";
if($number >1)
echo "N.B. You tried this already $number times during the last day and it will only work ".
" 5 times during a day.
";
echo "The new password will be valid for one day, make sure you reset it to something else.
";
echo "Back to the main page.";
/* create temporary password, use the fist 8 letters of a md5 hash */
$TIME = (string) time(); /* to avoid collisions */
$hash = md5("Anewpassword".$email.$TIME);
$newpw = substr($hash,1,8);
$message = "Someone (hopefully you) requested a new password. \n".
"You can use this email and the following password: \n".
" $newpw \n".
"to log into the server. The new password is valid for 24h, so make\n".
"sure you reset your password to something new. Your old password will\n".
" also still be valid until you set a new one\n";
mymail($email,$EmailName."recovery ",$message);
/* we save these in the database */
DB_set_recovery_password($myid,md5($newpw));
}
else
{
/* make it so that people (or a robot) can request thousands of passwords within a short time
* and spam a user this way */
echo "Sorry you already tried 5 times during the last 24h.
".
"You need to use one of those passwords or wait to get a new one.
";
echo "Back to the main page.";
}
}
else
{/* can't find user id in the database */
/* no email given? */
if($email=="")
echo "You need to give me an email address!
".
"Please try again.";
else /* default error message */
echo "Couldn't find a player with this email!
".
"Please contact Arun, if you think this is a mistake
".
"or else try again.";
}
}
else
{ /* normal user page */
/* verify password and email */
if(strlen($password)!=32)
$password = md5($password);
$ok = 1;
$myid = DB_get_userid('email-password',$email,$password);
if(!$myid)
$ok = 0;
if($ok)
{
/* user information is ok */
$myname = DB_get_name('email',$email);
$_SESSION["name"] = $myname;
output_status();
DB_get_PREF($myid);
/* does the user want to change some preferences? */
if(myisset("setpref"))
{
$setpref=$_REQUEST["setpref"];
switch($setpref)
{
case "germancards":
case "englishcards":
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='cardset'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
" WHERE user_id='$myid' AND pref_key='cardset'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
DB_quote_smart($setpref).")");
echo "Ok, changed you preferences for the cards.\n";
break;
case "emailaddict":
case "emailnonaddict":
$result = DB_query("SELECT * from User_Prefs".
" WHERE user_id='$myid' AND pref_key='email'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
" WHERE user_id='$myid' AND pref_key='email'" );
else
$result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
DB_quote_smart($setpref).")");
echo "Ok, changed you preferences for sending out emails.\n";
break;
}
}
/* user wants to change his password or request a temporary one */
else if(myisset("passwd"))
{
if( $_REQUEST["passwd"]=="ask" )
{
/* reset password form*/
output_password_recovery($email,$password);
}
else if($_REQUEST["passwd"]=="set")
{
/* reset password */
$ok = 1;
/* check if old password matches */
$oldpasswd = md5($_REQUEST["password0"]);
if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
$ok = -1;
/* check if new passwords are types the same twice */
if($_REQUEST["password1"] != $_REQUEST["password2"] )
$ok = -2;
switch($ok)
{
case '-2':
echo "The new passwords don't match.
";
break;
case '-1':
echo "The old password is not correct.
";
break;
case '1':
echo "Changed the password.
";
DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
"' WHERE id=".DB_quote_smart($myid));
break;
}
/* set password */
}
}
else /* output default user page */
{
/* display links to settings */
output_user_settings();
DB_update_user_timestamp($myid);
display_user_menu();
/* display all games the user has played */
echo "
Session:
\n";
echo " p = pre-game phase ";
echo "P = game in progess ";
echo "F = game finished
";
echo "
\n"; while( $r = DB_fetch_array($result)) { $game = DB_format_gameid($r[1]); $gamenr = (int) $game; if($gamenrold < $gamenr) { if($gamenrold!=-1) echo " | |||
$gamenr: | "; else echo "$gamenr: | "; $gamenrold = $gamenr; } if($r[4]=='pre') { echo "\n p "; } else if ($r[4]=='gameover') echo "\n F "; else { echo "\n P "; } if($r[4] != 'gameover') { echo " | \n "; if($r[3]==$myid || !$r[3]) echo "(it's your turn)\n"; else { $name = DB_get_name('userid',$r[3]); $gameid = $r[1]; if(DB_get_reminder($r[3],$gameid)==0) if(time()-strtotime($r[2]) > 60*60*24*7) echo "". "Send a reminder."; echo "(it's $name's turn)\n"; }; if(time()-strtotime($r[2]) > 60*60*24*30) echo "". "Cancel?". " (clicking here is final and can't be restored)"; } } echo " |
\n"; echo implode(", ",$names).",...\n"; echo "
\n"; /* display last 5 users that logged on */ $names = DB_get_names_of_last_logins(5); echo "\n"; echo implode(", ",$names).",...\n"; echo "
\n"; echo "