From b5f096688faaebf7846b3e725e1bd2dd9251b203 Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Wed, 18 Jul 2007 22:26:29 -0700
Subject: NEW FEATURE: use php session

used php session, so that people can actually log in and out
and linking from one page to another can be done easily without
using form to send the password as a hidden parameter over the
net all the time
---
 index.php | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index bae38d4..1d6dfff 100644
--- a/index.php
+++ b/index.php
@@ -51,11 +51,21 @@ if(DB_open()<0)
     exit(); 
   }
 
+/* start a session, if it is not already running */
+session_start();
+
 /* done major error checking, output header of HTML page */
 output_header();
 
 /* check if we want to start a new game */
-if(myisset("new"))
+if(myisset("logout"))
+  {
+    session_unset();
+    session_destroy();
+    $_SESSION = array();
+    echo "you are now logged out!";
+  }
+else if(myisset("new"))
   {
     $names = DB_get_all_names();
     output_form_for_new_game($names);
@@ -204,7 +214,7 @@ else if(myisset("cancle","me"))
     /* get some information from the DB */
     $gameid   = DB_get_gameid_by_hash($me);
     $myname   = DB_get_name_by_hash($me);
-    
+
     /* check if game really is old enough */
     $result = mysql_query("SELECT mod_date from Game WHERE id='$gameid' " );
     $r = mysql_fetch_array($result,MYSQL_NUM);
@@ -245,6 +255,9 @@ else if(myisset("me"))
 	exit();
       }
 
+    if(isset($_SESSION["name"]))
+      output_status($_SESSION["name"]);
+
     /* the user had done something, update the timestamp */
     DB_update_user_timestamp($myid);
     
@@ -1702,13 +1715,21 @@ else if(myisset("me"))
     exit();
  } 
 /* user status page */ 
- else if(myisset("email","password"))
+else if( myisset("email","password") || isset($_SESSION["name"]) )
    {
      /* test id and password, should really be done in one step */
-     $email     = $_REQUEST["email"];
-     $password  = $_REQUEST["password"];
+     if(!isset($_SESSION["name"]))
+       {
+	 $email     = $_REQUEST["email"];
+	 $password  = $_REQUEST["password"];
+       }
+     else
+       {
+	 $name = $_SESSION["name"];
+	 $email     = DB_get_email_by_name($name);
+	 $password  = DB_get_passwd_by_name($name);
+       };
      
-
      if(myisset("forgot"))
        {
 	 $ok = 1;
@@ -1842,6 +1863,12 @@ else if(myisset("me"))
 	       $offset   = DB_get_user_timezone($uid);
 	       $zone     = return_timezone($offset);
 	       date_default_timezone_set($zone);
+
+	       $myname = DB_get_name_by_email($email);
+	       $_SESSION["name"] = $myname;
+
+	       if(isset($_SESSION["name"]))
+		 output_status($_SESSION["name"]);
 	       
 	       /* display links to settings */
 	       output_user_settings($email,$password);
-- 
cgit v1.2.3-18-g5258