User Management - GamePanelX

Overview

GamePanelX implements a comprehensive user management system with separate accounts for administrators, resellers, and end-user clients. Each user type has different access levels and capabilities within the system.

Client Accounts

End-users who own and manage their game servers

Admin Accounts

Full system access for managing all servers and users

SSO Authentication

Secure single sign-on for isolated server access

Reseller Support

Optional reseller accounts for hosting providers

User Types

GamePanelX supports three types of user accounts:

Client Users

Standard user accounts that can:

Create and manage their own game servers
Access file manager for their servers
View server console output
Configure server settings
Manage server startup parameters

Admin Users

Administrators with full system access:

Create and manage all user accounts
Add and configure game types
Manage network servers
Create templates
Modify system configuration
Access all game servers

Reseller Accounts

Optional tier for hosting providers:

Create and manage client accounts
Limited administrative capabilities
View only their clients’ servers
Custom branding options (via plugins)

Client User Management

Creating Users

The Users::create() method handles client account creation:

Create User Account

// Create a new client user
$Users = new Users();
$result = $Users->create(
    $username,      // Username (alphanumeric, -, _)
    $password,      // Password (min 5 characters)
    $email,         // Email address
    $first_name,    // First name
    $last_name      // Last name
);

// Returns user ID on success, error message on failure

Usernames must be at least 3 characters and can only contain letters, numbers, hyphens, and underscores. Dots are not allowed as they interfere with server directory naming.

Account Creation Process:

Validation

Validates username format (alphanumeric, -, _)
Enforces minimum password length (5 characters)
Checks password strength (rejects common passwords)
Verifies username doesn’t already exist

SSO Setup

Encrypts username and password using AES encryption
Stores SSO credentials in database
Creates MD5 hash for backward compatibility

Database Entry

Inserts user record into users table
Sets creation timestamp
Returns new user ID

Username Requirements:

user123     ✓
john-doe    ✓
gamer_pro   ✓
team-alpha  ✓

Password Requirements:

Minimum 5 characters
Cannot be common passwords like: 123, password, pass123
No maximum length (but reasonable limits apply)
Stored using AES encryption for SSO and MD5 for legacy auth

Updating Users

The Users::update() method modifies existing user accounts:

Update User Account

// Update user account
$Users = new Users();
$result = $Users->update(
    $userid,        // User ID
    $username,      // New username
    $password,      // New password (leave empty to keep current)
    $email,         // Email address
    $first_name,    // First name
    $last_name,     // Last name
    $language,      // Language preference (default: english)
    $theme          // Theme preference (default: default)
);

Username Changes

When changing a username:

Updates database record
Updates SSO credentials with new username
Executes UsernameChange script on all remote network servers
Renames user directories on each network server
Updates server ownership records

Remote Script:

UsernameChange -o 'olduser' -n 'newuser'

Password Changes

When changing a password:

Updates SSO encrypted password in database
Clears legacy MD5 password
Executes ChangePassword script on all remote network servers
Updates system user password with crypt() hash

Remote Script:

ChangePassword -u 'username' -p '$6$salt$hash'

Profile Updates

For email, name, language, and theme changes:

Updates database record immediately
No remote server operations required
Language and theme stored in user session

Username changes affect all game servers owned by the user and require coordination across all network servers. Ensure no servers are running during username changes.

Deleting Users

The Users::delete() method removes user accounts:

Delete User Account

// Delete a user account
$Users = new Users();
$result = $Users->delete($userid);

Deletion Process:

Validation

Verifies user exists
Checks if user owns any servers
Prevents deletion if servers exist

Soft Delete

Sets deleted = 1 in database
Preserves user record for audit trail
User cannot log in after deletion

Remote Cleanup

Executes DeleteUser script on all network servers
Removes system user account
Optionally preserves home directory

Users cannot be deleted if they own active servers. Transfer or delete all servers before removing the user account.

Admin User Management

Creating Admins

The Admins::create() method creates administrator accounts:

Create Admin Account

// Create a new admin user
$Admins = new Admins();
$result = $Admins->create(
    $username,      // Admin username
    $password,      // Admin password
    $email,         // Email address
    $first_name,    // First name
    $last_name      // Last name
);

Admin Account Features:

Same username validation as client accounts
Enhanced password hashing: base64(sha1('ZzaX' + password + 'GPX88'))
Stored in separate admins table
No SSO credentials (admins don’t own system users)
Full panel access upon login

Admin vs Client Authentication

Admin Login
Client Login

Single Sign-On (SSO) System

GamePanelX implements SSO for secure server isolation:

How SSO Works

User Creation

When a user is created:

Username and password are AES encrypted
Stored in database as sso_user and sso_pass
Encryption key from configuration.php

Server Creation

When creating a server for a user:

SSO credentials are decrypted
System username is prefixed with gpx (e.g., gpxjohn)
System user account created on network server
Server runs under this isolated user account

Server Operations

When managing a server:

Remote scripts authenticate as the SSO user
Each server runs in isolated user directory
File permissions prevent cross-user access

SSO Implementation

Retrieve SSO Credentials

// Get SSO info for a server
$Network = new Network();
$sso_info = $Network->sso_info($server_id);

// Returns:
// [
//   'username'  => 'john',        // Plain username
//   'sso_user'  => 'gpxjohn',     // System username
//   'sso_pass'  => 'decrypted',   // Decrypted password
//   'game_path' => '/usr/local/gpx/users/john/192.168.1.1.27015'
// ]

SSO provides security isolation so users cannot access each other’s server files or processes, even on shared network servers.

User Database Schema

Users Table

CREATE TABLE users (
  id INT UNSIGNED AUTO_INCREMENT,
  deleted TINYINT(1) DEFAULT 0,
  date_created DATETIME,
  last_updated DATETIME,
  sso_user BLOB,              -- AES encrypted username
  sso_pass BLOB,              -- AES encrypted password
  username VARCHAR(16),       -- Plain username
  password VARCHAR(255),      -- Legacy MD5 (deprecated)
  email_address VARCHAR(255),
  first_name VARCHAR(128),
  last_name VARCHAR(128),
  language VARCHAR(64) DEFAULT 'english',
  theme VARCHAR(64),
  PRIMARY KEY (id),
  KEY username (username)
);

Admins Table

CREATE TABLE admins (
  id INT UNSIGNED AUTO_INCREMENT,
  deleted TINYINT(1) DEFAULT 0,
  date_created DATETIME,
  last_updated DATETIME,
  username VARCHAR(16),
  password VARCHAR(255),      -- SHA1 with salt
  email_address VARCHAR(255),
  first_name VARCHAR(128),
  last_name VARCHAR(128),
  language VARCHAR(64) DEFAULT 'english',
  theme VARCHAR(64),
  PRIMARY KEY (id),
  KEY username (username)
);

Resellers Table

CREATE TABLE resellers (
  id INT UNSIGNED AUTO_INCREMENT,
  deleted TINYINT(1) DEFAULT 0,
  date_created DATETIME,
  last_updated DATETIME,
  username VARCHAR(16),
  password VARCHAR(64),
  email_address VARCHAR(255),
  first_name VARCHAR(128),
  last_name VARCHAR(128),
  language VARCHAR(64) DEFAULT 'english',
  PRIMARY KEY (id),
  KEY username (username)
);

Permissions System

GamePanelX uses session-based permissions:

Permission Checks

Admin-Only Operations

// Verify admin access
if(isset($_SESSION['gpx_admin'])) {
    // Admin-only operation
} else {
    die('Unauthorized');
}

User-Owned Server Check

// Verify user owns a server
$result = mysql_query(
    "SELECT id FROM servers 
     WHERE id = '$srvid' 
     AND userid = '{$_SESSION['gpx_user']}'"
);
if(!mysql_num_rows($result)) {
    die('You do not own this server');
}

Access Levels

Operation	Admin	Reseller	Client
Create users	✓	✓	✗
Delete users	✓	✓ (own clients)	✗
Create servers	✓	✓	✓ (own servers)
Manage network	✓	✗	✗
Add games	✓	✗	✗
Create templates	✓	✗	✗
View all servers	✓	✓ (own clients)	✗
System settings	✓	✗	✗
Install plugins	✓	✗	✗

User Preferences

Language Support

Users can select their preferred language:

// Available languages stored in /lang/ directory
$_SESSION['gpx_lang'] = $user_language;
require(DOCROOT . '/lang.php');

// Use translated strings
echo $lang['welcome'];

Theme Support

Users can customize their interface theme:

// Theme stored in session
$_SESSION['gpx_theme'] = $user_theme;

// Load theme-specific CSS
$theme_css = '/themes/' . $_SESSION['gpx_theme'] . '/style.css';

Best Practices

Account Security

Enforce strong passwords (minimum 8+ characters recommended)
Use unique usernames for each client
Regularly audit user accounts and remove inactive users
Protect the encryption key in configuration.php

User Organization

Use consistent naming conventions for usernames
Fill in first name, last name, and email for all users
Document user purposes in server descriptions
Use reseller accounts to organize clients by customer

Permissions Management

Limit admin accounts to trusted personnel only
Create separate admin accounts rather than sharing credentials
Use reseller accounts for delegated management
Review server ownership periodically

Troubleshooting

Verify account is not deleted (deleted = 0)
Check password was encrypted correctly
Ensure cookies and sessions are working
Review error logs for authentication failures

SSO Errors

Verify encryption key in configuration.php
Check database fields sso_user and sso_pass are not empty
Test SSH connectivity to network servers
Ensure CreateUser script succeeded

Username Change Fails

Stop all servers owned by the user first
Check SSH connectivity to all network servers
Verify UsernameChange script has execute permissions
Review server logs at $HOME/logs/servers.log

The encryption key in configuration.php is critical for SSO functionality. If lost, all user passwords must be reset.

Get Started

Core Features

Administration

Client Portal

Server Management

Advanced

​Overview

Client Accounts

Admin Accounts

SSO Authentication

Reseller Support

​User Types

​Client Users

​Admin Users

​Reseller Accounts

​Client User Management

​Creating Users

​Updating Users

​Deleting Users

​Admin User Management

​Creating Admins

​Admin vs Client Authentication

​Single Sign-On (SSO) System

​How SSO Works

​SSO Implementation

​User Database Schema

​Users Table

​Admins Table

​Resellers Table

​Permissions System

​Permission Checks

​Access Levels

​User Preferences

​Language Support

​Theme Support

​Best Practices

​Troubleshooting

​User Cannot Login

​SSO Errors

​Username Change Fails

Build docs developers (and LLMs) love

Overview

User Types

Client Users

Admin Users

Reseller Accounts

Client User Management

Creating Users

Updating Users

Deleting Users

Admin User Management

Creating Admins

Admin vs Client Authentication

Single Sign-On (SSO) System

How SSO Works

SSO Implementation

User Database Schema

Users Table

Admins Table

Resellers Table

Permissions System

Permission Checks

Access Levels

User Preferences

Language Support

Theme Support

Best Practices

Troubleshooting

User Cannot Login

SSO Errors

Username Change Fails