cyberpanel-dashboard/public/userarea/ajax/check_cyberpanel_connection.php

<?php
ini_set('display_errors', 0);
error_reporting(E_ALL);

header('Content-Type: application/json; charset=utf-8');

require_once __DIR__ . '/../class/db-functions.php';

$db = DBHandlerSelect::getInstance()->getConnection();

function jsonResponse(bool $success, string $message, array $extra = []): void
{
    echo json_encode(array_merge([
        'success' => $success,
        'message' => $message
    ], $extra));
    exit;
}

function getCyberpanelEncryptionKey(): string
{
    return hash('sha256', 'CHANGE_THIS_SECRET_KEY_FOR_CYBERPANEL_DASHBOARD');
}

function decryptCyberpanelPassword(string $encryptedPassword): string
{
    if ($encryptedPassword === '') {
        return '';
    }

    $key = getCyberpanelEncryptionKey();
    $decoded = base64_decode($encryptedPassword);

    if (!$decoded || strpos($decoded, '::') === false) {
        return '';
    }

    [$ivBase64, $encrypted] = explode('::', $decoded, 2);
    $iv = base64_decode($ivBase64);

    if (!$iv) {
        return '';
    }

    $decrypted = openssl_decrypt(
        $encrypted,
        'AES-256-CBC',
        $key,
        0,
        $iv
    );

    return $decrypted ?: '';
}

try {
    $serverId = isset($_POST['server_id']) ? (int)$_POST['server_id'] : 0;

    if ($serverId <= 0) {
        jsonResponse(false, 'Missing server ID.');
    }

    $stmt = $db->prepare("
        SELECT
            id,
            name,
            panel_url,
            username,
            password_encrypted,
            api_enabled
        FROM cyberpanel_servers
        WHERE id = :id
        LIMIT 1
    ");

    $stmt->execute([
        ':id' => $serverId
    ]);

    $server = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$server) {
        jsonResponse(false, 'Server not found.');
    }

    if ((int)$server['api_enabled'] !== 1) {
        jsonResponse(false, 'API is disabled for this server.');
    }

    $panelUrl = rtrim($server['panel_url'], '/');
    $username = $server['username'];
    $password = decryptCyberpanelPassword($server['password_encrypted']);

    if ($password === '') {
        jsonResponse(false, 'Saved password is empty or cannot be decrypted.');
    }

    $possibleApiUrls = [
        $panelUrl . '/api/verifyConn',
        $panelUrl . '/cloudAPI/'
    ];

    $apiUrl = $possibleApiUrls[0];

    $payload = [
        'adminUser' => $username,
        'adminPass' => $password
    ];

    $ch = curl_init();

    curl_setopt_array($ch, [
        CURLOPT_URL => $apiUrl,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => json_encode($payload),
        CURLOPT_HTTPHEADER => [
            'Content-Type: application/json',
            'Accept: application/json'
        ],
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_TIMEOUT => 25,
        CURLOPT_CONNECTTIMEOUT => 15,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_SSL_VERIFYPEER => false
    ]);

    $response = curl_exec($ch);
    $curlError = curl_error($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    curl_close($ch);

    if ($response === false || $curlError !== '') {
        $update = $db->prepare("
            UPDATE cyberpanel_servers
            SET
                last_status = 'offline',
                last_check = NOW()
            WHERE id = :id
        ");

        $update->execute([
            ':id' => $serverId
        ]);

        jsonResponse(false, 'cURL error: ' . $curlError, [
            'http_code' => $httpCode,
            'url' => $apiUrl
        ]);
    }

    $decoded = json_decode($response, true);

    if (!is_array($decoded)) {
        $update = $db->prepare("
        UPDATE cyberpanel_servers
        SET
            last_status = 'offline',
            last_check = NOW()
        WHERE id = :id
    ");

        $update->execute([
            ':id' => $serverId
        ]);

        $cleanResponse = strip_tags($response);
        $cleanResponse = preg_replace('/\s+/', ' ', $cleanResponse);
        $cleanResponse = trim($cleanResponse);

        jsonResponse(false, 'CyberPanel did not return JSON. HTTP ' . $httpCode . ' - ' . substr($cleanResponse, 0, 500), [
            'http_code' => $httpCode,
            'url' => $apiUrl,
            'raw_response_preview' => substr($response, 0, 1000)
        ]);
    }

    $isSuccess = false;

    if (isset($decoded['verifyConn']) && (int)$decoded['verifyConn'] === 1) {
        $isSuccess = true;
    }

    if (isset($decoded['status']) && (int)$decoded['status'] === 1) {
        $isSuccess = true;
    }

    if (isset($decoded['success']) && (int)$decoded['success'] === 1) {
        $isSuccess = true;
    }

    if ($isSuccess) {
        $update = $db->prepare("
            UPDATE cyberpanel_servers
            SET
                last_status = 'online',
                last_check = NOW()
            WHERE id = :id
        ");

        $update->execute([
            ':id' => $serverId
        ]);

        jsonResponse(true, 'CyberPanel API connection successful.', [
            'http_code' => $httpCode,
            'url' => $apiUrl,
            'response' => $decoded
        ]);
    }

    $update = $db->prepare("
        UPDATE cyberpanel_servers
        SET
            last_status = 'offline',
            last_check = NOW()
        WHERE id = :id
    ");

    $update->execute([
        ':id' => $serverId
    ]);

    jsonResponse(false, 'CyberPanel API connection failed.', [
        'http_code' => $httpCode,
        'url' => $apiUrl,
        'response' => $decoded
    ]);
} catch (Throwable $e) {
    jsonResponse(false, 'API check error: ' . $e->getMessage());
}