diff options
author | Benny Baumann <BenBE@cacert.org> | 2014-03-19 16:48:11 +0100 |
---|---|---|
committer | Benny Baumann <BenBE@cacert.org> | 2014-03-19 16:48:11 +0100 |
commit | b4fd0cc7a503e399aa5868746ddeba58f3555462 (patch) | |
tree | 84067c043a01ef71b7d5f60c98960b4a9d40f5a9 | |
parent | 0d483486300eaa358c49723e4ad3cd51c361cc59 (diff) | |
download | cacert-devel-bug-1260.tar.gz cacert-devel-bug-1260.tar.xz cacert-devel-bug-1260.zip |
bug 1260: Use MySQLi instead of MySQL extension for database accessbug-1260
79 files changed, 1073 insertions, 1076 deletions
diff --git a/includes/account.php b/includes/account.php index 7c3748d..55e11f5 100644 --- a/includes/account.php +++ b/includes/account.php @@ -147,8 +147,8 @@ function buildSubjectFromSession() { } $hash = make_hash(); $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; @@ -167,15 +167,15 @@ function buildSubjectFromSession() { $id = 2; $emailid = intval($_REQUEST['emailid']); $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("Error!")); echo _("You currently don't have access to the email address you selected, or you haven't verified it yet."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n"; $body .= _("You are receiving this email because you or someone else ". "has changed the default email on your account.")."\n\n"; @@ -187,7 +187,7 @@ function buildSubjectFromSession() { $_SESSION['profile']['email'] = $row['email']; $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); showheader(_("My CAcert.org Account!")); printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email'])); showfooter(); @@ -212,10 +212,10 @@ function buildSubjectFromSession() { $id = intval($id); $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and `email`!='".$_SESSION['profile']['email']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); echo $row['email']."<br>\n"; account_email_delete($row['id']); $delcount++; @@ -321,10 +321,10 @@ function buildSubjectFromSession() { if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { - $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'"); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if(!$emails) $defaultemail = $row['email']; $emails .= "$count.emailAddress = ".$row['email']."\n"; @@ -340,7 +340,7 @@ function buildSubjectFromSession() { showfooter(); exit; } - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."'")); if($_SESSION['_config']['SSO'] == 1) $emails .= "$count.emailAddress = ".$user['uniqueID']."\n"; @@ -385,11 +385,11 @@ function buildSubjectFromSession() { `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."', `description`='".$_SESSION['_config']['description']."'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); if(is_array($addys)) foreach($addys as $addy) - mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); + mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $emails); @@ -404,7 +404,7 @@ function buildSubjectFromSession() { showfooter(); exit; } - mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n"; @@ -427,7 +427,7 @@ function buildSubjectFromSession() { $defaultemail = ""; $csrsubject=""; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if(strlen($user['mname']) == 1) $user['mname'] .= '.'; if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) @@ -443,10 +443,10 @@ function buildSubjectFromSession() { if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { - $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'"); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($defaultemail == "") $defaultemail = $row['email']; $csrsubject .= "/emailAddress=".$row['email']; @@ -486,21 +486,21 @@ function buildSubjectFromSession() { `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".$_SESSION['_config']['description']."'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); if(is_array($addys)) foreach($addys as $addy) - mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'"); + mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'"); $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); - mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } waitForResult("emailcerts", $emailid, 4); $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $id = 4; showheader(_("My CAcert.org Account!")); @@ -539,10 +539,10 @@ function buildSubjectFromSession() { $newdom = trim(escapeshellarg($newdomain)); $newdomain = mysql_real_escape_string(trim($newdomain)); - $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); + $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain`='$newdomain'"); $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0"; - $res2 = mysql_query($query); - if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2)) + $res2 = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2)) { $oldid=0; $id = 7; @@ -624,8 +624,8 @@ function buildSubjectFromSession() { } $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain'])); @@ -651,8 +651,8 @@ function buildSubjectFromSession() { $hash = make_hash(); $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."', `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; - mysql_query($query); - $domainid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $domainid = mysqli_insert_id(); $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; @@ -679,10 +679,10 @@ function buildSubjectFromSession() { { $id = intval($id); $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); echo $row['domain']."<br>\n"; account_domain_delete($row['id']); } @@ -821,24 +821,24 @@ function buildSubjectFromSession() { exit; } - mysql_query($query); - $CSRid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $CSRid = mysqli_insert_id(); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname=generatecertpath("csr","server",$CSRid); rename($_SESSION['_config']['tmpfname'], $CSRname); chmod($CSRname,0644); - mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); waitForResult("domaincerts", $CSRid, 11); $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $id = 11; showheader(_("My CAcert.org Account!")); @@ -868,14 +868,14 @@ function buildSubjectFromSession() { where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") @@ -884,7 +884,7 @@ function buildSubjectFromSession() { continue; } - mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `renewed`='1' where `id`='$id'"); $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."', @@ -896,8 +896,8 @@ function buildSubjectFromSession() { `type`='".$row['type']."', `pkhash`='".$row['pkhash']."', `description`='".$row['description']."'"; - mysql_query($query); - $newid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $newid = mysqli_insert_id(); $newfile=generatecertpath("csr","server",$newid); copy($row['csr_name'], $newfile); $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`); @@ -919,17 +919,17 @@ function buildSubjectFromSession() { $subject = buildSubjectFromSession(); $subject = mysql_real_escape_string($subject); - mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n"; waitForResult("domaincerts", $newid,$oldid,0); $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { - $drow = mysql_fetch_assoc($res); + $drow = mysqli_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "<pre>\n$cert\n</pre>\n"; } @@ -959,19 +959,19 @@ function buildSubjectFromSession() { where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } @@ -990,19 +990,19 @@ function buildSubjectFromSession() { where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } - mysql_query("delete from `domaincerts` where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "delete from `domaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); @@ -1021,7 +1021,7 @@ function buildSubjectFromSession() { { $cid = intval(substr($id,14)); $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `description`='$comment' where `id`='$cid'"); } } echo(_("Certificate settings have been changed.")."<br/>\n"); @@ -1041,14 +1041,14 @@ function buildSubjectFromSession() { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") @@ -1057,7 +1057,7 @@ function buildSubjectFromSession() { continue; } - mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `renewed`='1' where `id`='$id'"); $query = "insert into emailcerts set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."', @@ -1070,21 +1070,21 @@ function buildSubjectFromSession() { `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; - mysql_query($query); - $newid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $newid = mysqli_insert_id(); $newfile=generatecertpath("csr","client",$newid); copy($row['csr_name'], $newfile); - mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'"); - $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'"); - while($r2 = mysql_fetch_assoc($res)) + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'"); + $res = mysqli_query($_SESSION['mconn'], "select * from `emaillink` where `emailcertsid`='".$row['id']."'"); + while($r2 = mysqli_fetch_assoc($res)) { - mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."', + mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailid`='".$r2['emailid']."', `emailcertsid`='$newid'"); } waitForResult("emailcerts", $newid,$oldid,0); $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { @@ -1115,19 +1115,19 @@ function buildSubjectFromSession() { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } @@ -1144,19 +1144,19 @@ function buildSubjectFromSession() { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } - mysql_query("delete from `emailcerts` where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "delete from `emailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); @@ -1175,14 +1175,14 @@ function buildSubjectFromSession() { { $cid = intval(substr($id,5)); $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1"; - mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); } if(substr($id,0,14)=="check_comment_") { $cid = intval(substr($id,14)); if(!empty($_REQUEST['check_comment_'.$cid])) { $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); } } } @@ -1257,8 +1257,8 @@ function buildSubjectFromSession() { if($oldid == 13 && $process != "") { $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; - $ddres = mysql_query($ddquery); - $ddrow = mysql_fetch_assoc($ddres); + $ddres = mysqli_query($_SESSION['mconn'], $ddquery); + $ddrow = mysqli_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; if($_SESSION['profile']['points'] == 0) @@ -1297,7 +1297,7 @@ function buildSubjectFromSession() { `suffix`='".$_SESSION['_config']['user']['suffix']."', `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } if ($showdetails!="") { $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', @@ -1311,7 +1311,7 @@ function buildSubjectFromSession() { `A4`='".$_SESSION['_config']['user']['A4']."', `A5`='".$_SESSION['_config']['user']['A5']."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } //!!!Should be rewritten @@ -1321,16 +1321,16 @@ function buildSubjectFromSession() { { $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."', `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } $_SESSION['_config']['user']['set'] = 0; - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); + $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."'")); $_SESSION['profile']['loggedin'] = 1; $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; - $ddres = mysql_query($ddquery); - $ddrow = mysql_fetch_assoc($ddres); + $ddres = mysqli_query($_SESSION['mconn'], $ddquery); + $ddrow = mysqli_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; @@ -1362,10 +1362,10 @@ function buildSubjectFromSession() { if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { - $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and + $match = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."' and (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))"); - $rc = mysql_num_rows($match); + $rc = mysqli_num_rows($match); } else { $rc = 1; } @@ -1383,7 +1383,7 @@ function buildSubjectFromSession() { _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("You failed to correctly enter your current Pass Phrase."); } else { - mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') + mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); @@ -1534,11 +1534,11 @@ function buildSubjectFromSession() { `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".$_SESSION['_config']['description']."'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) - mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); + mysqli_query($_SESSION['mconn'], "insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); @@ -1554,7 +1554,7 @@ function buildSubjectFromSession() { showfooter(); exit; } - mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; @@ -1626,22 +1626,22 @@ function buildSubjectFromSession() { `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".$_SESSION['_config']['description']."'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) - mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); + mysqli_query($_SESSION['mconn'], "insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); - mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } waitForResult("orgemailcerts", $emailid,$oldid); $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); @@ -1669,14 +1669,14 @@ function buildSubjectFromSession() { $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") @@ -1685,7 +1685,7 @@ function buildSubjectFromSession() { continue; } - mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); @@ -1703,15 +1703,15 @@ function buildSubjectFromSession() { `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; - mysql_query($query); - $newid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $newid = mysqli_insert_id(); $newfile=generatecertpath("csr","orgclient",$newid); copy($row['csr_name'], $newfile); - mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); waitForResult("orgemailcerts", $newid,$oldid,0); $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { printf(_("Certificate for '%s' has been renewed."), $row['CN']); echo "<a href='account.php?id=19&cert=$newid' target='_new'>". @@ -1742,19 +1742,19 @@ function buildSubjectFromSession() { $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } @@ -1772,19 +1772,19 @@ function buildSubjectFromSession() { $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } - mysql_query("delete from `orgemailcerts` where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "delete from `orgemailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); @@ -1803,7 +1803,7 @@ function buildSubjectFromSession() { { $cid = intval(substr($id,14)); $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `description`='$comment' where `id`='$cid'"); } } echo(_("Certificate settings have been changed.")."<br/>\n"); @@ -1869,13 +1869,13 @@ function buildSubjectFromSession() { `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'"; - $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query)); + $_SESSION['_config']['CNorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'"; - $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query)); + $_SESSION['_config']['SANorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); //echo "<pre>"; print_r($_SESSION['_config']); die; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") @@ -1933,7 +1933,7 @@ function buildSubjectFromSession() { `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; } - $org = mysql_fetch_assoc(mysql_query($query)); + $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $csrsubject = ""; if($_SESSION['_config']['OU']) @@ -1976,23 +1976,23 @@ function buildSubjectFromSession() { `type`='$type', `description`='".$_SESSION['_config']['description']."'"; } - mysql_query($query); - $CSRid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $CSRid = mysqli_insert_id(); $CSRname=generatecertpath("csr","orgserver",$CSRid); rename($_SESSION['_config']['tmpfname'], $CSRname); chmod($CSRname,0644); - mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $id) - mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); + mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $id) - mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); + mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); waitForResult("orgdomaincerts", $CSRid,$oldid); $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); @@ -2020,14 +2020,14 @@ function buildSubjectFromSession() { where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") @@ -2036,7 +2036,7 @@ function buildSubjectFromSession() { continue; } - mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); @@ -2052,24 +2052,24 @@ function buildSubjectFromSession() { `type`='".$row['type']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; - mysql_query($query); - $newid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $newid = mysqli_insert_id(); //echo "NewID: $newid<br/>\n"; $newfile=generatecertpath("csr","orgserver",$newid); copy($row['csr_name'], $newfile); - mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".$row['CN']."<br>\n"; - $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'"); - while($r2 = mysql_fetch_assoc($res)) - mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'"); + $res = mysqli_query($_SESSION['mconn'], "select * from `orgdomlink` where `orgcertid`='".$row['id']."'"); + while($r2 = mysqli_fetch_assoc($res)) + mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'"); waitForResult("orgdomaincerts", $newid,$oldid,0); $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { - $drow = mysql_fetch_assoc($res); + $drow = mysqli_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "<pre>\n$cert\n</pre>\n"; } @@ -2098,19 +2098,19 @@ function buildSubjectFromSession() { where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } @@ -2130,19 +2130,19 @@ function buildSubjectFromSession() { where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } - mysql_query("delete from `orgdomaincerts` where `id`='$id'"); + mysqli_query($_SESSION['mconn'], "delete from `orgdomaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); @@ -2161,7 +2161,7 @@ function buildSubjectFromSession() { { $cid = intval(substr($id,14)); $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `description`='$comment' where `id`='$cid'"); } } echo(_("Certificate settings have been changed.")."<br/>\n"); @@ -2211,7 +2211,7 @@ function buildSubjectFromSession() { { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { - mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."', + mysqli_query($_SESSION['mconn'], "insert into `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', @@ -2239,7 +2239,7 @@ function buildSubjectFromSession() { { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { - mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."', + mysqli_query($_SESSION['mconn'], "update `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', @@ -2256,8 +2256,8 @@ function buildSubjectFromSession() { if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST)) { $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname']))); - $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); - if(mysql_num_rows($res1) > 0) + $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain`='$domain'"); + if(mysqli_num_rows($res1) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; @@ -2273,7 +2273,7 @@ function buildSubjectFromSession() { if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"])) { - mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'"); + mysqli_query($_SESSION['mconn'], "insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); @@ -2285,9 +2285,9 @@ function buildSubjectFromSession() { { $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname']))); - $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'"); - $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); - if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) + $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'"); + $res2 = mysqli_query($_SESSION['mconn'], "select * from `domains` where `domain` like '$domain' and `deleted`=0"); + if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; @@ -2301,23 +2301,23 @@ function buildSubjectFromSession() { `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($domid)."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($domid)."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); } if($oldid == 29 && $process != "") { - $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); - mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'"); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `id`='".intval($domid)."'")); + mysqli_query($_SESSION['mconn'], "update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); @@ -2327,9 +2327,9 @@ function buildSubjectFromSession() { if($oldid == 30 && $process != "") { - $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `id`='".intval($domid)."'")); $domain = $row['domain']; - mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgdomains` where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); @@ -2346,36 +2346,36 @@ function buildSubjectFromSession() { if($oldid == 31 && $process != "") { $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) + $dres = mysqli_query($_SESSION['mconn'], $query); + while($drow = mysqli_fetch_assoc($dres)) { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($drow['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); - mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'"); - mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgdomlink` where `domid`='".intval($row['id'])."'"); } $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($drow['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); - mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'"); - mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgemailcerts` where `id`='".intval($row['id'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgemaillink` where `domid`='".intval($row['id'])."'"); } } - mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); - mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); - mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); + mysqli_query($_SESSION['mconn'], "delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'"); } if($oldid == 31) @@ -2387,7 +2387,7 @@ function buildSubjectFromSession() { if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34) { $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; - $_macc = mysql_num_rows(mysql_query($query)); + $_macc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)); if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0) { showheader(_("My CAcert.org Account!")); @@ -2400,7 +2400,7 @@ function buildSubjectFromSession() { if($id == 35 || $oldid == 35) { $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'"; - $is_orguser = mysql_num_rows(mysql_query($query)); + $is_orguser = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)); if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0) { showheader(_("My CAcert.org Account!")); @@ -2414,8 +2414,8 @@ function buildSubjectFromSession() { { $orgid = intval($_SESSION['_config']['orgid']); $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $id = 35; } @@ -2431,14 +2431,14 @@ function buildSubjectFromSession() { $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email']))); $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments']))); - $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0"); + if(mysqli_num_rows($res) <= 0) { $id = $oldid; $oldid=0; $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); } else { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if ( !is_assurer(intval($row['id'])) ) { $id = $oldid; @@ -2446,7 +2446,7 @@ function buildSubjectFromSession() { $_SESSION['_config']['errmsg'] = _("The user is not an Assurer yet"); } else { - mysql_query( + mysqli_query($_SESSION['mconn'], "insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', @@ -2460,8 +2460,8 @@ function buildSubjectFromSession() { if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); - $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'"); + if(mysqli_num_rows($res) <= 0) $id = 32; } @@ -2470,7 +2470,7 @@ function buildSubjectFromSession() { $orgid = intval($_SESSION['_config']['orgid']); $memid = intval($_REQUEST['memid']); $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } if($oldid == 34 || $oldid == 33) @@ -2482,7 +2482,7 @@ function buildSubjectFromSession() { if($id == 36) { - $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); $_REQUEST['general'] = $row['general']; $_REQUEST['country'] = $row['country']; $_REQUEST['regional'] = $row['regional']; @@ -2491,7 +2491,7 @@ function buildSubjectFromSession() { if($oldid == 36) { - $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); if($rc > 0) { $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."', @@ -2506,7 +2506,7 @@ function buildSubjectFromSession() { `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."', `memid`='".intval($_SESSION['profile']['id'])."'"; } - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $id = $oldid; $oldid=0; } @@ -2519,7 +2519,7 @@ function buildSubjectFromSession() { { if($key == $lang) { - mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'"); + mysqli_query($_SESSION['mconn'], "update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'"); $_SESSION['profile']['language'] = $lang; showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); @@ -2539,7 +2539,7 @@ function buildSubjectFromSession() { csrf_check("seclang"); $addlang = mysql_real_escape_string($_REQUEST['addlang']); // Does the language exist? - mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'"); + mysqli_query($_SESSION['mconn'], "insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'"); showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); showfooter(); @@ -2550,7 +2550,7 @@ function buildSubjectFromSession() { { csrf_check("seclang"); $remove = mysql_real_escape_string($_REQUEST['remove']); - mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'"); + mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'"); showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); showfooter(); @@ -2593,58 +2593,58 @@ function buildSubjectFromSession() { if($locid > 0 && $action == "edit") { $query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'"; - mysql_query($query); - $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); + mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "edit") { $query = "update `regions` set `name`='$name' where `id`='$regid'"; - mysql_query($query); - $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); + mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'")); $_REQUEST['ccid'] = $row['ccid']; unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "add") { - $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `ccid` from `regions` where `id`='$regid'")); $ccid = $row['ccid']; $query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($ccid > 0 && $action == "add" && $name != "") { $query = "insert into `regions` set `ccid`='$ccid', `name`='$name'"; - mysql_query($query); - $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); + mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'")); unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($locid > 0 && $action == "delete") { - $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; - mysql_query("delete from `localias` where `locid`='$locid'"); - mysql_query("delete from `locations` where `id`='$locid'"); + mysqli_query($_SESSION['mconn'], "delete from `localias` where `locid`='$locid'"); + mysqli_query($_SESSION['mconn'], "delete from `locations` where `id`='$locid'"); unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($locid > 0 && $action == "move") { - $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'")); $oldregid = $row['regid']; - mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'"); - mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'"); - $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); + mysqli_query($_SESSION['mconn'], "update `locations` set `regid`='$newreg' where `id`='$locid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `regid`='$newreg' where `regid`='$oldregid'"); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "delete") { - $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'")); $_REQUEST['ccid'] = $row['ccid']; - mysql_query("delete from `locations` where `regid`='$regid'"); - mysql_query("delete from `regions` where `id`='$regid'"); + mysqli_query($_SESSION['mconn'], "delete from `locations` where `regid`='$regid'"); + mysqli_query($_SESSION['mconn'], "delete from `regions` where `id`='$regid'"); unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); @@ -2653,12 +2653,12 @@ function buildSubjectFromSession() { $_REQUEST['action'] = "aliases"; $_REQUEST['locid'] = $locid; $name = htmlentities($name); - $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'"); + $row = mysqli_query($_SESSION['mconn'], "insert into `localias` set `locid`='$locid',`name`='$name'"); } else if($locid > 0 && $action == "delalias") { $id = 54; $_REQUEST['action'] = "aliases"; $_REQUEST['locid'] = $locid; - $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'"); + $row = mysqli_query($_SESSION['mconn'], "delete from `localias` where `locid`='$locid' and `name`='$name'"); } } @@ -2687,12 +2687,12 @@ function buildSubjectFromSession() { $year = intval($_REQUEST['year']); $userid = intval($_REQUEST['userid']); $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; - $details = mysql_fetch_assoc(mysql_query($query)); + $details = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } if($oldid == 43 && $_REQUEST['action'] == 'revokecert') @@ -2718,7 +2718,7 @@ function buildSubjectFromSession() { { if($_REQUEST['userid'] != "") $_REQUEST['userid'] = intval($_REQUEST['userid']); - $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); if($row['email'] == "") $id = 42; else @@ -2732,8 +2732,8 @@ function buildSubjectFromSession() { { echo _("No such user found."); } else { - mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); - $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); + mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); @@ -2813,24 +2813,24 @@ function buildSubjectFromSession() { `CN`='".$_SESSION['_config']['0.CN']."', `domid`='".$_SESSION['_config']['row']['id']."', `created`=NOW()"; - mysql_query($query); - $CSRid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $CSRid = mysqli_insert_id(); foreach($_SESSION['_config']['rowid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname=generatecertpath("csr","server",$CSRid); $fp = fopen($CSRname, "w"); fputs($fp, $_SESSION['_config']['CSR']); fclose($fp); - mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); waitForResult("domaincerts", $CSRid,$oldid); $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); @@ -2847,9 +2847,9 @@ function buildSubjectFromSession() { { $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['tverify']; - mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `tverify`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0) @@ -2857,18 +2857,18 @@ function buildSubjectFromSession() { csrf_check('admsetassuret'); $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['assurer']; - mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `assurer`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['assurer_blocked']; - mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) @@ -2876,9 +2876,9 @@ function buildSubjectFromSession() { csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['locked']; - mysql_query("update `users` set `locked`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `locked`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0) @@ -2886,9 +2886,9 @@ function buildSubjectFromSession() { csrf_check('admcodesign'); $memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['codesign']; - mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `codesign`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0) @@ -2896,9 +2896,9 @@ function buildSubjectFromSession() { csrf_check('admorgadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['orgadmin']; - mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `orgadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0) @@ -2906,29 +2906,29 @@ function buildSubjectFromSession() { csrf_check('admttpadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['ttpadmin']; - mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `ttpadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = $row['adadmin'] + 1; if($ver > 2) $ver = 0; - mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `adadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['locadmin']; - mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `locadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0) @@ -2936,45 +2936,45 @@ function buildSubjectFromSession() { csrf_check('admsetadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['admin']); $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['admin']; - mysql_query("update `users` set `admin`='$ver' where `id`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `admin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['general']); $query = "select * from `alerts` where `memid`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['general']; - mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `alerts` set `general`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['country']); $query = "select * from `alerts` where `memid`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['country']; - mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `alerts` set `country`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['regional']); $query = "select * from `alerts` where `memid`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['regional']; - mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `alerts` set `regional`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['radius']); $query = "select * from `alerts` where `memid`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $ver = !$row['radius']; - mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'"); + mysqli_query($_SESSION['mconn'], "update `alerts` set `radius`='$ver' where `memid`='$memid'"); } if($id == 50) @@ -2982,7 +2982,7 @@ function buildSubjectFromSession() { if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "") $_REQUEST['userid'] = intval($_REQUEST['userid']); - $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); if($row['email'] == "") $id = 42; else @@ -3045,7 +3045,7 @@ function buildSubjectFromSession() { { $uid = intval($_REQUEST['uid']); $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $rc = mysql_num_rows(mysql_query($query)); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)); if($rc <= 0) { showheader(_("My CAcert.org Account!")); @@ -3058,7 +3058,7 @@ function buildSubjectFromSession() { if($oldid == 52) { $query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'"; - $rc = mysql_num_rows(mysql_query($query)); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)); if($rc > 0) { showheader(_("My CAcert.org Account!")); @@ -3079,16 +3079,16 @@ function buildSubjectFromSession() { `memid`='".$_SESSION['profile']['id']."', `when`=NOW(), `vote`='$vote', `comment`='".mysql_real_escape_string($_REQUEST['comment'])."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); - $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); if($rc >= 8) { - mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); - $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); + mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$uid'"); + $tverify = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); - $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'")); + $tmp = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `points` from `notary` where `to`='$memid'")); $points = 0; if($tverify['URL'] != "" && $tverify['photoid'] != "") @@ -3103,15 +3103,15 @@ function buildSubjectFromSession() { if($points > 0) { - mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points', + mysqli_query($_SESSION['mconn'], "insert into `notary` set `from`='0', `to`='$memid', `points`='$points', `method`='Thawte Points Transfer', `when`=NOW()"); fix_assurer_flag($memid); } $totalpoints = intval($tmp['points']) + $points; $body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n"; - $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"); + while($row = mysqli_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; @@ -3120,17 +3120,17 @@ function buildSubjectFromSession() { sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); } - $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'")); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'")); if($rc >= 4) { - mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); - $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); + mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$uid'"); + $tverify = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'")); $body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n"; - $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"); + while($row = mysqli_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; diff --git a/includes/account_stuff.php b/includes/account_stuff.php index dbebf6a..39d21a8 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -199,7 +199,7 @@ function hideall() { <h3 class="pointer" onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3> <ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul> </div> -<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> +<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3> <ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul> @@ -209,7 +209,7 @@ function hideall() { <ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul> </div> <? } ?> -<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> +<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3> <ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul> diff --git a/includes/general.php b/includes/general.php index 95ed64a..7981e24 100644 --- a/includes/general.php +++ b/includes/general.php @@ -79,12 +79,12 @@ if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0) { - $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'")); + $locked = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'")); if($locked['locked'] == 0) { $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; } else { $_SESSION['profile'] = ""; @@ -288,11 +288,11 @@ $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { $cnok = 1; - $_SESSION['_config']['row'] = mysql_fetch_assoc($res); + $_SESSION['_config']['row'] = mysqli_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } @@ -340,11 +340,11 @@ $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { $altok = 1; - $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); + $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } @@ -382,10 +382,10 @@ `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $_SESSION['_config']['row'] = mysql_fetch_assoc($res); + $_SESSION['_config']['row'] = mysqli_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } @@ -430,10 +430,10 @@ `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); + $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } @@ -462,10 +462,10 @@ and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $_SESSION['_config']['row'] = mysql_fetch_assoc($res); + $_SESSION['_config']['row'] = mysqli_fetch_assoc($res); return(true); } } @@ -478,12 +478,12 @@ $id = $_SESSION['profile']['id']; $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $points = $row['points']; $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18)); $query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'"; - if(mysql_num_rows(mysql_query($query)) < 1) + if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) < 1) { if($points >= 100) return(10); @@ -582,7 +582,7 @@ $line = mysql_real_escape_string(trim(strip_tags($line))); $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'"; if(is_array($_SESSION['profile'])) $query.=", `uid`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); if(substr($line, 0, 3) != "250") return $line; @@ -593,7 +593,7 @@ } $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."', `email`='$myemail', `result`='Failed to make a connection to the mail server'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); return _("Failed to make a connection to the mail server"); } @@ -614,8 +614,8 @@ $query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''"; else $query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { $found = 1; break; @@ -627,10 +627,10 @@ { if($show) showheader(_("My CAcert.org Account!")); $query = "select * from `$table` where `id`='".intval($certid)."' "; - $res = mysql_query($query); + $res = mysqli_query($_SESSION['mconn'], $query); $body=""; $subject=""; - if(mysql_num_rows($res) > 0) + if(mysqli_num_rows($res) > 0) { printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status.")); $subject="[CAcert.org] Certificate TIMEOUT"; @@ -657,8 +657,8 @@ function generateTicket() { $query = "insert into tickets (timestamp) values (now()) "; - mysql_query($query); - $ticket = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $ticket = mysqli_insert_id(); return $ticket; } @@ -786,17 +786,17 @@ /** * Run the sql query given in $sql. - * The resource returned by mysql_query is + * The resource returned by mysqli_query is * returned by this function. * - * It should be safe to replace every mysql_query - * call by a mysql_extended_query call. + * It should be safe to replace every mysqli_query + * call by a mysqli_extended_query call. */ function mysql_timed_query($sql) { global $sql_data_log; $query_start = microtime(true); - $res = mysql_query($sql); + $res = mysqli_query($_SESSION['mconn'], $sql); $query_end = microtime(true); $sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start); return $res; diff --git a/includes/general_stuff.php b/includes/general_stuff.php index 4c1bd30..a4728f7 100644 --- a/includes/general_stuff.php +++ b/includes/general_stuff.php @@ -69,8 +69,8 @@ google_color_border = "FFFFFF"; <h3 class="pointer" onclick="explode('recom')"><?=_("Advertising")?></h3> <ul class="menu" id="recom"><? $query = "select * from `advertising` where `expires`>NOW() and `active`=1"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) echo "<li><a href='$row[link]' target='_blank'>$row[title]</a></li>"; ?></ul> </div> diff --git a/includes/lib/account.php b/includes/lib/account.php index e311668..1876d7e 100644 --- a/includes/lib/account.php +++ b/includes/lib/account.php @@ -54,7 +54,7 @@ function fix_assurer_flag($userID = NULL) OR `n`.`expire` IS NULL) ) >= 100'; - $query = mysql_query($sql); + $query = mysqli_query($_SESSION['mconn'], $sql); if (!$query) { return false; } @@ -89,10 +89,10 @@ function fix_assurer_flag($userID = NULL) ) < 100 )'; - $query = mysql_query($sql); + $query = mysqli_query($_SESSION['mconn'], $sql); if (!$query) { return false; } return true; -}
\ No newline at end of file +} diff --git a/includes/lib/general.php b/includes/lib/general.php index 85b132d..0bfabd5 100644 --- a/includes/lib/general.php +++ b/includes/lib/general.php @@ -32,15 +32,15 @@ function get_user_id_from_cert($serial, $issuer_cn) { $query = "select `memid` from `emailcerts` where - `serial`='".mysql_escape_string($serial)."' and + `serial`='".mysql_real_escape_string($serial)."' and `rootcert`= (select `id` from `root_certs` where - `Cert_Text`='".mysql_escape_string($issuer_cn)."') and + `Cert_Text`='".mysql_real_escape_string($issuer_cn)."') and `revoked`=0 and disablelogin=0 and UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); return intval($row['memid']); } @@ -130,7 +130,7 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) { } } - // returns 0 if $userID is an Assurer + // returns 0 if $userID is an Assurer // Otherwise : // Bit 0 is always set // Bit 1 is set if 100 Assurance Points are not reached @@ -139,25 +139,24 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) { function get_assurer_status($userID) { $Result = 0; - $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '. + $query = mysqli_query($_SESSION['mconn'], 'SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '. ' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\''); - if(mysql_num_rows($query) < 1) + if(mysqli_num_rows($query) < 1) { $Result |= 5; } - $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()'); - $row = mysql_fetch_assoc($query); + $query = mysqli_query($_SESSION['mconn'], 'SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()'); + $row = mysqli_fetch_assoc($query); if ($row['points'] < 100) { $Result |= 3; } - $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\''); - $row = mysql_fetch_assoc($query); + $query = mysqli_query($_SESSION['mconn'], 'SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\''); + $row = mysqli_fetch_assoc($query); if ($row['assurer_blocked'] > 0) { $Result |= 9; } return $Result; } -
\ No newline at end of file diff --git a/includes/loggedin.php b/includes/loggedin.php index 4f9b8e8..0ff24be 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -43,7 +43,7 @@ //session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); + $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$uid'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -69,7 +69,7 @@ //session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$user_id."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; @@ -114,15 +114,15 @@ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0) { $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } else { L10n::set_translation($_SESSION['profile']['language']); L10n::init_gettext(); diff --git a/includes/notary.inc.php b/includes/notary.inc.php index b34b2f4..18a7d91 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -18,18 +18,18 @@ function query_init ($query) { - return mysql_query($query); + return mysqli_query($_SESSION['mconn'], $query); } function query_getnextrow ($res) { - $row1 = mysql_fetch_assoc($res); + $row1 = mysqli_fetch_assoc($res); return $row1; } function query_get_number_of_rows ($resultset) { - return intval(mysql_num_rows($resultset)); + return intval(mysqli_num_rows($resultset)); } function get_number_of_assurances ($userid) @@ -102,7 +102,7 @@ function get_user ($userid) { $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); - return mysql_fetch_assoc($res); + return mysqli_fetch_assoc($res); } function get_cats_state ($userid) @@ -110,7 +110,7 @@ $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); - return mysql_num_rows($res); + return mysqli_num_rows($res); } function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) @@ -386,7 +386,7 @@ $points = 0; $sumexperience = 0; $res = get_given_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { $fromuser = get_user (intval($row['to'])); $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked); @@ -403,7 +403,7 @@ $points = 0; $sumexperience = 0; $res = get_received_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { $fromuser = get_user (intval($row['from'])); calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked); @@ -484,7 +484,7 @@ } $res = get_received_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { $points = calc_points ($row); @@ -497,7 +497,7 @@ } $res = get_given_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { switch ($row['method']) { @@ -636,7 +636,7 @@ // write a new record to the table user_agreement $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid). ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ; - $res = mysql_query($query); + $res = mysqli_query($_SESSION['mconn'], $query); } /** @@ -649,8 +649,8 @@ function get_user_agreement_status($memid, $type="CCA"){ $query="SELECT u.`document` FROM `user_agreements` u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ; - $res = mysql_query($query); - if(mysql_num_rows($res) <=0){ + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <=0){ return 0; }else{ return 1; @@ -670,9 +670,9 @@ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) . " ORDER BY u.`date` Limit 1;"; - $res = mysql_query($query); - if(mysql_num_rows($res) >0){ - $rec = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) >0){ + $rec = mysqli_fetch_assoc($res); }else{ $rec=array(); } @@ -689,9 +689,9 @@ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ; - $res = mysql_query($query); - if(mysql_num_rows($res) >0){ - $rec = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) >0){ + $rec = mysqli_fetch_assoc($res); }else{ $rec=array(); } @@ -712,7 +712,7 @@ } else { $filter = " and `document` = '" . mysql_real_escape_string($type) . "'"; } - mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); + mysqli_query($_SESSION['mconn'], "delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); } // functions for 6.php (assure somebody) @@ -814,7 +814,7 @@ $mailid = intval($mailid); revoke_all_client_cert($mailid); $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } function account_domain_delete($domainid){ @@ -825,7 +825,7 @@ //called from account_delete $domainid = intval($domainid); revoke_all_server_cert($domainid); - mysql_query( + mysqli_query($_SESSION['mconn'], "update `domains` set `deleted`=NOW() where `id` = '$domainid'"); @@ -847,33 +847,33 @@ { $password .= substr($pool,(rand()%(strlen ($pool))), 1); } - mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'"); + mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$password."') where `id`='".$id."'"); //create new mail for arbitration number $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); //set new mail as default $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); //delete all other email address $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ; - $res=mysql_query($query); - while($row = mysql_fetch_assoc($res)){ + $res=mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)){ account_email_delete($row['id']); } //delete all domains $query = "select `id` from `domains` where `memid`='".$id."'"; - $res=mysql_query($query); - while($row = mysql_fetch_assoc($res)){ + $res=mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)){ account_domain_delete($row['id']); } //clear alert settings - mysql_query( + mysqli_query($_SESSION['mconn'], "update `alerts` set `general`='0', `country`='0', @@ -883,17 +883,17 @@ //set default location $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); //clear listings $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); //set lanuage to default //set default language - mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'"); + mysqli_query($_SESSION['mconn'], "update `users` set `language`='en_AU' where `id`='".$id."'"); //delete secondary langugaes - mysql_query("delete from `addlang` where `userid`='".$id."'"); + mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".$id."'"); //change secret questions for($i=1;$i<=5;$i++){ @@ -905,25 +905,25 @@ $a .= substr($pool,(rand()%(strlen ($pool))), 1); } $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } //change personal information to arbitration number and DOB=1900-01-01 $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; - $details = mysql_fetch_assoc(mysql_query($query)); + $details = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "update `users` set `fname`='".$arbno."', `mname`='".$arbno."', `lname`='".$arbno."', `suffix`='".$arbno."', `dob`='1900-01-01' where `id`='".$id."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); //clear all admin and board flags - mysql_query( + mysqli_query($_SESSION['mconn'], "update `users` set `assurer`='0', `assurer_blocked`='0', @@ -938,7 +938,7 @@ where `id`='$id'"); //block account - mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now() + mysqli_query($_SESSION['mconn'], "update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now() } @@ -947,8 +947,8 @@ // called from includes/account.php if($oldid == 50 && $process != "") $email = mysql_real_escape_string($email); $query = "select 1 from `email` where `email`='$email' and `deleted`=0"; - $res = mysql_query($query); - return mysql_num_rows($res) > 0; + $res = mysqli_query($_SESSION['mconn'], $query); + return mysqli_num_rows($res) > 0; } function check_gpg_cert_running($uid,$cca=0){ @@ -960,8 +960,8 @@ }else{ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; } - $res = mysql_query($query); - return mysql_num_rows($res) > 0; + $res = mysqli_query($_SESSION['mconn'], $query); + return mysqli_num_rows($res) > 0; } function check_client_cert_running($uid,$cca=0){ @@ -975,10 +975,10 @@ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; } - $res = mysql_query($query1); - $r1 = mysql_num_rows($res)>0; - $res = mysql_query($query2); - $r2 = mysql_num_rows($res)>0; + $res = mysqli_query($_SESSION['mconn'], $query1); + $r1 = mysqli_num_rows($res)>0; + $res = mysqli_query($_SESSION['mconn'], $query2); + $r2 = mysqli_num_rows($res)>0; return !!($r1 || $r2); } @@ -1011,10 +1011,10 @@ where `domains`.`memid` = '$uid' and `revoked`>(NOW()-90*86400)"; } - $res = mysql_query($query1); - $r1 = mysql_num_rows($res)>0; - $res = mysql_query($query2); - $r2 = mysql_num_rows($res)>0; + $res = mysqli_query($_SESSION['mconn'], $query1); + $r1 = mysqli_num_rows($res)>0; + $res = mysqli_query($_SESSION['mconn'], $query2); + $r2 = mysqli_num_rows($res)>0; return !!($r1 || $r2); } @@ -1022,8 +1022,8 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; - $res = mysql_query($query); - return mysql_num_rows($res) > 0; + $res = mysqli_query($_SESSION['mconn'], $query); + return mysqli_num_rows($res) > 0; } @@ -1035,9 +1035,9 @@ from `emaillink`,`emailcerts` where `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0 group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)){ - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + $dres = mysqli_query($_SESSION['mconn'], $query); + while($drow = mysqli_fetch_assoc($dres)){ + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); } } @@ -1053,10 +1053,10 @@ from `domaincerts`, `domlink` where `domaincerts`.`id` = `domlink`.`certid` and `domlink`.`domid` = '$domainid'"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) + $dres = mysqli_query($_SESSION['mconn'], $query); + while($drow = mysqli_fetch_assoc($dres)) { - mysql_query( + mysqli_query($_SESSION['mconn'], "update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id` = '".$drow['id']."' @@ -1069,15 +1069,15 @@ //gpg revokation needs to be added to a later point $uid=intval($uid); $query = "select `id` from `email` where `memid`='".$uid."'"; - $res=mysql_query($query); - while($row = mysql_fetch_assoc($res)){ + $res=mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)){ revoke_all_client_cert($row['id']); } $query = "select `id` from `domains` where `memid`='".$uid."'"; - $res=mysql_query($query); - while($row = mysql_fetch_assoc($res)){ + $res=mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)){ revoke_all_server_cert($row['id']); } } diff --git a/pages/account/12.php b/pages/account/12.php index 9058a07..f597c27 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -46,15 +46,15 @@ } $query .= "ORDER BY `domaincerts`.`modified` desc"; //echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> <tr> <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td> </tr> <? } else { - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); diff --git a/pages/account/13.php b/pages/account/13.php index 08f325d..9e55862 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -17,8 +17,8 @@ */ ?> <? $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; - $res = mysql_query($query); - $user = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $user = mysqli_fetch_assoc($res); $year = intval(substr($user['dob'], 0, 4)); $month = intval(substr($user['dob'], 5, 2)); diff --git a/pages/account/15.php b/pages/account/15.php index 6cd3115..09df503 100644 --- a/pages/account/15.php +++ b/pages/account/15.php @@ -21,14 +21,14 @@ $query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and `domains`.`memid`='".intval($_SESSION['profile']['id'])."' and `domains`.`id`=`domaincerts`.`domid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("No such certificate attached to your account."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); $cert = `/usr/bin/openssl x509 -in $crtname`; ?> diff --git a/pages/account/18.php b/pages/account/18.php index 9ab13b2..77c4b97 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -37,9 +37,9 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c from `org`, `orginfo` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid` ORDER BY `orginfo`.`O` "; - $reso = mysql_query($query); - if(mysql_num_rows($reso) >= 1){ - while($row = mysql_fetch_assoc($reso)){ + $reso = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($reso) >= 1){ + while($row = mysqli_fetch_assoc($reso)){ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']); } }?> @@ -105,8 +105,8 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc"; break; } - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> @@ -115,7 +115,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c </tr> <? } else { $orgname=''; - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if ($row['O']<>$orgname) { $orgname=$row['O'];?> diff --git a/pages/account/19.php b/pages/account/19.php index 6a2749c..3e3478d 100644 --- a/pages/account/19.php +++ b/pages/account/19.php @@ -21,15 +21,15 @@ $query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); echo _("No such certificate attached to your account."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); $cert = `/usr/bin/openssl x509 -in $crtname`; diff --git a/pages/account/2.php b/pages/account/2.php index 36421f9..0894dd0 100644 --- a/pages/account/2.php +++ b/pages/account/2.php @@ -28,8 +28,8 @@ <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { if($row['hash'] == "") $verified = _("Verified"); diff --git a/pages/account/22.php b/pages/account/22.php index 0413da0..6bc0b4d 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -37,9 +37,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_ from `org`, `orginfo` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid` ORDER BY `orginfo`.`O` "; - $reso = mysql_query($query); - if(mysql_num_rows($reso) >= 1){ - while($row = mysql_fetch_assoc($reso)){ + $reso = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($reso) >= 1){ + while($row = mysqli_fetch_assoc($reso)){ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']); } }?> @@ -107,8 +107,8 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_ //echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> <tr> @@ -116,7 +116,7 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_ </tr> <? } else { $orgname=''; - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if ($row['O']<>$orgname) { $orgname=$row['O'];?> diff --git a/pages/account/23.php b/pages/account/23.php index 4ec56c3..f8c7a9b 100644 --- a/pages/account/23.php +++ b/pages/account/23.php @@ -21,14 +21,14 @@ $query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgdomaincerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("No such certificate attached to your account."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); $cert = `/usr/bin/openssl x509 -in $crtname`; ?> diff --git a/pages/account/25.php b/pages/account/25.php index a70f608..8241852 100644 --- a/pages/account/25.php +++ b/pages/account/25.php @@ -54,13 +54,13 @@ // Safe because $order_by only contains fixed strings $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by); - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'"); - $admincount = mysql_num_rows($r2); - $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'"); - $domcount = mysql_num_rows($r2); + $r2 = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='".intval($row['id'])."'"); + $admincount = mysqli_num_rows($r2); + $r2 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `orgid`='".intval($row['id'])."'"); + $domcount = mysqli_num_rows($r2); ?> <tr> <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td> diff --git a/pages/account/26.php b/pages/account/26.php index f8b195d..99a2bd2 100644 --- a/pages/account/26.php +++ b/pages/account/26.php @@ -17,7 +17,7 @@ */ ?> <? $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> @@ -30,8 +30,8 @@ </tr> <? $query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td> diff --git a/pages/account/27.php b/pages/account/27.php index a1086d4..9b229d4 100644 --- a/pages/account/27.php +++ b/pages/account/27.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'")); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> diff --git a/pages/account/28.php b/pages/account/28.php index 1212f9c..7d7f7aa 100644 --- a/pages/account/28.php +++ b/pages/account/28.php @@ -17,7 +17,7 @@ */ ?> <? $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> diff --git a/pages/account/29.php b/pages/account/29.php index 4229b3b..2132826 100644 --- a/pages/account/29.php +++ b/pages/account/29.php @@ -17,9 +17,9 @@ */ ?> <? $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $org = mysql_fetch_assoc(mysql_query($query)); + $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $_SESSION['_config']['domain'] = $row['domain']; ?> diff --git a/pages/account/3.php b/pages/account/3.php index 7e34300..2684631 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -37,8 +37,8 @@ <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> diff --git a/pages/account/30.php b/pages/account/30.php index 04ad229..8cf1a03 100644 --- a/pages/account/30.php +++ b/pages/account/30.php @@ -17,9 +17,9 @@ */ ?> <? $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $org = mysql_fetch_assoc(mysql_query($query)); + $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $_SESSION['_config']['domain'] = $row['domain']; ?> diff --git a/pages/account/31.php b/pages/account/31.php index 9f3d27e..033d177 100644 --- a/pages/account/31.php +++ b/pages/account/31.php @@ -17,7 +17,7 @@ */ ?> <? $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $org = mysql_fetch_assoc(mysql_query($query)); + $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); ?> <form method="post" action="account.php"> diff --git a/pages/account/32.php b/pages/account/32.php index a05c927..6bb92ce 100644 --- a/pages/account/32.php +++ b/pages/account/32.php @@ -17,7 +17,7 @@ */ ?> <? $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500"> <tr> @@ -32,10 +32,10 @@ </tr> <? $query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['memid'])."'")); ?> <tr> <td class="DataTD"><a href='mailto:<?=sanitizeHTML($user['email'])?>'><?=sanitizeHTML($user['fname'])?> <?=sanitizeHTML($user['lname'])?></a></td> diff --git a/pages/account/33.php b/pages/account/33.php index 9e2f67a..a8f894b 100644 --- a/pages/account/33.php +++ b/pages/account/33.php @@ -17,7 +17,7 @@ */ ?> <? $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); // Reset session variables regarding OrgAdmin's, present empty form if (array_key_exists('email',$_SESSION['_config'])) $_SESSION['_config']['email']=""; diff --git a/pages/account/34.php b/pages/account/34.php index b11bc7d..5c6c8b8 100644 --- a/pages/account/34.php +++ b/pages/account/34.php @@ -17,11 +17,11 @@ */ ?> <? $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; - $org = mysql_fetch_assoc(mysql_query($query)); + $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'"; - $user = mysql_fetch_assoc(mysql_query($query)); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $_SESSION['_config']['domain'] = $row['domain']; ?> diff --git a/pages/account/35.php b/pages/account/35.php index 05c7f2b..64f62e1 100644 --- a/pages/account/35.php +++ b/pages/account/35.php @@ -24,8 +24,8 @@ $query = "select * where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; -$res = mysql_query($query); -while($row = mysql_fetch_assoc($res)) +$res = mysqli_query($_SESSION['mconn'], $query); +while($row = mysqli_fetch_assoc($res)) { ?> <tr> @@ -55,8 +55,8 @@ while($row = mysql_fetch_assoc($res)) //domain info $query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'"; - $res1 = mysql_query($query); - while($domain = mysql_fetch_assoc($res1)) + $res1 = mysqli_query($_SESSION['mconn'], $query); + while($domain = mysqli_fetch_assoc($res1)) { ?> <tr> @@ -76,10 +76,10 @@ while($row = mysql_fetch_assoc($res)) //org admins $query = "select * from `org` where `orgid`='".intval($row['id'])."'"; - $res2 = mysql_query($query); - while($org = mysql_fetch_assoc($res2)) + $res2 = mysqli_query($_SESSION['mconn'], $query); + while($org = mysqli_fetch_assoc($res2)) { - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($org['memid'])."'")); ?> <tr> <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td> diff --git a/pages/account/41.php b/pages/account/41.php index d61d8db..2cd490b 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -54,10 +54,10 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); </tr> <? $query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'")); + $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> @@ -70,8 +70,8 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); <td class="DataTD"><select name="addlang"> <? $query = "select * from `languages` order by `locale`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { printf("<option value=\"%s\">[%s] %s (%s)</option>\n", sanitizeHTML($row['locale']), diff --git a/pages/account/43.php b/pages/account/43.php index 53b24d3..c2689d1 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -21,13 +21,13 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $assurance = mysql_real_escape_string(intval($_REQUEST['assurance'])); $row = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); + $res = mysqli_query($_SESSION['mconn'], "select `to` from `notary` where `id`='$assurance'"); if ($res) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); } - mysql_query("delete from `notary` where `id`='$assurance'"); + mysqli_query($_SESSION['mconn'], "delete from `notary` where `id`='$assurance'"); if ($row) { fix_assurer_flag($row['to']); } @@ -37,7 +37,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); { $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -63,8 +63,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); group by `users`.`id` limit 100"; } // bug-975 ted+uli changes --- end - $res = mysql_query($query); - if(mysql_num_rows($res) > 1) { ?> + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> @@ -74,24 +74,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td class="DataTD"><?=_("Email")?></td> </tr> <? - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> </tr> -<? } if(mysql_num_rows($res) >= 100) { ?> +<? } if(mysqli_num_rows($res) >= 100) { ?> <tr> <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> </tr> <? } else { ?> <tr> - <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td> </tr> <? } ?> </table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); +<? } elseif(mysqli_num_rows($res) == 1) { + $row = mysqli_fetch_assoc($res); $_REQUEST['userid'] = $row['id']; } else { printf(_("No users found matching %s"), sanitizeHTML($email)); @@ -102,16 +102,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); { $userid = intval($_REQUEST['userid']); $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); + $alerts = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($row['id'])."'")); ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -302,15 +302,15 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </table> <br><? $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' - and `email`!='".mysql_escape_string($row['email'])."'"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> + and `email`!='".mysql_real_escape_string($row['email'])."'"; + $dres = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($dres) > 0) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) + $rc = mysqli_num_rows($dres); + while($drow = mysqli_fetch_assoc($dres)) { ?> <tr> <td class="DataTD"><?=_("Secondary Emails")?>:</td> @@ -321,14 +321,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <br><? } ?> <? $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> + $dres = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($dres) > 0) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Verified Domains")?></td> </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) + $rc = mysqli_num_rows($dres); + while($drow = mysqli_fetch_assoc($dres)) { ?> <tr> <td class="DataTD"><?=_("Domain")?>:</td> @@ -379,7 +379,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 4. users.email = primary-email --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0 => requirements 1. users.deleted = 0 @@ -416,8 +416,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); // current userid intval($row['id']) $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` from `users` where `id`='".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $uemail = $drow['uemail']; $udeleted = $drow['udeleted']; $uverified = $drow['verified']; @@ -427,16 +427,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); where `memid`='".intval($row['id'])."' and `email` ='".$uemail."' and `deleted` = 0"; - $dres = mysql_query($query); - if ($drow = mysql_fetch_assoc($dres)) { + $dres = mysqli_query($_SESSION['mconn'], $query); + if ($drow = mysqli_fetch_assoc($dres)) { $drow['edeleted'] = 0; } else { // try if there are deleted entries $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` where `memid`='".intval($row['id'])."' and `email` ='".$uemail."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); } if ($drow) { @@ -513,8 +513,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` where `domains`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $total = $drow['total']; $maxexpire = "0000-00-00 00:00:00"; @@ -529,8 +529,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); where `domains`.`memid` = '".intval($row['id'])."' and `revoked` = '0000-00-00 00:00:00' and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $valid = $drow['valid']; $query = "select COUNT(*) as `expired` @@ -538,8 +538,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `domains`.`id` = `domaincerts`.`domid` where `domains`.`memid` = '".intval($row['id'])."' and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $expired = $drow['expired']; $query = "select COUNT(*) as `revoked` @@ -547,8 +547,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `domains`.`id` = `domaincerts`.`domid` where `domains`.`memid` = '".intval($row['id'])."' and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $revoked = $drow['revoked']; ?> <td class="DataTD"><?=intval($total)?></td> @@ -571,8 +571,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` from `emailcerts` where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $total = $drow['total']; $maxexpire = "0000-00-00 00:00:00"; @@ -586,24 +586,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); where `memid` = '".intval($row['id'])."' and `revoked` = '0000-00-00 00:00:00' and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $valid = $drow['valid']; $query = "select COUNT(*) as `expired` from `emailcerts` where `memid` = '".intval($row['id'])."' and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $expired = $drow['expired']; $query = "select COUNT(*) as `revoked` from `emailcerts` where `memid` = '".intval($row['id'])."' and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $revoked = $drow['revoked']; ?> <td class="DataTD"><?=intval($total)?></td> @@ -626,8 +626,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` from `gpg` where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $total = $drow['total']; $maxexpire = "0000-00-00 00:00:00"; @@ -640,16 +640,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); from `gpg` where `memid` = '".intval($row['id'])."' and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $valid = $drow['valid']; $query = "select COUNT(*) as `expired` from `gpg` where `memid` = '".intval($row['id'])."' and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $expired = $drow['expired']; ?> @@ -675,8 +675,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $total = $drow['total']; $maxexpire = "0000-00-00 00:00:00"; @@ -691,8 +691,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`revoked` = '0000-00-00 00:00:00' and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $valid = $drow['valid']; $query = "select COUNT(*) as `expired` @@ -700,8 +700,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $expired = $drow['expired']; $query = "select COUNT(*) as `revoked` @@ -709,8 +709,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $revoked = $drow['revoked']; ?> <td class="DataTD"><?=intval($total)?></td> @@ -735,8 +735,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $total = $drow['total']; $maxexpire = "0000-00-00 00:00:00"; @@ -751,8 +751,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`revoked` = '0000-00-00 00:00:00' and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $valid = $drow['valid']; $query = "select COUNT(*) as `expired` @@ -760,8 +760,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $expired = $drow['expired']; $query = "select COUNT(*) as `revoked` @@ -769,8 +769,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); $revoked = $drow['revoked']; ?> <td class="DataTD"><?=intval($total)?></td> @@ -829,11 +829,11 @@ function showassuredto() </tr> <? $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); + $dres = mysqli_query($_SESSION['mconn'], $query); $points = 0; - while($drow = mysql_fetch_assoc($dres)) + while($drow = mysqli_fetch_assoc($dres)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['from'])."'")); $points += $drow['points']; ?> <tr> @@ -875,11 +875,11 @@ function showassuredby() </tr> <? $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); + $dres = mysqli_query($_SESSION['mconn'], $query); $points = 0; - while($drow = mysql_fetch_assoc($dres)) + while($drow = mysqli_fetch_assoc($dres)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); + $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$drow['to']."'")); $points += $drow['points']; ?> <tr> diff --git a/pages/account/49.php b/pages/account/49.php index 0218fa0..a565811 100644 --- a/pages/account/49.php +++ b/pages/account/49.php @@ -19,7 +19,7 @@ $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']); if($userid <= 0) { - $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain'])); + $domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain'])); if(!strstr($domain, "%")) $domainsearch = "%$domain%"; if(preg_match("/^\d+$/",$domain)) @@ -30,32 +30,32 @@ `domains`.`deleted`=0 and `users`.`deleted`=0 and `users`.`verified`=1 group by `users`.`id` limit 100"; - $res = mysql_query($query); - if(mysql_num_rows($res) >= 1) { ?> + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) >= 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td> </tr> <? - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><?=_("Domain")?>:</td> <td class="DataTD"><?=$row['domid']?></td> <td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td> </tr> -<? } if(mysql_num_rows($res) >= 100) { ?> +<? } if(mysqli_num_rows($res) >= 100) { ?> <tr> <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td> </tr> <? } else { ?> <tr> - <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td> </tr> <? } ?> </table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); +<? } elseif(mysqli_num_rows($res) == 1) { + $row = mysqli_fetch_assoc($res); $_GET['userid'] = intval($row['id']); } else { ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -66,32 +66,32 @@ } $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100"; - $res = mysql_query($query); - if(mysql_num_rows($res) >= 1) { ?> + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) >= 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td> </tr> <? - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><?=_("Domain")?>:</td> <td class="DataTD"><?=$row['id']?></td> <td class="DataTD"><a href="account.php?id=26&orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td> </tr> -<? } if(mysql_num_rows($res) >= 100) { ?> +<? } if(mysqli_num_rows($res) >= 100) { ?> <tr> <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td> </tr> <? } else { ?> <tr> - <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td> </tr> <? } ?> </table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); +<? } elseif(mysqli_num_rows($res) == 1) { + $row = mysqli_fetch_assoc($res); $_GET['userid'] = intval($row['id']); } else { ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> diff --git a/pages/account/5.php b/pages/account/5.php index 934ca0c..0729e7a 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -52,15 +52,15 @@ $query .= " HAVING `timeleft` > 0 "; $query .= " ORDER BY `emailcerts`.`modified` desc"; // echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> <tr> <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); diff --git a/pages/account/51.php b/pages/account/51.php index 7273840..d0b8367 100644 --- a/pages/account/51.php +++ b/pages/account/51.php @@ -19,13 +19,13 @@ <? $uid = intval($_GET['photoid']); $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) { ?> + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { ?> <img src="account.php?id=51&photoid=<?=$uid ?>&img=show" border="0" width="800"> <? } else { $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { echo _("This UID has already been voted on."); } else { diff --git a/pages/account/52.php b/pages/account/52.php index 77a3bae..3f77077 100644 --- a/pages/account/52.php +++ b/pages/account/52.php @@ -19,14 +19,14 @@ <? $uid = intval($_GET['uid']); $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $memid = intval($row['memid']); $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc2 = mysql_num_rows(mysql_query($query2)); + $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query2)); if($rc2 > 0) { showheader(_("My CAcert.org Account!")); @@ -36,9 +36,9 @@ } $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; - $notary = mysql_fetch_assoc(mysql_query($query)); + $notary = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $query = "select * from `users` where `id`='$memid'"; - $user = mysql_fetch_assoc(mysql_query($query)); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $tobe = 50 - $notary['points']; if($row['URL'] != '' && $row['photoid'] != '') $tobe = 150 - $notary['points']; @@ -67,27 +67,27 @@ </form> <? } else { $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { echo _("This UID has already been voted on.")."<br/>"; } else { if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; } - + // Search for open requests: $query = "select * from `tverify` where `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { echo "<br/>"._("The following requests are still open:")."<br/><ul>"; - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { - $uid=intval($row['id']); + $uid=intval($row['id']); $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc3 = mysql_num_rows(mysql_query($query3)); + $rc3 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query3)); if($rc3 <= 0) - { + { echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; } } diff --git a/pages/account/53.php b/pages/account/53.php index cc9e2d6..73cf7a2 100644 --- a/pages/account/53.php +++ b/pages/account/53.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):""; + $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):""; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0; @@ -29,7 +29,7 @@ if($regid > 0) { - $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); + $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'")); $display = "<ul class='top'>\n<li>\n". "<a href='account.php?id=53&regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&id=54&regid=$regid'>"._("Add")."</a>\n". $display; @@ -38,7 +38,7 @@ if($ccid > 0) { - $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'")); + $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='$ccid'")); $display = "<ul class='top'>\n<li>\n". "<a href='account.php?id=53&ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&id=54&ccid=$ccid'>"._("Add")."</a>\n". $display; @@ -51,16 +51,16 @@ { echo "<ul>\n"; $query = "select * from `countries` order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) echo "<li><a href='account.php?id=53&ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n"; echo "</ul>\n</li>\n</ul></div>\n<br>\n"; } elseif($regid <= 0) { echo "<ul>\n"; $query = "select * from `regions` where `ccid`='$ccid' order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<li>( <a href='account.php?action=edit&id=54®id=".intval($row['id'])."'>"._("edit")."</a> |"; echo " <a href='account.php?action=delete&id=53®id=".intval($row['id'])."'"; @@ -74,11 +74,11 @@ if($town != "") { $query = "select * from `locations` where `regid`='$regid' and `name` < '$town'"; - $start = mysql_num_rows(mysql_query($query)); + $start = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)); } $query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<li>( <a href='account.php?action=move&id=54&locid=".intval($row['id'])."'>"._("move")."</a> |"; echo " <a href='account.php?action=aliases&id=54&locid=".intval($row['id'])."'>"._("aliases")."</a> |"; @@ -89,7 +89,7 @@ echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n"; $st="";$prev="";$end="";$next=""; - $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'")); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `locations` where `regid`='$regid'")); if($start > 0) { $prev = $start - $limit; diff --git a/pages/account/54.php b/pages/account/54.php index 753b4af..c06ce5f 100644 --- a/pages/account/54.php +++ b/pages/account/54.php @@ -19,7 +19,7 @@ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; - $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):""; + $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):""; if($ccid > 0 && $_REQUEST['action'] == "add") { ?> <form method="post" action="account.php"> @@ -41,7 +41,7 @@ </form> <? } if($regid > 0 && $_REQUEST['action'] == "edit") { $query = "select * from `regions` where `id`='$regid' order by `name`"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $name = $row['name']; ?> <form method="post" action="account.php"> @@ -89,7 +89,7 @@ </form> <? } if($locid > 0 && $_REQUEST['action'] == "edit") { $query = "select * from `locations` where `id`='$locid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); if($name == "") $name = $row['name']; @@ -125,8 +125,8 @@ </form> <? } if($locid > 0 && $_REQUEST['action'] == "aliases") { $query = "select * from `localias` where `locid`='".intval($locid)."'"; - $res = mysql_query($query); - $rc = mysql_num_rows($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $rc = mysqli_num_rows($res); ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -143,7 +143,7 @@ </td> </tr> <? - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { ?> <tr> @@ -169,7 +169,7 @@ document.getElementById("display1").style.display = "none"; </script> <? } if($locid > 0 && $_REQUEST['action'] == "move") { $query = "select * from `locations` where `id`='$locid'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $newreg = $_REQUEST['newreg'] = $row['regid']; ?> <form method="post" action="account.php"> @@ -186,8 +186,8 @@ document.getElementById("display1").style.display = "none"; <td class="DataTD"><select name="newreg"> <? $query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<option value='".intval($row['id'])."'"; if($_REQUEST['newreg'] == $row['id']) diff --git a/pages/account/55.php b/pages/account/55.php index ec401a0..57d1951 100644 --- a/pages/account/55.php +++ b/pages/account/55.php @@ -31,12 +31,12 @@ } else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -61,10 +61,10 @@ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
" ORDER BY `CP`.`pass_date`";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
+ while($row = mysqli_fetch_array($res, MYSQL_NUM))
{
if ($row[1] == "Assurer Challenge") {
$HaveTest=1;
@@ -89,11 +89,11 @@ $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
if (!$res) {
print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
} else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
+ $row = mysqli_fetch_array($res, MYSQL_NUM);
if ($HaveTest && ($row[2]>=100)) {
if (!$row[1]) {
// This should not happen...
diff --git a/pages/account/56.php b/pages/account/56.php index 348cc49..22ec692 100644 --- a/pages/account/56.php +++ b/pages/account/56.php @@ -25,8 +25,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA </tr>
<?
$query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
diff --git a/pages/account/57.php b/pages/account/57.php index 76eee27..3868fa3 100644 --- a/pages/account/57.php +++ b/pages/account/57.php @@ -25,12 +25,12 @@ } else { $user_id = intval($_REQUEST['userid']); $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> diff --git a/pages/account/58.php b/pages/account/58.php index 1f6b1a0..4c06fa9 100644 --- a/pages/account/58.php +++ b/pages/account/58.php @@ -21,19 +21,19 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) } else { $user_id = intval($_REQUEST['userid']); $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1){ + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) != 1){ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { - if ($row = mysql_fetch_assoc($res)){ + if ($row = mysqli_fetch_assoc($res)){ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); $query = "select `orginfo`.`o`, `org`.`masteracc` FROM `orginfo`, `org` WHERE `orginfo`.`id` = `org`.`orgid` AND `org`.`memid`='$user_id' order by `orginfo`.`o`"; - $res1 = mysql_query($query);?> + $res1 = mysqli_query($_SESSION['mconn'], $query);?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><? - if (mysql_num_rows($res1) <= 0) {?> + if (mysqli_num_rows($res1) <= 0) {?> <tr> <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td> </tr> @@ -45,7 +45,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) <td class="DataTD"><b><?=_('Organisation')?></b></td> <td class="DataTD"><b><?=_('Masteraccount')?></b></td> </tr><? - while($drow = mysql_fetch_assoc($res1)){?> + while($drow = mysqli_fetch_assoc($res1)){?> <tr> <td class="DataTD"><?=$drow['o']?></td> <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td> diff --git a/pages/account/6.php b/pages/account/6.php index 8455499..7465ad6 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -39,14 +39,14 @@ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, where `emailcerts`.`id`='$certid' and `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'"; -$res = mysql_query($query); -if(mysql_num_rows($res) <= 0) { +$res = mysqli_query($_SESSION['mconn'], $query); +if(mysqli_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); echo _("No such certificate attached to your account."); showfooter(); exit; } -$row = mysql_fetch_assoc($res); +$row = mysqli_fetch_assoc($res); if (array_key_exists('format', $_REQUEST)) { diff --git a/pages/account/9.php b/pages/account/9.php index 1be45f5..8d207ee 100644 --- a/pages/account/9.php +++ b/pages/account/9.php @@ -27,15 +27,15 @@ <? $query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> <tr> <td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if($row['hash'] == "") $verified = _("Verified"); diff --git a/pages/advertising/0.php b/pages/advertising/0.php index 0404a5e..5a2db04 100644 --- a/pages/advertising/0.php +++ b/pages/advertising/0.php @@ -24,13 +24,13 @@ { $approve = intval($_REQUEST['approve']); $query = "select * from `advertising` where `id`='$approve' and `expires`='0000-00-00 00:00:00'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y"))); $query = "update `advertising` set `expires`='$end', `active`=1, `approvedby`='".$_SESSION['profile']['id']."' where `id`='$approve'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); echo "<p>The ad was approved and is now active.</p>\n"; } } @@ -38,13 +38,13 @@ { $deactive = intval($_REQUEST['deactive']); $query = "select * from `advertising` where `id`='$deactive'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y"))); $query = "update `advertising` set `active`=0 where `id`='$deactive'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); echo "<p>The ad was deactivated and is now inactive.</p>\n"; } } @@ -69,8 +69,8 @@ $query .= "and `active`=1 having `timeleft` > 0 "; $query .= "order by `id` desc"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { if($row['expires'] == "0000-00-00 00:00:00") $status = "Pending"; diff --git a/pages/gpg/2.php b/pages/gpg/2.php index cc8a872..7fe9eab 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -33,15 +33,15 @@ `expire` as `expires`, `id`, `level`, `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { ?> <tr> <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td> </tr> <? } else { - while($row = mysql_fetch_assoc($res)) + while($row = mysqli_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); diff --git a/pages/gpg/3.php b/pages/gpg/3.php index d9f54fb..d33242f 100644 --- a/pages/gpg/3.php +++ b/pages/gpg/3.php @@ -18,14 +18,14 @@ <? $certid = intval($_REQUEST['cert']); $query = "select * from `gpg` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("No such OpenPGP key attached to your account."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); ?> <h3><?=_("Below is your OpenPGP key")?></h3> <pre> diff --git a/pages/wot/1.php b/pages/wot/1.php index a45b5df..913e57d 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); + $res=mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(acount) as summe from countries")); $total1 =$res['summe']; $locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; @@ -29,7 +29,7 @@ $display = ""; if($locid > 0) { - $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'")); + $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='".$locid."'")); $display = "<ul class='top'>\n<li>\n". "<a href='wot.php?id=1&locid=".$locid."'>".$loc['name']." ("._("Listed").": ".$loc['acount'].")</a>\n". $display; @@ -38,7 +38,7 @@ if($regid > 0) { - $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'")); + $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='".$regid."'")); $display = "<ul class='top'>\n<li>\n". "<a href='wot.php?id=1®id=".$regid."'>".$reg['name']." ("._("Listed").": ".$reg['acount'].")</a>\n". $display; @@ -47,7 +47,7 @@ if($ccid > 0) { - $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'")); + $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='".$ccid."'")); $display = "<ul class='top'>\n<li>\n". "<a href='wot.php?id=1&ccid=".$ccid."'>".$cnt['name']." ("._("Listed").": ".$cnt['acount'].")</a>\n". $display; @@ -60,8 +60,8 @@ { echo "<ul>\n"; $query = "select * from countries where acount>0 order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<li><a href='wot.php?id=1&ccid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n"; } @@ -69,8 +69,8 @@ } elseif($ccid > 0 && $regid <= 0 && $locid <= 0) { echo "<ul>\n"; $query = "select * from regions where ccid='".$ccid."' and acount>0 order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<li><a href='wot.php?id=1®id=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n"; } @@ -78,8 +78,8 @@ } elseif($regid > 0 && $locid <= 0) { echo "<ul>\n"; $query = "select * from locations where regid='".$regid."' and acount>0 order by `name`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<li><a href='wot.php?id=1&locid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n"; } @@ -93,8 +93,8 @@ `ccid`='".$ccid."' and `regid`='".$regid."' and `locid`='".$locid."' and `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc"; - $list = mysql_query($query); - if(mysql_num_rows($list) > 0) + $list = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($list) > 0) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550"> @@ -106,7 +106,7 @@ <td class="title"><?=_("Assurer Challenge")?></td> </tr> -<? while($row = mysql_fetch_assoc($list)) { ?> +<? while($row = mysqli_fetch_assoc($list)) { ?> <tr> <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> <td class="DataTD"><?=maxpoints($row['id'])?></td> diff --git a/pages/wot/10.php b/pages/wot/10.php index bc76a86..685b90f 100644 --- a/pages/wot/10.php +++ b/pages/wot/10.php @@ -28,8 +28,8 @@ $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary` WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); $rc = intval($row['list']); /* $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary` @@ -40,7 +40,7 @@ inner join `notary` on `users`.`id` = `notary`.`from` GROUP BY `notary`.`from` HAVING count(*) > '$rc'"; - $rank = mysql_num_rows(mysql_query($query)) + 1; + $rank = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) + 1; ?> <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td> </tr> @@ -65,10 +65,10 @@ </tr> <? $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'")); + $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['from'])."'")); ?> <tr> <td class="DataTD"><?=$row['id']?></td> @@ -115,10 +115,10 @@ if ($thawte) <? $points = 0; $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'")); + $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['to'])."'")); $points += $row['points']; $name = trim($fromuser['fname']." ".$fromuser['lname']); if($name == "") diff --git a/pages/wot/12.php b/pages/wot/12.php index a0bbf50..c5d505c 100644 --- a/pages/wot/12.php +++ b/pages/wot/12.php @@ -65,26 +65,26 @@ document.f.location.focus(); { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` order by `locations`.`name` limit 1"; - $res = mysql_query($query); - if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0) { $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` order by `locations`.`name` limit 1"; - $res = mysql_query($query); + $res = mysqli_query($_SESSION['mconn'], $query); } - if(mysql_num_rows($res) <= 0) + if(mysqli_num_rows($res) <= 0) die(_("Unable to find suitable location")); - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $_REQUEST['location'] = $row['locid']; } @@ -92,7 +92,7 @@ document.f.location.focus(); $locid = intval($_REQUEST['location']); $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); + $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); if($maxdist <= 10) { $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) * @@ -108,7 +108,7 @@ document.f.location.focus(); `users`.`assurer` = 1 AND `users`.`listme` = 1 HAVING `distance` <= '$maxdist' ORDER BY `distance` LIMIT 50"; //echo $query; } - $res = mysql_query($query); + $res = mysqli_query($_SESSION['mconn'], $query); ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700"> <tr> <td class="title"><?=_("Name")?></td> @@ -117,7 +117,7 @@ document.f.location.focus(); <td class="title"><?=_("Contact Details")?></td> <td class="title"><?=_("Email Assurer")?></td> </tr> -<? while($row = mysql_fetch_assoc($res)) +<? while($row = mysqli_fetch_assoc($res)) { $points = maxpoints($row['uid']); if($points > 35) diff --git a/pages/wot/13.php b/pages/wot/13.php index eac7e18..299ab46 100644 --- a/pages/wot/13.php +++ b/pages/wot/13.php @@ -21,40 +21,40 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") { { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` order by `locations`.`name` limit 1"; - $res = mysql_query($query); - if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0) { $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` order by `locations`.`name` limit 1"; - $res = mysql_query($query); + $res = mysqli_query($_SESSION['mconn'], $query); } - if(mysql_num_rows($res) <= 0) + if(mysqli_num_rows($res) <= 0) die("Unable to find suitable location"); - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $_REQUEST['location'] = $row['locid']; } $locid = intval($_REQUEST['location']); $query = "select * from `locations` where `id`='$locid'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $loc = mysql_fetch_assoc($res); + $loc = mysqli_fetch_assoc($res); $_SESSION['profile']['ccid'] = $loc['ccid']; $_SESSION['profile']['regid'] = $loc['regid']; $_SESSION['profile']['locid'] = $loc['id']; $query = "update `users` set `locid`='$loc[id]', `regid`='$loc[regid]', `ccid`='$loc[ccid]' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); echo "<p>"._("Your location has been updated")."</p>\n"; } else { echo "<p>"._("I was unable to match your location with places in my database.")."</p>\n"; @@ -62,14 +62,14 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") { } $query = "select `name` from `locations` where `id`='".$_SESSION['profile']['locid']."'"; - $res = mysql_query($query); - $loc = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $loc = mysqli_fetch_assoc($res); $query = "select `name` from `regions` where `id`='".$_SESSION['profile']['regid']."'"; - $res = mysql_query($query); - $reg = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $reg = mysqli_fetch_assoc($res); $query = "select `name` from `countries` where `id`='".$_SESSION['profile']['ccid']."'"; - $res = mysql_query($query); - $cc = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $cc = mysqli_fetch_assoc($res); ?> <script language="javascript" src="/ac.js"></script> <script language="javascript"> diff --git a/pages/wot/9.php b/pages/wot/9.php index bfa7a98..931a773 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -19,15 +19,15 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); - $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'"); + if(mysqli_num_rows($res) <= 0) { echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer."); } else { - $user = mysql_fetch_array($res); + $user = mysqli_fetch_array($res); $userlang = $user['language']; - $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary` where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points <= 0) { @@ -55,10 +55,10 @@ <? } ?> <? $query = "select * from `addlang` where `userid`='".$user['id']."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'")); + $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='${row['lang']}'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> diff --git a/scripts/consistence.php b/scripts/consistence.php index 8d6b39b..9ded540 100755 --- a/scripts/consistence.php +++ b/scripts/consistence.php @@ -22,81 +22,81 @@ if(0) { $query = "select locations.id from locations, regions where locations.regid=regions.id and locations.ccid!=regions.ccid;"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update users set `assurer`='1' where `id`='${row['uid']}'"; echo "inconsistence in location ".$row['locations.id']."\n"; - //mysql_query($query); + //mysqli_query($_SESSION['mconn'], $query); } } if(0) { $query = "select id from locations where regid<1 or ccid<1;"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { //$query = "update users set `assurer`='1' where `id`='${row['uid']}'"; echo "inconsistence in location ".$row['id']."\n"; - //mysql_query($query); + //mysqli_query($_SESSION['mconn'], $query); } } if(1) { $query = "select users.id, locations.regid from users inner join locations on users.locid=locations.id where users.regid!=locations.regid or users.ccid!=locations.ccid;"; - $res = mysql_query($query); - echo mysql_error(); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + echo mysqli_error(); + while($row = mysqli_fetch_assoc($res)) { echo "inconsistence in user #".$row['id']."\n"; $query = "update users set regid=".$row['regid']." where `id`=".$row['id'].";"; echo "query: $query\n"; - if($row['regid']=="1182") mysql_query($query); + if($row['regid']=="1182") mysqli_query($_SESSION['mconn'], $query); } } exit(); - mysql_query("update `locations` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0"); $query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1 GROUP BY `users`.`locid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } - mysql_query("update `regions` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0"); $query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1 GROUP BY `users`.`regid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } - mysql_query("update `countries` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0"); $query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1 GROUP BY `users`.`ccid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } diff --git a/scripts/country.php b/scripts/country.php index 0c5fc4f..7e0939c 100755 --- a/scripts/country.php +++ b/scripts/country.php @@ -20,8 +20,8 @@ include_once("../includes/mysql.php"); $query = "select * from `users` where ccid=13 OR email like '%.at'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['id']." ccid: ".$row['ccid'].")\n"; } diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php index ca95f18..8f3a6c9 100755 --- a/scripts/cron/permissionreview.php +++ b/scripts/cron/permissionreview.php @@ -117,11 +117,11 @@ $adminlist = array(); foreach ($flags as $flag => $flag_properties) { $flagname = explode('=', $flag, 2 ); $query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'"; - if(! $res = mysql_query($query) ) { + if(! $res = mysqli_query($_SESSION['mconn'], $query) ) { fwrite(STDERR, "MySQL query for flag $flag failed:\n". "\"$query\"\n". - mysql_error() + mysqli_error() ); continue; @@ -129,7 +129,7 @@ foreach ($flags as $flag => $flag_properties) { $adminlist[$flag] = array(); - while ($row = mysql_fetch_assoc($res)) { + while ($row = mysqli_fetch_assoc($res)) { $adminlist[$flag][] = $row; } diff --git a/scripts/cron/removedead.php b/scripts/cron/removedead.php index f473788..b2653c9 100755 --- a/scripts/cron/removedead.php +++ b/scripts/cron/removedead.php @@ -23,51 +23,51 @@ $query = "select * from `users` where `users`.`verified`=0 and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { - mysql_query("delete from `email` where `memid`='".$row['id']."'"); - mysql_query("delete from `users` where `id`='".$row['id']."'"); + mysqli_query($_SESSION['mconn'], "delete from `email` where `memid`='".$row['id']."'"); + mysqli_query($_SESSION['mconn'], "delete from `users` where `id`='".$row['id']."'"); delete_user_agreement($row['id']); } $query = "delete from `domains` where `hash`!='' and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "delete from `email` where `hash`!='' and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "delete from `disputedomain` where `hash`!='' and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "delete from `disputeemail` where `hash`!='' and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); // the folloing part is presently not used as there is no running programme that uses temporary increase // in case that there is a new one the procedure needs a rework regarding the point claculation /* $query = "select * from `notary` where `expire`!=0 and `expire`<NOW()"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "select sum(`points`) as `points` from `notary` where `to`='$row[to]' and `expire`=0 group by `to`"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); + $dres = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($dres); if($drow['points'] >= 150) { $query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'"; } else { $newpoints = 150 - $drow['points']; $query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "insert into `notary` set `expire`=0, `points`='$newpoints', `to`='$row[to]', `from`='$row[from]', `when`=NOW(), `method`='Administrative Increase', `date`=NOW()"; } - $data = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[to]'")); + $data = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$row[to]'")); $body = sprintf("%s %s (%s) had a temporary increase, but this has just expired and they have been reduced to 150 points.", $data['fname'], $data['lname'], $data['email'])."\n\n"; sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Expired.", $body, "website@cacert.org", "", "", "CAcert Website"); @@ -84,7 +84,7 @@ sendmail($data['email'], "[CAcert.org] "._("Temporary points increase has expired."), $body, "support@cacert.org", "", "", "CAcert Website"); - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); fix_assurer_flag($row[to]); } */ diff --git a/scripts/cron/updatesort.php b/scripts/cron/updatesort.php index 051b179..7e1e18f 100755 --- a/scripts/cron/updatesort.php +++ b/scripts/cron/updatesort.php @@ -26,44 +26,44 @@ } - mysql_query("update `locations` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0"); $query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1 GROUP BY `users`.`locid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } - mysql_query("update `regions` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0"); $query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1 GROUP BY `users`.`regid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } - mysql_query("update `countries` set `acount`=0"); + mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0"); $query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users` WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1 GROUP BY `users`.`ccid`"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'"; echo $query."\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } diff --git a/scripts/gpgcheck3.php b/scripts/gpgcheck3.php index a6f6097..57e380f 100644 --- a/scripts/gpgcheck3.php +++ b/scripts/gpgcheck3.php @@ -68,17 +68,17 @@ function csvize($str) { } mb_regex_encoding("UTF-8"); - $res = mysql_query("SELECT id, memid FROM gpg WHERE crt != ''"); + $res = mysqli_query($_SESSION['mconn'], "SELECT id, memid FROM gpg WHERE crt != ''"); if (!$res) { echo "Query FROM gpg failed!\n"; exit; } $keys = array(); - while ($row = mysql_fetch_row($res)) { + while ($row = mysqli_fetch_row($res)) { array_push($keys, $row); } - mysql_free_result($res); + mysqli_free_result($res); foreach ($keys as $key) { $crt = "../crt/gpg-" . $key[0] . ".crt"; @@ -87,28 +87,28 @@ function csvize($str) { continue; } - $res = mysql_query("SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]); + $res = mysqli_query($_SESSION['mconn'], "SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]); if (!$res) { echo "Query FROM users failed!\n"; exit; } - $user = mysql_fetch_assoc($res); + $user = mysqli_fetch_assoc($res); if (!$user) { echo "User #" . $key[1] . " not found?!\n"; continue; } - mysql_free_result($res); + mysqli_free_result($res); - $res = mysql_query("SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]); + $res = mysqli_query($_SESSION['mconn'], "SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]); if (!$res) { echo "Query FROM email failed!\n"; exit; } $addrs = array(); - while ($addr = mysql_fetch_row($res)) { + while ($addr = mysqli_fetch_row($res)) { array_push($addrs, $addr[0]); } - mysql_free_result($res); + mysqli_free_result($res); $gpg = `gpg --with-colons --homedir /tmp $crt 2>/dev/null`; //echo "gpg says\n".htmlspecialchars($gpg); diff --git a/scripts/gpgfillmissingkeyid.php b/scripts/gpgfillmissingkeyid.php index 8c5ce4a..c916ff5 100644 --- a/scripts/gpgfillmissingkeyid.php +++ b/scripts/gpgfillmissingkeyid.php @@ -27,7 +27,7 @@ function csvize($str) mb_regex_encoding("UTF-8"); echo "Seaching ...\n"; - $res = mysql_query("SELECT * FROM gpg WHERE crt != '' and keyid is null"); + $res = mysqli_query($_SESSION['mconn'], "SELECT * FROM gpg WHERE crt != '' and keyid is null"); if (!$res) { echo "Query FROM gpg failed!\n"; exit; @@ -35,7 +35,7 @@ echo "Seaching ...\n"; echo "Found:\n"; $keys = array(); - while ($row = mysql_fetch_assoc($res)) { + while ($row = mysqli_fetch_assoc($res)) { echo "ID: ".$row["id"]."\n"; $crt=$row["crt"]; @@ -54,8 +54,7 @@ echo "Found:\n"; echo "laenge: ".strlen($bits[4])."\n"; if($row[id]>=1 && $row[id]<=100000 && strlen($bits[4])==16) { - mysql_query("update gpg set keyid='$bits[4]' where id=$row[id]\n"); - + mysqli_query($_SESSION['mconn'], "update gpg set keyid='$bits[4]' where id=$row[id]\n"); } } $match = false; @@ -67,7 +66,7 @@ echo "Found:\n"; } echo "Done\n"; - mysql_free_result($res); + mysqli_free_result($res); ?> diff --git a/scripts/scanforexponents.php b/scripts/scanforexponents.php index 7136723..ed175e7 100755 --- a/scripts/scanforexponents.php +++ b/scripts/scanforexponents.php @@ -52,15 +52,15 @@ `emailcerts`.`created` as `created`,`emailcerts`.`revoked` as `revoked`, `emailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language` from `emailcerts`,`users` where `emailcerts`.`id`='$id' and `users`.`id`=`emailcerts`.`memid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo $query."\n"; echo "$file: $do\n"; continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $email = $row['email']; } else if($type == "orgclient") { $query = "select `memid`,`serial`,`CN`,`subject`,`keytype`,`orgemailcerts`.`codesign` as `codesign`,`crt_name`, @@ -68,15 +68,15 @@ `orgemailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language` from `orgemailcerts`,`org`,`users` where `orgemailcerts`.`id`='$id' and `orgemailcerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo $query."\n"; echo "$file: $do\n"; continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $email = $row['email']; } else if($type == "server") { $query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`, @@ -84,15 +84,15 @@ `domaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language` from `domaincerts`,`domains`,`users` where `domaincerts`.`id`='$id' and `domains`.`id`=`domaincerts`.`domid` and `users`.`id`=`domains`.`memid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo $query."\n"; echo "$file: $do\n"; continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $email = $row['email']; } else if($type == "orgserver") { $query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`, @@ -100,15 +100,15 @@ `orgdomaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language` from `orgdomaincerts`,`org`,`users` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo $query."\n"; echo "$file: $do\n"; continue; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $email = $row['email']; } else { echo "$file: $do\n"; diff --git a/stamp/common.php b/stamp/common.php index ff814dd..3ef644a 100644 --- a/stamp/common.php +++ b/stamp/common.php @@ -31,10 +31,10 @@ $stampid = 0; $query = "select * from `stampcache` where `hostname`='$ref'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if($row['cacheexpire'] >= date("U")) return(array($row['valid'], $row)); else { @@ -46,13 +46,13 @@ $query = "select * from `orgdomaincerts` where `id`='$row[certid]' and `expire`>NOW() and `revoked`=0"; if($_REQUEST['debug'] == 1) echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { $query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'"; if($_REQUEST['debug'] == 1) echo $query."<br>\n"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); return(array($row['valid'], $row)); } } @@ -68,8 +68,8 @@ group by `domaincerts`.`id` order by `domaincerts`.`id`"; if($_REQUEST['debug'] == 1) echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $bits = explode(".", $ref); for($i = 1; $i < count($bits); $i++) @@ -88,8 +88,8 @@ group by `domaincerts`.`id` order by `domaincerts`.`id`"; if($_REQUEST['debug'] == 1) echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where (`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR @@ -101,8 +101,8 @@ group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`"; if($_REQUEST['debug'] == 1) echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $invalid = 1; } else { @@ -113,15 +113,15 @@ if($invalid == 0) { - $cert = mysql_fetch_assoc($res); + $cert = mysqli_fetch_assoc($res); if($org == 0) { $query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`"; - $user = mysql_fetch_assoc(mysql_query($query)); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); } else { $query = "select * from `orginfo` where `id`='$cert[orgid]'"; - $orgi = mysql_fetch_assoc(mysql_query($query)); + $orgi = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); } if($stampid <= 0) @@ -134,12 +134,12 @@ `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]', `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'"; } - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } else if($stampid > 0) { - mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'"); + mysqli_query($_SESSION['mconn'], "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'"); } else { $query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } $arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref, diff --git a/stamp/report.php b/stamp/report.php index 519aa3a..897d246 100644 --- a/stamp/report.php +++ b/stamp/report.php @@ -54,9 +54,9 @@ { $IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR'])); $iplong = ip2long($IP); - mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email', + mysqli_query($_SESSION['mconn'], "insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email', `comment`='$comment', `reason`='$reason'"); - $id = mysql_insert_id(); + $id = mysqli_insert_id(); $body = "New Abuse Report has been lodged via the the Stamp Interface:\n\n"; $body .= "Reported ID: $id\n"; diff --git a/tverify/index.php b/tverify/index.php index 8976341..35ae930 100644 --- a/tverify/index.php +++ b/tverify/index.php @@ -49,13 +49,13 @@ if($id == 1) { - $email = mysql_escape_string(trim($_REQUEST["email"])); - $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"]))); - $URL = mysql_escape_string(trim($_REQUEST["notaryURL"])); - $CN = mysql_escape_string($_SESSION['_config']['CN']); + $email = mysql_real_escape_string(trim($_REQUEST["email"])); + $password = mysql_real_escape_string(stripslashes(trim($_REQUEST["pword"]))); + $URL = mysql_real_escape_string(trim($_REQUEST["notaryURL"])); + $CN = mysql_real_escape_string($_SESSION['_config']['CN']); $memid = intval($_SESSION['_config']['uid']); - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); - $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'")); + $tmp = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `points` from `notary` where `to`='$memid'")); if($URL != "" && $nofile == 0) $max = 150; @@ -88,21 +88,21 @@ { $query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and (`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))"; - if(mysql_num_rows(mysql_query($query)) <= 0) + if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) <= 0) { $_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details (password) to your certificate to an account on this system."); $id = 0; } else { $query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()"; - mysql_query($query); - $tverify = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $tverify = mysqli_insert_id(); if($nofile == 0) { $filename = $photoid['tmp_name']; - $newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext); + $newfile = mysql_real_escape_string('/www/photoid/'.$tverify.".".$ext); move_uploaded_file($filename, $newfile); $query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } } } @@ -125,12 +125,12 @@ { if($points > 0) { - mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points', + mysqli_query($_SESSION['mconn'], "insert into `notary` set `from`='0', `to`='$memid', `points`='$points', `method`='Thawte Points Transfer', `when`=NOW()"); fix_assurer_flag($memid); } $totalpoints = intval($tmp['points']) + $points; - mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'"); + mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$tverify'"); $body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"; diff --git a/tverify/index/0.php b/tverify/index/0.php index 2264bab..195cee3 100644 --- a/tverify/index/0.php +++ b/tverify/index/0.php @@ -34,8 +34,8 @@ if($bits['0'] == "emailAddress") { $query = "select * from `email` where `email`='".$bits['1']."' and `deleted`=0 and hash=''"; - $account = mysql_query($query); - if(mysql_num_rows($account)) + $account = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($account)) $addy[] = $bits['1']; } } @@ -51,14 +51,14 @@ //If we found one, we extract the member-id from the sql result of the query we did above, and fetch the name of that user if($continue == 1) { - $row = mysql_fetch_assoc($account); + $row = mysqli_fetch_assoc($account); $memid = $row['memid']; //Fetching the name of the user we have in the database: $query = "select `fname`, `mname`, `lname`, `suffix` from `users` where `id`='$memid' and `deleted`=0"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); //Building the user´s name, and ignoring punctuation $cacert_name=$row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; @@ -35,8 +35,8 @@ `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` order by `locations`.`acount` DESC, `locations`.`name` ASC limit 10"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { $rc++; if($rc > 1) diff --git a/www/account.php b/www/account.php index c7f34a3..76a7b53 100644 --- a/www/account.php +++ b/www/account.php @@ -56,10 +56,10 @@ } else if($id == 51 && $_GET['img'] == "show") { $query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res)) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); readfile($row['photoid']); } else { die("No such file."); diff --git a/www/advertising.php b/www/advertising.php index 43e4f93..9b3a04a 100644 --- a/www/advertising.php +++ b/www/advertising.php @@ -73,7 +73,7 @@ { $query = "insert into `advertising` set `link`='$link', `title`='$title', `months`='$months', `who`='".$_SESSION['profile']['id']."', `when`=NOW()"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); unset($link); unset($title); unset($months); diff --git a/www/alert_hash_collision.php b/www/alert_hash_collision.php index bad60e8..cbd895d 100644 --- a/www/alert_hash_collision.php +++ b/www/alert_hash_collision.php @@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym'])) if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym'])) { - mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); - mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysqli_query($_SESSION['mconn'], "update emailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysqli_query($_SESSION['mconn'], "update domaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); } else { - mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); - mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysqli_query($_SESSION['mconn'], "update orgemailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysqli_query($_SESSION['mconn'], "update orgdomaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); } //exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash'])); diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 7efdf8d..053ae8e 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -22,20 +22,20 @@ require_once '../../includes/lib/check_weak_key.php'; $password = mysql_real_escape_string($_REQUEST['password']); $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) != 1) die("403,That username couldn't be found\n"); - $user = mysql_fetch_assoc($res); + $user = mysqli_fetch_assoc($res); $memid = $user['id']; $emails = array(); foreach($_REQUEST['email'] as $email) { $email = mysql_real_escape_string(trim($email)); $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $id = $row['id']; $emails[$id] = $email; } @@ -43,7 +43,7 @@ require_once '../../includes/lib/check_weak_key.php'; if(count($emails) <= 0) die("404,Wasn't able to match any emails sent against your account"); $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $points = $row['points']; $name = "CAcert WoT User\n"; @@ -85,23 +85,23 @@ require_once '../../includes/lib/check_weak_key.php'; $query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS', `memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='$csrsubject', `codesign`='$codesign'"; - mysql_query($query); - $certid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $certid = mysqli_insert_id(); $CSRname = generatecertpath("csr","client",$certid); rename($checkedcsr, $CSRname); - mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'"); + mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'"); foreach($emails as $emailid => $email) - mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'"); + mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'"); $do = `../../scripts/runclient`; sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) die("404,Your certificate request has failed. ID: $certid"); - $cert = mysql_fetch_assoc($res); + $cert = mysqli_fetch_assoc($res); echo "200,Authentication Ok\n"; readfile("../".$cert['crt_name']); ?> diff --git a/www/api/cemails.php b/www/api/cemails.php index 0d067ea..f3271f7 100644 --- a/www/api/cemails.php +++ b/www/api/cemails.php @@ -15,18 +15,18 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - $username = mysql_escape_string($_REQUEST['username']); - $password = mysql_escape_string($_REQUEST['password']); + $username = mysql_real_escape_string($_REQUEST['username']); + $password = mysql_real_escape_string($_REQUEST['password']); $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) != 1) die("403,That username couldn't be found\n"); echo "200,Authentication Ok\n"; - $user = mysql_fetch_assoc($res); + $user = mysqli_fetch_assoc($res); $memid = $user['id']; $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); $points = $row['points']; echo "CS=".intval($user['codesign'])."\n"; echo "NAME=CAcert WoT User\n"; @@ -41,7 +41,7 @@ echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n"; } $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) echo "EMAIL=".$row['email']."\n"; ?> diff --git a/www/api/edu.php b/www/api/edu.php index 27b7b1b..22bb931 100644 --- a/www/api/edu.php +++ b/www/api/edu.php @@ -14,24 +14,24 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ $ipadress =$_SERVER['REMOTE_ADDR']; - + if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on") { - $serial=mysql_escape_string($_REQUEST["serial"]); + $serial=mysql_real_escape_string($_REQUEST["serial"]); $root=intval($_REQUEST["root"]); - + $sql="select memid from emailcerts where serial='$serial' and rootcert='$root'"; - $query= mysql_query($sql); - if(mysql_num_rows($query) != 1) + $query= mysqli_query($_SESSION['mconn'], $sql); + if(mysqli_num_rows($query) != 1) { echo "NOT FOUND: ".sanitizeHTML($sql); } else { - $memid = mysql_fetch_assoc($query); + $memid = mysqli_fetch_assoc($query); echo sanitizeHTML($memid['memid']); } } @@ -40,4 +40,3 @@ echo "UNAUTHORIZED ACCESS ".$ipadress." ".$_SERVER['HTTPS']; } ?> - diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index feb92d4..9ab9a9f 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -85,70 +85,70 @@ if (get_magic_quotes_gpc()) { } // Explicitly select all those IDs so I can insert new rows if needed. -$query = mysql_query('SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';'); +$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';'); if (!$query) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); } -if (mysql_num_rows($query) > 0) { - $result = mysql_fetch_array($query); +if (mysqli_num_rows($query) > 0) { + $result = mysqli_fetch_array($query); $typeID = $result['0']; } else { - $query = mysql_query('INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');'); + $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');'); if (!$query) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); } - $typeID = mysql_insert_id(); + $typeID = mysqli_insert_id(); } -$query = mysql_query('SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';'); +$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';'); if (!$query) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); } -if (mysql_num_rows($query) > 0) { - $result = mysql_fetch_array($query); +if (mysqli_num_rows($query) > 0) { + $result = mysqli_fetch_array($query); $variantID = $result['0']; } else { - $query = mysql_query('INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');'); + $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');'); if (!$query) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); } - $variantID = mysql_insert_id(); + $variantID = mysqli_insert_id(); } // Now find the userid from cert serial -$query = mysql_query('SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';'); +$query = mysqli_query($_SESSION['mconn'], 'SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';'); if (!$query) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); } -if (mysql_num_rows($query) > 0) { - $result = mysql_fetch_array($query); +if (mysqli_num_rows($query) > 0) { + $result = mysqli_fetch_array($query); $userID = $result['0']; } else { echo 'Cannot find cert '.sanitize_string($serial).' / '.sanitize_string($root)."\r\n"; // Let's treat this as an error, since it should not happen. - trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysql_error(), E_USER_ERROR); + trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysqli_error(), E_USER_ERROR); exit(); } // The unique constraint on cats_passed assures that records are not stored multiply -$query = mysql_query('INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');'); +$query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');'); if (!$query) { - if (mysql_errno() != 1062) { // Duplicate Entry is considered success + if (mysqli_errno() != 1062) { // Duplicate Entry is considered success echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); @@ -162,6 +162,6 @@ if (!fix_assurer_flag($userID)) { exit(); } -echo 'OK'."\r\n"; +echo 'OK'."\r\n"; ?> diff --git a/www/disputes.php b/www/disputes.php index 34a447a..a3a9417 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -27,22 +27,22 @@ if($type == "reallyemail") { $emailid = intval($_SESSION['_config']['emailid']); - $hash = mysql_escape_string(trim($_SESSION['_config']['hash'])); + $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash'])); - $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'"); + if(mysqli_num_rows($res) <= 0) { showheader(_("Email Dispute")); echo _("This dispute no longer seems to be in the database, can't continue."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $oldmemid = $row['oldmemid']; if($action == "reject") { - mysql_query("update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'"); + mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'"); showheader(_("Email Dispute")); echo _("You have opted to reject this dispute and the request will be removed from the database"); showfooter(); @@ -54,21 +54,21 @@ echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>"; echo "<p>"._("The following accounts have been removed:")."<br>\n"; $query = "select * from `email` where `id`='".intval($emailid)."' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); echo $row['email']."<br>\n"; account_email_delete($row['id']); } - mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'"); - $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); - $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); - $res = mysql_query("select * from `users` where `id`='$oldmemid'"); - $user = mysql_fetch_assoc($res); + mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='accept' where `id`='$emailid'"); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); + $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); + $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'"); + $user = mysqli_fetch_assoc($res); if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email']) { - mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'"); + mysqli_query($_SESSION['mconn'], "update `users` set `deleted`=NOW() where `id`='$oldmemid'"); echo _("This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system."); } @@ -80,7 +80,7 @@ if($type == "email") { $emailid = intval($_REQUEST['emailid']); - $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash']))); + $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash']))); if($emailid <= 0 || $hash == "") { showheader(_("Email Dispute")); @@ -89,19 +89,19 @@ exit; } - $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'"); + if(mysqli_num_rows($res) <= 0) { - $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and hash!=''"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and hash!=''"); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); - mysql_query("update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'"); + $row = mysqli_fetch_assoc($res); + mysqli_query($_SESSION['mconn'], "update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'"); showheader(_("Email Dispute")); if($row['attempts'] >= 3) { echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result."); - mysql_query("update `disputeemail` set hash='',action='failed' where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='failed' where `id`='$emailid'"); } else echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID."); showfooter(); @@ -115,7 +115,7 @@ } $_SESSION['_config']['emailid'] = $emailid; $_SESSION['_config']['hash'] = $hash; - $row = mysql_fetch_assoc(mysql_query("select * from `disputeemail` where `id`='$emailid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid'")); $_SESSION['_config']['email'] = $row['email']; showheader(_("Email Dispute")); includeit("4", "disputes"); @@ -126,10 +126,10 @@ if($type == "reallydomain") { $domainid = intval($_SESSION['_config']['domainid']); - $hash = mysql_escape_string(trim($_SESSION['_config']['hash'])); + $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash'])); - $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'"); + if(mysqli_num_rows($res) <= 0) { showheader(_("Domain Dispute")); echo _("This dispute no longer seems to be in the database, can't continue."); @@ -139,7 +139,7 @@ if($action == "reject") { - mysql_query("update `disputedomain` set hash='',action='reject' where `id`='$domainid'"); + mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='reject' where `id`='$domainid'"); showheader(_("Domain Dispute")); echo _("You have opted to reject this dispute and the request will be removed from the database"); showfooter(); @@ -152,13 +152,13 @@ echo "<p>"._("The following accounts have been removed:")."<br>\n"; //new account_domain_delete($domainid, $memberID) $query = "select * from `domains` where `id`='$domainid' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { echo $_SESSION['_config']['domain']."<br>\n"; account_domain_delete($domainid); } - mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'"); + mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='accept' where `id`='$domainid'"); showfooter(); exit; } @@ -167,7 +167,7 @@ if($type == "domain") { $domainid = intval($_REQUEST['domainid']); - $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash']))); + $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash']))); if($domainid <= 0 || $hash == "") { showheader(_("Domain Dispute")); @@ -176,19 +176,19 @@ exit; } - $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'"); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'"); + if(mysqli_num_rows($res) <= 0) { - $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and hash!=''"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and hash!=''"); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); - mysql_query("update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'"); + $row = mysqli_fetch_assoc($res); + mysqli_query($_SESSION['mconn'], "update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'"); showheader(_("Domain Dispute")); if($row['attempts'] >= 3) { echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result."); - mysql_query("update `disputedomain` set hash='',action='failed' where `id`='$domainid'"); + mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='failed' where `id`='$domainid'"); } else echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID."); showfooter(); @@ -202,7 +202,7 @@ } $_SESSION['_config']['domainid'] = $domainid; $_SESSION['_config']['hash'] = $hash; - $row = mysql_fetch_assoc(mysql_query("select * from `disputedomain` where `id`='$domainid'")); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid'")); $_SESSION['_config']['domain'] = $row['domain']; showheader(_("Domain Dispute")); includeit("6", "disputes"); @@ -213,7 +213,7 @@ if($oldid == "1") { csrf_check('emaildispute'); - $email = trim(mysql_escape_string(stripslashes($_REQUEST['dispute']))); + $email = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute']))); if($email == "") { showheader(_("Email Dispute")); @@ -223,8 +223,8 @@ } //check if email belongs to locked account - $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysqli_num_rows($res) > 0) { showheader(_("Email Dispute")); printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); @@ -239,8 +239,8 @@ exit; } - $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `email`='$email' and hash!=''"); + if(mysqli_num_rows($res) > 0) { showheader(_("Email Dispute")); printf(_("The email address '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($email)); @@ -250,15 +250,15 @@ unset($oldid); $query = "select * from `email` where `email`='$email' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("Email Dispute")); printf(_("The email address '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email)); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $oldmemid = $row['memid']; $emailid = $row['id']; if($_SESSION['profile']['id'] == $oldmemid) @@ -269,10 +269,10 @@ exit; } - $res = mysql_query("select * from `users` where `id`='$oldmemid'"); - $user = mysql_fetch_assoc($res); - $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); - $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); + $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'"); + $user = mysqli_fetch_assoc($res); + $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); + $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); if($user['email'] == $email && ($rc > 0 || $rc2 > 0)) { showheader(_("Email Dispute")); @@ -285,7 +285,7 @@ $query = "insert into `disputeemail` set `email`='$email',`memid`='".intval($_SESSION['profile']['id'])."', `oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='".intval($emailid)."', `IP`='".$_SERVER['REMOTE_ADDR']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n"; $body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n"; @@ -302,7 +302,7 @@ if($oldid == "2") { csrf_check('domaindispute'); - $domain = trim(mysql_escape_string(stripslashes($_REQUEST['dispute']))); + $domain = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute']))); if($domain == "") { showheader(_("Domain Dispute")); @@ -312,8 +312,8 @@ } //check if domain belongs to locked account - $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], "select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysqli_num_rows($res) > 0) { showheader(_("Domain Dispute")); printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); @@ -329,8 +329,8 @@ } $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { showheader(_("Domain Dispute")); printf(_("The domain '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($domain)); @@ -339,12 +339,12 @@ } unset($oldid); $query = "select * from `domains` where `domain`='$domain' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $query = "select 1 from `orgdomains` where `domain`='$domain'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { showheader(_("Domain Dispute")); printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>'); @@ -356,7 +356,7 @@ showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $oldmemid = $row['memid']; if($_SESSION['profile']['id'] == $oldmemid) { @@ -384,7 +384,7 @@ $bits = explode(":", $line, 2); $line = trim($bits[1]); if(!in_array($line, $addy) && $line != "") - $addy[] = trim(mysql_escape_string(stripslashes($line))); + $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } else { if(is_array($adds)) @@ -401,7 +401,7 @@ $line = $bit; } if(!in_array($line, $addy) && $line != "") - $addy[] = trim(mysql_escape_string(stripslashes($line))); + $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } @@ -418,7 +418,7 @@ if($oldid == "5") { - $authaddy = trim(mysql_escape_string(stripslashes($_REQUEST['authaddy']))); + $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy']))); if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "") { @@ -429,8 +429,8 @@ } $query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("Domain Dispute!")); printf(_("The domain '%s' isn't in the system. Can't continue."), sanitizeHTML($_SESSION['_config']['domain'])); @@ -441,12 +441,12 @@ $domainid = intval($_SESSION['_config']['domainid']); $memid = intval($_SESSION['_config']['memid']); $oldmemid = intval($_SESSION['_config']['oldmemid']); - $domain = mysql_escape_string($_SESSION['_config']['domain']); + $domain = mysql_real_escape_string($_SESSION['_config']['domain']); $hash = make_hash(); $query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."', `oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $body = sprintf(_("You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $domain)."\n\n"; $body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=domain&domainid=$domainid&hash=$hash\n\n"; diff --git a/www/gpg.php b/www/gpg.php index 263c1d3..31c4ae0 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -74,7 +74,7 @@ function verifyName($name) function verifyEmail($email) { if($email == "") return 0; - if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1; + if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1; return 0; } @@ -318,8 +318,8 @@ function verifyEmail($email) `multiple`='".mysql_real_escape_string($multiple)."', `keyid`='".mysql_real_escape_string($keyid)."', `description`='".mysql_real_escape_string($description)."'"; - mysql_query($query); - $insert_id = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $insert_id = mysqli_insert_id(); $cwd = '/tmp/gpgspace'.$insert_id; @@ -521,14 +521,14 @@ function verifyEmail($email) $cmd_keyid = escapeshellarg($keyid); $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`; - mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'"); + mysqli_query($_SESSION['mconn'], "update `gpg` set `csr`='$csrname' where `id`='$insert_id'"); waitForResult('gpg', $insert_id); showheader(_("Welcome to CAcert.org")); echo $resulttable; $query = "select * from `gpg` where `id`='$insert_id' and `crt`!=''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n"; echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you."); @@ -551,7 +551,7 @@ function verifyEmail($email) { $cid = intval(substr($id,14)); $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + mysqli_query($_SESSION['mconn'], "update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); } } echo(_("Certificate settings have been changed.")."<br/>\n"); diff --git a/www/index.php b/www/index.php index c7cc03e..c79c961 100644 --- a/www/index.php +++ b/www/index.php @@ -53,7 +53,7 @@ require_once('../includes/lib/l10n.php'); $oldid = 0; if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1']) { - $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); + $_SESSION['lostpw']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1'])) $answers++; @@ -61,7 +61,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2']) { - $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); + $_SESSION['lostpw']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2'])) $answers++; @@ -69,7 +69,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3']) { - $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); + $_SESSION['lostpw']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3'])) $answers++; @@ -77,7 +77,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4']) { - $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); + $_SESSION['lostpw']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4'])) $answers++; @@ -85,15 +85,15 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5']) { - $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); + $_SESSION['lostpw']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5'])) $answers++; $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n"; } - $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1'])))); - $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2'])))); + $_SESSION['lostpw']['pw1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass1'])))); + $_SESSION['lostpw']['pw2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass2'])))); if($answers < $_SESSION['lostpw']['total'] || $answers < 3) { @@ -119,7 +119,7 @@ require_once('../includes/lib/l10n.php'); } else { $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."') where `id`='".intval($_SESSION['lostpw']['user']['id'])."'"; - mysql_query($query) || die(mysql_error()); + mysqli_query($_SESSION['mconn'], $query) || die(mysqli_error()); showheader(_("Welcome to CAcert.org")); echo _("Your Pass Phrase has been changed now. You can now login with your new password."); showfooter(); @@ -130,21 +130,21 @@ require_once('../includes/lib/l10n.php'); if($oldid == 5 && $process != "") { - $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); + $email = $_SESSION['lostpw']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); $_SESSION['lostpw']['day'] = intval($_REQUEST['day']); $_SESSION['lostpw']['month'] = intval($_REQUEST['month']); $_SESSION['lostpw']['year'] = intval($_REQUEST['year']); $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day']; $query = "select * from `users` where `email`='$email' and `dob`='$dob'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $id = $oldid; $oldid = 0; $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file"); } else { $id = 6; - $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res); + $_SESSION['lostpw']['user'] = mysqli_fetch_assoc($res); } } @@ -156,7 +156,7 @@ require_once('../includes/lib/l10n.php'); if($user_id >= 0) { - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$user_id' and `deleted`=0 and `locked`=0")); @@ -251,18 +251,18 @@ require_once('../includes/lib/l10n.php'); $_SESSION['_config']['errmsg'] = ""; - $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); - $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword']))); + $email = mysql_real_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); + $pword = mysql_real_escape_string(stripslashes(trim($_REQUEST['pword']))); $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0"; - $otpres = mysql_query($otpquery); - if(mysql_num_rows($otpres) > 0) + $otpres = mysqli_query($_SESSION['mconn'], $otpquery); + if(mysqli_num_rows($otpres) > 0) { - $otp = mysql_fetch_assoc($otpres); + $otp = mysqli_fetch_assoc($otpres); $otphash = $otp['otphash']; $otppin = $otp['otppin']; if(strlen($pword) == 6) @@ -275,13 +275,13 @@ require_once('../includes/lib/l10n.php'); } $query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'"; - if(mysql_num_rows(mysql_query($query)) <= 0) + if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) <= 0) { $query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++) { if($otppin > 0) @@ -297,31 +297,31 @@ require_once('../includes/lib/l10n.php'); $md5 = getOTP32(md5("$i$otphash")); if($pword == $md5) - $res = mysql_query($otpquery); + $res = mysqli_query($_SESSION['mconn'], $otpquery); } } } } - if(mysql_num_rows($res) > 0) + if(mysqli_num_rows($res) > 0) { $_SESSION['profile'] = ""; unset($_SESSION['profile']); - $_SESSION['profile'] = mysql_fetch_assoc($res); + $_SESSION['profile'] = mysqli_fetch_assoc($res); $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } else { L10n::set_translation($_SESSION['profile']['language']); L10n::init_gettext(); } $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; $_SESSION['profile']['loggedin'] = 1; if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" || @@ -342,8 +342,8 @@ require_once('../includes/lib/l10n.php'); $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=0 and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase."); } else { @@ -358,26 +358,26 @@ require_once('../includes/lib/l10n.php'); $_SESSION['_config']['errmsg'] = ""; - $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); - $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); - $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); - $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); - $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); + $_SESSION['signup']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); + $_SESSION['signup']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); + $_SESSION['signup']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); + $_SESSION['signup']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); + $_SESSION['signup']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); $_SESSION['signup']['day'] = intval($_REQUEST['day']); $_SESSION['signup']['month'] = intval($_REQUEST['month']); $_SESSION['signup']['year'] = intval($_REQUEST['year']); - $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1']))); - $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2']))); - $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); - $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); - $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); - $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); - $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); - $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); - $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); - $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); - $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); - $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); + $_SESSION['signup']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1']))); + $_SESSION['signup']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2']))); + $_SESSION['signup']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); + $_SESSION['signup']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); + $_SESSION['signup']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); + $_SESSION['signup']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); + $_SESSION['signup']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); + $_SESSION['signup']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); + $_SESSION['signup']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); + $_SESSION['signup']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); + $_SESSION['signup']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); + $_SESSION['signup']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0); $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0); $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0); @@ -472,21 +472,21 @@ require_once('../includes/lib/l10n.php'); if($id == 2) { $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; - $res1 = mysql_query($query); + $res1 = mysqli_query($_SESSION['mconn'], $query); $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; - $res2 = mysql_query($query); - if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) + $res2 = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0) { $id = 1; $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n"; } $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $domain = mysql_fetch_assoc($res); + $domain = mysqli_fetch_assoc($res); $domain = $domain['domain']; $id = 1; $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n"; @@ -531,20 +531,20 @@ require_once('../includes/lib/l10n.php'); `A4`='".$_SESSION['signup']['A4']."', `A5`='".$_SESSION['signup']['A5']."', `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))"; - mysql_query($query); - $memid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $memid = mysqli_insert_id(); $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."', `hash`='$hash', `created`=NOW(), `memid`='$memid'"; - mysql_query($query); - $emailid = mysql_insert_id(); + mysqli_query($_SESSION['mconn'], $query); + $emailid = mysqli_insert_id(); $query = "insert into `alerts` set `memid`='$memid', `general`='".$_SESSION['signup']['general']."', `country`='".$_SESSION['signup']['country']."', `regional`='".$_SESSION['signup']['regional']."', `radius`='".$_SESSION['signup']['radius']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); include_once("../includes/notary.inc.php"); write_user_agreement($memid, "CCA", "account creation", "", 1); diff --git a/www/news.php b/www/news.php index f355b4b..b4ddd26 100644 --- a/www/news.php +++ b/www/news.php @@ -25,7 +25,7 @@ if($id > 0) { $query = "select * from `news` where `id`='$id'"; - $row = mysql_fetch_assoc(mysql_query($query)); + $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query)); echo "<h3>".$row['short']."</h3>\n"; echo "<p>Posted by ".$row['who']." at ".$row['when']."</p>\n"; @@ -33,8 +33,8 @@ echo "<p>".str_replace("\n", "<br>\n", $row['story'])."</p>\n"; } else { $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n"; if($row['story'] != "") diff --git a/www/rss.php b/www/rss.php index f8eddb7..fedf9fd 100644 --- a/www/rss.php +++ b/www/rss.php @@ -12,8 +12,8 @@ <lastBuildDate><?=date("D, d M Y H:i:s O")?></lastBuildDate> <ttl>3600</ttl><? $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 10"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) + $res = mysqli_query($_SESSION['mconn'], $query); + while($row = mysqli_fetch_assoc($res)) { ?> <item> <title><?=strip_tags($row['short'])?></title> diff --git a/www/sqldump.php b/www/sqldump.php index f30b4d0..69be6ab 100644 --- a/www/sqldump.php +++ b/www/sqldump.php @@ -25,14 +25,14 @@ # Database: `cacert` # <? - $tables = mysql_query("SHOW TABLES"); - while(list($table_name) = mysql_fetch_array($tables)) + $tables = mysqli_query($_SESSION['mconn'], "SHOW TABLES"); + while(list($table_name) = mysqli_fetch_array($tables)) { echo "# --------------------------------------------------------\n\n"; echo "#\n# Table structure for table `$table_name`\n#\n\n"; echo "DROP TABLE IF EXISTS `$table_name`;\n"; - $create = mysql_fetch_assoc(mysql_query("SHOW CREATE TABLE `$table_name`")); + $create = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "SHOW CREATE TABLE `$table_name`")); echo $create['Create Table'].";\n\n"; } ?> diff --git a/www/stats.php b/www/stats.php index 1599e17..7aa9d26 100644 --- a/www/stats.php +++ b/www/stats.php @@ -25,9 +25,9 @@ */ function getData() { $sql = 'select * from `statscache` order by `timestamp` desc limit 1'; - $res = mysql_query($sql); - if ($res && mysql_numrows($res) > 0) { - $ar = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $sql); + if ($res && mysqli_numrows($res) > 0) { + $ar = mysqli_fetch_assoc($res); $stats = unserialize($ar['cache']); $stats['timestamp'] = $ar['timestamp']; return $stats; diff --git a/www/verify.php b/www/verify.php index 6f603e4..23a7d68 100644 --- a/www/verify.php +++ b/www/verify.php @@ -43,41 +43,41 @@ { $id = 1; $emailid = intval($_REQUEST['emailid']); - $hash = mysql_escape_string(stripslashes($_REQUEST['hash'])); + $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash'])); $query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $row['attempts']++; if($row['attempts'] >= 6) { - mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'"); showheader(_("Error!"), _("Error!")); echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system"); showfooter(); exit; } - mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'"); + mysqli_query($_SESSION['mconn'], "update `email` set `attempts`='$row[attempts]' where `id`='$emailid'"); } $query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("Error!"), _("Error!")); echo _("The ID or Hash has already been verified, or something weird happened."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "") { $query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); $query = "update `users` set `verified`='1' where `id`='".intval($row['memid'])."' and `email`='".$row['email']."' and `verified`='0'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); showheader(_("Updated"), _("Updated")); echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address."); } else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") { @@ -101,13 +101,13 @@ { $id = 7; $domainid = intval($_REQUEST['domainid']); - $hash = mysql_escape_string(stripslashes($_REQUEST['hash'])); + $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash'])); $query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); $row['attempts']++; if($row['attempts'] >= 6) { @@ -118,23 +118,23 @@ exit; } $query = "update `domains` set `attempts`='".intval($row['attempts'])."' where `id`='$domainid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); } $query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) <= 0) { showheader(_("Error!"), _("Error!")); echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened."); showfooter(); exit; } - $row = mysql_fetch_assoc($res); + $row = mysqli_fetch_assoc($res); if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "") { $query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); showheader(_("Updated"), _("Updated")); echo _("Your domain has been verified. You can now start issuing certificates for this domain."); } else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") { diff --git a/www/wot.php b/www/wot.php index 7200517..22c1255 100644 --- a/www/wot.php +++ b/www/wot.php @@ -135,7 +135,7 @@ function send_reminder() $body .= "User ".$_SESSION['profile']['fname']." ". $_SESSION['profile']['lname']." with email address '". $_SESSION['profile']['email']."' is requesting a TTP assurances for ". - mysql_escape_string(stripslashes($_POST['country'])).".\n\n"; + mysql_real_escape_string(stripslashes($_POST['country'])).".\n\n"; if ($_POST['ttptopup']=='1') { $body .= "The user is also requesting TTP TOPUP.\n\n"; }else{ @@ -182,9 +182,9 @@ function send_reminder() if($oldid == 5) { - $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1) + $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) != 1) { $_SESSION['_config']['noemailfound'] = 1; show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information.")); @@ -192,16 +192,16 @@ function send_reminder() } else { $_SESSION['_config']['noemailfound'] = 0; - $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res); + $_SESSION['_config']['notarise'] = mysqli_fetch_assoc($res); if ($_SESSION['_config']['notarise']['verified'] == 0) { show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!")); exit; } } - $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) >= 1) + $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `locked`=1"; + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) >= 1) { $_SESSION['_config']['noemailfound'] = 0; show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org.")); @@ -226,8 +226,8 @@ function send_reminder() $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and `to`='".$_SESSION['_config']['notarise']['id']."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { show_page("EnterEmail","",_("You are only allowed to Assure someone once!")); exit; @@ -311,8 +311,8 @@ $iecho= "c"; } $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; - $res = mysql_query($query); - $row = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $row = mysqli_fetch_assoc($res); $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) { @@ -333,8 +333,8 @@ $iecho= "c"; $newpoints = $awarded = 0; $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; - $res = mysql_query($query); - $drow = mysql_fetch_assoc($res); + $res = mysqli_query($_SESSION['mconn'], $query); + $drow = mysqli_fetch_assoc($res); $_POST['expire'] = 0; @@ -345,16 +345,16 @@ $iecho= "c"; if($newpoints < 0) $newpoints = 0; - if(mysql_escape_string(stripslashes($_POST['date'])) == "") + if(trim($_POST['date']) == "") $_POST['date'] = date("Y-m-d H:i:s"); $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND `to`='".$_SESSION['_config']['notarise']['id']."' AND `awarded`='$awarded' AND - `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND - `date`='".mysql_escape_string(stripslashes($_POST['date']))."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."'"; + $res = mysqli_query($_SESSION['mconn'], $query); + if(mysqli_num_rows($res) > 0) { show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); exit; @@ -366,8 +366,8 @@ $iecho= "c"; $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', `to`='".$_SESSION['_config']['notarise']['id']."', `points`='$newpoints', `awarded`='$awarded', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; //record active acceptance by Assurer if (check_date_format(trim($_REQUEST['date']),2010)) { @@ -377,7 +377,7 @@ $iecho= "c"; if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; } - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); include_once("../includes/notary.inc.php"); @@ -391,11 +391,11 @@ $iecho= "c"; $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', `to`='".$_SESSION['profile']['id']."', `points`='$addpoints', `awarded`='$addpoints', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `method`='Administrative Increase', `when`=NOW()"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); // No need to fix_assurer_flag here, this should only happen for assurers... $_SESSION['profile']['points'] += $addpoints; @@ -478,7 +478,7 @@ $iecho= "c"; { csrf_check("chgcontact"); - $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); + $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); $listme = intval($_POST['listme']); if($listme < 0 || $listme > 1) $listme = 0; @@ -487,7 +487,7 @@ $iecho= "c"; $_SESSION['profile']['contactinfo'] = $info; $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + mysqli_query($_SESSION['mconn'], $query); showheader(_("My CAcert.org Account!")); echo "<p>"._("Your account information has been updated.")."</p>"; @@ -507,8 +507,8 @@ $iecho= "c"; $body = $_REQUEST['message']; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); - $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$userid' and `listme`=1")); + $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary` where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { |