"; if($number >1) echo "N.B. You tried this already $number times during the last day and it will only work ". " 5 times during a day.
"; echo "The new password will be valid for one day, make sure you reset it to something else.
"; echo "Back to the main page."; /* create temporary password, use the fist 8 letters of a md5 hash */ $TIME = (string) time(); /* to avoid collisions */ $hash = md5("Anewpassword".$email.$TIME); $newpw = substr($hash,1,8); $message = "Someone (hopefully you) requested a new password. \n". "You can use this email and the following password: \n". " $newpw \n". "to log into the server. The new password is valid for 24h, so make\n". "sure you reset your password to something new. Your old password will\n". " also still be valid until you set a new one\n"; mymail($email,$EmailName."recovery ",$message); /* we save these in the database */ DB_set_recovery_password($myid,md5($newpw)); } else { /* make it so that people (or a robot) can request thousands of passwords within a short time * and spam a user this way */ echo "Sorry you already tried 5 times during the last 24h.
". "You need to use one of those passwords or wait to get a new one.
"; echo "Back to the main page."; } } else {/* can't find user id in the database */ /* no email given? */ if($email=="") echo "You need to give me an email address!
". "Please try again."; else /* default error message */ echo "Couldn't find a player with this email!
". "Please contact Arun, if you think this is a mistake
". "or else try again."; } } else { /* normal user page */ /* verify password and email */ if(strlen($password)!=32) $password = md5($password); $ok = 1; $myid = DB_get_userid('email-password',$email,$password); if(!$myid) $ok = 0; if($ok) { /* user information is ok */ $myname = DB_get_name('email',$email); $_SESSION["name"] = $myname; output_status(); DB_get_PREF($myid); /* does the user want to change some preferences? */ if(myisset("setpref")) { $setpref=$_REQUEST["setpref"]; switch($setpref) { case "germancards": case "englishcards": $result = mysql_query("SELECT * from User_Prefs". " WHERE user_id='$myid' AND pref_key='cardset'" ); if( mysql_fetch_array($result,MYSQL_NUM)) $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref). " WHERE user_id='$myid' AND pref_key='cardset'" ); else $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',". DB_quote_smart($setpref).")"); echo "Ok, changed you preferences for the cards.\n"; break; case "emailaddict": case "emailnonaddict": $result = mysql_query("SELECT * from User_Prefs". " WHERE user_id='$myid' AND pref_key='email'" ); if( mysql_fetch_array($result,MYSQL_NUM)) $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref). " WHERE user_id='$myid' AND pref_key='email'" ); else $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',". DB_quote_smart($setpref).")"); echo "Ok, changed you preferences for sending out emails.\n"; break; } } /* user wants to change his password or request a temporary one */ else if(myisset("passwd")) { if( $_REQUEST["passwd"]=="ask" ) { /* reset password form*/ output_password_recovery($email,$password); } else if($_REQUEST["passwd"]=="set") { /* reset password */ $ok = 1; /* check if old password matches */ $oldpasswd = md5($_REQUEST["password0"]); if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) $ok = -1; /* check if new passwords are types the same twice */ if($_REQUEST["password1"] != $_REQUEST["password2"] ) $ok = -2; switch($ok) { case '-2': echo "The new passwords don't match.
"; break; case '-1': echo "The old password is not correct.
"; break; case '1': echo "Changed the password.
"; mysql_query("UPDATE User SET password='".md5($_REQUEST["password1"]). "' WHERE id=".DB_quote_smart($myid)); break; } /* set password */ } } else /* output default user page */ { /* display links to settings */ output_user_settings(); DB_update_user_timestamp($myid); display_user_menu(); /* display all games the user has played */ echo "

"; echo "

These are all your games:

\n"; echo "

Session:
\n"; echo " p = pre-game phase "; echo "P = game in progess "; echo "F = game finished
"; echo "

\n"; $output = array(); $result = mysql_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player,Game.status from Hand". " LEFT JOIN Game ON Game.id=Hand.game_id". " WHERE user_id='$myid'". " ORDER BY Game.session,Game.create_date" ); $gamenrold = -1; echo "\n \n \n

\n"; while( $r = mysql_fetch_array($result,MYSQL_NUM)) { $game = DB_format_gameid($r[1]); $gamenr = (int) $game; if($gamenrold < $gamenr) { if($gamenrold!=-1) echo "
$gamenr:	"; else echo "$gamenr:	"; $gamenrold = $gamenr; } if($r[4]=='pre') { echo "\n p "; } else if ($r[4]=='gameover') echo "\n F "; else { echo "\n P "; } if($r[4] != 'gameover') { echo "	\n "; if($r[3]==$myid \|\| !$r[3]) echo "(it's your turn)\n"; else { $name = DB_get_name('userid',$r[3]); $gameid = $r[1]; if(DB_get_reminder($r[3],$gameid)==0) if(time()-strtotime($r[2]) > 6060247) echo "". "Send a reminder."; echo "(it's $name's turn)\n"; }; if(time()-strtotime($r[2]) > 60602430) echo "". "Cancel?". " (clicking here is final and can't be restored)"; } } echo "

\n"; /* display last 5 users that have signed up to e-DoKo */ $names = DB_get_names_of_new_logins(5); echo "

New Players:

\n

\n"; echo implode(", ",$names).",...\n"; echo "

\n"; /* display last 5 users that logged on */ $names = DB_get_names_of_last_logins(5); echo "

Players last logged in:

\n

\n"; echo implode(", ",$names).",...\n"; echo "

\n"; echo "

\n"; } } else { echo "

Sorry email and password don't match. Please try again.

"; } }; output_footer(); DB_close(); exit(); ?>