You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

111 lines
4.2 KiB
PHP

<?php
require_once __DIR__ . "/settings.php";
require_once __DIR__ . "/database.php";
session_start();
$plan = $_POST['plan'];
if (!isset(PLANS[$plan])) {
header("Location: /#pricing");
die("Invalid plan chosen.");
}
$nouser = true;
$userexists = false;
if (isset($_POST["username"])) {
$nousername = false;
$userexists = $database->has("oc_users", ["uid" => $_POST["username"]]) === TRUE;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
header("Location: purchase.php?plan=" . $plan . "&err=bademail");
die("Invalid email address.");
}
if ($_POST['agree_tos'] !== '1') {
header("Location: purchase.php?plan=" . $plan . "&err=acceptterms");
die("You need to accept the terms of service first.");
}
$renewing = (isset($_POST["renewing"]) && $_POST["renewing"] == "1");
if ($renewing && !$userexists) {
header("Location: purchase.php?plan=" . $plan . "&err=renewinvaliduser");
die("Username doesn't exist.");
} else if (!$renewing && $userexists) {
header("Location: purchase.php?plan=" . $plan . "&err=usernameinvalid");
die("Invalid username.");
}
if ($renewing) {
$hash = $database->get("oc_users", "password", ["uid" => $_POST['username']]);
$hash = explode("|", $hash, 2)[1];
if (!password_verify($_POST["password"], $hash)) {
header("Location: purchase.php?plan=" . $plan . "&err=renewpasswrong");
die("Password incorrect.");
}
} else {
if (strlen($_POST["password"]) < 8) {
header("Location: purchase.php?plan=" . $plan . "&err=shortpassword");
die("Short password.");
}
$passwordFile = '/var/www/nextcloud/apps/password_policy/lists/list-' . strlen($_POST['password']) . '.php';
if (file_exists($passwordFile)) {
$commonPasswords = require_once $passwordFile;
if (isset($commonPasswords[strtolower($_POST['password'])])) {
header("Location: purchase.php?plan=" . $plan . "&err=commonpassword");
die("Password too common.");
}
}
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['renewing'] = $renewing;
?>
<!DOCTYPE HTML>
<title><?php echo SITE_TITLE; ?></title>
<?php
include __DIR__ . '/inc/meta.php';
include __DIR__ . '/inc/piwik.php';
?>
<!-- Wrapper -->
<div id="wrapper">
<?php include __DIR__ . "/inc/header.php"; ?>
<!-- Section -->
<section id="one" class="main alt">
<header class="accent1">
<h1>Purchase</h1>
</header>
<div class="inner alt">
<div class="content">
<form action="purchase3.php" method="POST">
<?php if (PLANS[$plan]["monthly"] == 0) { ?>
Usually this is where we would take your money<!-- but somebody forgot about the free plan until after coding this thing and he is also lazy -->...
<br />
<button type="submit" class="button">Continue</button>
<?php } else { ?>
Click the button to pay:<br />
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="<?php echo STRIPE_PK; ?>"
data-amount="<?php echo PLANS[$plan]["monthly"] * 100; ?>"
data-name="Don't Sell.Me"
data-description="<?php echo PLANS[$plan]["name"]; ?> plan, 1 month"
data-email="<?php echo $_POST['email']; ?>"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-label="Pay with Card"
data-allow-remember-me="false">
</script>
<?php } ?>
<input type="hidden" name="plan" value="<?php echo $plan; ?>" />
<input type="hidden" name="email" value="<?php echo $_POST['email']; ?>" />
</form>
</div>
</div>
</section>
<?php include __DIR__ . "/inc/footer.php"; ?>
</div>
<?php include __DIR__ . "/inc/scripts.php"; ?>