include_once("db.php"); /* database only */
include_once("functions.php"); /* the rest */
-/* check if some variables are set in the config file, else set defaults */
-if(!isset($EmailName))
- $EmailName="[DoKo] ";
-if(isset($EMAIL_REPLY))
- {
- ini_set("sendmail_from",$EMAIL_REPLY);
- }
-if(!isset($ADMIN_NAME))
- {
- output_header();
- echo "<h1>Setup not completed</h1>";
- echo "You need to set \$ADMIN_NAME in config.php.";
- output_footer();
- exit();
- }
-if(!isset($ADMIN_EMAIL))
- {
- output_header();
- echo "<h1>Setup not completed</h1>";
- echo "You need to set \$ADMIN_EMAIL in config.php. ".
- "If something goes wrong an email will send to this address.";
- output_footer();
- exit();
- }
-
-/* in case work has to be done on the database or other section we can
- * shut down the server and tell people to come back later
- */
-if(0)
- {
- output_header();
- echo "Working on the database...please check back in a few mintues";
- output_footer();
- exit();
- }
+config_check();
if(DB_open()<0)
{
exit();
}
+/* start a session, if it is not already running */
+session_start();
+
/* done major error checking, output header of HTML page */
output_header();
/* check if we want to start a new game */
-if(myisset("new"))
+if(myisset("logout"))
+ {
+ session_unset();
+ session_destroy();
+ $_SESSION = array();
+ echo "you are now logged out!";
+ }
+else if(myisset("new"))
{
$names = DB_get_all_names();
output_form_for_new_game($names);
/* get some information from the DB */
$gameid = DB_get_gameid_by_hash($me);
$myname = DB_get_name_by_hash($me);
-
+
/* check if game really is old enough */
$result = mysql_query("SELECT mod_date from Game WHERE id='$gameid' " );
$r = mysql_fetch_array($result,MYSQL_NUM);
exit();
}
+ if(isset($_SESSION["name"]))
+ output_status($_SESSION["name"]);
+
/* the user had done something, update the timestamp */
DB_update_user_timestamp($myid);
display_link_card($card,$PREF["cardset"]);
}
- if( can_call(120,$me) )
- echo " re/contra (120):".
- " <input type=\"radio\" name=\"call120\" value=\"yes\" /> ";
- if( can_call(90,$me) )
- echo " 90:".
- " <input type=\"radio\" name=\"call90\" value=\"yes\" /> ";
- if( can_call(60,$me) )
- echo " 60:".
- " <input type=\"radio\" name=\"call60\" value=\"yes\" /> ";
- if( can_call(30,$me) )
- echo " 30:".
- " <input type=\"radio\" name=\"call30\" value=\"yes\" /> ";
- if( can_call(0,$me) )
- echo " 0:".
- " <input type=\"radio\" name=\"call0\" value=\"yes\" /> ".
- " no call:".
- " <input type=\"radio\" name=\"call0\" value=\"no\" /> ";
-
+ output_form_calls($me);
+
echo "<br />\nA short comment:<input name=\"comment\" type=\"text\" size=\"30\" maxlength=\"100\" />\n";
echo "<input type=\"hidden\" name=\"me\" value=\"$me\" />\n";
echo "<input type=\"submit\" value=\"submit\" />\n";
display_card($card,$PREF["cardset"]);
echo "<form action=\"index.php?me=$me\" method=\"post\">\n";
+ output_form_calls($me);
echo "<br />\nA short comment:<input name=\"comment\" type=\"text\" size=\"30\" maxlength=\"100\" />\n";
echo "<input type=\"hidden\" name=\"me\" value=\"$me\" />\n";
echo "<input type=\"submit\" value=\"submit\" />\n";
exit();
}
/* user status page */
- else if(myisset("email","password"))
+else if( myisset("email","password") || isset($_SESSION["name"]) )
{
/* test id and password, should really be done in one step */
- $email = $_REQUEST["email"];
- $password = $_REQUEST["password"];
+ if(!isset($_SESSION["name"]))
+ {
+ $email = $_REQUEST["email"];
+ $password = $_REQUEST["password"];
+ }
+ else
+ {
+ $name = $_SESSION["name"];
+ $email = DB_get_email_by_name($name);
+ $password = DB_get_passwd_by_name($name);
+ };
-
if(myisset("forgot"))
{
$ok = 1;
$ok = 1;
/* check if old password matches */
- if($password != md5($_REQUEST["password0"]))
+ $oldpasswd = md5($_REQUEST["password0"]);
+ if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
$ok = -1;
/* check if new passwords are types the same twice */
if($_REQUEST["password1"] != $_REQUEST["password2"] )
$offset = DB_get_user_timezone($uid);
$zone = return_timezone($offset);
date_default_timezone_set($zone);
+
+ $myname = DB_get_name_by_email($email);
+ $_SESSION["name"] = $myname;
+
+ if(isset($_SESSION["name"]))
+ output_status($_SESSION["name"]);
/* display links to settings */
output_user_settings($email,$password);
DB_close();
exit();
}
-/* page for registration */
- else if(myisset("register") )
- {
- output_register();
- }
-/* new user wants to register */
- else if(myisset("Rfullname","Remail","Rpassword","Rtimezone") )
- {
- $ok=1;
- if(DB_get_userid_by_name($_REQUEST["Rfullname"]))
- {
- echo "please chose another name<br />";
- $ok=0;
- }
- if(DB_get_userid_by_email($_REQUEST["Remail"]))
- {
- echo "this email address is already used ?!<br />";
- $ok=0;
- }
- if($ok)
- {
- $r=mysql_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL)");
-
- if($r)
- echo " added you to the database";
- else
- echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
- }
- }
/* default login page */
else
{
projects / e-DoKo.git / blobdiff