Initial import

.htaccess

@@ -0,0 +1,5 @@
+RewriteEngine On
+
+RewriteRule ^([a-z0-9]+)$ /control/$1.php [L]
+RewriteRule ^([a-z]+)/([0-9]+)$ /control/$1.php?n=$2 [L]
+RewriteRule ^([a-z]+)/([0-9]+)/(.*?)$ /control/$1.php?n=$2&f=$3 [L]

403.php

@@ -0,0 +1,21 @@
+<?PHP
+
+ define('FORBIDDEN', true);
+ define('NOLOGINREF', true);
+
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ define('TITLE', 'Forbidden');
+
+ addDashboardItem('Useful links', 'Support section', 'support');
+
+ if (!defined('REASON')) { header('Location: '.CP_PATH.'login'); }
+ 
+ require_once('lib/header.php');
+ require_once('pages/forbidden.php');
+ require_once('lib/footer.php');
+
+?>

account.php

@@ -0,0 +1,24 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'My Account');
+ 
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding bills?', 'support/008');
+ addDashboardItem('Useful links', 'Change password', 'changepass');
+ addDashboardItem('Useful links', 'Apply discount', 'discount');
+ addDashboardItem('Useful links', 'My invoices', 'invoices');
+ addDashboardItem('Useful links', 'Referrals', 'ref');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/prefs.php');
+ require_once('pages/packages.php');
+  
+ require_once('lib/footer.php');
+
+
+?>

addsite.php

@@ -0,0 +1,74 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/account.php');
+
+ checkAccess(HAS_HOSTING);
+ 
+ define('TITLE', 'Add site');
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+  
+ function meep () {
+  if (!isset($_POST['docroot']) || !isset($_POST['domain'])) {
+   return;
+  }
+  if (!ctype_digit($_POST['domain'])) {
+   define('MESSAGE', 'Invalid domain name');
+   return;
+  }
+  $path = '/home/'.USER.'/'.$_POST['docroot'];
+  $path = preg_replace('#/(.*?)/\.\./#','/',$path);
+  $path = preg_replace('#//+#','/',$path);
+  $path = preg_replace('#/\./#', '/', $path);
+  if (substr($path, 0, strlen('/home/'.USER.'/')) != '/home/'.USER.'/') {
+   logger::log('Potential attack; attempted to create site with doc root "'.$_POST['docroot'].'"',logger::normal);
+   define('MESSAGE', 'Invalid document root');
+   return;
+  }
+  if (substr($path,-1) == '/') { $path = substr($path,0,-1); }
+  $sql = 'SELECT user_id, domain_name FROM domains WHERE domain_id = '.m($_POST['domain']);
+  $res = mq($sql, __FILE__, __LINE__);
+  if (mysql_num_rows($res) == 0) {
+   define('MESSAGE', 'No such domain name');
+   return;
+  }
+  $row = mysql_fetch_array($res);
+  if ($row['user_id'] != UID) {
+   logger::log('Potential attack; attempted to create site with domain name "'.$row['domain_name'].'" (belongs to another user)', logger::normal);
+   define('MESSAGE', 'No such domain name');
+   return;
+  }
+  $sql = 'SELECT record_value FROM records WHERE domain_id = '.m($_POST['domain']).' AND record_type = \'UTD\'';
+  $re2 = mq($sql, __FILE__, __LINE__);
+  if (mysql_num_rows($re2) > 0) {
+   define('MESSAGE', 'Domain name is already associated with another site.');
+   return;
+  }
+  $sql = 'INSERT INTO sites (user_id, site_name, site_docroot, site_curdocroot) VALUES ('.UID.', \''.m($row['domain_name']).'\',\''.m($path).'\',\''.m($path).'\')';
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  $id = mysql_insert_id();
+  $sql = 'INSERT INTO records (record_type, domain_id, record_value) VALUES (\'UTD\', '.m($_POST['domain']).', \''.m($id).'\')';
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+  $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';
+  $sql .= UID . ', \'updateconf\', \'bind\')';
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+  logger::log('Added site: '.$row['domain_name'].' ['.$path.']', logger::info);
+  header('Location: '.CP_PATH.'editsite/'.$id);
+  exit;
+ }
+
+ meep();
+
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/addsite.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

admin.menu.php

@@ -0,0 +1,17 @@
+<?PHP
+
+ addDashboardItem('Admin pages', '*Main menu' ,'admin');
+ addDashboardItem('Admin pages', 'Ticket management', 'admintickets');
+ addDashboardItem('Admin pages', 'Invoice management', 'admininvoices');
+ addDashboardItem('Admin pages', 'Ban management', 'adminbans');
+ addDashboardItem('Admin pages', 'Discount management', 'admindiscounts');
+ addDashboardItem('Admin pages', 'Finances', 'adminfinances');
+ addDashboardItem('Admin pages', 'User management', 'adminusers');
+ addDashboardItem('Admin pages', 'Domain management', 'admindomains');
+ addDashboardItem('Admin pages', 'Site management', 'adminsites');
+ addDashboardItem('Admin pages', 'Reports', 'adminreports');
+ addDashboardItem('Admin pages', 'Wiki', 'adminwiki');
+ addDashboardItem('Admin pages', 'Logs', 'adminlogs');
+ addDashboardItem('Admin pages', 'Announcements', 'adminannouncements');
+
+?>

admin.php

@@ -0,0 +1,31 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+
+ if (count($_POST) > 0) {
+  foreach ($_POST as $key => $value) {
+   list($service, $action) = explode('_', $key);
+   $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';
+   $sql .= UID . ', \'' . m($action) . '\', \'' . m($service) . '\')';
+   mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   define('MESSAGE', 'Action scheduled');
+   break;
+  }
+ }
+
+ require_once('admin.menu.php');
+ 
+ define('TITLE', 'Admin');
+
+ require_once('lib/header.php');
+
+ require_once('pages/admin.menu.php');
+ require_once('pages/admin.actions.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminannouncements.php

@@ -0,0 +1,52 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Announcements');
+
+ require_once('admin.menu.php');
+
+ if (get_magic_quotes_gpc()) {
+  foreach ($_POST as $k => $v) {
+   $_POST[$k] = stripslashes($v);
+  }
+ }
+
+ if (isset($_POST['title']) && isset($_POST['type']) && isset($_POST['body'])) {
+  if (isset($_POST['preview'])) {
+   define('MESSAGE_TITLE', $_POST['title']);
+   define('MESSAGE_TYPE', 'preview: ' . $_POST['type']);
+   define('MESSAGE_TIME', time());  
+   define('MESSAGE_BODY', $_POST['body']);
+
+   require_once('lib/header.php');
+   require_once('pages/viewmessage.php');
+  } else {
+   $sql  = 'INSERT INTO messages (message_type, message_title, message_time,';
+   $sql .= ' message_body) VALUES (\'' . m($_POST['type']) . '\', \'';
+   $sql .= m($_POST['title']) . '\', ' . time() . ', \'' . m($_POST['body']);
+   $sql .= '\')';
+
+   mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+   if ($_POST['type'] == 'announcement') {
+    require_once('/home/utd/common/messagemail.php');
+    messagemail(mysql_insert_id());  
+   }
+
+   header('Location: ' . CP_PATH . 'adminannouncements');
+   exit();
+  }
+ } else {
+  require_once('lib/header.php');
+  require_once('pages/admin.announcements.php');
+ }
+ require_once('pages/admin.addannouncement.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminbans.php

@@ -0,0 +1,57 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Ban management');
+
+ if (isset($_GET['n']) && ctype_digit($_GET['n'])) {
+  $sql  = 'SELECT ipban_ip, ipban_expires FROM ipbans WHERE ipban_id = ';
+  $sql .= $_GET['n'];
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  $row = mysql_fetch_array($res);
+  logger::log('Expiring ban on '.$row['ipban_ip'].' (expirary: '.duration($row[
+'ipban_expires'] - time()).'; id: '.$_GET['n'].')', logger::normal);
+  $sql = 'UPDATE ipbans SET ipban_expires = 0 WHERE ipban_id = '.$_GET['n'];
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'adminbans');
+  exit;
+ }
+
+ if (isset($_GET['d']) && ctype_digit($_GET['d'])) {
+  $sql  = 'SELECT ipban_ip, ipban_expires FROM ipbans WHERE ipban_id = ';
+  $sql .= $_GET['d'];
+  $res  = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  $row  = mysql_fetch_assoc($res);
+
+  logger::log('Deleting ban on '.$row['ipban_ip'].' (expirary: '.duration($row['ipban_expires'] - time(), true).'; id: '.$_GET['d'].')', logger::normal);
+
+  $sql = 'DELETE FROM ipbans WHERE ipban_id = ' . $_GET['d'];
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'adminbans');
+  exit;
+ }
+
+ if (isset($_POST['ip'])) {
+  $sql  = 'INSERT INTO ipbans (ipban_ip, ipban_message, ipban_expires) VALUES ';
+  $sql .= '(\''.m($_POST['ip']).'\', \''.m($_POST['reason']).'\', ';
+  $sql .= strtotime($_POST['expirary']).')';
+  logger::log('Placing ban on '.$_POST['ip'].' (reason: '.$_POST['reason'].'; expirary: '.duration(strtotime($_POST['expirary'])-time()).')', logger::normal);
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'adminbans');
+  exit;
+ }
+
+ require_once('admin.menu.php');
+ require_once('lib/header.php');
+
+ require_once('pages/admin.ipbans.php');
+ require_once('pages/admin.addipban.php');
+ require_once('pages/admin.userbans.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminbw.php

@@ -0,0 +1,29 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Bandwidth');
+
+  addDashboardItem('Other admin tools', 'Sites', 'adminsites');
+  addDashboardItem('Other admin tools', 'Reports', 'reports');
+  addDashboardItem('Other admin tools', 'Discounts', 'discounts');
+  addDashboardItem('Other admin tools', 'Bans', 'bans');
+  addDashboardItem('External tools', 'Wiki', 'http://admin.utd-hosting.com/wiki');
+  addDashboardItem('External tools', 'Service monitor', 'http://admin.utd-hosting.com/mon');
+  addDashboardItem('External tools', 'Finances', 'http://admin.utd-hosting.com/finances');
+ 
+ require_once('lib/header.php');
+
+ if (defined('ADMIN') && ADMIN) {
+  require_once('pages/adminbw.php');
+ } else {
+  define('ERROR', 'You\'re no admin!');
+ }
+ 
+ require_once('lib/footer.php');
+
+
+?>

admindiscounts.php

@@ -0,0 +1,41 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Discount management');
+
+ require_once('admin.menu.php');
+
+ if (isset($_POST['from']) && isset($_POST['to']) && isset($_POST['timequant'])
+	&& isset($_POST['timeunit']) && isset($_POST['money'])
+	&& isset($_POST['type']) && isset($_POST['package'])
+        && isset($_POST['code'])) {
+  $message = isset($_POST['message']) ? m($_POST['message']) : '';
+  $time = (int) $_POST['timeunit'] * (int) $_POST['timequant'];
+
+  $sql  = 'INSERT INTO discounts (package_id, discount_code, discount_time, ';
+  $sql .= 'discount_money, discount_type, discount_start, discount_end, ';
+  $sql .= 'discount_message) VALUES (' . ((int) $_POST['package']) . ', \'';
+  $sql .= m($_POST['code']) . '\', ' . $time . ', ' . ((int) $_POST['money']);
+  $sql .= ', \'' . m($_POST['type']) . '\', ' . strtotime($_POST['from']);
+  $sql .= ', '. strtotime($_POST['to']) . ', \'' . $message . ' \')';
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+  logger::log('Added discount code: ' . $_POST['code'] .' (' . duration($_POST['time'], 0) . ' / ' . $_POST['money'] . ')', logger::information);
+
+  header('Location: ' . CP_PATH . 'admindiscounts');
+  exit();
+ }
+ 
+ require_once('lib/header.php');
+
+ require_once('pages/admin.discounts.php');
+ require_once('pages/admin.adddiscount.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

admindomains.php

@@ -0,0 +1,19 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Domain management');
+
+ require_once('admin.menu.php');
+ 
+ require_once('lib/header.php');
+
+ require_once('pages/admin.domains.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminfinances.php

@@ -0,0 +1,20 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Finances');
+
+ require_once('admin.menu.php');
+ 
+ require_once('lib/header.php');
+
+ require_once('pages/admin.finances.php');
+ require_once('pages/admin.addfinances.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

admininvoices.php

@@ -0,0 +1,18 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Invoice management');
+
+ require_once('admin.menu.php');
+ require_once('lib/header.php');
+
+ require_once('pages/admin.invoices.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminreports.php

@@ -0,0 +1,18 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Reports');
+
+ require_once('admin.menu.php'); 
+ require_once('lib/header.php');
+
+ require_once('pages/reports/bigfiles.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminsites.php

@@ -0,0 +1,18 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Site management');
+
+ require_once('admin.menu.php'); 
+ require_once('lib/header.php');
+
+ require_once('pages/admin.sites.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

admintickets.php

@@ -0,0 +1,18 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - Ticket management');
+
+ require_once('admin.menu.php'); 
+ require_once('lib/header.php');
+
+ require_once('pages/admin.tickets.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

adminusers.php

@@ -0,0 +1,18 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Admin - User management');
+
+ require_once('admin.menu.php');
+ require_once('lib/header.php');
+
+ require_once('pages/admin.users.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

alltickets.php

@@ -0,0 +1,20 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ 
+ define('TITLE', ' All Tickets');
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+ addDashboardItem('Useful links', 'Raise a ticket', 'tickets');
+  
+ addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005');
+ addDashboardItem('Frequently asked questions', 'How do I reopen a ticket?', 'support/014');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/alltickets.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

bandwidth.php

@@ -0,0 +1,21 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Bandwidth breakdown');
+ 
+ addDashboardItem('Useful links', 'Account overview', '');
+ addDashboardItem('Useful links', 'View extended site details', 'sites');
+ 
+ addDashboardItem('Frequently asked questions', 'What does KiB/MiB/GiB mean?', 'support/003');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/bandwidthgraph.php');
+ require_once('pages/bandwidthtable.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

bans.php

@@ -0,0 +1,54 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Admin - Ban management');
+
+ addDashboardItem('Other admin tools', 'Overview', 'admin');
+ addDashboardItem('Other admin tools', 'Sites', 'adminsites');
+ addDashboardItem('Other admin tools', 'Reports', 'reports');
+ addDashboardItem('Other admin tools', 'Discounts', 'discounts');
+ addDashboardItem('External tools', 'Wiki', 'http://admin.utd-hosting.com/wiki'
+);
+ addDashboardItem('External tools', 'Service monitor', 'http://admin.utd-hostin
+g.com/mon');
+ addDashboardItem('External tools', 'Finances', 'http://admin.utd-hosting.com/f
+inances');
+
+ if (defined('ADMIN') && isset($_GET['n']) && ctype_digit($_GET['n'])) {
+  $sql  = 'SELECT ipban_ip, ipban_expires FROM ipbans WHERE ipban_id = ';
+  $sql .= $_GET['n'];
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  $row = mysql_fetch_array($res);
+  logger::log('Expiring ban on '.$row['ipban_ip'].' (expirary: '.duration($row[
+'ipban_expires'] - time()).'; id: '.$_GET['n'].')', logger::normal);
+  $sql = 'UPDATE ipbans SET ipban_expires = 0 WHERE ipban_id = '.$_GET['n'];
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'bans');
+  exit;
+ }
+ if (defined('ADMIN') && isset($_POST['ip'])) {
+  $sql  = 'INSERT INTO ipbans (ipban_ip, ipban_message, ipban_expires) VALUES ';
+  $sql .= '(\''.m($_POST['ip']).'\', \''.m($_POST['reason']).'\', ';
+  $sql .= strtotime($_POST['expirary']).')';
+  logger::log('Placing ban on '.$_POST['ip'].' (reason: '.$_POST['reason'].'; expirary: '.duration(strtotime($_POST['expirary'])-time()).')', logger::normal);
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'bans');
+  exit;
+ }
+
+ 
+ require_once('lib/header.php');
+
+ if (defined('ADMIN') && ADMIN) {
+  require_once('pages/adminipbans.php');
+  require_once('pages/adminaddipban.php');
+ } else {
+  define('ERROR', 'You\'re no admin!');
+ }
+ 
+ require_once('lib/footer.php');
+
+
+?>

billing.php

@@ -0,0 +1,75 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Billing');
+ 
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding bills?', 'support/008');
+
+ function foo() {
+  if (!isset($_POST['code']) || m($_POST['code']) != $_POST['code']) {
+   return;
+  }
+  $sql = 'SELECT discount_id, discount_time, discount_money, discount_start, discount_end, discount_type, discount_message FROM discounts WHERE discount_code = \''.$_POST['code'].'\''; 
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  if (mysql_num_rows($res) == 0) {
+   define('MESSAGE', 'That discount code does not exist.');
+   l('Non-existant discount code used: '.$_POST['code']);
+   return;
+  } 
+  $row = mysql_fetch_array($res);
+  if ($row['discount_start'] > time()) {
+   define('MESSAGE', 'That discount is not yet valid.'); 
+   l('Discount code used prematurely: '.$_POST['code']);
+   return;
+  }
+  if ($row['discount_end'] < time()) {
+   define('MESSAGE', 'That discount is no longer valid.');
+   l('Discount code expired: '.$_POST['code']);
+   return;
+  }
+  if ($row['discount_type'] != 'general') {
+   define('MESSAGE', 'That discount is for new signups only.');
+   l('Signup discount code used: '.$_POST['code']);
+   return;
+  }
+  $sql2 = 'SELECT du_id FROM discountusers WHERE discount_id = '.$row['discount_id'].' AND user_id = '.UID;
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  if (mysql_num_rows($res2) > 0) {
+   define('MESSAGE', 'You have already claimed that discount.');
+   l('Already used discount code: '.$_POST['code']);
+   return;
+  }
+  $sql2 = 'SELECT bill_id, bill_due, bill_amount FROM billing WHERE user_id = '.UID.' AND bill_paid <> 2';
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  $row2 = mysql_fetch_array($res2);
+  $row2['bill_due'] += $row['discount_time'];
+  $row2['bill_amount'] -= $row['discount_money'];
+  $sql2 = 'UPDATE billing SET bill_due = '.$row2['bill_due'].', bill_amount = '.$row2['bill_amount'].', bill_paid = 0 WHERE bill_id = '.$row2['bill_id'];
+  mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  $sql2 = 'INSERT INTO discountusers (discount_id, user_id) VALUES ('.$row['discount_id'].','.UID.')';
+  mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  l('Discount code applied: '.$_POST['code']);
+  if ($row['discount_time'] > 0 && $row['discount_money'] == 0) {
+   define('MESSAGE', 'Your current billing period has been extended by '.round($row['discount_time']/2629728,2).' month(s). '.$row['discount_message']);
+  } elseif ($row['discount_time'] == 0) {
+   define('MESSAGE', 'Your next bill has been reduced by £'.($row['discount_money']/100).'. '.$row['discount_message']);
+  } else {
+   define('MESSAGE', 'Your current billing period has been extended by '.round($row['discount_time']/2629728,2).' month(s), and the next bill has been reduced bby £'.($row['discount_money']/100).'. '.$row['discount_message']);
+  }
+ }
+ 
+ foo();
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/billing.php');
+ if (!defined('NODISCOUNT')) { require_once('pages/discount.php'); }
+  
+ require_once('lib/footer.php');
+
+
+?>

billingref.php

@@ -0,0 +1,9 @@
+<?PHP
+
+ define('NOBILLREF', true);
+
+ define('MESSAGE', 'Your access to this control panel is restricted, pending payment of your overdue bills.<br>Please e-mail support@utd-hosting.com if you require assistance.');
+
+ require('billing.php');
+
+?>

changepass.php

@@ -0,0 +1,36 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Change password');
+ 
+ addDashboardItem('Useful links', 'Account overview', '');
+ addDashboardItem('Useful links', 'My account', 'account');
+
+ if (isset($_POST['curpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
+  if ($_POST['pass1'] == $_POST['pass2']) {
+   if (md5(USER.$_POST['curpass']) == PASS) {
+    if (($error = validPass($_POST['pass1'])) === true) {
+     changePass(UID, $_POST['pass1']);     
+     logger::log('Changed password.',logger::information);
+     define('MESSAGE', 'Password updated.');
+    } else {
+     define('MESSAGE', $error);
+    }
+   } else {
+    define('MESSAGE', 'Incorrect password. Please enter your current password.');
+   }
+  } else {
+   define('MESSAGE', 'Your passwords do not match. Please re-enter your new password.');
+  }
+ }
+ 
+ require_once('lib/header.php');
+ 
+ require_once('pages/pass.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

checkuser.php

@@ -0,0 +1,24 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(ADMIN);
+ 
+ define('TITLE', 'Check user');
+
+ addDashboardItem('Other admin tools', 'Overview', 'admin');
+ addDashboardItem('Other admin tools', 'Reports', 'reports');
+ 
+ require_once('lib/header.php');
+
+ if (defined('ADMIN') && ADMIN) {
+  require_once('pages/adminculog.php');
+ } else {
+  define('ERROR', 'You\'re no admin!');
+ }
+ 
+ require_once('lib/footer.php');
+
+
+?>

database.php

@@ -0,0 +1,197 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/account.php');
+
+ checkAccess(HAS_HOSTING);
+
+ if (isset($_POST['action'])) {
+  if ($_POST['action'] == 'adduser' && isset($_POST['dbuser']) && isset($_POST['dbpass'])) {
+   if (strlen(USER.'_'.$_POST['dbuser']) <= 16) {
+    $sql = 'INSERT INTO db_users (user_id, dbuser_name) VALUES ('.UID.', \'';
+    $sql .= USER.'_'.m($_POST['dbuser']).'\')';
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_affected_rows() > 0) {
+     //GRANT USAGE ON * . * TO 'test'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 ;
+     logger::log('Database user created: '.$_POST['dbuser'],logger::info);
+     $sql = 'GRANT USAGE ON *.* to \''.USER.'_';
+     $sql .= m($_POST['dbuser']).'\'@\'localhost\'';
+     $sql .= ' IDENTIFIED BY \''.m($_POST['dbpass']).'\'';
+     $sql .= ' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0';
+     $sql .= ' MAX_UPDATES_PER_HOUR 0';
+     $l = mysql_connect('localhost', 'root', 'mysql32159');;
+     mysql_select_db('admin', $l);
+     mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+     mysql_close($l);
+     $_redodb = true; require('lib/database.php'); unset($_redodb);
+    } else {
+     define('MESSAGE', 'Unable to add. Please raise a ticket.');
+    }
+   } else {
+    define('MESSAGE', 'The total length of MySQL usernames (including \''.USER.'_\') must be sixteen characters or under.');
+   }
+  } elseif ($_POST['action'] == 'adddb' && isset($_POST['newdb'])) {
+   $sql = 'INSERT INTO db_dbs (user_id, db_name) VALUES ('.UID.', \'';
+   $sql .= USER.'_'.m($_POST['newdb']).'\')';
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   if (mysql_affected_rows() > 0) {
+    //GRANT ALL PRIVILEGES ON `admin` . * TO 'md87'@'localhost' WITH GRANT OPTION ;
+    logger::log('Database created: '.$_POST['newdb'], logger::info);
+    $sql = 'CREATE DATABASE `'.USER.'_'.m($_POST['newdb']).'`';
+    $l = mysql_connect('localhost', 'root', 'mysql32159');;
+    mysql_select_db('admin', $l);
+    mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+    $sql = 'GRANT ALL PRIVILEGES ON `'.USER.'_'.m($_POST['newdb']).'`.* TO \''.USER.'\'@\'localhost\'';
+    mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+    mysql_close($l);
+    $_redodb = true; require('lib/database.php'); unset($_redodb);
+   } else {
+    define('MESSAGE', 'Unable to add. Please raise a ticket.');
+   }
+  } elseif ($_POST['action'] == 'perms') {
+   $sql = 'SELECT dbuser_id, dbuser_name FROM db_users WHERE user_id = '.UID;
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $users = array();
+   while ($row = mysql_fetch_array($res)) {
+    $users[($row[0])] = $row[1];
+   }
+   $sql = 'SELECT db_id, db_name FROM db_dbs WHERE user_id = '.UID;
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $dbs = array();
+   while ($row = mysql_fetch_array($res)) {
+    $dbs[($row[0])] = str_replace('_','\_',$row[1]);
+   }
+   $sql = 'SELECT db_perms.dbuser_id, db_id FROM db_perms NATURAL JOIN db_users WHERE user_id = '.UID;
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $perms = array();
+   while ($row = mysql_fetch_array($res)) {
+    if (!isset($perms[($row[0])])) { $perms[($row[0])] = array(); }
+    $perms[($row[0])][($row[1])] = true;
+   }
+   $remove = $perms; $add = array();
+   foreach ($_POST as $k => $v) {
+    if ($v != 'on' && $v != 'checked') { continue; }
+    $bits = explode('_', $k);
+    if ($bits[0] != 'dbp') { continue; }
+    if (!isset($dbs[($bits[1])])) { continue; }
+    if (!isset($users[($bits[2])])) { continue; }
+    if (isset($remove[($bits[2])][($bits[1])])) {
+     unset($remove[($bits[2])][($bits[1])]);
+    } else {
+     if (!isset($add[($bits[2])])) { $add[($bits[2])] = array(); }
+     $add[($bits[2])][($bits[1])] = true;
+    }
+   }
+   $l = mysql_connect('localhost', 'root', 'mysql32159');;
+   mysql_select_db('admin', $l);
+   mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+
+   foreach ($remove as $user => $dat) {
+    foreach ($dat as $db => $true) {
+     $sql = 'DELETE FROM db_perms WHERE dbuser_id = '.$user.' AND db_id = '.$db;
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     $sql = 'REVOKE ALL PRIVILEGES ON `'.$dbs[$db].'`.* FROM \''.$users[$user].'\'@\'localhost\'';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     logger::log('Revoked db permission: '.$users[$user].' on '.$dbs[$db],logger::info);
+    }
+   }
+
+   foreach ($add as $user => $dat) {
+    foreach ($dat as $db => $true) {
+     $sql = 'INSERT INTO db_perms (dbuser_id, db_id) VALUES ('.$user.', '.$db.')';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     $sql = 'GRANT ALL PRIVILEGES ON `'.$dbs[$db].'`.* TO \''.$users[$user].'\'@\'localhost\'';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     logger::log('Added db permission: '.$users[$user].' on '.$dbs[$db], logger::info);
+    }
+   } 
+
+   mysql_close($l);
+   $_redodb = true; require('lib/database.php'); unset($_redodb);
+   header('Location: '.CP_PATH.'database');
+   exit;
+  }
+ }
+
+ if (isset($_POST['delete'])) {
+  if (isset($_POST['confirm'])) {
+   $sql = 'SELECT db_id, db_name FROM db_dbs WHERE user_id = '.UID.' AND (0';
+   foreach ($_POST as $k => $v) {
+    if (substr($k,0,2) == 'db' && ctype_digit(substr($k,2))) {
+     $sql .= ' OR db_id = '.m(substr($k,2));
+    }
+   }
+   $sql .= ')';
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $targets = array();
+   while ($row = mysql_fetch_array($res)) {
+    $sql = 'DELETE FROM db_perms WHERE db_id = '.$row['db_id'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    $sql = 'DELETE FROM db_dbs WHERE db_id = '.$row['db_id'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    logger::log('Deleted MySQL database: '.$row['db_name'], logger::info);
+    $targets[] = $row['db_name'];
+   }
+   $l = mysql_connect('localhost', 'root', 'mysql32159');;
+   mysql_select_db('admin', $l);
+   foreach ($targets as $db) {
+    $sql = 'DROP DATABASE `'.m($db).'`'; 
+    mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+   }
+   mysql_close($l);
+   $_redodb = true; require('lib/database.php'); unset($_redodb);
+   header('Location: '.CP_PATH.'database');
+   exit;
+  } else {
+   define('MESSAGE', 'Please confirm database deletion');
+  }
+ } elseif (isset($_POST['userdelete'])) {
+  if (isset($_POST['confirm'])) {
+   $sql = 'SELECT dbuser_id, dbuser_name FROM db_users WHERE user_id = '.UID.' AND (0';
+   foreach ($_POST as $k => $v) {
+    if (substr($k,0,4) == 'user' && ctype_digit(substr($k,4))) {
+     $sql .= ' OR dbuser_id = '.m(substr($k,4));
+    }
+   }
+   $sql .= ')';
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $targets = array();
+   while ($row = mysql_fetch_array($res)) {
+    $sql = 'DELETE FROM db_perms WHERE dbuser_id = '.$row['dbuser_id'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    $sql = 'DELETE FROM db_users WHERE dbuser_id = '.$row['dbuser_id'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    logger::log('Deleted MySQL user: '.$row['dbuser_name'], logger::info);
+    $targets[] = $row['dbuser_name'];
+   }
+   $l = mysql_connect('localhost', 'root', 'mysql32159');;
+   mysql_select_db('admin', $l);
+   foreach ($targets as $db) {
+    $sql = 'DROP USER \''.m($db)."'@'localhost'";
+    mysql_query($sql,$l) or mf(__FILE__, __LINE__, $sql);
+   }
+   mysql_close($l);
+   $_redodb = true; require('lib/database.php'); unset($_redodb);
+   header('Location: '.CP_PATH.'database');
+   exit;
+  } else {
+   define('MESSAGE', 'Please confirm user deletion');
+  }
+ }
+
+ 
+ define('TITLE', 'Databases');
+ 
+ addDashboardItem('Useful links', 'phpMyAdmin', 'phpMyAdmin');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/dbusers.php');
+ require_once('pages/dbdbs.php');
+ require_once('pages/dbperms.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

discount.php

@@ -0,0 +1,74 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Apply Discount');
+ 
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding bills?', 'support/008');
+
+ function foo() {
+  if (!isset($_POST['code']) || m($_POST['code']) != $_POST['code']) {
+   return;
+  }
+  $sql = 'SELECT discount_id, discount_time, discount_money, discount_start, discount_end, discount_type, discount_message FROM discounts WHERE discount_code = \''.$_POST['code'].'\''; 
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  if (mysql_num_rows($res) == 0) {
+   define('MESSAGE', 'That discount code does not exist.');
+   logger::log('Non-existant discount code used: '.$_POST['code'],logger::normal);
+   return;
+  } 
+  $row = mysql_fetch_array($res);
+  if ($row['discount_start'] > time()) {
+   define('MESSAGE', 'That discount is not yet valid.'); 
+   logger::log('Discount code used prematurely: '.$_POST['code'],logger::normal);
+   return;
+  }
+  if ($row['discount_end'] < time()) {
+   define('MESSAGE', 'That discount is no longer valid.');
+   logger::log('Discount code expired: '.$_POST['code'],logger::normal);
+   return;
+  }
+  if ($row['discount_type'] != 'general') {
+   define('MESSAGE', 'That discount is for new signups only.');
+   logger::log('Signup discount code used: '.$_POST['code'],logger::normal);
+   return;
+  }
+  $sql2 = 'SELECT du_id FROM discountusers WHERE discount_id = '.$row['discount_id'].' AND user_id = '.UID;
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  if (mysql_num_rows($res2) > 0) {
+   define('MESSAGE', 'You have already claimed that discount.');
+   logger::log('Already used discount code: '.$_POST['code'],logger::normal);
+   return;
+  }
+  $sql2 = 'SELECT up_id, up_expires, up_cost FROM userpackages WHERE user_id = '.UID.' AND up_active = 1';
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  $row2 = mysql_fetch_array($res2);
+  $row2['up_expires'] += $row['discount_time'];
+  $row2['up_cost'] -= $row['discount_money'];
+  $sql2 = 'UPDATE userpackages SET up_expires = '.$row2['up_expires'].', up_cost = '.$row2['up_cost'].' WHERE up_id = '.$row2['up_id'];
+  mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  $sql2 = 'INSERT INTO discountusers (discount_id, user_id) VALUES ('.$row['discount_id'].','.UID.')';
+  mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  logger::log('Discount code applied: '.$_POST['code'],logger::information);
+  if ($row['discount_time'] > 0 && $row['discount_money'] == 0) {
+   define('MESSAGE', 'Your current billing period has been extended by '.duration($row['discount_time']).'. '.$row['discount_message']);
+  } elseif ($row['discount_time'] == 0) {
+   define('MESSAGE', 'Your next bill has been reduced by &pound;'.($row['discount_money']/100).'. '.$row['discount_message']);
+  } else {
+   define('MESSAGE', 'Your current billing period has been extended by '.discount($row['discount_time']).', and the next bill has been reduced by &pound;'.($row['discount_money']/100).'. '.$row['discount_message']);
+  }
+ }
+ 
+ foo();
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/discount.php'); 
+  
+ require_once('lib/footer.php');
+
+
+?>

discounts.php

@@ -0,0 +1,32 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Discounts');
+
+ addDashboardItem('Other admin tools', 'Reports', 'reports');
+ addDashboardItem('Other admin tools', 'Overview', 'admin');
+ addDashboardItem('Other admin tools', 'Sites', 'adminsites');
+ addDashboardItem('Other admin tools', 'Bans', 'bans');
+
+  addDashboardItem('External tools', 'Wiki', 'http://admin.utd-hosting.com/wiki'
+);
+  addDashboardItem('External tools', 'Service monitor', 'http://admin.utd-hostin
+g.com/mon');
+  addDashboardItem('External tools', 'Finances', 'http://admin.utd-hosting.com/f
+inances');
+
+ 
+ require_once('lib/header.php');
+
+ if (defined('ADMIN') && ADMIN) {
+  require_once('pages/admindiscounts.php');
+ } else {
+  define('ERROR', 'You\'re no admin!');
+ }
+ 
+ require_once('lib/footer.php');
+
+
+?>

domains.php

@@ -0,0 +1,135 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ require_once('lib/database.php');
+
+ checkAccess(HAS_HOSTING || HAS_DNS);
+
+ function meep() {
+  if (isset($_POST['action'])) {
+   if ($_POST['action'] == 'deldom' && isset($_POST['domain']) && preg_match('/^[0-9]+$/',$_POST['domain'])) {
+    $sql = 'SELECT user_id, domain_name FROM domains WHERE domain_id = '.$_POST['domain'];
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_num_rows($res) == 0) {
+     define('MESSAGE', 'No such domain!');
+     return;
+    }
+    $row = mysql_fetch_array($res);
+    $dn = $row['domain_name'];
+    if (!defined('ADMIN') && $row['user_id'] != UID) {
+     define('MESSAGE', 'You do not control that domain.');
+     return;
+    }
+    $sql = 'SELECT s.site_name FROM sites AS s, records AS r WHERE r.domain_id = '.m($_POST['domain']).' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_num_rows($res) > 0) {
+     $row = mysql_fetch_array($res);
+     define('MESSAGE', 'That domain is associated with the site '.$row['site_name'].' and thus cannot be deleted.');
+     return;
+    }
+
+    $sql = 'SELECT domain_parent FROM domains WHERE domain_id = '.$_POST['domain'];
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    $row = mysql_fetch_assoc($res);
+
+    $sql = 'UPDATE domains SET domain_parent = '.$row['domain_parent'].' WHERE';
+    $sql .= ' domain_parent = '.$_POST['domain'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+    $sql = 'DELETE FROM domains WHERE domain_id = '.$_POST['domain'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+    $sql = 'DELETE FROM records WHERE domain_id = '.$_POST['domain'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+    define('MESSAGE', 'The domain \''.$dn.'\' has been deleted.');
+    logger::log('Domain deleted: '.$dn,logger::information);    
+   } elseif ($_POST['action'] == 'add' && isset($_POST['domain'])) {
+    if (!preg_match('/^[a-z][a-z0-9\-\.]*\.[a-z]{2,}$/i', $_POST['domain'])) {
+     define('MESSAGE', 'Invalid domain name. Must start with a letter and contain only letters, numbers, hyphens and periods.'); 
+     return;
+    } 
+
+    $parts = explode('.', $_POST['domain']);
+    $string = '';
+    while (count($parts) > 0) {
+     if ($string != '') { $string = '.'.$string; }
+     $string = array_pop($parts).$string;
+     $sql = 'SELECT domain_name FROM domains WHERE domain_name = \''.m(strtolower($string)).'\'';
+     $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     if (mysql_num_rows($res) > 0) {
+      define('MESSAGE', 'That domain, or a parent domain, is already registered. Please contact UTD-Hosting support.');
+      return;
+     }
+    }
+
+    $sql  = 'INSERT INTO domains (user_id, domain_name, domain_enabled) VALUES ('.UID.', \'';
+    $sql .= m($_POST['domain']).'\', 0)';
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+    logger::log('Added domain: '.$_POST['domain'],logger::information);
+
+    // Hacky!
+    $_POST['subject'] = 'New domain: '.$_POST['domain'];
+    $_POST['body'] = 'The user has requested to have the domain name '.$_POST['domain'].' associated with their account.';
+    require('doticket.php');
+    exit;
+    // Add ticket
+
+   } elseif ($_POST['action'] == 'addsub' && isset($_POST['subdomain']) && isset($_POST['subdomaind'])) {
+    if (!preg_match('/^[0-9]+$/',$_POST['subdomaind'])) { return; }
+
+    $sql = 'SELECT user_id, domain_name, domain_enabled FROM domains WHERE domain_id = '.m($_POST['subdomaind']);
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_num_rows($res) == 0) {
+     define('MESSAGE', 'Invalid domain');
+     return;
+    }
+    $row = mysql_fetch_array($res);
+    $dn = $row['domain_name'];
+    if ($row['domain_enabled'] == '0') {
+     define('MESSAGE', 'That domain hasn\'t been enabled yet.');
+     return;
+    }
+    if (!defined('ADMIN') && $row['user_id'] != UID) {
+     define('MESSAGE', 'You do not control that domain.');
+     return;
+    }
+    if (!preg_match('/^[a-z][a-z0-9\-]*$/i', $_POST['subdomain'])) {
+     define('MESSAGE', 'Invalid subdomain. Must start with a letter and contain only letters, numbers and \'-\'.');
+     return;
+    }
+    $target = strtolower($_POST['subdomain'].'.'.$dn);
+    $sql = 'SELECT domain_name FROM domains WHERE domain_name = \''.$target.'\'';
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_num_rows($res) != 0) {
+     define('MESSAGE', 'That domain already exists!');
+     return;
+    }
+    $sql = 'INSERT INTO domains (user_id, domain_name, domain_enabled';
+    $sql .= ', domain_parent) VALUES ('.UID.',\''.$target.'\',1,'.m($_POST['subdomaind']).')';
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    logger::log('Added subdomain: '.$target, logger::information);
+    define('MESSAGE', 'Added new domain \''.$target.'\''); 
+   }
+  }
+ }
+
+ meep();
+ 
+ define('TITLE', 'Domains');
+
+ addDashboardItem('Frequently asked questions', 'How do I register a domain name?', 'support/200');
+ addDashboardItem('Useful links', 'Create a new site', 'addsite');
+ 
+ require_once('lib/header.php');
+ 
+ require_once('pages/domains.list.php');
+ require_once('pages/domains.addsubdomain.php');
+ require_once('pages/domains.adddomain.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

doticket.php

@@ -0,0 +1,51 @@
+<?PHP
+
+ require_once('lib/account.php');
+ require_once('lib/dashboard.php');
+ require_once('lib/database.php');
+
+ if (get_magic_quotes_gpc() == 1) {
+  foreach ($_POST as $k => $v) { $_POST[$k] = stripslashes($v); }
+ }
+
+ if (isset($_POST['body']) && isset($_POST['subject'])) {
+  if (USER == 'demo') {
+   define('MESSAGE','Sorry. The demo account can\'t raise tickets.');
+  } elseif (strlen($_POST['body']) < 10) {
+   define('MESSAGE', 'Please enter a complete description of the problem.');
+  } elseif (strlen($_POST['subject']) < 5) {
+   define('MESSAGE', 'Please enter a complete subject.');
+  } else {
+
+   $sql  = 'INSERT INTO tickets (user_id, ticket_title, ticket_body, ';
+   $sql .= 'ticket_time, ticket_status) VALUES ('.UID.', \''.m($_POST['subject']).'\', ';
+   $sql .= '\''.m($_POST['body']).'\', '.time().', \'new\')';
+   mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   
+   $id = mysql_insert_id();
+   $sql = 'UPDATE tickets SET ticket_thread = '.$id.' WHERE ticket_id = '.$id;
+   mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+   require('../common/ticketmail.php');
+
+   adminTicketMail($id);
+   logger::log('Raised ticket: '.$_POST['subject'], logger::normal);
+
+   header('Location: '.CP_PATH.'viewticket/'.$id);
+   die;
+  }
+ } else {
+  define('MESSAGE', 'No ticket data submitted');	 
+ }
+ 
+ define('TITLE', 'Error');
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+ addDashboardItem('Useful links', 'Raise a new ticket', 'tickets');
+ 
+ addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005'); 
+ 
+ require_once('lib/header.php');
+ require_once('lib/footer.php');
+
+?>

doticketreply.php

@@ -0,0 +1,78 @@
+<?PHP
+
+ require_once('lib/account.php');
+ require_once('lib/dashboard.php');
+ require_once('lib/database.php');
+
+ if (get_magic_quotes_gpc() == 1) {
+  foreach ($_POST as $k => $v) { $_POST[$k] = stripslashes($v); }
+ }
+
+ if (isset($_POST['message']) && isset($_POST['status']) && isset($_POST['thread'])) {
+  if (USER == 'demo') {
+   define('MESSAGE','Sorry. The demo account can\'t reply to tickets.');
+  } elseif (!preg_match('/^[0-9]+$/', $_POST['thread'])) {
+   define('MESSAGE', 'Invalid ticket thread.');
+  } else {
+
+   $sql = 'SELECT user_id, ticket_status, ticket_title FROM tickets WHERE ticket_id = '.$_POST['thread'];
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $row = mysql_fetch_array($res);
+   define('TTITLE', $row['ticket_title']);
+   if ((UID != $row[0]) && (!defined('ADMIN'))) {
+    define('MESSAGE', 'You don\'t have access to reply to that ticket.');
+   } else {
+
+    $opts = array(); $opts[($row[1])] = true;
+    switch ($row[1]) {
+     case 'new': case 'reopened':
+      $opts['closed'] = true;
+      if (defined('ADMIN')) { $opts['assigned'] = true; }
+     break;
+     case 'assigned':
+      $opts['closed'] = true;
+      break;
+     case 'closed':
+      $opts['reopened'] = true;
+      break;
+    }
+    
+    if (!isset($opts[($_POST['status'])])) {
+     define('MESSAGE', 'Invalid/unknown status');
+    } else {
+ 
+     $sql  = 'INSERT INTO tickets (user_id, ticket_title, ticket_body, ';
+     $sql .= 'ticket_time, ticket_status, ticket_thread) VALUES ('.UID.', \'\', ';
+     $sql .= '\''.m($_POST['message']).'\', '.time().', \'reply\', ';
+     $sql .= $_POST['thread'].')';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+     if (file_exists('/home/utd/common/ticketmail.php')) {
+      require_once('/home/utd/common/ticketmail.php');
+      ticketmail(mysql_insert_id());
+      logger::log('Replied to ticket "'.TTITLE.'"', logger::normal);
+     }
+
+     $sql  = 'UPDATE tickets SET ticket_status = \''.$_POST['status'].'\' WHERE ticket_id = '.$_POST['thread'];
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+     header('Location: '.CP_PATH.'viewticket/'.$_POST['thread']);
+     die;
+    }
+   }
+  }
+ } else {
+  define('MESSAGE', 'No ticket data submitted');	 
+ }
+ 
+ define('TITLE', 'Error');
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+ addDashboardItem('Useful links', 'Raise a new ticket', 'tickets');
+ 
+ addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005'); 
+ 
+ require_once('lib/header.php');
+ require_once('lib/footer.php');
+
+?>

editpref.php

@@ -0,0 +1,72 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ require_once('lib/common.php');
+
+ if (!isset($_GET['n']) || !ctype_digit($_GET['n']) || $_GET['n'] < 1 || $_GET['n'] > 5) {
+  header('Location: '.CP_PATH.'account');
+  exit;
+ }
+
+ $fields = array(1=>'users.user_email', 2=>'', 3=>'userdetails.ud_name',
+                4=>'userdetails.ud_address', 5=>'userdetails.ud_telephone');
+
+ $prefs = array(1=>'e-mail address', 3=>'full name', 4=>'address',
+                5=>'telephone number');
+
+ if (isset($_POST['value'])) {
+  list($table, $col) = explode('.', $fields[($_GET['n'])]);
+  
+  if ($table == 'userdetails') {
+   $sql = 'SELECT user_id FROM userdetails WHERE user_id = '.UID;
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   if (mysql_num_rows($res) == 0) {
+    $sql = 'INSERT INTO userdetails (user_id) VALUES ('.UID.')';
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   } 
+  }
+  
+  $sql  = 'UPDATE '.$table.' SET '.$col.' = \''.m($_POST['value']).'\' WHERE ';
+  $sql .= 'user_id = '.UID;
+  logger::log('Changed '.$prefs[($_GET['n'])].' to '.$_POST['value'],logger::information);
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  header('Location: '.CP_PATH.'account');
+  exit;
+ }
+
+ if (isset($_POST['mail'])) {
+  $m = array('mail_announce'=>'announcement','mail_tickets'=>'ticket reply',
+		'mail_warning'=>'warning','mail_over'=>'overring');
+  $sql  = 'SELECT mail_announce, mail_tickets, mail_warning, mail_over FROM ';
+  $sql .= 'users WHERE user_id = '.UID;
+  $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  $row = mysql_fetch_assoc($res);
+  foreach ($row as $key => $value) {
+   if ($value == 1 && !isset($_POST[$key])) {
+    logger::log('Opted out of '.$m[$key].' e-mail.', logger::information);
+    $sql = 'UPDATE users SET '.$key.' = 0 WHERE user_id = '.UID;
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   }
+   if ($value == 0 && isset($_POST[$key])) {
+    logger::log('Opted to receive '.$m[$key].' e-mail.',logger::information);
+    $sql = 'UPDATE users SET '.$key.' = 1 WHERE user_id = '.UID;
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   }
+  }
+  header('Location: '.CP_PATH.'account');
+  exit;
+ }
+ 
+ define('TITLE', 'Edit User preferences');
+ 
+ addDashboardItem('Useful links', 'Account overview', '');
+ 
+ require_once('lib/header.php');
+
+ require_once('pages/editpref.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

editsite.php

@@ -0,0 +1,164 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(HAS_HOSTING);
+
+ if (isset($_POST['site'])) { $_GET['n'] = $_POST['site']; }
+
+ $errors = array();
+
+ function foo () {
+  global $errors;
+
+  if (!isset($_POST['task'])) { return; }
+
+  if (isset($_POST['site']) && preg_match('/^[0-9]+$/', $_POST['site'])) {
+   $sql  = 'SELECT user_name, users.user_id FROM sites NATURAL JOIN users ';
+   $sql .= 'WHERE site_id = '.$_POST['site'];
+   $res  = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   $row  = mysql_fetch_array($res);
+
+   if ($row['user_id'] != UID && !defined('ADMIN')) {
+    $errors[] = 'You do not control that site.';
+    return;
+   }
+
+   if ($row['user_id'] != UID && defined('ADMIN') && ADMIN) {
+    define('SUID', $row['user_id']);
+    define('SUSER', $row['user_name']);
+   }
+
+   if ($_POST['task'] == 'domains') {
+    $sql  = 'DELETE FROM records WHERE record_type = \'UTD\' AND ';
+    $sql .= 'record_value = '.$_POST['site'];
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+    foreach ($_POST as $key => $val) {
+     if (substr($key,0,6) == 'domain') {
+      $dom = (int)substr($key,6);
+      $sql = 'SELECT domain_name, user_id FROM domains WHERE domain_id = '.$dom;
+      $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+      $row = mysql_fetch_array($res);
+
+      if ($row['user_id'] != UID && !defined('ADMIN')) {
+       $errors[] = 'You do not control the domain \''.$row['domain_name'].'\'';
+       continue;
+      }
+
+      $sql = 'SELECT * FROM records WHERE record_type = \'UTD\' AND domain_id = '.$dom;
+      $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+      if (mysql_num_rows($res) > 0) {
+       $errors[] = 'The domain \''.$row['domain_name'].'\' is already associated with another site.';
+       continue;
+      }
+
+      $sql = 'INSERT INTO records (domain_id, record_type, record_value) VALUES ('.$dom.', \'UTD\', \''.$_POST['site'].'\')';
+      mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     }
+    } 
+
+    $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';
+    $sql .= UID . ', \'updateconf\', \'bind\')';
+    mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+   } elseif ($_POST['task'] == 'webserver') {
+    $update = false;
+
+    $sql  = 'SELECT site_php, site_index, site_htaccess FROM sites';
+    $sql .= ' WHERE site_id = ' . $_POST['site'];
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    $row = mysql_fetch_assoc($res);
+
+    if ($row['site_php'] != $_POST['phpversion']) {
+     $update = true;
+     $sql  = 'UPDATE sites SET site_php = \''. m($_POST['phpversion']);
+     $sql .= '\' WHERE site_id = ' . $_POST['site'];
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    }
+
+    $index = isset($_POST['index']) ? '1' : '0';
+    $htaccess = isset($_POST['htaccess']) ? '1': '0';
+ 
+    if ($row['site_index'] != $index || $row['site_htaccess'] != $htaccess) {
+     $update = true;
+     $sql  = 'UPDATE sites SET site_index = '.$index.', site_htaccess = ';
+     $sql .= $htaccess.' WHERE site_id = '.$_POST['site'];
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    }
+
+    if ($update) {
+     $sql  = 'INSERT INTO actions (user_id, action_type, action_value) ';
+     $sql .= 'VALUES (' . UID . ', \'updateconf\', \'apache\')';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    }
+   } else {
+    return;
+   }
+  }
+ }
+
+ foo();
+
+ if (count($errors) > 0) {
+  $error = 'The following errors were encountered:<ul><li>'.implode('<li>',$errors).'</ul>';
+  define('TITLE', 'Error');
+ } elseif (!isset($_GET['n']) || !preg_match('/^[0-9]+$/',$_GET['n'])) {
+   $error = 'Invalid site ID!';
+   define('TITLE', 'Error');
+ } else {
+   $site = $_GET['n'];
+   $sql = 'SELECT site_id, users.user_id, user_name,  site_name, site_docroot FROM sites NATURAL JOIN users WHERE site_id = '.$site;
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   
+   if (mysql_num_rows($res) == 0) {
+     $error = 'There is no such site with that ID.';
+     define('TITLE', 'Error');
+   } else {
+   
+    $row = mysql_fetch_array($res);
+   
+    if ($row['user_id'] != UID && !defined('ADMIN')) {
+	  $error = 'You do not own this site.';
+	  define('TITLE', 'Error');
+    } else {
+     if ($row['user_id'] != UID && defined('ADMIN') && ADMIN) {
+      define('SUID', $row['user_id']);
+      define('SUSER', $row['user_name']);
+     }
+
+      define('SITE_ID', $row['site_id']);
+      define('SITE_NAME', $row['site_name']);
+      define('SITE_DOCROOT', $row['site_docroot']);
+      define('TITLE', 'Edit site: '.$row['site_name']);
+    }
+   }
+ } 
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+ addDashboardItem('Useful links', 'Site overview', 'sites');
+  
+ addDashboardItem('Frequently asked questions', 'What do I do if my site isn\'t working?', 'support/002');
+ addDashboardItem('Frequently asked questions', 'What does \'document root\' mean?', 'support/015');
+ addDashboardItem('Frequently asked questions', 'What does KiB/MiB/GiB mean?', 'support/003');
+ addDashboardItem('Frequently asked questions', 'How do I configure PHP for my site?', 'support/001');
+
+ if (isset($error)) {
+  define('MESSAGE', $error);
+ }
+
+ require_once('lib/header.php');
+
+ if (!defined('SUSER')) { define('SUSER', USER); define('SUID', UID); }
+ 
+ if (!isset($error)) {
+  require_once('pages/editsite.overview.php');
+  require_once('pages/editsite.webserver.php');
+  require_once('pages/editsite.domains.php');
+  require_once('pages/editsite.errors.php');
+ }
+ 
+ require_once('lib/footer.php');
+
+?>

email.php

@@ -0,0 +1,25 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+
+ checkAccess(HAS_HOSTING);
+ 
+ define('TITLE', 'E-Mail settings');
+ 
+ addDashboardItem('Useful links', 'Account overview', '');
+ addDashboardItem('Frequently asked questions', 'How do mailboxes and e-mail addresses work?', 'support/027'); 
+ 
+ define('MESSAGE', 'Sorry, this function hasn\'t been implemented yet. Please <a href="'.CP_PATH.'tickets">raise a ticket</a> for assistance.');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/email.php');
+ require_once('pages/addemail.php');
+ require_once('pages/mailbox.php');
+ require_once('pages/addmailbox.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

enabledomain.php

@@ -0,0 +1,32 @@
+<?PHP
+
+ require_once('lib/account.php');
+ require_once('lib/dashboard.php');
+ require_once('lib/database.php');
+
+ checkAccess(ADMIN);
+
+ if (isset($_GET['n']) && ctype_digit($_GET['n'])) {
+  if (defined('ADMIN') && ADMIN) {
+   $sql = 'UPDATE domains SET domain_enabled = 1 WHERE domain_id = '.m($_GET['n']);
+   mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+   header('Location: '.CP_PATH.'admin');
+   exit;
+  } else {
+   define('MESSAGE', 'Insufficient access');
+  }
+ } else {
+  define('MESSAGE', 'Invalid domain ID');	 
+ }
+ 
+ define('TITLE', 'Error');
+ 
+ addDashboardItem('Useful links', 'Support center', 'support');
+ addDashboardItem('Useful links', 'Raise a new ticket', 'tickets');
+ 
+ addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005'); 
+ 
+ require_once('lib/header.php');
+ require_once('lib/footer.php');
+
+?>

ext/pie.php

@@ -0,0 +1,133 @@
+<?PHP
+
+define('PIE_MAX_SEGS',6); // Maximum number of segments
+
+function pieSort ($item1, $item2) {
+ 
+ return ($item2 - $item1);
+ 
+}
+
+
+function doPie ($title, $items) {
+ 
+ assert(is_array($items));
+ 
+ uasort($items,'pieSort');
+ 
+ if (count($items) > PIE_MAX_SEGS) {
+  
+  $other = 0;
+  
+  $i = PIE_MAX_SEGS - 1;
+  
+  foreach ($items as $key => $value) {
+   $i--;
+   
+   if ($i < 0) {
+    
+    $other += $value;
+    unset($items[$key]);
+    
+   }
+   
+  }
+  
+  $items['Other'] = $other;
+  
+ }
+ 
+ $im = imagecreate(500,315);
+ 
+ $white = imagecolorallocate($im,255,255,255);
+ 
+ imagefill($im,0,0,$white);
+ 
+ $total = 0;
+ 
+ foreach ($items as $name => $value) {
+  
+  $total += $value;
+  
+ }
+ 
+ $colours = array('138-103-173', '000-000-128', '030-144-255', '000-100-000',
+                  '060-179-113', '173-173-047', '189-183-107', '255-215-000',
+                  '205-092-092', '205-133-063', '255-000-000', '255-069-000',
+                  '255-105-180', '148-000-211', '147-112-219', '112-138-144',
+                  '100-100-100'); 
+                  
+ $black = imagecolorallocate($im,0,0,0);
+ 
+ if ($total != 0) { $dpv = 360/$total; } else { $dpv = 360; }
+ 
+ $last = 0;
+ 
+ $keypos = 0;
+ 
+ foreach ($items as $name => $value) {
+  
+  $colour = explode('-',array_shift($colours));
+  
+  $colour = imagecolorallocate($im, $colour[0], $colour[1], $colour[2]);
+  
+  $cur = $dpv * $value;
+  
+  imagefilledarc($im, 250, 160, 175, 175, $last, $last+$cur, $colour, IMG_ARC_PIE);
+  imagefilledarc($im, 250, 160, 175, 175, $last, $last+$cur, $black, IMG_ARC_EDGED | IMG_ARC_NOFILL);
+  
+  $mid = ($last + $last + $cur)/2;
+  
+  $multX = $multY = 1;
+  
+  if ($mid >= 180) { $multY = -1; }
+  
+  if ($mid >= 90 && $mid < 270) { $multX = -1; }
+  
+  $deltaX = abs(cos(deg2rad($mid)))*(175/3.5)*$multX;
+   
+  $deltaY = abs(sin(deg2rad($mid)))*(175/3.5)*$multY;
+   
+  $posX = 250 + $deltaX; $posY = 160 + $deltaY;
+   
+  $endX = 250 + ($deltaX * 2.3); $endY = 160 + ($deltaY * 2.3);
+   
+  if (($value/$total)*100 > 2.3) {   
+   
+   imageline($im, $posX, $posY, $endX, $endY, $black);
+   
+   imageline($im, $endX, $endY, $endX + $multX * (imagefontwidth(2)*strlen($name)+5), $endY, $black);
+  
+   if ($multX == 1) {
+    imagestring($im, 2, $endX + 2, $endY - 12, $name, $black);
+    imagestring($im, 1, $endX + 2, $endY + 2, '['.round($value*100/$total,1).'%]',$black);
+   } else {
+    imagestring($im, 2, $endX - 2 - imagefontwidth(2)*strlen($name), $endY - 12, $name, $black);
+    imagestring($im, 1, $endX - (imagefontwidth(1)*strlen('['.round($value*100/$total,1).'%]')) , $endY + 2, '['.round($value*100/$total,1).'%]',$black);
+   }
+   
+  } else {
+   
+   if ($keypos == 0) {
+    
+    imagestring($im,1,5,303,'Key:',$black);
+    $keypos += imagefontwidth(1)*4 + 10;
+    
+   }
+   
+   imagestring($im,1,$keypos,303,$name.' ['.round($value*100/$total,1).'%]',$colour);
+   $keypos += imagefontwidth(1)*strlen($name.' ['.round($value*100/$total,1).'%]') + 10;
+   
+  }
+   
+  $last += $cur;
+  
+ }
+ 
+ imagestring($im, 3, 250 - imagefontwidth(3)*strlen($title)/2, 5, $title, $black);
+ 
+ return $im;
+ 
+}
+
+?>

fileman.php

@@ -0,0 +1,27 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'File manager demo');
+ 
+ addDashboardItem('Useful links', 'Add a new site', 'addsite');
+ addDashboardItem('Useful links', 'phpMyAdmin', 'phpMyAdmin');
+ addDashboardItem('Useful links', 'Historic bandwidth/hdd usage', 'history');
+ addDashboardItem('Useful links', 'View or raise tickets', 'tickets');
+ addDashboardItem('Useful links', 'View extended site details', 'sites');
+ 
+ addDashboardItem('Frequently asked questions', 'What do I do if my site isn\'t working?', 'support/002');
+ addDashboardItem('Frequently asked questions', 'What does KiB/MiB/GiB mean?', 'support/003');
+ addDashboardItem('Frequently asked questions', 'How do I configure PHP for my site?', 'support/001');
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding bills?', 'support/008');
+ addDashboardItem('Frequently asked questions', 'What does the status column mean?', 'support/004');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/fileman.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

history.php

@@ -0,0 +1,20 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Historic usage data');
+ 
+ addDashboardItem('Useful links', 'Account overview', '');
+ addDashboardItem('Useful links', 'View extended site details', 'sites');
+ 
+ addDashboardItem('Frequently asked questions', 'What does KiB/MiB/GiB mean?', 'support/003');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/historic.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

index.php

@@ -0,0 +1,36 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/account.php');
+ require_once('lib/profiler.php');
+ 
+ define('TITLE', 'Account overview');
+ 
+ if (HAS_HOSTING) {
+  addDashboardItem('Useful links', 'Add a new site', 'addsite');
+  addDashboardItem('Useful links', 'phpMyAdmin', 'phpMyAdmin');
+  addDashboardItem('Useful links', 'Historic bandwidth/hdd usage', 'history');
+ }
+ if (HAS_DNS) {
+  addDashboardItem('Useful links', 'DNS control panel', 'dns');
+ }
+ addDashboardItem('Useful links', 'View or raise tickets', 'tickets');
+ addDashboardItem('Useful links', 'Support section', 'support');
+
+ if (HAS_HOSTING) { 
+  addDashboardItem('Frequently asked questions', 'What do I do if my site isn\'t working?', 'support/002');
+  addDashboardItem('Frequently asked questions', 'What does KiB/MiB/GiB mean?', 'support/003');
+  addDashboardItem('Frequently asked questions', 'How do I configure PHP for my site?', 'support/001');
+ }
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding invoices?', 'support/008');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/announcements.php');
+ require_once('pages/ticketoverview.php');
+ require_once('pages/supsearch.php');
+ 
+ require_once('lib/footer.php');
+
+
+?>

invoices.php

@@ -0,0 +1,20 @@
+<?PHP
+
+ require_once('lib/dashboard.php');
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/account.php');
+ 
+ define('TITLE', 'Invoices');
+ 
+ addDashboardItem('Frequently asked questions', 'How do I pay outstanding invoices?', 'support/008');
+ addDashboardItem('Useful links', 'Apply discount', 'discount');
+
+ require_once('lib/header.php');
+ 
+ require_once('pages/billing.php');
+ require_once('pages/packages.php');
+  
+ require_once('lib/footer.php');
+
+?>

ipn.php

@@ -0,0 +1,125 @@
+<?PHP
+
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+
+ // Log the transaction
+ $count = count(glob('/home/utd/public_html/ipn/*.html'));
+ $count++; $id = str_pad($count,5,'0',STR_PAD_LEFT); define('ID', $id);
+
+ $data = '<html><head><title>IPN Transaction details</title></head><body>';
+ $data .= '<h2>Post details</h2><table>';
+ foreach ($_POST as $k => $v) {
+  $data .= '<tr><td>'.htmlentities($k).'</td>';
+  $data .= '<td>'.htmlentities($v).'</td></tr>';
+ }
+ $data .= '</table><h2>Server details</h2><table>';
+ foreach ($_SERVER as $k => $v) {
+  if (is_array($v)) { continue; }
+  $data .= '<tr><td>'.htmlentities($k).'</td>';
+  $data .= '<td>'.htmlentities($v).'</td></tr>';
+ }
+ $data .= '</table></html>';
+
+ file_put_contents('/home/utd/public_html/ipn/'.ID.'.html', $data);
+
+ // Read the post from PayPal system and add 'cmd'
+ $req = 'cmd=_notify-validate';
+
+ foreach ($_POST as $key => $value) {
+  $value = urlencode(stripslashes($value));
+  $req .= "&$key=$value";
+ }
+
+ // Post back to PayPal system to validate
+ $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
+ $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
+ $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
+
+ $sb = '';
+
+ $fp = fsockopen ('www.'.$sb.'paypal.com', 80, $errno, $errstr, 30);
+ if (!$fp) { fail('Unable to connect to paypal'); }
+
+ // assign posted variables to local variables
+ $item_name = $_POST['item_name'];
+ $item_number = $_POST['item_number'];
+ $payment_status = $_POST['payment_status'];
+ $payment_amount = $_POST['mc_gross'];
+ $payment_currency = $_POST['mc_currency'];
+ $txn_id = $_POST['txn_id'];
+ $receiver_email = strtolower($_POST['receiver_email']);
+ $payer_email = $_POST['payer_email'];
+
+ function fail($m) {
+  logger::log(chr(2).'IPN'.chr(2).': Transaction '.ID.': Failure: '.$m, logger::important);
+  exit;
+ }
+ 
+ if (!$fp) {
+  fail('HTTP error when posting back: '.$errstr);
+ } else {
+  fputs ($fp, $header . $req);
+  while (!feof($fp)) {
+   $res = fgets ($fp, 1024);
+   if (strcmp ($res, "VERIFIED") == 0) {
+    // check the payment_status is Completed
+    if ($payment_status != 'Completed') {
+     fail('Payment status is '.$payment_status.' (expected "Completed")');
+    }
+
+    // check that txn_id has not been previously processed
+    // check that receiver_email is your Primary PayPal email
+    if ($receiver_email != 'chris87@gmail.com'
+	 && $receiver_email != 'accounts@utd-hosting.com') {
+     fail('Receiver is '.$receiver_email);
+    }
+
+    // check that payment_amount/payment_currency are correct
+    if ($payment_currency != 'GBP') {
+     fail('Invalid currency: '.$payment_currency);
+    }
+
+    $id = preg_replace('~^.*#([0-9]+)$~', '\1', $item_name);
+    if (!is_numeric($id)) {
+     fail('Unable to parse item_name: '.$item_name); 
+    }
+
+    $sql = 'SELECT user_id, user_name, bill_total, bill_paid';
+    $sql .= ' FROM bills NATURAL JOIN users WHERE bill_id = '.$id; 
+    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+    if (mysql_num_rows($res) == 1) {
+     $row = mysql_fetch_array($res);
+     $amount = $payment_amount * 100;
+     if ($amount != $row['bill_total'] || $row['bill_paid'] == 1) {
+      fail('bill_total is incorrect, or bill already paid'); 
+     }  
+
+     $sql = 'UPDATE bills SET bill_paid = 1 WHERE bill_id = '.$id;
+     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());
+
+     $sql = 'UPDATE userpackages, billitems, packages SET up_cost = package_cost, up_expires = up_expires + package_duration WHERE bill_id = '.$id.' AND userpackages.up_id = billitems.up_id AND packages.package_id = userpackages.package_id';
+     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());
+
+     $sql = 'SELECT finance_balance FROM finances ORDER BY finance_time DESC';
+     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());
+     $ro2 = mysql_fetch_array($res); $balance = $ro2[0];
+     $sql = 'INSERT INTO finances (finance_time, finance_desc, user_id,';
+     $sql .= ' finance_receipts, finance_payments, finance_balance) VALUES (';
+     $sql .= time().', \'Bill payment\', '.$row['user_id'].', ';
+     $sql .= $row['bill_amount'].', '.($_POST['mc_fee']*100).', ';
+     $sql .= ($balance+$row['bill_amount']-($_POST['mc_fee']*100)).')';
+     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());
+
+     logger::log('User '.chr(2).$row['user_name'].chr(2).': Bill '.$id.' paid.', logger::normal);
+    } else { 
+     fail('Bill not found: '.$id);
+    }
+   } else if (strcmp ($res, "INVALID") == 0) {
+    fail('INVALID REQUEST -- INVESTIGATE -- http://admin.utd-hosting.com/ipn/'.ID.'.html');
+   }
+  }
+  fclose ($fp);
+ }
+
+?>

lib/account.php

@@ -0,0 +1,192 @@
+<?PHP
+
+ require_once('lib/common.php');
+ require_once('lib/profiler.php');
+ require_once('lib/database.php');
+
+ // Check IP bans
+ $sql  = 'SELECT ipban_message, ipban_expires FROM ipbans WHERE ipban_ip = \'';
+ $sql .= m($_SERVER['REMOTE_ADDR']).'\' AND ipban_expires > '.time();
+ $res = mq($sql, __FILE__, __LINE__);
+ 
+ if (mysql_num_rows($res) > 0) {
+  if (!defined('FORBIDDEN')) {
+   header('Location: '.CP_PATH.'403');
+   exit;
+  } else {
+   $row = mysql_fetch_array($res);
+   define('REASON', $row['ipban_message']);
+   define('EXPIRES', $row['ipban_expires']);
+  }
+ }
+
+ // Check to see if they're logged in
+ if (!isset($_COOKIE['utdsid']) && !defined('NOLOGINREF')) {
+  header('Location: '.CP_PATH.'login');
+  exit;
+ }
+ 
+ // Prune old sessions
+ $sql  = 'DELETE FROM sessions WHERE session_last < '.(time()-60*60);
+ $sql .= ' OR session_start < '.(time()-60*60*24);
+ mq($sql, __FILE__, __LINE__); 
+
+ // Select the user's session
+ $sql  = 'SELECT user_id, user_pass, user_name, user_admin, user_tac, ';
+ $sql .= 'session_spoof FROM sessions NATURAL JOIN users WHERE session_ident ';
+ $sql .= '= \''.m($_COOKIE['utdsid']).'\'';
+
+ $res = mq($sql, __FILE__, __LINE__);
+
+ // Make sure it exists
+ if (mysql_num_rows($res) <> 1  && !defined('NOLOGINREF')) {
+  header('Location: '.CP_PATH.'login');
+  exit;
+ } elseif (mysql_num_rows($res) == 1) {
+  $row = mysql_fetch_array($res);
+
+  // Read the first line of the T&C (the version number)
+  $fh = fopen('/home/utd/common/tac.txt','r');
+  $tac = trim(fgets($fh));
+  fclose($fh);
+
+  // Check they've agreed to it
+  if ((int)$tac > (int)$row['user_tac'] && !defined('NOTACREF')) {
+   header('Location: '.CP_PATH.'tac');
+   exit;
+  }
+  
+  // Check to see if it's an admin spoofing a user
+  if ($row['session_spoof'] != '0' && $row['user_admin'] == '1') {
+   $sql  = 'SELECT user_id, user_pass, user_name, user_admin, user_tac FROM ';
+   $sql .= 'users WHERE user_id = '.m($row['session_spoof']);
+   $res  = mq($sql, __FILE__, __LINE__);
+   define('SPOOF', $row['user_id']);
+   $row  = mysql_fetch_array($res);
+  }
+
+  // Define some nice constants
+  define('USER', $row[2]);
+  define('PASS', $row[1]);
+  define('UID', $row[0]);
+  define('TAC', $row[4]);
+  if ($row[3] == '1') { define('ADMIN', True); }
+
+  // Let's see what packages they have access to
+  $sql  = 'SELECT package_type FROM userpackages NATURAL JOIN packages WHERE ';
+  $sql .= 'user_id = '.UID.' AND up_active = 1';
+  $res  = mq($sql, __FILE__, __LINE__);
+  $packages = array('hosting'=>false,'dns'=>false,'backup'=>false,'ssh'=>false);
+  while ($row = mysql_fetch_array($res)) {
+   $packages[($row['package_type'])] = true;
+  }
+  foreach ($packages as $key=>$value) {
+   define('HAS_'.strtoupper($key),$value);
+  }
+ }
+
+ // Function to change a user's password
+ function changePass ($uid, $newpass) {
+  $sql = 'SELECT user_name FROM users WHERE user_id = '.m($uid);
+  $res = mq($sql, __FILE__, __LINE__);
+  $row = mysql_fetch_array($res);
+  $uname = $row[0];
+
+  $sql  = 'UPDATE users SET user_pass = \''.md5($uname.$newpass).'\' WHERE '; 
+  $sql .= 'user_name = \''.m($uname).'\'';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+
+  $sql  = 'SET PASSWORD FOR \''.m($uname).'\'@\'localhost\' = PASSWORD(\'';
+  $sql .= md5($uname.$newpass).'\')';
+  $l = mysql_connect('localhost', 'root', 'mysql32159');;
+  mysql_select_db('admin', $l);
+  mq($sql,$l) or mf(__FILE__, __LINE__, $sql);
+  mysql_close($l);
+  $_redodb = true; require('/home/utd/control/lib/database.php'); unset($_redodb);
+
+  $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';
+  $sql .= m($uid).', \'pass\', \''.m($newpass).'\')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+ }
+
+ function addUser ($username, $email, $pass, $tac, $slots = 1) {
+  if (!ctype_digit($slots) || $slots < 1 || $slots > 3) {
+   $slots = 1;
+  }
+
+  $sql  = 'INSERT INTO users (user_name, user_pass, user_email, user_tac, ';
+  $sql .= 'band_total, hdd_total) VALUES (\''.m($username).'\', \'invalid\'';
+  $sql .= ', \''.m($email).'\', '.((int)$tac).', '.(50000000000*$slots).', ';
+  $sql .= (3500000000*$slots).')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+  $uid = mysql_insert_id();
+
+  $sql  = 'GRANT USAGE ON *.* TO \''.m($username).'\'@\'localhost\' IDENTIFIED';
+  $sql .= 'BY \'dummypass123445\'';
+  $l = mysql_connect('localhost', 'root', 'mysql32159');;
+  mysql_select_db('admin', $l);
+  mq($sql,$l) or mf(__FILE__, __LINE__, $sql);
+  mysql_close($l);
+  $_redodb = true; require('/home/utd/control/lib/database.php'); unset($_redodb);
+
+  $fqdn = m($username.'.utd-hosting.com');
+
+  $sql  = 'INSERT INTO domains (user_id, domain_name, domain_enabled, domain_parent) VALUES (';
+  $sql .= (int)$uid.', \''.$fqdn.'\', 1, 16)';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+  $domain = mysql_insert_id();
+
+  $docroot = m('/home/'.$username.'/public_html');
+  $sql  = 'INSERT INTO sites (user_id, site_name, site_docroot, ';
+  $sql .= 'site_curdocroot) VALUES ('.(int)$uid.', \''.$fqdn;
+  $sql .= '\', \''.$docroot.'\', \''.$docroot.'\')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+  $site = mysql_insert_id();
+
+  $sql  = 'INSERT INTO records (domain_id, record_type, record_value) VALUES (';
+  $sql .= (int)$domain.', \'UTD\', \''.(int)$site.'\')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+
+  $sql  = 'INSERT INTO billing (bill_due, user_id, bill_paid, bill_amount) ';
+  $sql .= ' VALUES ('.time().', '.(int)$uid.', 1, '.(3500*$slots).')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+
+  $sql  = 'INSERT INTO actions (user_id, action_type, action_value) VALUES (';
+  $sql .= (int)$uid.', \'create\', \'...\')';
+  mq($sql) or mf(__FILE__, __LINE__, $sql);
+
+  changePass($uid, $pass);
+ }
+
+ // Returns true if $pass is complex enough, or an error message if not
+ function validPass ($pass) {
+  if (preg_match('/[a-z]/',$pass)) {
+   if (preg_match('/[A-Z]/',$pass)) {
+    if (preg_match('/[0-9]/', $pass)) {
+     if (strlen($pass) < 5 || strlen($pass) > 20) {
+      return 'Please ensure your password is 5-20 characters long';
+     } else {
+      return true;
+     }
+    } else {
+     return 'Please ensure your password includes some numbers';
+    }
+   } else {
+    return 'Please ensure your password includes some uppercase letters';
+   }
+  } else {
+   return 'Please ensure your password includes some lowercase letters';
+  }
+ }
+
+ function checkAccess($conditions) {
+  if ($conditions !== true) {
+   define('REASON', 'Insufficient access'); 
+   require('403.php');
+   exit(); 
+  }
+ }
+ 
+ define('LIB_ACCOUNT', true);
+
+?>

lib/bandwidth.php

@@ -0,0 +1,42 @@
+<?PHP
+
+ if (defined('NOBILLREF')) { return; }
+
+ require_once('lib/profiler.php');
+
+ $sql = 'SELECT band_total, band_used, hdd_total, hdd_used FROM users WHERE user_id = '.UID;
+ $ress = mq($sql, __FILE__, __LINE__);
+ $row = mysql_fetch_array($ress);
+
+ $used = round($row[1] * (150/($row[0])),0);
+ $free = 150 - $used;
+
+ $hused = round($row[3] * (150/($row[2])),0);
+ $hfree = 150 - $hused;
+
+ $sql  = 'SELECT MIN(up_expires) FROM userpackages WHERE';
+ $sql .= ' user_id = '.UID.' AND up_invoice = 1 AND up_active = 1';
+ $ress = mq($sql, __FILE__, __LINE__);
+ $pay = mysql_fetch_array($ress);
+ $next = $pay[0];
+?>
+<table id="bandwidth" class="righthead">
+ <tr>
+  <th>Bandwidth</th>
+  <td>
+   <img src="<?PHP echo CP_PATH; ?>res/bandout-001.png" alt="[Red]" title="Bandwidth used" width="<?PHP echo $used; ?>" height="10"><img src="<?PHP echo CP_PATH; ?>res/bandfree-001.png" alt="[Green]" title="Free bandwidth" width="<?PHP echo $free; ?>" height="10">
+  </td>
+  <td><?PHP echo niceSize($row[1]).' / '.niceSize($row[0]); ?></td>
+ </tr>
+ <tr>
+  <th>Hard drive</th>
+  <td>
+   <img src="<?PHP echo CP_PATH; ?>res/bandout-001.png" alt="[Red]" title="Hard drive space used" width="<?PHP echo $hused; ?>" height="10"><img src="<?PHP echo CP_PATH; ?>res/bandfree-001.png" alt="[Green]" title="Free space" width="<?PHP echo $hfree; ?>" height="10">
+  </td>
+  <td><?PHP echo niceSize($row[3]).' / '.niceSize($row[2]); ?></td>
+ </tr>
+ <tr>
+  <th>Next payment</th>
+  <td colspan="2" style="text-align: center"><?PHP echo date('l, jS F, Y', $next); ?></td>
+ </tr>
+</table>

lib/common.php

@@ -0,0 +1,96 @@
+<?PHP
+
+ if (strpos(__FILE__, 'control-dev') !== false) {
+  define('CP_PATH', '/dev/');
+  define('DEVELOPMENT', True);
+ } else {
+  define('CP_PATH', '/control/');
+  define('DEVELOPMENT', False);
+ }
+
+ require_once('lib/database.php');
+ require_once('lib/log.php');
+ 
+ function NiceSize($bytes) {
+  $sizes = array();
+  $sizes[1024] = ' <abbr title="Kibibytes">KiB</abbr>';
+  $sizes[(1024*1024)] = ' <abbr title="Mebibytes">MiB</abbr>';
+  $sizes[(1024*1024*1024)] = ' <abbr title="Gibibytes">GiB</abbr>';
+  krsort($sizes);
+  foreach ($sizes as $val => $name) {
+   if ($bytes > ($val * 1.2)) {
+    return round($bytes/$val, 2).$name;
+   }
+  }
+  return $bytes.' <abbr title="Bytes">B</abbr>';
+ }
+ 
+ function h ($text) { return htmlspecialchars($text); } 
+ function m ($a) { return mysql_real_escape_string($a); }
+ function l ($message, $uid = false) { 
+  logger::log($message, $uid);
+ }
+
+ function botlog ($message) {
+  logger::log($message);
+ }
+
+ function bfc ($ip) {
+  if (file_exists('/home/utd/bruteforce.dat')) {
+   $data = unserialize(file_get_contents('/home/utd/bruteforce.dat'));
+  } else {
+   $data = array();
+  }
+  foreach ($data as $uip => $attempts) {
+   foreach ($attempts as $id => $time) {
+    if ($time < time()-1800) { unset($data[$uip][$id]); }
+   }
+   if (count($data[$uip]) == 0) { unset($data[$uip]); }
+  }
+  if (!isset($data[$ip])) { $data[$ip] = array(); }
+  $data[$ip][] = time();
+  file_put_contents('/home/utd/bruteforce.dat', serialize($data));
+  if (count($data[$ip]) > 4) {
+   $sql  = 'INSERT INTO ipbans (ipban_ip, ipban_expires, ipban_message) ';
+   $sql .= 'VALUES (\''.m($ip).'\', '.(time()+60*60*24).', \'Too many login';
+   $sql .= ' attempts.\')';
+   mysql_query($sql);
+   logger::log('Placing IP ban on '.$ip.' for bruteforcing',logger::important);
+   header('Location: '.CP_PATH.'403');
+   exit;
+  }
+ }
+
+ function duration ($secs, $dopast = false) {
+  $res = '';
+  $times = array();
+  $times['year'] = (60*60*24*365);
+  $times['month'] = (60*60*24*30);
+  $times['week'] = (60*60*24*7);
+  $times['day'] = (60*60*24);
+  $times['hour'] = (60*60);
+  if ($secs < $times['hour']) { $times['minute'] = 60; }
+  if ($secs < $times['minute']) { $times['second'] = 1; }
+
+  foreach ($times as $name => $val) {
+   if ($secs >= $val) {
+    $years = floor($secs/$val);
+    $res .= ', '.$years.' '.$name.(($years!=1)?'s':'');
+    $secs = $secs % $val;
+   }
+  }
+
+  $res = substr($res, 2);
+
+  if ($res == '' && $dopast === true) {
+   $res = 'now';
+  } elseif ($res == '' && $dopast == '0') {
+   $res = '0 seconds';
+  }
+
+  return $res;
+ }
+ 
+ define('LIB_COMMON', true);
+
+?>

lib/dashboard.php

@@ -0,0 +1,47 @@
+<?PHP
+
+if (defined('LIB_DASHBOARD')) { return; }
+
+$dbitems = array();
+
+function addDashboardItem ($category, $title, $url) {
+  global $dbitems;
+  
+  if (!isset($dbitems[$category])) {
+    $dbitems[$category] = array();
+  }
+  
+  $dbitems[$category][$title] = $url;
+}
+
+function generateDashboard () {
+  global $dbitems;
+  
+  ksort($dbitems);
+  
+  foreach ($dbitems as $k => $v) { ksort($dbitems[$k]); }
+  
+  echo '<div id="dashboard">';
+  
+  foreach ($dbitems as $category => $data) {
+    echo '<h2>'.$category.'</h2><ul>';  
+    foreach ($data as $title => $url) {
+      if ($url[0] != '#' && substr($url,0,7) != 'http://' && substr($url,0,8) != 'https://') { 
+	    $url = CP_PATH.$url;
+      }
+      echo '<li><a href="'.htmlspecialchars($url).'"';
+      if ($title[0] == '*') {
+       echo ' style="font-weight: bold;"';
+       $title = substr($title, 1);
+      }
+      echo '>'.$title.'</a></li>';
+    }
+    echo '</ul>';
+  }
+  
+  echo '</div>';
+}
+
+define('LIB_DASHBOARD', true);
+
+?>

lib/database.php

@@ -0,0 +1,19 @@
+<?PHP
+
+ if (defined('LIB_DB') && !isset($_redodb)) { return; }
+
+ require_once('lib/profiler.php');
+ require_once('lib/log.php');
+
+ mysql_connect('localhost', '', '');
+ mysql_select_db('');
+
+ if (!function_exists('mf')) {
+  function mf ($file, $line, $sql) {
+   logger::log($file.'<'.$line.'>: MySQL query failed: '.mysql_error().' [SQL: '.$sql.']', logger::important);
+  }
+ }
+
+ define('LIB_DB', true);
+
+?>

lib/footer.php

@@ -0,0 +1,11 @@
+<?PHP
+ if (DEVELOPMENT) {
+#  require_once('pages/profiler.php');
+ }
+?>
+  <div id="footer">
+   &copy; Copyright UTD-Hosting, 2005-2007, all rights reserved.
+   Release 5.
+  </div>
+ </body>
+</html>

lib/header.php

@@ -0,0 +1,75 @@
+<?PHP
+
+ require_once('lib/common.php'); 
+ require_once('lib/profiler.php');
+ require_once('lib/account.php'); 
+ require_once('lib/dashboard.php'); 
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+  <title>UTD-Hosting :: <?PHP echo TITLE; ?></title>
+  <link rel="stylesheet" type="text/css" href="<?PHP echo CP_PATH; ?>res/style-002.css">
+  <script src="<?PHP echo CP_PATH; ?>res/script-001.js" type="text/javascript"></script>
+ </head>
+ <body>
+  <div id="header">
+   <h1><img src="<?PHP echo CP_PATH; ?>res/logo-001.png" alt="UTD-Hosting" title="UTD-Hosting"></h1>
+  </div>
+<?PHP
+
+ if (DEVELOPMENT) { echo '<div id="dev">Development version</div>'; }
+
+ if (defined('USER')) { require_once('lib/bandwidth.php'); }
+
+?>  
+  <div id="menu">
+   <div id="menuleft">
+    <?PHP if (defined('USER') && !defined('NOBILLREF')) { ?>
+    <a href="<?PHP echo CP_PATH; ?>">Account overview</a> |
+    <?PHP if (HAS_DNS || HAS_HOSTING) { ?>
+     <a href="<?PHP echo CP_PATH; ?>domains">Domains</a> |
+    <?PHP } ?>
+    <?PHP if (HAS_DNS) { ?>
+     <a href="<?PHP echo CP_PATH; ?>dns">DNS</a> |
+    <?PHP } ?>
+    <?PHP if (HAS_HOSTING) { ?>
+     <a href="<?PHP echo CP_PATH; ?>email">E-mail</a> |
+     <a href="<?PHP echo CP_PATH; ?>database">Databases</a> |
+     <a href="<?PHP echo CP_PATH; ?>sites">Sites</a> |
+    <?PHP } ?>
+    <?PHP if (HAS_SSH) { ?>
+     <a href="<?PHP echo CP_PATH; ?>ssh">SSH</a> |
+    <?PHP } ?>
+    <a href="<?PHP echo CP_PATH; ?>tickets">Tickets</a>
+    <?PHP } else { ?>
+    UTD-Hosting control panel
+    <?PHP } ?>
+   </div>
+   <div id="menuright">
+    <?PHP if (defined('USER') && !defined('NOBILLREF')) { ?>
+    <a href="<?PHP echo CP_PATH; ?>account">My Account</a> |
+    <a href="<?PHP echo CP_PATH; ?>invoices">My Invoices</a> |
+    <a href="<?PHP echo CP_PATH; ?>support">Support</a> |
+    <?PHP if (defined('ADMIN') && ADMIN) { ?>
+    <a href="<?PHP echo CP_PATH; ?>admin" style="font-weight: bold;">Admin</a> |
+    <?PHP } ?>
+    <a href="<?PHP echo CP_PATH; ?>logout">Log out</a>
+    <?PHP } else { ?>
+    <a href="<?PHP echo CP_PATH; ?>support">Support</a> 
+    <?PHP if (!defined('USER')) { ?>
+     | <a href="<?PHP echo CP_PATH; ?>login">Log in</a>
+    <?PHP } else { ?>
+     | <a href="<?PHP echo CP_PATH; ?>billing" style="font-weight: bold;">Billing</a>
+    <?PHP } } ?>
+   </div>
+  </div>
+  <?PHP generateDashboard(); ?>
+  <?PHP if (defined('MESSAGE')) { ?>
+  <div id="message">
+   <div>
+    <?PHP echo MESSAGE; ?>
+   </div>
+  </div>
+  <?PHP } ?>

lib/log.php

@@ -0,0 +1,65 @@
+<?PHP
+
+ require_once('lib/database.php');
+
+ class logger {
+
+  const unknown = "'unknown'";
+  const critical = "'critical'";
+  const important = "'important'";
+  const normal = "'normal'";
+  const information = "'info'";
+  const info = "'info'";
+
+  static function log ($message, $uid = false, $level = logger::unknown) {
+   if ($uid !== false && !ctype_digit((string)$uid)) {
+    $temp = $level;
+    $level = $uid;
+    $uid = $temp;
+   }
+
+   if ($uid === false || !ctype_digit((string)$uid)) {
+    if (defined('UID')) { $uid = UID; } else { $uid = 5; }
+   }
+
+   if (DEVELOPMENT) {
+    $message = 'DEV: '.$message;
+   }
+
+   $sql  = 'INSERT INTO log (user_id, log_level, log_time, log_message) ';
+   $sql .= 'VALUES('.$uid.', '.$level.', '.time().', \''.m($message).'\')';
+   mysql_query($sql);
+
+   $botmsg = '';
+   switch ($level) {
+    case self::critical:
+     $botmsg = chr(2).chr(3).'4CRITICAL:'.chr(3).chr(2); break;
+    case self::important:
+     $botmsg = chr(2).'IMPORTANT:'.chr(2); break;
+    case self::normal:
+     $botmsg = 'NORMAL:'; break;
+    case self::unknown:
+     $botmsg = 'UNKNOWN:'; break;
+    case self::information:
+     $botmsg = chr(3).'14INFORMATION:'.chr(3); break;
+   }
+
+   if ($uid != 5) {
+    $sql = 'SELECT user_name FROM users WHERE user_id = '.$uid;
+    $res = mysql_query($sql);
+    $row = mysql_fetch_array($res);
+    $botmsg .= ' User '.$row['user_name'].':';
+   }
+
+   $botmsg .= ' '.$message;
+
+   if ($fh = @fsockopen('utd-hosting.com',3302,$errno,$errstr,0.1)) {
+    fputs($fh, '... #utd.staff '.$botmsg."\r\n");
+    fclose($fh);
+   }
+
+  } 
+
+ }
+
+?>

lib/profiler.php

@@ -0,0 +1,26 @@
+<?php
+
+ require_once('lib/common.php');
+
+ if (DEVELOPMENT) {
+  $_queries = array();
+ }
+
+ function mq($sql, $file = '/home/utd/control-dev/Unknown', $line = 'Unknown') {
+  if (DEVELOPMENT) {
+   $start = microtime(true);
+  }
+
+  $res = mysql_query($sql) or mf($file, $line, $sql);
+
+  if (DEVELOPMENT) {
+   $end = microtime(true);
+   
+   global $_queries;
+   $_queries[] = array($sql, $end - $start, $file, $line);
+  }
+
+  return $res;
+ }
+
+?>

login.php

@@ -0,0 +1,67 @@
+<?PHP
+
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/dashboard.php');
+ 
+ define('NOLOGINREF', true); // So we don't go round in circles
+
+ require_once('lib/account.php');
+
+ if (isset($_POST['username']) && isset($_POST['password'])) {
+   
+   $pass = md5($_POST['username'].$_POST['password']);
+   $user = mysql_real_escape_string($_POST['username']);
+
+   $sql = 'SELECT user_id FROM users WHERE user_name = \''.$user.'\' AND user_pass = \''.$pass.'\'';
+   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+   if (mysql_num_rows($res) == 1) {
+     $row = mysql_fetch_array($res);
+     $uid = $row['user_id'];
+     $sip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
+
+     $sql  = 'INSERT INTO sessions (user_id, session_ip, session_start, session_last';
+     $sql .= ',session_ident) VALUES ('.$uid.', \''.$sip.'\', '.time().', '.time();
+     $sql .= ', \'null\')';
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+     $id = mysql_insert_id();
+
+     $sid = md5($uid.$sip.$id);
+
+     $sql = 'UPDATE sessions SET session_ident = \''.$sid.'\' WHERE session_id = '.$id;
+     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+     setcookie('utdsid', $sid, time()+60*60*24, '/');
+     logger::log('Login from '.$_SERVER['REMOTE_ADDR'],$uid,logger::information);
+ 
+     header('Location: '.CP_PATH);
+   } else {
+     $sql = 'SELECT user_pass FROM users WHERE user_name = \''.m($_POST['username']).'\'';
+     $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+     $row = mysql_fetch_array($res);
+     if ($row['user_pass']{0} == '!') {
+      define('MESSAGE', 'This account is locked. Please contact support@utd-hosting.com for assistance.');
+      logger::log('Log in attempt for locked account '.$_POST['username'].' by '.$_SERVER['REMOTE_ADDR'], logger::normal);
+     } else {
+      define('MESSAGE', 'Invalid username/password combination');
+      logger::log('Invalid login attempt for user '.$_POST['username'].' by '.$_SERVER['REMOTE_ADDR'], logger::normal); 
+      bfc($_SERVER['REMOTE_ADDR']);
+     }
+   }
+   
+ }
+ 
+ addDashboardItem('Useful links', 'Recover password', 'recoverpw');
+ addDashboardItem('Frequently asked questions', 'Can I give other users access to my control panel?', 'support/006');
+ addDashboardItem('Frequently asked questions', 'What do I do if I forget my username?', 'support/007');
+ addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005');
+
+ define('TITLE', 'Login');
+ 
+ require_once('lib/header.php');
+ require_once('pages/login.php');
+ require_once('lib/footer.php');
+
+?>

logout.php

@@ -0,0 +1,24 @@
+<?PHP
+ 
+ define('NOLOGINREF', true); // So we don't go round in circles
+ define('NOTACREF', true);
+
+ require_once('lib/common.php');
+ require_once('lib/database.php');
+ require_once('lib/account.php');
+
+ if (defined('SPOOF')) {
+  $sql  = 'UPDATE sessions SET session_spoof = 0 WHERE session_ident = \'';
+  $sql .= m($_COOKIE['utdsid']).'\'';
+  mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  logger::log('Stopped spoofing user '.USER, logger::normal, SPOOF);
+  header('Location: '.CP_PATH);
+  exit;
+ } else {
+  logger::log('Manual logout',logger::info);
+  setcookie('utdsid','', time()-24*24*60, '/');
+  header('Location: '.CP_PATH.'login');
+  exit;
+ }
+ 
+?>

pages/adddomain.php

@@ -0,0 +1,66 @@
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name FROM domains WHERE domain_enabled = 1 AND user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) > 0) {
+?>
+<form name="submd" action="<?PHP echo CP_PATH; ?>domains" method="post" onSubmit="return validateSubdomainForm();">
+<input type="hidden" name="action" value="addsub">
+<div class="block">
+ <h2>Add a new subdomain</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   You can add a new subdomain to any of your existing domains. Subdomains
+   are added instantly, and you can use them right away. You will need to
+   make sure that the subdomain resolves to the correct IP address.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <td><input type="text" name="subdomain" id="subdomain" class="inflat" style="width: 120px;"></td>
+    <td style="width: 10px;">.</td>
+    <td>
+     <select name="subdomaind" id="subdomaind" style="inflat">
+<?PHP
+
+ while ($row = mysql_fetch_array($res)) { 
+  if (strpos($row['domain_name'],'*')) { continue; }
+  echo '<option value="'.$row['domain_id'].'">'.$row['domain_name'].'</option>';
+ }
+
+?>
+     </select>
+    </td>
+    <td style="width:100%;"><span id="subdomainerr" class="validation"></span></td>
+   </tr>
+   <tr><td colspan="3" style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>
+<?PHP } ?>
+<form name="md" action="<?PHP echo CP_PATH; ?>domains" method="post" onSubmit="return validateDomainForm();">
+<input type="hidden" name="action" value="add">
+<div class="block">
+ <h2>Add a new domain</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   Before you can use a new domain, a UTD-Hosting staff member will have to confirm that the
+   domain belongs to you. This is to ensure that other customers do not "steal" your domains,
+   and vice-versa.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <td><input type="text" name="domain" id="domain" class="inflat" style="width: 120px;"></td>
+    <td style="width:100%;"><span id="domainerr" class="validation"></span></td>
+   </tr>
+   <tr><td style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>
+

pages/addemail.php

@@ -0,0 +1,56 @@
+<form action="<?PHP echo CP_PATH; ?>email" method="post">
+<div class="block">
+ <h2>Add e-mail address</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   This will associated an e-mail address with an existing mailbox. 
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <th>E-Mail address</th>
+    <td><input type="text" name="email_user" class="inflat"> @
+<select name="email_domain" class="inflat">
+<?PHP
+
+ $sql = 'SELECT domain_name, domain_id FROM domains WHERE user_id = '.UID.' AND domain_enabled = 1 ORDER BY domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $found = false;
+ while ($row = mysql_fetch_array($res)) {
+  $found = true;
+  echo '<option value="'.$row['domain_id'].'">'.h($row['domain_name']).'</option>';
+ }
+ if (!$found) { echo '<option value="err">&lt;No domains&gt;</option>'; }
+
+?>
+    </select></td>
+   </tr>
+   <tr>
+    <th>Mailbox</th>
+    <td><select name="email_mailbox" class="inflat">
+<?PHP
+
+ $sql = 'SELECT mailbox_id, mailbox_user, domain_name FROM mailboxes NATURAL JOIN domains WHERE user_id = '.UID.' ORDER BY mailbox_user, domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ if (mysql_num_rows($res) == 0) {
+  echo '<option value="err">&lt;No mailboxes&gt;</option>'; 
+ } else {
+  while ($row = mysql_fetch_assoc($res)) {
+   echo '<option value="'.$row['mailbox_id'].'">';
+   echo h($row['mailbox_user'] . '@' . $row['domain_name']);
+   echo '</option>';
+  }
+ }
+
+?>
+    </select></td>
+   </tr>
+   <tr>
+    <th>Actions</th>
+    <td><input type="submit" value="Add"> <input type="reset" value="Cancel"></td>
+    <td></td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/addmailbox.php

@@ -0,0 +1,45 @@
+<form action="<?PHP echo CP_PATH; ?>email" method="post">
+<div class="block">
+ <h2>Add mailbox</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   This will create a new mailbox. For more information on how mailboxes and
+   e-mail addresses work, see <a href="<?PHP echo CP_PATH; ?>support/027">this
+   support article</a>. 
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <th>Mailbox name</th>
+    <td><input type="text" name="mailbox_user" class="inflat"> @
+<select name="mailbox_domain" class="inflat">
+<?PHP
+
+ $sql = 'SELECT domain_name, domain_id FROM domains WHERE user_id = '.UID.' AND domain_enabled = 1 ORDER BY domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $found = false;
+ while ($row = mysql_fetch_array($res)) {
+  $found = true;
+  echo '<option value="'.$row['domain_id'].'">'.h($row['domain_name']).'</option>';
+ }
+ if (!$found) { echo '<option value="err">&lt;No domains&gt;</option>'; }
+
+?>
+    </select></td>
+   </tr>
+   <tr>
+    <th>Mailbox password</th>
+    <td><input type="password" name="mailbox_pass1" class="inflat"></td>
+   </tr>
+   <tr>
+    <th>Confirm password</th>
+    <td><input type="password" name="mailbox_pass2" class="inflat"></td>
+   </tr>
+   <tr>
+    <th>Actions</th>
+    <td><input type="submit" value="Add"> <input type="reset" value="Cancel"></td>
+    <td></td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/addsite.php

@@ -0,0 +1,45 @@
+<form action="<?PHP echo CP_PATH; ?>addsite" method="post">
+<div class="block">
+ <h2>Add site</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   This will create a new site. If your domain name (or subdomain) is not
+   listed, please ensure that you have added it to the <a href="<?PHP echo CP_PATH; ?>domains">domains page</a>, and that it is not associated with an existing site.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <th>Primary domain</th>
+    <td><select name="domain" class="inflat">
+<?PHP
+
+ $sql = 'SELECT domain_name, domain_id FROM domains WHERE user_id = '.UID.' AND domain_enabled = 1';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $found = false;
+ while ($row = mysql_fetch_array($res)) {
+  $sql = 'SELECT record_value FROM records WHERE domain_id = '.$row['domain_id'].' AND record_type = \'UTD\'';
+  $re2 = mysql_query($sql) or mf(__FILE__, __LINE__, $sql); 
+  if (mysql_num_rows($re2) == 0) {
+   $found = true;
+   echo '<option value="'.$row['domain_id'].'">'.h($row['domain_name']).'</option>';
+  }
+ }
+ if (!$found) { echo '<option value="err">&lt;No domains&gt;</option>'; }
+
+?>
+    </select></td>
+    <td><a href="<?PHP echo CP_PATH; ?>support/018">Help</a></td>
+   </tr>
+   <tr>
+    <th>Document root</th>
+    <td><input type="text" name="docroot" value="/public_html" class="inflat"></td>
+    <td><a href="<?PHP echo CP_PATH; ?>support/015">Help</a></td>
+   </tr>
+   <tr>
+    <th>Actions</th>
+    <td><input type="submit" value="Add"> <input type="reset" value="Cancel"></td>
+    <td></td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/admin.actions.php

@@ -0,0 +1,36 @@
+<?PHP
+ require_once('lib/database.php'); 
+ require_once('lib/common.php'); 
+?>
+<div class="block">
+<form action="<?PHP echo CP_PATH; ?>admin" method="post">
+ <h2>ADMIN: Schedule actions</h2>
+ <table class="innerblock">
+  <tr>
+   <th>Service</th>
+   <th>Update config</th>
+   <th>Restart</th>
+  </tr>
+<?PHP
+
+ $services = array('apache', 'bind', 'postfix', 'sshkeys');
+
+ $i = 0;
+
+ foreach ($services as $service) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo ucfirst($service); ?></td>
+   <td><input type="submit" name="<?PHP echo $service; ?>_updateconf" value="Update config"></td>
+   <td><input type="submit" name="<?PHP echo $service; ?>_restart" value="Restart" <?PHP
+    if ($service == 'sshkeys') { echo ' disabled="disabled"'; }
+   ?>></td>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+ </form>
+</div>

pages/admin.addannouncement.php

@@ -0,0 +1,40 @@
+<form action="<?PHP echo CP_PATH; ?>adminannouncements" method="post">
+<div class="block">
+ <h2>ADMIN: Create message</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   You must preview announcements before submitting. Announcements
+   will be e-mailed to users who have opted to receive them as soon as the
+   announcement is submitted.
+  </p>
+  <table class="form leftpad"> 
+   <tr>
+    <th>Title</th>
+    <td><input type="text" name="title" id="title" class="inflat"<?PHP if (isset($_POST['title'])) { echo ' value="'.h($_POST['title']).'"'; } ?>></td>
+   </tr><tr>
+    <th>Type</th>
+    <td><select name="type" class="inflat">
+     <option value="admin"<?PHP if ($_POST['type'] == 'admin') { echo ' selected="selected"'; } ?>>Admin</option>
+     <option value="announcement"<?PHP if ($_POST['type'] == 'announcement') { echo ' selected="selected"'; } ?>>Announcement</option>
+     <option value="information"<?PHP if ($_POST['type'] == 'information') { echo ' selected="selected"'; } ?>>Information</option>
+    </select></td>
+   </tr><tr>
+    <th width="10%">Body</th>
+    <td><textarea name="body" id="body" class="inflat"><?PHP
+     if (isset($_POST['body'])) { echo h($_POST['body']); }
+    ?></textarea></td>
+   </tr><tr>
+     <td colspan="2" style="text-align: right;">
+      <input type="reset" value="Reset">
+<?PHP if (defined('MESSAGE_BODY')) { ?>
+      <input type="submit" name="submit" value="Submit">
+<?PHP } else { ?>
+      <input type="submit" name="preview" value="Preview">
+<?PHP } ?>
+     </td>
+     <td width="100%">&nbsp;</td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/admin.adddiscount.php

@@ -0,0 +1,99 @@
+<?PHP
+
+ function randLetter($set) {
+  global $codes;
+  $num = rand(65,90);
+  $codes[$set] += $num - 65;
+  return chr($num);
+ }
+
+ do {
+  $codes = array();
+  for ($i = 0; $i < 4; $i++) {
+   for ($j = 0; $j < 4; $j++) {
+    $code .= randLetter($i);
+   }
+   $code .= '-';
+  }
+
+  for ($i = 0; $i < 4; $i++) {
+   $code .= chr(($codes[$i] % 26) + 65);
+  }
+
+  $sql  = 'SELECT discount_code FROM discounts WHERE discount_code = ';
+  $sql .= '\'' . m($code) . '\'';
+  $res  = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ } while (mysql_num_rows($res) != 0);
+?>
+<form action="<?PHP echo CP_PATH; ?>admindiscounts" method="post">
+<input type="hidden" name="code" value="<?PHP echo $code; ?>">
+<div class="block">
+ <h2>ADMIN: Add discount</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   The discount message may be blank. If non-blank it is displayed immediately
+   after the discount applied message (so you may want to start messages with
+   <code>&lt;br&gt;&lt;br&gt;</code> &mdash; HTML is allowed).
+  </p>
+  <table class="form leftpad" style="width: auto;"> 
+   <tr>
+    <th>Code</th>
+    <td><input type="text" name="codeinput" class="inflat" value="<?PHP echo $code; ?>" disabled="disabled" style="width: 352px;"></td>
+   </tr><tr>
+    <th>Message</th>
+    <td><input type="text" name="message" class="inflat" style="width: 352px;"></td>
+   </tr><tr>
+    <th>Valid period</th>
+    <td>
+     <input type="text" class="inflat" name="from" value="now">
+     <input type="text" class="inflat" name="to" value="+1 month">
+    </td>
+   </tr><tr>
+    <th>Time</th>
+    <td>
+     <input type="text" name="timequant" value="0" class="inflat">
+     <select name="timeunit" class="inflat">
+      <option value="1">Seconds</option>
+      <option value="60">Minutes</option>
+      <option value="3600">Hours</option>
+      <option value="86400">Days</option>
+      <option value="2592000">Months</option>
+      <option value="31536000">Years</option>
+     </select>
+    </tr>
+   </tr><tr>
+    <th>Money (pence)</th>
+    <td><input type="text" name="money" value="0" class="inflat"></td>
+   </tr><tr>
+    <th>Type</th>
+    <td>
+     <select name="type" class="inflat">
+      <option value="general">General</option>
+      <option value="signup">Signup</option>
+     </select>
+    </td>
+   </tr><tr>
+    <th>Package</th>
+    <td>
+     <select name="package" class="inflat">
+<?PHP
+
+ $sql = 'SELECT package_id, package_name FROM packages ORDER BY package_name';
+ $res = mysql_query($sql);
+ while ($row = mysql_fetch_assoc($res)) {
+  echo '<option value="'.$row['package_id'].'">'.h($row['package_name']);
+  echo '</option>';
+ }
+?>
+     </select>
+    </td>
+   </tr><tr>
+     <td colspan="2" style="text-align: right;">
+      <input type="reset" value="Reset">
+      <input type="submit" name="submit" value="Submit">
+     </td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/admin.addfinances.php

@@ -0,0 +1,44 @@
+<form action="." method="post">
+<div class="block" id="add">
+ <h2>Add transaction</h2>
+ <div class="innerblock">
+  <table class="form">
+   <tr>
+    <th>Date</th>
+    <td>
+     <input type="text" name="date" value="<?PHP echo date('Y-m-d'); ?>" class="inflat">
+    </td>
+   </tr>
+   <tr>
+    <th>Description</th>
+    <td>
+     <input type="text" name="desc" class="inflat">
+    </td>
+   </tr>
+   <tr>
+    <th>User</th>
+    <td>
+     <select name="user" class="inflat">
+      <option value="5">N/A</option>
+<?PHP
+
+ $sql = 'SELECT user_id, user_name FROM users WHERE user_pass != \'invalid\' ORDER BY user_name';
+ $res = mysql_query($sql);
+ while ($row = mysql_fetch_array($res)) {
+  echo '<option value="'.$row[0].'">'.$row[1].'</option>';
+ }
+?>
+     </select>
+    </td>
+   </tr>
+   <tr>
+    <th>Amount</th>
+    <td><input type="text" name="amount" value="35" class="inflat"></td>
+   </tr>
+   <tr>
+    <td></td><td><input type="submit" value="Add"></td>
+   </tr>
+  </table>
+ </div>
+</div>
+</form>

pages/admin.addipban.php

@@ -0,0 +1,30 @@
+<form action="<?PHP echo CP_PATH; ?>adminbans" method="post">
+<div class="block">
+ <h2>ADMIN: Add IP ban</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   IP Addresses are strictly matched (i.e., no ranges are allowed).
+   The reason specified is exposed to the banned user, so keep it civil.
+   Expirary time should be formatted as specified <a href="http://www.gnu.org/software/tar/manual/html_node/tar_109.html">here</a>. Most commonly you'll just
+   want '+1 day' or so.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <th><label for="ip">IP Address</label></th>
+    <td><input type="text" name="ip" class="inflat"></td>
+   </tr>
+   <tr>
+    <th><label for="reason">Reason</label></th>
+    <td><input type="text" name="reason" class="inflat"></td>
+   </tr>
+   <tr>
+    <th><label for="expirary">Expirary</label></th>
+    <td><input type="text" name="expirary" class="inflat"></td>
+   </tr>
+   <tr><td colspan="2" style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>

pages/admin.announcements.php

@@ -0,0 +1,45 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php');
+?>
+<div class="block">
+ <h2>ADMIN: Announcements and messages</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Title</th>
+   <th>View</th>
+   <th>Type</th>
+   <th>Date</th>
+  </tr>
+<?PHP
+
+ $sql = 'SELECT message_id, message_type, message_title, message_time FROM messages ORDER BY message_time';
+ 
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ $i = 0;
+ $n = 0;
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="5" style="font-style: italic; text-align: center;">';
+  echo 'There are no current announcements</td></tr>';
+ }
+  
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+?>
+  <tr<?PHP if ($i == 1) { echo ' class="odd"'; } ?>>
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo $row['message_title']; ?></td>
+   <td><a href="<?PHP echo CP_PATH; ?>viewmessage/<?PHP echo $row['message_id']; ?>">View</a></td>
+   <td><?PHP echo ucfirst($row['message_type']); ?></td>
+   <td><?PHP echo substr(gmdate('r', $row['message_time']),0,-6); ?></td>
+  </tr>
+ <?PHP
+  $i = 1 - $i;
+ }
+
+?>  
+ </table>
+</div>

pages/admin.discounts.php

@@ -0,0 +1,47 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php'); 
+?>
+<div class="block" id="log">
+ <h2>ADMIN: Discounts</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Code</th>
+   <th>Time</th>
+   <th>Money</th>
+   <th>Type</th>
+   <th>Package</th>
+   <th>Start</th>
+   <th>End</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ $n = 0;
+
+ $sql  = 'SELECT discount_id, discount_code, discount_time, discount_money, ';
+ $sql .= 'discount_type, discount_start, discount_end, package_name FROM ';
+ $sql .= 'discounts NATURAL JOIN packages ORDER BY discount_end';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+  echo '<tr class="'.(($i != 0) ? 'odd':'even').'">';
+  echo ' <td>' . $n . '.</td>';
+  echo ' <td style="font-family: monospace;">' . h($row['discount_code']) . '</td>';
+  echo ' <td>' . duration($row['discount_time']) . '</td>';
+  echo ' <td>&pound;' . ($row['discount_money'] / 100) . '</td>';
+  echo ' <td>' . ucfirst($row['discount_type']) . '</td>';
+  echo ' <td>' . h($row['package_name']) . '</td>';
+  echo ' <td' . ($row['discount_start'] > time() ? ' style="color: red"' : '') . '>';
+  echo substr(date('r', $row['discount_start']), 0, -15) . '</td>';
+  echo ' <td' . ($row['discount_end'] < time() ? ' style="color: red"' : '') . '>';
+  echo substr(date('r', $row['discount_end']), 0, -15) . '</td>';
+  echo '</tr>';
+  $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admin.domains.php

@@ -0,0 +1,50 @@
+<div class="block" id="domains">
+<h2>ADMIN: All domains</h2>
+<table class="innerblock">
+  <tr><th>&nbsp;</th><th>Domain</th><th>User</th><th>Site</th>
+  <th>DNS</th>
+  <th>Enabled?</td></tr>
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name, domain_enabled, domains.user_id, user_name FROM domains NATURAL JOIN users ORDER BY user_name, domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ $i = 0;
+ $n = 0;
+
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+  $sql2 = 'SELECT r.record_value, s.site_name, s.site_id FROM records AS r, sites AS s WHERE r.domain_id = '.$row['domain_id'].' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+  $res2 = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  if (mysql_num_rows($res2) > 0) {
+   $row2 = mysql_fetch_array($res2);
+   $asite = $row2['site_name'];
+   $asiteid = $row2['site_id'];
+  } else {
+   $asite = '';
+  }
+
+?>
+   <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+    <td><?PHP echo $n; ?>.</td>
+    <td><?PHP echo h($row['domain_name']); ?></td>
+    <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>"><?PHP echo h($row['user_name']); ?></a></td>
+    <td><?PHP if ($asite != '') { ?>
+     <a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $asiteid; ?>"><?PHP echo h($asite); ?></a>
+     </td>
+     <?PHP } else { ?>None</td><?PHP } ?><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">Error</a>
+<?PHP } else { echo 'OK'; } ?>
+     </td><td>
+     <?PHP if ($row['domain_enabled'] != '1') { ?>
+     <a href="<?PHP echo CP_PATH; ?>enabledomain/<?PHP echo $row['domain_id']; ?>">Enable</a>
+     <?PHP } else { echo 'Enabled'; } ?>
+    </td>
+   </tr>
+<?PHP
+  $i = 1 - $i;
+ }
+?>
+  </table>
+</div>

pages/admin.finances.php

@@ -0,0 +1,56 @@
+<div class="block" id="overview">
+ <h2>Overview</h2>
+ <table class="innerblock">
+  <tr>
+   <th>ID</th>
+   <th>Date</th>
+   <th>Description</th>
+   <th>User</th>
+   <th>Receipts</th>
+   <th>Payments</th>
+   <th>Balance</th>
+  </tr>
+<?PHP
+
+ function fn($n, $hl = false) {
+  $r = '&pound;'.abs(intval($n/100)).'.'.str_pad(abs($n%100),2,'0',STR_PAD_LEFT);
+  if ($n < 0) { $r = '-'.$r; }
+  if ($hl && $n < 0) {
+   $r = '<span style="color: red;">'.$r.'</span>';
+  }
+  return $r;
+ }
+
+ $sql  = 'SELECT finance_id, finance_time, finance_desc, user_name, ';
+ $sql .= 'finance_receipts, finance_payments, finance_balance FROM ';
+ $sql .= 'finances NATURAL JOIN users ORDER BY finance_time';
+ $res = mysql_query($sql) or print(mysql_error());
+ $i = 0;
+ $n = 0;
+ while ($row = mysql_fetch_assoc($res)) {
+  $i = 1 - $i;
+  $n++;
+?>
+  <tr class="<?PHP echo ($i == 1) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo date('Y-m-d', $row['finance_time']); ?></td>
+   <td><?PHP echo htmlentities($row['finance_desc']); ?></td>
+   <td>
+    <?PHP
+     if ($row['user_name'] != 'admin') {
+      echo $row['user_name'];
+     } else {
+      echo '---';
+     }
+    ?>
+   </td>
+   <td><?PHP echo fn($row['finance_receipts']); ?></td>
+   <td><?PHP echo fn($row['finance_payments']); ?></td>
+   <td><?PHP echo fn($row['finance_balance'],true); ?></td>
+  </tr>
+<?PHP
+ }
+
+?>
+ </table>
+</div>

pages/admin.invoices.php

@@ -0,0 +1,39 @@
+<?PHP
+
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only!'); }
+
+?><div class="block" id="bills">
+ <h2>ADMIN: All bills</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>User</th>
+   <th>Type</th>
+   <th>Amount</th>
+   <th>Due on</th> 
+   <th>Status</th>
+  </tr>
+<?PHP
+
+/* $sql = 'SELECT bill_id, bill_due, package_name, bill_amount, user_name, users.user_id, bill_paid FROM billing NATURAL JOIN users, packages WHERE packages.package_id = billing.package_id ORDER BY bill_due';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $status = array(2=>'Paid',1=>'DUE',0=>'Future');
+ $i = 1;
+ while ($row = mysql_fetch_array($res)) {
+  $i = 1 - $i;
+  ?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['bill_id']; ?>.</td>
+   <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>"><?PHP echo $row['user_name']; ?></a></td>
+   <td><?PHP echo $row['package_name']; ?></td>
+   <td>&pound;<?PHP echo money_format('%i',$row['bill_amount']/100); ?></td>
+   <td><?PHP echo date('r',$row['bill_due']); ?></td>
+   <td>
+    <?PHP echo $status[($row['bill_paid'])]; ?>
+   </td>
+  </tr>
+  <?PHP
+ }*/
+?> 
+ </table>
+</div>

pages/admin.ipbans.php

@@ -0,0 +1,56 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php'); 
+?>
+<div class="block" id="users">
+ <h2>ADMIN: IP Bans</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>IP</th>
+   <th>Reason</th>
+   <th>Expires in</th>
+   <th>Actions</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ $n = 0; 
+ $sql = 'SELECT ipban_id, ipban_ip, ipban_expires, ipban_message FROM ipbans';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="5" style="text-align: center; font-style: italic;">';
+  echo 'No IP bans</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo h($row['ipban_ip']); ?></td>
+   <td><?PHP echo h($row['ipban_message']); ?></td>
+<?PHP
+ if ($row['ipban_expires'] < time()) { 
+  echo '<td style="color: red;">Expired</td><td>';
+ } else {
+  echo '<td>'.duration($row['ipban_expires'] - time()).'</td>'; 
+?>
+   <td>
+    <a href="?n=<?PHP echo $row['ipban_id']; ?>">
+     Remove
+    </a> or
+<?PHP
+ }
+?>
+    <a href="?d=<?PHP echo $row['ipban_id']; ?>">Delete</a>
+   </td>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admin.menu.php

@@ -0,0 +1,29 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php');
+?>
+<div class="block" id="tickets">
+ <h2>ADMIN: Admin menu</h2>
+ <div class="innerblock doublelist">
+  <div style="float: left; width: 50%; padding: 0px;">
+   <ul>
+    <li><a href="<?PHP echo CP_PATH; ?>admintickets">Ticket management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>admininvoices">Invoice management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminbans">Ban management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>admindiscounts">Discount management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminfinances">Finances</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminlogs">Logs</a></li>
+   </ul>
+  </div>
+  <div style="margin-left: 50%;">
+   <ul>
+    <li><a href="<?PHP echo CP_PATH; ?>adminusers">User management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>admindomains">Domain management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminsites">Site management</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminannouncements">Announcements</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminreports">Reports</a></li>
+    <li><a href="<?PHP echo CP_PATH; ?>adminwiki">Wiki</a></li>
+   </ul>
+  </div>
+ </div>
+</div>

pages/admin.sites.php

@@ -0,0 +1,59 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="sites">
+ <h2>ADMIN: All Sites</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th>User</th>
+   <th>Settings</th>
+   <th>Stats</th>
+   <th>Bandwidth</th>
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ /*
+  /usr/local/apache/htdocs/bandquota - Bandwidth overing
+  /usr/local/apache/htdocs/bill      - Unpaid bill
+ */
+ 
+ $sql = 'SELECT site_id, site_name, site_bandin, site_bandout, site_docroot, site_curdocroot, user_name, sites.user_id FROM sites NATURAL JOIN users';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['site_id']; ?>.</td>
+   <td><?PHP echo $row['site_name']; ?></td>
+   <td><a href="<?PHP echo CP_PATH; ?>checkuser/<?PHP echo $row['user_id']; ?>"><?PHP echo $row['user_name']; ?></a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $row['site_id']; ?>">Settings</a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>sitestats/<?PHP echo $row['site_id']; ?>">Stats</a></td>
+   <td><?PHP echo NiceSize($row['site_bandin'] + $row['site_bandout']); ?></td>
+<?PHP
+
+ if (!is_dir($row['site_docroot'])) {
+   echo '<td class="err">Invalid docroot</td>';
+ } elseif ($row['site_docroot'] == '/usr/local/apache/htdocs/bandquota') {
+   echo '<td class="err">Disabled - bandwidth exceeded</td>';
+ } elseif ($row['site_docroot'] == '/usr/local/apache/htdocs/bill') {
+   echo '<td class="err">Disabled - unpaid bill</td>';
+ } else {
+   echo '<td>OK</td>';
+ }
+
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admin.tickets.php

@@ -0,0 +1,58 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only!'); }
+?>
+<div class="block" id="tickets">
+ <h2>ADMIN: All tickets opened in the past month</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Title</th>
+   <th>User</th>
+   <th>View</th>
+   <th>Date</th>
+   <th>Replies</th>
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT ticket_id, ticket_status, ticket_title, ticket_time, user_name, tickets.user_id FROM tickets NATURAL JOIN users WHERE ticket_thread = ticket_id AND ticket_time > '.(time() - 60*60*24*31);
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="7" style="font-style: italic; text-align: center;">No tickets opened recently</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+   $sql2 = 'SELECT COUNT(*) FROM tickets WHERE ticket_thread = '.$row['ticket_id'];
+   $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+   $num = mysql_fetch_array($res2); $num = (int)$num[0] - 1;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['ticket_id']; ?>.</td>
+   <td><?PHP echo htmlspecialchars($row['ticket_title']); ?></td>
+   <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>">
+    <?PHP echo $row['user_name']; ?></a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>viewticket/<?PHP echo $row['ticket_id']; ?>">View</a></td>
+   <td><?PHP echo substr(gmdate('r', $row['ticket_time']),0,-6); ?></td>
+   <td><?PHP echo $num; ?></td>
+<?PHP
+
+ if ($row['ticket_status'] == 'new' || $row['ticket_status'] == 'reopened') {
+   echo '<td class="err">'.ucfirst($row['ticket_status']).'</td>';
+ } else {
+   echo '<td>'.ucfirst($row['ticket_status']).'</td>';
+ }
+
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admin.userbans.php

@@ -0,0 +1,37 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php'); 
+?>
+<div class="block" id="users">
+ <h2>ADMIN: Username blocks</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Username</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ $n = 0; 
+ $sql = 'SELECT bu_id, bu_name FROM banneduser';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="2" style="text-align: center; font-style: italic;">';
+  echo 'No username blocks</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo h($row['bu_name']); ?></td>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admin.users.php

@@ -0,0 +1,53 @@
+<?PHP
+ require_once('lib/database.php');
+ require_once('lib/common.php'); 
+?>
+<div class="block" id="users">
+ <h2>ADMIN: Users</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th>E-Mail</th>
+   <th>Bandwidth</th>
+   <th>HDD</th>
+   <th>Actions</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ $n = 0;
+ 
+ $sql = 'SELECT user_id, user_name, user_email, band_used, band_total, hdd_used, hdd_total FROM users ORDER BY user_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo h($row['user_name']); ?></td>
+   <td><?PHP echo h($row['user_email']); ?></td>
+   <td><?PHP
+ $p = round(100 * $row['band_used'] / $row['band_total'],0);
+ echo '<img src="'.CP_PATH.'res/bandout.png" style="width: '.$p.'px; height: 10px;" alt="Used" title="'.$p.'% used">';
+ echo '<img src="'.CP_PATH.'res/bandfree.png" style="width: '.(100-$p).'px; height: 10px;" alt="Free" title="'.(100-$p).'% free">';
+?></td>
+   <td><?PHP
+ $p = round(100 * $row['hdd_used'] / $row['hdd_total'],0);
+ echo '<img src="'.CP_PATH.'res/bandout.png" style="width: '.$p.'px; height: 10px;" alt="Used" title="'.$p.'% used">';
+ echo '<img src="'.CP_PATH.'res/bandfree.png" style="width: '.(100-$p).'px; height: 10px;" alt="Free" title="'.(100-$p).'% free">';
+?></td>
+  <td>
+   <a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>">Check</a>
+   |
+   <a href="<?PHP echo CP_PATH.'spoofuser/'.$row['user_id']; ?>">Spoof</a>
+  </td>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/adminaddipban.php

@@ -0,0 +1,31 @@
+<?PHP if (!defined('ADMIN') || !ADMIN) { die('Admins only'); } ?>
+<form action="<?PHP echo CP_PATH; ?>bans" method="post">
+<div class="block">
+ <h2>Add IP ban</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   IP Addresses are strictly matched (i.e., no ranges are allowed).
+   The reason specified is exposed to the banned user, so keep it civil.
+   Expirary time should be formatted as specified <a href="http://www.gnu.org/software/tar/manual/html_node/tar_109.html">here</a>. Most commonly you'll just
+   want '+1 day' or so.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <th><label for="ip">IP Address</label></th>
+    <td><input type="text" name="ip" class="inflat"></td>
+   </tr>
+   <tr>
+    <th><label for="reason">Reason</label></th>
+    <td><input type="text" name="reason" class="inflat"></td>
+   </tr>
+   <tr>
+    <th><label for="expirary">Expirary</label></th>
+    <td><input type="text" name="expirary" class="inflat"></td>
+   </tr>
+   <tr><td colspan="2" style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>

pages/adminbills.php

@@ -0,0 +1,54 @@
+<?PHP
+
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only!'); }
+
+?><div class="block" id="bills">
+ <h2>ADMIN: All bills</h2>
+<!--
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick">
+<input type="hidden" name="business" value="chris87@gmail.com">
+<input type="hidden" name="item_name" value="UTD-Hosting one year slot">
+<input type="hidden" name="item_number" value="UID">
+<input type="hidden" name="amount" value="35.00">
+<input type="hidden" name="no_shipping" value="1">
+<input type="hidden" name="no_note" value="1">
+<input type="hidden" name="currency_code" value="GBP">
+<input type="hidden" name="bn" value="PP-BuyNowBF">
+<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but02.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
+</form>
+https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=chris87%40gmail%2ecom&item_name=UTD%2dHosting%20one%20year%20slot&item_number=UID&amount=35%2e00&no_shipping=1&no_note=1&currency_code=GBP&bn=PP%2dBuyNowBF&charset=UTF%2d8
+-->
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>User</th>
+   <th>Type</th>
+   <th>Amount</th>
+   <th>Due on</th> 
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $sql = 'SELECT bill_id, bill_due, package_name, bill_amount, user_name, users.user_id, bill_paid FROM billing NATURAL JOIN users, packages WHERE packages.package_id = billing.package_id ORDER BY bill_due';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $status = array(2=>'Paid',1=>'DUE',0=>'Future');
+ $i = 1;
+ while ($row = mysql_fetch_array($res)) {
+  $i = 1 - $i;
+  ?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['bill_id']; ?>.</td>
+   <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>"><?PHP echo $row['user_name']; ?></a></td>
+   <td><?PHP echo $row['package_name']; ?></td>
+   <td>&pound;<?PHP echo money_format('%i',$row['bill_amount']/100); ?></td>
+   <td><?PHP echo date('r',$row['bill_due']); ?></td>
+   <td>
+    <?PHP echo $status[($row['bill_paid'])]; ?>
+   </td>
+  </tr>
+  <?PHP
+ }
+?> 
+ </table>
+</div>

pages/adminbw.php

@@ -0,0 +1,34 @@
+<?PHP
+
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only!'); }
+
+?><div class="block" id="bills">
+ <h2>ADMIN: Live bandwidth</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>User</th>
+   <th>In</th>
+   <th>Out</th>
+   <th>Total</th> 
+  </tr>
+<?PHP
+
+ $sql = 'SELECT * FROM iptdata ORDER BY ipt_user';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $i = 1;
+ while ($row = mysql_fetch_array($res)) {
+  $i = 1 - $i;
+  ?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['ipt_id']; ?>.</td>
+   <td><?PHP echo $row['ipt_user']; ?></td>
+   <td><?PHP echo NiceSize($row['ipt_in']); ?></td>
+   <td><?PHP echo NiceSize($row['ipt_out']); ?></td>
+   <td><?PHP echo NiceSize($row['ipt_in']+$row['ipt_out']); ?></td>
+  </tr>
+  <?PHP
+ }
+?> 
+ </table>
+</div>

pages/adminculog.php

@@ -0,0 +1,47 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); }
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="log">
+ <h2>ADMIN: Control panel log</h2>
+ <table class="innerblock">
+  <tr>
+   <th>Time</th>
+   <th>Level</th>
+   <th>Message</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+
+ $sql  = 'SELECT user_id, user_name, log_level, log_time, log_message FROM log ';
+ $sql .= 'NATURAL JOIN users WHERE user_id = '.m($_GET['n']).' ORDER BY log_time DESC LIMIT 0,50';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ while ($row = mysql_fetch_array($res)) {
+  echo '<tr class="'.(($i != 0) ? 'odd':'even').'"><td>'.substr(gmdate('r',$row['log_time']),0,-6).'</td>';
+
+   switch($row['log_level']) {
+  case 'critical':
+   echo '<td style="color: red; font-weight: bold;">Critical</td>';
+   break;
+  case 'important':
+   echo '<td style="font-weight: bold;">Important</td>';
+   break;
+  case 'normal':
+  case 'unknown':
+   echo '<td>'.ucfirst($row['log_level']).'</td>';
+   break;
+  case 'info':
+   echo '<td style="color: gray">Information</td>';
+ }
+
+  echo '<td>'. $row['log_message'].'</td></tr>';
+
+  $i = 1 - $i;
+ }
+
+?>
+ </table>
+</div>
+

pages/admindiscounts.php

@@ -0,0 +1,29 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="log">
+ <h2>ADMIN: Control panel log</h2>
+ <table class="innerblock">
+  <tr>
+   <th>Time</th>
+   <th>User</th>
+   <th>Message</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+
+ $sql = 'SELECT u.user_name, l.* FROM log AS l, users AS u WHERE u.user_id = l.user_id ORDER BY l.log_time DESC LIMIT 0,20';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ while ($row = mysql_fetch_array($res)) {
+  echo '<tr class="'.(($i != 0) ? 'odd':'even').'"><td>'.gmdate('r',$row['log_time']).'</td><td><a href="'.CP_PATH.'checkuser/'.$row['user_id'].'">';
+  echo $row['user_name'].'</a></td><td>'. $row['log_message'].'</td></tr>';
+
+  $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admindomains.php

@@ -0,0 +1,54 @@
+<?PHP
+
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+
+?>
+<div class="block" id="domains">
+<h2>ADMIN: All domains</h2>
+<table class="innerblock">
+  <tr><th>&nbsp;</th><th>Domain</th><th>User</th><th>Site</th>
+  <th>DNS</th>
+  <th>Enabled?</td></tr>
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name, domain_enabled, domains.user_id, user_name FROM domains NATURAL JOIN users ORDER BY user_name, domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ $i = 0;
+
+ while ($row = mysql_fetch_array($res)) {
+  $sql2 = 'SELECT r.record_value, s.site_name, s.site_id FROM records AS r, sites AS s WHERE r.domain_id = '.$row['domain_id'].' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+  $res2 = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+  if (mysql_num_rows($res2) > 0) {
+   $row2 = mysql_fetch_array($res2);
+   $asite = $row2['site_name'];
+   $asiteid = $row2['site_id'];
+  } else {
+   $asite = '';
+  }
+
+?>
+   <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+    <td><?PHP echo h($row['domain_id']); ?></td>
+    <td><?PHP echo h($row['domain_name']); ?></td>
+    <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>"><?PHP echo h($row['user_name']); ?></a></td>
+    <td><?PHP if ($asite != '') { ?>
+     <a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $asiteid; ?>"><?PHP echo h($asite); ?></a>
+     </td>
+     <?PHP } else { ?>None</td><?PHP } ?><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">Error</a>
+<?PHP } else { echo 'OK'; } ?>
+     </td><td>
+     <?PHP if ($row['domain_enabled'] != '1') { ?>
+     <a href="<?PHP echo CP_PATH; ?>enabledomain/<?PHP echo $row['domain_id']; ?>">Enable</a>
+     <?PHP } else { echo 'Enabled'; } ?>
+    </td>
+   </tr>
+<?PHP
+  $i = 1 - $i;
+ }
+?>
+  </table>
+</div>
+</div>

pages/adminipbans.php

@@ -0,0 +1,55 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="users">
+ <h2>ADMIN: IP Bans</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>IP</th>
+   <th>Reason</th>
+   <th>Expires in</th>
+   <th>Actions</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT ipban_id, ipban_ip, ipban_expires, ipban_message FROM ipbans';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="5" style="text-align: center; font-style: italic;">';
+  echo 'No IP bans</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['ipban_id']; ?>.</td>
+   <td><?PHP echo h($row['ipban_ip']); ?></td>
+   <td><?PHP echo h($row['ipban_message']); ?></td>
+<?PHP
+ if ($row['ipban_expires'] < time()) { 
+  echo '<td style="color: red;">Expired</td><td>-</td>';
+ } else {
+  echo '<td>'.duration($row['ipban_expires'] - time()).'</td>'; 
+?>
+   <td>
+    <a href="<?PHP echo CP_PATH; ?>bans/<?PHP echo $row['ipban_id']; ?>">
+     Remove
+    </a>
+   </td>
+<?PHP
+ }
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/adminlog.php

@@ -0,0 +1,48 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); }
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="log">
+ <h2>ADMIN: Control panel log</h2>
+ <table class="innerblock">
+  <tr>
+   <th>Time</th>
+   <th>User</th>
+   <th>Level</th>
+   <th>Message</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+
+ $sql  = 'SELECT user_id, user_name, log_level, log_time, log_message FROM log ';
+ $sql .= 'NATURAL JOIN users ORDER BY log_time DESC LIMIT 0,25';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ while ($row = mysql_fetch_array($res)) {
+  echo '<tr class="'.(($i != 0) ? 'odd':'even').'"><td>'.gmdate('r',$row['log_time']).'</td><td><a href="'.CP_PATH.'checkuser/'.$row['user_id'].'">';
+  echo $row['user_name'].'</a></td>';
+  
+   switch($row['log_level']) {
+  case 'critical':
+   echo '<td style="color: red; font-weight: bold;">Critical</td>';
+   break;
+  case 'important':
+   echo '<td style="font-weight: bold;">Important</td>';
+   break;
+  case 'normal':
+  case 'unknown':
+   echo '<td>'.ucfirst($row['log_level']).'</td>';
+   break;
+  case 'info':
+   echo '<td style="color: gray">Information</td>';
+ }
+  
+  echo '<td>'. $row['log_message'].'</td></tr>';
+
+  $i = 1 - $i;
+ }
+
+?>
+ </table>
+</div>

pages/adminsites.php

@@ -0,0 +1,59 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="sites">
+ <h2>ADMIN: All Sites</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th>User</th>
+   <th>Settings</th>
+   <th>Stats</th>
+   <th>Bandwidth</th>
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ /*
+  /usr/local/apache/htdocs/bandquota - Bandwidth overing
+  /usr/local/apache/htdocs/bill      - Unpaid bill
+ */
+ 
+ $sql = 'SELECT site_id, site_name, site_bandin, site_bandout, site_docroot, site_curdocroot, user_name, sites.user_id FROM sites NATURAL JOIN users';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['site_id']; ?>.</td>
+   <td><?PHP echo $row['site_name']; ?></td>
+   <td><a href="<?PHP echo CP_PATH; ?>checkuser/<?PHP echo $row['user_id']; ?>"><?PHP echo $row['user_name']; ?></a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $row['site_id']; ?>">Settings</a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>sitestats/<?PHP echo $row['site_id']; ?>">Stats</a></td>
+   <td><?PHP echo NiceSize($row['site_bandin'] + $row['site_bandout']); ?></td>
+<?PHP
+
+ if (!is_dir($row['site_docroot'])) {
+   echo '<td class="err">Invalid docroot</td>';
+ } elseif ($row['site_docroot'] == '/usr/local/apache/htdocs/bandquota') {
+   echo '<td class="err">Disabled - bandwidth exceeded</td>';
+ } elseif ($row['site_docroot'] == '/usr/local/apache/htdocs/bill') {
+   echo '<td class="err">Disabled - unpaid bill</td>';
+ } else {
+   echo '<td>OK</td>';
+ }
+
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/admintickets.php

@@ -0,0 +1,58 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only!'); }
+?>
+<div class="block" id="tickets">
+ <h2>ADMIN: All tickets opened in the past month</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Title</th>
+   <th>User</th>
+   <th>View</th>
+   <th>Date</th>
+   <th>Replies</th>
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT ticket_id, ticket_status, ticket_title, ticket_time, user_name, tickets.user_id FROM tickets NATURAL JOIN users WHERE ticket_thread = ticket_id AND ticket_time > '.(time() - 60*60*24*31);
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="7" style="font-style: italic; text-align: center;">No tickets opened recently</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+   $sql2 = 'SELECT COUNT(*) FROM tickets WHERE ticket_thread = '.$row['ticket_id'];
+   $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+   $num = mysql_fetch_array($res2); $num = (int)$num[0] - 1;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['ticket_id']; ?>.</td>
+   <td><?PHP echo htmlspecialchars($row['ticket_title']); ?></td>
+   <td><a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>">
+    <?PHP echo $row['user_name']; ?></a></td>
+   <td><a href="<?PHP echo CP_PATH; ?>viewticket/<?PHP echo $row['ticket_id']; ?>">View</a></td>
+   <td><?PHP echo substr(gmdate('r', $row['ticket_time']),0,-6); ?></td>
+   <td><?PHP echo $num; ?></td>
+<?PHP
+
+ if ($row['ticket_status'] == 'new' || $row['ticket_status'] == 'reopened') {
+   echo '<td class="err">'.ucfirst($row['ticket_status']).'</td>';
+ } else {
+   echo '<td>'.ucfirst($row['ticket_status']).'</td>';
+ }
+
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/adminusers.php

@@ -0,0 +1,51 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+ if (!defined('ADMIN') || !ADMIN) { die('Admins only'); }
+?>
+<div class="block" id="users">
+ <h2>ADMIN: Users</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th>E-Mail</th>
+   <th>Bandwidth</th>
+   <th>HDD</th>
+   <th>Actions</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT user_id, user_name, user_email, band_used, band_total, hdd_used, hdd_total FROM users';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $row['user_id']; ?>.</td>
+   <td><?PHP echo h($row['user_name']); ?></td>
+   <td><?PHP echo h($row['user_email']); ?></td>
+   <td><?PHP
+ $p = round(100 * $row['band_used'] / $row['band_total'],0);
+ echo '<img src="'.CP_PATH.'res/bandout.png" style="width: '.$p.'px; height: 10px;" alt="Used" title="'.$p.'% used">';
+ echo '<img src="'.CP_PATH.'res/bandfree.png" style="width: '.(100-$p).'px; height: 10px;" alt="Free" title="'.(100-$p).'% free">';
+?></td>
+   <td><?PHP
+ $p = round(100 * $row['hdd_used'] / $row['hdd_total'],0);
+ echo '<img src="'.CP_PATH.'res/bandout.png" style="width: '.$p.'px; height: 10px;" alt="Used" title="'.$p.'% used">';
+ echo '<img src="'.CP_PATH.'res/bandfree.png" style="width: '.(100-$p).'px; height: 10px;" alt="Free" title="'.(100-$p).'% free">';
+?></td>
+  <td>
+   <a href="<?PHP echo CP_PATH.'checkuser/'.$row['user_id']; ?>">Check</a>
+   <a href="<?PHP echo CP_PATH.'spoofuser/'.$row['user_id']; ?>">Spoof</a>
+  </td>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/alltickets.php

@@ -0,0 +1,56 @@
+<?PHP
+ if (!defined('LIB_DATABASE')) { require_once('lib/database.php'); }
+ if (!defined('LIB_COMMON')) { require_once('lib/common.php'); } 
+?>
+<div class="block">
+ <h2>My tickets</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Title</th>
+   <th>View</th>
+   <th>Date</th>
+   <th>Replies</th>
+   <th>Status</th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ $n = 0;
+ 
+ $sql = 'SELECT ticket_id, ticket_status, ticket_title, ticket_time FROM tickets WHERE ticket_thread = ticket_id AND user_id = '.UID;
+ $res = mq($sql, __FILE__, __LINE__);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="6" style="font-style: italic; text-align: center;">No tickets opened recently</td></tr>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+   $n ++;
+   $sql2 = 'SELECT COUNT(*) FROM tickets WHERE ticket_thread = '.$row['ticket_id'];
+   $res2 = mq($sql2, __FILE__, __LINE__);
+   $num = mysql_fetch_array($res2); $num = (int)$num[0] - 1;
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo htmlspecialchars($row['ticket_title']); ?></td>
+   <td><a href="<?PHP echo CP_PATH; ?>viewticket/<?PHP echo $row['ticket_id']; ?>">View</a></td>
+   <td><?PHP echo substr(gmdate('r', $row['ticket_time']),0,-6); ?></td>
+   <td><?PHP echo $num; ?></td>
+<?PHP
+
+ if ($row['ticket_status'] == 'new' || $row['ticket_status'] == 'reopened') {
+   echo '<td class="err">'.ucfirst($row['ticket_status']).'</td>';
+ } else {
+   echo '<td>'.ucfirst($row['ticket_status']).'</td>';
+ }
+
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+</div>

pages/announcements.php

@@ -0,0 +1,48 @@
+<?PHP
+ require_once('lib/profiler.php');
+ require_once('lib/database.php');
+ require_once('lib/common.php');
+?>
+<div class="block">
+ <h2>Announcements and messages</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Title</th>
+   <th>View</th>
+   <th>Type</th>
+   <th>Date</th>
+  </tr>
+<?PHP
+
+ $sql = 'SELECT message_id, message_type, message_title, message_time FROM messages WHERE message_time > ' . strtotime('-6 months');
+ if (!defined('ADMIN')) { $sql .= ' AND message_type <> \'admin\''; }
+ $sql .= ' ORDER BY message_time LIMIT 0,5';
+ 
+ $res = mq($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ $i = 0;
+ $n = 0;
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td colspan="5" style="font-style: italic; text-align: center;">';
+  echo 'There are no current announcements</td></tr>';
+ }
+  
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+?>
+  <tr<?PHP if ($i == 1) { echo ' class="odd"'; } ?>>
+   <td><?PHP echo $n; ?>.</td>
+   <td><?PHP echo $row['message_title']; ?></td>
+   <td><a href="<?PHP echo CP_PATH; ?>viewmessage/<?PHP echo $row['message_id']; ?>">View</a></td>
+   <td><?PHP echo ucfirst($row['message_type']); ?></td>
+   <td><?PHP echo substr(gmdate('r', $row['message_time']),0,-6); ?></td>
+  </tr>
+ <?PHP
+  $i = 1 - $i;
+ }
+
+?>  
+ </table>
+</div>

pages/bandwidthgraph.php

@@ -0,0 +1,6 @@
+<div class="block">
+ <h2>Bandwidth usage graph</h2>
+ <div class="innerblock" style="text-align: center;">
+  <img src="<?PHP echo CP_PATH; ?>res/bandwidth.php" alt="Bandwidth graph">
+ </div>
+</div>

pages/bandwidthtable.php

@@ -0,0 +1,33 @@
+<div class="block">
+ <h2>Bandwidth usage</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Site</th>
+   <th>Bandwidth in</th>
+   <th>Bandwidth out</th>
+   <th>Bandwidth total</th>
+  </tr>
+<?PHP
+
+ $sql = 'SELECT site_id, site_name, site_bandin, site_bandout FROM sites WHERE user_id = '.UID.' ORDER BY (site_bandin + site_bandout) DESC';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $i = 0;
+ $n = 0;
+ while ($row = mysql_fetch_array($res)) {
+  $n++;
+
+  echo '<tr class="';
+  if ($i) { echo 'odd'; } else { echo 'even'; }
+  echo '"><td>'.$n.'.</td>';
+  echo '<td>'.$row['site_name'].'</td>';
+  echo '<td>'.NiceSize($row['site_bandin']).'</td>';
+  echo '<td>'.NiceSize($row['site_bandout']).'</td>';
+  echo '<td>'.NiceSize($row['site_bandin'] + $row['site_bandout']).'</td>';
+  echo '</tr>';
+  $i = 1 - $i;
+ }
+
+?>
+ </table>
+</div>

pages/billing.php

@@ -0,0 +1,37 @@
+<div class="block">
+ <h2>Invoices</h2>
+ <table class="innerblock">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Date issued</th>
+   <th>Date due</th>
+   <th>Value</th> 
+   <th>Paid</th>
+   <th>Actions</th>
+  </tr>
+<?PHP
+
+ $sql = 'SELECT bill_id, bill_due, bill_generated, bill_total, bill_paid FROM bills WHERE user_id = '.UID.' ORDER BY bill_due';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $i = 0;
+ if (mysql_num_rows($res) == 0) {
+  echo '<tr><td style="font-style: italic; text-align: center;" colspan="6">There are no invoices on record for your account</td></tr>';
+ }
+ while ($row = mysql_fetch_array($res)) {
+  $i++;
+  ?>
+  <tr class="<?PHP echo ($i % 2 == 1) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo $i; ?>.</td>
+   <td><?PHP echo date('r',$row['bill_generated']); ?></td>
+   <td><?PHP echo date('r',$row['bill_due']); ?></td>
+   <td>&pound;<?PHP echo money_format('%i',$row['bill_total']/100); ?></td>
+   <td><?PHP echo ($row['bill_paid'] == 0) ? 'Outstanding' : 'Paid'; ?></td>
+   <td>
+    <a href="<?PHP echo CP_PATH; ?>viewinvoice/<?PHP echo $row['bill_id']; ?>">View</a>
+   </td>
+  </tr>
+  <?PHP
+ }
+?> 
+ </table>
+</div>

pages/dbdbs.php

@@ -0,0 +1,61 @@
+<?PHP
+ require_once('lib/database.php'); 
+ require_once('lib/common.php'); 
+?>
+<div class="block">
+ <h2>MySQL databases</h2>
+<form action="<?PHP echo CP_PATH; ?>database" method="post">
+ <table class="innerblock bottomdiv">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th></th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT db_id, db_name FROM db_dbs WHERE user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><input type="checkbox" name="db<?PHP echo $row['db_id']; ?>" id="db<?PHP echo $row['db_id']; ?>"<?PHP if (isset($_POST['delete'])) { if(isset($_POST['db'.$row['db_id']])) { echo ' checked="checked"'; }; echo ' disabled="disabled"'; } ?>>
+   <td><?PHP echo $row['db_name']; ?></td>
+<?PHP if (isset($_POST['delete']) && isset($_POST['db'.$row['db_id']])) { ?>
+   <input type="hidden" name="db<?PHP echo $row['db_id']; ?>" value="delete">
+   <td style="color: red;">This database will be deleted</td>
+<?PHP } else { ?>
+    <td></td>
+<?PHP } ?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+ <div class="innerblock">
+  <p>With selected:</p>
+  <blockquote>
+<?PHP if (isset($_POST['delete']) && !isset($_POST['confirm'])) { ?>
+   <input type="hidden" name="confirm" value="confirm">
+   <input type="submit" name="delete" value="Confirm deletion">
+   <input type="submit" name="cancel" value="Cancel">
+<?PHP } else { ?>
+   <input type="submit" name="delete" id="delete" value="Delete">
+<?PHP } ?>
+  </blockquote>
+ </div>
+ </form>
+ <div class="innerblock" style="padding-top: 0px;">
+  <p>Add new database:</p>
+  <form action="<?PHP echo CP_PATH; ?>database" method="post">
+   <input type="hidden" name="action" value="adddb">
+   <blockquote>Name: <?PHP echo USER; ?>_<input type="text" name="newdb">
+    <input type="submit" value="Add">
+   </blockquote>
+  </form>  
+ </div>
+</div>

pages/dbperms.php

@@ -0,0 +1,63 @@
+<?PHP
+ require_once('lib/database.php'); 
+ require_once('lib/common.php'); 
+?>
+<div class="block">
+ <h2>Database permissions</h2>
+<form action="<?PHP echo CP_PATH; ?>database" method="post">
+ <input type="hidden" name="action" value="perms">
+ <table class="innerblock bottomdiv">
+  <tr>
+   <th>Database \ User</th>
+<?PHP
+
+ $sql = 'SELECT dbuser_id, dbuser_name FROM db_users WHERE user_id = '.UID.' ORDER BY dbuser_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $users = array();
+ while ($row = mysql_fetch_array($res)) {
+  $users[] = $row[0];
+  echo '<th>'.h(preg_replace('/^[^_]*_/','',$row[1])).'</th>';
+ }
+
+ $sql = 'SELECT db_perms.dbuser_id, db_id FROM db_perms NATURAL JOIN db_users WHERE user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $perms = array();
+ while ($row = mysql_fetch_array($res)) {
+  if (!isset($perms[($row[0])])) { $perms[($row[0])] = array(); }
+  $perms[($row[0])][($row[1])] = true;
+ }
+
+?>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql = 'SELECT db_id, db_name FROM db_dbs WHERE user_id = '.UID.' ORDER BY db_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql); 
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><?PHP echo h($row[1]); ?></td>
+<?PHP
+ foreach ($users as $uid) {
+   echo '<td><input type="checkbox" name="dbp_'.$row['db_id'].'_'.$uid.'"';
+   if (isset($perms[$uid][($row['db_id'])])) {
+    echo ' checked="checked"';
+   }
+   echo '></td>';
+ }
+?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+ <div class="innerblock">
+  <input type="submit" value="Update">
+ </div>
+ </form>
+</div>

pages/dbusers.php

@@ -0,0 +1,70 @@
+<?PHP
+ require_once('lib/database.php'); 
+ require_once('lib/common.php'); 
+?>
+<div class="block">
+<form action="<?PHP echo CP_PATH; ?>database" method="post">
+<input type="hidden" name="action" value="edituser">
+ <h2>MySQL user accounts</h2>
+ <table class="innerblock bottomdiv">
+  <tr>
+   <th>&nbsp;</th>
+   <th>Name</th>
+   <th>Host</th>
+   <th></th>
+  </tr>
+<?PHP
+
+ $i = 0;
+ 
+ $sql  = 'SELECT dbuser_id, dbuser_name FROM db_users WHERE user_id = '.UID;
+ $sql .= ' ORDER BY dbuser_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ 
+ while ($row = mysql_fetch_array($res)) {
+?>
+  <tr class="<?PHP echo ($i == 0) ? 'even' : 'odd'; ?>">
+   <td><input type="checkbox" name="user<?PHP echo $row['dbuser_id']; ?>" id="user<?PHP echo $row['dbuser_id']; ?>"<?PHP if (isset($_POST['userdelete'])) { if(isset($_POST['user'.$row['dbuser_id']])) { echo ' checked="checked"'; }; echo ' disabled="disabled"'; } ?>>
+   <td><?PHP echo $row['dbuser_name']; ?></td>
+   <td>localhost</td>
+<?PHP if (isset($_POST['userdelete']) && isset($_POST['user'.$row['dbuser_id']])) { ?>
+   <input type="hidden" name="user<?PHP echo $row['dbuser_id']; ?>" value="delete">
+   <td style="color: red;">This user will be deleted</td>
+<?PHP } else { ?>
+    <td></td>
+<?PHP } ?>
+  </tr>
+<?PHP
+   $i = 1 - $i;
+ }
+
+?>    
+ </table>
+ <div class="innerblock">
+  <p>With selected:</p>
+  <blockquote>
+<?PHP if (isset($_POST['userdelete']) && !isset($_POST['confirm'])) { ?>
+   <input type="hidden" name="confirm" value="confirm">
+   <input type="submit" name="userdelete" value="Confirm deletion">
+   <input type="submit" name="cancel" value="Cancel">
+<?PHP } else { ?>
+   <input type="submit" name="userdelete" value="Delete"><!--<span style="margin: 0px 20px;">or</span>
+   <input type="password" name="pass"><input type="submit" name="cpass" value="Change password">-->
+<?PHP } ?>
+  </blockquote>
+ </div>
+ </form>
+ <div class="innerblock" style="margin-top: 0px; padding-top: 0px;">
+ <form action="<?PHP echo CP_PATH; ?>database" method="post">
+  <input type="hidden" name="action" value="adduser">
+  <p>Add new user:</p>
+  <blockquote>
+  <label for="dbuser">Username:</label>
+  <?PHP echo USER; ?>_<input type="text" name="dbuser">
+  <label for="dbpass">Password:</label>
+  <input type="password" name="dbpass">
+  <input type="submit" value="Add">
+  </blockquote>
+ </form>
+ </div>
+</div>

pages/discount.php

@@ -0,0 +1,24 @@
+<div class="block">
+ <h2>Use discount code</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   Please enter the full discount code below. 
+  </p>
+  <form name="discount" action="<?PHP echo CP_PATH; ?>discount" method="post">
+   <table class="form leftpad">
+    <tr>
+     <th><label for="code">Code</label></th>
+     <td><input class="inflat" type="text" name="code" id="code"></td>
+    </tr>
+    <tr>
+     <td colspan="2" style="text-align: right;">
+      <input type="submit" value="Use discount code">
+     </td>
+     <td style="width: 100%;">
+      &nbsp;
+     </td>
+    </tr>
+   </table>
+  </form>
+ </div>
+</div>

pages/domains.adddomain.php

@@ -0,0 +1,21 @@
+<form name="md" action="<?PHP echo CP_PATH; ?>domains" method="post" onSubmit="return validateDomainForm();">
+<input type="hidden" name="action" value="add">
+<div class="block">
+ <h2>Add a new domain</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   Before you can use a new domain, a UTD-Hosting staff member will have to confirm that the
+   domain belongs to you.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <td><input type="text" name="domain" id="domain" class="inflat" style="width: 120px;"></td>
+    <td style="width:100%;"><span id="domainerr" class="validation"></span></td>
+   </tr>
+   <tr><td style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>

pages/domains.addsubdomain.php

@@ -0,0 +1,43 @@
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name FROM domains WHERE domain_enabled = 1 AND user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) > 0) {
+?>
+<form name="submd" action="<?PHP echo CP_PATH; ?>domains" method="post" onSubmit="return validateSubdomainForm();">
+<input type="hidden" name="action" value="addsub">
+<div class="block">
+ <h2>Add a new subdomain</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   You can add a new subdomain to any of your existing domains. Subdomains
+   are added instantly, and you can use them right away. You will need to
+   make sure that the subdomain resolves to the correct IP address.
+  </p>
+  <table class="form leftpad">
+   <tr>
+    <td><input type="text" name="subdomain" id="subdomain" class="inflat" style="width: 120px;"></td>
+    <td style="width: 10px;">.</td>
+    <td>
+     <select name="subdomaind" id="subdomaind" class="inflat">
+<?PHP
+
+ while ($row = mysql_fetch_array($res)) { 
+  if (strpos($row['domain_name'],'*')) { continue; }
+  echo '<option value="'.$row['domain_id'].'">'.$row['domain_name'].'</option>';
+ }
+
+?>
+     </select>
+    </td>
+    <td style="width:100%;"><span id="subdomainerr" class="validation"></span></td>
+   </tr>
+   <tr><td colspan="3" style="text-align: right;">
+    <input type="submit" value="Add">
+   </td></tr>
+  </table>
+ </div>
+</div>
+</form>
+<?PHP } ?>

pages/domains.list.php

@@ -0,0 +1,74 @@
+<div class="block">
+<h2>Domains</h2>
+<div class="innerblock">
+  <p class="blurb">
+   A domain may not be deleted while it is associated with a site.
+  </p>
+  <table class="form">
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name, domain_parent FROM domains WHERE domain_enabled = 1 AND user_id = '.UID.' ORDER BY domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<p>You do not have any domains associated with your account.</p>';
+ }
+
+ $doms = array();
+ 
+ while ($row = mysql_fetch_array($res)) {
+  if (!isset($doms[$row['domain_parent']])) {
+   $doms[$row['domain_parent']] = array();
+  }
+  $doms[$row['domain_parent']][] = $row;
+ }
+
+ foreach ($doms[0] as $row) {
+  doDomain($row);
+ }
+
+ function doDomain($row, $indent = 0) {
+  global $doms;
+
+  $sql2 = 'SELECT r.record_value, s.site_name, s.site_id FROM records AS r, sites AS s WHERE r.domain_id = '.$row['domain_id'].' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  if (mysql_num_rows($res2) > 0) {
+   $row2 = mysql_fetch_array($res2);
+   $asite = $row2['site_name'];
+   $asiteid = $row2['site_id'];
+  } else {
+   $asite = '';
+  }
+
+  $name = h($row['domain_name']);
+?>
+   <tr>
+    <td<?PHP echo $indent == 0 ? ' style="font-weight: bold;"' : ''; ?>>
+     <?PHP echo str_repeat('&gt; ', $indent).$name; ?>
+    </td>
+    <td><?PHP if ($asite != '') { ?>
+     Associated with <a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $asiteid; ?>"><?PHP echo h($asite); ?></a>.
+     </td><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">DNS Error</a>
+<?PHP } ?>
+     <?PHP } else { ?>Not associated with any site.</td><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">DNS Error</a>
+<?PHP } ?>
+     </td><td>
+     <form action="<?PHP echo CP_PATH; ?>domains" method="post"><input type="hidden" name="action" value="deldom"><input type="hidden" name="domain" value="<?PHP echo $row['domain_id']; ?>"><input type="submit" value="Delete"></form><?PHP } ?>
+    </td>
+   </tr>
+<?PHP
+  if (isset($doms[$row['domain_id']])) {
+   foreach ($doms[$row['domain_id']] as $nrow) {
+    doDomain($nrow, $indent + 1);
+   }
+  }
+ }
+
+?>
+  </table>
+</div>
+</div>

pages/domains.php

@@ -0,0 +1,50 @@
+<div class="block">
+<h2>Domains</h2>
+<div class="innerblock">
+  <p class="blurb">
+   A domain may not be deleted while it is associated with a site.
+  </p>
+  <table class="form">
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name FROM domains WHERE domain_enabled = 1 AND user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ if (mysql_num_rows($res) == 0) {
+  echo '<p>You do not have any domains associated with your account.</p>';
+ }
+ 
+ while ($row = mysql_fetch_array($res)) {
+  $sql2 = 'SELECT r.record_value, s.site_name, s.site_id FROM records AS r, sites AS s WHERE r.domain_id = '.$row['domain_id'].' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  if (mysql_num_rows($res2) > 0) {
+   $row2 = mysql_fetch_array($res2);
+   $asite = $row2['site_name'];
+   $asiteid = $row2['site_id'];
+  } else {
+   $asite = '';
+  }
+
+?>
+   <tr>
+    <td><?PHP echo h($row['domain_name']); ?></td>
+    <td><?PHP if ($asite != '') { ?>
+     Associated with <a href="<?PHP echo CP_PATH; ?>editsite/<?PHP echo $asiteid; ?>"><?PHP echo h($asite); ?></a>.
+     </td><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">DNS Error</a>
+<?PHP } ?>
+     <?PHP } else { ?>Not associated with any site.</td><td>
+<?PHP if (gethostbyname($row['domain_name']) != '63.246.141.80') { ?>
+      <a href="<?PHP echo CP_PATH; ?>support/017" style="color: red;">DNS Error</a>
+<?PHP } ?>
+     </td><td>
+     <form action="<?PHP echo CP_PATH; ?>domains" method="post"><input type="hidden" name="action" value="deldom"><input type="hidden" name="domain" value="<?PHP echo $row['domain_id']; ?>"><input type="submit" value="Delete"></form><?PHP } ?>
+    </td>
+   </tr>
+<?PHP
+ }
+?>
+  </table>
+</div>
+</div>

pages/editpref.php

@@ -0,0 +1,64 @@
+<div class="block">
+ <h2>Edit preference</h2>
+<?PHP
+ if ($_GET['n'] != 2) {
+ $sql  = 'SELECT '.$fields[($_GET['n'])].' FROM users NATURAL JOIN userdetails';
+ $sql .= ' WHERE user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $row = mysql_fetch_array($res);
+
+?>
+ <div class="innerblock">
+  <p>
+   Please enter your <?PHP echo $prefs[($_GET['n'])]; ?>.
+  </p>
+  <form action="<?PHP echo CP_PATH; ?>editpref/<?PHP echo $_GET['n']; ?>" method="post">
+   <input type="text" name="value" value="<?PHP echo htmlentities($row[0]); ?>">
+   <input type="submit" value="Submit">
+ </form>
+  <p>Please be aware that providing false information may lead to termination
+   of your UTD-Hosting account.</p>
+ </div>
+<?PHP } else { 
+ $sql  = 'SELECT mail_announce, mail_tickets, mail_warning, mail_over FROM ';
+ $sql .= 'users WHERE user_id = '.UID;
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+ $row = mysql_fetch_array($res);
+?>
+ <div class="innerblock">
+  <p>Please select your mailing preferences</p>
+  <form action="<?PHP echo CP_PATH; ?>editpref/2" method="post">
+  <input type="hidden" name="mail" value="tr00">
+  <table class="form">
+   <tr>
+    <td><input type="checkbox" name="mail_announce"<?PHP if ($row['mail_announce']) { echo ' checked="checked"'; } ?>></td>
+    <td>Announcements</td>
+    <td>Low volume announcements about UTD-Hosting</td>
+   </tr>
+   <tr>
+    <td><input type="checkbox" name="mail_tickets"<?PHP if ($row['mail_tickets']) { echo ' checked="checked"'; } ?>></td>
+    <td>Tickets</td>
+    <td>Notification of replies to your tickets</td>
+   </tr>
+   <tr>
+    <td><input type="checkbox" name="mail_warning"<?PHP if ($row['mail_warning']) { echo ' checked="checked"'; } ?>></td>
+    <td>Warnings</td>
+    <td>Automatic warning when you near your HDD or BW limit</td>
+   </tr>
+   <tr>
+    <td><input type="checkbox" name="mail_over"<?PHP if ($row['mail_over']) { echo ' checked="checked"'; } ?></td>
+    <td>Overrings</td>
+    <td>Automatic message when you exceed your HDD or BW limit</td>
+   </tr>
+   <tr>
+    <td></td>
+    <td>
+     <input type="submit" value="Update">
+    </td>
+   </tr>
+  </table>
+  <p>Note that Warnings and Overrings are currently not implemented. This
+  functionality will be added at a future time.</p>
+ </div>
+<?PHP } ?>
+</div>

pages/editsite.domains.php

@@ -0,0 +1,62 @@
+<div class="block">
+ <h2>Domain associations</h2>
+ <div class="innerblock">
+  <p class="blurb">
+   To view this website, you must associate it with at least one domain name.
+   You will then be able to view the site simply by typing the domain name
+   in your browser.
+  </p>
+  <form action="<?PHP echo CP_PATH; ?>editsite" method="POST">
+  <input type="hidden" name="task" value="domains">
+  <input type="hidden" name="site" value="<?PHP echo SITE_ID; ?>">
+  <table class="form">
+<?PHP
+
+ $sql = 'SELECT domain_id, domain_name, domain_parent FROM domains WHERE domain_enabled = 1 AND user_id = '.SUID.' ORDER BY domain_name';
+ $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
+
+ $doms = array();
+
+ while ($row = mysql_fetch_array($res)) {
+  $doms[$row['domain_parent']][] = $row;
+ }
+
+ foreach ($doms[0] as $row) {
+  doDomain($row);
+ }
+
+ function doDomain($row, $indent = 0) {
+  $sql2 = 'SELECT r.record_value, s.site_name FROM records AS r, sites AS s WHERE r.domain_id = '.$row['domain_id'].' AND r.record_type = \'UTD\' AND s.site_id = r.record_value';
+  $res2 = mysql_query($sql2) or mf(__FILE__, __LINE__, $sql2);
+  if (mysql_num_rows($res2) > 0) {
+   $row2 = mysql_fetch_array($res2);
+   $asite = $row2['site_name'];
+  } else {
+   $asite = '';
+  }
+
+?>
+   <tr>
+    <td><input type="checkbox" id="domain<?PHP echo $row['domain_id']; ?>" name="domain<?PHP echo $row['domain_id']; ?>"<?PHP if ($asite == SITE_NAME) { echo " checked=\"checked\""; } elseif ($asite != '') { echo " disabled=\"disabled\""; } ?>></td>
+    <td<?PHP echo $indent == 0 ? ' style="font-weight: bold;"' : ''; ?>>
+     <?PHP echo str_repeat('&gt; ', $indent).h($row['domain_name']); ?>
+    </td>
+    <td><?PHP if ($asite != '' && $asite != SITE_NAME) { ?>
+     Already associated with <?PHP echo h($asite); ?>.
+     <?PHP } ?>
+    </td>
+   </tr>
+<?PHP
+  global $doms;
+  if (isset($doms[$row['domain_id']])) {
+   foreach ($doms[$row['domain_id']] as $nrow) {
+    doDomain($nrow, $indent+1);
+   }
+  }
+ }
+?>
+   <tr><td colspan="2" style="text-align: right"><input type="submit" value="Save"></td></tr>
+  </table>
+  </form>
+ </div>
+</div>

pages/editsite.errors.php

@@ -0,0 +1,36 @@
+<div class="block">
+ <h2>Recent errors</h2>
+ <table class="innerblock">
+  <tr>
+   <th>Time</th>
+   <th>Type</th>
+   <th>Client</th>
+   <th>Message</th>
+  </tr>
+<?PHP
+ $file = '/usr/local/apache/logs/'.str_pad(SITE_ID,3,'0',STR_PAD_LEFT).'-error_log';
+ if (file_exists($file) && ($size = filesize($file)) > 0) {
+  $fh = fopen($file,'r');
+  if ($size < 1024*50) { $size = 1024*50; }
+  fseek($fh, $size - 1024*50);
+  $lines = array();
+  while (!feof($fh)) {
+   $lines[] = fgets($fh);
+  } 
+  array_shift($lines); // Could be incomplete
+  $lines = array_reverse($lines);
+  $lines = array_slice($lines, 0, 10);
+  $i = 0;
+  foreach ($lines as $line) {
+   if (preg_match('/^\[(.*?)\] \[(.*?)\]( \[client (.*?)\])? (.*)$/', $line, $matches)) {
+    echo '<tr'.(($i == 1)?' class="odd"':'').'><td>'.$matches[1].'</td><td>'.$matches[2].'</td><td>'.$matches[4].'</td><td>'.$matches[5].'</td></tr>';
+    $i = 1 - $i;
+   }
+  }
+  fclose($fh);
+ } else {
+  echo '<tr><td colspan="4" style="font-style: italic; text-align: center;">No errors</td></tr>';
+ }
+?>
+ </table>
+</div>

pages/editsite.overview.php

@@ -0,0 +1,13 @@
+<div class="block">
+ <h2>General settings and information</h2>
+ <table class="innerblock righthead">
+  <tr>
+   <th>Site name</th>
+   <td><?PHP echo h(SITE_NAME); ?></td>
+  </tr>
+  <tr>
+   <th>Document root</th>
+   <td><?PHP echo h(substr(SITE_DOCROOT,strlen('/home/'.SUSER))); ?></td>
+  </tr>
+ </table>
+</div>