X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fdb.php;h=2ea2ac0a1dca2b7aa7c6f10e6a16c272b6f9588f;hp=55d97c97e4673134418ad5a1aa49f934a65e799a;hb=dd925069d7ffca64f28017ec62e8ebe5abba5d32;hpb=f2217bfa18ba8a8ab17dd188b38777460ae0590d diff --git a/include/db.php b/include/db.php index 55d97c9..2ea2ac0 100644 --- a/include/db.php +++ b/include/db.php @@ -1,4 +1,23 @@ + * + * This file is part of e-DoKo. + * + * e-DoKo is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * e-DoKo is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with e-DoKo. If not, see . + * + */ + /* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ @@ -11,36 +30,41 @@ if(!isset($HOST)) function DB_open() { + $version_needed = 5; + global $DB,$DB_user,$DB_host,$DB_database,$DB_password; - $DB = @mysql_connect($DB_host,$DB_user, $DB_password); - if ( $DB ) - { - mysql_select_db($DB_database) or die('Could not select database'); - } - else + $DB = new mysqli($DB_host,$DB_user, $DB_password, $DB_database); + if ( $DB->connect_errno ) { - echo mysql_errno() . ": " . mysql_error(). "\n"; + echo "Failed to connect to Mysql ".$DB->connect_error." (".$DB->connect_errno.")\n"; return -1; - } + }; + + $version = DB_get_version(); + if ($version != $version_needed) + return -2; + return 0; } function DB_close() { global $DB; - mysql_close($DB); + $DB->close(); return; } function DB_quote_smart($value) { + global $DB; /* Stripslashes */ if (get_magic_quotes_gpc()) { $value = stripslashes($value); } /* Quote if not a number or a numeric string */ if (!is_numeric($value)) { - $value = "'" . mysql_real_escape_string($value) . "'"; + $value = "'" . $DB->real_escape_string($value) . "'"; + $value = addcslashes($value, '%_'); } return $value; } @@ -60,38 +84,46 @@ function DB_test() /* use Mysql in the background */ function DB_query($query) { + global $DB; /* debug/optimize the database $time = microtime(); - $return = mysql_query($query); - $time = $time - microtime(); + $return = $DB->query($query); + $time = microtime() - $time; - if($time > 0.05) // this way we can find only the long ones + if($time > 0.15) // this way we can find only the long ones { - $logfile=fopen('/tmp/DBlog.log','a+'); - fwrite($logfile,"EXPLAIN $query ;\n"); - fwrite($logfile,"time of above query: $time\n"); + $logfile=fopen('DBlog.log','a+'); + fwrite($logfile,"time of query: $time\n"); + fwrite($logfile,wordwrap(" EXPLAIN $query ;\n", 60, "\n ")); + + $result = ""; + $queryresult = mysql_query("EXPLAIN $query ;"); + if( $queryresult ) + while($row = DB_fetch_array($queryresult)) + $result .= " |".implode("|",$row)."|\n"; + + fwrite($logfile,"$result \n\n"); fclose($logfile); }; return $return; */ - return mysql_query($query); + return $DB->query($query); } function DB_fetch_array($result) { - return mysql_fetch_array($result,MYSQL_NUM); + if($result) + return $result->fetch_array(MYSQLI_NUM); + else + return NULL; } function DB_insert_id() { - return mysql_insert_id(); -} - -function DB_num_rows($result) -{ - return mysql_num_rows($result); + global $DB; + return $DB->insert_id; } /* end Mysql functions */ @@ -120,16 +152,6 @@ function DB_get_version() return $version[0]; } -function DB_get_passwd_by_name($name) -{ - $r = DB_query_array("SELECT password FROM User WHERE fullname=".DB_quote_smart($name).""); - - if($r) - return $r[0]; - else - return ""; -} - function DB_get_passwd_by_userid($id) { $r = DB_query_array("SELECT password FROM User WHERE id=".DB_quote_smart($id).""); @@ -485,7 +507,9 @@ function DB_get_names_of_new_logins($N) { $names = array(); - $result = DB_query("SELECT fullname FROM User ORDER BY create_date DESC, id DESC LIMIT $N"); + $result = DB_query("SELECT fullname FROM User". + " WHERE create_date >=(NOW() - interval 45 day)". + " ORDER BY create_date DESC, id DESC LIMIT $N"); while($r = DB_fetch_array($result)) $names[] = $r[0]; @@ -544,13 +568,31 @@ function DB_get_user_timezone($userid) return "Europe/London"; } -function DB_insert_comment($comment,$playid,$userid) +function DB_insert_comment($comment,$playid,$gameid,$userid) { - DB_query("INSERT INTO Comment VALUES (NULL,NULL,NULL,$userid,$playid, ".DB_quote_smart($comment).")"); + DB_query("INSERT INTO Comment VALUES (NULL,NULL,NULL,$userid,$playid,$gameid, ".DB_quote_smart($comment).")"); return; } +function DB_get_pre_comment($gameid) +{ + $r = DB_query_array_all("SELECT comment, User.fullname FROM Comment". + " LEFT JOIN User ON User.id=user_id". + " WHERE play_id=-1". + " AND game_id=$gameid "); + return $r; +} + +function DB_get_pre_comment_call($gameid) +{ + $r = DB_query_array_all("SELECT comment, User.fullname FROM Comment". + " LEFT JOIN User ON User.id=user_id". + " WHERE play_id=-2". + " AND game_id=$gameid "); + return $r; +} + function DB_insert_note($comment,$gameid,$userid) { DB_query("INSERT INTO Notes VALUES (NULL,NULL,NULL,$userid,$gameid, ".DB_quote_smart($comment).")"); @@ -677,14 +719,15 @@ function DB_get_hashes_by_session($session,$user) return $r; } -function DB_get_ruleset($dullen,$schweinchen,$call) +function DB_get_ruleset($dullen,$schweinchen,$call,$lowtrump) { $r = array(); $result = DB_query("SELECT id FROM Rulesets WHERE". " dullen=".DB_quote_smart($dullen)." AND ". " Rulesets.call=".DB_quote_smart($call)." AND ". - " schweinchen=".DB_quote_smart($schweinchen)); + " schweinchen=".DB_quote_smart($schweinchen)." AND ". + " lowtrump=".DB_quote_smart($lowtrump)); if($result) $r = DB_fetch_array($result); @@ -696,6 +739,7 @@ function DB_get_ruleset($dullen,$schweinchen,$call) $result = DB_query("INSERT INTO Rulesets VALUES (NULL, NULL, ". DB_quote_smart($dullen).",". DB_quote_smart($schweinchen).",". + DB_quote_smart($lowtrump).",". DB_quote_smart($call). ", NULL)"); if($result) @@ -726,6 +770,18 @@ function DB_get_party_by_gameid_and_userid($gameid,$userid) return NULL; } +function DB_get_party_by_session_and_userid($session,$userid) +{ + /* used in score table by index. gameids are sorted by date, so we need to sort here too! */ + $r = DB_query_array_all("SELECT party FROM Hand". + " LEFT JOIN Game ON Game.id = Hand.game_id". + " WHERE Game.session=".DB_quote_smart($session). + " AND user_id=".DB_quote_smart($userid)."". + " AND Game.status='gameover' ". + " ORDER BY Game.create_date ASC"); + return $r; +} + function DB_set_party_by_hash($hash,$party) { DB_query("UPDATE Hand SET party=".DB_quote_smart($party)." WHERE hash=".DB_quote_smart($hash)); @@ -744,18 +800,18 @@ function DB_get_PREF($myid) $PREF['vacation_start'] = NULL; $PREF['vacation_stop'] = NULL; $PREF['vacation_comment'] = ''; + $PREF['language'] = 'en'; /* get all preferences */ $r = DB_query('SELECT pref_key, value FROM User_Prefs'. - " WHERE user_id='$myid' " ); + " WHERE user_id=".DB_quote_smart($myid) ); while($pref = DB_fetch_array($r) ) { switch($pref[0]) { case 'cardset': - /* licence only valid until then */ - if($pref[1]=='altenburg' && (time()-strtotime( '2009-12-31 23:59:59')<0) ) - $PREF['cardset']='altenburg'; + if($pref[1]) + $PREF['cardset'] = $pref[1]; break; case 'email': @@ -797,8 +853,14 @@ function DB_get_PREF($myid) if($pref[1]) $PREF['vacation_comment'] = $pref[1]; break; + + case 'language': + if($pref[1]) + $PREF['language'] = $pref[1]; + break; } } + return $PREF; } @@ -806,11 +868,12 @@ function DB_get_RULES($gameid) { $r = DB_query_array("SELECT * FROM Rulesets". " LEFT JOIN Game ON Game.ruleset=Rulesets.id ". - " WHERE Game.id='$gameid'" ); + " WHERE Game.id=".DB_quote_smart($gameid) ); - $RULES["dullen"] = $r[2]; - $RULES["schweinchen"] = $r[3]; - $RULES["call"] = $r[4]; + $RULES['dullen'] = $r[2]; + $RULES['schweinchen'] = $r[3]; + $RULES['lowtrump'] = $r[4]; + $RULES['call'] = $r[5]; return $RULES; } @@ -819,7 +882,7 @@ function DB_get_email_pref_by_hash($hash) { $r = DB_query_array("SELECT value FROM Hand". " LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id". - " WHERE hash='$hash' AND pref_key='email'" ); + " WHERE hash=".DB_quote_smart($hash)." AND pref_key='email'" ); if($r) { if($r[0]=="emailaddict") @@ -834,7 +897,7 @@ function DB_get_email_pref_by_hash($hash) function DB_get_email_pref_by_uid($uid) { $r = DB_query_array("SELECT value FROM User_Prefs ". - " WHERE user_id='$uid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($uid)." AND pref_key='email'" ); if($r) { if($r[0]=="emailaddict") @@ -869,7 +932,7 @@ function DB_get_unused_randomnumbers($userstr) function DB_get_number_of_passwords_recovery($user) { $r = DB_query_array("SELECT COUNT(*) FROM Recovery ". - " WHERE user_id=$user ". + " WHERE user_id=".DB_quote_smart($user). " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date". " GROUP BY user_id " ); if($r) @@ -885,12 +948,18 @@ function DB_set_recovery_password($user,$newpw) return; } +function DB_delete_recovery_passwords($userid) +{ + DB_query("DELETE FROM Recovery WHERE user_id=".DB_quote_smart($userid)); + return; +} + function DB_get_card_name($card) { if($card==0) return 'backside'; - $r = DB_query_array("SELECT strength,suite FROM Card WHERE id='$card'"); + $r = DB_query_array("SELECT strength,suite FROM Card WHERE id=".DB_quote_smart($card)); if($r) return $r[0]." of ".$r[1]; @@ -900,21 +969,22 @@ function DB_get_card_name($card) function DB_get_current_playid($gameid) { + /* return playid or -1 for pre-game phase */ $trick = DB_get_max_trickid($gameid); - if(!$trick) return NULL; + if(!$trick) return -1; - $r = DB_query_array("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1"); + $r = DB_query_array("SELECT id FROM Play WHERE trick_id=".DB_quote_smart($trick)." ORDER BY create_date DESC LIMIT 1"); if($r) return $r[0]; - return ""; + return -1; } function DB_get_call_by_hash($hash) { - $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$hash'"); + $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($hash)); if($r) return $r[0]; @@ -928,7 +998,7 @@ function DB_get_partner_call_by_hash($hash) if($partner) { - $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$partner'"); + $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($partner)); if($r) return $r[0]; @@ -942,7 +1012,8 @@ function DB_get_partner_hash_by_hash($hash) $gameid = DB_get_gameid_by_hash($hash); $party = DB_get_party_by_hash($hash); - $r = DB_query_array("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'"); + $r = DB_query_array("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($gameid). + " AND party=".DB_quote_smart($party)." AND hash<>".DB_quote_smart($hash)); if($r) return $r[0]; @@ -953,22 +1024,22 @@ function DB_get_partner_hash_by_hash($hash) function DB_format_gameid($gameid) { /* get session and create date */ - $r = DB_query_array("SELECT session, create_date FROM Game WHERE id='$gameid' "); + $r = DB_query_array("SELECT session, create_date FROM Game WHERE id=".DB_quote_smart($gameid)); $session = $r[0]; $date = $r[1]; /* get number of game */ $r = DB_query_array("SELECT SUM(TIME_TO_SEC(TIMEDIFF(create_date, '$date'))<=0) ". " FROM Game". - " WHERE session='$session' "); + " WHERE session=".DB_quote_smart($session)); return $session.'.'.$r[0]; } function DB_get_reminder($user,$gameid) { $r = DB_query_array("SELECT COUNT(*) FROM Reminder ". - " WHERE user_id=$user ". - " AND game_id=$gameid ". + " WHERE user_id=".DB_quote_smart($user). + " AND game_id=".DB_quote_smart($gameid). " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date". " GROUP BY user_id " ); if($r) @@ -996,54 +1067,30 @@ function DB_is_session_active($session) return -1; } -function DB_get_score_by_gameid($gameid) -{ - /* returns the points of a game from the point of the re parth (<0 if they lost) */ - $queryresult = DB_query("SELECT COUNT(*),party FROM Score ". - " WHERE game_id=$gameid ". - " GROUP BY party "); - $re = 0; - $contra = 0; - - while($r = DB_fetch_array($queryresult) ) - { - if($r[1] == "re") - $re += $r[0]; - else if ($r[1] == "contra") - $contra += $r[0]; - }; - - return ($re - $contra); -} - function DB_get_gameids_of_finished_games_by_session($session) { $ids = array (); if($session==0) /* return all games */ - $queryresult = DB_query("SELECT id FROM Game ". - " WHERE status='gameover' ". - " ORDER BY create_date ASC"); + $queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ". + " LEFT JOIN Score on game_id=Game.id". + " WHERE status='gameover' ". + " GROUP BY Game.id"); else /* return games in a session */ - $queryresult = DB_query("SELECT id FROM Game ". - " WHERE session=$session ". - " AND status='gameover' ". - " ORDER BY create_date ASC"); + $queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ". + " LEFT JOIN Score on game_id=Game.id". + " WHERE session=".DB_quote_smart($session). + " AND status='gameover' ". + " GROUP BY Game.id". + " ORDER BY Game.create_date ASC"); - $i=0; - while($r = DB_fetch_array($queryresult) ) - { - $ids[$i] = $r[0]; - $i++; - } - - return $ids; + return $queryresult; } function DB_get_card_value_by_cardid($id) { $r = DB_query_array("SELECT points FROM Card ". - " WHERE id=$id "); + " WHERE id=".DB_quote_smart($id)); if($r) return $r[0]; @@ -1199,9 +1246,12 @@ function DB_get_number_of_tricks($gameid,$position) return $r[0]; } -function DB_digest_insert_email($To,$message) +function DB_digest_insert_email($To,$message,$type,$gameid) { - DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",NULL,".DB_quote_smart($message).")"); + if($type == GAME_YOUR_TURN) + DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",NULL,'your_turn',$gameid,".DB_quote_smart($message).")"); + else + DB_query("INSERT INTO digest_email VALUES (NULL,".DB_quote_smart($To).",NULL,'misc',NULL,".DB_quote_smart($message).")"); return; } @@ -1220,7 +1270,7 @@ function DB_get_digest_message_by_email($email) { $messages = array(); - $result = DB_query("SELECT id,content FROM digest_email Where email='$email'"); + $result = DB_query("SELECT id,content,type,game_id FROM digest_email Where email='$email'"); while($r = DB_fetch_array($result)) $messages[]=$r;