diff --git a/admin/index.php b/admin/index.php
index 0e14c4d..5b9e026 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -811,6 +811,10 @@ tr:hover td{background:rgba(255,255,255,.015)}
+
🔐 Agent Info — Admin Only
@@ -3051,8 +3055,9 @@ function editGame(id) {
document.getElementById('gf-name').value = g.name;
document.getElementById('gf-slug').value = g.slug;
document.getElementById('gf-slug').disabled = true;
- document.getElementById('gf-player-url').value = g.player_url;
- document.getElementById('gf-color').value = g.color || '#f0c040';
+ document.getElementById('gf-player-url').value = g.player_url;
+ document.getElementById('gf-alias-param').value = g.url_alias_param || '';
+ document.getElementById('gf-color').value = g.color || '#f0c040';
document.getElementById('gf-color-hex').value = g.color || '#f0c040';
document.getElementById('gf-sort').value = g.sort_order;
document.getElementById('gf-active').value = g.is_active;
@@ -3171,8 +3176,9 @@ async function saveGame() {
id: id ? parseInt(id) : undefined,
name: document.getElementById('gf-name').value.trim(),
slug: document.getElementById('gf-slug').value.trim(),
- player_url: document.getElementById('gf-player-url').value.trim(),
- agent_link: document.getElementById('gf-agent-link').value.trim(),
+ player_url: document.getElementById('gf-player-url').value.trim(),
+ url_alias_param: document.getElementById('gf-alias-param').value.trim(),
+ agent_link: document.getElementById('gf-agent-link').value.trim(),
agent_login: document.getElementById('gf-agent-login').value.trim(),
agent_password: document.getElementById('gf-agent-password').value.trim(),
games_link: document.getElementById('gf-games-link').value.trim(),
diff --git a/api/platforms.php b/api/platforms.php
index 72935c0..dbeddc5 100644
--- a/api/platforms.php
+++ b/api/platforms.php
@@ -12,14 +12,14 @@ switch ($action) {
// ── Public: active platforms for player app ───────────
case 'list':
- $stmt = db()->query("SELECT slug,name,player_url,color,icon_path FROM platforms WHERE is_active=1 AND is_deleted=0 ORDER BY sort_order ASC, id ASC");
+ $stmt = db()->query("SELECT slug,name,player_url,url_alias_param,color,icon_path FROM platforms WHERE is_active=1 AND is_deleted=0 ORDER BY sort_order ASC, id ASC");
$rows = $stmt->fetchAll();
- // Normalize to match old CFG format
$out = array_map(fn($r) => [
- 'id' => $r['slug'],
- 'name' => $r['name'],
- 'url' => $r['player_url'],
- 'color' => $r['color'],
+ 'id' => $r['slug'],
+ 'name' => $r['name'],
+ 'url' => $r['player_url'],
+ 'alias_param' => $r['url_alias_param'] ?? '',
+ 'color' => $r['color'],
], $rows);
echo json_encode(['success'=>true, 'platforms'=>$out]);
break;
@@ -35,25 +35,26 @@ switch ($action) {
case 'create':
if (!$isAdmin || $_SERVER['REQUEST_METHOD'] !== 'POST') { echo json_encode(['success'=>false,'error'=>'Forbidden']); exit; }
$d = json_decode(file_get_contents('php://input'), true);
- $slug = preg_replace('/[^a-z0-9_]/', '', strtolower(trim($d['slug'] ?? '')));
- $name = substr(trim($d['name'] ?? ''), 0, 100);
- $player_url = substr(trim($d['player_url'] ?? ''), 0, 500);
- $agent_link = substr(trim($d['agent_link'] ?? ''), 0, 500);
- $agent_login = substr(trim($d['agent_login'] ?? ''), 0, 200);
- $agent_password = substr(trim($d['agent_password'] ?? ''), 0, 200);
- $games_link = substr(trim($d['games_link'] ?? ''), 0, 500);
- $agent_guide = trim($d['agent_guide'] ?? '');
- $sub_agent_login = substr(trim($d['sub_agent_login'] ?? ''), 0, 200);
- $sub_agent_password= substr(trim($d['sub_agent_password'] ?? ''), 0, 200);
- $cashier_login = substr(trim($d['cashier_login'] ?? ''), 0, 200);
- $cashier_password = substr(trim($d['cashier_password'] ?? ''), 0, 200);
- $color = preg_match('/^#[0-9a-fA-F]{3,8}$/', $d['color'] ?? '') ? $d['color'] : '#f0c040';
- $sort_order = (int)($d['sort_order'] ?? 99);
- $is_active = isset($d['is_active']) ? (int)(bool)$d['is_active'] : 1;
+ $slug = preg_replace('/[^a-z0-9_]/', '', strtolower(trim($d['slug'] ?? '')));
+ $name = substr(trim($d['name'] ?? ''), 0, 100);
+ $player_url = substr(trim($d['player_url'] ?? ''), 0, 500);
+ $url_alias_param = preg_replace('/[^a-zA-Z0-9_\-]/', '', trim($d['url_alias_param'] ?? ''));
+ $agent_link = substr(trim($d['agent_link'] ?? ''), 0, 500);
+ $agent_login = substr(trim($d['agent_login'] ?? ''), 0, 200);
+ $agent_password = substr(trim($d['agent_password'] ?? ''), 0, 200);
+ $games_link = substr(trim($d['games_link'] ?? ''), 0, 500);
+ $agent_guide = trim($d['agent_guide'] ?? '');
+ $sub_agent_login = substr(trim($d['sub_agent_login'] ?? ''), 0, 200);
+ $sub_agent_password = substr(trim($d['sub_agent_password'] ?? ''), 0, 200);
+ $cashier_login = substr(trim($d['cashier_login'] ?? ''), 0, 200);
+ $cashier_password = substr(trim($d['cashier_password'] ?? ''), 0, 200);
+ $color = preg_match('/^#[0-9a-fA-F]{3,8}$/', $d['color'] ?? '') ? $d['color'] : '#f0c040';
+ $sort_order = (int)($d['sort_order'] ?? 99);
+ $is_active = isset($d['is_active']) ? (int)(bool)$d['is_active'] : 1;
if (!$slug || !$name || !$player_url) { echo json_encode(['success'=>false,'error'=>'Slug, name, and player URL are required']); exit; }
try {
- $stmt = db()->prepare("INSERT INTO platforms (slug,name,player_url,agent_link,agent_login,agent_password,games_link,agent_guide,sub_agent_login,sub_agent_password,cashier_login,cashier_password,color,sort_order,is_active) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
- $stmt->execute([$slug,$name,$player_url,$agent_link,$agent_login,$agent_password,$games_link,$agent_guide,$sub_agent_login,$sub_agent_password,$cashier_login,$cashier_password,$color,$sort_order,$is_active]);
+ $stmt = db()->prepare("INSERT INTO platforms (slug,name,player_url,url_alias_param,agent_link,agent_login,agent_password,games_link,agent_guide,sub_agent_login,sub_agent_password,cashier_login,cashier_password,color,sort_order,is_active) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
+ $stmt->execute([$slug,$name,$player_url,$url_alias_param,$agent_link,$agent_login,$agent_password,$games_link,$agent_guide,$sub_agent_login,$sub_agent_password,$cashier_login,$cashier_password,$color,$sort_order,$is_active]);
echo json_encode(['success'=>true,'id'=>db()->lastInsertId()]);
} catch (Exception $e) {
echo json_encode(['success'=>false,'error'=>'Slug already exists or DB error']);
@@ -64,30 +65,31 @@ switch ($action) {
case 'update':
if (!$isAdmin || $_SERVER['REQUEST_METHOD'] !== 'POST') { echo json_encode(['success'=>false,'error'=>'Forbidden']); exit; }
$d = json_decode(file_get_contents('php://input'), true);
- $id = (int)($d['id'] ?? 0);
- $name = substr(trim($d['name'] ?? ''), 0, 100);
- $player_url = substr(trim($d['player_url'] ?? ''), 0, 500);
- $agent_link = substr(trim($d['agent_link'] ?? ''), 0, 500);
- $agent_login = substr(trim($d['agent_login'] ?? ''), 0, 200);
- $agent_password = substr(trim($d['agent_password'] ?? ''), 0, 200);
- $games_link = substr(trim($d['games_link'] ?? ''), 0, 500);
- $agent_guide = trim($d['agent_guide'] ?? '');
- $sub_agent_login = substr(trim($d['sub_agent_login'] ?? ''), 0, 200);
- $sub_agent_password= substr(trim($d['sub_agent_password'] ?? ''), 0, 200);
- $cashier_login = substr(trim($d['cashier_login'] ?? ''), 0, 200);
- $cashier_password = substr(trim($d['cashier_password'] ?? ''), 0, 200);
- $color = preg_match('/^#[0-9a-fA-F]{3,8}$/', $d['color'] ?? '') ? $d['color'] : '#f0c040';
- $sort_order = (int)($d['sort_order'] ?? 99);
- $is_active = (int)(bool)($d['is_active'] ?? 1);
+ $id = (int)($d['id'] ?? 0);
+ $name = substr(trim($d['name'] ?? ''), 0, 100);
+ $player_url = substr(trim($d['player_url'] ?? ''), 0, 500);
+ $url_alias_param = preg_replace('/[^a-zA-Z0-9_\-]/', '', trim($d['url_alias_param'] ?? ''));
+ $agent_link = substr(trim($d['agent_link'] ?? ''), 0, 500);
+ $agent_login = substr(trim($d['agent_login'] ?? ''), 0, 200);
+ $agent_password = substr(trim($d['agent_password'] ?? ''), 0, 200);
+ $games_link = substr(trim($d['games_link'] ?? ''), 0, 500);
+ $agent_guide = trim($d['agent_guide'] ?? '');
+ $sub_agent_login = substr(trim($d['sub_agent_login'] ?? ''), 0, 200);
+ $sub_agent_password = substr(trim($d['sub_agent_password'] ?? ''), 0, 200);
+ $cashier_login = substr(trim($d['cashier_login'] ?? ''), 0, 200);
+ $cashier_password = substr(trim($d['cashier_password'] ?? ''), 0, 200);
+ $color = preg_match('/^#[0-9a-fA-F]{3,8}$/', $d['color'] ?? '') ? $d['color'] : '#f0c040';
+ $sort_order = (int)($d['sort_order'] ?? 99);
+ $is_active = (int)(bool)($d['is_active'] ?? 1);
if (!$id || !$name || !$player_url) { echo json_encode(['success'=>false,'error'=>'ID, name, and player URL required']); exit; }
if ($isMasterAdmin) {
// Master admin: update all fields including agent info
- db()->prepare("UPDATE platforms SET name=?,player_url=?,agent_link=?,agent_login=?,agent_password=?,games_link=?,agent_guide=?,sub_agent_login=?,sub_agent_password=?,cashier_login=?,cashier_password=?,color=?,sort_order=?,is_active=? WHERE id=?")
- ->execute([$name,$player_url,$agent_link,$agent_login,$agent_password,$games_link,$agent_guide,$sub_agent_login,$sub_agent_password,$cashier_login,$cashier_password,$color,$sort_order,$is_active,$id]);
+ db()->prepare("UPDATE platforms SET name=?,player_url=?,url_alias_param=?,agent_link=?,agent_login=?,agent_password=?,games_link=?,agent_guide=?,sub_agent_login=?,sub_agent_password=?,cashier_login=?,cashier_password=?,color=?,sort_order=?,is_active=? WHERE id=?")
+ ->execute([$name,$player_url,$url_alias_param,$agent_link,$agent_login,$agent_password,$games_link,$agent_guide,$sub_agent_login,$sub_agent_password,$cashier_login,$cashier_password,$color,$sort_order,$is_active,$id]);
} else {
- // Regular admin: update only non-sensitive fields
- db()->prepare("UPDATE platforms SET name=?,player_url=?,color=?,sort_order=?,is_active=? WHERE id=?")
- ->execute([$name,$player_url,$color,$sort_order,$is_active,$id]);
+ // Regular admin: update non-sensitive fields including alias param
+ db()->prepare("UPDATE platforms SET name=?,player_url=?,url_alias_param=?,color=?,sort_order=?,is_active=? WHERE id=?")
+ ->execute([$name,$player_url,$url_alias_param,$color,$sort_order,$is_active,$id]);
}
echo json_encode(['success'=>true]);
break;
diff --git a/index.php b/index.php
index 19ce328..fdd542d 100644
--- a/index.php
+++ b/index.php
@@ -661,6 +661,7 @@ body::before{content:'';position:fixed;inset:0;background-image:linear-gradient(