fixed missing login and billing pages
This commit is contained in:
parent
28533be24d
commit
dbecad8606
755 changed files with 1205 additions and 106715 deletions
|
|
@ -40,6 +40,14 @@ Commercial billing, provisioning, invoices, orders, transactions, coupons, and p
|
|||
- renewals
|
||||
- account/service status
|
||||
|
||||
## Website Ordering Boundary
|
||||
|
||||
The active Gameservers.World website no longer links customers to `billing/order.php`. The public catalog uses `Panel/modules/website/order.php?service_id=...` as the order entry point. That page validates the enabled service server-side and sends logged-out users through website login before returning them to the intended service.
|
||||
|
||||
Payment approval and final provisioning remain server-side responsibilities. The browser must not call private provisioning methods directly, and prices must be read from server-side catalog data rather than query parameters.
|
||||
|
||||
In this repository checkout the historical `Panel/modules/billing` runtime is not present, although billing tables and integration references remain. The website order page therefore stops at validated order intent and support handoff until the active checkout/payment runtime is connected.
|
||||
|
||||
## Admin Workflow
|
||||
|
||||
- configure payment gateways
|
||||
|
|
@ -72,4 +80,3 @@ Commercial billing, provisioning, invoices, orders, transactions, coupons, and p
|
|||
## Recommendation
|
||||
|
||||
- Keep / Rewrite
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,49 @@ The website module centralizes these helpers in `includes/bootstrap.php`:
|
|||
|
||||
The website does not include the billing config loader directly. It reads panel or billing DB values safely, uses them only when needed, and avoids public fatal errors tied to missing config files.
|
||||
|
||||
## Shared Accounts and SSO
|
||||
|
||||
The website uses the Panel `users` table as the account source of truth. A customer has the same `user_id` on Gameservers.World, the GSP Panel, support, billing, and server orders.
|
||||
|
||||
Website login verifies credentials against the existing Panel password hash format. This preserves current Panel login behavior and avoids a second website password database.
|
||||
|
||||
`gameservers.world` and `panel.iaregamer.com` cannot share a normal PHP session cookie because they are unrelated parent domains. The bridge is a one-time SSO token:
|
||||
|
||||
- website to Panel: `Panel/modules/website/sso.php` creates a token and redirects to `Panel/sso.php`
|
||||
- Panel to website: `Panel/sso.php` creates a token and redirects back to `Panel/modules/website/sso.php`
|
||||
- table: `OGP_DB_PREFIXsso_tokens`
|
||||
- lifetime: 30-60 seconds
|
||||
- storage: SHA-256 token hash only
|
||||
- reuse: rejected after `used_at` is set
|
||||
- URL contents: token only, never passwords, password hashes, API keys, or PHP session IDs
|
||||
- HTTPS is required in production
|
||||
|
||||
Expired tokens are cleaned opportunistically when SSO is used. The administration module also creates the table for fresh installs.
|
||||
|
||||
## Ordering
|
||||
|
||||
The current public catalog route is `serverlist.php`. Customer-facing Order buttons must use:
|
||||
|
||||
- `order.php?service_id=...`
|
||||
|
||||
The old `billing/order.php` route is obsolete in this repository layout and must not be used for active Gameservers.World links.
|
||||
|
||||
`order.php` validates the requested `service_id` server-side against enabled catalog records before allowing the customer to continue. Logged-out customers have the intended order path stored in the website session, are sent to `login.php`, and return to the same service after successful login.
|
||||
|
||||
The website owns catalog display, order intent, login-return behavior, checkout entry, and customer confirmation. The Panel owns final provisioning, server assignment to the shared `user_id`, game-home creation, agent handoff, and provisioning state. Public browser requests must not call private provisioning methods directly.
|
||||
|
||||
Checkout/payment handlers are not present in this repository checkout. Until the active payment runtime is connected, `order.php` validates the selected service and sends the customer to support instead of pretending payment or provisioning is available.
|
||||
|
||||
## Navigation
|
||||
|
||||
Website footer account links are state-aware:
|
||||
|
||||
- logged out: `Account Login`, `Order a Server`, `Control Panel`
|
||||
- logged in: `My Account`, `Order a Server`, `Control Panel`, `My Servers`, `Log Out`
|
||||
- staff-only links appear only for Panel admin users and still rely on Panel authorization server-side
|
||||
|
||||
The website Control Panel button sends logged-in users through website-to-Panel SSO. Logged-out users go through website login first. The Panel dashboard `Order Another Server` link sends logged-in Panel users through Panel-to-website SSO.
|
||||
|
||||
## Deployment
|
||||
|
||||
Recommended:
|
||||
|
|
@ -56,6 +99,9 @@ Recommended:
|
|||
- `locations.php`
|
||||
- `support.php`
|
||||
- `login.php`
|
||||
- `account.php`
|
||||
- `order.php`
|
||||
- `sso.php`
|
||||
|
||||
## Pricing and Platform Reference
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue