admin_url( 'admin-ajax.php' ), 'nonce' => wp_create_nonce( 'wooaapanel_account' ), 'pdns_nonce' => class_exists( 'WooDomains_PowerDNS_API' ) ? wp_create_nonce( 'woodomains_nonce' ) : '', 'pdns_active' => class_exists( 'WooDomains_PowerDNS_API' ) ? 1 : 0, 'ajax_url_woodomains' => admin_url( 'admin-ajax.php' ), ] ); } // ── My Account page render ──────────────────────────────────────────────── public function render_page(): void { if ( ! is_user_logged_in() ) { echo '

' . esc_html__( 'Please log in to manage your hosting.', 'wooaapanel' ) . '

'; return; } $customer_id = get_current_user_id(); $site_assigns = $this->get_site_assignments( $customer_id ); $db_assigns = $this->get_db_assignments( $customer_id ); $pdns_active = class_exists( 'WooDomains_PowerDNS_API' ); if ( empty( $site_assigns ) && empty( $db_assigns ) ) { echo '
' . esc_html__( 'You have no hosting resources assigned yet. Please contact support.', 'wooaapanel' ) . '
'; return; } ?>

site_name ); ?> domain ); ?> server_name ); ?>
domain ) : ?>
domain ) : ?>

db_name ); ?> server_name ); ?>
get_results( $wpdb->prepare( " SELECT a.id, a.server_id, a.site_name, a.domain, s.name AS server_name, s.url AS server_url FROM {$wpdb->prefix}wooaapanel_site_assignments a JOIN {$wpdb->prefix}wooaapanel_servers s ON s.id = a.server_id WHERE a.customer_id = %d AND s.active = 1 ORDER BY a.site_name ", $customer_id ) ); } private function get_db_assignments( int $customer_id ): array { global $wpdb; return $wpdb->get_results( $wpdb->prepare( " SELECT a.id, a.server_id, a.db_name, s.name AS server_name FROM {$wpdb->prefix}wooaapanel_db_assignments a JOIN {$wpdb->prefix}wooaapanel_servers s ON s.id = a.server_id WHERE a.customer_id = %d AND s.active = 1 ORDER BY a.db_name ", $customer_id ) ); } private function get_server( int $id ): ?object { global $wpdb; return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wooaapanel_servers WHERE id = %d AND active = 1", $id ) ); } /** Verify nonce + login. */ private function account_verify(): void { check_ajax_referer( 'wooaapanel_account', 'nonce' ); if ( ! is_user_logged_in() ) { wp_send_json_error( 'Not logged in.', 401 ); } } /** Confirm the current user owns this site assignment. */ private function verify_site_ownership( int $server_id, string $site_name ): bool { global $wpdb; return (bool) $wpdb->get_var( $wpdb->prepare( " SELECT id FROM {$wpdb->prefix}wooaapanel_site_assignments WHERE customer_id = %d AND server_id = %d AND site_name = %s ", get_current_user_id(), $server_id, $site_name ) ); } /** Confirm the current user owns this DB assignment. */ private function verify_db_ownership( int $server_id, string $db_name ): bool { global $wpdb; return (bool) $wpdb->get_var( $wpdb->prepare( " SELECT id FROM {$wpdb->prefix}wooaapanel_db_assignments WHERE customer_id = %d AND server_id = %d AND db_name = %s ", get_current_user_id(), $server_id, $db_name ) ); } private function api_for_site( int $server_id, string $site_name ): WooAApanel_API { if ( ! $this->verify_site_ownership( $server_id, $site_name ) ) { wp_send_json_error( 'Access denied.', 403 ); } $server = $this->get_server( $server_id ); if ( ! $server ) { wp_send_json_error( 'Server unavailable.' ); } return WooAApanel_API::from_server( $server ); } private function api_for_db( int $server_id, string $db_name ): WooAApanel_API { if ( ! $this->verify_db_ownership( $server_id, $db_name ) ) { wp_send_json_error( 'Access denied.', 403 ); } $server = $this->get_server( $server_id ); if ( ! $server ) { wp_send_json_error( 'Server unavailable.' ); } return WooAApanel_API::from_server( $server ); } // ═════════════════════════════════════════════════════════════════════════ // AJAX: Account – Sites // ═════════════════════════════════════════════════════════════════════════ public function ajax_wooaapanel_acct_sites(): void { $this->account_verify(); $sites = $this->get_site_assignments( get_current_user_id() ); $dbs = $this->get_db_assignments( get_current_user_id() ); wp_send_json_success( [ 'sites' => $sites, 'databases' => $dbs ] ); } public function ajax_wooaapanel_acct_site_domains(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_site_domains( $site_name ) ); } public function ajax_wooaapanel_acct_site_add_domain(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $domain = sanitize_text_field( $_POST['domain'] ?? '' ); if ( ! $domain ) { wp_send_json_error( 'Domain is required.' ); } $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->add_domain( $site_name, $domain ) ); } public function ajax_wooaapanel_acct_site_del_domain(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $domain = sanitize_text_field( $_POST['domain'] ?? '' ); $site_id = absint( $_POST['site_id'] ?? 0 ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->delete_domain( $site_name, $domain, $site_id ) ); } public function ajax_wooaapanel_acct_site_xss_get(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $site_path = sanitize_text_field( $_POST['site_path'] ?? "/www/wwwroot/{$site_name}" ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_xss( $site_name, $site_path ) ); } public function ajax_wooaapanel_acct_site_xss_set(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $site_path = sanitize_text_field( $_POST['site_path'] ?? "/www/wwwroot/{$site_name}" ); $enable = ! empty( $_POST['enable'] ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->set_xss( $site_name, $site_path, $enable ) ); } public function ajax_wooaapanel_acct_site_php_get(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_site_php_version( $site_name ) ); } public function ajax_wooaapanel_acct_site_php_versions(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_php_versions() ); } public function ajax_wooaapanel_acct_site_php_set(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $version = sanitize_text_field( $_POST['version'] ?? '' ); if ( ! $version ) { wp_send_json_error( 'PHP version is required.' ); } $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->set_site_php_version( $site_name, $version ) ); } public function ajax_wooaapanel_acct_site_rewrite_get(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $template = sanitize_text_field( $_POST['template'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_rewrite_content( $site_name, $template ) ); } public function ajax_wooaapanel_acct_site_rewrite_set(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $content = wp_unslash( $_POST['content'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->set_rewrite( $site_name, $content ) ); } public function ajax_wooaapanel_acct_site_ssl_get(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); $api = $this->api_for_site( $server_id, $site_name ); wp_send_json( $api->get_ssl( $site_name ) ); } public function ajax_wooaapanel_acct_server_info(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $site_name = sanitize_text_field( $_POST['site_name'] ?? '' ); // Fetch the server row to expose only safe fields (name, IP visible via panel URL host). if ( ! $this->verify_site_ownership( $server_id, $site_name ) ) { wp_send_json_error( 'Access denied.', 403 ); } $server = $this->get_server( $server_id ); if ( ! $server ) { wp_send_json_error( 'Server unavailable.' ); } // Parse IP from URL. $host = parse_url( $server->url, PHP_URL_HOST ); // External IP via aaPanel status endpoint. $api = WooAApanel_API::from_server( $server ); $res = $api->get_server_info(); wp_send_json_success( [ 'server_name' => $server->name, 'server_host' => $host, 'panel_url' => $server->url, 'panel_status' => $res['data'] ?? [], ] ); } // ═════════════════════════════════════════════════════════════════════════ // AJAX: Account – Databases // ═════════════════════════════════════════════════════════════════════════ public function ajax_wooaapanel_acct_dbs(): void { $this->account_verify(); $dbs = $this->get_db_assignments( get_current_user_id() ); wp_send_json_success( $dbs ); } public function ajax_wooaapanel_acct_db_backup(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->backup_database( $db_name ) ); } public function ajax_wooaapanel_acct_db_backups(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->get_db_backups( $db_name ) ); } public function ajax_wooaapanel_acct_db_backup_delete(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $backup_id = absint( $_POST['backup_id'] ?? 0 ); $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->delete_db_backup( $backup_id, $db_name ) ); } public function ajax_wooaapanel_acct_db_optimize(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->optimize_table( $db_name ) ); } public function ajax_wooaapanel_acct_db_repair(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->repair_table( $db_name ) ); } public function ajax_wooaapanel_acct_db_password(): void { $this->account_verify(); $server_id = absint( $_POST['server_id'] ?? 0 ); $db_name = sanitize_text_field( $_POST['db_name'] ?? '' ); $db_user = sanitize_text_field( $_POST['db_user'] ?? '' ); $password = $_POST['password'] ?? ''; if ( ! $db_user || ! $password ) { wp_send_json_error( 'Database user and new password are required.' ); } $api = $this->api_for_db( $server_id, $db_name ); wp_send_json( $api->reset_db_password( $db_name, $db_user, $password ) ); } }