Adding TOS and Privacy Policy consent verbiage and TOS version tracking

OAuthModule.php

@@ -556,6 +556,10 @@ public function renderRegistrationForm($full = false, $action = null, $errors =
 			<p>Sign in using your existing account with <b><?php echo UserTools::escape($this->serviceName)?></b>.</p>
 		<?php
 		}
+
+		if (!is_null(UserConfig::$currentTOSVersion) && is_callable(UserConfig::$onRenderTOSLinks)) {
+			call_user_func(UserConfig::$onRenderTOSLinks);
+		}
 		?>
 		<form action="<?php echo $action?>" method="POST">
 		<input type="hidden" name="register" value="register"/>

User.php

@@ -619,8 +619,8 @@ public static function createNewGoogleFriendConnectUser($name, $googleid, $userp
 
 		$user = null;
 
-		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (name, regmodule) VALUES (?, 'google' )")) {
-			if (!$stmt->bind_param('s', $name)) {
+		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (name, regmodule, tos_version) VALUES (?, 'google', ?)")) {
+			if (!$stmt->bind_param('si', $name, UserConfig::$currentTOSVersion)) {
 				throw new DBBindParamException($db, $stmt);
 			}
 			if (!$stmt->execute()) {
@@ -679,8 +679,8 @@ public static function createNewFacebookUser($name, $fb_id, $me = null) {
 
 		$user = null;
 
-		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (name, regmodule, email, fb_id) VALUES (?, 'facebook', ?, ?)")) {
-			if (!$stmt->bind_param('ssi', $name, $email, $fb_id)) {
+		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (name, regmodule, tos_version, email, fb_id) VALUES (?, 'facebook', ?, ?, ?)")) {
+			if (!$stmt->bind_param('sisi', $name, UserConfig::$currentTOSVersion, $email, $fb_id)) {
 				throw new DBBindParamException($db, $stmt);
 			}
 			if (!$stmt->execute()) {
@@ -732,8 +732,8 @@ public static function createNewWithoutCredentials($module, $name, $email = null
 			$email = null;
 		}
 
-		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . 'users (name, email, regmodule) VALUES (?, ?, ?)')) {
-			if (!$stmt->bind_param('sss', $name, $email, $module_id)) {
+		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . 'users (name, email, regmodule, tos_version) VALUES (?, ?, ?, ?)')) {
+			if (!$stmt->bind_param('sss', $name, $email, $module_id, UserConfig::$currentTOSVersion)) {
 				throw new DBBindParamException($db, $stmt);
 			}
 			if (!$stmt->execute()) {
@@ -780,8 +780,8 @@ public static function createNew($name, $username, $email, $password) {
 		;
 		$pass = sha1($salt . $password);
 
-		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (regmodule, name, username, email, pass, salt) VALUES ('userpass', ?, ?, ?, ?, ?)")) {
-			if (!$stmt->bind_param('sssss', $name, $username, $email, $pass, $salt)) {
+		if ($stmt = $db->prepare('INSERT INTO ' . UserConfig::$mysql_prefix . "users (regmodule, tos_version, name, username, email, pass, salt) VALUES ('userpass', ?, ?, ?, ?, ?, ?)")) {
+			if (!$stmt->bind_param('isssss', UserConfig::$currentTOSVersion, $name, $username, $email, $pass, $salt)) {
 				throw new DBBindParamException($db, $stmt);
 			}
 			if (!$stmt->execute()) {

dbupgrade.php

@@ -21,6 +21,17 @@
 $versions[_]['down'][]	= "";
 */
 
+/* -------------------------------------------------------------------------------------------------------
+ * VERSION 23
+ * Tracking terms of service
+*/
+$versions[23]['up'][] = "ALTER TABLE `".UserConfig::$mysql_prefix."users`
+	ADD tos_version INT NULL
+	COMMENT  'Version of Terms Of Service User consented to when signed up'
+	AFTER regmodule";
+$versions[23]['down'][]	= "ALTER TABLE `".UserConfig::$mysql_prefix."users`
+	DROP tos_version";
+
 /* -------------------------------------------------------------------------------------------------------
  * VERSION 22
  * Adding email invitations for users

default_config.php

@@ -451,6 +451,34 @@ class UserConfig
 	 */
 	public static $invitationRequiredMessage = 'Please enter your invitation code';
 
+	/**
+	 * @var string URL of Terms of Service Document
+	 */
+	public static $termsOfServiceURL;
+
+	/**
+	 * @var string Absolute URL of Terms of Service Document (used in emails and such)
+	 */
+	public static $termsOfServiceFullURL;
+
+	/**
+	 * @var string URL of Privacy Policy Document
+	 */
+	public static $privacyPolicyURL;
+
+	/**
+	 * @var string Absolute URL of Privacy Policy Document (used in emails and such)
+	 */
+	public static $privacyPolicyFullURL;
+
+	/**
+	 * Version of the Terms Of Service Document users consent to when signing up,
+	 * increment it when you change TOS document contents
+	 *
+	 * @var int
+	 */
+	public static $currentTOSVersion;
+
 
 	/**************************************************************************
 	 *
@@ -582,6 +610,11 @@ class UserConfig
 	 */
 	public static $onLoginStripLinks = null;
 
+	/**
+	 * @var callable Hook for rendering Terms of Service and Privacy Policy verbiage on signup forms
+	 */
+	public static $onRenderTOSLinks = 'UserConfig::renderTOSLinks';
+
 
 	/**************************************************************************
 	 *
@@ -633,6 +666,15 @@ public static function setDB($db)
 		self::$db = $db;
 	}
 
+	/**
+	 * Default handler for UserConfig::$onRenderTOSLinks hook
+	 */
+	public static function renderTOSLinks()
+	{
+		?><p style="font-size: smaller">By signing up you agree to our <a target="_blank" href="<?php echo UserConfig::$termsOfServiceURL ?>">Terms of Service</a>
+					and that you have read our <a target="_blank" href="<?php echo UserConfig::$privacyPolicyURL ?>">Privacy Policy</a>.</p><?php
+	}
+
 	/**
 	 * Default handler for UserConfig::$onRenderUserInvitationAction hook
 	 *
@@ -768,6 +810,12 @@ public static function init()
 		UserConfig::$DEFAULTUPDATEPASSWORDRETURN = UserConfig::$SITEROOTURL;
 		UserConfig::$DEFAULT_EMAIL_VERIFIED_RETURN = UserConfig::$SITEROOTURL;
 
+		// Default locations for terms of service and privacy policy documents
+		UserConfig::$termsOfServiceURL = UserConfig::$SITEROOTURL . 'terms_of_service.php';
+		UserConfig::$termsOfServiceFullURL = UserConfig::$SITEROOTFULLURL . 'terms_of_service.php';
+		UserConfig::$privacyPolicyURL = UserConfig::$SITEROOTURL . 'privacy_policy.php';
+		UserConfig::$privacyPolicyFullURL = UserConfig::$SITEROOTFULLURL . 'privacy_policy.php';
+
 		if (array_key_exists('HTTP_HOST', $_SERVER))
 		{
 			$host = $_SERVER['HTTP_HOST'];

modules/email/index.php

@@ -133,6 +133,11 @@ public function renderRegistrationForm($full = false, $action = null, $errors =
 		<ul>
 		<li><label for="startupapi-email-register-name">Name</label><input id="startupapi-email-register-name" name="name" type="test" size="40" value="<?php echo array_key_exists('name', $data) ? UserTools::escape($data['name']) : ''?>"/><?php echo array_key_exists('name', $errors) ? ' <abbr title="'.UserTools::escape(implode("\n", $errors['name'])).'">*</abbr>' : ''?></li>
 		<li><label for="startupapi-email-signup-email">Email</label><input id="startupapi-email-signup-email" name="email" type="text" size="40"/><?php echo array_key_exists('email', $errors) ? ' <abbr title="'.UserTools::escape(implode("\n", $errors['email'])).'">*</abbr>' : ''?></li>
+		<li><?php
+		if (!is_null(UserConfig::$currentTOSVersion) && is_callable(UserConfig::$onRenderTOSLinks)) {
+			call_user_func(UserConfig::$onRenderTOSLinks);
+		}
+		?></li>
 		<li><button id="startupapi-email-signup-button" type="submit" name="register">Sign up</button> <a href="<?php echo UserConfig::$USERSROOTURL?>/login.php">or re-send login link</a></li>
 		</ul>
 		</fieldset>

modules/facebook/index.php

@@ -272,6 +272,11 @@ private function renderForm($action, $form)
 		<input type="hidden" name="<?php echo $formsubmit ?>" value="Connect &gt;&gt;&gt;"/>
 		<?php UserTools::renderCSRFNonce(); ?>
 		</form>
+		<?php
+		if ($form == 'register' && !is_null(UserConfig::$currentTOSVersion) && is_callable(UserConfig::$onRenderTOSLinks)) {
+			call_user_func(UserConfig::$onRenderTOSLinks);
+		}
+		?>
 		<a class="startupapi-fb-connect" href="#" onclick="UserBaseFBConnectButtonClicked(); return false;"><span style="background-image: url(<?php echo UserConfig::$USERSROOTURL ?>/modules/facebook/facebook-sprite.png); <?php echo $buttonspritestyle ?> display: block; cursor: hand; margin-top: 0.3em" title="<?php echo $buttontitle ?>"></span></a>
 
 		<script>

modules/usernamepass/index.php

@@ -158,6 +158,11 @@ public function renderRegistrationForm($full = false, $action = null, $errors =
 		<li><label for="startupapi-usernamepass-register-passrepeat">Repeat password</label><input id="startupapi-usernamepass-register-passrepeat" name="repeatpass" type="password" size="25" autocomplete="off"/><?php echo array_key_exists('repeatpass', $errors) ? ' <abbr title="'.UserTools::escape(implode("\n", $errors['repeatpass'])).'">*</abbr>' : ''?></li>
 		<li><label for="startupapi-usernamepass-register-name">Name</label><input id="startupapi-usernamepass-register-name" name="name" type="test" size="25" value="<?php echo array_key_exists('name', $data) ? UserTools::escape($data['name']) : ''?>"/><?php echo array_key_exists('name', $errors) ? ' <abbr title="'.UserTools::escape(implode("\n", $errors['name'])).'">*</abbr>' : ''?></li>
 		<li><label for="startupapi-usernamepass-register-email">E-mail</label><input id="startupapi-usernamepass-register-email" name="email" type="email" size="25" value="<?php echo array_key_exists('email', $data) ? UserTools::escape($data['email']) : ''?>"/><?php echo array_key_exists('email', $errors) ? ' <abbr title="'.UserTools::escape(implode("\n", $errors['email'])).'">*</abbr>' : ''?></li>
+		<li><?php
+		if (!is_null(UserConfig::$currentTOSVersion) && is_callable(UserConfig::$onRenderTOSLinks)) {
+			call_user_func(UserConfig::$onRenderTOSLinks);
+		}
+		?></li>
 		<li><button id="startupapi-usernamepass-register-button" type="submit" name="register">Register</button> <a href="<?php echo UserConfig::$USERSROOTURL?>/login.php">or login here</a></li>
 		</ul>
 		</form>

register.php

@@ -125,7 +125,7 @@
 			<?php
 		}
 	}
-	
+
 	if ($show_registration_form)
 	{
 		foreach (UserConfig::$authentication_modules as $module)
@@ -163,5 +163,6 @@
 	<p>If you already have an account, you can <a href="<?php echo UserConfig::$USERSROOTURL?>/login.php">log in here</a>.</p>
 <?php
 }
-?></div><?php
+?>
+</div><?php
 require_once(UserConfig::$footer);

themes/classic/startupapi.css

@@ -144,7 +144,6 @@
 #startupapi-authlist {
 	font: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
 	padding: 0 1em;
-	width: 480px;
 }
 
 #startupapi-authlist h2 {

users_config.sample.php

@@ -27,6 +27,27 @@
  */
 #UserConfig::$appName = '';
 
+/*
+ * It is usually important to obtain Terms of Service and Privacy Policy consent
+ * from your users, but you should consult your lawyer before launching the app
+ * and to obtain a copy of such documents.
+ *
+ * Uncomment following lines will enable the Terms of Service and Privacy Policy verbiage on sign up forms.
+ *
+ * You can also override exact verbiage by registering your own UserConfig::$onRenderTOSLinks hook
+ */
+// Increment this number every time you update TOS and Privacy Policy
+// to help you track which user concented to which version
+#UserConfig::$currentTOSVersion = 1;
+
+// Terms of Service URLs
+#UserConfig::$termsOfServiceURL = UserConfig::$SITEROOTURL . '/terms_of_service.php';
+#UserConfig::$termsOfServiceFullURL = UserConfig::$SITEROOTFULLURL . '/terms_of_service.php';
+
+// Privacy Policy URLs
+#UserConfig::$privacyPolicyURL = UserConfig::$SITEROOTURL . '/privacy_policy.php';
+#UserConfig::$privacyPolicyFullURL = UserConfig::$SITEROOTFULLURL . '/privacy_policy.php';
+
 /*
  * Uncomment next line to require email address verification before users can access the site
  */