+ }
+/* user status page */
+else if( myisset("email","password") || isset($_SESSION["name"]) )
+ {
+ /* test id and password, should really be done in one step */
+ if(!isset($_SESSION["name"]))
+ {
+ $email = $_REQUEST["email"];
+ $password = $_REQUEST["password"];
+ }
+ else
+ {
+ $name = $_SESSION["name"];
+ $email = DB_get_email_by_name($name);
+ $password = DB_get_passwd_by_name($name);
+ };
+
+ if(myisset("forgot"))
+ {
+ $ok = 1;
+
+ $uid = DB_get_userid_by_email($email);
+ if(!$uid)
+ $ok = 0;
+
+ if($ok)
+ {
+ /* check how many entries in recovery table */
+ $number = DB_get_number_of_passwords_recovery($uid);
+
+ /* if less than N recent ones, add a new one and send out email */
+ if( $number < 5 )
+ {
+ echo "Ok, I send you a new password. <br />";
+ if($number >1)
+ echo "N.B. You tried this already $number times during the last day and it will only work ".
+ " 5 times during a day.<br />";
+ echo "The new password will be valid for one day, make sure you reset it to something else.<br />";
+ echo "Back to the <a href=\"$host\">main page</a>.";
+
+ $TIME = (string) time(); /* to avoid collisions */
+ $hash = md5("Anewpassword".$email.$TIME);
+ $newpw = substr($hash,1,8);
+
+ $message = "Someone (hopefully you) requested a new password. \n".
+ "You can use this email and the following password: \n".
+ " $newpw \n".
+ "to log into the server. The new password is valid for 24h, so make\n".
+ "sure you reset your password to something new. Your old password will\n".
+ " also still be valid until you set a new one\n";
+ mymail($email,$EmailName."recovery ",$message);
+
+ DB_set_recovery_password($uid,md5($newpw));
+ }
+ else
+ {
+ echo "Sorry you already tried 5 times during the last 24h.<br />".
+ "You need to use one of those passwords or wait to get a new one.<br />";
+ echo "Back to the <a href=\"$host\">main page</a>.";
+ }
+ }
+ else
+ {
+ if($email=="")
+ echo "You need to give me an email address! <br />".
+ "Please try <a href=\"$host\">again</a>.";
+ else
+ echo "Couldn't find a player with this email! <br />".
+ "Please contact Arun, if you think this is a mistake <br />".
+ "or else try <a href=\"$host\">again</a>.";
+ }
+ }
+ else
+ {
+ /* verify password and email */
+ if(strlen($password)!=32)
+ $password = md5($password);
+
+ $ok = 1;
+ $uid = DB_get_userid_by_email_and_password($email,$password);
+ if(!$uid)
+ $ok = 0;
+
+ if($ok)
+ {
+ DB_get_PREF($uid);
+
+ if(myisset("setpref"))
+ {
+ $setpref=$_REQUEST["setpref"];
+ switch($setpref)
+ {
+ case "germancards":
+ case "englishcards":
+ $result = mysql_query("SELECT * from User_Prefs".
+ " WHERE user_id='$uid' AND pref_key='cardset'" );
+ if( mysql_fetch_array($result,MYSQL_NUM))
+ $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
+ " WHERE user_id='$uid' AND pref_key='cardset'" );
+ else
+ $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','cardset',".
+ DB_quote_smart($setpref).")");
+ echo "Ok, changed you preferences for the cards.\n";
+ break;
+ }
+ }
+ else if(myisset("passwd"))
+ {
+ if( $_REQUEST["passwd"]=="ask" )
+ {
+ /* reset password form*/
+ output_password_recovery($email,$password);
+ }
+ else if($_REQUEST["passwd"]=="set")
+ {
+ /* reset password */
+ $ok = 1;
+
+ /* check if old password matches */
+ $oldpasswd = md5($_REQUEST["password0"]);
+ if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
+ $ok = -1;
+ /* check if new passwords are types the same twice */
+ if($_REQUEST["password1"] != $_REQUEST["password2"] )
+ $ok = -2;
+
+ switch($ok)
+ {
+ case '-2':
+ echo "The new passwords don't match. <br />";
+ break;
+ case '-1':
+ echo "The old password is not correct. <br />";
+ break;
+ case '1':
+ echo "Changed the password.<br />";
+ mysql_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+ "' WHERE id=".DB_quote_smart($uid));
+ break;
+ }
+ /* set password */
+ }
+ }
+ else /* output default user page */
+ {
+ $time = DB_get_user_timestamp($uid);
+ $unixtime = strtotime($time);
+
+ $offset = DB_get_user_timezone($uid);
+ $zone = return_timezone($offset);
+ date_default_timezone_set($zone);
+
+ $myname = DB_get_name_by_email($email);
+ $_SESSION["name"] = $myname;
+
+ if(isset($_SESSION["name"]))
+ output_status($_SESSION["name"]);
+
+ /* display links to settings */
+ output_user_settings($email,$password);
+
+ echo "last login: ".date("r",$unixtime)."<br />";
+
+ DB_update_user_timestamp($uid);
+
+ echo "<p>These are your games that haven't started yet:<br />\n";
+ $result = mysql_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player from Hand".
+ " LEFT JOIN Game On Hand.game_id=Game.id".
+ " WHERE Hand.user_id='$uid' AND Game.status='pre'" );
+ while( $r = mysql_fetch_array($result,MYSQL_NUM))
+ {
+ echo "<a href=\"".$host."?me=".$r[0]."\">game".DB_format_gameid($r[1])." </a>";
+ if($r[3]==$uid || $r[3]==NULL)
+ echo "(it's <strong>your</strong> turn)\n";
+ else
+ {
+ $name = DB_get_name_by_userid($r[3]);
+ echo "(it's $name's turn)\n";
+ };
+
+ if(time()-strtotime($r[2]) > 60*60*24*30)
+ echo " The game has been running for over a month.".
+ " Do you want to cancel it? <a href=\"$host?cancle=1&me=".$r[0]."\">yes</a>".
+ " (clicking here is final and can't be restored)";
+ echo "<br />";
+ }
+ echo "</p>\n";
+
+ echo "<p>These are the games you are playing in:<br />\n";
+ $result = mysql_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player from Hand".
+ " LEFT JOIN Game On Hand.game_id=Game.id".
+ " WHERE Hand.user_id='$uid' AND Game.status='play'" );
+ while( $r = mysql_fetch_array($result,MYSQL_NUM))
+ {
+ echo "<a href=\"".$host."?me=".$r[0]."\">game ".DB_format_gameid($r[1])." </a>";
+ if($r[3])
+ {
+ if($r[3]==$uid)
+ echo "(it's <strong>your</strong> turn)\n";
+ else
+ {
+ $name = DB_get_name_by_userid($r[3]);
+ echo "(it's $name's turn)\n";
+ };
+ }
+ if(time()-strtotime($r[2]) > 60*60*24*30)
+ echo " The game has been running for over a month.".
+ " Do you want to cancel it? <a href=\"$host?cancle=1&me=".$r[0]."\">yes</a>".
+ " (clicking here is final and can't be restored)";
+ echo "<br />";
+ }
+ echo "</p>\n";
+
+
+ echo "<p>And these are your games that are already done:<br />Game: \n";
+ $output = array();
+ $result = mysql_query("SELECT hash,game_id from Hand WHERE user_id='$uid' AND status='gameover'" );
+ while( $r = mysql_fetch_array($result,MYSQL_NUM))
+ $output[] = "<a href=\"".$host."?me=".$r[0]."\">".DB_format_gameid($r[1])." </a>";
+ echo implode(", ",$output)."</p>\n";
+
+ $names = DB_get_all_names();
+ echo "<p>Registered players:<br />\n";
+ echo implode(", ",$names)."\n";
+ echo "</p>\n";
+
+ echo "<p>Want to start a new game? Visit <a href=\"".$host."?new\">this page.</a></p>";
+ }
+ }
+ else
+ {
+ echo "Sorry email and password don't match. Please <a href=\"$host\">try again</a>. <br />";
+ }
+ };
+ output_footer();
+ DB_close();
+ exit();
+ }