include/user.php

   1 <?php
   2 /* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
   3  *
   4  *   This file is part of e-DoKo.
   5  *
   6  *   e-DoKo is free software: you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation, either version 3 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   e-DoKo is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 /* make sure that we are not called from outside the scripts,
  22  * use a variable defined in config.php to check this
  23  */
  24 if(!isset($HOST))
  25   exit;
  26
  27 /* test id and password, should really be done in one step */
  28 if(!isset($_SESSION['name']))
  29   {
  30     $email     = $_REQUEST['email'];
  31     $password  = $_REQUEST['password'];
  32   }
  33 else
  34   {
  35     $name = $_SESSION['name'];
  36     $email     = DB_get_email('name',$name);
  37     $password  = DB_get_passwd_by_name($name);
  38   };
  39
  40 global  $ADMIN_NAME;
  41
  42 /* user has forgotten his password */
  43 if(myisset('forgot'))
  44   {
  45     /* check if player is in the database */
  46     $ok = 1;
  47
  48     $myid = DB_get_userid('email',$email);
  49     if(!$myid)
  50       $ok = 0;
  51
  52     if($ok)
  53       {
  54         /* check how many entries in recovery table */
  55         $number = DB_get_number_of_passwords_recovery($myid);
  56
  57         /* if less than N recent ones, add a new one and send out email */
  58         if( $number < 5 )
  59           {
  60             echo _('Ok, I will send you a new password.').' <br />';
  61             if($number >1)
  62               echo "N.B. You tried this already $number times during the last day and it will only work ".
  63                 " 5 times during a day.<br />";
  64             echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
  65             echo "Back to the  <a href=\"$INDEX\">main page</a>.";
  66
  67             /* create temporary password, use the fist 8 letters of a md5 hash */
  68             $TIME  = (string) time(); /* to avoid collisions */
  69             $hash  = md5('Anewpassword'.$email.$TIME);
  70             $newpw = substr($hash,1,8);
  71
  72             $message = "Someone (hopefully you) requested a new password. \n".
  73               "You can use this email and the following password: \n".
  74               "   $newpw    \n".
  75               "to log into the server. The new password is valid for 24h, so make\n".
  76               "sure you reset your password to something new. Your old password will\n".
  77               "also still be valid until you set a new one.\n";
  78             $subject = 'Recovery';
  79             mymail($myid,$subject,$message);
  80
  81             /* we save these in the database */
  82             DB_set_recovery_password($myid,md5($newpw));
  83           }
  84         else
  85           {
  86             /* make it so that people (or a robot) can request thousands of passwords within a short time
  87              * and spam a user this way */
  88             echo _('Sorry you already tried 5 times during the last 24h.<br />'.
  89                    'You need to use one of those passwords or wait to get a new one.').'<br />';
  90             echo "Back to the <a href=\"$INDEX\">main page</a>.";
  91           }
  92       }
  93     else
  94       {/* can't find user id in the database */
  95
  96         /* no email given? */
  97         if($email=="")
  98           echo "You need to give me an email address! <br />".
  99             "Please try <a href=\"$INDEX\">again</a>.";
 100         else /* default error message */
 101           echo "Couldn't find a player with this email! <br />".
 102             "Please contact $ADMIN_NAME, if you think this is a mistake <br />".
 103             "or else try <a href=\"$INDEX\">again</a>.";
 104       }
 105   }
 106 else
 107   { /* normal user page */
 108
 109     /* verify password and email */
 110     if(strlen($password)!=32)
 111       $password = md5($password);
 112
 113     $ok  = 1;
 114     $myid = DB_get_userid('email-password',$email,$password);
 115     if(!$myid)
 116       $ok = 0;
 117
 118     if($ok)
 119       {
 120         /* user information is ok */
 121         $myname = DB_get_name('email',$email);
 122         $_SESSION['name'] = $myname;
 123
 124         $PREF = DB_get_PREF($myid);
 125
 126         DB_update_user_timestamp($myid);
 127
 128         display_user_menu($myid);
 129
 130         /* display all games the user has played */
 131         echo '<div class="user">';
 132
 133         if($myvacation = check_vacation($myid))
 134           {
 135             $vac_start   = $myvacation[0];
 136             $vac_stop    = $myvacation[1];
 137             $vac_comment = $myvacation[2];
 138             echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).").
 139               " Between $vac_start and $vac_stop other users will see the following message: $vac_comment.</p>\n";
 140           }
 141
 142         echo '<h4>'._('These are all your games').":</h4>\n";
 143         /* output legend */
 144         echo '<p>'._('Games').": \n";
 145         echo '<span class="gamestatuspre"> &nbsp; </span> =  '._('pre-game phase');
 146         echo '<span class="gamestatusplay"> &nbsp; </span> =  '._('game in progess');
 147         echo '<span class="gamestatusover "><a>N</a> </span> = '._('game over (N people played the same hand)').' <br />';
 148         echo ' '._("Reminder: canceling a game can't be reversed!");
 149         echo "</p>\n";
 150
 151         /* get all games */
 152         $output = array();
 153         $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ".
 154                            " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ".
 155                            " G.session".
 156                            " FROM Hand".
 157                            " LEFT JOIN Game G ON G.id=Hand.game_id".
 158                            " WHERE user_id='$myid'".
 159                            " ORDER BY G.session,G.create_date" );
 160
 161         /* sort into active and passive sessions */
 162         $count   = 0; /* count number of games to check for beginner status */
 163         $session = -1;
 164         $maxgame =  0;
 165         $output_active   = "";
 166         $output_inactive = "";
 167         $sessionoutput   = "";
 168         $gameoutput      = "";
 169         $keep_going = 2;
 170         while( $keep_going )
 171           {
 172             /* get next element */
 173             $r = DB_fetch_array($result);
 174
 175             if($r)
 176               $count++;
 177             else
 178               {
 179                 /* need to run the while loop one more time when we run out of elements in the database */
 180                 $keep_going--;
 181                 $r[0] = NULL;
 182                 $r[1] = NULL;
 183                 $r[2] = NULL;
 184                 $r[3] = NULL;
 185                 $r[4] = NULL;
 186                 $r[5] = NULL;
 187                 $r[6] = -2;
 188               }
 189             if( $r[6]==$session )
 190               {
 191                 /* same session, update information */
 192                 $maxgame++;
 193                 $myhash        = $r[0];
 194                 $gameid        = $r[1];
 195                 $gamemoddate   = $r[2];
 196                 $userid        = $r[3];
 197                 $gamestatus    = $r[4];
 198                 $gamefrequence = $r[5];
 199
 200                 /* create output */
 201                 $sessionoutput .= $gameoutput;
 202                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 203                   .$gamefrequence."</a></span>\n";
 204               }
 205             else
 206               { /* new session */
 207
 208                 /* output old session if available */
 209                 if($maxgame)
 210                   {
 211                     /* is session active? */
 212                     if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 )
 213                       {
 214                         $output_active .= "<li> ";
 215                         if($gamestatus == 'pre')
 216                           $output_active .= '<span class="gamestatuspre gameid">';
 217                         else if($gamestatus == 'play')
 218                           $output_active .= '<span class="gamestatusplay gameid">';
 219                         else
 220                           $output_active .= '<span class="gamestatusover gameid">';
 221                         $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
 222                           DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
 223
 224
 225
 226                         /* who's turn is it? */
 227                         if( $gamestatus == 'pre' || $gamestatus == 'play')
 228                           {
 229                             $output_active .= '<span class="turn">';
 230                             if($userid==$myid || !$userid)
 231                               $output_active .= ' <strong>'._('your turn')."</strong>\n";
 232                             else
 233                               {
 234                                 $name = DB_get_name('userid',$userid);
 235
 236                                 /* check vacaction status of this user */
 237                                 if($vacation=check_vacation($userid))
 238                                   {
 239                                     $stop = substr($vacation[1],0,10);
 240                                     $title = 'begin:'.substr($vacation[0],0,10).' end:'.$vacation[1].' '.$vacation[2];
 241                                     $output_active .= " <span class=\"vacation\" title=\"$title\">$name's (on vacation until $stop)</span> turn\n";
 242                                   }
 243                                 else
 244                                   $output_active .= "$name's turn\n";
 245
 246                                 /* check if we need to send out a reminder */
 247                                 if(DB_get_reminder($userid,$gameid)==0)
 248                                   if(time()-strtotime($gamemoddate) > 60*60*24*7)
 249                                     $output_active .= "<a href=\"$INDEX?action=reminder&amp;me=".$myhash."\">"._('Send a reminder?').'</a> ';
 250
 251                               };
 252                             $output_active .= '</span>';
 253
 254                             if(time()-strtotime($gamemoddate) > 60*60*24*30)
 255                               $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">Cancel?</a> ";
 256                           }
 257
 258                         if($maxgame>1)
 259                           {
 260                             $output_active .= ' <span class="gamesshowsession"><a href="#">'._('show old').'</a></span>'.
 261                               '  <span class="gameshidesession"><a href="#">'._('hide old').'</a></span><br />'."\n";
 262                             $output_active .= ' <span class="gamessession">'.$sessionoutput.'</span>';
 263                           }
 264
 265                         $output_active .= "</li>\n";
 266
 267                       }
 268                     else
 269                       {
 270                         /* session is not active anymore */
 271                         $output_inactive .= "<li> $session:" ;
 272                         $output_inactive .= $sessionoutput.$gameoutput ;
 273                         $output_inactive .= "</li>\n";
 274                       }
 275
 276                     /* reset all session variables */
 277                     $maxgame =  0;
 278                     $sessionoutput = "";
 279                     $gameoutput    = "";
 280
 281                   }
 282
 283                 /* save game information */
 284                 $maxgame++;
 285                 $myhash        = $r[0];
 286                 $gameid        = $r[1];
 287                 $gamemoddate   = $r[2];
 288                 $userid        = $r[3];
 289                 $gamestatus    = $r[4];
 290                 $gamefrequence = $r[5];
 291                 $session       = $r[6];
 292
 293                 /* create output */
 294                 $sessionoutput .= $gameoutput;
 295                 $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
 296                   .$gamefrequence."</a></span>\n";
 297
 298               }
 299           }
 300
 301         echo "<ul>\n ";
 302         echo ' <li><span class="gameshowall"><a href="#">'._('show all').'</a></span> <span class="gamehideall"><a href="#">'._('hide all')."</a></span></li>\n";
 303         echo $output_active;
 304         echo ' <li><span class="gamesshowsession"><a href="#">'._('show inactive').'</a></span><span class="gameshidesession"><a href="#">'._('hide inactive').'</a></span><ul class="gamessession">'."$output_inactive </ul></li>";
 305         echo "</ul>\n";
 306
 307         /* give a hint for new players */
 308         if($count<10)
 309           echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 310
 311         /* display last 5 users that have signed up to e-DoKo */
 312         $names = DB_get_names_of_new_logins(5);
 313         echo '<h4>'._('New Players').":</h4>\n<p>\n";
 314         echo implode(", ",$names).",...\n";
 315         echo "</p>\n";
 316
 317         /* display last 5 users that logged on */
 318         echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
 319
 320         $names  = DB_get_names_of_last_logins(7);
 321         $emails = DB_get_emails_of_last_logins(7);
 322         for($i=0;$i<7;$i++)
 323           {
 324             echo "<img class=\"gravatar\" title=\"".$names[$i]."\" src=\"http://www.gravatar.com/avatar/".md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
 325           }
 326         echo "</p>\n";
 327
 328         echo "</div>\n";
 329       }
 330     else
 331       {
 332         echo '<div class="message">'."Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>.".' </div>';
 333       }
 334   };
 335 ?>