diff options
| author | Arun Persaud <arun@nubati.net> | 2008-01-06 19:27:54 +0100 |
|---|---|---|
| committer | Arun Persaud <arun@nubati.net> | 2008-01-06 19:34:21 +0100 |
| commit | 1c41d17d61ec513fe71e52e5a631e60b1a890e0e (patch) | |
| tree | 37949c4f0cb434436c541a60fbe7609680779b54 | |
| parent | 9122cf59b57c7405a14b5a61238667b98dd58150 (diff) | |
| download | e-DoKo-1c41d17d61ec513fe71e52e5a631e60b1a890e0e.tar.gz e-DoKo-1c41d17d61ec513fe71e52e5a631e60b1a890e0e.tar.bz2 e-DoKo-1c41d17d61ec513fe71e52e5a631e60b1a890e0e.zip | |
BUGFIX: people can't start new games unless they are part of it
up to now anyone could start a new game, now you need to be logged in and also be a player in the game
Signed-off-by: Arun Persaud <arun@nubati.net>
| -rw-r--r-- | index.php | 255 | ||||
| -rw-r--r-- | output.php | 1 |
2 files changed, 138 insertions, 118 deletions
@@ -49,148 +49,167 @@ else if(myisset("new")) } } /*check if everything is ready to set up a new game */ - else if( myisset("PlayerA", "PlayerB","PlayerC","PlayerD","dullen","schweinchen","call" )) +else if( myisset("PlayerA", "PlayerB","PlayerC","PlayerD","dullen","schweinchen","call" )) { - $PlayerA = $_REQUEST["PlayerA"]; - $PlayerB = $_REQUEST["PlayerB"]; - $PlayerC = $_REQUEST["PlayerC"]; - $PlayerD = $_REQUEST["PlayerD"]; - - $dullen = $_REQUEST["dullen"]; - $schweinchen = $_REQUEST["schweinchen"]; - $call = $_REQUEST["call"]; - - $EmailA = DB_get_email_by_name($PlayerA); - $EmailB = DB_get_email_by_name($PlayerB); - $EmailC = DB_get_email_by_name($PlayerC); - $EmailD = DB_get_email_by_name($PlayerD); - - if($EmailA=="" || $EmailB=="" || $EmailC=="" || $EmailD=="") + output_status(); + if( !isset($_SESSION["name"]) ) { - echo "couldn't find one of the names, please start a new game"; - output_footer(); - DB_close(); - exit(); + echo "<div class=\"message\">Please <a href=\"$INDEX\">log in</a>.</div>"; } - - $useridA = DB_get_userid_by_name($PlayerA); - $useridB = DB_get_userid_by_name($PlayerB); - $useridC = DB_get_userid_by_name($PlayerC); - $useridD = DB_get_userid_by_name($PlayerD); - - /* create random numbers */ - $randomNR = create_array_of_random_numbers($useridA,$useridB,$useridC,$useridD); - $randomNRstring = join(":",$randomNR); - - /* create game */ - $followup = NULL; - if(myisset("followup") ) + else { - $followup= $_REQUEST["followup"]; - $session = DB_get_session_by_gameid($followup); - $ruleset = DB_get_ruleset_by_gameid($followup); /* just copy ruleset from old game, - this way no manipulation is possible */ + /* get my name */ + $name = $_SESSION["name"]; + + $PlayerA = $_REQUEST["PlayerA"]; + $PlayerB = $_REQUEST["PlayerB"]; + $PlayerC = $_REQUEST["PlayerC"]; + $PlayerD = $_REQUEST["PlayerD"]; - /* check if there is a game in pre or play mode, in that case do nothing */ - if( DB_is_session_active($session) > 0 ) + /* check if user is in the game */ + if(!in_array($name,array($PlayerA,$PlayerB,$PlayerC,$PlayerD))) { - echo "<p class=\"message\"> There is already a game going on in session $session, you can't start a new one</p>"; + echo "<div class=\"message\">You need to be one of the players to start a <a href=\"$INDEX?new\">new game</a>.</div>"; output_footer(); DB_close(); exit(); } - else if ( DB_is_session_active($session) < 0 ) + + $dullen = $_REQUEST["dullen"]; + $schweinchen = $_REQUEST["schweinchen"]; + $call = $_REQUEST["call"]; + + $EmailA = DB_get_email_by_name($PlayerA); + $EmailB = DB_get_email_by_name($PlayerB); + $EmailC = DB_get_email_by_name($PlayerC); + $EmailD = DB_get_email_by_name($PlayerD); + + if($EmailA=="" || $EmailB=="" || $EmailC=="" || $EmailD=="") { - echo "<p class=\"message\"> ERROR: status of session $session couldn't be determined.</p>"; + echo "couldn't find one of the names, please start a new game"; output_footer(); DB_close(); exit(); } - if($session) - mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre',". - "'$ruleset','$session' ,NULL)"); + $useridA = DB_get_userid_by_name($PlayerA); + $useridB = DB_get_userid_by_name($PlayerB); + $useridC = DB_get_userid_by_name($PlayerC); + $useridD = DB_get_userid_by_name($PlayerD); + + /* create random numbers */ + $randomNR = create_array_of_random_numbers($useridA,$useridB,$useridC,$useridD); + $randomNRstring = join(":",$randomNR); + + /* create game */ + $followup = NULL; + if(myisset("followup") ) + { + $followup= $_REQUEST["followup"]; + $session = DB_get_session_by_gameid($followup); + $ruleset = DB_get_ruleset_by_gameid($followup); /* just copy ruleset from old game, + this way no manipulation is possible */ + + /* check if there is a game in pre or play mode, in that case do nothing */ + if( DB_is_session_active($session) > 0 ) + { + echo "<p class=\"message\"> There is already a game going on in session $session, you can't start a new one</p>"; + output_footer(); + DB_close(); + exit(); + } + else if ( DB_is_session_active($session) < 0 ) + { + echo "<p class=\"message\"> ERROR: status of session $session couldn't be determined.</p>"; + output_footer(); + DB_close(); + exit(); + } + + if($session) + mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre',". + "'$ruleset','$session' ,NULL)"); + else + { + /* get max session */ + $max = DB_get_max_session(); + $max++; + mysql_query("UPDATE Game SET session='".$max."' WHERE id=".DB_quote_smart($followup)); + mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre',". + "'$ruleset','$max' ,NULL)"); + } + } else { + /* get ruleset information or create new one */ + $ruleset = DB_get_ruleset($dullen,$schweinchen,$call); + if($ruleset <0) + { + myerror("Error defining ruleset: $ruleset"); + output_footer(); + DB_close(); + exit(); + }; /* get max session */ $max = DB_get_max_session(); $max++; - mysql_query("UPDATE Game SET session='".$max."' WHERE id=".DB_quote_smart($followup)); - mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre',". + + mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre', ". "'$ruleset','$max' ,NULL)"); } + $game_id = mysql_insert_id(); + + /* create hash */ + $TIME = (string) time(); /* to avoid collisions */ + $hashA = md5("AGameOfDoko".$game_id.$PlayerA.$EmailA.$TIME); + $hashB = md5("AGameOfDoko".$game_id.$PlayerB.$EmailB.$TIME); + $hashC = md5("AGameOfDoko".$game_id.$PlayerC.$EmailC.$TIME); + $hashD = md5("AGameOfDoko".$game_id.$PlayerD.$EmailD.$TIME); + + /* create hands */ + mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridA). + ", ".DB_quote_smart($hashA).", 'start','1',NULL,NULL,NULL,NULL)"); + $hand_idA = mysql_insert_id(); + mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridB). + ", ".DB_quote_smart($hashB).", 'start','2',NULL,NULL,NULL,NULL)"); + $hand_idB = mysql_insert_id(); + mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridC). + ", ".DB_quote_smart($hashC).", 'start','3',NULL,NULL,NULL,NULL)"); + $hand_idC = mysql_insert_id(); + mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridD). + ", ".DB_quote_smart($hashD).", 'start','4',NULL,NULL,NULL,NULL)"); + $hand_idD = mysql_insert_id(); + + /* save cards */ + for($i=0;$i<12;$i++) + mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idA', '".$randomNR[$i]."', 'false')"); + for($i=12;$i<24;$i++) + mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idB', '".$randomNR[$i]."', 'false')"); + for($i=24;$i<36;$i++) + mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idC', '".$randomNR[$i]."', 'false')"); + for($i=36;$i<48;$i++) + mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idD', '".$randomNR[$i]."', 'false')"); + + /* send out email, TODO: check for error with email */ + $message = "\n". + "you are invited to play a game of DoKo (that is to debug the program ;).\n". + "Place comments and bug reports here:\n". + "http://wiki.nubati.net/index.php?title=EmailDoko\n\n". + "The whole round would consist of the following players:\n". + "$PlayerA\n". + "$PlayerB\n". + "$PlayerC\n". + "$PlayerD\n\n". + "If you want to join this game, please follow this link:\n\n". + "".$HOST.$INDEX."?me="; + + mymail($EmailA,"You are invited to a game of DoKo","Hello $PlayerA,\n".$message.$hashA); + mymail($EmailB,"You are invited to a game of DoKo","Hello $PlayerB,\n".$message.$hashB); + mymail($EmailC,"You are invited to a game of DoKo","Hello $PlayerC,\n".$message.$hashC); + mymail($EmailD,"You are invited to a game of DoKo","Hello $PlayerD,\n".$message.$hashD); + + echo "<div class=\"message\">You started a new game. The emails have been sent out!</div>\n"; } - else - { - /* get ruleset information or create new one */ - $ruleset = DB_get_ruleset($dullen,$schweinchen,$call); - if($ruleset <0) - { - myerror("Error defining ruleset: $ruleset"); - output_footer(); - DB_close(); - exit(); - }; - /* get max session */ - $max = DB_get_max_session(); - $max++; - - mysql_query("INSERT INTO Game VALUES (NULL, NULL, '$randomNRstring', 'normal', NULL,NULL,'1',NULL,'pre', ". - "'$ruleset','$max' ,NULL)"); - } - $game_id = mysql_insert_id(); - - /* create hash */ - $TIME = (string) time(); /* to avoid collisions */ - $hashA = md5("AGameOfDoko".$game_id.$PlayerA.$EmailA.$TIME); - $hashB = md5("AGameOfDoko".$game_id.$PlayerB.$EmailB.$TIME); - $hashC = md5("AGameOfDoko".$game_id.$PlayerC.$EmailC.$TIME); - $hashD = md5("AGameOfDoko".$game_id.$PlayerD.$EmailD.$TIME); - - /* create hands */ - mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridA). - ", ".DB_quote_smart($hashA).", 'start','1',NULL,NULL,NULL,NULL)"); - $hand_idA = mysql_insert_id(); - mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridB). - ", ".DB_quote_smart($hashB).", 'start','2',NULL,NULL,NULL,NULL)"); - $hand_idB = mysql_insert_id(); - mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridC). - ", ".DB_quote_smart($hashC).", 'start','3',NULL,NULL,NULL,NULL)"); - $hand_idC = mysql_insert_id(); - mysql_query("INSERT INTO Hand VALUES (NULL,".DB_quote_smart($game_id).",".DB_quote_smart($useridD). - ", ".DB_quote_smart($hashD).", 'start','4',NULL,NULL,NULL,NULL)"); - $hand_idD = mysql_insert_id(); - - /* save cards */ - for($i=0;$i<12;$i++) - mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idA', '".$randomNR[$i]."', 'false')"); - for($i=12;$i<24;$i++) - mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idB', '".$randomNR[$i]."', 'false')"); - for($i=24;$i<36;$i++) - mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idC', '".$randomNR[$i]."', 'false')"); - for($i=36;$i<48;$i++) - mysql_query("INSERT INTO Hand_Card VALUES (NULL, '$hand_idD', '".$randomNR[$i]."', 'false')"); - - /* send out email, TODO: check for error with email */ - $message = "\n". - "you are invited to play a game of DoKo (that is to debug the program ;).\n". - "Place comments and bug reports here:\n". - "http://wiki.nubati.net/index.php?title=EmailDoko\n\n". - "The whole round would consist of the following players:\n". - "$PlayerA\n". - "$PlayerB\n". - "$PlayerC\n". - "$PlayerD\n\n". - "If you want to join this game, please follow this link:\n\n". - "".$HOST.$INDEX."?me="; - - mymail($EmailA,"You are invited to a game of DoKo","Hello $PlayerA,\n".$message.$hashA); - mymail($EmailB,"You are invited to a game of DoKo","Hello $PlayerB,\n".$message.$hashB); - mymail($EmailC,"You are invited to a game of DoKo","Hello $PlayerC,\n".$message.$hashC); - mymail($EmailD,"You are invited to a game of DoKo","Hello $PlayerD,\n".$message.$hashD); - - output_status(); - echo "<div class=\"message\">You started a new game. The emails have been sent out!</div>\n"; } /* end set up a new game */ /* cancel a game, if nothing has happend in the last N minutes */ else if(myisset("cancel","me")) @@ -50,6 +50,7 @@ function output_form_for_new_game($names) ?> <h2> Players </h2> <p>Please select four players (or use the randomly pre-selected names)</p> + <p>Remember: you need to be one of the players ;) </p> <form action="index.php" method="post"> <div class="table"> |