BUGFIX: fix mysql insert statements (null values for timestamps didn't work anymore)
[e-DoKo.git] / include / user.php
1 <?php
2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
3  *
4  *   This file is part of e-DoKo.
5  *
6  *   e-DoKo is free software: you can redistribute it and/or modify
7  *   it under the terms of the GNU General Public License as published by
8  *   the Free Software Foundation, either version 3 of the License, or
9  *   (at your option) any later version.
10  *
11  *   e-DoKo is distributed in the hope that it will be useful,
12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *   GNU General Public License for more details.
15  *
16  *   You should have received a copy of the GNU General Public License
17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20
21 /* make sure that we are not called from outside the scripts,
22  * use a variable defined in config.php to check this
23  */
24 if(!isset($HOST))
25   exit;
26
27 /* test id and password, should really be done in one step */
28 if(isset($_SESSION['id']))
29   {
30     $myid = $_SESSION['id'];
31     $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid)."");
32     if($r)
33       {
34         $email     = $r[0];
35         $password  = $r[1];
36       };
37   };
38
39 global  $ADMIN_NAME;
40
41 /* user has forgotten his password */
42 if(myisset('forgot'))
43   {
44     /* check if player is in the database */
45     $ok = 1;
46
47     $myid = DB_get_userid('email',$email);
48     if(!$myid)
49       $ok = 0;
50
51     if($ok)
52       {
53         set_language($myid,'uid');
54
55         /* check how many entries in recovery table */
56         $number = DB_get_number_of_passwords_recovery($myid);
57
58         /* if less than N recent ones, add a new one and send out email */
59         if( $number < 5 )
60           {
61             echo _('Ok, I will send you a new password.').' <br />';
62             if($number >1)
63               echo sprintf(_("N.B. You tried this already %s times during the last day and it will only work".
64                              " 5 times during a day."),$number)."<br />\n";
65             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
66             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
67
68             /* create temporary password, use the fist 8 letters of a md5 hash */
69             $TIME  = (string) time(); /* to avoid collisions */
70             $hash  = md5('Anewpassword'.$email.$TIME);
71             $newpw = substr($hash,1,8);
72
73             $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
74               "You can use this email and the following password:\n".
75               "   %s\n".
76               "to log into the server. The new password is valid for 24h, so make\n".
77               "sure you reset your password to something new. Your old password will\n".
78               "also still be valid until you set a new one.\n"), $newpw);
79             mymail($myid,0, GAME_RECOVERY, $message);
80
81             /* we save these in the database */
82             DB_set_recovery_password($myid,md5($newpw));
83           }
84         else
85           {
86             /* make it so that people (or a robot) can request thousands of passwords within a short time
87              * and spam a user this way */
88             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
89                    'You need to use one of those passwords or wait to get a new one.').'<br />';
90             echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
91           }
92       }
93     else
94       {/* can't find user id in the database */
95
96         /* no email given? */
97         if($email=="")
98           echo _('You need to give me an email address!')." <br />".
99             sprintf(_('Please try <a href="%s">again</a>.'),$INDEX);
100         else /* default error message */
101           echo _("Couldn't find a player with this email!")."<br />".
102             sprintf(_('Please contact %s, if you think this is a mistake '.
103                       'or else try <a href="%s">again</a>.'),$ADMIN_NAME, $INDEX );
104       }
105   }
106 else
107   { /* normal user page */
108
109     /* verify password and email */
110     $ok  = 1;
111     if(isset($email, $password))
112       {
113         $myid = DB_get_userid('email-password',$email,$password);
114         if(!$myid)
115           $ok = 0;
116       }
117     else
118       $ok = 0;
119
120     if($ok)
121       {
122         /* user information is ok */
123         $myname = DB_get_name('email',$email);
124         $_SESSION['name'] = $myname;
125
126         $PREF = DB_get_PREF($myid);
127         /* set language chosen in preferences, will become active on the next reload (see index.php)*/
128         $_SESSION['language'] = $PREF['language'];
129         set_language($PREF['language']);
130
131         DB_update_user_timestamp($myid);
132
133         display_user_menu($myid);
134
135         /* display all games the user has played */
136         echo '<div class="user">';
137
138         if($myvacation = check_vacation($myid))
139           {
140             $vac_start   = $myvacation[0];
141             $vac_stop    = $myvacation[1];
142             $vac_comment = $myvacation[2];
143             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).")." ".
144               _("Between $vac_start and $vac_stop other users will see the following message: $vac_comment.")."</p>\n";
145           }
146
147         echo '<h4>'._('These are your games').":</h4>\n";
148         /* output legend */
149         echo "<p>\n";
150         echo ' <span class="gamestatuspre"> &nbsp; </span> &nbsp;'._('pre-game phase');
151         echo ' <span class="gamestatusplay"> &nbsp; </span> &nbsp;'._('game in progess');
152         echo ' <span class="gamestatusover "><a>N</a> </span> &nbsp;'._('game over (N people played this hand)').' <br />';
153         echo ' '._("Reminder: canceling a game can't be reversed!");
154         echo "</p>\n";
155
156         /* get all games */
157         $output = array();
158         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
159                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
160                            " G.session".
161                            " FROM Hand".
162                            " LEFT JOIN Game G ON G.id=Hand.game_id".
163                            " WHERE user_id=".DB_quote_smart($myid).
164                            " ORDER BY G.session,G.create_date" );
165
166         /* sort into active and passive sessions */
167         $count   = 0; /* count number of games to check for beginner status */
168         $session = -1;
169         $maxgame =  0;
170         $output_active   = "";
171         $output_inactive = "";
172         $sessionoutput   = "";
173         $gameoutput      = "";
174         $keep_going = 2;
175         while( $keep_going )
176           {
177             /* get next element */
178             $r = DB_fetch_array($result);
179
180             if($r)
181               $count++;
182             else
183               {
184                 /* need to run the while loop one more time when we run out of elements in the database */
185                 $keep_going--;
186                 $r[0] = NULL;
187                 $r[1] = NULL;
188                 $r[2] = NULL;
189                 $r[3] = NULL;
190                 $r[4] = NULL;
191                 $r[5] = NULL;
192                 $r[6] = -2;
193               }
194             if( $r[6]==$session )
195               {
196                 /* same session, update information */
197                 $maxgame++;
198                 $myhash        = $r[0];
199                 $gameid        = $r[1];
200                 $gamemoddate   = $r[2];
201                 $userid        = $r[3];
202                 $gamestatus    = $r[4];
203                 $gamefrequence = $r[5];
204
205                 /* create output */
206                 $sessionoutput .= $gameoutput;
207                 $gameoutput     = "  <a class=\"gamestatusover\" href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
208                   .$gamefrequence."</a>\n";
209               }
210             else
211               { /* new session */
212
213                 /* output old session if available */
214                 if($maxgame)
215                   {
216                     /* is session active? */
217                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
218                       {
219                         $output_active .= "<li> ";
220                         if($gamestatus == 'pre')
221                           $class= 'class="gamestatuspre gameid"';
222                         else if($gamestatus == 'play')
223                           $class= 'class="gamestatusplay gameid"';
224                         else
225                           $class= 'class="gamestatusover gameid"';
226                         $output_active .= "<a $class href=\"$INDEX?action=game&amp;me=$myhash\">".
227                           DB_format_gameid($gameid).'</a>&nbsp;&nbsp;&nbsp;';
228
229
230
231                         /* who's turn is it? */
232                         if( $gamestatus == 'pre' || $gamestatus == 'play')
233                           {
234                             $output_active .= '<span class="turn">';
235                             if($userid==$myid || !$userid)
236                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
237                             else
238                               {
239                                 $name = DB_get_name('userid',$userid);
240
241                                 /* check vacaction status of this user */
242                                 if($vacation=check_vacation($userid))
243                                   {
244                                     $stop = substr($vacation[1],0,10);
245                                     $title = _('begin:').substr($vacation[0],0,10).' '._('end:').$vacation[1].' '.$vacation[2];
246                                     $output_active .= " <span class=\"vacation\" title=\"$title\">".
247                                       sprintf(_("%s's turn"),$name).' '._("(on vacation until $stop)")."</span>\n";
248                                   }
249                                 else
250                                   $output_active .= sprintf(_("%s's turn"),$name)."\n";
251
252                                 /* check if we need to send out a reminder */
253                                 if(DB_get_reminder($userid,$gameid)==0)
254                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
255                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
256
257                               };
258                             $output_active .= '</span>';
259
260                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
261                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">"._('Cancel?').'</a> ';
262                           }
263
264                         if($maxgame>1)
265                           {
266                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
267                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
268                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
269                           }
270
271                         $output_active .= "</li>\n";
272
273                       }
274                     else
275                       {
276                         /* session is not active anymore */
277                         $output_inactive .= "<li> $session:" ;
278                         $output_inactive .= $sessionoutput.$gameoutput ;
279                         $output_inactive .= "</li>\n";
280                       }
281
282                     /* reset all session variables */
283                     $maxgame =  0;
284                     $sessionoutput = "";
285                     $gameoutput    = "";
286
287                   }
288
289                 /* save game information */
290                 $maxgame++;
291                 $myhash        = $r[0];
292                 $gameid        = $r[1];
293                 $gamemoddate   = $r[2];
294                 $userid        = $r[3];
295                 $gamestatus    = $r[4];
296                 $gamefrequence = $r[5];
297                 $session       = $r[6];
298
299                 /* create output */
300                 $sessionoutput .= $gameoutput;
301                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
302                   .$gamefrequence."</a></span>\n";
303
304               }
305           }
306
307         echo "<ul>\n ";
308         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
309         echo $output_active;
310         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
311         echo "</ul>\n";
312
313         /* give a hint for new players */
314         if($count<10)
315           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
316
317         /* display last 5 users that have signed up to e-DoKo within the 45 days */
318         $names = DB_get_names_of_new_logins(5);
319         if ($names)
320           {
321             echo '<h4>'._('New Player(s)').":</h4>\n<p>\n";
322             echo implode(", ",$names).",...\n";
323             echo "</p>\n";
324           };
325
326         /* display last 5 users that logged on */
327         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
328
329         $names  = DB_get_names_of_last_logins(7);
330         $emails = DB_get_emails_of_last_logins(7);
331         for($i=0;$i<7;$i++)
332           {
333             echo '<img class="gravatar" title="'.$names[$i].
334               '" src="http://www.gravatar.com/avatar/'.
335               md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
336           }
337         echo "</p>\n";
338
339         echo "</div>\n";
340       }
341     else
342       {
343         echo '<div class="message">'."\n";
344         echo  sprintf(_("Sorry email and password don't match. Please <a href=\"%s\">try again</a>."),$INDEX);
345         echo '</div>'."\n";
346       }
347   };
348 ?>