cyberpanel-dashboard/public/userarea/ajax/save_cyberpanel_server.php

<?php
ini_set('display_errors', 0);
error_reporting(E_ALL);

header('Content-Type: application/json; charset=utf-8');

require_once __DIR__ . '/../class/db-functions.php';

$db = DBHandlerSelect::getInstance()->getConnection();

function jsonResponse(bool $success, string $message, array $extra = []): void
{
    echo json_encode(array_merge([
        'success' => $success,
        'message' => $message
    ], $extra));
    exit;
}

function getCyberpanelEncryptionKey(): string
{
    return hash('sha256', 'CHANGE_THIS_SECRET_KEY_FOR_CYBERPANEL_DASHBOARD');
}

function encryptCyberpanelPassword(string $plainPassword): string
{
    if ($plainPassword === '') {
        return '';
    }

    $key = getCyberpanelEncryptionKey();
    $iv = openssl_random_pseudo_bytes(16);

    $encrypted = openssl_encrypt(
        $plainPassword,
        'AES-256-CBC',
        $key,
        0,
        $iv
    );

    return base64_encode(base64_encode($iv) . '::' . $encrypted);
}

try {
    $serverId = isset($_POST['server_id']) ? (int)$_POST['server_id'] : 0;

    $name = trim($_POST['server_name'] ?? '');
    $provider = trim($_POST['provider'] ?? '');
    $panelUrl = trim($_POST['panel_url'] ?? '');
    $ipAddress = trim($_POST['ip_address'] ?? '');
    $username = trim($_POST['api_username'] ?? '');
    $password = trim($_POST['api_password'] ?? '');
    $apiEnabled = isset($_POST['api_enabled']) ? (int)$_POST['api_enabled'] : 1;
    $environment = trim($_POST['environment'] ?? 'production');
    $notes = trim($_POST['notes'] ?? '');

    if ($name === '') {
        jsonResponse(false, 'Server name is required.');
    }

    if ($panelUrl === '') {
        jsonResponse(false, 'CyberPanel URL is required.');
    }

    if (!preg_match('/^https?:\/\//i', $panelUrl)) {
        jsonResponse(false, 'CyberPanel URL must start with http:// or https://');
    }

    if ($username === '') {
        jsonResponse(false, 'API username is required.');
    }

    if ($serverId <= 0 && $password === '') {
        jsonResponse(false, 'Password is required for a new server.');
    }

    $apiEnabled = $apiEnabled === 1 ? 1 : 0;

    if ($environment === '') {
        $environment = 'production';
    }

    if ($serverId <= 0) {
        $encryptedPassword = encryptCyberpanelPassword($password);

        $stmt = $db->prepare("
            INSERT INTO cyberpanel_servers
                (
                    name,
                    provider,
                    ip_address,
                    panel_url,
                    username,
                    password_encrypted,
                    api_enabled,
                    environment,
                    notes
                )
            VALUES
                (
                    :name,
                    :provider,
                    :ip_address,
                    :panel_url,
                    :username,
                    :password_encrypted,
                    :api_enabled,
                    :environment,
                    :notes
                )
        ");

        $stmt->execute([
            ':name' => $name,
            ':provider' => $provider,
            ':ip_address' => $ipAddress,
            ':panel_url' => $panelUrl,
            ':username' => $username,
            ':password_encrypted' => $encryptedPassword,
            ':api_enabled' => $apiEnabled,
            ':environment' => $environment,
            ':notes' => $notes
        ]);

        jsonResponse(true, 'Server created successfully.', [
            'id' => (int)$db->lastInsertId()
        ]);
    }

    if ($password !== '') {
        $encryptedPassword = encryptCyberpanelPassword($password);

        $stmt = $db->prepare("
            UPDATE cyberpanel_servers
            SET
                name = :name,
                provider = :provider,
                ip_address = :ip_address,
                panel_url = :panel_url,
                username = :username,
                password_encrypted = :password_encrypted,
                api_enabled = :api_enabled,
                environment = :environment,
                notes = :notes
            WHERE id = :id
        ");

        $stmt->execute([
            ':name' => $name,
            ':provider' => $provider,
            ':ip_address' => $ipAddress,
            ':panel_url' => $panelUrl,
            ':username' => $username,
            ':password_encrypted' => $encryptedPassword,
            ':api_enabled' => $apiEnabled,
            ':environment' => $environment,
            ':notes' => $notes,
            ':id' => $serverId
        ]);

        jsonResponse(true, 'Server updated successfully.', [
            'id' => $serverId
        ]);
    }

    $stmt = $db->prepare("
        UPDATE cyberpanel_servers
        SET
            name = :name,
            provider = :provider,
            ip_address = :ip_address,
            panel_url = :panel_url,
            username = :username,
            api_enabled = :api_enabled,
            environment = :environment,
            notes = :notes
        WHERE id = :id
    ");

    $stmt->execute([
        ':name' => $name,
        ':provider' => $provider,
        ':ip_address' => $ipAddress,
        ':panel_url' => $panelUrl,
        ':username' => $username,
        ':api_enabled' => $apiEnabled,
        ':environment' => $environment,
        ':notes' => $notes,
        ':id' => $serverId
    ]);

    jsonResponse(true, 'Server updated successfully.', [
        'id' => $serverId
    ]);
} catch (Throwable $e) {
    jsonResponse(false, 'Server save error: ' . $e->getMessage());
}