<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012
, 2013 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
function DB_open()
{
- $version_needed = 4;
+ $version_needed = 5;
global $DB,$DB_user,$DB_host,$DB_database,$DB_password;
- $DB = @mysql_connect($DB_host,$DB_user, $DB_password);
- if ( $DB )
+ $DB = new mysqli($DB_host,$DB_user, $DB_password, $DB_database);
+ if ( $DB->connect_errno )
{
- mysql_select_db($DB_database) or die('Error: Could not select database');
- }
- else
- {
- echo mysql_errno() . ": " . mysql_error(). "\n";
+ echo "Failed to connect to Mysql ".$DB->connect_error." (".$DB->connect_errno.")\n";
return -1;
};
function DB_close()
{
global $DB;
- mysql_close($DB);
+ $DB->close();
return;
}
function DB_quote_smart($value)
{
+ global $DB;
/* Stripslashes */
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
/* Quote if not a number or a numeric string */
if (!is_numeric($value)) {
- $value = "'" . mysql_real_escape_string($value) . "'";
+ $value = "'" . $DB->real_escape_string($value) . "'";
+ $value = addcslashes($value, '%_');
}
return $value;
}
/* use Mysql in the background */
function DB_query($query)
{
+ global $DB;
/* debug/optimize the database
$time = microtime();
- $return = mysql_query($query);
- $time = $time - microtime();
+ $return = $DB->query($query);
+ $time = microtime() - $time;
- if($time > 0.05) // this way we can find only the long ones
+ if($time > 0.15) // this way we can find only the long ones
{
- $logfile=fopen('/tmp/DBlog.log','a+');
- fwrite($logfile,"EXPLAIN $query ;\n");
- fwrite($logfile,"time of above query: $time\n");
+ $logfile=fopen('DBlog.log','a+');
+ fwrite($logfile,"time of query: $time\n");
+ fwrite($logfile,wordwrap(" EXPLAIN $query ;\n", 60, "\n "));
+
+ $result = "";
+ $queryresult = mysql_query("EXPLAIN $query ;");
+ if( $queryresult )
+ while($row = DB_fetch_array($queryresult))
+ $result .= " |".implode("|",$row)."|\n";
+
+ fwrite($logfile,"$result \n\n");
fclose($logfile);
};
return $return;
*/
- return mysql_query($query);
+ return $DB->query($query);
}
function DB_fetch_array($result)
{
- return mysql_fetch_array($result,MYSQL_NUM);
+ if($result)
+ return $result->fetch_array(MYSQLI_NUM);
+ else
+ return NULL;
}
function DB_insert_id()
{
- return mysql_insert_id();
-}
-
-function DB_num_rows($result)
-{
- return mysql_num_rows($result);
+ global $DB;
+ return $DB->insert_id;
}
/* end Mysql functions */
return $version[0];
}
-function DB_get_passwd_by_name($name)
-{
- $r = DB_query_array("SELECT password FROM User WHERE fullname=".DB_quote_smart($name)."");
-
- if($r)
- return $r[0];
- else
- return "";
-}
-
function DB_get_passwd_by_userid($id)
{
$r = DB_query_array("SELECT password FROM User WHERE id=".DB_quote_smart($id)."");
/* get all preferences */
$r = DB_query('SELECT pref_key, value FROM User_Prefs'.
- " WHERE user_id='$myid' " );
+ " WHERE user_id=".DB_quote_smart($myid) );
while($pref = DB_fetch_array($r) )
{
switch($pref[0])
{
case 'cardset':
- /* licence only valid until then */
- if($pref[1]=='altenburg' && (time()-strtotime( '2012-12-31 23:59:59')<0) )
- $PREF['cardset']='altenburg';
break;
case 'email':
{
$r = DB_query_array("SELECT * FROM Rulesets".
" LEFT JOIN Game ON Game.ruleset=Rulesets.id ".
- " WHERE Game.id='$gameid'" );
+ " WHERE Game.id=".DB_quote_smart($gameid) );
$RULES['dullen'] = $r[2];
$RULES['schweinchen'] = $r[3];
{
$r = DB_query_array("SELECT value FROM Hand".
" LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id".
- " WHERE hash='$hash' AND pref_key='email'" );
+ " WHERE hash=".DB_quote_smart($hash)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_email_pref_by_uid($uid)
{
$r = DB_query_array("SELECT value FROM User_Prefs ".
- " WHERE user_id='$uid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($uid)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_number_of_passwords_recovery($user)
{
$r = DB_query_array("SELECT COUNT(*) FROM Recovery ".
- " WHERE user_id=$user ".
+ " WHERE user_id=".DB_quote_smart($user).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
return;
}
+function DB_delete_recovery_passwords($userid)
+{
+ DB_query("DELETE FROM Recovery WHERE user_id=".DB_quote_smart($userid));
+ return;
+}
+
function DB_get_card_name($card)
{
if($card==0)
return 'backside';
- $r = DB_query_array("SELECT strength,suite FROM Card WHERE id='$card'");
+ $r = DB_query_array("SELECT strength,suite FROM Card WHERE id=".DB_quote_smart($card));
if($r)
return $r[0]." of ".$r[1];
if(!$trick) return -1;
- $r = DB_query_array("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1");
+ $r = DB_query_array("SELECT id FROM Play WHERE trick_id=".DB_quote_smart($trick)." ORDER BY create_date DESC LIMIT 1");
if($r)
return $r[0];
function DB_get_call_by_hash($hash)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$hash'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($hash));
if($r)
return $r[0];
if($partner)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$partner'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($partner));
if($r)
return $r[0];
$gameid = DB_get_gameid_by_hash($hash);
$party = DB_get_party_by_hash($hash);
- $r = DB_query_array("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'");
+ $r = DB_query_array("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($gameid).
+ " AND party=".DB_quote_smart($party)." AND hash<>".DB_quote_smart($hash));
if($r)
return $r[0];
function DB_format_gameid($gameid)
{
/* get session and create date */
- $r = DB_query_array("SELECT session, create_date FROM Game WHERE id='$gameid' ");
+ $r = DB_query_array("SELECT session, create_date FROM Game WHERE id=".DB_quote_smart($gameid));
$session = $r[0];
$date = $r[1];
/* get number of game */
$r = DB_query_array("SELECT SUM(TIME_TO_SEC(TIMEDIFF(create_date, '$date'))<=0) ".
" FROM Game".
- " WHERE session='$session' ");
+ " WHERE session=".DB_quote_smart($session));
return $session.'.'.$r[0];
}
function DB_get_reminder($user,$gameid)
{
$r = DB_query_array("SELECT COUNT(*) FROM Reminder ".
- " WHERE user_id=$user ".
- " AND game_id=$gameid ".
+ " WHERE user_id=".DB_quote_smart($user).
+ " AND game_id=".DB_quote_smart($gameid).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
" GROUP BY Game.id");
else /* return games in a session */
$queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ".
- " LEFT JOIN Score on game_id=Game.id".
- " WHERE session=$session ".
- " AND status='gameover' ".
- " GROUP BY Game.id".
- " ORDER BY Game.create_date ASC");
+ " LEFT JOIN Score on game_id=Game.id".
+ " WHERE session=".DB_quote_smart($session).
+ " AND status='gameover' ".
+ " GROUP BY Game.id".
+ " ORDER BY Game.create_date ASC");
return $queryresult;
}
function DB_get_card_value_by_cardid($id)
{
$r = DB_query_array("SELECT points FROM Card ".
- " WHERE id=$id ");
+ " WHERE id=".DB_quote_smart($id));
if($r)
return $r[0];
projects / e-DoKo.git / blobdiff