BUGFIX: CC'ed on final game allowed to view different accounts

When people got CC'ed on the final email, they also got copies of everyones
email and the link to the game in that email. That way they could go to the
user page of a different user.

Removed CC option and will just send out two emails from now on. The first one to
all players (reply all possible) and the second one with the personal link.

diff --git a/db.php b/db.php
index a44436043228c57c132c9367425e58756aa6bfaf..dee6529ac731988c2c592b356a448d7d036f1ea5 100644 (file)
--- a/db.php
+++ b/db.php
@@ -753,14 +753,6 @@ function DB_get_PREF($myid)
     else
       $PREF["cardset"]="english";
 
     else
       $PREF["cardset"]="english";
 

-    $result = mysql_query("SELECT value from User_Prefs".
-                         " WHERE user_id='$myid' AND pref_key='ccemail'" );
-    $r = mysql_fetch_array($result,MYSQL_NUM);
-    if($r)
-      $PREF["ccemail"]=$r[0];
-    else
-      $PREF["ccemail"]="no";
-

     return;
 }
 
     return;
 }
 

diff --git a/index.php b/index.php
index dd1ce58889d298ef2ef1ba658b8be8ec21fa19b9..3fa0fd15e42372f0a51fd7ae26a2f8a5c890c4c7 100644 (file)
--- a/index.php
+++ b/index.php
@@ -1384,26 +1384,23 @@ else if(myisset("me"))
                  while( $r = mysql_fetch_array($result,MYSQL_NUM))
                    $message .= "    ".$r[0]." ".$r[1]."\n";
                  
                  while( $r = mysql_fetch_array($result,MYSQL_NUM))
                    $message .= "    ".$r[0]." ".$r[1]."\n";
                  

-                 /* check who wants to be CC'ed on the email */
-                 $h = array();
-                 $header = "";
+                 /* send out final email */
+                 $all = array();
+

                  foreach($userids as $user)
                  foreach($userids as $user)

-                   {
-                     $result = mysql_query("SELECT value from User_Prefs".
-                                           " WHERE user_id='$user' AND pref_key='ccemail'" );
-                     $r = mysql_fetch_array($result,MYSQL_NUM);
-                     if($r && $r[0]=="yes")
-                       $h[]   = DB_get_email_by_userid($user);
-                   }
-                 if(sizeof($h))
-                   $header = "CC: ".join(",",$h)."\r\n";
-                 
+                   $all[] = DB_get_email_by_userid($user);
+                 $TO = implode(",",$all);
+
+                 $help = "\n\n (you can use reply all on this email to reach all the players.)\n";
+                 mymail($To,$EmailName."game over (game $gameid) part 1(2)",$message.$help);
+

                  foreach($userids as $user)
                    {
                      $To   = DB_get_email_by_userid($user);
                      $hash = DB_get_hash_from_gameid_and_userid($gameid,$user);
                  foreach($userids as $user)
                    {
                      $To   = DB_get_email_by_userid($user);
                      $hash = DB_get_hash_from_gameid_and_userid($gameid,$user);

-                     $mymessage = $message."Use this link to have a look at the game: ".$host."?me=".$hash."\n\n" ;
-                     mymail($To,$EmailName."game over (game $gameid)",$mymessage,$header);
+                     
+                     $link = "Use this link to have a look at game $gameid: ".$host."?me=".$hash."\n\n" ;
+                     mymail($To,$EmailName."game over (game $gameid) part 2(2)",$link);

                    }
                }
              
                    }
                }
              


@@ -1644,21 +1641,6 @@ else if(myisset("me"))
                     $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','cardset',".DB_quote_smart($setpref).")");
                   echo "Ok, changed you preferences for the cards.\n";
                   break;
                     $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','cardset',".DB_quote_smart($setpref).")");
                   echo "Ok, changed you preferences for the cards.\n";
                   break;

-                case "ccemail":
-                  $result = mysql_query("SELECT * from User_Prefs".
-                                        " WHERE user_id='$uid' AND pref_key='ccemail'" );
-                  if( mysql_fetch_array($result,MYSQL_NUM))
-                    if($PREF["ccemail"]=="yes")
-                      $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart("no").
-                                            " WHERE user_id='$uid' AND pref_key='ccemail'" );
-                    else
-                      $result = mysql_query("UPDATE User_Prefs SET value=".DB_quote_smart("yes").
-                                            " WHERE user_id='$uid' AND pref_key='ccemail'" );
-                  else
-                    $result = mysql_query("INSERT INTO User_Prefs VALUES(NULL,'$uid','ccemail',".DB_quote_smart("yes").")");
-                  echo "Ok, changed you preferences for being CC'ed on emails.\n";
-                  break;
-

                 }
             }
           else /* output default user page */
                 }
             }
           else /* output default user page */

diff --git a/output.php b/output.php
index 9cadcb001b1d0c0048a8bb7d6d5182b19f45156a..81433d05d8f1f64f721970093f1f2fd0dd54e4cd 100644 (file)
--- a/output.php
+++ b/output.php
@@ -48,15 +48,6 @@ function output_user_settings($email,$password)
   echo "  <input type=\"hidden\" name=\"setpref\"  value=\"germancards\" />\n";
   echo "  <input type=\"submit\" class=\"submitbutton\" value=\"use german cards\" /> <br />\n";
   echo "</form>\n";
   echo "  <input type=\"hidden\" name=\"setpref\"  value=\"germancards\" />\n";
   echo "  <input type=\"submit\" class=\"submitbutton\" value=\"use german cards\" /> <br />\n";
   echo "</form>\n";

-  echo "<form action=\"index.php\" method=\"post\">\n";
-  echo "  <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
-  echo "  <input type=\"hidden\" name=\"password\" value=\"".$password."\" />\n";
-  echo "  <input type=\"hidden\" name=\"setpref\"  value=\"ccemail\" />\n";
-  if($PREF["ccemail"]=="no")
-    echo "  <input type=\"submit\" class=\"submitbutton\" value=\"CC me on final email\" /> <br />\n";
-  else
-    echo "  <input type=\"submit\" class=\"submitbutton\" value=\"don't CC me on final email\" /> <br />\n";
-  echo "</form>\n";

   echo "</div>\n";
   return;
 }
   echo "</div>\n";
   return;
 }