NEW FEATURE: use php session

used php session, so that people can actually log in and out
and linking from one page to another can be done easily without
using form to send the password as a hidden parameter over the
net all the time

diff --git a/css/standard.css b/css/standard.css
index 3d6fa92fe4d85384c9bf5ddbe43ebe90033453a2..b2157a8846798a02ef9a2b326aebb35e2c709fba 100644 (file)
--- a/css/standard.css
+++ b/css/standard.css
@@ -14,12 +14,19 @@
 .footer .right{  float:right; }
 .footer .left{  float:left; }
 
 .footer .right{  float:right; }
 .footer .left{  float:left; }
 

+.status {
+ position:absolute;
+ right:1em;
+ top:0.1em;
+ font-size: smaller;
+ }
+

 .card { 
   position:absolute;
   z-index:20;
   top:18em;
   left:28em;
 .card { 
   position:absolute;
   z-index:20;
   top:18em;
   left:28em;

-  text-aling:center;
+  text-align:center;

   background-color:white;
   border:2px solid gray;
 }
   background-color:white;
   border:2px solid gray;
 }


@@ -296,7 +303,7 @@ ul.tricks li div div span.comment span{
     margin-left:0em;
     padding:0.1em;
     padding-left:0em;
     margin-left:0em;
     padding:0.1em;
     padding-left:0em;

-    text-aling:left;
+    text-align:left;

 }
 
 .cardinput {
 }
 
 .cardinput {

diff --git a/db.php b/db.php
index f883fff0a3cc9da755c168eaa9d54725faea3923..21a77f85e846198a16438cea097c47f3f342d5fb 100644 (file)
--- a/db.php
+++ b/db.php
@@ -61,6 +61,16 @@ function DB_get_email_by_name($name)
   else
     return "";
 }
   else
     return "";
 }

+function DB_get_passwd_by_name($name)
+{
+  $result = mysql_query("SELECT password FROM User WHERE fullname=".DB_quote_smart($name)."");
+  $r      = mysql_fetch_array($result,MYSQL_NUM);
+
+  if($r)
+    return $r[0];
+  else
+    return "";
+}

 
 function DB_get_email_by_userid($id)
 {
 
 function DB_get_email_by_userid($id)
 {


@@ -760,8 +770,8 @@ function DB_get_PREF($myid)
       {
        if($r[0]=="germancards" && (time()-strtotime( "2009-12-31 23:59:59")<0) ) /* licence only valid until then */
          $PREF["cardset"]="altenburg";
       {
        if($r[0]=="germancards" && (time()-strtotime( "2009-12-31 23:59:59")<0) ) /* licence only valid until then */
          $PREF["cardset"]="altenburg";

-      else
-       $PREF["cardset"]="english";
+       else
+         $PREF["cardset"]="english";

       }
     else
       $PREF["cardset"]="english";
       }
     else
       $PREF["cardset"]="english";

diff --git a/functions.php b/functions.php
index 2d2277b4da4feeebc143ac06695d6ba6a26e7dfc..66cc57f548fced0ada347dba319c02d9f280b4fb 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -333,9 +333,6 @@ function  create_array_of_random_numbers($useridA,$useridB,$useridC,$useridD)
   return $r;
 }
 
   return $r;
 }
 

-
-
-

 function display_cards($me,$myturn)
 {
   return;
 function display_cards($me,$myturn)
 {
   return;

diff --git a/index.php b/index.php
index bae38d4c778adcc6bc72563167053b79cb9a5042..1d6dffff64d99a928f23f33ecb975eea503e26fe 100644 (file)
--- a/index.php
+++ b/index.php
@@ -51,11 +51,21 @@ if(DB_open()<0)
     exit(); 
   }
 
     exit(); 
   }
 

+/* start a session, if it is not already running */
+session_start();
+

 /* done major error checking, output header of HTML page */
 output_header();
 
 /* check if we want to start a new game */
 /* done major error checking, output header of HTML page */
 output_header();
 
 /* check if we want to start a new game */

-if(myisset("new"))
+if(myisset("logout"))
+  {
+    session_unset();
+    session_destroy();
+    $_SESSION = array();
+    echo "you are now logged out!";
+  }
+else if(myisset("new"))

   {
     $names = DB_get_all_names();
     output_form_for_new_game($names);
   {
     $names = DB_get_all_names();
     output_form_for_new_game($names);


@@ -204,7 +214,7 @@ else if(myisset("cancle","me"))
     /* get some information from the DB */
     $gameid   = DB_get_gameid_by_hash($me);
     $myname   = DB_get_name_by_hash($me);
     /* get some information from the DB */
     $gameid   = DB_get_gameid_by_hash($me);
     $myname   = DB_get_name_by_hash($me);

-    
+

     /* check if game really is old enough */
     $result = mysql_query("SELECT mod_date from Game WHERE id='$gameid' " );
     $r = mysql_fetch_array($result,MYSQL_NUM);
     /* check if game really is old enough */
     $result = mysql_query("SELECT mod_date from Game WHERE id='$gameid' " );
     $r = mysql_fetch_array($result,MYSQL_NUM);


@@ -245,6 +255,9 @@ else if(myisset("me"))
        exit();
       }
 
        exit();
       }
 

+    if(isset($_SESSION["name"]))
+      output_status($_SESSION["name"]);
+

     /* the user had done something, update the timestamp */
     DB_update_user_timestamp($myid);
     
     /* the user had done something, update the timestamp */
     DB_update_user_timestamp($myid);
     


@@ -1702,13 +1715,21 @@ else if(myisset("me"))
     exit();
  } 
 /* user status page */ 
     exit();
  } 
 /* user status page */ 

- else if(myisset("email","password"))
+else if( myisset("email","password") || isset($_SESSION["name"]) )

    {
      /* test id and password, should really be done in one step */
    {
      /* test id and password, should really be done in one step */

-     $email     = $_REQUEST["email"];
-     $password  = $_REQUEST["password"];
+     if(!isset($_SESSION["name"]))
+       {
+        $email     = $_REQUEST["email"];
+        $password  = $_REQUEST["password"];
+       }
+     else
+       {
+        $name = $_SESSION["name"];
+        $email     = DB_get_email_by_name($name);
+        $password  = DB_get_passwd_by_name($name);
+       };

      
      

-

      if(myisset("forgot"))
        {
         $ok = 1;
      if(myisset("forgot"))
        {
         $ok = 1;


@@ -1842,6 +1863,12 @@ else if(myisset("me"))
               $offset   = DB_get_user_timezone($uid);
               $zone     = return_timezone($offset);
               date_default_timezone_set($zone);
               $offset   = DB_get_user_timezone($uid);
               $zone     = return_timezone($offset);
               date_default_timezone_set($zone);

+
+              $myname = DB_get_name_by_email($email);
+              $_SESSION["name"] = $myname;
+
+              if(isset($_SESSION["name"]))
+                output_status($_SESSION["name"]);

               
               /* display links to settings */
               output_user_settings($email,$password);
               
               /* display links to settings */
               output_user_settings($email,$password);

diff --git a/output.php b/output.php
index 262ecd3ef52d59c28043255c181fbe524332ff09..9919a97a56f754f3a73f91dfb3feda2538b4a6f1 100644 (file)
--- a/output.php
+++ b/output.php
@@ -14,14 +14,8 @@ function display_links($email,$password)
 
 function output_link_to_user_page($email,$password)
 {
 
 function output_link_to_user_page($email,$password)
 {

-  echo "<div class=\"over\">\n";
-  echo "<form action=\"index.php\" method=\"post\">\n";
-  echo "  <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
-  echo "  <input type=\"hidden\" name=\"password\" value=\"".$password."\" />\n";
-  echo "  <input type=\"submit\" class=\"submitbutton\" value=\"go to my user page\" />\n";
-  echo "</form>\n";
-  echo "</div>\n";
-  
+  echo "<a href=\"index.php\"> go to my user page </a>";
+

   return;
 }
 
   return;
 }
 


@@ -31,25 +25,15 @@ function output_user_settings($email,$password)
 
   echo "<div class=\"useroptions\">\n";
   echo "<h4> Settings </h4>\n";
 
   echo "<div class=\"useroptions\">\n";
   echo "<h4> Settings </h4>\n";

-  echo "<form action=\"index.php\" method=\"post\">\n";
-  echo "  <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
-  echo "  <input type=\"hidden\" name=\"password\" value=\"".$password."\" />\n";
-  echo "  <input type=\"hidden\" name=\"passwd\"  value=\"ask\" />\n";
-  echo "  <input type=\"submit\" class=\"submitbutton\" name=\"pass\" value=\"change password\" /> <br />\n";
-  echo "</form>\n";
-  echo "<form action=\"index.php\" method=\"post\">\n";
-  echo "  <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
-  echo "  <input type=\"hidden\" name=\"password\" value=\"".$password."\" />\n";
-  echo "  <input type=\"hidden\" name=\"setpref\"  value=\"englishcards\" />\n";
-  echo "  <input type=\"submit\" class=\"submitbutton\" value=\"use english cards\" /> <br />\n";
-  echo "</form>\n";
-  echo "<form action=\"index.php\" method=\"post\">\n";
-  echo "  <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
-  echo "  <input type=\"hidden\" name=\"password\" value=\"".$password."\" />\n";
-  echo "  <input type=\"hidden\" name=\"setpref\"  value=\"germancards\" />\n";
-  echo "  <input type=\"submit\" class=\"submitbutton\" value=\"use german cards\" /> <br />\n";
-  echo "</form>\n";
+  echo "<a href=\"index.php?passwd=ask\">change password</a><br /";
+
+  if( $PREF["cardset"] == "english" )
+    echo "<a href=\"index.php?setpref=germancards\">use german cards</a><br />";
+  else
+    echo "<a href=\"index.php?setpref=englishcards\">use english cards</a> <br />";
+

   echo "</div>\n";
   echo "</div>\n";

+

   return;
 }
 
   return;
 }
 


@@ -374,8 +358,6 @@ function output_header()
   return;
 }
 
   return;
 }
 

-
-

 function output_footer()
 {
   global $REV,$PREF;
 function output_footer()
 {
   global $REV,$PREF;


@@ -400,6 +382,17 @@ function output_footer()
   return;
 }
 
   return;
 }
 

+function output_status($name)
+{
+  echo "<div class=\"status\">\n";
+  echo $name;
+  echo " <a href=\"index.php?logout=1\">logout</a>\n";
+  echo "</div>";
+
+  return;
+}
+
+

 function output_password_recovery($email,$password)
 {
 ?>
 function output_password_recovery($email,$password)
 {
 ?>