include/user.php

   1 <?php
   2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
   3  *
   4  *   This file is part of e-DoKo.
   5  *
   6  *   e-DoKo is free software: you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation, either version 3 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   e-DoKo is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 /* make sure that we are not called from outside the scripts,
  22  * use a variable defined in config.php to check this
  23  */
  24 if(!isset($HOST))
  25   exit;
  26
  27 /* test id and password, should really be done in one step */
  28 if(isset($_SESSION['id']))
  29   {
  30     $myid = $_SESSION['id'];
  31     $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid)."");
  32     if($r)
  33       {
  34         $email     = $r[0];
  35         $password  = $r[1];
  36       };
  37   };
  38
  39 global  $ADMIN_NAME;
  40
  41 /* user has forgotten his password */
  42 if(myisset('forgot'))
  43   {
  44     /* check if player is in the database */
  45     $ok = 1;
  46
  47     $myid = DB_get_userid('email',$email);
  48     if(!$myid)
  49       $ok = 0;
  50
  51     if($ok)
  52       {
  53         set_language($myid,'uid');
  54
  55         /* check how many entries in recovery table */
  56         $number = DB_get_number_of_passwords_recovery($myid);
  57
  58         /* if less than N recent ones, add a new one and send out email */
  59         if( $number < 5 )
  60           {
  61             echo _('Ok, I will send you a new password.').' <br />';
  62             if($number >1)
  63               echo sprintf(_("N.B. You tried this already %s times during the last day and it will only work".
  64                              " 5 times during a day."),$number)."<br />\n";
  65             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
  66             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
  67
  68             /* create temporary password, use the fist 8 letters of a md5 hash */
  69             $TIME  = (string) time(); /* to avoid collisions */
  70             $rndstring = sha1(rand()); /* add some randomness */
  71             $hash  = md5('Anewpassword'.$email.$TIME.$rndstring);
  72             $newpw = substr($hash,1,8);
  73
  74             $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
  75               "You can use this email and the following password:\n".
  76               "   %s\n".
  77               "to log into the server. The new password is valid for 24h, so make\n".
  78               "sure you reset your password to something new. Your old password will\n".
  79               "also still be valid until you set a new one.\n"), $newpw);
  80             mymail($myid,0, GAME_RECOVERY, $message);
  81
  82             /* we save these in the database */
  83             DB_set_recovery_password($myid,md5($newpw));
  84           }
  85         else
  86           {
  87             /* make it so that people (or a robot) can request thousands of passwords within a short time
  88              * and spam a user this way */
  89             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
  90                    'You need to use one of those passwords or wait to get a new one.').'<br />';
  91             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
  92           }
  93       }
  94     else
  95       {/* can't find user id in the database */
  96
  97         /* no email given? */
  98         if($email=="")
  99           echo _('You need to give me an email address!')." <br />".
 100             sprintf(_('Please try <a href="%s">again</a>.'),$INDEX);
 101         else /* default error message */
 102           echo _("Couldn't find a player with this email!")."<br />".
 103             sprintf(_('Please contact %s, if you think this is a mistake '.
 104                       'or else try <a href="%s">again</a>.'),$ADMIN_NAME, $INDEX );
 105       }
 106   }
 107 else
 108   { /* normal user page */
 109
 110     /* verify password and email */
 111     $ok  = 1;
 112     if(isset($email, $password))
 113       {
 114         $myid = DB_get_userid('email-password',$email,$password);
 115         if(!$myid)
 116           $ok = 0;
 117       }
 118     else
 119       $ok = 0;
 120
 121     if($ok)
 122       {
 123         /* user information is ok */
 124         $myname = DB_get_name('email',$email);
 125         $_SESSION['name'] = $myname;
 126
 127         $PREF = DB_get_PREF($myid);
 128         /* set language chosen in preferences, will become active on the next reload (see index.php)*/
 129         $_SESSION['language'] = $PREF['language'];
 130         set_language($PREF['language']);
 131
 132         DB_update_user_timestamp($myid);
 133
 134         display_user_menu($myid);
 135
 136         /* display all games the user has played */
 137         echo '<div class="user">';
 138
 139         if($myvacation = check_vacation($myid))
 140           {
 141             $vac_start   = $myvacation[0];
 142             $vac_stop    = $myvacation[1];
 143             $vac_comment = $myvacation[2];
 144             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).")." ".
 145               _("Between $vac_start and $vac_stop other users will see the following message: $vac_comment.")."</p>\n";
 146           }
 147
 148         echo '<h4>'._('These are your games').":</h4>\n";
 149         /* output legend */
 150         echo "<p>\n";
 151         echo ' <span class="gamestatuspre"> &nbsp; </span> &nbsp;'._('pre-game phase');
 152         echo ' <span class="gamestatusplay"> &nbsp; </span> &nbsp;'._('game in progess');
 153         echo ' <span class="gamestatusover "><a>N</a> </span> &nbsp;'._('game over (N people played this hand)').' <br />';
 154         echo ' '._("Reminder: canceling a game can't be reversed!");
 155         echo "</p>\n";
 156
 157         /* get all games */
 158         $output = array();
 159         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
 160                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
 161                            " G.session".
 162                            " FROM Hand".
 163                            " LEFT JOIN Game G ON G.id=Hand.game_id".
 164                            " WHERE user_id=".DB_quote_smart($myid).
 165                            " ORDER BY G.session,G.create_date" );
 166
 167         /* sort into active and passive sessions */
 168         $count   = 0; /* count number of games to check for beginner status */
 169         $session = -1;
 170         $maxgame =  0;
 171         $output_active   = "";
 172         $output_inactive = "";
 173         $sessionoutput   = "";
 174         $gameoutput      = "";
 175         $keep_going = 2;
 176         while( $keep_going )
 177           {
 178             /* get next element */
 179             $r = DB_fetch_array($result);
 180
 181             if($r)
 182               $count++;
 183             else
 184               {
 185                 /* need to run the while loop one more time when we run out of elements in the database */
 186                 $keep_going--;
 187                 $r[0] = NULL;
 188                 $r[1] = NULL;
 189                 $r[2] = NULL;
 190                 $r[3] = NULL;
 191                 $r[4] = NULL;
 192                 $r[5] = NULL;
 193                 $r[6] = -2;
 194               }
 195             if( $r[6]==$session )
 196               {
 197                 /* same session, update information */
 198                 $maxgame++;
 199                 $myhash        = $r[0];
 200                 $gameid        = $r[1];
 201                 $gamemoddate   = $r[2];
 202                 $userid        = $r[3];
 203                 $gamestatus    = $r[4];
 204                 $gamefrequence = $r[5];
 205
 206                 /* create output */
 207                 $sessionoutput .= $gameoutput;
 208                 $gameoutput     = "  <a class=\"gamestatusover\" href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 209                   .$gamefrequence."</a>\n";
 210               }
 211             else
 212               { /* new session */
 213
 214                 /* output old session if available */
 215                 if($maxgame)
 216                   {
 217                     /* is session active? */
 218                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
 219                       {
 220                         $output_active .= "<li> ";
 221                         if($gamestatus == 'pre')
 222                           $class= 'class="gamestatuspre gameid"';
 223                         else if($gamestatus == 'play')
 224                           $class= 'class="gamestatusplay gameid"';
 225                         else
 226                           $class= 'class="gamestatusover gameid"';
 227                         $output_active .= "<a $class href=\"$INDEX?action=game&amp;me=$myhash\">".
 228                           DB_format_gameid($gameid).'</a>&nbsp;&nbsp;&nbsp;';
 229
 230
 231
 232                         /* who's turn is it? */
 233                         if( $gamestatus == 'pre' || $gamestatus == 'play')
 234                           {
 235                             $output_active .= '<span class="turn">';
 236                             if($userid==$myid || !$userid)
 237                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
 238                             else
 239                               {
 240                                 $name = DB_get_name('userid',$userid);
 241
 242                                 /* check vacaction status of this user */
 243                                 if($vacation=check_vacation($userid))
 244                                   {
 245                                     $stop = substr($vacation[1],0,10);
 246                                     $title = _('begin:').substr($vacation[0],0,10).' '._('end:').$vacation[1].' '.$vacation[2];
 247                                     $output_active .= " <span class=\"vacation\" title=\"$title\">".
 248                                       sprintf(_("%s's turn"),$name).' '._("(on vacation until $stop)")."</span>\n";
 249                                   }
 250                                 else
 251                                   $output_active .= sprintf(_("%s's turn"),$name)."\n";
 252
 253                                 /* check if we need to send out a reminder */
 254                                 if(DB_get_reminder($userid,$gameid)==0)
 255                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
 256                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
 257
 258                               };
 259                             $output_active .= '</span>';
 260
 261                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
 262                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">"._('Cancel?').'</a> ';
 263                           }
 264
 265                         if($maxgame>1)
 266                           {
 267                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
 268                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
 269                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
 270                           }
 271
 272                         $output_active .= "</li>\n";
 273
 274                       }
 275                     else
 276                       {
 277                         /* session is not active anymore */
 278                         $output_inactive .= "<li> $session:" ;
 279                         $output_inactive .= $sessionoutput.$gameoutput ;
 280                         $output_inactive .= "</li>\n";
 281                       }
 282
 283                     /* reset all session variables */
 284                     $maxgame =  0;
 285                     $sessionoutput = "";
 286                     $gameoutput    = "";
 287
 288                   }
 289
 290                 /* save game information */
 291                 $maxgame++;
 292                 $myhash        = $r[0];
 293                 $gameid        = $r[1];
 294                 $gamemoddate   = $r[2];
 295                 $userid        = $r[3];
 296                 $gamestatus    = $r[4];
 297                 $gamefrequence = $r[5];
 298                 $session       = $r[6];
 299
 300                 /* create output */
 301                 $sessionoutput .= $gameoutput;
 302                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 303                   .$gamefrequence."</a></span>\n";
 304
 305               }
 306           }
 307
 308         echo "<ul>\n ";
 309         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
 310         echo $output_active;
 311         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
 312         echo "</ul>\n";
 313
 314         /* give a hint for new players */
 315         if($count<10)
 316           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 317
 318         /* display last 5 users that have signed up to e-DoKo within the 45 days */
 319         $names = DB_get_names_of_new_logins(5);
 320         if ($names)
 321           {
 322             echo '<h4>'._('New Player(s)').":</h4>\n<p>\n";
 323             echo implode(", ",$names).",...\n";
 324             echo "</p>\n";
 325           };
 326
 327         /* display last 5 users that logged on */
 328         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
 329
 330         $names  = DB_get_names_of_last_logins(7);
 331         $emails = DB_get_emails_of_last_logins(7);
 332         for($i=0;$i<7;$i++)
 333           {
 334             echo '<img class="gravatar" title="'.$names[$i].
 335               '" src="https://www.gravatar.com/avatar/'.
 336               md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
 337           }
 338         echo "</p>\n";
 339
 340         echo "</div>\n";
 341       }
 342     else
 343       {
 344         echo '<div class="message">'."\n";
 345         echo  sprintf(_("Sorry email and password don't match. Please <a href=\"%s\">try again</a>."),$INDEX);
 346         echo '</div>'."\n";
 347       }
 348   };
 349 ?>