include/user.php

   1 <?php
   2 /* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
   3  *
   4  *   This file is part of e-DoKo.
   5  *
   6  *   e-DoKo is free software: you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation, either version 3 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   e-DoKo is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 /* make sure that we are not called from outside the scripts,
  22  * use a variable defined in config.php to check this
  23  */
  24 if(!isset($HOST))
  25   exit;
  26
  27 /* test id and password, should really be done in one step */
  28 if(!isset($_SESSION['name']))
  29   {
  30     $email     = $_REQUEST['email'];
  31     $password  = $_REQUEST['password'];
  32   }
  33 else
  34   {
  35     $name = $_SESSION['name'];
  36     $email     = DB_get_email('name',$name);
  37     $password  = DB_get_passwd_by_name($name);
  38   };
  39
  40 global  $ADMIN_NAME;
  41
  42 /* user has forgotten his password */
  43 if(myisset('forgot'))
  44   {
  45     /* check if player is in the database */
  46     $ok = 1;
  47
  48     $myid = DB_get_userid('email',$email);
  49     if(!$myid)
  50       $ok = 0;
  51
  52     if($ok)
  53       {
  54         /* check how many entries in recovery table */
  55         $number = DB_get_number_of_passwords_recovery($myid);
  56
  57         /* if less than N recent ones, add a new one and send out email */
  58         if( $number < 5 )
  59           {
  60             echo _('Ok, I will send you a new password.').' <br />';
  61             if($number >1)
  62               echo "N.B. You tried this already $number times during the last day and it will only work ".
  63                 " 5 times during a day.<br />";
  64             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
  65             echo "Back to the  <a href=\"$INDEX\">main page</a>.";
  66
  67             /* create temporary password, use the fist 8 letters of a md5 hash */
  68             $TIME  = (string) time(); /* to avoid collisions */
  69             $hash  = md5('Anewpassword'.$email.$TIME);
  70             $newpw = substr($hash,1,8);
  71
  72             $message = "Someone (hopefully you) requested a new password. \n".
  73               "You can use this email and the following password: \n".
  74               "   $newpw    \n".
  75               "to log into the server. The new password is valid for 24h, so make\n".
  76               "sure you reset your password to something new. Your old password will\n".
  77               "also still be valid until you set a new one.\n";
  78             mymail($myid,0, GAME_RECOVERY, $message);
  79
  80             /* we save these in the database */
  81             DB_set_recovery_password($myid,md5($newpw));
  82           }
  83         else
  84           {
  85             /* make it so that people (or a robot) can request thousands of passwords within a short time
  86              * and spam a user this way */
  87             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
  88                    'You need to use one of those passwords or wait to get a new one.').'<br />';
  89             echo "Back to the <a href=\"$INDEX\">main page</a>.";
  90           }
  91       }
  92     else
  93       {/* can't find user id in the database */
  94
  95         /* no email given? */
  96         if($email=="")
  97           echo "You need to give me an email address! <br />".
  98             "Please try <a href=\"$INDEX\">again</a>.";
  99         else /* default error message */
 100           echo "Couldn't find a player with this email! <br />".
 101             "Please contact $ADMIN_NAME, if you think this is a mistake <br />".
 102             "or else try <a href=\"$INDEX\">again</a>.";
 103       }
 104   }
 105 else
 106   { /* normal user page */
 107
 108     /* verify password and email */
 109     if(strlen($password)!=32)
 110       $password = md5($password);
 111
 112     $ok  = 1;
 113     $myid = DB_get_userid('email-password',$email,$password);
 114     if(!$myid)
 115       $ok = 0;
 116
 117     if($ok)
 118       {
 119         /* user information is ok */
 120         $myname = DB_get_name('email',$email);
 121         $_SESSION['name'] = $myname;
 122
 123         $PREF = DB_get_PREF($myid);
 124
 125         DB_update_user_timestamp($myid);
 126
 127         display_user_menu($myid);
 128
 129         /* display all games the user has played */
 130         echo '<div class="user">';
 131
 132         if($myvacation = check_vacation($myid))
 133           {
 134             $vac_start   = $myvacation[0];
 135             $vac_stop    = $myvacation[1];
 136             $vac_comment = $myvacation[2];
 137             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).").
 138               " Between $vac_start and $vac_stop other users will see the following message: $vac_comment.</p>\n";
 139           }
 140
 141         echo '<h4>'._('These are all your games').":</h4>\n";
 142         /* output legend */
 143         echo '<p>'._('Games').": \n";
 144         echo '<span class="gamestatuspre"> &nbsp; </span> =  '._('pre-game phase');
 145         echo '<span class="gamestatusplay"> &nbsp; </span> =  '._('game in progess');
 146         echo '<span class="gamestatusover "><a>N</a> </span> = '._('game over (N people played the same hand)').' <br />';
 147         echo ' '._("Reminder: canceling a game can't be reversed!");
 148         echo "</p>\n";
 149
 150         /* get all games */
 151         $output = array();
 152         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
 153                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
 154                            " G.session".
 155                            " FROM Hand".
 156                            " LEFT JOIN Game G ON G.id=Hand.game_id".
 157                            " WHERE user_id='$myid'".
 158                            " ORDER BY G.session,G.create_date" );
 159
 160         /* sort into active and passive sessions */
 161         $count   = 0; /* count number of games to check for beginner status */
 162         $session = -1;
 163         $maxgame =  0;
 164         $output_active   = "";
 165         $output_inactive = "";
 166         $sessionoutput   = "";
 167         $gameoutput      = "";
 168         $keep_going = 2;
 169         while( $keep_going )
 170           {
 171             /* get next element */
 172             $r = DB_fetch_array($result);
 173
 174             if($r)
 175               $count++;
 176             else
 177               {
 178                 /* need to run the while loop one more time when we run out of elements in the database */
 179                 $keep_going--;
 180                 $r[0] = NULL;
 181                 $r[1] = NULL;
 182                 $r[2] = NULL;
 183                 $r[3] = NULL;
 184                 $r[4] = NULL;
 185                 $r[5] = NULL;
 186                 $r[6] = -2;
 187               }
 188             if( $r[6]==$session )
 189               {
 190                 /* same session, update information */
 191                 $maxgame++;
 192                 $myhash        = $r[0];
 193                 $gameid        = $r[1];
 194                 $gamemoddate   = $r[2];
 195                 $userid        = $r[3];
 196                 $gamestatus    = $r[4];
 197                 $gamefrequence = $r[5];
 198
 199                 /* create output */
 200                 $sessionoutput .= $gameoutput;
 201                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 202                   .$gamefrequence."</a></span>\n";
 203               }
 204             else
 205               { /* new session */
 206
 207                 /* output old session if available */
 208                 if($maxgame)
 209                   {
 210                     /* is session active? */
 211                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
 212                       {
 213                         $output_active .= "<li> ";
 214                         if($gamestatus == 'pre')
 215                           $output_active .= '<span class="gamestatuspre gameid">';
 216                         else if($gamestatus == 'play')
 217                           $output_active .= '<span class="gamestatusplay gameid">';
 218                         else
 219                           $output_active .= '<span class="gamestatusover gameid">';
 220                         $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
 221                           DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
 222
 223
 224
 225                         /* who's turn is it? */
 226                         if( $gamestatus == 'pre' || $gamestatus == 'play')
 227                           {
 228                             $output_active .= '<span class="turn">';
 229                             if($userid==$myid || !$userid)
 230                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
 231                             else
 232                               {
 233                                 $name = DB_get_name('userid',$userid);
 234
 235                                 /* check vacaction status of this user */
 236                                 if($vacation=check_vacation($userid))
 237                                   {
 238                                     $stop = substr($vacation[1],0,10);
 239                                     $title = 'begin:'.substr($vacation[0],0,10).' end:'.$vacation[1].' '.$vacation[2];
 240                                     $output_active .= " <span class=\"vacation\" title=\"$title\">$name's (on vacation until $stop)</span> turn\n";
 241                                   }
 242                                 else
 243                                   $output_active .= "$name's turn\n";
 244
 245                                 /* check if we need to send out a reminder */
 246                                 if(DB_get_reminder($userid,$gameid)==0)
 247                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
 248                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
 249
 250                               };
 251                             $output_active .= '</span>';
 252
 253                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
 254                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">Cancel?</a> ";
 255                           }
 256
 257                         if($maxgame>1)
 258                           {
 259                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
 260                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
 261                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
 262                           }
 263
 264                         $output_active .= "</li>\n";
 265
 266                       }
 267                     else
 268                       {
 269                         /* session is not active anymore */
 270                         $output_inactive .= "<li> $session:" ;
 271                         $output_inactive .= $sessionoutput.$gameoutput ;
 272                         $output_inactive .= "</li>\n";
 273                       }
 274
 275                     /* reset all session variables */
 276                     $maxgame =  0;
 277                     $sessionoutput = "";
 278                     $gameoutput    = "";
 279
 280                   }
 281
 282                 /* save game information */
 283                 $maxgame++;
 284                 $myhash        = $r[0];
 285                 $gameid        = $r[1];
 286                 $gamemoddate   = $r[2];
 287                 $userid        = $r[3];
 288                 $gamestatus    = $r[4];
 289                 $gamefrequence = $r[5];
 290                 $session       = $r[6];
 291
 292                 /* create output */
 293                 $sessionoutput .= $gameoutput;
 294                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 295                   .$gamefrequence."</a></span>\n";
 296
 297               }
 298           }
 299
 300         echo "<ul>\n ";
 301         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
 302         echo $output_active;
 303         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
 304         echo "</ul>\n";
 305
 306         /* give a hint for new players */
 307         if($count<10)
 308           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 309
 310         /* display last 5 users that have signed up to e-DoKo */
 311         $names = DB_get_names_of_new_logins(5);
 312         echo '<h4>'._('New Players').":</h4>\n<p>\n";
 313         echo implode(", ",$names).",...\n";
 314         echo "</p>\n";
 315
 316         /* display last 5 users that logged on */
 317         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
 318
 319         $names  = DB_get_names_of_last_logins(7);
 320         $emails = DB_get_emails_of_last_logins(7);
 321         for($i=0;$i<7;$i++)
 322           {
 323             echo "<img class=\"gravatar\" title=\"".$names[$i]."\" src=\"http://www.gravatar.com/avatar/".md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
 324           }
 325         echo "</p>\n";
 326
 327         echo "</div>\n";
 328       }
 329     else
 330       {
 331         echo '<div class="message">'."Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>.".' </div>';
 332       }
 333   };
 334 ?>