- else
- { /* normal user page */
-
-
- /* verify password and email */
- if(strlen($password)!=32)
- $password = md5($password);
-
- $ok = 1;
- $myid = DB_get_userid('email-password',$email,$password);
- if(!$myid)
- $ok = 0;
-
- if($ok)
- {
- /* user information is ok */
- $myname = DB_get_name('email',$email);
- $_SESSION["name"] = $myname;
- output_status();
-
- DB_get_PREF($myid);
-
- /* does the user want to change some preferences? */
- if(myisset("setpref"))
- {
- $setpref=$_REQUEST["setpref"];
- switch($setpref)
- {
- case "germancards":
- case "englishcards":
- $result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='cardset'" );
- if( DB_fetch_array($result))
- $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
- " WHERE user_id='$myid' AND pref_key='cardset'" );
- else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
- DB_quote_smart($setpref).")");
- echo "Ok, changed you preferences for the cards.\n";
- break;
- case "emailaddict":
- case "emailnonaddict":
- $result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='email'" );
- if( DB_fetch_array($result))
- $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
- " WHERE user_id='$myid' AND pref_key='email'" );
- else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
- DB_quote_smart($setpref).")");
- echo "Ok, changed you preferences for sending out emails.\n";
- break;
- }
- }
- /* user wants to change his password or request a temporary one */
- else if(myisset("passwd"))
- {
- if( $_REQUEST["passwd"]=="ask" )
- {
- /* reset password form*/
- output_password_recovery($email,$password);
- }
- else if($_REQUEST["passwd"]=="set")
- {
- /* reset password */
- $ok = 1;
-
- /* check if old password matches */
- $oldpasswd = md5($_REQUEST["password0"]);
- if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
- $ok = -1;
- /* check if new passwords are types the same twice */
- if($_REQUEST["password1"] != $_REQUEST["password2"] )
- $ok = -2;
-
- switch($ok)
- {
- case '-2':
- echo "The new passwords don't match. <br />";
- break;
- case '-1':
- echo "The old password is not correct. <br />";
- break;
- case '1':
- echo "Changed the password.<br />";
- DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
- "' WHERE id=".DB_quote_smart($myid));
- break;
- }
- /* set password */
- }
- }
- else /* output default user page */
- {
- /* display links to settings */
- output_user_settings();
-
- DB_update_user_timestamp($myid);
-
- display_user_menu();
-
- /* display all games the user has played */
- echo "<div class=\"user\">";
- echo "<h4>These are all your games:</h4>\n";
- echo "<p>Session: <br />\n";
- echo "<span class=\"gamestatuspre\"> p </span> = pre-game phase ";
- echo "<span class=\"gamestatusplay\">P </span> = game in progess ";
- echo "<span class=\"gamestatusover\">F </span> = game finished <br />";
- echo "</p>\n";