8 files changed, 96 insertions, 46 deletions
diff --git a/css/standard013.css b/css/standard014.css
index 39172f5..913a18d 100644
--- a/css/standard013.css
+++ b/css/standard014.css
@@ -545,12 +545,11 @@ div span img.button {
 }
 
 .gamestatuspre {
-   padding: 0 0.3em;
-
-    background-color: #fd8901;
+  padding: 0 0.3em;
+  background-color: #fd8901;
 }
 .gamestatusover {
-   padding:0 0.3em;
+  padding:0 0.3em;
   background-color: #f82c20 ;
 }
 .gamestatusplay {
@@ -558,6 +557,10 @@ div span img.button {
   background-color: #15de26;
 }
 
+.multi a{
+  color: #fff;
+}
+
 .bigger {
   font-size:larger;
 }
diff --git a/include/db.php b/include/db.php
index 1e18f95..514bde2 100644
--- a/include/db.php
+++ b/include/db.php
@@ -1102,5 +1102,13 @@ function DB_get_exchanged_cards($hash)
   return $cards;
 }
 
-
+function DB_played_by_others($gameid)
+{
+  $gameids = array();
+  $result = DB_query("SELECT id FROM Game WHERE randomnumbers=(SELECT randomnumbers from Game where id=$gameid) and status='gameover'");
+  while($r = DB_fetch_array($result))
+    if($r[0]!=$gameid)
+      $gameids[]=$r[0];
+  return $gameids;
+}
 ?>
 \ No newline at end of file
diff --git a/include/functions.php b/include/functions.php
index 82b4bb6..ca62cd9 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -846,7 +846,13 @@ function display_table ()
 
 function display_user_menu()
 {
-  global $WIKI,$myid,$INDEX;
+  global $WIKI,$INDEX;
+
+  /* get the id we are looking for */
+  if(isset($_SESSION['id']))
+     $myid = $_SESSION['id'];
+  else
+    return;
 
   $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
 		     " LEFT JOIN Game On Hand.game_id=Game.id".
@@ -1055,7 +1061,12 @@ function format_score_table_html($score,$userid)
       $i++;
       $output.=" <tr>";
       $userhash = DB_get_hash_from_gameid_and_userid($game['gameid'],$userid);
-      $output.="  <td> <a href=\"".$INDEX."?action=game&amp;me=".$userhash."\">$i</a></td>";
+      /* create link to old games only if you are logged in and its your game*/
+      if(isset($_SESSION['id']) && $_SESSION['id']==$userid)
+	$output.="  <td> <a href=\"".$INDEX."?action=game&amp;me=".$userhash."\">$i</a></td>";
+      else
+	$output.="  <td>$i</td>";
+
       foreach($game['players'] as $id=>$points)
 	$output.="<td>".$points."</td>";
       $output.="<td>".$game['points'];
@@ -1071,7 +1082,7 @@ function format_score_table_html($score,$userid)
   return $output;
 }
 
-function createCache($content, $cacheFile) 
+function createCache($content, $cacheFile)
 {
   $fp = fopen($cacheFile,"w");
   if($fp)
@@ -1085,10 +1096,10 @@ function createCache($content, $cacheFile)
   return;
 }
 
-function getCache($cacheFile, $expireTime) 
+function getCache($cacheFile, $expireTime)
 {
-  if( file_exists($cacheFile) && 
-      filemtime($cacheFile )>( time() - $expireTime ) ) 
+  if( file_exists($cacheFile) &&
+      filemtime($cacheFile )>( time() - $expireTime ) )
     {
       return file_get_contents($cacheFile);
     }
diff --git a/include/game.php b/include/game.php
index 06d75f3..49957b1 100644
--- a/include/game.php
+++ b/include/game.php
@@ -25,7 +25,8 @@ if(!$myid)
 global $GAME,$RULES,$CARDS;
 
 /* the user has done something, update the timestamp */
-DB_update_user_timestamp($myid);
+if(isset($_SESSION['id']))
+  DB_update_user_timestamp($_SESSION['id']);
 
 /* get some information from the DB */
 $gameid   = DB_get_gameid_by_hash($me);
@@ -36,7 +37,7 @@ $myhand   = DB_get_handid('hash',$me);
 $session  = DB_get_session_by_gameid($gameid);
 
 /* get prefs and save them in a variable*/
-$PREF = DB_get_PREF($myid);
+$PREF = DB_get_PREF(isset($_SESSION['id'])?$_SESSION['id']:$myid);
 
 /* get rule set for this game */
 $RULES = DB_get_RULES($gameid);
@@ -179,7 +180,10 @@ if($session)
 	$lasthash=$hash;
       }
     $i--;
-    echo "This is game number $j of <a href=\"{$INDEX}?action=game&amp;me=$lasthash\">$i</a> in session $session.";
+    if(isset($_SESSION['id']) && $_SESSION['id']==$myid)
+      echo "This is game number $j of <a href=\"{$INDEX}?action=game&amp;me=$lasthash\">$i</a> in session $session.";
+    else
+      echo "This is game number $j of $i in session $session.";
     echo "</div>\n";
   }
 
@@ -1946,11 +1950,26 @@ if($gamestatus == 'play' || $gameend < 60*60*24*7)
 
 echo "<input type=\"submit\" value=\"submit\" />\n";
 
+/* has this hand been played by others? */
+$other_game_ids = DB_played_by_others($gameid);
+if(sizeof($other_game_ids)>0 && $mystatus=='gameover')
+  {
+    $mypos = DB_get_pos_by_hash($me);
+    echo "<p>See how other played the same hand: <br />\n";
+    foreach($other_game_ids as $id)
+      {
+	$otherhash = DB_get_hash_from_game_and_pos($id,$mypos);
+	$othername = DB_get_name('hash',$otherhash);
+	echo "<a href=\"$INDEX?action=game&amp;me=$otherhash\">$othername</a><br />";
+      }
+    echo "</p>\n";
+  }
+
 echo "</div>\n";
 
 echo "</form>\n";
 
-if($mystatus=='gameover' && DB_get_game_status_by_gameid($gameid)=='gameover' )
+if($mystatus=='gameover' && DB_get_game_status_by_gameid($gameid)=='gameover' && isset($_SESSION['id']) && $_SESSION['id']==$myid)
   {
     $session = DB_get_session_by_gameid($gameid);
     $result  = DB_query("SELECT id,create_date FROM Game".
diff --git a/include/login.php b/include/login.php
index ea8d8ef..c1a0e42 100644
--- a/include/login.php
+++ b/include/login.php
@@ -6,14 +6,14 @@ if(!isset($HOST))
   exit;
 
 /* check if login information is present */
-if(!myisset("email","password"))
+if(!myisset('email','password'))
   {
     echo "can't log you in... missing login information.";
   }
 else
   {
-    $email     = $_REQUEST["email"];
-    $password  = $_REQUEST["password"];
+    $email     = $_REQUEST['email'];
+    $password  = $_REQUEST['password'];
 
     /* verify password and email */
     if(strlen($password)!=32)
@@ -28,7 +28,9 @@ else
       {
 	/* user information is ok, set session variabel */
 	$myname = DB_get_name('email',$email);
-	$_SESSION["name"] = $myname;
+	$_SESSION['name'] = $myname;
+	$_SESSION['id']   = $myid;
+	$_SESSION['pass'] = $password;
       }
   }
 ?>
 \ No newline at end of file
diff --git a/include/output.php b/include/output.php
index dd2e535..1531c77 100644
--- a/include/output.php
+++ b/include/output.php
@@ -270,7 +270,7 @@ function output_header()
      <title>e-Doko</title>
      <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type" />
      <link rel="shortcut icon" type="image/x-icon" href="pics/edoko-favicon.png" />
-     <link rel="stylesheet" type="text/css" href="css/standard013.css" />
+     <link rel="stylesheet" type="text/css" href="css/standard014.css" />
      <script type="text/javascript">
        var current=0;
        function hl(num) {
@@ -437,6 +437,9 @@ function output_password_recovery($email,$password)
 
 function output_user_notes($userid,$gameid,$userstatus)
 {
+  /* make sure to only show these if the person is logged in */
+  if(!isset($_SESSION['id']) || $userid != $_SESSION['id']) return;
+
   echo "<div class=\"notes\"> Personal notes: <br />\n";
   $notes = DB_get_notes_by_userid_and_gameid($userid,$gameid);
   foreach($notes as $note)
@@ -447,5 +450,5 @@ function output_user_notes($userid,$gameid,$userstatus)
 
   return;
 }
-    
+
 ?>
 \ No newline at end of file
diff --git a/include/user.php b/include/user.php
index 19eb27b..dc96377 100644
--- a/include/user.php
+++ b/include/user.php
@@ -1,12 +1,12 @@
 <?php
-/* make sure that we are not called from outside the scripts, 
+/* make sure that we are not called from outside the scripts,
  * use a variable defined in config.php to check this
  */
 if(!isset($HOST))
   exit;
 
 /* test id and password, should really be done in one step */
-if(!isset($_SESSION["name"])) 
+if(!isset($_SESSION["name"]))
   {
     $email     = $_REQUEST["email"];
     $password  = $_REQUEST["password"];
@@ -70,7 +70,7 @@ if(myisset("forgot"))
       }
     else
       {/* can't find user id in the database */
-	     
+
 	/* no email given? */
 	if($email=="")
 	  echo "You need to give me an email address! <br />".
@@ -81,30 +81,30 @@ if(myisset("forgot"))
 	    "or else try <a href=\"$INDEX\">again</a>.";
       }
   }
-else 
+else
   { /* normal user page */
-    
+
     /* verify password and email */
     if(strlen($password)!=32)
       $password = md5($password);
-    
+
     $ok  = 1;
     $myid = DB_get_userid('email-password',$email,$password);
     if(!$myid)
       $ok = 0;
-    
+
     if($ok)
       {
 	/* user information is ok */
 	$myname = DB_get_name('email',$email);
 	$_SESSION["name"] = $myname;
-	
+
 	$PREF = DB_get_PREF($myid);
-	
+
 	DB_update_user_timestamp($myid);
-	
+
 	display_user_menu();
-	
+
 	/* display all games the user has played */
 	echo "<div class=\"user\">";
 	echo "<h4>These are all your games:</h4>\n";
@@ -113,12 +113,15 @@ else
 	echo "<span class=\"gamestatusplay\">P </span> =  game in progess ";
 	echo "<span class=\"gamestatusover\">F </span> =  game finished <br />";
 	echo "</p>\n";
-	
+
 	$output = array();
-	$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player,Game.status from Hand".
-			   " LEFT JOIN Game ON Game.id=Hand.game_id".
+	$result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
+			   " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count ".
+			   " FROM Hand".
+			   " LEFT JOIN Game G ON G.id=Hand.game_id".
 			   " WHERE user_id='$myid'".
-			   " ORDER BY Game.session,Game.create_date" );
+			   " ORDER BY G.session,G.create_date" );
+
 	$gamenrold = -1;
 	echo "<table>\n <tr><td>\n";
 	while( $r = DB_fetch_array($result))
@@ -134,12 +137,13 @@ else
 		$gamenrold = $gamenr;
 		echo "<td class=\"usergames\">\n";
 	      }
+	    $Multi = ($r[5]>1) ? "multi" : "";
 	    if($r[4]=='pre')
-	      echo "   <span class=\"gamestatuspre\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">p </a></span>\n";
+	      echo "   <span class=\"gamestatuspre $Multi\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">p </a></span>\n";
 	    else if ($r[4]=='gameover')
-	      echo "   <span class=\"gamestatusover\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">F </a></span>\n";
+	      echo "   <span class=\"gamestatusover $Multi\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">F </a></span>\n";
 	    else
-	      echo "   <span class=\"gamestatusplay\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">P </a></span>\n";
+	      echo "   <span class=\"gamestatusplay $Multi\"><a href=\"".$INDEX."?action=game&amp;me=".$r[0]."\">P </a></span>\n";
 	    if($r[4] != 'gameover')
 	      {
 		echo "</td>\n<td>\n    ";
@@ -160,19 +164,19 @@ else
 	      }
 	  }
 	echo "</td></tr>\n</table>\n";
-	
+
 	/* display last 5 users that have signed up to e-DoKo */
 	$names = DB_get_names_of_new_logins(5);
 	echo "<h4>New Players:</h4>\n<p>\n";
 	echo implode(", ",$names).",...\n";
 	echo "</p>\n";
-	
+
 	/* display last 5 users that logged on */
 	$names = DB_get_names_of_last_logins(5);
 	echo "<h4>Players last logged in:</h4>\n<p>\n";
 	echo implode(", ",$names).",...\n";
 	echo "</p>\n";
-	
+
 	echo "</div>\n";
       }
     else
diff --git a/include/welcome.php b/include/welcome.php
index 654e968..d760c26 100644
--- a/include/welcome.php
+++ b/include/welcome.php
@@ -1,5 +1,5 @@
 <?php
-/* make sure that we are not called from outside the scripts, 
+/* make sure that we are not called from outside the scripts,
  * use a variable defined in config.php to check this
  */
 if(!isset($HOST))
@@ -64,7 +64,7 @@ if($done==0)
 ?>
 
   <h4> Login/Register:</h4>
-  <p> 
+  <p>
   Please <a href="index.php?action=register">register</a>, in case you have not done that yet  <br />
   or login with you email-address or name and password here:
   </p>
@@ -87,5 +87,5 @@ if($done==0)
   </table>
   </fieldset>
   </form>
-  
-</div>  
-\ No newline at end of file
+
+</div>
+\ No newline at end of file