fix error when language is not set
[e-DoKo.git] / include / user.php
index d486b0746b96021d1c9f6b79f83bb2e2227c889b..5142918fbb9188dd564831c82d377cf6577a8d45 100644 (file)
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -25,11 +25,15 @@ if(!isset($HOST))
   exit;
 
 /* test id and password, should really be done in one step */
-if(isset($_SESSION['name']))
+if(isset($_SESSION['id']))
   {
-    $name = $_SESSION['name'];
-    $email     = DB_get_email('name',$name);
-    $password  = DB_get_passwd_by_name($name);
+    $myid = $_SESSION['id'];
+    $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid)."");
+    if($r)
+      {
+       $email     = $r[0];
+       $password  = $r[1];
+      };
   };
 
 global  $ADMIN_NAME;
@@ -46,6 +50,8 @@ if(myisset('forgot'))
 
     if($ok)
       {
+       set_language($myid,'uid');
+
        /* check how many entries in recovery table */
        $number = DB_get_number_of_passwords_recovery($myid);
 
@@ -54,22 +60,23 @@ if(myisset('forgot'))
          {
            echo _('Ok, I will send you a new password.').' <br />';
            if($number >1)
-             echo "N.B. You tried this already $number times during the last day and it will only work ".
-               " 5 times during a day.<br />";
+             echo sprintf(_("N.B. You tried this already %s times during the last day and it will only work".
+                            " 5 times during a day."),$number)."<br />\n";
            echo _('The new password will be valid for one day, make sure you reset it to something else.').'<br />';
-           echo "Back to the  <a href=\"$INDEX\">main page</a>.";
+           echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
 
            /* create temporary password, use the fist 8 letters of a md5 hash */
            $TIME  = (string) time(); /* to avoid collisions */
-           $hash  = md5('Anewpassword'.$email.$TIME);
+           $rndstring = sha1(rand()); /* add some randomness */
+           $hash  = md5('Anewpassword'.$email.$TIME.$rndstring);
            $newpw = substr($hash,1,8);
 
-           $message = "Someone (hopefully you) requested a new password. \n".
-             "You can use this email and the following password: \n".
-             "   $newpw    \n".
+           $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
+             "You can use this email and the following password:\n".
+             "   %s\n".
              "to log into the server. The new password is valid for 24h, so make\n".
              "sure you reset your password to something new. Your old password will\n".
-             "also still be valid until you set a new one.\n";
+             "also still be valid until you set a new one.\n"), $newpw);
            mymail($myid,0, GAME_RECOVERY, $message);
 
            /* we save these in the database */
@@ -81,7 +88,7 @@ if(myisset('forgot'))
             * and spam a user this way */
            echo _('Sorry you already tried 5 times during the last 24h.<br />'.
                   'You need to use one of those passwords or wait to get a new one.').'<br />';
-           echo "Back to the <a href=\"$INDEX\">main page</a>.";
+           echo sprintf(_('Back to the <a href="%s">main page</a>.'),$INDEX);
          }
       }
     else
@@ -89,22 +96,26 @@ if(myisset('forgot'))
 
        /* no email given? */
        if($email=="")
-         echo "You need to give me an email address! <br />".
-           "Please try <a href=\"$INDEX\">again</a>.";
+         echo _('You need to give me an email address!')." <br />".
+           sprintf(_('Please try <a href="%s">again</a>.'),$INDEX);
        else /* default error message */
-         echo "Couldn't find a player with this email! <br />".
-           "Please contact $ADMIN_NAME, if you think this is a mistake <br />".
-           "or else try <a href=\"$INDEX\">again</a>.";
+         echo _("Couldn't find a player with this email!")."<br />".
+           sprintf(_('Please contact %s, if you think this is a mistake '.
+                     'or else try <a href="%s">again</a>.'),$ADMIN_NAME, $INDEX );
       }
   }
 else
   { /* normal user page */
 
     /* verify password and email */
-
     $ok  = 1;
-    $myid = DB_get_userid('email-password',$email,$password);
-    if(!$myid)
+    if(isset($email, $password))
+      {
+       $myid = DB_get_userid('email-password',$email,$password);
+        if(!$myid)
+         $ok = 0;
+      }
+    else
       $ok = 0;
 
     if($ok)
@@ -116,6 +127,7 @@ else
        $PREF = DB_get_PREF($myid);
        /* set language chosen in preferences, will become active on the next reload (see index.php)*/
        $_SESSION['language'] = $PREF['language'];
+       set_language($PREF['language']);
 
        DB_update_user_timestamp($myid);
 
@@ -129,8 +141,8 @@ else
            $vac_start   = $myvacation[0];
            $vac_stop    = $myvacation[1];
            $vac_comment = $myvacation[2];
-           echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).").
-             " Between $vac_start and $vac_stop other users will see the following message: $vac_comment.</p>\n";
+           echo '<p class="vacation">'._("Enjoy your vacation (don't forgot to change your settings once you're back).")." ".
+             _("Between $vac_start and $vac_stop other users will see the following message: $vac_comment.")."</p>\n";
          }
 
        echo '<h4>'._('These are your games').":</h4>\n";
@@ -149,7 +161,7 @@ else
                           " G.session".
                           " FROM Hand".
                           " LEFT JOIN Game G ON G.id=Hand.game_id".
-                          " WHERE user_id='$myid'".
+                          " WHERE user_id=".DB_quote_smart($myid).
                           " ORDER BY G.session,G.create_date" );
 
        /* sort into active and passive sessions */
@@ -193,8 +205,8 @@ else
 
                /* create output */
                $sessionoutput .= $gameoutput;
-               $gameoutput     = "   <span class=\"gamestatusover \"><a href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
-                 .$gamefrequence."</a></span>\n";
+               $gameoutput     = "  <a class=\"gamestatusover\" href=\"".$INDEX."?action=game&amp;me=".$myhash."\">"
+                 .$gamefrequence."</a>\n";
              }
            else
              { /* new session */
@@ -207,13 +219,13 @@ else
                      {
                        $output_active .= "<li> ";
                        if($gamestatus == 'pre')
-                         $output_active .= '<span class="gamestatuspre gameid">';
+                         $class= 'class="gamestatuspre gameid"';
                        else if($gamestatus == 'play')
-                         $output_active .= '<span class="gamestatusplay gameid">';
+                         $class= 'class="gamestatusplay gameid"';
                        else
-                         $output_active .= '<span class="gamestatusover gameid">';
-                       $output_active .= "<a href=\"$INDEX?action=game&amp;me=$myhash\">".
-                         DB_format_gameid($gameid).'</a></span>&nbsp;&nbsp;&nbsp;';
+                         $class= 'class="gamestatusover gameid"';
+                       $output_active .= "<a $class href=\"$INDEX?action=game&amp;me=$myhash\">".
+                         DB_format_gameid($gameid).'</a>&nbsp;&nbsp;&nbsp;';
 
 
 
@@ -231,11 +243,12 @@ else
                                if($vacation=check_vacation($userid))
                                  {
                                    $stop = substr($vacation[1],0,10);
-                                   $title = 'begin:'.substr($vacation[0],0,10).' end:'.$vacation[1].' '.$vacation[2];
-                                   $output_active .= " <span class=\"vacation\" title=\"$title\">$name's (on vacation until $stop)</span> turn\n";
+                                   $title = _('begin:').substr($vacation[0],0,10).' '._('end:').$vacation[1].' '.$vacation[2];
+                                   $output_active .= " <span class=\"vacation\" title=\"$title\">".
+                                     sprintf(_("%s's turn"),$name).' '._("(on vacation until $stop)")."</span>\n";
                                  }
                                else
-                                 $output_active .= "$name's turn\n";
+                                 $output_active .= sprintf(_("%s's turn"),$name)."\n";
 
                                /* check if we need to send out a reminder */
                                if(DB_get_reminder($userid,$gameid)==0)
@@ -246,7 +259,7 @@ else
                            $output_active .= '</span>';
 
                            if(time()-strtotime($gamemoddate) > 60*60*24*30)
-                             $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">Cancel?</a> ";
+                             $output_active .= "<a href=\"$INDEX?action=cancel&amp;me=".$myhash."\">"._('Cancel?').'</a> ';
                          }
 
                        if($maxgame>1)
@@ -302,11 +315,14 @@ else
        if($count<10)
          echo '<p class="newbiehint">'._('You can start new games using the link in the top right corner!')."</p>\n";
 
-       /* display last 5 users that have signed up to e-DoKo */
+       /* display last 5 users that have signed up to e-DoKo within the 45 days */
        $names = DB_get_names_of_new_logins(5);
-       echo '<h4>'._('New Players').":</h4>\n<p>\n";
-       echo implode(", ",$names).",...\n";
-       echo "</p>\n";
+        if ($names)
+         {
+           echo '<h4>'._('New Player(s)').":</h4>\n<p>\n";
+           echo implode(", ",$names).",...\n";
+           echo "</p>\n";
+         };
 
        /* display last 5 users that logged on */
        echo '<h4>'._('Players last logged in').":</h4>\n<p>\n";
@@ -315,7 +331,9 @@ else
        $emails = DB_get_emails_of_last_logins(7);
        for($i=0;$i<7;$i++)
          {
-           echo "<img class=\"gravatar\" title=\"".$names[$i]."\" src=\"http://www.gravatar.com/avatar/".md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
+           echo '<img class="gravatar" title="'.$names[$i].
+             '" src="https://www.gravatar.com/avatar/'.
+             md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
          }
        echo "</p>\n";
 
@@ -323,7 +341,9 @@ else
       }
     else
       {
-       echo '<div class="message">'."Sorry email and password don't match. Please <a href=\"$INDEX\">try again</a>.".' </div>';
+       echo '<div class="message">'."\n";
+       echo  sprintf(_("Sorry email and password don't match. Please <a href=\"%s\">try again</a>."),$INDEX);
+       echo '</div>'."\n";
       }
   };
 ?>
\ No newline at end of file