# Website

Workspace reference: [`GSP-WORKSPACE.md`](../../../GSP-WORKSPACE.md)

## Purpose

Public Gameservers.World sales, documentation, and customer-entry website.

## Runtime Location

- Canonical public site: `Panel/modules/website/`
- Billing catalog, order flow, cart, checkout, and website staff pages: `Panel/modules/website/`
- Backup reference only: `backup-website/`

## Design Rules

- Public pages must load without fatal errors when billing config is missing
- Path and URL handling must be centralized
- Panel and login URLs must be configuration-driven
- Documentation must be readable without depending on billing database access
- Catalog pages may degrade gracefully when billing data is unavailable

## Helpers

The website module centralizes these helpers in `includes/bootstrap.php`:

- `website_url()`
- `website_asset()`
- `panel_url()`
- `login_url()`
- `billing_url()`
- `documentation_url()`

## Billing Interaction

The website does not include the billing config loader directly. It reads panel or billing DB values safely, uses them only when needed, and avoids public fatal errors tied to missing config files.

The rebuilt sales/billing details are documented in `docs/modules/website_billing_rebuild.md`.

## Shared Accounts

The website uses the Panel `users` table as the account source of truth. A customer has the same `user_id` on Gameservers.World, the GSP Panel, support, billing, and server orders.

Website login verifies credentials against the existing Panel password hash format. This preserves current Panel login behavior and avoids a second website password database.

`gameservers.world` and `panel.iaregamer.com` cannot share a normal PHP session cookie because they are unrelated parent domains. SSO is deferred for this phase. The website and Panel keep separate sessions, and users may log in separately on both sites with the same credentials. Passwords, password hashes, PHP session IDs, and authentication tokens are never passed in URLs.

`Panel/modules/website/sso.php` and `Panel/sso.php` are retained only as compatibility redirects for old links. Active navigation must not depend on them.

Successful website login redirects to `my_account.php` unless a safe internal
return path was stored, such as `cart.php?checkout=1`. `account.php` is retained
as a compatibility account entry point.

## Ordering

The current public catalog route is `serverlist.php`. Customer-facing Order buttons must use:

- `order.php?service_id=...`

The old `billing/order.php` route is obsolete in this repository layout and must not be used for active Gameservers.World links.

`order.php` validates the requested `service_id` server-side against enabled catalog records before allowing the customer to continue. Anonymous visitors can configure slots and location, add the server package to the session cart, and review the cart before login.

Login or registration is required only at checkout. The cart is stored in the website session and remains available through website login session regeneration. Website-native registration and password reset pages are available and use the shared Panel user table.

The website owns catalog display, cart storage, order intent, login-return behavior, checkout entry, and customer confirmation. The Panel owns final provisioning, server assignment to the shared `user_id`, game-home creation, agent handoff, and provisioning state. Public browser requests must not call private provisioning methods directly.

Checkout creates due invoices and pending-payment orders after login. PayPal order creation and capture run server-side through website API endpoints, and verified PayPal webhook events are deduplicated before being applied.

Paid orders appear in the website provisioning queue. The queue is the handoff point for Panel-side server creation; provisioning must remain idempotent and must not run before payment or approval.

## Service Catalog Display

The public `serverlist.php` catalog uses a compact row/list layout so many
services can be scanned quickly. Customer-facing rows show the display name,
derived platform label, short description, per-slot monthly price, and order
action. Raw XML/config keys such as `*_linux64` or `*_win32` are internal
identifiers and should not be prominent public labels.

Platform labels are produced by `website_service_platform()` from service/config
data such as `cfg_game_key`, `cfg_file`, `home_cfg_file`, or related service
fields:

- Linux: keys/files containing `linux`, `linux32`, or `linux64`
- Windows: keys/files containing `win`, `win32`, `win64`, or `windows`
- Cross-platform: both platform families detected
- Unknown: no platform marker detected

Order/configuration pages may retain card-style layout, but should also show the
derived platform label instead of the raw XML/config key. Website staff service
management uses a compact expandable row list with service ID, status, display
name, platform, price, slot range, image status, and location count visible.

## Navigation

The shared header uses one responsive navigation implementation for every public
page.

Primary links:

- Home
- Game Servers
- Panel Features
- Support

Account area:

- logged out: Login, Create Account, Cart
- logged in: My Account, My Orders, My Servers, Cart, Logout
- staff-only: Staff Dashboard

Right-side actions:

- Custom Projects
- Control Panel

`Panel Features` is a website information page that explains the customer
benefits of the GSP Panel. `Control Panel` is the direct external action that
opens the operational Panel at the configured Panel URL.

The footer should contain only one modest `Control Panel` link. Public pages,
especially the homepage, must not repeat Control Panel promotions unnecessarily.
Pricing and locations are not top-level public navigation items. Game-specific
pricing is shown on the catalog and order pages, and locations are summarized on
the homepage with a link to the website-branded server status page.

Control Panel links point directly to the configured Panel domain. `My Servers`
opens a website customer page that summarizes website orders and links to the
Panel for live server controls. Staff Dashboard opens the website sales/billing
staff area, not Panel activity logging.

## Public Copy Policy

Public website copy must never repeat developer instructions, prompt wording,
acceptance criteria, task rationale, or explanations about where content belongs.
Internal requirements must be translated into polished customer-facing language.

Avoid public wording such as:

- "belongs on"
- "summarized here"
- "visitors can get oriented"
- "another sales page"
- "as requested"
- "this section was moved"

Use direct customer-facing language instead.

## Pricing, Locations, and Status

Catalog and order pages display `price_monthly` as per-slot monthly pricing, for
example `$0.50 per slot / monthly`. Cart and invoice calculations multiply the
per-slot price by selected slot count and billing duration.

Order-page location labels are resolved from `remote_servers` using the best
available customer-facing fields: `display_name`, `location_name`,
`server_location`, `region`, `remote_server_name`, or `hostname`. Public IP
fields are fallback labels only. Generic labels such as `Location 2` should not
be shown when a real database name is available.

`server_status.php` is the website status page. It uses the configured Panel
database as its remote-server source, keeps the Gameservers.World theme, and
returns users to the website rather than the Panel dashboard.

## Deployment

Recommended:

1. `DocumentRoot` -> `Panel/modules/website`
2. Apache `Alias /billing` -> `Panel/modules/billing`
3. Configure:
   - `public_base_url`
   - `billing_base_url`
   - `panel_url`
   - `login_url`

## Key Public Pages

- `index.php`
- `serverlist.php`
- `docs.php`
- `pricing.php`
- `locations.php`
- `panel_features.php`
- `support.php`
- `login.php`
- `register.php`
- `forgot_password.php`
- `reset_password.php`
- `account.php`
- `my_account.php`
- `orders.php`
- `my_orders.php`
- `invoices.php`
- `my_servers.php`
- `order.php`
- `cart.php`
- `checkout.php`
- `staff.php`
- `sso.php`

## Pricing and Platform Reference

- Internal workbook: `pricing/gameservers_world_pricing_catalog.xlsx`
- Public summary config: `Panel/modules/website/config/pricing.php`
- Optional overrides: `Panel/modules/website/config/config.php` and `config.local.php`

The website uses a compact public pricing summary instead of parsing the workbook at runtime. Pricing and platform wording should stay centralized so homepage, server catalog, and pricing pages remain consistent.

Public pricing rules:

- standard hosting starts at `$0.50` per slot
- selected legacy servers can start around `$4` per month
- most standard plans use a `16`-slot minimum
- fixed-cap games may differ
- custom development is quoted separately

Platform rules:

- hardware details are secondary website information
- customization, legacy-game support, backups, monitored capacity, and developer-backed help remain the main sales points
- example host specifications should be updated in the central config rather than scattered across templates

## Runlevel Systems Project Request Integration

- Services config: `Panel/modules/website/config/services.php`
- Shared footer branding: `Panel/modules/website/includes/footer.php`
- Homepage CTA: `Panel/modules/website/pages/home.php`

Current project request URL:

- `https://runlevelsystems.com/start-project.php`

Branding rules:

- official company name: `Runlevel Systems`
- official company URL: `https://runlevelsystems.com/`
- website pages should distinguish ordinary support from separately scoped project work