BUGFIX: fix error when user is not logged in, but tries to access his home page
[e-DoKo.git] / include / user.php
1 <?php
2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
3  *
4  *   This file is part of e-DoKo.
5  *
6  *   e-DoKo is free software: you can redistribute it and/or modify
7  *   it under the terms of the GNU General Public License as published by
8  *   the Free Software Foundation, either version 3 of the License, or
9  *   (at your option) any later version.
10  *
11  *   e-DoKo is distributed in the hope that it will be useful,
12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *   GNU General Public License for more details.
15  *
16  *   You should have received a copy of the GNU General Public License
17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20
21 /* make sure that we are not called from outside the scripts,
22  * use a variable defined in config.php to check this
23  */
24 if(!isset($HOST))
25   exit;
26
27 /* test id and password, should really be done in one step */
28 if(isset($_SESSION['name']))
29   {
30     $name = $_SESSION['name'];
31     $email     = DB_get_email('name',$name);
32     $password  = DB_get_passwd_by_name($name);
33   };
34
35 global  $ADMIN_NAME;
36
37 /* user has forgotten his password */
38 if(myisset('forgot'))
39   {
40     /* check if player is in the database */
41     $ok = 1;
42
43     $myid = DB_get_userid('email',$email);
44     if(!$myid)
45       $ok = 0;
46
47     if($ok)
48       {
49         /* check how many entries in recovery table */
50         $number = DB_get_number_of_passwords_recovery($myid);
51
52         /* if less than N recent ones, add a new one and send out email */
53         if( $number < 5 )
54           {
55             echo _('Ok, I will send you a new password.').' <br />';
56             if($number >1)
57               echo "N.B. You tried this already $number times during the last day and it will only work ".
58                 " 5 times during a day.<br />";
59             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
60             echo "Back to the  <a href=\"$INDEX\">main page</a>.";
61
62             /* create temporary password, use the fist 8 letters of a md5 hash */
63             $TIME  = (string) time(); /* to avoid collisions */
64             $hash  = md5('Anewpassword'.$email.$TIME);
65             $newpw = substr($hash,1,8);
66
67             $message = "Someone (hopefully you) requested a new password. \n".
68               "You can use this email and the following password: \n".
69               "   $newpw    \n".
70               "to log into the server. The new password is valid for 24h, so make\n".
71               "sure you reset your password to something new. Your old password will\n".
72               "also still be valid until you set a new one.\n";
73             mymail($myid,0, GAME_RECOVERY, $message);
74
75             /* we save these in the database */
76             DB_set_recovery_password($myid,md5($newpw));
77           }
78         else
79           {
80             /* make it so that people (or a robot) can request thousands of passwords within a short time
81              * and spam a user this way */
82             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
83                    'You need to use one of those passwords or wait to get a new one.').'<br />';
84             echo "Back to the <a href=\"$INDEX\">main page</a>.";
85           }
86       }
87     else
88       {/* can't find user id in the database */
89
90         /* no email given? */
91         if($email=="")
92           echo "You need to give me an email address! <br />".
93             "Please try <a href=\"$INDEX\">again</a>.";
94         else /* default error message */
95           echo "Couldn't find a player with this email! <br />".
96             "Please contact $ADMIN_NAME, if you think this is a mistake <br />".
97             "or else try <a href=\"$INDEX\">again</a>.";
98       }
99   }
100 else
101   { /* normal user page */
102
103     /* verify password and email */
104     $ok  = 1;
105     if(isset($email, $password))
106       {
107         $myid = DB_get_userid('email-password',$email,$password);
108         if(!$myid)
109           $ok = 0;
110       }
111     else
112       $ok = 0;
113
114     if($ok)
115       {
116         /* user information is ok */
117         $myname = DB_get_name('email',$email);
118         $_SESSION['name'] = $myname;
119
120         $PREF = DB_get_PREF($myid);
121         /* set language chosen in preferences, will become active on the next reload (see index.php)*/
122         $_SESSION['language'] = $PREF['language'];
123
124         DB_update_user_timestamp($myid);
125
126         display_user_menu($myid);
127
128         /* display all games the user has played */
129         echo '<div class="user">';
130
131         if($myvacation = check_vacation($myid))
132           {
133             $vac_start   = $myvacation[0];
134             $vac_stop    = $myvacation[1];
135             $vac_comment = $myvacation[2];
136             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).").
137               " Between $vac_start and $vac_stop other users will see the following message: $vac_comment.</p>\n";
138           }
139
140         echo '<h4>'._('These are your games').":</h4>\n";
141         /* output legend */
142         echo "<p>\n";
143         echo ' <span class="gamestatuspre"> &nbsp; </span> &nbsp;'._('pre-game phase');
144         echo ' <span class="gamestatusplay"> &nbsp; </span> &nbsp;'._('game in progess');
145         echo ' <span class="gamestatusover "><a>N</a> </span> &nbsp;'._('game over (N people played this hand)').' <br />';
146         echo ' '._("Reminder: canceling a game can't be reversed!");
147         echo "</p>\n";
148
149         /* get all games */
150         $output = array();
151         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
152                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
153                            " G.session".
154                            " FROM Hand".
155                            " LEFT JOIN Game G ON G.id=Hand.game_id".
156                            " WHERE user_id='$myid'".
157                            " ORDER BY G.session,G.create_date" );
158
159         /* sort into active and passive sessions */
160         $count   = 0; /* count number of games to check for beginner status */
161         $session = -1;
162         $maxgame =  0;
163         $output_active   = "";
164         $output_inactive = "";
165         $sessionoutput   = "";
166         $gameoutput      = "";
167         $keep_going = 2;
168         while( $keep_going )
169           {
170             /* get next element */
171             $r = DB_fetch_array($result);
172
173             if($r)
174               $count++;
175             else
176               {
177                 /* need to run the while loop one more time when we run out of elements in the database */
178                 $keep_going--;
179                 $r[0] = NULL;
180                 $r[1] = NULL;
181                 $r[2] = NULL;
182                 $r[3] = NULL;
183                 $r[4] = NULL;
184                 $r[5] = NULL;
185                 $r[6] = -2;
186               }
187             if( $r[6]==$session )
188               {
189                 /* same session, update information */
190                 $maxgame++;
191                 $myhash        = $r[0];
192                 $gameid        = $r[1];
193                 $gamemoddate   = $r[2];
194                 $userid        = $r[3];
195                 $gamestatus    = $r[4];
196                 $gamefrequence = $r[5];
197
198                 /* create output */
199                 $sessionoutput .= $gameoutput;
200                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
201                   .$gamefrequence."</a></span>\n";
202               }
203             else
204               { /* new session */
205
206                 /* output old session if available */
207                 if($maxgame)
208                   {
209                     /* is session active? */
210                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
211                       {
212                         $output_active .= "<li> ";
213                         if($gamestatus == 'pre')
214                           $output_active .= '<span class="gamestatuspre gameid">';
215                         else if($gamestatus == 'play')
216                           $output_active .= '<span class="gamestatusplay gameid">';
217                         else
218                           $output_active .= '<span class="gamestatusover gameid">';
219                         $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
220                           DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
221
222
223
224                         /* who's turn is it? */
225                         if( $gamestatus == 'pre' || $gamestatus == 'play')
226                           {
227                             $output_active .= '<span class="turn">';
228                             if($userid==$myid || !$userid)
229                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
230                             else
231                               {
232                                 $name = DB_get_name('userid',$userid);
233
234                                 /* check vacaction status of this user */
235                                 if($vacation=check_vacation($userid))
236                                   {
237                                     $stop = substr($vacation[1],0,10);
238                                     $title = 'begin:'.substr($vacation[0],0,10).' end:'.$vacation[1].' '.$vacation[2];
239                                     $output_active .= " <span class=\"vacation\" title=\"$title\">$name's (on vacation until $stop)</span> turn\n";
240                                   }
241                                 else
242                                   $output_active .= "$name's turn\n";
243
244                                 /* check if we need to send out a reminder */
245                                 if(DB_get_reminder($userid,$gameid)==0)
246                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
247                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
248
249                               };
250                             $output_active .= '</span>';
251
252                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
253                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">Cancel?</a> ";
254                           }
255
256                         if($maxgame>1)
257                           {
258                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
259                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
260                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
261                           }
262
263                         $output_active .= "</li>\n";
264
265                       }
266                     else
267                       {
268                         /* session is not active anymore */
269                         $output_inactive .= "<li> $session:" ;
270                         $output_inactive .= $sessionoutput.$gameoutput ;
271                         $output_inactive .= "</li>\n";
272                       }
273
274                     /* reset all session variables */
275                     $maxgame =  0;
276                     $sessionoutput = "";
277                     $gameoutput    = "";
278
279                   }
280
281                 /* save game information */
282                 $maxgame++;
283                 $myhash        = $r[0];
284                 $gameid        = $r[1];
285                 $gamemoddate   = $r[2];
286                 $userid        = $r[3];
287                 $gamestatus    = $r[4];
288                 $gamefrequence = $r[5];
289                 $session       = $r[6];
290
291                 /* create output */
292                 $sessionoutput .= $gameoutput;
293                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
294                   .$gamefrequence."</a></span>\n";
295
296               }
297           }
298
299         echo "<ul>\n ";
300         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
301         echo $output_active;
302         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
303         echo "</ul>\n";
304
305         /* give a hint for new players */
306         if($count<10)
307           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
308
309         /* display last 5 users that have signed up to e-DoKo */
310         $names = DB_get_names_of_new_logins(5);
311         echo '<h4>'._('New Players').":</h4>\n<p>\n";
312         echo implode(", ",$names).",...\n";
313         echo "</p>\n";
314
315         /* display last 5 users that logged on */
316         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
317
318         $names  = DB_get_names_of_last_logins(7);
319         $emails = DB_get_emails_of_last_logins(7);
320         for($i=0;$i<7;$i++)
321           {
322             echo "<img class=\"gravatar\" title=\"".$names[$i]."\" src=\"http://www.gravatar.com/avatar/".md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
323           }
324         echo "</p>\n";
325
326         echo "</div>\n";
327       }
328     else
329       {
330         echo '<div class="message">'."Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>.".' </div>';
331       }
332   };
333 ?>