X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=index.php;h=244ceb9ac7e7b22eb6a53d32ce3b193bffb746cb;hp=a2cf35b0cd2f38a1085e1088c5d6fa258ab5e530;hb=18ed58881d0bb23749cbd27f02b7ae0ed69fbd3f;hpb=e68d4598c0d0a5e1f138b9c891f5c1c9ae0e8541
diff --git a/index.php b/index.php
index a2cf35b..244ceb9 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,6 @@
Setup not completed";
+ echo "You need to set \$ADMIN_NAME in config.php.";
+ output_footer();
+ exit();
+ }
+if(!isset($ADMIN_EMAIL))
+ {
+ output_header();
+ echo "
Game $gameid has been cancled.
";
+ output_footer();
+ DB_close();
+ exit();
}
- /* delete everything from the dB */
- DB_cancel_game($me);
-
- echo "Game $gameid has been cancled.
";
- output_footer();
- DB_close();
- exit();
- }
-
- /* check if all players are ready to play */
- $ok=1;
- foreach($userids as $user)
- if(DB_get_hand_status_by_userid_and_gameid($user,$gameid)!='play')
- $ok=0;
-
- if($ok)
- {
- /* only set this after all poverty, etc. are handled*/
- DB_set_game_status_by_gameid($gameid,'play');
-
- /* email startplayer */
- $startplayer = DB_get_startplayer_by_gameid($gameid);
- $email = DB_get_email_by_pos_and_gameid($startplayer,$gameid);
- $hash = DB_get_hash_from_game_and_pos($gameid,$startplayer);
- $who = DB_get_userid_by_email($email);
- DB_set_player_by_gameid($gameid,$who);
+ /* check if all players are ready to play */
+ $ok = 1;
+ foreach($userids as $user)
+ if(DB_get_hand_status_by_userid_and_gameid($user,$gameid)!='play')
+ {
+ $ok = 0;
+ DB_set_player_by_gameid($gameid,$user);
+ }
- if($hash!=$me)
+ if($ok)
{
- /* email startplayer) */
- $message = "It's your turn now in game $gameid.\n".
- "Use this link to play a card: ".$host."?me=".$hash."\n\n" ;
- mymail($email,$EmailName."ready, set, go... (game $gameid) ",$message);
+ /* only set this after all poverty, etc. are handled*/
+ DB_set_game_status_by_gameid($gameid,'play');
+
+ /* email startplayer */
+ $startplayer = DB_get_startplayer_by_gameid($gameid);
+ $email = DB_get_email_by_pos_and_gameid($startplayer,$gameid);
+ $hash = DB_get_hash_from_game_and_pos($gameid,$startplayer);
+ $who = DB_get_userid_by_email($email);
+ DB_set_player_by_gameid($gameid,$who);
+
+ if($hash!=$me)
+ {
+ /* email startplayer) */
+ $message = "It's your turn now in game $gameid.\n".
+ "Use this link to play a card: ".$host."?me=".$hash."\n\n" ;
+ mymail($email,$EmailName."ready, set, go... (game $gameid) ",$message);
+ }
+ else
+ echo " Please, \n";
@@ -1564,7 +1628,7 @@ else if(myisset("me"))
" WHERE session=$session".
" ORDER BY create_date DESC".
" LIMIT 1");
- $r=-1;
+ $r = -1;
if($result)
$r = mysql_fetch_array($result,MYSQL_NUM);
@@ -1577,7 +1641,7 @@ else if(myisset("me"))
}
break;
default:
- echo "error in testing the status";
+ myerror("error in testing the status");
}
output_footer();
DB_close();
@@ -1593,24 +1657,57 @@ else if(myisset("me"))
if(myisset("forgot"))
{
- $ok=1;
+ $ok = 1;
$uid = DB_get_userid_by_email($email);
if(!$uid)
- $ok=0;
+ $ok = 0;
if($ok)
{
- echo "Hmm, you forgot your passwort...nothing I can do at the moment:( ";
- echo " you need to email Arun for now... in the future it will be all automated and an ";
- echo "email with a new password will go to $email.";
+ /* check how many entries in recovery table */
+ $number = DB_get_number_of_passwords_recovery($uid);
+
+ /* if less than N recent ones, add a new one and send out email */
+ if( $number < 5 )
+ {
+ echo "Ok, I send you a new password.
";
+ if($number >1)
+ echo "N.B. You tried this already $number times during the last day and it will only work ".
+ " 5 times during a day.
";
+ echo "The new password will be valid for one day, make sure you reset it to something else.
";
+ echo "Back to the main page.";
+
+ $TIME = (string) time(); /* to avoid collisions */
+ $hash = md5("Anewpassword".$email.$TIME);
+ $newpw = substr($hash,1,8);
+
+ $message = "Someone (hopefully you) requested a new password. \n".
+ "You can use this email and the following password: \n".
+ " $newpw \n".
+ "to log into the server. The new password is valid for 24h, so make\n".
+ "sure you reset your password to something new. Your old password will\n".
+ " also still be valid until you set a new one\n";
+ mymail($email,$EmailName."recovery ",$message);
+
+ DB_set_recovery_password($uid,md5($newpw));
+ }
+ else
+ {
+ echo "Sorry you already tried 5 times during the last 24h.
".
+ "You need to use one of those passwords or wait to get a new one.
";
+ echo "Back to the main page.";
+ }
}
else
{
if($email=="")
- echo "you need to give me an email address!";
+ echo "You need to give me an email address!
".
+ "Please try again.";
else
- echo "couldn't find a player with this email, please contact Arun, if you think this is a mistake";
+ echo "Couldn't find a player with this email!
".
+ "Please contact Arun, if you think this is a mistake
".
+ "or else try again.";
}
}
else
@@ -1619,10 +1716,10 @@ else if(myisset("me"))
if(strlen($password)!=32)
$password = md5($password);
- $ok=1;
+ $ok = 1;
$uid = DB_get_userid_by_email_and_password($email,$password);
if(!$uid)
- $ok=0;
+ $ok = 0;
if($ok)
{
@@ -1641,24 +1738,46 @@ else if(myisset("me"))
$result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart($setpref).
" WHERE user_id='$uid' AND pref_key='cardset'" );
else
- $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','cardset',".DB_quote_smart($setpref).")");
+ $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','cardset',".
+ DB_quote_smart($setpref).")");
echo "Ok, changed you preferences for the cards.\n";
break;
- case "ccemail":
- $result = mysql_query("SELECT * from User_Prefs".
- " WHERE user_id='$uid' AND pref_key='ccemail'" );
- if( mysql_fetch_array($result,MYSQL_NUM))
- if($PREF["ccemail"]=="yes")
- $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart("no").
- " WHERE user_id='$uid' AND pref_key='ccemail'" );
- else
- $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart("yes").
- " WHERE user_id='$uid' AND pref_key='ccemail'" );
- else
- $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','ccemail',".DB_quote_smart("yes").")");
- echo "Ok, changed you preferences for being CC'ed on emails.\n";
- break;
-
+ }
+ }
+ else if(myisset("passwd"))
+ {
+ if( $_REQUEST["passwd"]=="ask" )
+ {
+ /* reset password form*/
+ output_password_recovery($email,$password);
+ }
+ else if($_REQUEST["passwd"]=="set")
+ {
+ /* reset password */
+ $ok = 1;
+
+ /* check if old password matches */
+ if($password != md5($_REQUEST["password0"]))
+ $ok = -1;
+ /* check if new passwords are types the same twice */
+ if($_REQUEST["password1"] != $_REQUEST["password2"] )
+ $ok = -2;
+
+ switch($ok)
+ {
+ case '-2':
+ echo "The new passwords don't match.
";
+ break;
+ case '-1':
+ echo "The old password is not correct.
";
+ break;
+ case '1':
+ echo "Changed the password.
";
+ mysql_query("UPDATE User SET password='".md5($_REQUEST["password1"]).
+ "' WHERE id=".DB_quote_smart($uid));
+ break;
+ }
+ /* set password */
}
}
else /* output default user page */
@@ -1677,23 +1796,21 @@ else if(myisset("me"))
DB_update_user_timestamp($uid);
- echo "these are your games that haven't started yet:
\n";
+ echo "
These are your games that haven't started yet:
\n";
$result = mysql_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
" WHERE Hand.user_id='$uid' AND Game.status='pre'" );
while( $r = mysql_fetch_array($result,MYSQL_NUM))
{
echo "game #".$r[1]." ";
- if($r[3])
+ if($r[3]==$uid || $r[3]==NULL)
+ echo "(it's your turn)\n";
+ else
{
- if($r[3]==$uid)
- echo "(it's your turn)\n";
- else
- {
- $name = DB_get_name_by_userid($r[3]);
- echo "(it's $name's turn)\n";
- };
- }
+ $name = DB_get_name_by_userid($r[3]);
+ echo "(it's $name's turn)\n";
+ };
+
if(time()-strtotime($r[2]) > 60*60*24*30)
echo " The game has been running for over a month.".
" Do you want to cancel it? yes".
@@ -1702,7 +1819,7 @@ else if(myisset("me"))
}
echo "
\n";
- echo "these are the games you are playing in:
\n";
+ echo "
These are the games you are playing in:
\n";
$result = mysql_query("SELECT Hand.hash,Hand.game_id,Game.mod_date,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
" WHERE Hand.user_id='$uid' AND Game.status='play'" );
@@ -1728,15 +1845,15 @@ else if(myisset("me"))
echo "
\n";
- echo "and these are your games that are already done:
Game: \n";
- $output=array();
+ echo "
And these are your games that are already done:
Game: \n";
+ $output = array();
$result = mysql_query("SELECT hash,game_id from Hand WHERE user_id='$uid' AND status='gameover'" );
while( $r = mysql_fetch_array($result,MYSQL_NUM))
- $output[]= "#".$r[1]." ";
+ $output[] = "#".$r[1]." ";
echo implode(", ",$output)."
\n";
$names = DB_get_all_names();
- echo "registered players:
\n";
+ echo "
Registered players:
\n";
echo implode(", ",$names)."\n";
echo "
\n";
@@ -1745,7 +1862,7 @@ else if(myisset("me"))
}
else
{
- echo "sorry email and password don't match
";
+ echo "Sorry email and password don't match
";
}
};
output_footer();