GameServerInfo Data - Web Protection
====================================

This folder contains files to protect the GameServerInfo .dat directory on your web server (e.g. domain.com/data/) so only authenticated users can access or edit the files.

DEPLOYMENT
----------
1. Copy the .dat files (GameServerInfo - ChaosMix.dat, Character.dat, Command.dat, Common.dat, Custom.dat, Event.dat, Skill.dat) to your web server directory (e.g. public_html/data/ or domain.com/data/).

2. Copy .htaccess to the SAME directory as the .dat files.

3. Generate a password file (.htpasswd) and configure .htaccess to use it (see below).

GENERATING .htpasswd
--------------------
Option A - Using htpasswd (Apache):
  htpasswd -c /path/outside/webroot/.htpasswd admin
  (Enter password when prompted. Use -c only for first user; omit -c to add more users.)

Option B - Using PHP (if htpasswd not available):
  php -r "echo 'admin:' . crypt('yourpassword', '$2y$10$' . substr(str_replace('+', '.', base64_encode(random_bytes(16))), 0, 22)) . PHP_EOL;" > .htpasswd

Option C - Online generator: search for "htpasswd generator" and place the output in a file named .htpasswd.

IMPORTANT: Store .htpasswd OUTSIDE the web root (e.g. one level above public_html) or in a path that is not publicly accessible. Never put .htpasswd inside a URL-accessible directory without the .htaccess FilesMatch rule that denies it.

CONFIGURING .htaccess
--------------------
Edit .htaccess and set AuthUserFile to the ABSOLUTE path of your .htpasswd file, e.g.:
  AuthUserFile /home/youruser/.htpasswd
  (On Windows/IIS use a different path format as required.)

GAMESERVER (ConnectApi.ini)
---------------------------
When the web server uses Basic Auth, the GameServer must send the same credentials to fetch the .dat files. In ConnectApi.ini, under [GameServerInfoData], set:
  DataUrlUser = your_username
  DataUrlPassword = your_password
Use the same user/password as in .htpasswd (or a dedicated "machine" user for the GameServer). Restrict file permissions on ConnectApi.ini on the VPS so only the GameServer process can read it.

OPTIONAL: PHP EDITOR
--------------------
login.php and edit.php provide a session-based login and simple editor to view/edit the .dat files. Deploy them in the same directory (or an admin subdirectory). Configure the allowed user/password in the PHP files or use the same .htpasswd (see login.php comments).
