fix error when language is not set
[e-DoKo.git] / include / user.php
index 6169495e1c54b6fd0ef7e309e06947993bb20283..5142918fbb9188dd564831c82d377cf6577a8d45 100644 (file)
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -25,11 +25,15 @@ if(!isset($HOST))
   exit;
 
 /* test id and password, should really be done in one step */
-if(isset($_SESSION['name']))
+if(isset($_SESSION['id']))
   {
-    $name = $_SESSION['name'];
-    $email     = DB_get_email('name',$name);
-    $password  = DB_get_passwd_by_name($name);
+    $myid = $_SESSION['id'];
+    $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid)."");
+    if($r)
+      {
+       $email     = $r[0];
+       $password  = $r[1];
+      };
   };
 
 global  $ADMIN_NAME;
@@ -63,7 +67,8 @@ if(myisset('forgot'))
 
            /* create temporary password, use the fist 8 letters of a md5 hash */
            $TIME  = (string) time(); /* to avoid collisions */
-           $hash  = md5('Anewpassword'.$email.$TIME);
+           $rndstring = sha1(rand()); /* add some randomness */
+           $hash  = md5('Anewpassword'.$email.$TIME.$rndstring);
            $newpw = substr($hash,1,8);
 
            $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
@@ -156,7 +161,7 @@ else
                           " G.session".
                           " FROM Hand".
                           " LEFT JOIN Game G ON G.id=Hand.game_id".
-                          " WHERE user_id='$myid'".
+                          " WHERE user_id=".DB_quote_smart($myid).
                           " ORDER BY G.session,G.create_date" );
 
        /* sort into active and passive sessions */
@@ -200,8 +205,8 @@ else
 
                /* create output */
                $sessionoutput .= $gameoutput;
-               $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
-                 .$gamefrequence."</a></span>\n";
+               $gameoutput     = "  <a class=\"gamestatusover\" href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
+                 .$gamefrequence."</a>\n";
              }
            else
              { /* new session */
@@ -214,13 +219,13 @@ else
                      {
                        $output_active .= "<li> ";
                        if($gamestatus == 'pre')
-                         $output_active .= '<span class="gamestatuspre gameid">';
+                         $class= 'class="gamestatuspre gameid"';
                        else if($gamestatus == 'play')
-                         $output_active .= '<span class="gamestatusplay gameid">';
+                         $class= 'class="gamestatusplay gameid"';
                        else
-                         $output_active .= '<span class="gamestatusover gameid">';
-                       $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
-                         DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
+                         $class= 'class="gamestatusover gameid"';
+                       $output_active .= "<a $class href=\"$INDEX?action=game&amp;me=$myhash\">".
+                         DB_format_gameid($gameid).'</a>&nbsp;&nbsp;&nbsp;';
 
 
 
@@ -310,11 +315,14 @@ else
        if($count<10)
          echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 
-       /* display last 5 users that have signed up to e-DoKo */
+       /* display last 5 users that have signed up to e-DoKo within the 45 days */
        $names = DB_get_names_of_new_logins(5);
-       echo '<h4>'._('New Players').":</h4>\n<p>\n";
-       echo implode(", ",$names).",...\n";
-       echo "</p>\n";
+        if ($names)
+         {
+           echo '<h4>'._('New Player(s)').":</h4>\n<p>\n";
+           echo implode(", ",$names).",...\n";
+           echo "</p>\n";
+         };
 
        /* display last 5 users that logged on */
        echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
@@ -324,7 +332,7 @@ else
        for($i=0;$i<7;$i++)
          {
            echo '<img class="gravatar" title="'.$names[$i].
-             '" src="http://www.gravatar.com/avatar/'.
+             '" src="https://www.gravatar.com/avatar/'.
              md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
          }
        echo "</p>\n";