2 /* make sure that we are not called from outside the scripts,
3 * use a variable defined in config.php to check this
8 /* test id and password, should really be done in one step */
9 if(!isset($_SESSION["name"]))
11 $email = $_REQUEST["email"];
12 $password = $_REQUEST["password"];
16 $name = $_SESSION["name"];
17 $email = DB_get_email('name',$name);
18 $password = DB_get_passwd_by_name($name);
21 /* user has forgotten his password */
24 /* check if player is in the database */
27 $myid = DB_get_userid('email',$email);
33 /* check how many entries in recovery table */
34 $number = DB_get_number_of_passwords_recovery($myid);
36 /* if less than N recent ones, add a new one and send out email */
39 echo "Ok, I send you a new password. <br />";
41 echo "N.B. You tried this already $number times during the last day and it will only work ".
42 " 5 times during a day.<br />";
43 echo "The new password will be valid for one day, make sure you reset it to something else.<br />";
44 echo "Back to the <a href=\"$INDEX\">main page</a>.";
46 /* create temporary password, use the fist 8 letters of a md5 hash */
47 $TIME = (string) time(); /* to avoid collisions */
48 $hash = md5("Anewpassword".$email.$TIME);
49 $newpw = substr($hash,1,8);
51 $message = "Someone (hopefully you) requested a new password. \n".
52 "You can use this email and the following password: \n".
54 "to log into the server. The new password is valid for 24h, so make\n".
55 "sure you reset your password to something new. Your old password will\n".
56 " also still be valid until you set a new one\n";
57 mymail($email,$EmailName."recovery ",$message);
59 /* we save these in the database */
60 DB_set_recovery_password($myid,md5($newpw));
64 /* make it so that people (or a robot) can request thousands of passwords within a short time
65 * and spam a user this way */
66 echo "Sorry you already tried 5 times during the last 24h.<br />".
67 "You need to use one of those passwords or wait to get a new one.<br />";
68 echo "Back to the <a href=\"$INDEX\">main page</a>.";
72 {/* can't find user id in the database */
76 echo "You need to give me an email address! <br />".
77 "Please try <a href=\"$INDEX\">again</a>.";
78 else /* default error message */
79 echo "Couldn't find a player with this email! <br />".
80 "Please contact Arun, if you think this is a mistake <br />".
81 "or else try <a href=\"$INDEX\">again</a>.";
85 { /* normal user page */
88 /* verify password and email */
89 if(strlen($password)!=32)
90 $password = md5($password);
93 $myid = DB_get_userid('email-password',$email,$password);
99 /* user information is ok */
100 $myname = DB_get_name('email',$email);
101 $_SESSION["name"] = $myname;
104 $PREF = DB_get_PREF($myid);
106 /* does the user want to change some preferences? */
107 if(myisset("setpref"))
109 $setpref=$_REQUEST["setpref"];
114 $result = DB_query("SELECT * from User_Prefs".
115 " WHERE user_id='$myid' AND pref_key='cardset'" );
116 if( DB_fetch_array($result))
117 $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
118 " WHERE user_id='$myid' AND pref_key='cardset'" );
120 $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
121 DB_quote_smart($setpref).")");
122 echo "Ok, changed you preferences for the cards.\n";
125 case "emailnonaddict":
126 $result = DB_query("SELECT * from User_Prefs".
127 " WHERE user_id='$myid' AND pref_key='email'" );
128 if( DB_fetch_array($result))
129 $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
130 " WHERE user_id='$myid' AND pref_key='email'" );
132 $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
133 DB_quote_smart($setpref).")");
134 echo "Ok, changed you preferences for sending out emails.\n";
138 /* user wants to change his password or request a temporary one */
139 else if(myisset("passwd"))
141 if( $_REQUEST["passwd"]=="ask" )
143 /* reset password form*/
144 output_password_recovery($email,$password);
146 else if($_REQUEST["passwd"]=="set")
151 /* check if old password matches */
152 $oldpasswd = md5($_REQUEST["password0"]);
153 if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
155 /* check if new passwords are types the same twice */
156 if($_REQUEST["password1"] != $_REQUEST["password2"] )
162 echo "The new passwords don't match. <br />";
165 echo "The old password is not correct. <br />";
168 echo "Changed the password.<br />";
169 DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
170 "' WHERE id=".DB_quote_smart($myid));
176 else /* output default user page */
178 /* display links to settings */
179 output_user_settings();
181 DB_update_user_timestamp($myid);
185 /* display all games the user has played */
186 echo "<div class=\"user\">";
187 echo "<h4>These are all your games:</h4>\n";
188 echo "<p>Session: <br />\n";
189 echo "<span class=\"gamestatuspre\"> p </span> = pre-game phase ";
190 echo "<span class=\"gamestatusplay\">P </span> = game in progess ";
191 echo "<span class=\"gamestatusover\">F </span> = game finished <br />";
195 $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player,Game.status from Hand".
196 " LEFT JOIN Game ON Game.id=Hand.game_id".
197 " WHERE user_id='$myid'".
198 " ORDER BY Game.session,Game.create_date" );
200 echo "<table>\n <tr><td>\n";
201 while( $r = DB_fetch_array($result))
203 $game = DB_format_gameid($r[1]);
204 $gamenr = (int) $game;
205 if($gamenrold < $gamenr)
208 echo "</td></tr>\n <tr> <td>$gamenr:</td><td> ";
210 echo "$gamenr:</td><td> ";
211 $gamenrold = $gamenr;
215 echo "\n <span class=\"gamestatuspre\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">p </a></span> ";
218 else if ($r[4]=='gameover')
219 echo "\n <span class=\"gamestatusover\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">F </a></span> ";
222 echo "\n <span class=\"gamestatusplay\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">P </a></span> ";
224 if($r[4] != 'gameover')
227 if($r[3]==$myid || !$r[3])
228 echo "(it's <strong>your</strong> turn)\n";
231 $name = DB_get_name('userid',$r[3]);
233 if(DB_get_reminder($r[3],$gameid)==0)
234 if(time()-strtotime($r[2]) > 60*60*24*7)
236 "<a href=\"$INDEX?action=reminder&me=".$r[0]."\">Send a reminder.</a>";
237 echo "(it's $name's turn)\n";
239 if(time()-strtotime($r[2]) > 60*60*24*30)
241 "<a href=\"$INDEX?action=cancel&me=".$r[0]."\">Cancel?</a>".
242 " (clicking here is final and can't be restored)";
246 echo "</td></tr>\n</table>\n";
248 /* display last 5 users that have signed up to e-DoKo */
249 $names = DB_get_names_of_new_logins(5);
250 echo "<h4>New Players:</h4>\n<p>\n";
251 echo implode(", ",$names).",...\n";
254 /* display last 5 users that logged on */
255 $names = DB_get_names_of_last_logins(5);
256 echo "<h4>Players last logged in:</h4>\n<p>\n";
257 echo implode(", ",$names).",...\n";
265 echo "<div class=\"message\">Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>. </div>";