2 /* make sure that we are not called from outside the scripts,
3 * use a variable defined in config.php to check this
8 /* test id and password, should really be done in one step */
9 if(!isset($_SESSION["name"]))
11 $email = $_REQUEST["email"];
12 $password = $_REQUEST["password"];
16 $name = $_SESSION["name"];
17 $email = DB_get_email('name',$name);
18 $password = DB_get_passwd_by_name($name);
21 /* user has forgotten his password */
24 /* check if player is in the database */
27 $myid = DB_get_userid('email',$email);
33 /* check how many entries in recovery table */
34 $number = DB_get_number_of_passwords_recovery($myid);
36 /* if less than N recent ones, add a new one and send out email */
39 echo "Ok, I send you a new password. <br />";
41 echo "N.B. You tried this already $number times during the last day and it will only work ".
42 " 5 times during a day.<br />";
43 echo "The new password will be valid for one day, make sure you reset it to something else.<br />";
44 echo "Back to the <a href=\"$INDEX\">main page</a>.";
46 /* create temporary password, use the fist 8 letters of a md5 hash */
47 $TIME = (string) time(); /* to avoid collisions */
48 $hash = md5("Anewpassword".$email.$TIME);
49 $newpw = substr($hash,1,8);
51 $message = "Someone (hopefully you) requested a new password. \n".
52 "You can use this email and the following password: \n".
54 "to log into the server. The new password is valid for 24h, so make\n".
55 "sure you reset your password to something new. Your old password will\n".
56 "also still be valid until you set a new one.\n";
57 $subject = 'Recovery';
58 mymail($myid,$subject,$message);
60 /* we save these in the database */
61 DB_set_recovery_password($myid,md5($newpw));
65 /* make it so that people (or a robot) can request thousands of passwords within a short time
66 * and spam a user this way */
67 echo "Sorry you already tried 5 times during the last 24h.<br />".
68 "You need to use one of those passwords or wait to get a new one.<br />";
69 echo "Back to the <a href=\"$INDEX\">main page</a>.";
73 {/* can't find user id in the database */
77 echo "You need to give me an email address! <br />".
78 "Please try <a href=\"$INDEX\">again</a>.";
79 else /* default error message */
80 echo "Couldn't find a player with this email! <br />".
81 "Please contact Arun, if you think this is a mistake <br />".
82 "or else try <a href=\"$INDEX\">again</a>.";
86 { /* normal user page */
88 /* verify password and email */
89 if(strlen($password)!=32)
90 $password = md5($password);
93 $myid = DB_get_userid('email-password',$email,$password);
99 /* user information is ok */
100 $myname = DB_get_name('email',$email);
101 $_SESSION["name"] = $myname;
103 $PREF = DB_get_PREF($myid);
105 DB_update_user_timestamp($myid);
107 display_user_menu($myid);
109 /* display all games the user has played */
110 echo "<div class=\"user\">";
112 if($myvacation = check_vacation($myid))
114 $vac_start = $myvacation[0];
115 $vac_stop = $myvacation[1];
116 $vac_comment = $myvacation[2];
117 echo "<p class=\"vacation\">Enjoy your vacation (don't forgot to change your settings once you're back). Between $vac_start and $vac_stop other users will see the following message: $vac_comment.</p>\n";
120 echo "<h4>These are all your games:</h4>\n";
122 echo "<p>Session: <br />\n";
123 echo "<span class=\"gamestatuspre\"> p </span> = pre-game phase ";
124 echo "<span class=\"gamestatusplay\">P </span> = game in progess ";
125 echo "<span class=\"gamestatusover\">E </span> = game ended ";
126 echo "<span class=\"gamestatusover multi\"><a>N</a> </span> = N games with same hand <br />";
130 $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
131 " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count ".
133 " LEFT JOIN Game G ON G.id=Hand.game_id".
134 " WHERE user_id='$myid'".
135 " ORDER BY G.session,G.create_date" );
139 echo "<table>\n <tr><td>\n";
140 while( $r = DB_fetch_array($result))
143 $game = DB_format_gameid($r[1]);
144 $gamenr = (int) $game;
145 if($gamenrold < $gamenr)
148 echo "</td></tr>\n <tr> <td>$gamenr:</td>\n";
150 echo "$gamenr:</td>\n";
151 $gamenrold = $gamenr;
152 echo "<td class=\"usergames\">\n";
154 $Multi = ($r[5]>1) ? "multi" : "";
156 echo " <span class=\"gamestatuspre $Multi\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">p </a></span>\n";
157 else if (in_array($r[4],array('gameover','cancel-timedout','cancel-nines','cancel-noplay','cancel-trump')))
159 echo " <span class=\"gamestatusover $Multi\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">";
164 echo "</a></span>\n";
167 echo " <span class=\"gamestatusplay $Multi\"><a href=\"".$INDEX."?action=game&me=".$r[0]."\">P </a></span>\n";
168 if($r[4] == 'pre' || $r[4] == 'play')
170 echo "</td>\n<td>\n ";
171 if($r[3]==$myid || !$r[3])
172 echo "(it's <strong>your</strong> turn)\n";
175 $name = DB_get_name('userid',$r[3]);
177 /* check if we need to send out a reminder */
178 if(DB_get_reminder($r[3],$gameid)==0)
179 if(time()-strtotime($r[2]) > 60*60*24*7)
180 echo "<a href=\"$INDEX?action=reminder&me=".$r[0]."\">Send a reminder.</a>";
182 /* check vacaction status of this user */
183 if($vacation=check_vacation($r[3]))
185 $stop = substr($vacation[1],0,10);
186 $title = 'begin:'.substr($vacation[0],0,10).' end:'.$vacation[1].' '.$vacation[2];
187 echo "(it's <span class=\"vacation\" title=\"$title\">$name's (on vacation until $stop)</span> turn)\n";
190 echo "(it's $name's turn)\n";
192 if(time()-strtotime($r[2]) > 60*60*24*30)
193 echo "<a href=\"$INDEX?action=cancel&me=".$r[0]."\">Cancel?</a> ";
196 echo "</td></tr>\n</table>\n";
198 /* give a hint for new players */
200 echo "<p class=\"newbiehint\">You can start new games using the link in the top right corner!</p>\n";
202 /* display last 5 users that have signed up to e-DoKo */
203 $names = DB_get_names_of_new_logins(5);
204 echo "<h4>New Players:</h4>\n<p>\n";
205 echo implode(", ",$names).",...\n";
208 /* display last 5 users that logged on */
209 echo "<h4>Players last logged in:</h4>\n<p>\n";
211 $names = DB_get_names_of_last_logins(7);
212 $emails = DB_get_emails_of_last_logins(7);
215 echo "<img class=\"gravatar\" title=\"".$names[$i]."\" src=\"http://www.gravatar.com/avatar/".md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
223 echo "<div class=\"message\">Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>. </div>";