2 /* make sure that we are not called from outside the scripts,
3 * use a variable defined in config.php to check this
14 global $DB,$DB_user,$DB_host,$DB_database,$DB_password;
15 $DB = @mysql_connect($DB_host,$DB_user, $DB_password);
18 mysql_select_db($DB_database) or die('Could not select database');
33 function DB_quote_smart($value)
36 if (get_magic_quotes_gpc()) {
37 $value = stripslashes($value);
39 /* Quote if not a number or a numeric string */
40 if (!is_numeric($value)) {
41 $value = "'" . mysql_real_escape_string($value) . "'";
48 $result = mysql_query("SELECT * FROM User");
49 while($r = mysql_fetch_array($result,MYSQL_NUM))
58 function DB_get_passwd_by_name($name)
60 $result = mysql_query("SELECT password FROM User WHERE fullname=".DB_quote_smart($name)."");
61 $r = mysql_fetch_array($result,MYSQL_NUM);
69 function DB_check_recovery_passwords($password,$email)
71 $result = mysql_query("SELECT User.id FROM User".
72 " LEFT JOIN Recovery ON User.id=Recovery.user_id".
73 " WHERE email=".DB_quote_smart($email).
74 " AND Recovery.password=".DB_quote_smart($password).
75 " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= Recovery.create_date");
76 $r = mysql_fetch_array($result,MYSQL_NUM);
84 function DB_get_handid($type,$var1='',$var2='')
89 $result = mysql_query("SELECT id FROM Hand WHERE hash=".DB_quote_smart($var1));
91 case 'gameid-position':
92 $result = mysql_query("SELECT id FROM Hand WHERE game_id=".
93 DB_quote_smart($var1)." AND position=".
94 DB_quote_smart($var2));
97 $result = mysql_query("SELECT id FROM Hand WHERE game_id=".
98 DB_quote_smart($var1)." AND user_id=".
99 DB_quote_smart($var2));
103 $r = mysql_fetch_array($result,MYSQL_NUM);
111 function DB_get_pos_by_hash($hash)
113 $result = mysql_query("SELECT position FROM Hand WHERE hash=".DB_quote_smart($hash));
114 $r = mysql_fetch_array($result,MYSQL_NUM);
122 function DB_get_status_by_hash($hash)
124 $result = mysql_query("SELECT status FROM Hand WHERE hash=".DB_quote_smart($hash));
125 $r = mysql_fetch_array($result,MYSQL_NUM);
133 function DB_set_game_status_by_gameid($id,$status)
135 mysql_query("UPDATE Game SET status='".$status."' WHERE id=".DB_quote_smart($id));
139 function DB_set_sickness_by_gameid($id,$status)
141 mysql_query("UPDATE Game SET sickness='".$status."' WHERE id=".DB_quote_smart($id));
144 function DB_get_sickness_by_gameid($id)
146 $result = mysql_query("SELECT sickness FROM Game WHERE id=".DB_quote_smart($id));
147 $r = mysql_fetch_array($result,MYSQL_NUM);
155 function DB_get_game_status_by_gameid($id)
157 $result = mysql_query("SELECT status FROM Game WHERE id=".DB_quote_smart($id));
158 $r = mysql_fetch_array($result,MYSQL_NUM);
166 function DB_set_hand_status_by_hash($hash,$status)
168 mysql_query("UPDATE Hand SET status='".$status."' WHERE hash=".DB_quote_smart($hash));
172 function DB_get_hand_status_by_userid_and_gameid($uid,$gid)
174 $result = mysql_query("SELECT status FROM Hand WHERE user_id=".DB_quote_smart($uid).
175 " AND game_id=".DB_quote_smart($gid));
176 $r = mysql_fetch_array($result,MYSQL_NUM);
184 function DB_get_sickness_by_userid_and_gameid($uid,$gid)
186 $result = mysql_query("SELECT sickness FROM Hand WHERE user_id=".DB_quote_smart($uid).
187 " AND game_id=".DB_quote_smart($gid));
188 $r = mysql_fetch_array($result,MYSQL_NUM);
196 function DB_get_sickness_by_pos_and_gameid($pos,$gid)
198 $result = mysql_query("SELECT sickness FROM Hand WHERE position=".DB_quote_smart($pos).
199 " AND game_id=".DB_quote_smart($gid));
200 $r = mysql_fetch_array($result,MYSQL_NUM);
208 function DB_get_gameid_by_hash($hash)
210 $result = mysql_query("SELECT game_id FROM Hand WHERE hash=".DB_quote_smart($hash));
211 $r = mysql_fetch_array($result,MYSQL_NUM);
219 function DB_cancel_game($hash)
221 $gameid = DB_get_gameid_by_hash($hash);
226 /* get the IDs of all players */
227 $result = mysql_query("SELECT id FROM Hand WHERE game_id=".DB_quote_smart($gameid));
228 while($r = mysql_fetch_array($result,MYSQL_NUM))
232 $tmp = mysql_query("SELECT id FROM Hand_Card WHERE hand_id=".DB_quote_smart($id));
233 $tmp = mysql_fetch_array($tmp,MYSQL_NUM);
234 mysql_query("DELETE FROM Play WHERE hand_card_id=".DB_quote_smart($tmp[0]));
237 mysql_query("DELETE FROM Hand_Card WHERE hand_id=".DB_quote_smart($id));
238 mysql_query("DELETE FROM Hand WHERE id=".DB_quote_smart($id));
242 mysql_query("DELETE FROM User_Game_Prefs WHERE game_id=".DB_quote_smart($gameid));
243 mysql_query("DELETE FROM Trick WHERE game_id=".DB_quote_smart($gameid));
244 mysql_query("DELETE FROM Game WHERE id=".DB_quote_smart($gameid));
249 function DB_get_hand($me)
253 $handid = DB_get_handid('hash',$me);
255 $result = mysql_query("SELECT card_id FROM Hand_Card WHERE hand_id=".DB_quote_smart($handid)." and played='false' ");
256 while($r = mysql_fetch_array($result,MYSQL_NUM))
262 function DB_get_all_hand($me)
266 $handid = DB_get_handid('hash',$me);
268 $result = mysql_query("SELECT card_id FROM Hand_Card WHERE hand_id=".DB_quote_smart($handid));
269 while($r = mysql_fetch_array($result,MYSQL_NUM))
275 function DB_get_cards_by_trick($id)
280 $result = mysql_query("SELECT card_id,position FROM Play LEFT JOIN Hand_Card ON Hand_Card.id=Play.hand_card_id ".
281 "LEFT JOIN Hand ON Hand.id=Hand_Card.hand_id ".
283 DB_quote_smart($id)." ORDER BY sequence ASC");
284 while($r = mysql_fetch_array($result,MYSQL_NUM))
286 $cards[$i]=array("card"=>$r[0],"pos"=>$r[1]);
294 function DB_set_solo_by_hash($hash,$solo)
296 mysql_query("UPDATE Hand SET solo=".DB_quote_smart($solo)." WHERE hash=".DB_quote_smart($hash));
300 function DB_set_solo_by_gameid($id,$solo)
302 mysql_query("UPDATE Game SET solo=".DB_quote_smart($solo)." WHERE id=".DB_quote_smart($id));
306 function DB_set_sickness_by_hash($hash,$sickness)
308 mysql_query("UPDATE Hand SET sickness=".DB_quote_smart($sickness)." WHERE hash=".DB_quote_smart($hash));
312 function DB_get_current_trickid($gameid)
318 $result = mysql_query("SELECT Trick.id,MAX(Play.sequence) FROM Play ".
319 "LEFT JOIN Trick ON Play.trick_id=Trick.id ".
320 "WHERE Trick.game_id=".DB_quote_smart($gameid)." ".
321 "GROUP BY Trick.id");
322 while( $r = mysql_fetch_array($result,MYSQL_NUM) )
329 if(!$sequence || $sequence==4)
331 mysql_query("INSERT INTO Trick VALUES (NULL,NULL,NULL, ".DB_quote_smart($gameid).",NULL)");
332 $trickid = mysql_insert_id();
341 return array($trickid,$sequence,$number);
344 function DB_get_max_trickid($gameid)
346 $result = mysql_query("SELECT MAX(id) FROM Trick WHERE game_id=".DB_quote_smart($gameid));
347 $r = mysql_fetch_array($result,MYSQL_NUM) ;
349 return ($r?$r[0]:NULL);
352 function DB_play_card($trickid,$handcardid,$sequence)
354 mysql_query("INSERT INTO Play VALUES(NULL,NULL,NULL,".DB_quote_smart($trickid).
355 ",".DB_quote_smart($handcardid).",".DB_quote_smart($sequence).")");
357 $playid = mysql_insert_id();
361 function DB_get_all_names_by_gameid($id)
365 $result = mysql_query("SELECT fullname FROM Hand LEFT JOIN User ON Hand.user_id=User.id WHERE game_id=".
366 DB_quote_smart($id)." ORDER BY position ASC");
367 while($r = mysql_fetch_array($result,MYSQL_NUM))
373 function DB_get_all_userid_by_gameid($id)
377 $result = mysql_query("SELECT user_id FROM Hand WHERE game_id=".
378 DB_quote_smart($id)." ORDER BY position ");
379 while($r = mysql_fetch_array($result,MYSQL_NUM))
385 function DB_get_hash_from_game_and_pos($id,$pos)
387 $result = mysql_query("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($id)." and position=".DB_quote_smart($pos));
388 $r = mysql_fetch_array($result,MYSQL_NUM);
396 function DB_get_hash_from_gameid_and_userid($id,$user)
398 $result = mysql_query("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($id)." and user_id=".DB_quote_smart($user));
399 $r = mysql_fetch_array($result,MYSQL_NUM);
407 function DB_get_all_names()
411 $result = mysql_query("SELECT fullname FROM User");
412 while($r = mysql_fetch_array($result,MYSQL_NUM))
418 function DB_get_names_of_last_logins($N)
422 $result = mysql_query("SELECT fullname FROM User ORDER BY last_login DESC LIMIT $N");
423 while($r = mysql_fetch_array($result,MYSQL_NUM))
429 function DB_get_names_of_new_logins($N)
433 $result = mysql_query("SELECT fullname FROM User ORDER BY create_date DESC, id DESC LIMIT $N");
434 while($r = mysql_fetch_array($result,MYSQL_NUM))
440 function DB_update_game_timestamp($gameid)
442 mysql_query("UPDATE Game SET mod_date = CURRENT_TIMESTAMP WHERE id=".DB_quote_smart($gameid));
447 function DB_update_user_timestamp($userid)
449 mysql_query("UPDATE User SET last_login = CURRENT_TIMESTAMP WHERE id=".DB_quote_smart($userid));
453 function DB_get_user_timestamp($userid)
455 $result = mysql_query("SELECT last_login FROM User WHERE id=".DB_quote_smart($userid));
456 $r = mysql_fetch_array($result,MYSQL_NUM);
463 function DB_get_user_timezone($userid)
465 $result = mysql_query("SELECT timezone FROM User WHERE id=".DB_quote_smart($userid));
466 $r = mysql_fetch_array($result,MYSQL_NUM);
471 return "Europe/London";
474 function DB_insert_comment($comment,$playid,$userid)
476 mysql_query("INSERT INTO Comment VALUES (NULL,NULL,NULL,$userid,$playid, ".DB_quote_smart($comment).")");
481 function DB_insert_note($comment,$gameid,$userid)
483 mysql_query("INSERT INTO Notes VALUES (NULL,NULL,NULL,$userid,$gameid, ".DB_quote_smart($comment).")");
488 function DB_get_notes_by_userid_and_gameid($userid,$gameid)
492 $result = mysql_query("SELECT comment FROM Notes WHERE user_id=".DB_quote_smart($userid) .
493 " AND game_id=".DB_quote_smart($gameid));
495 while($r = mysql_fetch_array($result,MYSQL_NUM))
502 function DB_get_gametype_by_gameid($id)
504 $result = mysql_query("SELECT type FROM Game WHERE id=".DB_quote_smart($id));
505 $r = mysql_fetch_array($result,MYSQL_NUM);
513 function DB_set_gametype_by_gameid($id,$p)
515 mysql_query("UPDATE Game SET type='".$p."' WHERE id=".DB_quote_smart($id));
519 function DB_get_solo_by_gameid($id)
521 $result = mysql_query("SELECT solo FROM Game WHERE id=".DB_quote_smart($id));
522 $r = mysql_fetch_array($result,MYSQL_NUM);
531 function DB_get_startplayer_by_gameid($id)
533 $result = mysql_query("SELECT startplayer FROM Game WHERE id=".DB_quote_smart($id));
534 $r = mysql_fetch_array($result,MYSQL_NUM);
542 function DB_set_startplayer_by_gameid($id,$p)
544 mysql_query("UPDATE Game SET startplayer='".$p."' WHERE id=".DB_quote_smart($id));
548 function DB_get_player_by_gameid($id)
550 $result = mysql_query("SELECT player FROM Game WHERE id=".DB_quote_smart($id));
551 $r = mysql_fetch_array($result,MYSQL_NUM);
558 function DB_set_player_by_gameid($id,$p)
560 mysql_query("UPDATE Game SET player='".DB_quote_smart($p)."' WHERE id=".DB_quote_smart($id));
566 function DB_get_ruleset_by_gameid($id)
568 $result = mysql_query("SELECT ruleset FROM Game WHERE id=".DB_quote_smart($id));
569 $r = mysql_fetch_array($result,MYSQL_NUM);
577 function DB_get_session_by_gameid($id)
579 $result = mysql_query("SELECT session FROM Game WHERE id=".DB_quote_smart($id));
580 $r = mysql_fetch_array($result,MYSQL_NUM);
588 function DB_get_max_session()
590 $result = mysql_query("SELECT MAX(session) FROM Game");
591 $r = mysql_fetch_array($result,MYSQL_NUM);
599 function DB_get_hashes_by_session($session,$user)
603 $result = mysql_query("SELECT Hand.hash FROM Hand".
604 " LEFT JOIN Game ON Game.id=Hand.game_id ".
605 " WHERE Game.session=".DB_quote_smart($session).
606 " AND Hand.user_id=".DB_quote_smart($user).
607 " ORDER BY Game.create_date ASC");
608 while($t = mysql_fetch_array($result,MYSQL_NUM))
614 function DB_get_ruleset($dullen,$schweinchen,$call)
618 $result = mysql_query("SELECT id FROM Rulesets WHERE".
619 " dullen=".DB_quote_smart($dullen)." AND ".
620 " call=".DB_quote_smart($call)." AND ".
621 " schweinchen=".DB_quote_smart($schweinchen));
623 $r = mysql_fetch_array($result,MYSQL_NUM);
626 return $r[0]; /* found ruleset */
630 $result = mysql_query("INSERT INTO Rulesets VALUES (NULL, NULL, ".
631 DB_quote_smart($dullen).",".
632 DB_quote_smart($schweinchen).",".
633 DB_quote_smart($call).
636 return mysql_insert_id();
639 return -1; /* something went wrong */
642 function DB_get_party_by_hash($hash)
644 $result = mysql_query("SELECT party FROM Hand WHERE hash=".DB_quote_smart($hash));
645 $r = mysql_fetch_array($result,MYSQL_NUM);
653 function DB_get_party_by_gameid_and_userid($gameid,$userid)
655 $result = mysql_query("SELECT party FROM Hand".
656 " WHERE game_id=".DB_quote_smart($gameid).
657 " AND user_id=".DB_quote_smart($userid));
658 $r = mysql_fetch_array($result,MYSQL_NUM);
666 function DB_set_party_by_hash($hash,$party)
668 mysql_query("UPDATE Hand SET party=".DB_quote_smart($party)." WHERE hash=".DB_quote_smart($hash));
672 function DB_get_PREF($myid)
677 $result = mysql_query("SELECT value from User_Prefs".
678 " WHERE user_id='$myid' AND pref_key='cardset'" );
679 $r = mysql_fetch_array($result,MYSQL_NUM);
682 if($r[0]=="germancards" && (time()-strtotime( "2009-12-31 23:59:59")<0) ) /* licence only valid until then */
683 $PREF["cardset"]="altenburg";
685 $PREF["cardset"]="english";
688 $PREF["cardset"]="english";
691 $result = mysql_query("SELECT value FROM User_Prefs".
692 " WHERE user_id='$myid' AND pref_key='email'" );
693 $r = mysql_fetch_array($result,MYSQL_NUM);
696 if($r[0]=="emailaddict")
697 $PREF["email"]="emailaddict";
699 $PREF["email"]="emailnonaddict";
702 $PREF["email"]="emailnonaddict";
707 function DB_get_email_pref_by_hash($hash)
709 $result = mysql_query("SELECT value FROM Hand".
710 " LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id".
711 " WHERE hash='$hash' AND pref_key='email'" );
712 $r = mysql_fetch_array($result,MYSQL_NUM);
715 if($r[0]=="emailaddict")
716 return "emailaddict";
718 return "emailnonaddict";
721 return "emailnonaddict";
724 function DB_get_email_pref_by_uid($uid)
726 $result = mysql_query("SELECT value FROM User_Prefs ".
727 " WHERE user_id='$uid' AND pref_key='email'" );
728 $r = mysql_fetch_array($result,MYSQL_NUM);
731 if($r[0]=="emailaddict")
732 return "emailaddict";
734 return "emailnonaddict";
737 return "emailnonaddict";
740 function DB_get_unused_randomnumbers($userstr)
742 $queryresult = mysql_query(" SELECT randomnumbers FROM Game".
743 " WHERE randomnumbers NOT IN".
744 " (SELECT randomnumbers FROM Game".
745 " LEFT JOIN Hand ON Game.id=Hand.game_id".
746 " WHERE user_id IN (". $userstr .")".
747 " GROUP BY randomnumbers".
751 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
758 function DB_get_number_of_passwords_recovery($user)
760 $queryresult = mysql_query("SELECT COUNT(*) FROM Recovery ".
761 " WHERE user_id=$user ".
762 " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
763 " GROUP BY user_id " );
765 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
772 function DB_set_recovery_password($user,$newpw)
774 mysql_query("INSERT INTO Recovery VALUES(NULL,".DB_quote_smart($user).
775 ",".DB_quote_smart($newpw).",NULL)");
780 function DB_get_card_name($card)
782 $queryresult = mysql_query("SELECT strength,suite FROM Card WHERE id='$card'");
784 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
786 return $r[0]." of ".$r[1];
788 return "Error during get_card_name ".$card;
791 function DB_get_current_playid($gameid)
793 $trick = DB_get_max_trickid($gameid);
795 if(!$trick) return NULL;
797 $queryresult = mysql_query("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1");
799 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
806 function DB_get_call_by_hash($hash)
808 $queryresult = mysql_query("SELECT point_call FROM Hand WHERE hash='$hash'");
810 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
817 function DB_get_partner_call_by_hash($hash)
819 $partner = DB_get_partner_hash_by_hash($hash);
823 $queryresult = mysql_query("SELECT point_call FROM Hand WHERE hash='$partner'");
825 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
833 function DB_get_partner_hash_by_hash($hash)
835 $gameid = DB_get_gameid_by_hash($hash);
836 $party = DB_get_party_by_hash($hash);
838 $queryresult = mysql_query("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'");
840 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
847 function DB_format_gameid($gameid)
849 $session = DB_get_session_by_gameid($gameid);
851 /* get number of game */
852 $result = mysql_query("SELECT COUNT(*),create_date FROM Game".
853 " WHERE session='$session' ".
854 " AND TIMEDIFF(create_date, (SELECT create_date FROM Game WHERE id='$gameid'))<=0 ".
855 " GROUP by session");
856 $r = mysql_fetch_array($result,MYSQL_NUM);
858 return $session.".".$r[0];
861 function DB_get_reminder($user,$gameid)
863 $queryresult = mysql_query("SELECT COUNT(*) FROM Reminder ".
864 " WHERE user_id=$user ".
865 " AND game_id=$gameid ".
866 " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
867 " GROUP BY user_id " );
869 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
876 function DB_set_reminder($user,$gameid)
878 mysql_query("INSERT INTO Reminder ".
879 " VALUES(NULL, ".DB_quote_smart($user).", ".DB_quote_smart($gameid).
884 function DB_is_session_active($session)
886 $queryresult = mysql_query("SELECT COUNT(*) FROM Game ".
887 " WHERE session=$session ".
888 " AND status<>'gameover' ");
890 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
897 function DB_get_score_by_gameid($gameid)
899 /* returns the points of a game from the point of the re parth (<0 if they lost) */
900 $queryresult = mysql_query("SELECT COUNT(*),party FROM Score ".
901 " WHERE game_id=$gameid ".
907 while($r = mysql_fetch_array($queryresult,MYSQL_NUM) )
911 else if ($r[1] == "contra")
915 return ($re - $contra);
918 function DB_get_gameids_of_finished_games_by_session($session)
922 $queryresult = mysql_query("SELECT id FROM Game ".
923 " WHERE session=$session ".
924 " AND status='gameover' ".
925 " ORDER BY create_date ASC");
928 while($r = mysql_fetch_array($queryresult,MYSQL_NUM) )
937 function DB_get_card_value_by_cardid($id)
939 $queryresult = mysql_query("SELECT points FROM Card ".
942 $r = mysql_fetch_array($queryresult,MYSQL_NUM);
949 function DB_get_userid($type,$var1="",$var2="")
951 /* get the userid of a user
952 * this can be done several ways, which are all handled below
953 * if a email/password combination is given and it doesn't work, we also
954 * need to check the recovery table for additional passwords
962 $result = mysql_query("SELECT id FROM User WHERE fullname=".DB_quote_smart($var1));
965 $result = mysql_query("SELECT user_id FROM Hand WHERE hash=".DB_quote_smart($var1));
968 $result = mysql_query("SELECT id FROM User WHERE password=".DB_quote_smart($var1));
971 $result = mysql_query("SELECT id FROM User WHERE email=".DB_quote_smart($var1));
973 case 'email-password':
974 $result = mysql_query("SELECT id FROM User WHERE email=".DB_quote_smart($var1)." AND password=".DB_quote_smart($var2));
975 $r = mysql_fetch_array($result,MYSQL_NUM);
976 /* test if a recovery password has been set */
979 echo "testing alternative password";
980 $result = mysql_query("SELECT User.id FROM User".
981 " LEFT JOIN Recovery ON User.id=Recovery.user_id".
982 " WHERE email=".DB_quote_smart($var1).
983 " AND Recovery.password=".DB_quote_smart($var2).
984 " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= Recovery.create_date");
987 case 'gameid-position':
988 $result = mysql_query("SELECT user_id FROM Hand WHERE game_id=".
989 DB_quote_smart($var1)." AND position=".
990 DB_quote_smart($var2));
995 $r = mysql_fetch_array($result,MYSQL_NUM);
1003 function DB_get_email($type,$var1='',$var2='')
1005 /* return the email of a user
1006 * this is used for sending out emails, but also for
1007 * testing the login for example
1012 $result = mysql_query("SELECT email FROM User WHERE fullname=".DB_quote_smart($var1)."");
1015 $result = mysql_query("SELECT email FROM User WHERE id=".DB_quote_smart($var1)."");
1018 $result = mysql_query("SELECT User.email FROM User ".
1019 "LEFT JOIN Hand ON Hand.user_id=User.id ".
1020 "WHERE Hand.hash=".DB_quote_smart($var1)."");
1022 case 'position-gameid':
1023 $result = mysql_query("SELECT email FROM User ".
1024 "LEFT JOIN Hand ON User.id=Hand.user_id ".
1025 "LEFT JOIN Game ON Game.id=Hand.game_id ".
1026 "WHERE Game.id=".DB_quote_smart($var2)." ".
1027 "AND Hand.position=".DB_quote_smart($var1)."");
1031 $r = mysql_fetch_array($result,MYSQL_NUM);
1039 function DB_get_name($type,$var1='')
1041 /* get the full name of a user
1042 * a user can be uniquely identified several ways
1047 $result = mysql_query("SELECT fullname FROM Hand LEFT JOIN User ON Hand.user_id=User.id WHERE hash=".DB_quote_smart($var1));
1050 $result = mysql_query("SELECT fullname FROM User WHERE email=".DB_quote_smart($var1));
1053 $result = mysql_query("SELECT fullname FROM User WHERE id=".DB_quote_smart($var1));
1056 $r = mysql_fetch_array($result,MYSQL_NUM);