Add extra scripts

common/messagemail.php

@@ -0,0 +1,33 @@
+<?PHP
+
+ function messagemail ($message) {
+  $sql  = 'SELECT message_id, message_title, message_time, message_body, ';
+  $sql .= 'message_type FROM messages WHERE message_id = '.$message;
+  
+  $res = mysql_query($sql);
+  $row = mysql_fetch_array($res);
+
+  $sql  = 'SELECT user_email FROM users WHERE mail_announce = 1';
+  if ($row['message_type'] == 'admin') {
+   $sql .= ' AND user_admin = 1';
+  }
+  
+  $res = mysql_query($sql);
+  
+  while ($usr = mysql_fetch_array($res)) { 
+   $to = $usr['user_email'];
+   $subject = 'UTD-Hosting announcement: '.$row['message_title'];
+   $body  = 'This is an automated message. A new UTD-Hosting announcement ';
+   $body .= 'has been posted. The announcement is displayed below for your ';
+   $body .= 'convenience. To opt out of these messages, please log into the ';
+   $body .= 'control panel at https://secure.utd-hosting.com/control/ and ';
+   $body .= 'select the "User preferences" link.'."\n\n";
+   $body .= ' ============ '.$row['message_title'].' ============';
+   $body .= "\n\n".$row['message_body']."\n\n";
+   $body .= ' ============ End of message ========= '."\n\n";
+   $body .= "\n\n-- UTD-Hosting support";
+   mail($to, $subject, $body, 'From: support@utd-hosting.com (UTD-Hosting support)'); 
+  }
+ }
+
+?>

common/tac-old.txt

@@ -0,0 +1,84 @@
+0003
+<h3>1. Billing</h3>
+
+<h4>1.1 General billing information</h4>
+
+<p>Payment for UTD-Hosting services must be made in advance. All services last for one year (365 days) unless otherwise stated. At the end of the one year period, if payment has not been made to continue services, all services provided for the user will cease.
+</p>
+<h4>1.2 Payment handling</h4>
+
+<p>All payments made to UTD-Hosting are handled by <a href="http://www.paypal.com/" class="external">Paypal</a>, and are therefore subject to their <a href="https://www.paypal.com/uk/cgi-bin/webscr?cmd=p/gen/ua/ua-outside" class="external">user agreement</a>. Payments made to UTD-Hosting will only be accepted once they have been fully cleared by Paypal.
+
+</p>
+<h4>1.3 Refunds</h4>
+
+<p>All payments to UTD-Hosting are final. In the case of account termination, either initiated by the user or initiated by UTD-Hosting, any prepaid service will be forfeited.
+</p>
+<h4>1.4 Account ownership</h4>
+<p>
+All accounts are owned soley by the user who registered the account, or the user who made contact with UTD-Hosting staff in order to have the account created. Accounts may not be transferred to any other party. UTD-Hosting services may not be resold to any third party or any other user. 
+</p>
+<h3>2. Disclosure of information</h3>
+
+<h4>2.1 General</h4>
+
+<p>While UTD-Hosting strives to maintain the privacy and integrity of all data stored by the user, we cannot guarantee either. Users should avoid transferring or storing sensitive or private information using the services provided by UTD-Hosting. Users should make regular backups of any data hosted for them on UTD-Hosting services to avoid loss of data in case of a hardware or software error.
+</p>
+<h4>2.2 Disclosure to law enforcement agencies</h4>
+
+<p>UTD-Hosting may disclose any information pertaining to any services used by any user to any law enforcement agent who formally requests such information in writing. In such a circumstance, the user will not be notified of such a request, or UTD-Hosting's response.
+</p>
+
+<h4>2.3 Monitoring of user actions and data</h4>
+
+<p>UTD-Hosting may monitor any and all actions performed by the user, including but not limited to files uploaded via FTP, e-mails sent and received via UTD-Hosting servers, commands and programs executed by users with SSH access, and files requested via HTTP. In addition, UTD-Hosting may inspect any file, database or e-mail stored on UTD-Hosting servers, if there is suspicion that the user may be in violation of this agreement.</p> 
+
+<h3>3. Use of UTD-Hosting services</h3>
+
+<h4>3.1 Unacceptable uses</h4>
+
+<p>UTD-Hosting services may <span class="bold">not</span> be used for:
+</p>
+<ul><li> Organising or participating in illegal activity</li>
+<li> Distributing copyrighted material without the correct permission</li>
+
+<li> Distributing viruses, trojans or other malware</li>
+<li> Sending unsolicited or excessive commercial e-mail</li>
+<li> Attempting to gain illegal access to any service, server or computer, whether related to UTD-Hosting or not</li>
+</ul>
+<p>In addition, the following are forbidden:
+</p>
+<ul><li> Any script, program or other file that causes disruption to UTD-Hosting systems</li>
+<li> Attempting to gain illict access to any UTD-Hosting services</li>
+
+<li> Attempting to gain access to any files or data hosted on UTD-Hosting systems that has not been directly uploaded or created by the user.</li>
+</ul>
+<h3>4. Account cancellation</h3>
+
+<h4>4.1 Cancellation and notification</h4>
+
+<p>UTD-Hosting reserves the right to terminate any account at any time, for any of the reasons outlined in section 4.2, or, in exceptional circumstances, for any reason deemed appropriate by UTD-Hosting staff. Any payment made in advance for services from UTD-Hosting will be forfeited if an account is cancelled. Upon account cancellation, an e-mail will be sent to the account holder's address.
+</p>
+<h4>4.2 Reasons for cancellation</h4>
+
+<p>Accounts may be cancelled by UTD-Hosting without prior warning, as per condition 4.1, for the following reasons:
+</p>
+
+<ul><li> Lack of payment</li>
+<li> Any unacceptable use (as defined in section 3.1) of any service(s) provided by UTD-Hosting</li>
+</ul>
+<h4>4.3 Data availability following cancellation</h4>
+
+<p>If an account is cancelled due to lack of payment, or following a request for cancellation by the account holder, the following data will be made available for download by the account holder for seven days after the cancellation of the account:
+</p>
+<ul><li> Contents of any MySQL databases associated with the account</li>
+<li> Any unread e-mail messages</li>
+
+<li> All files stored within the account's 'home' directory</li>
+</ul>
+<p>Accounts cancelled by UTD-Hosting without consultation with the account holder, excluding accounts cancelled as a result of non-payment, are excempt from this clause. Data held for these accounts will be removed from UTD-Hosting systems within fourty-eight hours of account cancellation.
+</p>
+<h3>5. Future updates</h3>
+
+<p>These terms and conditions may be updated at any time. Users will be notified of changes when they log in to the UTD-Hosting control panel. Users will be bound to any new set of Terms and Conditions one week after they are issued.
+</p>

common/tac.txt

@@ -0,0 +1,84 @@
+0004
+<h3>1. Billing</h3>
+
+<h4>1.1 General billing information</h4>
+
+<p>Payment for UTD-Hosting services must be made in advance. All services last for one year (365 days) unless otherwise stated. At the end of the one year period, if payment has not been made to continue services, all services provided for the user will cease.
+</p>
+<h4>1.2 Payment handling</h4>
+
+<p>All payments made to UTD-Hosting are handled by <a href="http://www.paypal.com/" class="external">Paypal</a>, and are therefore subject to their <a href="https://www.paypal.com/uk/cgi-bin/webscr?cmd=p/gen/ua/ua-outside" class="external">user agreement</a>. Payments made to UTD-Hosting will only be accepted once they have been fully cleared by Paypal.
+
+</p>
+<h4>1.3 Refunds</h4>
+
+<p>All payments to UTD-Hosting are final. In the case of account termination, either initiated by the user or initiated by UTD-Hosting, any prepaid service will be forfeited.
+</p>
+<h4>1.4 Account ownership</h4>
+<p>
+All accounts are owned soley by the user who registered the account, or the user who made contact with UTD-Hosting staff in order to have the account created. Accounts may not be transferred to any other party. UTD-Hosting services may not be resold to any third party or any other user. 
+</p>
+<h3>2. Disclosure of information</h3>
+
+<h4>2.1 General</h4>
+
+<p>While UTD-Hosting strives to maintain the privacy and integrity of all data stored by the user, we cannot guarantee either. Users should avoid transferring or storing sensitive or private information using the services provided by UTD-Hosting. Users should make regular backups of any data hosted for them on UTD-Hosting services to avoid loss of data in case of a hardware or software error.
+</p>
+<h4>2.2 Disclosure to law enforcement agencies</h4>
+
+<p>UTD-Hosting may disclose any information pertaining to any services used by any user to any law enforcement agent who formally requests such information in writing. In such a circumstance, the user will not be notified of such a request, or UTD-Hosting's response.
+</p>
+
+<h4>2.3 Monitoring of user actions and data</h4>
+
+<p>UTD-Hosting may monitor any and all actions performed by the user, including but not limited to files uploaded via FTP, e-mails sent and received via UTD-Hosting servers, commands and programs executed by users with SSH access, and files requested via HTTP. In addition, UTD-Hosting may inspect any file, database or e-mail stored on UTD-Hosting servers, if there is suspicion that the user may be in violation of this agreement.</p> 
+
+<h3>3. Use of UTD-Hosting services</h3>
+
+<h4>3.1 Unacceptable uses</h4>
+
+<p>UTD-Hosting services may <span class="bold">not</span> be used for:
+</p>
+<ul><li> Organising or participating in illegal activity</li>
+<li> Distributing copyrighted material without the correct permission</li>
+
+<li> Distributing viruses, trojans or other malware</li>
+<li> Sending unsolicited or excessive commercial e-mail</li>
+<li> Attempting to gain illegal access to any service, server or computer, whether related to UTD-Hosting or not</li>
+</ul>
+<p>In addition, the following are forbidden:
+</p>
+<ul><li> Any script, program or other file that causes disruption to UTD-Hosting systems</li>
+<li> Attempting to gain illict access to any UTD-Hosting services</li>
+
+<li> Attempting to gain access to any files or data hosted on UTD-Hosting systems that has not been directly uploaded or created by the user.</li>
+</ul>
+<h3>4. Account cancellation</h3>
+
+<h4>4.1 Cancellation and notification</h4>
+
+<p>UTD-Hosting reserves the right to terminate any account at any time, for any of the reasons outlined in section 4.2, or, in exceptional circumstances, for any reason deemed appropriate by UTD-Hosting staff. Any payment made in advance for services from UTD-Hosting will be forfeited if an account is cancelled. Upon account cancellation, an e-mail will be sent to the account holder's address.
+</p>
+<h4>4.2 Reasons for cancellation</h4>
+
+<p>Accounts may be cancelled by UTD-Hosting without prior warning, as per condition 4.1, for the following reasons:
+</p>
+
+<ul><li> Lack of payment</li>
+<li> Any unacceptable use (as defined in section 3.1) of any service(s) provided by UTD-Hosting</li>
+</ul>
+<h4>4.3 Data availability following cancellation</h4>
+
+<p>If an account is cancelled due to lack of payment, or following a request for cancellation by the account holder, the following data will be made available for download by the account holder for seven days after the cancellation of the account:
+</p>
+<ul><li> Contents of any MySQL databases associated with the account</li>
+<li> Any unread e-mail messages</li>
+
+<li> All files stored within the account's 'home' directory</li>
+</ul>
+<p>Accounts cancelled by UTD-Hosting without consultation with the account holder, excluding accounts cancelled as a result of non-payment, are excempt from this clause. Data held for these accounts will be removed from UTD-Hosting systems within fourty-eight hours of account cancellation.
+</p>
+<h3>5. Future updates</h3>
+
+<p>These terms and conditions may be updated at any time. Users will be notified via their registered e-mail address when the terms and conditions have been updated. There will then be a two week period during which users should contact UTD-Hosting support at support@utd-hosting.com if they do not agree with the revised conditions. If, after two weeks, UTD-Hosting has not been contacted with objections, it will be assumed that the user agrees to the new conditions and they will become binding. 
+</p>

common/test.php

@@ -0,0 +1,11 @@
+<?PHP
+
+chdir('../control');
+
+require_once('lib/database.php');
+
+require_once('../common/messagemail.php');
+
+messagemail(8);
+
+?>

common/ticketmail.php

@@ -0,0 +1,66 @@
+<?PHP
+
+ function ticketmail ($ticket) {
+  $sql  = 'SELECT t.ticket_thread, u.user_name, t.ticket_body FROM tickets AS';
+  $sql .= ' t, users AS u WHERE t.ticket_id = '.$ticket.' AND u.user_id = ';
+  $sql .= 't.user_id';
+  
+  $res = mysql_query($sql);
+  $row = mysql_fetch_array($res);
+
+  $sql  = 'SELECT u.user_email, u.mail_tickets, t.ticket_title FROM tickets AS';  $sql .= ' t, users AS u';
+  $sql .= ' WHERE t.ticket_id = '.$row['ticket_thread'].' AND u.user_id = ';
+  $sql .= ' t.user_id';
+  
+  $res = mysql_query($sql);
+  $usr = mysql_fetch_array($res);
+
+  if ($usr['mail_tickets'] == '1') {
+   $to = $usr['user_email'];
+   $subject = 'UTD-Hosting ticket: '.$usr['ticket_title'];
+   $body  = 'This is an automated message. A reply has been made to one of';
+   $body .= ' your tickets. A full copy of the message follows. ';
+   $body .= 'You can view the entire thread and make replies at';
+   $body .= ' https://secure.utd-hosting.com/control/viewticket/'.$row['ticket_thread'];
+   $body .= ' and unsubscribe from these updates at ';
+   $body .= 'https://secure.utd-hosting.com/control/prefs.'."\n\n";
+   $body .= ' ============ Message from '.$row['user_name'].' ============';
+   $body .= "\n\n".$row['ticket_body']."\n\n";
+   $body .= ' ============ End of message ========= '."\n\n";
+   $body .= "Please do not ";
+   $body .= 'reply to this e-mail -- use the reply form at the URL above. ';
+   $body .= "\n\n-- UTD-Hosting support";
+   mail($to, $subject, $body, 'From: support@utd-hosting.com (UTD-Hosting support)'); 
+  }
+ }
+
+ function adminTicketMail($ticket) {
+  $sql  = 'SELECT t.ticket_title, t.ticket_thread, u.user_name, t.ticket_body FROM tickets AS';
+  $sql .= ' t, users AS u WHERE t.ticket_id = '.$ticket.' AND u.user_id = ';
+  $sql .= 't.user_id';
+
+  $res = mysql_query($sql);
+  $row = mysql_fetch_array($res);
+
+  $sql = 'SELECT user_email FROM users WHERE user_admin = 1';
+
+  $res = mysql_query($sql);
+
+  while ($usr = mysql_fetch_array($res)) {
+   $to = $usr['user_email'];
+   $subject = 'UTD-Hosting ticket: '.$row['ticket_title'];
+   $body  = 'This is an automated message. A new ticket has been posted. View it here: '; 
+   $body .= ' https://secure.utd-hosting.com/control/viewticket/'.$row['ticket_thread']."\n\n";
+   $body .= ' ============ Message from '.$row['user_name'].' ============';
+   $body .= "\n\n".$row['ticket_body']."\n\n";
+   $body .= ' ============ End of message ========= '."\n\n";
+   $body .= "Please do not ";
+   $body .= 'reply to this e-mail -- use the reply form at the URL above. ';
+   $body .= "\n\n-- UTD-Hosting support";
+   
+   mail($to, $subject, $body, 'From: support@utd-hosting.com (UTD-Hosting support)');
+  }
+
+ }
+
+?>

scripts/analyselog.php

@@ -0,0 +1,21 @@
+#!/usr/bin/php -q
+<?PHP
+
+$log = 3;
+
+$log = str_pad($log, 3, '0', STR_PAD_LEFT);
+
+$fh = fopen('/usr/local/apache/logs/'.$log.'-access_log','r');
+
+while (!feof($fh)) {
+ $line = trim(fgets($fh));
+ if (preg_match('/^.*?"[A-Z]+ (.*?) [^ ]*?" .* ([0-9]+)$/',$line,$m)) {
+  if ((int)$m[2] > 100000) {
+   echo $m[1]."\r\n";
+  }
+ } 
+}
+
+fclose($fh);
+
+?>

scripts/bandwidth.php

@@ -0,0 +1,96 @@
+#!/usr/local/php-stable/bin/php -q
+<?PHP
+
+ foreach ($argv as $v) {
+  if ($v == '--force-update') {
+   echo 'Forcing config update.'."\n";
+   define('UPDATE', true);
+  } elseif ($v == '--debug') {
+   echo 'Debug mode enabled.'."\n";
+   define('DEBUG', true);
+  } elseif ($v == '--double-debug') {
+   echo 'Double debug mode enabled.'."\n";
+   define('DOUBLEDEBUG', true);
+  }
+ }
+
+ chdir('/home/utd/control');
+ require_once('lib/database.php');
+ require_once('lib/common.php');
+ require_once('lib/log.php');
+ chdir('/home/utd/scripts');
+
+ $sql  = 'SELECT site_bandin, site_bandout, site_logpos';
+ $sql .= ', site_id, user_id FROM sites';
+
+ $res = mysql_query($sql);
+
+ $users = array();
+
+ while ($row = mysql_fetch_array($res)) {
+  if (defined('DEBUG')) { echo "Checking site ".$row['site_id']."\n"; }
+  $number = str_pad($row['site_id'], 3, '0', STR_PAD_LEFT);
+
+  if (file_exists('/usr/local/apache/logs/'.$number.'-access_log')) {
+   $access = fopen('/usr/local/apache/logs/'.$number.'-access_log','r');
+   if (defined('DEBUG')) { echo 'Opening /usr/local/apache/logs/'.$number.'-access_log for reading.'."\n"; }
+   fseek($access, (float)$row['site_logpos']);
+   while (!feof($access)) {
+    $line = trim(fgets($access));
+    if (defined('DOUBLEDEBUG') && $line != '') { echo "Read: $line\n"; }
+    if (preg_match('/^.* ([0-9]+) ([0-9]+)$/', $line, $matches)) {
+     list( , $in, $out) = $matches;
+     $row['site_bandin'] += (float)$in;
+     $row['site_bandout'] += (float)$out; 
+    } elseif (trim($line) != '') {
+     if (defined('DEBUG')) { echo "Unrecognised line: $line\n"; }
+    } 
+   }
+   $pos = ftell($access); fclose($access);
+  } else {
+   $pos = $row['site_logpos'];
+  }
+
+  if (!isset($users[($row['user_id'])])) { $users[($row['user_id'])] = 0; }
+  $users[($row['user_id'])] += $row['site_bandin'] + $row['site_bandout'];
+
+  if ($pos > 1024*1024*10) {
+   logger::log('Archiving /usr/local/apache/logs/'.$number.'-access_log (>10M)', logger::information);
+   $dir = '/usr/local/apache/logs/archived/'.$number;
+   if (!is_dir($dir)) {
+    mkdir($dir);
+    chown($dir, 'admin');
+    chmod($dir, 0700);
+   }
+   $count = count(glob($dir.'/*.log'))+1;
+   $target = $dir.'/'.str_pad($count,5,'0',STR_PAD_LEFT).'.log';
+   $pos = 0;
+   rename('/usr/local/apache/logs/'.$number.'-access_log', $target);
+  }
+
+  $sql  = 'UPDATE sites SET site_bandin = '.$row['site_bandin'];
+  $sql .= ', site_bandout = '.$row['site_bandout'];
+  $sql .= ', site_logpos = '.$pos.' WHERE site_id = ';
+  $sql .= $row['site_id'];
+
+  mysql_query($sql);
+ }
+
+ foreach ($users as $key => $val) {
+  mysql_query('UPDATE users SET band_used = '.$val.' WHERE user_id = '.$key);
+  if (defined('DEBUG')) { echo "User $key has used $val Bytes.\n"; }
+ }
+
+ $sql  = "UPDATE sites SET site_curdocroot = site_docroot WHERE ";
+ $sql .= "site_curdocroot = '/usr/local/apache/htdocs/bandquota'";
+ mysql_query($sql);
+
+ $sql  = "UPDATE users AS u, sites AS s SET s.site_curdocroot = ";
+ $sql .= "'/usr/local/apache/htdocs/bandquota' WHERE s.user_id = u.user_id AND ";
+ $sql .= "u.band_used > u.band_total";
+
+ mysql_query($sql);
+
+ require('updateconf.php'); 
+
+?>

scripts/billing.php

@@ -0,0 +1,118 @@
+#!/usr/bin/php -q
+<?PHP
+
+ chdir('/home/utd/control');
+ require_once('lib/database.php');
+ require_once('lib/log.php');
+ require_once('lib/common.php');
+ chdir('/home/utd/scripts');
+
+ // First off, let's disable anything that's not been paid
+ $sql  = 'SELECT user_id, user_email, package_name, up_expires, up_cost, ';
+ $sql .= 'up_id FROM userpackages NATURAL JOIN packages NATURAL JOIN ';
+ $sql .= 'users WHERE up_active = 1 AND up_expires < '.time();
+
+ $res  = mysql_query($sql);
+
+ while ($row = mysql_fetch_array($res)) {
+  $user = $row['user_id'];
+  $addr = $row['user_email'];
+  $name = $row['package_name'];
+  $date = $row['up_expires'];
+  $upid = $row['up_id'];
+  $cost = $row['up_cost'];
+  
+  $subj  = 'UTD-Hosting package cancellation: '.$name;
+  $body  = 'This is an automatic notifcation. The "'.$name.'" package has now ';
+  $body .= 'been disabled on your account. You will no longer have access to ';
+  $body .= 'services provided as a part of this package. If you have no other ';
+  $body .= 'active packages, your account will be automatically closed within ';
+  $body .= '14 days.'."\n\n".'If you wish to retrieve data stored in your ';
+  $body .= 'account, or wish to renew a package, or have any enquiries about ';
+  $body .= 'this message, please e-mail support@utd-hosting.com.'."\n\n";
+  $body .= ' -- UTD-Hosting support';
+  $head  = 'From: UTD-Hosting support <support@utd-hosting.com>';
+ 
+  mail($addr, $subj, $body, $head); 
+
+  $sql = 'UPDATE userpackages SET up_active = 0 WHERE up_id = '.$upid;
+
+  mysql_query($sql);
+
+  logger::log("Package '$name' cancelled (no payment)", $user, logger::info);
+ }
+
+ // Now select anything that's outstanding and doesn't have an invoice
+ $inv  = array();
+
+ $sql  = 'SELECT up_id, package_id, user_id, up_expires, up_cost FROM ';
+ $sql .= 'userpackages WHERE up_invoice = 1 AND up_active = 1 AND up_expires ';
+ $sql .= '< '.strtotime('+1 month');
+ $res  = mysql_query($sql) or print(mysql_error()."\n".$sql);
+
+ while ($row = mysql_fetch_assoc($res)) {
+  $sql  = 'SELECT bill_id FROM billitems NATURAL JOIN bills WHERE user_id = ';
+  $sql .= $row['user_id'].' AND up_id = '.$row['up_id'].' AND bill_paid = 0';
+  $re2  = mysql_query($sql);
+  
+  if (mysql_num_rows($re2) > 0) {
+   continue;
+  }
+
+  if (!isset($inv[$row['user_id']])) {
+   $inv[$row['user_id']] = array();
+  }
+
+  $inv[$row['user_id']][] = array($row['up_id'], $row['up_cost']);
+ }
+
+ // And now iterate through any invoices we need to make
+ foreach ($inv as $user => $items) {
+  $sql  = 'SELECT user_email FROM users WHERE user_id = '.$user;
+  $res  = mysql_query($sql);
+  $row  = mysql_fetch_assoc($res);
+ 
+  $tot  = 0;
+
+  foreach ($items as $data) {
+   $tot += $data[1];
+  }
+
+  // Add it to the db
+  $sql  = 'INSERT INTO bills (user_id, bill_due, bill_generated, bill_total) ';
+  $sql .= 'VALUES ('.$user.', '.strtotime('+1 month').', '.time().', '.$tot.')';
+  $res  = mysql_query($sql);
+  $bil  = mysql_insert_id();
+
+  // And the items
+  foreach ($items as $data) {
+   list($pid, $cst) = $data;
+
+   $sql  = 'INSERT INTO billitems (bill_id, up_id, bi_cost) VALUES ('.$bil.', ';
+   $sql .= $pid.', '.$cst.')';
+   $res  = mysql_query($sql);
+  }
+
+  $tot  = sprintf('%01.2f', $tot/100);
+  $pkg  = count($items).' package'.(count($items) != 1 ? 's' : '');
+
+  // And send them mail
+  $to   = $row['user_email'];
+  $subj = 'UTD-Hosting invoice notification';
+  $msg  = 'This is an automatic notification. An invoice for £'.$tot.' has ';
+  $msg .= 'been issued to you. This is for the extension of '.$pkg.' due to ';
+  $msg .= 'expire within the next month.'."\n\n";
+  $msg .= 'You may view and pay this invoice via the UTD-Hosting control panel';
+  $msg .= ' at the following address: https://secure.utd-hosting.com/control/';
+  $msg .= 'viewinvoice/'.$bil.' or you can log in normally and follow the ';
+  $msg .= '"My Invoices" link in the main menu.'."\n\n";
+  $msg .= 'If you have any queries about this invoice, please contact ';
+  $msg .= 'sales@utd-hosting.com.'."\n\n".' -- UTD-Hosting';
+  $head = 'From: UTD-Hosting accounts <sales@utd-hosting.com>';
+
+  mail($to, $subj, $msg, $head); 
+
+  logger::log("Bill issued for £$tot", $user, logger::normal);
+ }
+  
+?>

scripts/build-support-db.php

@@ -0,0 +1,12 @@
+#!/usr/bin/php -q
+<?PHP
+
+ chdir('/home/utd/control/sup');
+ $files = glob('*.php');
+ chdir('/home/utd/scripts');
+ foreach ($files as $file) {
+  if ((int)$file != 0 || (int)$file > 900) {
+   system('./get-support-article.php '.substr($file,0,3));
+  }
+ }
+?>

scripts/cplogs.php

@@ -0,0 +1,14 @@
+#!/usr/bin/php -q
+<?php
+  mysql_connect('localhost', 'admin', 'admin7521');
+  mysql_select_db('admin');
+  $message = 'Time'."\t\t\t\t\t".'User                '."\t".'Level     '."\t".'Message'."\r\n";
+  $message .= '----'."\t\t\t\t\t".'----               '."\t".'----     '."\t".'----'."\r\r";
+  $sql  = 'SELECT user_name, log_level, log_time, log_message FROM log ';
+  $sql .= 'NATURAL JOIN users WHERE log_time > UNIX_TIMESTAMP()-86400';
+  $res = mysql_query($sql);
+  while ($row = mysql_fetch_array($res)) {
+    $message .= date('r', $row['log_time'])."\t\t".str_pad($row['user_name'],20)."\t".str_pad($row['log_level'], 10)."\t".$row['log_message']."\r\r";
+  }
+  echo $message;
+?>

scripts/emailconfig.php

@@ -0,0 +1,46 @@
+#!/usr/bin/php -q
+<?PHP
+
+ chdir('/home/utd/control');
+ require_once('lib/database.php');
+ 
+ // Build the vmaildomains file
+ $fh = fopen('/etc/postfix/vmaildomains','w');
+ $sql = 'SELECT DISTINCT(domain_name) FROM email NATURAL JOIN domains';
+ $res = mysql_query($sql);
+ while ($row = mysql_fetch_assoc($res)) {
+  fputs($fh, $row['domain_name']."\tplaceholder\n");
+ } 
+ fclose($fh);
+
+ // Build the vmailbox file
+ $fh = fopen('/etc/postfix/vmailbox','w');
+ $sql  = 'SELECT email_user, e.domain_name AS ed, mailbox_user, m.domain_name AS md FROM ';
+ $sql .= 'email, mailboxes, domains AS e, domains AS m WHERE mailboxes.mailbox_id = email.mailbox_id AND ';
+ $sql .= 'e.domain_id = email.domain_id AND m.domain_id = mailboxes.domain_id';
+ $res  = mysql_query($sql);
+ while ($row = mysql_fetch_assoc($res)) {
+  if ($row['email_user'] == '%') { $row['email_user'] = ''; }
+  fputs($fh,$row['email_user'].'@'.$row['ed']."\t".$row['md'].'/'.$row['mailbox_user']."\n");
+ }
+ fclose($fh);
+
+ // And write the password file
+ $sql = 'SELECT mailbox_user, mailbox_password, domain_name FROM mailboxes NATURAL JOIN domains';
+ $res = mysql_query($sql);
+ $fhs = array();
+ while ($row = mysql_fetch_array($res)) {
+  $dir = $row['domain_name'];
+  if (!is_dir('/etc/virtual/'.$dir)) {
+   mkdir('/etc/virtual/'.$dir);
+  }
+  if (!isset($fhs[$dir])) {
+   $fhs[$dir] = fopen('/etc/virtual/'.$dir.'/passwd','w');
+  }
+  fputs($fhs[$dir],$row['mailbox_user'].':'.$row['mailbox_password']."\n");
+ }
+ foreach ($fhs as $fh) { fclose($fh); }
+
+ $sql = 'INSERT INTO actions (action_type, action_value, user_id) VALUES (\'restart\', \'postfix\', 5)';
+ mysql_query($sql);
+?>

scripts/get-support-article.php

@@ -0,0 +1,20 @@
+#!/usr/bin/php -q
+<?PHP
+
+ if (!ctype_digit($argv[1])) { die('Usage: ./get-support-article.php <id>'); }
+
+ chdir('/home/utd/control/');
+ define('NOLOGINREF', true);
+ require_once('lib/database.php');
+ require_once('lib/dashboard.php');
+ define('SUPPORT_INDEX', True);
+ 
+ $file = str_pad($argv[1],3,'0',STR_PAD_LEFT);
+
+ if (file_exists('sup/'.$file.'.php')) {
+  require_once('sup/'.$file.'.php');
+  file_put_contents('sup/search/'.$file.'.txt', SUPPORT_TITLE."\n\n".strip_tags(SUPPORT_BODY));
+ } else {
+  die('Support article not found');
+ }
+?>

scripts/redflag.php

@@ -0,0 +1,59 @@
+#!/usr/bin/php -q
+<?PHP
+
+ chdir('/home/utd/control');
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ chdir('/home/utd/scripts');
+
+function sendToHost($host,$method,$path,$data,$useragent=0)
+{
+ // Supply a default method of GET if the one passed was empty
+ if (empty($method))
+  $method = 'GET';
+ $method = strtoupper($method);
+ $fp = fsockopen($host,80);
+ if ($method == 'GET')
+  $path .= '?' . $data;
+ fputs($fp, "$method $path HTTP/1.1\r\n");
+ fputs($fp, "Host: $host\r\n");
+ fputs($fp, "Content-Type: application/x-www-form-urlencoded\r\n");
+ if ($method == 'POST')
+  fputs($fp, "Content-length: " . strlen($data) . "\r\n");
+ if ($useragent)
+  fputs($fp, "User-Agent: MSIE\r\n");
+ fputs($fp, "Connection: close\r\n\r\n");
+ if ($method == 'POST')
+  fputs($fp, $data);
+
+ while (!feof($fp))
+  $buf .= fgets($fp,128);
+ fclose($fp);
+ return $buf;
+}
+
+ $sql = 'SELECT signup_id, signup_data FROM signups WHERE signup_checked = 0';
+ $res = mysql_query($sql) or print(mysql_error());
+ while ($row = mysql_fetch_array($res)) {
+  $data = unserialize($row['signup_data']);
+
+  $query = 'appid=MD87scripts&query='.urlencode($data['data']['phone']);
+  $query .= '&type=phrase&adult_ok=1&similar_ok=1&output=php';
+  $re = sendToHost('api.search.yahoo.com', 'get', '/WebSearchService/V1/webSearch',$query); 
+
+  if (preg_match('/"totalResultsAvailable";i:([0-9]+);/',$re, $m)) {
+   if ((int)$m[1] > 0) {
+    logger::log('Red flagged account '.$data['data']['user'],logger::important);
+    $sql = 'SELECT user_id FROM users WHERE user_name = \'';
+    $sql .= mysql_real_escape_string($data['data']['user']).'\'';
+    $re = mysql_query($sql);
+    $ro = mysql_fetch_array($re);
+    $sql = 'INSERT INTO actions (user_id, action_type) VALUES ('.$ro[0].', \'';
+    $sql .= 'lock\')';
+    mysql_query($sql);
+   } 
+  }
+  mysql_query('UPDATE signups SET signup_checked=1 WHERE signup_id = '.$row[0]);
+ }
+
+?>

scripts/resetstats.php

@@ -0,0 +1,38 @@
+#!/usr/local/php-stable/bin/php -q
+<?PHP
+
+ foreach ($argv as $v) {
+  if ($v == '--debug') {
+   define('DEBUG', true);
+  }
+ }
+
+ mysql_connect('localhost', 'admin', 'admin7521');
+ mysql_select_db('admin');
+
+ $sql = 'SELECT user_id, user_limitstarts, user_limitends, band_used, hdd_used FROM users WHERE ';
+ $sql .= ' user_limitends < '.time();
+
+ $res = mysql_query($sql);
+
+ while ($row = mysql_fetch_array($res)) {
+  $sql = 'INSERT INTO historic_user (user_id, hu_start, hu_end, hu_hdd, hu_bw)';
+  $sql .= ' VALUES ('.$row['user_id'].', '.$row['user_limitstarts'].', ';
+  $sql .= time().', '.$row['hdd_used'].', '.$row['band_used'].')';
+
+  mysql_query($sql) or die(mysql_error());
+  
+  $sql = 'UPDATE users SET user_limitstarts = '.time().', user_limitends = ';
+  $sql .= (time() + 2629728).', band_used = 0 WHERE user_id = ';
+  $sql .= $row['user_id'];
+
+  mysql_query($sql) or die(mysql_error());
+
+  $sql = 'UPDATE sites SET site_bandin = 0, site_bandout = 0 WHERE user_id = ';
+  $sql .= $row['user_id'];
+
+  mysql_query($sql) or die(mysql_error());
+ 
+ }
+
+?>

scripts/stats.php

@@ -0,0 +1,22 @@
+#!/usr/local/php-stable/bin/php -q
+<?PHP
+
+ mysql_connect('', '', '');
+ mysql_select_db('');
+
+ $sql = 'SELECT site_id, site_name FROM sites';
+ $res = mysql_query($sql);
+ while ($row = mysql_fetch_array($res)) {
+  $id = str_pad($row[0],3,'0',STR_PAD_LEFT);
+  if (!is_dir('/home/utd/stats/'.$id)) {
+   mkdir('/home/utd/stats/'.$id);
+  }
+  if (!file_exists('/usr/local/apache/logs/'.$id.'-access_log')) {
+   continue;
+  }
+  $row[1] = addslashes($row[1]);
+  system('/usr/local/bin/webalizer -o /home/utd/stats/'.$id.'/ -n \''.$row[1].'\' -t \''.$row[1].'\' -N 5 -D /home/utd/dnscache /usr/local/apache/logs/'.$id.'-access_log');
+ }
+
+
+?>

scripts/tacmail.php

@@ -0,0 +1,28 @@
+#!/usr/bin/php -q
+<?PHP
+
+ chdir('/home/utd/control/');
+ require_once('lib/database.php');
+
+ function tacmail() {
+  $sql  = 'SELECT user_email FROM users';
+  
+  $res = mysql_query($sql);
+  
+  while ($usr = mysql_fetch_array($res)) { 
+   $to = $usr['user_email'];
+   $subject = 'UTD-Hosting terms and conditions update'; 
+   $body  = 'This is an automated message. The terms and conditions governing'; 
+   $body .= ' your UTD-Hosting account have been updated. Please review these';
+   $body .= ' changes by logging into the customer control panel, located at';
+   $body .= ' https://secure.utd-hosting.com/control/. If you do not agree to';
+   $body .= ' these new terms and conditions, please contact support@utd-hosting.com';
+   $body .= ' within two weeks.';
+   $body .= "\n\n-- UTD-Hosting support";
+   mail($to, $subject, $body, 'From: support@utd-hosting.com (UTD-Hosting support)'); 
+  }
+ }
+
+ tacmail();
+
+?>

scripts/tickets.php

@@ -0,0 +1,33 @@
+#!/usr/local/php-stable/bin/php -q
+<?PHP
+
+ require('/home/utd/common/ticketmail.php');
+
+ mysql_connect('', '', '');
+ mysql_select_db('');
+
+ $sql  = 'SELECT ticket_id, user_id FROM tickets WHERE ticket_status = \'new\'';
+ $sql .= ' AND ticket_time <= '.(time()-60*60*24*3).' AND ticket_time > ';
+ $sql .= (time()-60*60*24*2); 
+
+ $res = mysql_query($sql);
+
+ while ($row = mysql_fetch_array($res)) {
+  $sql  = 'UPDATE billing SET bill_due = bill_due + 5356800 WHERE user_id = ';
+  $sql .= $row['user_id'].' AND bill_paid < 2';
+  mysql_query($sql);
+
+  $sql  = 'INSERT INTO tickets (user_id, ticket_status, ticket_thread, ';
+  $sql .= ' ticket_title, ticket_body, ticket_time) VALUES (5, \'reply\',';
+  $sql .= ' '.$row['ticket_id'].', \'Apologies.\', \'This ticket has been ';
+  $sql .= 'unaddressed for over 48 hours. Your account has been automatically';
+  $sql .= ' credited with an extra two months hosting.'."\r\n\r\n".' We apologise';
+  $sql .= ' for the inconvenience.\', '.time();
+  $sql .= ')';
+
+  mysql_query($sql);
+
+  ticketmail(mysql_insert_id());
+ }
+
+?>

scripts/updateconf.php

@@ -0,0 +1,5 @@
+<?PHP
+
+ mysql_query('INSERT INTO actions (user_id, action_type, action_value) VALUES (5, \'updateconf\', \'apache\')');
+
+?>

signup/.htaccess

@@ -0,0 +1,5 @@
+RewriteEngine On
+
+RewriteRule ^(/?signup)?/?([a-z]+)$ /signup/$2.php [L]
+RewriteRule ^(/?signup)?/?([0-9])$ /signup/index.php [L]
+RewriteRule ^(/?signup)?/?:([0-9]+)$ /signup/index.php?ref=$2 [L]

signup/1.php

@@ -0,0 +1,32 @@
+<?PHP
+
+ if (isset($_POST['type']) && ($_POST['type'] == 'newuser' || $_POST['type'] == 'olduser')) {
+  $_SESSION['stage'] = 2;
+  $_SESSION['type'] = $_POST['type'];
+  header('Location: /signup/2');
+  exit; 
+ }
+
+
+?>
+<p>
+ Welcome to UTD-Hosting. Please select the type of package you wish to purchase.
+</p>
+<form action="/signup/1" method="post">
+<ul id="main">
+ <li>
+  <dl>
+   <dt><input type="radio" name="type" value="newuser" checked="checked"> New user</dt>
+   <dd>If you are new to UTD-Hosting, or wish to open an additional completely seperate account, select this option.</dd>
+  </dl>
+ </li>
+ <li>
+  <dl>
+   <dt><input type="radio" name="type" value="olduser"> Existing user</dt>
+   <dd>If you already have a UTD-Hosting account and wish to purchase
+    additional bandwidth/hdd space, select this option.</dd>
+  </dl>
+ </li>
+</ul>
+<input type="submit" value="Next" style="float: right;">
+</form>

signup/2.php

@@ -0,0 +1,9 @@
+<?PHP
+
+ if ($_SESSION['type'] == 'newuser') {
+  require_once('2new.php');
+ } else {
+  require_once('2old.php');
+ }
+
+?>

signup/2new.php

@@ -0,0 +1,136 @@
+<?PHP
+
+ if (isset($_POST['back'])) {
+  $_SESSION['stage'] = 1;
+  header('Location: /signup/1');
+  exit;
+ }
+
+ if (isset($_SESSION['data']) && !isset($_POST['user'])) {
+  $_POST = $_SESSION['data'];
+ }
+
+ function moo() {
+  if (!isset($_POST['user'])) {
+   return;
+  }
+  if (!ctype_alnum($_POST['user'])) {
+   echo '<div id="message">Please choose a username that only contains letters and/or numbers.</div>';
+   return;
+  }
+  if (!isset($_POST['pass1']) || !isset($_POST['pass2'])) {
+   echo '<div id="message">Please enter a password.</div>';
+   return;
+  }
+  if (($err = validPass($_POST['pass1'])) !== true) {
+   echo '<div id="message">'.$err.'</div>';
+   return;
+  }
+  if ($_POST['pass1'] != $_POST['pass2']) {
+   echo '<div id="message">Passwords do not match. Please confirm your password.</div>'; 
+   return;
+  }
+  if (strlen($_POST['name']) < 5 || strpos($_POST['name'],' ') === false) {
+   echo '<div id="message">Please enter your full name.</div>';
+   return;
+  }
+  if (empty($_POST['email']) || !preg_match('/^[^@]+@([^\.@:\[\]\(\)]+\.)+[a-z]{2,}$/i', $_POST['email'])) {
+   echo '<div id="message">Please enter a valid e-mail address.</div>';
+   return;
+  }
+ 
+  require_once('../control/lib/database.php');
+
+  $sql = 'SELECT bu_name FROM banneduser';
+  $res = mysql_query($sql);
+  while ($row = mysql_fetch_array($res)) {
+   $nick = $row[0];
+   if (strpos(strtolower($_POST['user']), strtolower($nick)) !== false) {
+    echo '<div id="message">That username is not permitted. Please chose another.</div>';
+    return;
+   }
+  }
+
+  $sql = 'SELECT user_id FROM users WHERE LCASE(user_name) = \''.mysql_real_escape_string(strtolower($_POST['user'])).'\'';
+  $res = mysql_query($sql);
+  if (mysql_num_rows($res) > 0) {
+   echo '<div id="message">That username is in use. Please select another.</div>';
+   return;
+  }
+
+  if (isset($_POST['proceed'])) {
+   unset($_POST['proceed']);
+   $_SESSION['data'] = $_POST; 
+   $_SESSION['stage'] = 3;
+   header('Location: /signup/3');
+   exit;
+  }
+
+ }
+
+ moo();
+
+
+?>
+<p>
+ Your username and password will be the ones you use to log in to the control
+ panel and FTP. Your password should be between 5 and 20 characters, and contain
+ at least one upper case letter, one lower case letter, and one number.
+</p>
+<form action="/signup/2" method="post">
+<input type="hidden" name="proceed" value="...">
+<table>
+ <tr>
+  <th>Username:</th>
+  <td><input type="text" name="user"<?PHP if (isset($_POST['user'])) { echo ' value="'.htmlentities($_POST['user']).'"'; } ?>></td>
+ </tr>
+ <tr>
+  <th>Password:</th>
+  <td><input type="password" name="pass1"<?PHP if (isset($_POST['pass1'])) { echo ' value="'.htmlentities($_POST['pass1']).'"'; } ?>></td>
+ </tr>
+ <tr>
+  <th>Confirm password:</th>
+  <td><input type="password" name="pass2"<?PHP if (isset($_POST['pass2'])) { echo ' value="'.htmlentities($_POST['pass2']).'"'; } ?>></td>
+ </tr>
+</table>
+<p>
+ The following basic contact information is required.
+</p>
+<table>
+ <tr>
+  <th>Full name:</th>
+  <td><input type="text" name="name"<?PHP if (isset($_POST['name'])) { echo ' value="'.htmlentities($_POST['name']).'"'; } ?>></td>
+ </tr>
+ <tr>
+  <th>E-mail address:</th>
+  <td><input type="text" name="email"<?PHP if (isset($_POST['email'])) { echo ' value="'.htmlentities($_POST['email']).'"'; } ?>></td>
+ </tr>
+</table>
+<p>
+ Optional extended contact details.
+</p>
+<table style="margin-bottom: 10px;">
+ <tr>
+  <th>Telephone:</th>
+  <td><input type="text" name="phone"<?PHP if (isset($_POST['phone'])) { echo ' value="'.htmlentities($_POST['phone']).'"'; } ?>></td>
+ </tr>
+ <tr>
+  <th>Address:</th>
+  <td><input type="text" name="addr"<?PHP if (isset($_POST['addr'])) { echo '
+value="'.htmlentities($_POST['addr']).'"'; } ?>></td>
+ </tr>
+</table>
+<p>
+ Your personal information will be stored on this server (which is located in
+ the United States of America), will not be disclosed to any third parties
+ unless required by law,
+ and will only be used by UTD-Hosting to contact you with regard to matters
+ directly concerning your UTD-Hosting account. All resonable actions will be undertaken to safeguard this data from external access.
+ If you do not agree to this,
+ please discontinue the signup process.
+</p>
+<input type="submit" name="forward" value="Next" style="float: right;">
+</form>
+<form action="/signup/2" method="post">
+ <input type="submit" name="back" value="Previous">
+</form>

signup/2old.php

@@ -0,0 +1,46 @@
+<?PHP
+
+ if (isset($_POST['back'])) {
+  $_SESSION['stage'] = 1;
+  header('Location: /signup/1');
+  exit;
+ }
+
+ if (isset($_POST['user']) && isset($_POST['pass'])) {
+  require_once('../control/lib/database.php');
+  $pass = md5($_POST['user'].$_POST['pass']);
+  $user = mysql_real_escape_string($_POST['user']);
+  $sql = 'SELECT user_id FROM users WHERE user_name = \''.$user.'\' AND user_pass = \''.$pass.'\'';
+  $res = mysql_query($sql);
+  if (mysql_num_rows($res) != 1) {
+   echo '<div id="message">Invalid username or password</div>';
+  } else {
+   $row = mysql_fetch_array($res);
+   $_SESSION['UID'] = $row[0];
+   $_SESSION['stage'] = 3;
+   header('Location: /signup/3');
+   exit;
+  }
+ }
+
+
+?>
+<p>
+ Please enter your existing UTD-Hosting username and password.
+</p>
+<form action="/signup/2" method="post">
+<table style="margin-bottom: 20px;">
+ <tr>
+  <th>Username:</th>
+  <td><input type="text" name="user"<?PHP if (isset($_POST['user'])) { echo ' value="'.htmlentities($_POST['user']).'"'; } ?>></td>
+ </tr>
+ <tr>
+  <th>Password:</th>
+  <td><input type="password" name="pass"></td>
+ </tr>
+</table>
+<input type="submit" name="forward" value="Next" style="float: right;">
+</form>
+<form action="/signup/2" method="post">
+ <input type="submit" name="back" value="Previous">
+</form>

signup/3.php

@@ -0,0 +1,42 @@
+<?PHP
+ if (isset($_POST['back'])) {
+  $_SESSION['stage'] = 2;
+  header('Location: /signup/2');
+  exit;
+ }
+ if (isset($_POST['agree'])) {
+  if (strtoupper($_POST['agree']) == 'I AGREE') {
+   $_SESSION['stage'] = 4;
+   $_SESSION['tac'] = $_SESSION['TAC_L'];
+   header('Location: /signup/4');
+   exit;
+  } else {
+   echo '<div id="message">If you agree to the terms and conditions please type <code>I AGREE</code> into the text box.</div>';
+  }
+ }
+?>
+<p class="blurb">
+ Please review the UTD-Hosting terms &amp; conditions. If you do not agree to
+ these terms, please discontinue with the signup procedure.
+</p>
+<hr>
+<?PHP
+
+ $stuff = file_get_contents('../common/tac.txt');
+ $_SESSION['TAC_L'] = substr($stuff,0,4);
+ echo substr($stuff,4);
+
+?>
+<hr>
+<p class="blurb">
+ Please indicate your acceptance of these terms and conditions by typing 
+ <code>I AGREE</code> in the box below.
+</p>
+<form action="/signup/3" method="post">
+ <input type="text" name="agree" style="margin-bottom: 20px;">
+ <input type="submit" name="forward" value="Next" style="float: right;">
+</form>
+<form action="/signup/3" method="post">
+ <input type="submit" name="back" value="Previous">
+</form>
+

signup/4.php

@@ -0,0 +1,81 @@
+<?PHP
+ if (isset($_POST['back'])) {
+  $_SESSION['stage'] = 3;
+  header('Location: /signup/3');
+  exit;
+ }
+ if (isset($_POST['slot'])) {
+  $_SESSION['slot'] = $_POST['slot'];
+  $_SESSION['discount'] = $_POST['discount'];
+  if ($_SESSION['type'] != 'newuser') {
+   $_SESSION['action'] = 'deferred';
+   mysql_query('INSERT INTO signups (signup_ip, signup_time, signup_data) VALUES (\''.$_SERVER['REMOTE_ADDR'].'\', '.time().', \''.mysql_real_escape_string(serialize($_SESSION)).'\')');
+   logger::log('Deferred signup (type: '.$_SESSION['type'].'; slots: '.$_SESSION['slot'].')',logger::important);
+  } else {
+   addUser($_SESSION['data']['user'], $_SESSION['data']['email'], $_SESSION['data']['pass1'], $_SESSION['tac'], $_POST['slot']);
+   logger::log('Autoprocessed signup for user '.$_SESSION['data']['user'].' ['.$_POST['slot'].' slots]',logger::normal);
+   $name = $_SESSION['data']['name'];
+   $user = strtolower($_SESSION['data']['user']);
+   $message = "Dear $name,
+
+Thank you for signing up for UTD-Hosting. Your account has been created, and as soon as you've paid you will be able to start uploading your website.
+
+Your username is $user
+
+To log in to the customer control panel, go to https://secure.utd-hosting.com/control (don't worry if your browser gives you an error message about the ssl certificate - the connection is still encrypted), and enter your username as it appears above, and the password you used during the signup procedure.
+
+When you are ready to upload your site, use an FTP client to connect to asimov.utd-hosting.com, using your control panel login details. A default site has been created for you, which can be accessed via the address http://$user.utd-hosting.com/. To upload files to this site, navigate to the public_html directory once you are connected.
+
+If you have any questions, please check the support section of the control panel at https://secure.utd-hosting.com/control/support. If you still have queries, please raise a ticket via the control panel, or e-mail support@utd-hosting.com.
+
+-- UTD-Hosting support 
+
+[ If you did not sign up to UTD-Hosting, please e-mail admins@utd-hosting.com and we will remove your e-mail address ]";
+   mail($_SESSION['data']['email'], 'Your UTD-Hosting account', $message, "From: support@utd-hosting.com");
+   $_SESSION['action'] = 'processed';
+   mysql_query('INSERT INTO signups (signup_ip, signup_time, signup_data, signup_processed) VALUES (\''.$_SERVER['REMOTE_ADDR'].'\', '.time().', \''.mysql_real_escape_string(serialize($_SESSION)).'\', 1)');
+  }
+  $_SESSION['stage'] = 5;
+  header('Location: /signup/5');
+  exit;
+ }
+?>
+<form action="/signup/4" method="post">
+<p class="blurb">
+ Please select the amount of
+ <?PHP if ($_SESSION['type'] != 'newuser') { echo 'additional'; } ?>
+ server slots you would like to purchase
+</p>
+<table>
+ <tr>
+  <td><input type="radio" name="slot" value="1" checked="checked"></td>
+  <td>One slot</td>
+  <td>£35 / year</td>
+  <td>3.5 GB Storage</td>
+  <td>50 GB Transfer / month</td>
+ </tr>
+ <tr>
+  <td><input type="radio" name="slot" value="2"></td>
+  <td>Two slots</td>
+  <td>£70 / year</td>
+  <td>7.0 GB Storage</td>
+  <td>100 GB Transfer / month</td>
+ </tr>
+ <tr>
+  <td><input type="radio" name="slot" value="3"></td>
+  <td>Three slots</td>
+  <td>£100 / year</td>
+  <td>10.5 GB Storage</td>
+  <td>150 GB Transfer / month</td>
+ </tr>
+</table>
+<p class="blurb">
+ If you have a discount code, please enter it in the text box below.
+</p>
+<input type="text" name="discount" style="width: 300px; margin: 10px;">
+<br>
+ <input type="submit" name="forward" value="Next" style="float: right;">
+</form>
+<form action="/signup/4" method="post">
+ <input type="submit" name="back" value="Previous">
+</form>

signup/5.php

@@ -0,0 +1,34 @@
+<p>
+<?PHP if ($_SESSION['action'] == 'deferred' && $_SESSION['type'] == 'newuser') { ?>
+ Thank you. Your application has been deferred to our admin team, and your account will be set up shortly. You should receive an e-mail within 24 hours containing details on how to access the control panel and how to pay your first bill. If you have any questions before you get a control panel login, please mail <a href="mailto:support@utd-hosting.com">support@utd-hosting.com</a>.
+<?PHP } elseif ($_SESSION['action'] == 'deferred') { ?>
+Thank you. Your request has been deferred to our admin team, who will contact you shortly about new billing arrangements and your new account limits. 
+<?PHP } else { ?>
+Thank you. Your application has been processed and you may now log into our <a href="/control">control panel</a> and pay for your account. If you require any assistance, please mail <a href="mailto:support@utd-hosting.com">support@utd-hosting.com</a>.
+</p>
+<p>
+<form action="/control" method="post">
+ <input type="submit" value="Continue">
+</form>
+<?PHP } ?>
+</p>
+<!-- Google Code for SIGNUP Conversion Page -->
+<script language="JavaScript" type="text/javascript">
+<!--
+var google_conversion_id = 1065381349;
+var google_conversion_language = "en_GB";
+var google_conversion_format = "1";
+var google_conversion_color = "666666";
+if (35.0) {
+  var google_conversion_value = 35.0;
+}
+var google_conversion_label = "SIGNUP";
+//-->
+</script>
+<script language="JavaScript" src="https://www.googleadservices.com/pagead/conversion.js">
+</script>
+<noscript>
+<img height=1 width=1 border=0 src="https://www.googleadservices.com/pagead/conversion/1065381349/?value=35.0&label=SIGNUP&script=0">
+</noscript>
+
+                                    

signup/inc/sessions.php

@@ -0,0 +1,14 @@
+<?PHP
+
+session_name('UTDsignup');
+session_start();
+
+if (!isset($_SESSION['stage'])) {
+ $_SESSION['stage'] = 1;
+}
+
+if (isset($_GET['ref'])) {
+ $_SESSION['ref'] = $_GET['ref'];
+}
+
+?>

signup/index.php

@@ -0,0 +1,107 @@
+<?PHP
+
+chdir('/home/utd/control');
+define('NOLOGINREF', true);
+require_once('lib/account.php');
+require_once('lib/common.php');
+require_once('lib/database.php');
+
+chdir('/home/utd/signup');
+require('inc/sessions.php');
+
+ob_start();
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+  <title>UTD-Hosting :: Signup</title>
+  <style type="text/css">
+   body {
+    margin: 80px 200px;
+    font-family: Tahoma, Arial, sans-serif; 
+    background-color: #fff;
+   }
+
+   p.blurb { font-style: italic; }
+
+   div.status {
+    float: right;
+    font-size: small;
+    font-variant: small-caps;
+    color: #aaa; 
+    text-align: center;
+    margin: 0px 10px;
+    width: 60px;
+   }
+   div.status span {
+    font-size: 60px;
+    font-weight: bold;
+   }
+   div.past { color: #eee; }
+   div.current { color: #000; } 
+
+   div#content {
+    clear: both;
+    padding-top: 20px;
+    font-size: small;
+   }
+   
+   th { text-align: right; width: 150px; }
+
+   ul#main {
+    list-style-type: none;
+    margin: 30px 0px;
+   }
+   dt { font-weight: bold; }
+   dd { margin: 5px 0px 20px 30px; }
+  
+   p#footer { clear: both; padding-top: 20px; font-style: italic; font-size: x-small; text-align: center; } 
+   
+   img#logo { float: left; }
+
+   hr { border: 0px; border-top: 1px solid #aaa; background-color: transparent; }
+
+   div#message {
+    border: 2px dashed #FAA;	
+    background-color: #FEE;
+    margin-bottom: 20px;
+    padding: 10px;
+   }
+  </style>
+ </head>
+ <body>
+  <img src="/control/res/logo.png" alt="UTD-Hosting" id="logo">
+<?PHP
+
+ $status = array(1=>'Signup type',2=>'Account details',3=>'Terms &amp; Conditions',4=>'Advanced details',5=>'Payment');
+
+ for ($i = 5; $i > 0; $i--) {
+  echo '<div class="status';
+  if ($_SESSION['stage'] == $i) {
+   echo ' current';
+  } elseif ($_SESSION['stage'] > $i) {
+   echo ' past';
+  } else {
+   echo ' future';
+  }
+  echo '"><span>'.$i.'</span><br>'.$status[$i].'</div>';
+ }
+
+?>
+  <div id="content">
+<?PHP
+
+ if (file_exists($_SESSION['stage'].'.php')) {
+  require_once($_SESSION['stage'].'.php');
+ }
+
+?> 
+  </div>
+  <p id="footer">
+   Copyright (&copy;) UTD-Hosting, 2005-2006. All rights reserved.
+   <br>PROBLEMS? E-mail <a href="mailto:support@utd-hosting.com">support@utd-hosting.com</a> for assistance.
+  </p>
+ </body>
+</html>
+<?PHP ob_end_flush(); ?>