include/user.php

   1 <?php
   2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
   3  *
   4  *   This file is part of e-DoKo.
   5  *
   6  *   e-DoKo is free software: you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation, either version 3 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   e-DoKo is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 /* make sure that we are not called from outside the scripts,
  22  * use a variable defined in config.php to check this
  23  */
  24 if(!isset($HOST))
  25   exit;
  26
  27 /* test id and password, should really be done in one step */
  28 if(isset($_SESSION['id']))
  29   {
  30     $myid = $_SESSION['id'];
  31     $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid)."");
  32     if($r)
  33       {
  34         $email     = $r[0];
  35         $password  = $r[1];
  36       };
  37   };
  38
  39 global  $ADMIN_NAME;
  40
  41 /* user has forgotten his password */
  42 if(myisset('forgot'))
  43   {
  44     /* check if player is in the database */
  45     $ok = 1;
  46
  47     $myid = DB_get_userid('email',$email);
  48     if(!$myid)
  49       $ok = 0;
  50
  51     if($ok)
  52       {
  53         set_language($myid,'uid');
  54
  55         /* check how many entries in recovery table */
  56         $number = DB_get_number_of_passwords_recovery($myid);
  57
  58         /* if less than N recent ones, add a new one and send out email */
  59         if( $number < 5 )
  60           {
  61             echo _('Ok, I will send you a new password.').' <br />';
  62             if($number >1)
  63               echo sprintf(_("N.B. You tried this already %s times during the last day and it will only work".
  64                              " 5 times during a day."),$number)."<br />\n";
  65             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
  66             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
  67
  68             /* create temporary password, use the fist 8 letters of a md5 hash */
  69             $TIME  = (string) time(); /* to avoid collisions */
  70             $hash  = md5('Anewpassword'.$email.$TIME);
  71             $newpw = substr($hash,1,8);
  72
  73             $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
  74               "You can use this email and the following password:\n".
  75               "   %s\n".
  76               "to log into the server. The new password is valid for 24h, so make\n".
  77               "sure you reset your password to something new. Your old password will\n".
  78               "also still be valid until you set a new one.\n"), $newpw);
  79             mymail($myid,0, GAME_RECOVERY, $message);
  80
  81             /* we save these in the database */
  82             DB_set_recovery_password($myid,md5($newpw));
  83           }
  84         else
  85           {
  86             /* make it so that people (or a robot) can request thousands of passwords within a short time
  87              * and spam a user this way */
  88             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
  89                    'You need to use one of those passwords or wait to get a new one.').'<br />';
  90             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
  91           }
  92       }
  93     else
  94       {/* can't find user id in the database */
  95
  96         /* no email given? */
  97         if($email=="")
  98           echo _('You need to give me an email address!')." <br />".
  99             sprintf(_('Please try <a href="%s">again</a>.'),$INDEX);
 100         else /* default error message */
 101           echo _("Couldn't find a player with this email!")."<br />".
 102             sprintf(_('Please contact %s, if you think this is a mistake '.
 103                       'or else try <a href="%s">again</a>.'),$ADMIN_NAME, $INDEX );
 104       }
 105   }
 106 else
 107   { /* normal user page */
 108
 109     /* verify password and email */
 110     $ok  = 1;
 111     if(isset($email, $password))
 112       {
 113         $myid = DB_get_userid('email-password',$email,$password);
 114         if(!$myid)
 115           $ok = 0;
 116       }
 117     else
 118       $ok = 0;
 119
 120     if($ok)
 121       {
 122         /* user information is ok */
 123         $myname = DB_get_name('email',$email);
 124         $_SESSION['name'] = $myname;
 125
 126         $PREF = DB_get_PREF($myid);
 127         /* set language chosen in preferences, will become active on the next reload (see index.php)*/
 128         $_SESSION['language'] = $PREF['language'];
 129         set_language($PREF['language']);
 130
 131         DB_update_user_timestamp($myid);
 132
 133         display_user_menu($myid);
 134
 135         /* display all games the user has played */
 136         echo '<div class="user">';
 137
 138         if($myvacation = check_vacation($myid))
 139           {
 140             $vac_start   = $myvacation[0];
 141             $vac_stop    = $myvacation[1];
 142             $vac_comment = $myvacation[2];
 143             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).")." ".
 144               _("Between $vac_start and $vac_stop other users will see the following message: $vac_comment.")."</p>\n";
 145           }
 146
 147         echo '<h4>'._('These are your games').":</h4>\n";
 148         /* output legend */
 149         echo "<p>\n";
 150         echo ' <span class="gamestatuspre"> &nbsp; </span> &nbsp;'._('pre-game phase');
 151         echo ' <span class="gamestatusplay"> &nbsp; </span> &nbsp;'._('game in progess');
 152         echo ' <span class="gamestatusover "><a>N</a> </span> &nbsp;'._('game over (N people played this hand)').' <br />';
 153         echo ' '._("Reminder: canceling a game can't be reversed!");
 154         echo "</p>\n";
 155
 156         /* get all games */
 157         $output = array();
 158         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
 159                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
 160                            " G.session".
 161                            " FROM Hand".
 162                            " LEFT JOIN Game G ON G.id=Hand.game_id".
 163                            " WHERE user_id=".DB_quote_smart($myid).
 164                            " ORDER BY G.session,G.create_date" );
 165
 166         /* sort into active and passive sessions */
 167         $count   = 0; /* count number of games to check for beginner status */
 168         $session = -1;
 169         $maxgame =  0;
 170         $output_active   = "";
 171         $output_inactive = "";
 172         $sessionoutput   = "";
 173         $gameoutput      = "";
 174         $keep_going = 2;
 175         while( $keep_going )
 176           {
 177             /* get next element */
 178             $r = DB_fetch_array($result);
 179
 180             if($r)
 181               $count++;
 182             else
 183               {
 184                 /* need to run the while loop one more time when we run out of elements in the database */
 185                 $keep_going--;
 186                 $r[0] = NULL;
 187                 $r[1] = NULL;
 188                 $r[2] = NULL;
 189                 $r[3] = NULL;
 190                 $r[4] = NULL;
 191                 $r[5] = NULL;
 192                 $r[6] = -2;
 193               }
 194             if( $r[6]==$session )
 195               {
 196                 /* same session, update information */
 197                 $maxgame++;
 198                 $myhash        = $r[0];
 199                 $gameid        = $r[1];
 200                 $gamemoddate   = $r[2];
 201                 $userid        = $r[3];
 202                 $gamestatus    = $r[4];
 203                 $gamefrequence = $r[5];
 204
 205                 /* create output */
 206                 $sessionoutput .= $gameoutput;
 207                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 208                   .$gamefrequence."</a></span>\n";
 209               }
 210             else
 211               { /* new session */
 212
 213                 /* output old session if available */
 214                 if($maxgame)
 215                   {
 216                     /* is session active? */
 217                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
 218                       {
 219                         $output_active .= "<li> ";
 220                         if($gamestatus == 'pre')
 221                           $output_active .= '<span class="gamestatuspre gameid">';
 222                         else if($gamestatus == 'play')
 223                           $output_active .= '<span class="gamestatusplay gameid">';
 224                         else
 225                           $output_active .= '<span class="gamestatusover gameid">';
 226                         $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
 227                           DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
 228
 229
 230
 231                         /* who's turn is it? */
 232                         if( $gamestatus == 'pre' || $gamestatus == 'play')
 233                           {
 234                             $output_active .= '<span class="turn">';
 235                             if($userid==$myid || !$userid)
 236                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
 237                             else
 238                               {
 239                                 $name = DB_get_name('userid',$userid);
 240
 241                                 /* check vacaction status of this user */
 242                                 if($vacation=check_vacation($userid))
 243                                   {
 244                                     $stop = substr($vacation[1],0,10);
 245                                     $title = _('begin:').substr($vacation[0],0,10).' '._('end:').$vacation[1].' '.$vacation[2];
 246                                     $output_active .= " <span class=\"vacation\" title=\"$title\">".
 247                                       sprintf(_("%s's turn"),$name).' '._("(on vacation until $stop)")."</span>\n";
 248                                   }
 249                                 else
 250                                   $output_active .= sprintf(_("%s's turn"),$name)."\n";
 251
 252                                 /* check if we need to send out a reminder */
 253                                 if(DB_get_reminder($userid,$gameid)==0)
 254                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
 255                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
 256
 257                               };
 258                             $output_active .= '</span>';
 259
 260                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
 261                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">"._('Cancel?').'</a> ';
 262                           }
 263
 264                         if($maxgame>1)
 265                           {
 266                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
 267                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
 268                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
 269                           }
 270
 271                         $output_active .= "</li>\n";
 272
 273                       }
 274                     else
 275                       {
 276                         /* session is not active anymore */
 277                         $output_inactive .= "<li> $session:" ;
 278                         $output_inactive .= $sessionoutput.$gameoutput ;
 279                         $output_inactive .= "</li>\n";
 280                       }
 281
 282                     /* reset all session variables */
 283                     $maxgame =  0;
 284                     $sessionoutput = "";
 285                     $gameoutput    = "";
 286
 287                   }
 288
 289                 /* save game information */
 290                 $maxgame++;
 291                 $myhash        = $r[0];
 292                 $gameid        = $r[1];
 293                 $gamemoddate   = $r[2];
 294                 $userid        = $r[3];
 295                 $gamestatus    = $r[4];
 296                 $gamefrequence = $r[5];
 297                 $session       = $r[6];
 298
 299                 /* create output */
 300                 $sessionoutput .= $gameoutput;
 301                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 302                   .$gamefrequence."</a></span>\n";
 303
 304               }
 305           }
 306
 307         echo "<ul>\n ";
 308         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
 309         echo $output_active;
 310         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
 311         echo "</ul>\n";
 312
 313         /* give a hint for new players */
 314         if($count<10)
 315           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 316
 317         /* display last 5 users that have signed up to e-DoKo */
 318         $names = DB_get_names_of_new_logins(5);
 319         echo '<h4>'._('New Players').":</h4>\n<p>\n";
 320         echo implode(", ",$names).",...\n";
 321         echo "</p>\n";
 322
 323         /* display last 5 users that logged on */
 324         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
 325
 326         $names  = DB_get_names_of_last_logins(7);
 327         $emails = DB_get_emails_of_last_logins(7);
 328         for($i=0;$i<7;$i++)
 329           {
 330             echo '<img class="gravatar" title="'.$names[$i].
 331               '" src="http://www.gravatar.com/avatar/'.
 332               md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
 333           }
 334         echo "</p>\n";
 335
 336         echo "</div>\n";
 337       }
 338     else
 339       {
 340         echo '<div class="message">'."\n";
 341         echo  sprintf(_("Sorry email and password don't match. Please <a href=\"%s\">try again</a>."),$INDEX);
 342         echo '</div>'."\n";
 343       }
 344   };
 345 ?>