Add TOS agree checkbox

inc/header.php

@@ -21,6 +21,8 @@
                     ?>
                     <span style="color: blue; font-weight: 400;">| via CJDNS</span>
                     <?php
+                } else {
+                    $clearnet = true;
                 }
                 ?></span></a>
     </div>

purchase.php

@@ -1,6 +1,5 @@
 <?php
 require_once __DIR__ . "/settings.php";
-require_once __DIR__ . "/database.php";
 $plan = $_GET['plan'];
 if (!isset(PLANS[$plan])) {
     header("Location: /#pricing");
@@ -27,18 +26,38 @@ include __DIR__ . '/inc/piwik.php';
             <div class="content">
                 <p>Purchase a month of service.  If you are a new user, enter a username, password, and email to register with.  If you are an existing user, enter your login username and password, check the renewal box, and enter a valid email address.</p>
                 <?php
-                if ($_GET["err"] == "renewinvaliduser") {
-                    echo "<div><b>You have selected the renew option, but the username you gave does not exist.</b></div>";
-                } else if ($_GET['err'] == "usernameinvalid") {
-                    echo "<div><b>That username is not available.  Please choose another.</b></div>";
-                } else if ($_GET['err'] == "renewpasswrong") {
-                    echo "<div><b>The password is incorrect.</b></div>";
-                } else if ($_GET['err'] == "bademail") {
-                    echo "<div><b>The email address is not in a valid format.  Try again.</b></div>";
-                } else if ($_GET['err'] == "shortpassword") {
-                    echo "<div><b>Your password is too short.  It needs to be at least 8 characters long.</b></div>";
-                } else if ($_GET['err'] == "commonpassword") {
-                    echo "<div><b>Your chosen password is in a <a href=\"https://github.com/danielmiessler/SecLists/tree/master/Passwords\">public list</a> of 1,000,000 common passwords, and is therefore insecure.  Choose a better one.</b></div>";
+                $err = "";
+                switch ($_GET['err']) {
+                    case "renewinvaliduser":
+                        $err = "You have selected the renew option, but the username you gave does not exist.";
+                        break;
+                    case "usernameinvalid":
+                        $err = "That username is not available.  Please choose another.";
+                        break;
+                    case "renewpasswrong":
+                        $err = "The password is incorrect.";
+                        break;
+                    case "bademail":
+                        $err = "The email address is not in a valid format.  Try again.";
+                        break;
+                    case "shortpassword":
+                        $err = "Your password is too short.  It needs to be at least 8 characters long.";
+                        break;
+                    case "commonpassword":
+                        $err = "Your chosen password is in a <a href=\"https://github.com/danielmiessler/SecLists/tree/master/Passwords\">public list</a> of 1,000,000 common passwords, and is therefore insecure.  Choose a better one.";
+                        break;
+                    case "acceptterms":
+                        $err = "You need to accept the terms of service.";
+                        break;
+                    case "":
+                        $err = "";
+                        break;
+                    default:
+                        $err = "An unknown error occurred.  Try again, and if the issue persists, <a href=\"https://support.netsyms.com/index.php?a=add&category=9\">open a support ticket</a>.";
+                        break;
+                }
+                if ($err !== "") {
+                    echo "<div style=\"margin-bottom: 10px;\"><b style=\"color: #a93226;\">$err</b></div>";
                 }
                 ?>
                 <form action="purchase2.php" method="POST">
@@ -54,13 +73,14 @@ include __DIR__ . '/inc/piwik.php';
                     <input type="checkbox" name="renewing" id="renewing" value="1" /> <label for="renewing">This is a renewal</label>
                     <br />
                     <input type="hidden" name="plan" value="<?php echo $plan; ?>" />
-                    <p>By pressing the Next button, you agree to <a href="terms.php" target="_BLANK">these terms</a>.
-                        <br />
-                        <?php if ($plan != "free" && $clearnet == false) { ?>
+                    <br />
+                    <input type="checkbox" name="agree_tos" id="agree_tos" value="1" /> <label for="agree_tos">I agree to the <a href="terms.php" target="_BLANK">terms of service (click to read in new tab)</a></label>
+                    <br />
+                    <?php if ($plan != "free" && $clearnet == false) { ?>
                         Note: The next page needs to load third-party clearnet code from Stripe to process your payment.  If you don't want that, email dsm@netsyms.com and mention your preferred methods.
                         <br />
-                        <?php } ?>
-                        <button type="submit">Next</button>
+                    <?php } ?>
+                    <button type="submit">Next</button>
                 </form>
             </div>
         </div>

purchase2.php

@@ -19,6 +19,11 @@ if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
     die("Invalid email address.");
 }
 
+if ($_POST['agree_tos'] !== '1') {
+    header("Location: purchase.php?plan=" . $plan . "&err=acceptterms");
+    die("You need to accept the terms of service first.");
+}
+
 $renewing = (isset($_POST["renewing"]) && $_POST["renewing"] == "1");
 if ($renewing && !$userexists) {
     header("Location: purchase.php?plan=" . $plan . "&err=renewinvaliduser");