X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fuser.php;h=5142918fbb9188dd564831c82d377cf6577a8d45;hp=00426aa03e503b51a907f396acd62036978bc93a;hb=a83ac7d982fa4f9d49ac3e6dedac8b489f2f7baa;hpb=9239ba22c382383cd258ad3f36b2bc0dc99664b2 diff --git a/include/user.php b/include/user.php index 00426aa..5142918 100644 --- a/include/user.php +++ b/include/user.php @@ -1,25 +1,45 @@ + * + * This file is part of e-DoKo. + * + * e-DoKo is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * e-DoKo is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with e-DoKo. If not, see . + * + */ + +/* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ if(!isset($HOST)) exit; /* test id and password, should really be done in one step */ -if(!isset($_SESSION["name"])) +if(isset($_SESSION['id'])) { - $email = $_REQUEST["email"]; - $password = $_REQUEST["password"]; - } - else - { - $name = $_SESSION["name"]; - $email = DB_get_email('name',$name); - $password = DB_get_passwd_by_name($name); - }; + $myid = $_SESSION['id']; + $r = DB_query_array("SELECT email,password FROM User WHERE id=".DB_quote_smart($myid).""); + if($r) + { + $email = $r[0]; + $password = $r[1]; + }; + }; + +global $ADMIN_NAME; /* user has forgotten his password */ -if(myisset("forgot")) +if(myisset('forgot')) { /* check if player is in the database */ $ok = 1; @@ -30,31 +50,34 @@ if(myisset("forgot")) if($ok) { + set_language($myid,'uid'); + /* check how many entries in recovery table */ $number = DB_get_number_of_passwords_recovery($myid); /* if less than N recent ones, add a new one and send out email */ if( $number < 5 ) { - echo "Ok, I send you a new password.
"; + echo _('Ok, I will send you a new password.').'
'; if($number >1) - echo "N.B. You tried this already $number times during the last day and it will only work ". - " 5 times during a day.
"; - echo "The new password will be valid for one day, make sure you reset it to something else.
"; - echo "Back to the main page."; + echo sprintf(_("N.B. You tried this already %s times during the last day and it will only work". + " 5 times during a day."),$number)."
\n"; + echo _('The new password will be valid for one day, make sure you reset it to something else.').'
'; + echo sprintf(_('Back to the main page.'),$INDEX); /* create temporary password, use the fist 8 letters of a md5 hash */ $TIME = (string) time(); /* to avoid collisions */ - $hash = md5("Anewpassword".$email.$TIME); + $rndstring = sha1(rand()); /* add some randomness */ + $hash = md5('Anewpassword'.$email.$TIME.$rndstring); $newpw = substr($hash,1,8); - $message = "Someone (hopefully you) requested a new password. \n". - "You can use this email and the following password: \n". - " $newpw \n". + $message = sprintf( _("Someone (hopefully you) requested a new password.\n". + "You can use this email and the following password:\n". + " %s\n". "to log into the server. The new password is valid for 24h, so make\n". "sure you reset your password to something new. Your old password will\n". - " also still be valid until you set a new one\n"; - mymail($email,$EmailName."recovery ",$message); + "also still be valid until you set a new one.\n"), $newpw); + mymail($myid,0, GAME_RECOVERY, $message); /* we save these in the database */ DB_set_recovery_password($myid,md5($newpw)); @@ -63,210 +86,264 @@ if(myisset("forgot")) { /* make it so that people (or a robot) can request thousands of passwords within a short time * and spam a user this way */ - echo "Sorry you already tried 5 times during the last 24h.
". - "You need to use one of those passwords or wait to get a new one.
"; - echo "Back to the main page."; + echo _('Sorry you already tried 5 times during the last 24h.
'. + 'You need to use one of those passwords or wait to get a new one.').'
'; + echo sprintf(_('Back to the main page.'),$INDEX); } } else {/* can't find user id in the database */ - + /* no email given? */ if($email=="") - echo "You need to give me an email address!
". - "Please try again."; + echo _('You need to give me an email address!')."
". + sprintf(_('Please try again.'),$INDEX); else /* default error message */ - echo "Couldn't find a player with this email!
". - "Please contact Arun, if you think this is a mistake
". - "or else try again."; + echo _("Couldn't find a player with this email!")."
". + sprintf(_('Please contact %s, if you think this is a mistake '. + 'or else try again.'),$ADMIN_NAME, $INDEX ); } } - else - { /* normal user page */ - - - /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); - - $ok = 1; - $myid = DB_get_userid('email-password',$email,$password); - if(!$myid) - $ok = 0; - - if($ok) - { - /* user information is ok */ - $myname = DB_get_name('email',$email); - $_SESSION["name"] = $myname; - output_status(); - - $PREF = DB_get_PREF($myid); - - /* does the user want to change some preferences? */ - if(myisset("setpref")) - { - $setpref=$_REQUEST["setpref"]; - switch($setpref) - { - case "germancards": - case "englishcards": - $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='cardset'" ); - if( DB_fetch_array($result)) - $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref). - " WHERE user_id='$myid' AND pref_key='cardset'" ); - else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',". - DB_quote_smart($setpref).")"); - echo "Ok, changed you preferences for the cards.\n"; - break; - case "emailaddict": - case "emailnonaddict": - $result = DB_query("SELECT * from User_Prefs". - " WHERE user_id='$myid' AND pref_key='email'" ); - if( DB_fetch_array($result)) - $result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref). - " WHERE user_id='$myid' AND pref_key='email'" ); - else - $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',". - DB_quote_smart($setpref).")"); - echo "Ok, changed you preferences for sending out emails.\n"; - break; - } - } - /* user wants to change his password or request a temporary one */ - else if(myisset("passwd")) - { - if( $_REQUEST["passwd"]=="ask" ) - { - /* reset password form*/ - output_password_recovery($email,$password); - } - else if($_REQUEST["passwd"]=="set") - { - /* reset password */ - $ok = 1; - - /* check if old password matches */ - $oldpasswd = md5($_REQUEST["password0"]); - if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) )) - $ok = -1; - /* check if new passwords are types the same twice */ - if($_REQUEST["password1"] != $_REQUEST["password2"] ) - $ok = -2; - - switch($ok) - { - case '-2': - echo "The new passwords don't match.
"; - break; - case '-1': - echo "The old password is not correct.
"; - break; - case '1': - echo "Changed the password.
"; - DB_query("UPDATE User SET password='".md5($_REQUEST["password1"]). - "' WHERE id=".DB_quote_smart($myid)); - break; - } - /* set password */ - } - } - else /* output default user page */ - { - /* display links to settings */ - output_user_settings(); - - DB_update_user_timestamp($myid); - - display_user_menu(); - - /* display all games the user has played */ - echo "
"; - echo "

These are all your games:

\n"; - echo "

Session:
\n"; - echo " p = pre-game phase "; - echo "P = game in progess "; - echo "F = game finished
"; - echo "

\n"; - - $output = array(); - $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player,Game.status from Hand". - " LEFT JOIN Game ON Game.id=Hand.game_id". - " WHERE user_id='$myid'". - " ORDER BY Game.session,Game.create_date" ); - $gamenrold = -1; - echo "\n \n \n
\n"; - while( $r = DB_fetch_array($result)) - { - $game = DB_format_gameid($r[1]); - $gamenr = (int) $game; - if($gamenrold < $gamenr) - { - if($gamenrold!=-1) - echo "
$gamenr: "; - else - echo "$gamenr: "; - $gamenrold = $gamenr; - } - if($r[4]=='pre') - { - echo "\n p "; - - } - else if ($r[4]=='gameover') - echo "\n F "; - else - { - echo "\n P "; - } - if($r[4] != 'gameover') - { - echo "\n "; - if($r[3]==$myid || !$r[3]) - echo "(it's your turn)\n"; - else - { - $name = DB_get_name('userid',$r[3]); - $gameid = $r[1]; - if(DB_get_reminder($r[3],$gameid)==0) - if(time()-strtotime($r[2]) > 60*60*24*7) - echo "". - "Send a reminder."; - echo "(it's $name's turn)\n"; - }; - if(time()-strtotime($r[2]) > 60*60*24*30) - echo "". - "Cancel?". - " (clicking here is final and can't be restored)"; - - } - } - echo "
\n"; - - /* display last 5 users that have signed up to e-DoKo */ - $names = DB_get_names_of_new_logins(5); - echo "

New Players:

\n

\n"; - echo implode(", ",$names).",...\n"; - echo "

\n"; - - /* display last 5 users that logged on */ - $names = DB_get_names_of_last_logins(5); - echo "

Players last logged in:

\n

\n"; - echo implode(", ",$names).",...\n"; - echo "

\n"; - - echo "
\n"; - } - } - else - { - echo "
Sorry email and password don't match. Please try again.
"; - } - }; -output_footer(); -DB_close(); -exit(); +else + { /* normal user page */ + + /* verify password and email */ + $ok = 1; + if(isset($email, $password)) + { + $myid = DB_get_userid('email-password',$email,$password); + if(!$myid) + $ok = 0; + } + else + $ok = 0; + + if($ok) + { + /* user information is ok */ + $myname = DB_get_name('email',$email); + $_SESSION['name'] = $myname; + + $PREF = DB_get_PREF($myid); + /* set language chosen in preferences, will become active on the next reload (see index.php)*/ + $_SESSION['language'] = $PREF['language']; + set_language($PREF['language']); + + DB_update_user_timestamp($myid); + + display_user_menu($myid); + + /* display all games the user has played */ + echo '
'; + + if($myvacation = check_vacation($myid)) + { + $vac_start = $myvacation[0]; + $vac_stop = $myvacation[1]; + $vac_comment = $myvacation[2]; + echo '

'._("Enjoy your vacation (don't forgot to change your settings once you're back).")." ". + _("Between $vac_start and $vac_stop other users will see the following message: $vac_comment.")."

\n"; + } + + echo '

'._('These are your games').":

\n"; + /* output legend */ + echo "

\n"; + echo '    '._('pre-game phase'); + echo '    '._('game in progess'); + echo ' N  '._('game over (N people played this hand)').'
'; + echo ' '._("Reminder: canceling a game can't be reversed!"); + echo "

\n"; + + /* get all games */ + $output = array(); + $result = DB_query("SELECT Hand.hash,Hand.game_id,G.mod_date,G.player,G.status, ". + " (SELECT count(H.randomnumbers) FROM Game H WHERE H.randomnumbers=G.randomnumbers) AS count, ". + " G.session". + " FROM Hand". + " LEFT JOIN Game G ON G.id=Hand.game_id". + " WHERE user_id=".DB_quote_smart($myid). + " ORDER BY G.session,G.create_date" ); + + /* sort into active and passive sessions */ + $count = 0; /* count number of games to check for beginner status */ + $session = -1; + $maxgame = 0; + $output_active = ""; + $output_inactive = ""; + $sessionoutput = ""; + $gameoutput = ""; + $keep_going = 2; + while( $keep_going ) + { + /* get next element */ + $r = DB_fetch_array($result); + + if($r) + $count++; + else + { + /* need to run the while loop one more time when we run out of elements in the database */ + $keep_going--; + $r[0] = NULL; + $r[1] = NULL; + $r[2] = NULL; + $r[3] = NULL; + $r[4] = NULL; + $r[5] = NULL; + $r[6] = -2; + } + if( $r[6]==$session ) + { + /* same session, update information */ + $maxgame++; + $myhash = $r[0]; + $gameid = $r[1]; + $gamemoddate = $r[2]; + $userid = $r[3]; + $gamestatus = $r[4]; + $gamefrequence = $r[5]; + + /* create output */ + $sessionoutput .= $gameoutput; + $gameoutput = " " + .$gamefrequence."\n"; + } + else + { /* new session */ + + /* output old session if available */ + if($maxgame) + { + /* is session active? */ + if($gamestatus == 'pre' || $gamestatus== 'play' || time()-strtotime($gamemoddate) < 60*60*24*5 ) + { + $output_active .= "
  • "; + if($gamestatus == 'pre') + $class= 'class="gamestatuspre gameid"'; + else if($gamestatus == 'play') + $class= 'class="gamestatusplay gameid"'; + else + $class= 'class="gamestatusover gameid"'; + $output_active .= "". + DB_format_gameid($gameid).'   '; + + + /* who's turn is it? */ + if( $gamestatus == 'pre' || $gamestatus == 'play') + { + $output_active .= ''; + if($userid==$myid || !$userid) + $output_active .= ' '._('your turn')."\n"; + else + { + $name = DB_get_name('userid',$userid); + + /* check vacaction status of this user */ + if($vacation=check_vacation($userid)) + { + $stop = substr($vacation[1],0,10); + $title = _('begin:').substr($vacation[0],0,10).' '._('end:').$vacation[1].' '.$vacation[2]; + $output_active .= " ". + sprintf(_("%s's turn"),$name).' '._("(on vacation until $stop)")."\n"; + } + else + $output_active .= sprintf(_("%s's turn"),$name)."\n"; + + /* check if we need to send out a reminder */ + if(DB_get_reminder($userid,$gameid)==0) + if(time()-strtotime($gamemoddate) > 60*60*24*7) + $output_active .= ""._('Send a reminder?').' '; + + }; + $output_active .= ''; + + if(time()-strtotime($gamemoddate) > 60*60*24*30) + $output_active .= ""._('Cancel?').' '; + } + + if($maxgame>1) + { + $output_active .= ' '._('show old').''. + ' '._('hide old').'
    '."\n"; + $output_active .= ' '.$sessionoutput.''; + } + + $output_active .= "
    • \n"; + + } + else + { + /* session is not active anymore */ + $output_inactive .= "
  • $session:" ; + $output_inactive .= $sessionoutput.$gameoutput ; + $output_inactive .= "
    • \n"; + } + + /* reset all session variables */ + $maxgame = 0; + $sessionoutput = ""; + $gameoutput = ""; + + } + + /* save game information */ + $maxgame++; + $myhash = $r[0]; + $gameid = $r[1]; + $gamemoddate = $r[2]; + $userid = $r[3]; + $gamestatus = $r[4]; + $gamefrequence = $r[5]; + $session = $r[6]; + + /* create output */ + $sessionoutput .= $gameoutput; + $gameoutput = " " + .$gamefrequence."\n"; + + } + } + + echo "\n"; + + /* give a hint for new players */ + if($count<10) + echo '

    '._('You can start new games using the link in the top right corner!')."

    \n"; + + /* display last 5 users that have signed up to e-DoKo within the 45 days */ + $names = DB_get_names_of_new_logins(5); + if ($names) + { + echo '

    '._('New Player(s)').":

    \n

    \n"; + echo implode(", ",$names).",...\n"; + echo "

    \n"; + }; + + /* display last 5 users that logged on */ + echo '

    '._('Players last logged in').":

    \n

    \n"; + + $names = DB_get_names_of_last_logins(7); + $emails = DB_get_emails_of_last_logins(7); + for($i=0;$i<7;$i++) + { + echo '\n"; + } + echo "

    \n"; + + echo "
    \n"; + } + else + { + echo '
    '."\n"; + echo sprintf(_("Sorry email and password don't match. Please try again."),$INDEX); + echo '
    '."\n"; + } + }; ?> \ No newline at end of file