Beta release of the redesigned and modernized website for SPP-based installs.
Current packaged release: Beta v0.2
Supported targets:
- Windows SPP release: celguar/spp-classics-cmangos
- Proxmox shell-port build: japtenks/spp-cmangos-prox
This project is intended for local/LAN use.
If you plan to host it outside your local network, it is your responsibility to review and secure your setup properly. The default environment is based on HTTP and older Apache-style local hosting assumptions, so it should not be treated as hardened for public internet exposure out of the box.
The project does include security-focused cleanup and modernization work compared to the older site code, including:
- centralized CSRF protection on mutating actions
- safer form field filtering and request guards
- improved forum posting validation and repeat-post protection
- more secure attachment and avatar file handling
- PDO/prepared-statement migration across major database access paths
- SRP-based account password flow updates in supported account paths
You can install this site by cloning the repository or by downloading the release ZIP.
-
Stop the launcher before replacing the existing website files.
-
Back up the current site folder if needed. Example: rename
Server\websitetowebsite-bkup. -
Extract or clone this repo into the
websitefolder. -
Review your runtime config before first launch. Default config values are Classic-first. If your install is TBC or WotLK, create and update
config/config-protected.local.phpto match your setup.Start from
config/config-protected.local.php.example.Update these values to match your install:
- Expansion:
0=Classic,1=TBC,2=WOTLK default_realm_id- Database names for
realmd,world,chars, andarmory - Database host/port if your MySQL service is not using the default SPP values
clientConnectionHostfor the address players should use inrealmlist.wtf- SOAP port/credentials if you plan to use SOAP-backed admin features
default_realm_idmust match the realm/realmlist entry your site should use.clientConnectionHostis the value the website uses for the generatedrealmlist.wtfdownloads and the on-pageset realmlist ...instructions shown to players. - Expansion:
'genericRuntime' => [
'expansion' => 1,
],
'realmRuntime' => [
'default_realm_id' => 1,
],
'clientConnectionHost' => '192.168.1.42',
'realmDbMap' => [
1 => [
'realmd' => 'tbcrealmd',
'world' => 'tbcmangos',
'chars' => 'tbccharacters',
'armory' => 'tbcarmory',
- In
mangos.conf, make sure SOAP is enabled:
SOAP.Enabled = 1Optional depending on your setup:
Ra.Enable = 1if you use RA-backed features or toolingConsole.Enable = 1if your environment depends on console access or console-driven controls
-
Make sure the database server is running and reachable from the website. Current live DB reference for the standard install:
- Host:
127.0.0.1 - Port:
3310 - User:
root - Password:
123456
It is recommended to update these values from the standard default setup.
- Host:
-
From the
websitefolder, run the SQL updates:- Apply the armory/world-side patch files in
db-updates/01_armory_world_patchin this order:10_dbc_spellicon_delta.sql20_dbc_spellitemenchantment_tooltip.sql30_dbc_talent_tooltip.sql40_dbc_talenttab_tooltip.sql50_armory_itemset_notes.sql
- Apply those armory/world-side patch files to every armory/world install you want the website to support
- Apply
db-updates/02_realmd_patch.sqlto the website-ownedrealmddatabase db-updates/03_seeds.sqldb-updates/04_populationdirector.sqlif you want the population director features
- Apply the armory/world-side patch files in
After the patches are applied, the website should be available for guest access.
Some website tools and patch workflows work best when the default SPP PHP and MySQL binaries are available on PATH.
For a default SPP install, you can use:
powershell -ExecutionPolicy Bypass -File .\tools\add_spp_tools_to_path.ps1That helper adds the usual SPP tool locations to your user PATH:
Tools\php7Database\bin
Notes:
phponPATHis useful for website helper scripts such as identity backfill and bot event processingmysqlonPATHis useful if you want to run the SQL patch files from a terminal instead of importing them manually- Open a new PowerShell window after running the helper if you want the updated
PATHoutside the current session
For the Proxmox shell-port workflow:
- Change into the Proxmox project folder:
cd spp-cmangos-prox/- Start the launcher:
./Launcher.sh- If an update is required, open the service menu.
- Choose
3forwebsite. - Choose
2forupdate.
If you do not already have an account, create one through the database or the SPP launcher tools.
For admin tasks:
- Use an admin account if you want website administration features.
- If you do not want permanent GM access on your character, keep that separate from your normal play account.
- If you plan to use SOAP-backed features, create or configure a SOAP-enabled account for that purpose.
- Full SOAP support currently requires a recompile with this change:
japtenks/mangos-classic commit
bd5c6c1 - A pull request has been issued for that work.
- Confirm
config/config-protected.local.phpmatches your expansion, realm ID, and DB names - Confirm the armory/world patch files and
02_realmd_patch.sqlwere applied - Confirm the site opens and guest pages load
- Run the identity backfill from the admin identities page
admin/botevents is supported only when PHP CLI is available in the target environment, such as a Windows SPP install with portable PHP on PATH.
admin/bots and admin/botrotation are available as Windows-safe admin surfaces for previewing maintenance scope and rotation health. Legacy helper commands are shown conditionally when their local tool scripts are present.
Useful scripts in tools/ include:
process_bot_events.phpto process bot event datascan_bot_events.phpto scan and inspect bot event inputs
- If the site loads but shows the wrong realm, missing characters, or empty armory data, check
expansion,default_realm_id, database names, and MySQL port first. - If guest pages work but admin actions do not, verify SOAP is enabled and the configured SOAP port and credentials are correct.
- If pages render strangely after replacing the site, stop the launcher and clear generated cache/log files before trying again.
- If you replaced
Server\websitewhile the launcher or bundled web server was still running, restart the stack and re-check the copied files. admin/boteventsrequires PHP CLI support in the Windows environment; without it, that admin surface is not available.- If you are using only a TBC install, you should expect to use a local config override rather than relying on the Classic defaults.
- If your Windows setup includes more than one world, such as Classic and TBC, add each realm to
realmDbMapinconfig/config-protected.local.php. - Give each realm the correct
realmd,world,chars, andarmorydatabase names, and make sure each entry uses the correct realm ID fromrealmlist. - In SPP-Win naming, that usually means mapping each realm entry to its matching
*.world,*.armory,*.characters, and*realmddatabases. - Set
realmRuntime.multirealmto1if you want the website to expose more than one configured realm. - Each
realmDbMapentry is resolved independently, so the website will use therealmd,world,chars, andarmorynames defined for that specific realm ID rather than forcing every realm through one shared world or armory database. - The site can still list a configured realm even when that world is offline, as long as the realm is present in your runtime config and enabled in the runtime realm settings.
- For shared website tables and runtime settings, apply
02_realmd_patch.sqlto the realmd database you want the website to treat as its website-owned authority DB. - If only one realm appears, check the configured realm IDs, the runtime enabled realm list, and whether the matching
realmlistrows exist in the website-ownedrealmddatabase.
Open full screenshot gallery (35 images)
