<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
if(!$sequence || $sequence==4)
{
- DB_query("INSERT INTO Trick VALUES (NULL,NULL,NULL, ".DB_quote_smart($gameid).",NULL)");
+ DB_query("INSERT INTO Trick VALUES (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,NULL,".DB_quote_smart($gameid).",NULL)");
$trickid = DB_insert_id();
$sequence = 1;
$number++;
function DB_play_card($trickid,$handcardid,$sequence)
{
- DB_query("INSERT INTO Play VALUES(NULL,NULL,NULL,".DB_quote_smart($trickid).
+ DB_query("INSERT INTO Play VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,NULL,".DB_quote_smart($trickid).
",".DB_quote_smart($handcardid).",".DB_quote_smart($sequence).")");
$playid = DB_insert_id();
{
$names = array();
- $result = DB_query("SELECT fullname FROM User ORDER BY create_date DESC, id DESC LIMIT $N");
+ $result = DB_query("SELECT fullname FROM User".
+ " WHERE create_date >=(NOW() - interval 45 day)".
+ " ORDER BY create_date DESC, id DESC LIMIT $N");
while($r = DB_fetch_array($result))
$names[] = $r[0];
function DB_insert_comment($comment,$playid,$gameid,$userid)
{
- DB_query("INSERT INTO Comment VALUES (NULL,NULL,NULL,$userid,$playid,$gameid, ".DB_quote_smart($comment).")");
+ DB_query("INSERT INTO Comment VALUES (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,NULL,$userid,$playid,$gameid, ".DB_quote_smart($comment).")");
return;
}
function DB_insert_note($comment,$gameid,$userid)
{
- DB_query("INSERT INTO Notes VALUES (NULL,NULL,NULL,$userid,$gameid, ".DB_quote_smart($comment).")");
+ DB_query("INSERT INTO Notes VALUES (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,NULL,$userid,$gameid, ".DB_quote_smart($comment).")");
return;
}
else
{
/* create new one */
- $result = DB_query("INSERT INTO Rulesets VALUES (NULL, NULL, ".
+ $result = DB_query("INSERT INTO Rulesets VALUES (CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, ".
DB_quote_smart($dullen).",".
DB_quote_smart($schweinchen).",".
DB_quote_smart($lowtrump).",".
/* get all preferences */
$r = DB_query('SELECT pref_key, value FROM User_Prefs'.
- " WHERE user_id='$myid' " );
+ " WHERE user_id=".DB_quote_smart($myid) );
while($pref = DB_fetch_array($r) )
{
switch($pref[0])
{
case 'cardset':
+ if($pref[1])
+ $PREF['cardset'] = $pref[1];
break;
case 'email':
{
$r = DB_query_array("SELECT * FROM Rulesets".
" LEFT JOIN Game ON Game.ruleset=Rulesets.id ".
- " WHERE Game.id='$gameid'" );
+ " WHERE Game.id=".DB_quote_smart($gameid) );
$RULES['dullen'] = $r[2];
$RULES['schweinchen'] = $r[3];
{
$r = DB_query_array("SELECT value FROM Hand".
" LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id".
- " WHERE hash='$hash' AND pref_key='email'" );
+ " WHERE hash=".DB_quote_smart($hash)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_email_pref_by_uid($uid)
{
$r = DB_query_array("SELECT value FROM User_Prefs ".
- " WHERE user_id='$uid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($uid)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_unused_randomnumbers($userstr)
{
/* optimized version of this query using temporary tables (perhaps we should use a procedure here?).
- First we create a copy of the Game table using just the gameid and the cards.
- Then in a second round we delete all the gameids of games where our players are in.
+ First we create a copy of the Game table using just the cards.
+ Then in a second round we delete all the randomnumbers of games where our players are in.
At the end we return only the first entry in the temporary table.
*/
DB_query("DROP TEMPORARY TABLE IF EXISTS gametmp;");
- DB_query("CREATE TEMPORARY TABLE gametmp SELECT id,randomnumbers FROM Game;");
- DB_query("DELETE FROM gametmp WHERE randomnumbers IN (SELECT randomnumbers FROM Hand LEFT JOIN Game ON Game.id=game_id WHERE user_id IN (".$userstr."));");
+ DB_query("CREATE TEMPORARY TABLE gametmp SELECT DISTINCT randomnumbers FROM Game;");
+ DB_query("DELETE FROM gametmp WHERE randomnumbers IN (SELECT DISTINCT randomnumbers FROM Game WHERE id IN (SELECT DISTINCT game_id FROM Hand WHERE user_id IN (".$userstr.")));");
$r = DB_query_array("SELECT randomnumbers FROM gametmp LIMIT 1;");
DB_query("DROP TEMPORARY TABLE IF EXISTS gametmp;");
function DB_get_number_of_passwords_recovery($user)
{
$r = DB_query_array("SELECT COUNT(*) FROM Recovery ".
- " WHERE user_id=$user ".
+ " WHERE user_id=".DB_quote_smart($user).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
function DB_set_recovery_password($user,$newpw)
{
DB_query("INSERT INTO Recovery VALUES(NULL,".DB_quote_smart($user).
- ",".DB_quote_smart($newpw).",NULL)");
+ ",".DB_quote_smart($newpw).",CURRENT_TIMESTAMP)");
return;
}
if($card==0)
return 'backside';
- $r = DB_query_array("SELECT strength,suite FROM Card WHERE id='$card'");
+ $r = DB_query_array("SELECT strength,suite FROM Card WHERE id=".DB_quote_smart($card));
if($r)
return $r[0]." of ".$r[1];
if(!$trick) return -1;
- $r = DB_query_array("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1");
+ $r = DB_query_array("SELECT id FROM Play WHERE trick_id=".DB_quote_smart($trick)." ORDER BY create_date DESC LIMIT 1");
if($r)
return $r[0];
function DB_get_call_by_hash($hash)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$hash'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($hash));
if($r)
return $r[0];
if($partner)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$partner'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($partner));
if($r)
return $r[0];
$gameid = DB_get_gameid_by_hash($hash);
$party = DB_get_party_by_hash($hash);
- $r = DB_query_array("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'");
+ $r = DB_query_array("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($gameid).
+ " AND party=".DB_quote_smart($party)." AND hash<>".DB_quote_smart($hash));
if($r)
return $r[0];
function DB_format_gameid($gameid)
{
/* get session and create date */
- $r = DB_query_array("SELECT session, create_date FROM Game WHERE id='$gameid' ");
+ $r = DB_query_array("SELECT session, create_date FROM Game WHERE id=".DB_quote_smart($gameid));
$session = $r[0];
$date = $r[1];
/* get number of game */
$r = DB_query_array("SELECT SUM(TIME_TO_SEC(TIMEDIFF(create_date, '$date'))<=0) ".
" FROM Game".
- " WHERE session='$session' ");
+ " WHERE session=".DB_quote_smart($session));
return $session.'.'.$r[0];
}
function DB_get_reminder($user,$gameid)
{
$r = DB_query_array("SELECT COUNT(*) FROM Reminder ".
- " WHERE user_id=$user ".
- " AND game_id=$gameid ".
+ " WHERE user_id=".DB_quote_smart($user).
+ " AND game_id=".DB_quote_smart($gameid).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
{
DB_query("INSERT INTO Reminder ".
" VALUES(NULL, ".DB_quote_smart($user).", ".DB_quote_smart($gameid).
- ", NULL) ");
+ ", CURRENT_TIMESTAMP) ");
return 0;
}
" GROUP BY Game.id");
else /* return games in a session */
$queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ".
- " LEFT JOIN Score on game_id=Game.id".
- " WHERE session=$session ".
- " AND status='gameover' ".
- " GROUP BY Game.id".
- " ORDER BY Game.create_date ASC");
+ " LEFT JOIN Score on game_id=Game.id".
+ " WHERE session=".DB_quote_smart($session).
+ " AND status='gameover' ".
+ " GROUP BY Game.id".
+ " ORDER BY Game.create_date ASC");
return $queryresult;
}
function DB_get_card_value_by_cardid($id)
{
$r = DB_query_array("SELECT points FROM Card ".
- " WHERE id=$id ");
+ " WHERE id=".DB_quote_smart($id));
if($r)
return $r[0];
function DB_digest_insert_email($To,$message,$type,$gameid)
{
if($type == GAME_YOUR_TURN)
- DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",NULL,'your_turn',$gameid,".DB_quote_smart($message).")");
+ DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",CURRENT_TIMESTAMP,'your_turn',$gameid,".DB_quote_smart($message).")");
else
- DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",NULL,'misc',NULL,".DB_quote_smart($message).")");
+ DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",CURRENT_TIMESTAMP,'misc',NULL,".DB_quote_smart($message).")");
return;
}