cyberpanel-dashboard/public/userarea/ajax/test_cyberpanel_websites.php

<?php
ini_set('display_errors', 0);
error_reporting(E_ALL);

header('Content-Type: application/json; charset=utf-8');

require_once __DIR__ . '/../class/db-functions.php';

$db = DBHandlerSelect::getInstance()->getConnection();

function jsonResponse(bool $success, string $message, array $extra = []): void
{
    echo json_encode(array_merge([
        'success' => $success,
        'message' => $message
    ], $extra));
    exit;
}

function getCyberpanelEncryptionKey(): string
{
    return hash('sha256', 'CHANGE_THIS_SECRET_KEY_FOR_CYBERPANEL_DASHBOARD');
}

function decryptCyberpanelPassword(string $encryptedPassword): string
{
    if ($encryptedPassword === '') {
        return '';
    }

    $key = getCyberpanelEncryptionKey();
    $decoded = base64_decode($encryptedPassword);

    if (!$decoded || strpos($decoded, '::') === false) {
        return '';
    }

    [$ivBase64, $encrypted] = explode('::', $decoded, 2);
    $iv = base64_decode($ivBase64);

    if (!$iv) {
        return '';
    }

    $decrypted = openssl_decrypt(
        $encrypted,
        'AES-256-CBC',
        $key,
        0,
        $iv
    );

    return $decrypted ?: '';
}

function callCyberPanel(string $panelUrl, string $endpoint, string $username, string $password, array $payload = []): array
{
    $url = rtrim($panelUrl, '/') . '/' . ltrim($endpoint, '/');

    $payload = array_merge([
        'adminUser' => $username,
        'adminPass' => $password
    ], $payload);

    $ch = curl_init();

    curl_setopt_array($ch, [
        CURLOPT_URL => $url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => json_encode($payload),
        CURLOPT_HTTPHEADER => [
            'Content-Type: application/json',
            'Accept: application/json'
        ],
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_TIMEOUT => 25,
        CURLOPT_CONNECTTIMEOUT => 15,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_SSL_VERIFYPEER => false
    ]);

    $response = curl_exec($ch);
    $curlError = curl_error($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    curl_close($ch);

    $json = json_decode($response, true);

    return [
        'endpoint' => $endpoint,
        'url' => $url,
        'http_code' => $httpCode,
        'curl_error' => $curlError,
        'is_json' => is_array($json),
        'json' => $json,
        'raw_preview' => substr(strip_tags((string)$response), 0, 700)
    ];
}

try {
    $serverId = isset($_POST['server_id']) ? (int)$_POST['server_id'] : 0;

    if ($serverId <= 0) {
        jsonResponse(false, 'Missing server ID.');
    }

    $stmt = $db->prepare("
        SELECT
            id,
            panel_url,
            username,
            password_encrypted
        FROM cyberpanel_servers
        WHERE id = :id
        LIMIT 1
    ");

    $stmt->execute([
        ':id' => $serverId
    ]);

    $server = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$server) {
        jsonResponse(false, 'Server not found.');
    }

    $password = decryptCyberpanelPassword($server['password_encrypted']);

    if ($password === '') {
        jsonResponse(false, 'Password cannot be decrypted.');
    }

    $tests = [];

    $tests[] = callCyberPanel(
        $server['panel_url'],
        'websites/fetchWebsitesList',
        $server['username'],
        $password
    );

    $tests[] = callCyberPanel(
        $server['panel_url'],
        'websites/listWebsites',
        $server['username'],
        $password
    );

    $tests[] = callCyberPanel(
        $server['panel_url'],
        'api/listWebsites',
        $server['username'],
        $password
    );

    jsonResponse(true, 'Website API test completed.', [
        'tests' => $tests
    ]);
} catch (Throwable $e) {
    jsonResponse(false, 'Website API test error: ' . $e->getMessage());
}