# Website

Workspace reference: [`GSP-WORKSPACE.md`](../../../GSP-WORKSPACE.md)

## Purpose

Public Gameservers.World sales, documentation, and customer-entry website.

## Runtime Location

- Canonical public site: `Panel/modules/website/`
- Billing catalog, order flow, cart, checkout, and website staff pages: `Panel/modules/website/`
- Backup reference only: `backup-website/`

## Design Rules

- Public pages must load without fatal errors when billing config is missing
- Path and URL handling must be centralized
- Panel and login URLs must be configuration-driven
- Documentation must be readable without depending on billing database access
- Catalog pages may degrade gracefully when billing data is unavailable

## Helpers

The website module centralizes these helpers in `includes/bootstrap.php`:

- `website_url()`
- `website_asset()`
- `panel_url()`
- `login_url()`
- `billing_url()`
- `documentation_url()`

## Billing Interaction

The website does not include the billing config loader directly. It reads panel or billing DB values safely, uses them only when needed, and avoids public fatal errors tied to missing config files.

The rebuilt sales/billing details are documented in `docs/modules/website_billing_rebuild.md`.

## Shared Accounts

The website uses the Panel `users` table as the account source of truth. A customer has the same `user_id` on Gameservers.World, the GSP Panel, support, billing, and server orders.

Website login verifies credentials against the existing Panel password hash format. This preserves current Panel login behavior and avoids a second website password database.

`gameservers.world` and `panel.iaregamer.com` cannot share a normal PHP session cookie because they are unrelated parent domains. SSO is deferred for this phase. The website and Panel keep separate sessions, and users may log in separately on both sites with the same credentials. Passwords, password hashes, PHP session IDs, and authentication tokens are never passed in URLs.

`Panel/modules/website/sso.php` and `Panel/sso.php` are retained only as compatibility redirects for old links. Active navigation must not depend on them.

Successful website login redirects to `my_account.php` unless a safe internal
return path was stored, such as `cart.php?checkout=1`. `account.php` is retained
as a compatibility account entry point.

## Ordering

The current public catalog route is `serverlist.php`. Customer-facing Order buttons must use:

- `order.php?service_id=...`

The old `billing/order.php` route is obsolete in this repository layout and must not be used for active Gameservers.World links.

`order.php` validates the requested `service_id` server-side against enabled catalog records before allowing the customer to continue. Anonymous visitors can configure slots and location, add the server package to the session cart, and review the cart before login.

Login or registration is required only at checkout. The cart is stored in the website session and remains available through website login session regeneration. Website-native registration and password reset pages are available and use the shared Panel user table.

The website owns catalog display, cart storage, order intent, login-return behavior, checkout entry, and customer confirmation. The Panel owns final provisioning, server assignment to the shared `user_id`, game-home creation, agent handoff, and provisioning state. Public browser requests must not call private provisioning methods directly.

Checkout creates due invoices and pending-payment orders after login. PayPal order creation and capture run server-side through website API endpoints, and verified PayPal webhook events are deduplicated before being applied.

Paid orders appear in the website provisioning queue. The queue is the handoff point for Panel-side server creation; provisioning must remain idempotent and must not run before payment or approval.

## Navigation

Website footer account links are state-aware:

- logged out: `Account Login`, `Order a Server`, `Control Panel`
- logged in: `My Account`, `Order a Server`, `Control Panel`, `My Servers`, `Log Out`
- staff-only links appear only for Panel admin users and still enforce website staff authorization server-side

The shared header groups navigation by purpose:

- public: Home, Game Servers, Pricing, Locations, Documentation, Support
- account: Login/Create Account/Cart or My Account/My Orders/My Servers/Cart/Logout
- staff: Staff Dashboard, only for authorized website staff
- actions: Custom Projects and Control Panel

Control Panel links point directly to the configured Panel domain. `My Servers`
opens a website customer page that summarizes website orders and links to the
Panel for live server controls. Staff Dashboard opens the website sales/billing
staff area, not Panel activity logging.

## Deployment

Recommended:

1. `DocumentRoot` -> `Panel/modules/website`
2. Apache `Alias /billing` -> `Panel/modules/billing`
3. Configure:
   - `public_base_url`
   - `billing_base_url`
   - `panel_url`
   - `login_url`

## Key Public Pages

- `index.php`
- `serverlist.php`
- `docs.php`
- `pricing.php`
- `locations.php`
- `support.php`
- `login.php`
- `register.php`
- `forgot_password.php`
- `reset_password.php`
- `account.php`
- `my_account.php`
- `orders.php`
- `my_orders.php`
- `invoices.php`
- `my_servers.php`
- `order.php`
- `cart.php`
- `checkout.php`
- `staff.php`
- `sso.php`

## Pricing and Platform Reference

- Internal workbook: `pricing/gameservers_world_pricing_catalog.xlsx`
- Public summary config: `Panel/modules/website/config/pricing.php`
- Optional overrides: `Panel/modules/website/config/config.php` and `config.local.php`

The website uses a compact public pricing summary instead of parsing the workbook at runtime. Pricing and platform wording should stay centralized so homepage, server catalog, and pricing pages remain consistent.

Public pricing rules:

- standard hosting starts at `$0.50` per slot
- selected legacy servers can start around `$4` per month
- most standard plans use a `16`-slot minimum
- fixed-cap games may differ
- custom development is quoted separately

Platform rules:

- hardware details are secondary website information
- customization, legacy-game support, backups, monitored capacity, and developer-backed help remain the main sales points
- example host specifications should be updated in the central config rather than scattered across templates

## Runlevel Systems Project Request Integration

- Services config: `Panel/modules/website/config/services.php`
- Shared footer branding: `Panel/modules/website/includes/footer.php`
- Homepage CTA: `Panel/modules/website/pages/home.php`

Current project request URL:

- `https://runlevelsystems.com/start-project.php`

Branding rules:

- official company name: `Runlevel Systems`
- official company URL: `https://runlevelsystems.com/`
- website pages should distinguish ordinary support from separately scoped project work