
+  ],
+  "updated": "2025-11-13T09:17:14.648642Z"
+}
@@ -0,0 +1,9 @@
+{
+  "users": {
+    "admin": {
+      "hash": "PLAINTEXT:changeme",
+      "role": "admin"
+    }
+  },
+  "updated": "2025-11-13T09:17:14.647882Z"
+}
@@ -0,0 +1,7 @@
+<?php
+// includes/footer.php — shared footer snippet
+if (!function_exists('panel_footer')) {
+  function panel_footer(){
+        echo "<div class='footer'>Created by Sachael &copy; 2025 &middot; CoD4X Web RCON Tool v1.0.0</div>";
+  }
+}
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "bans": [],
 +  "updated": "2025-11-13T09:17:14.649232Z"
 +}