summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@cacert.org>2014-03-19 16:48:11 +0100
committerBenny Baumann <BenBE@cacert.org>2014-03-19 16:48:11 +0100
commitb4fd0cc7a503e399aa5868746ddeba58f3555462 (patch)
tree84067c043a01ef71b7d5f60c98960b4a9d40f5a9
parent0d483486300eaa358c49723e4ad3cd51c361cc59 (diff)
downloadcacert-devel-bug-1260.tar.gz
cacert-devel-bug-1260.tar.xz
cacert-devel-bug-1260.zip
bug 1260: Use MySQLi instead of MySQL extension for database accessbug-1260
-rw-r--r--includes/account.php570
-rw-r--r--includes/account_stuff.php4
-rw-r--r--includes/general.php64
-rw-r--r--includes/general_stuff.php4
-rw-r--r--includes/lib/account.php6
-rw-r--r--includes/lib/general.php25
-rw-r--r--includes/loggedin.php10
-rw-r--r--includes/notary.inc.php128
-rw-r--r--pages/account/12.php6
-rw-r--r--pages/account/13.php4
-rw-r--r--pages/account/15.php6
-rw-r--r--pages/account/18.php12
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/2.php4
-rw-r--r--pages/account/22.php12
-rw-r--r--pages/account/23.php6
-rw-r--r--pages/account/25.php12
-rw-r--r--pages/account/26.php6
-rw-r--r--pages/account/27.php2
-rw-r--r--pages/account/28.php2
-rw-r--r--pages/account/29.php4
-rw-r--r--pages/account/3.php4
-rw-r--r--pages/account/30.php4
-rw-r--r--pages/account/31.php2
-rw-r--r--pages/account/32.php8
-rw-r--r--pages/account/33.php2
-rw-r--r--pages/account/34.php6
-rw-r--r--pages/account/35.php14
-rw-r--r--pages/account/41.php10
-rw-r--r--pages/account/43.php156
-rw-r--r--pages/account/49.php30
-rw-r--r--pages/account/5.php6
-rw-r--r--pages/account/51.php8
-rw-r--r--pages/account/52.php30
-rw-r--r--pages/account/53.php22
-rw-r--r--pages/account/54.php18
-rw-r--r--pages/account/55.php14
-rw-r--r--pages/account/56.php4
-rw-r--r--pages/account/57.php6
-rw-r--r--pages/account/58.php12
-rw-r--r--pages/account/6.php6
-rw-r--r--pages/account/9.php6
-rw-r--r--pages/advertising/0.php20
-rw-r--r--pages/gpg/2.php6
-rw-r--r--pages/gpg/3.php6
-rw-r--r--pages/wot/1.php26
-rw-r--r--pages/wot/10.php18
-rw-r--r--pages/wot/12.php22
-rw-r--r--pages/wot/13.php36
-rw-r--r--pages/wot/9.php14
-rwxr-xr-xscripts/consistence.php44
-rwxr-xr-xscripts/country.php4
-rwxr-xr-xscripts/cron/permissionreview.php6
-rwxr-xr-xscripts/cron/removedead.php30
-rwxr-xr-xscripts/cron/updatesort.php24
-rw-r--r--scripts/gpgcheck3.php18
-rw-r--r--scripts/gpgfillmissingkeyid.php9
-rwxr-xr-xscripts/scanforexponents.php24
-rw-r--r--stamp/common.php36
-rw-r--r--stamp/report.php4
-rw-r--r--tverify/index.php26
-rw-r--r--tverify/index/0.php10
-rw-r--r--www/ac.php4
-rw-r--r--www/account.php6
-rw-r--r--www/advertising.php2
-rw-r--r--www/alert_hash_collision.php8
-rw-r--r--www/api/ccsr.php28
-rw-r--r--www/api/cemails.php16
-rw-r--r--www/api/edu.php15
-rw-r--r--www/cats/cats_import.php34
-rw-r--r--www/disputes.php138
-rw-r--r--www/gpg.php14
-rw-r--r--www/index.php120
-rw-r--r--www/news.php6
-rw-r--r--www/rss.php4
-rw-r--r--www/sqldump.php6
-rw-r--r--www/stats.php6
-rw-r--r--www/verify.php40
-rw-r--r--www/wot.php58
79 files changed, 1073 insertions, 1076 deletions
diff --git a/includes/account.php b/includes/account.php
index 7c3748d..55e11f5 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -147,8 +147,8 @@ function buildSubjectFromSession() {
}
$hash = make_hash();
$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
@@ -167,15 +167,15 @@ function buildSubjectFromSession() {
$id = 2;
$emailid = intval($_REQUEST['emailid']);
$query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"));
echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
$body .= _("You are receiving this email because you or someone else ".
"has changed the default email on your account.")."\n\n";
@@ -187,7 +187,7 @@ function buildSubjectFromSession() {
$_SESSION['profile']['email'] = $row['email'];
$query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("My CAcert.org Account!"));
printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
showfooter();
@@ -212,10 +212,10 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
`email`!='".$_SESSION['profile']['email']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['email']."<br>\n";
account_email_delete($row['id']);
$delcount++;
@@ -321,10 +321,10 @@ function buildSubjectFromSession() {
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
- $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(!$emails)
$defaultemail = $row['email'];
$emails .= "$count.emailAddress = ".$row['email']."\n";
@@ -340,7 +340,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
if($_SESSION['_config']['SSO'] == 1)
$emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
@@ -385,11 +385,11 @@ function buildSubjectFromSession() {
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
if(is_array($addys))
foreach($addys as $addy)
- mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
@@ -404,7 +404,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
@@ -427,7 +427,7 @@ function buildSubjectFromSession() {
$defaultemail = "";
$csrsubject="";
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if(strlen($user['mname']) == 1)
$user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
@@ -443,10 +443,10 @@ function buildSubjectFromSession() {
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
- $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($defaultemail == "")
$defaultemail = $row['email'];
$csrsubject .= "/emailAddress=".$row['email'];
@@ -486,21 +486,21 @@ function buildSubjectFromSession() {
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
if(is_array($addys))
foreach($addys as $addy)
- mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
+ mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
$CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
waitForResult("emailcerts", $emailid, 4);
$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 4;
showheader(_("My CAcert.org Account!"));
@@ -539,10 +539,10 @@ function buildSubjectFromSession() {
$newdom = trim(escapeshellarg($newdomain));
$newdomain = mysql_real_escape_string(trim($newdomain));
- $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
+ $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
- $res2 = mysql_query($query);
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
+ $res2 = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2))
{
$oldid=0;
$id = 7;
@@ -624,8 +624,8 @@ function buildSubjectFromSession() {
}
$query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
@@ -651,8 +651,8 @@ function buildSubjectFromSession() {
$hash = make_hash();
$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
- mysql_query($query);
- $domainid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $domainid = mysqli_insert_id();
$body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
@@ -679,10 +679,10 @@ function buildSubjectFromSession() {
{
$id = intval($id);
$query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['domain']."<br>\n";
account_domain_delete($row['id']);
}
@@ -821,24 +821,24 @@ function buildSubjectFromSession() {
exit;
}
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $CSRid = mysqli_insert_id();
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname=generatecertpath("csr","server",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
- mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
waitForResult("domaincerts", $CSRid, 11);
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 11;
showheader(_("My CAcert.org Account!"));
@@ -868,14 +868,14 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -884,7 +884,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
`domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
@@ -896,8 +896,8 @@ function buildSubjectFromSession() {
`type`='".$row['type']."',
`pkhash`='".$row['pkhash']."',
`description`='".$row['description']."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $newid = mysqli_insert_id();
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
@@ -919,17 +919,17 @@ function buildSubjectFromSession() {
$subject = buildSubjectFromSession();
$subject = mysql_real_escape_string($subject);
- mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
waitForResult("domaincerts", $newid,$oldid,0);
$query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
- $drow = mysql_fetch_assoc($res);
+ $drow = mysqli_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
echo "<pre>\n$cert\n</pre>\n";
}
@@ -959,19 +959,19 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@@ -990,19 +990,19 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `domaincerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "delete from `domaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1021,7 +1021,7 @@ function buildSubjectFromSession() {
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1041,14 +1041,14 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -1057,7 +1057,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
`memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
@@ -1070,21 +1070,21 @@ function buildSubjectFromSession() {
`codesign`='".$row['codesign']."',
`rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $newid = mysqli_insert_id();
$newfile=generatecertpath("csr","client",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
- $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
- while($r2 = mysql_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+ $res = mysqli_query($_SESSION['mconn'], "select * from `emaillink` where `emailcertsid`='".$row['id']."'");
+ while($r2 = mysqli_fetch_assoc($res))
{
- mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
+ mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailid`='".$r2['emailid']."',
`emailcertsid`='$newid'");
}
waitForResult("emailcerts", $newid,$oldid,0);
$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
@@ -1115,19 +1115,19 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@@ -1144,19 +1144,19 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `emailcerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "delete from `emailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1175,14 +1175,14 @@ function buildSubjectFromSession() {
{
$cid = intval(substr($id,5));
$dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
if(!empty($_REQUEST['check_comment_'.$cid])) {
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
}
}
@@ -1257,8 +1257,8 @@ function buildSubjectFromSession() {
if($oldid == 13 && $process != "")
{
$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
- $ddres = mysql_query($ddquery);
- $ddrow = mysql_fetch_assoc($ddres);
+ $ddres = mysqli_query($_SESSION['mconn'], $ddquery);
+ $ddrow = mysqli_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
if($_SESSION['profile']['points'] == 0)
@@ -1297,7 +1297,7 @@ function buildSubjectFromSession() {
`suffix`='".$_SESSION['_config']['user']['suffix']."',
`dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
if ($showdetails!="") {
$query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
@@ -1311,7 +1311,7 @@ function buildSubjectFromSession() {
`A4`='".$_SESSION['_config']['user']['A4']."',
`A5`='".$_SESSION['_config']['user']['A5']."'
where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
//!!!Should be rewritten
@@ -1321,16 +1321,16 @@ function buildSubjectFromSession() {
{
$query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
`otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$_SESSION['_config']['user']['set'] = 0;
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
$_SESSION['profile']['loggedin'] = 1;
$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
- $ddres = mysql_query($ddquery);
- $ddrow = mysql_fetch_assoc($ddres);
+ $ddres = mysqli_query($_SESSION['mconn'], $ddquery);
+ $ddrow = mysqli_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1362,10 +1362,10 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
{
- $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
+ $match = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$_SESSION['profile']['id']."' and
(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
- $rc = mysql_num_rows($match);
+ $rc = mysqli_num_rows($match);
} else {
$rc = 1;
}
@@ -1383,7 +1383,7 @@ function buildSubjectFromSession() {
_("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
- mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
+ mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
where `id`='".$_SESSION['profile']['id']."'");
echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
@@ -1534,11 +1534,11 @@ function buildSubjectFromSession() {
`codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
foreach($_SESSION['_config']['domids'] as $addy)
- mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'], "insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
@@ -1554,7 +1554,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
@@ -1626,22 +1626,22 @@ function buildSubjectFromSession() {
`codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
foreach($_SESSION['_config']['domids'] as $addy)
- mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'], "insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
- mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
waitForResult("orgemailcerts", $emailid,$oldid);
$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -1669,14 +1669,14 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -1685,7 +1685,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -1703,15 +1703,15 @@ function buildSubjectFromSession() {
`codesign`='".$row['codesign']."',
`rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $newid = mysqli_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
waitForResult("orgemailcerts", $newid,$oldid,0);
$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
@@ -1742,19 +1742,19 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@@ -1772,19 +1772,19 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `orgemailcerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgemailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1803,7 +1803,7 @@ function buildSubjectFromSession() {
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1869,13 +1869,13 @@ function buildSubjectFromSession() {
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
`orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
- $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
+ $_SESSION['_config']['CNorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo`,`org`,`orgdomains` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
`orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
- $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
+ $_SESSION['_config']['SANorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
//echo "<pre>"; print_r($_SESSION['_config']); die;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
@@ -1933,7 +1933,7 @@ function buildSubjectFromSession() {
`orginfo`.`id`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
}
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$csrsubject = "";
if($_SESSION['_config']['OU'])
@@ -1976,23 +1976,23 @@ function buildSubjectFromSession() {
`type`='$type',
`description`='".$_SESSION['_config']['description']."'";
}
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $CSRid = mysqli_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
- mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+ mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+ mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
waitForResult("orgdomaincerts", $CSRid,$oldid);
$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2020,14 +2020,14 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -2036,7 +2036,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -2052,24 +2052,24 @@ function buildSubjectFromSession() {
`type`='".$row['type']."',
`rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $newid = mysqli_insert_id();
//echo "NewID: $newid<br/>\n";
$newfile=generatecertpath("csr","orgserver",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."<br>\n";
- $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
- while($r2 = mysql_fetch_assoc($res))
- mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
+ $res = mysqli_query($_SESSION['mconn'], "select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
+ while($r2 = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'], "insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
waitForResult("orgdomaincerts", $newid,$oldid,0);
$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
- $drow = mysql_fetch_assoc($res);
+ $drow = mysqli_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
echo "<pre>\n$cert\n</pre>\n";
}
@@ -2098,19 +2098,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@@ -2130,19 +2130,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `orgdomaincerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgdomaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -2161,7 +2161,7 @@ function buildSubjectFromSession() {
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -2211,7 +2211,7 @@ function buildSubjectFromSession() {
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ mysqli_query($_SESSION['mconn'], "insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2239,7 +2239,7 @@ function buildSubjectFromSession() {
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ mysqli_query($_SESSION['mconn'], "update `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2256,8 +2256,8 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
{
$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
- if(mysql_num_rows($res1) > 0)
+ $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain`='$domain'");
+ if(mysqli_num_rows($res1) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2273,7 +2273,7 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
{
- mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
+ mysqli_query($_SESSION['mconn'], "insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
@@ -2285,9 +2285,9 @@ function buildSubjectFromSession() {
{
$domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
- $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ $res1 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
+ $res2 = mysqli_query($_SESSION['mconn'], "select * from `domains` where `domain` like '$domain' and `deleted`=0");
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2301,23 +2301,23 @@ function buildSubjectFromSession() {
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
}
if($oldid == 29 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
- mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `id`='".intval($domid)."'"));
+ mysqli_query($_SESSION['mconn'], "update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2327,9 +2327,9 @@ function buildSubjectFromSession() {
if($oldid == 30 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `id`='".intval($domid)."'"));
$domain = $row['domain'];
- mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2346,36 +2346,36 @@ function buildSubjectFromSession() {
if($oldid == 31 && $process != "")
{
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ while($drow = mysqli_fetch_assoc($dres))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
}
}
- mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'], "delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
}
if($oldid == 31)
@@ -2387,7 +2387,7 @@ function buildSubjectFromSession() {
if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $_macc = mysql_num_rows(mysql_query($query));
+ $_macc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2400,7 +2400,7 @@ function buildSubjectFromSession() {
if($id == 35 || $oldid == 35)
{
$query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
- $is_orguser = mysql_num_rows(mysql_query($query));
+ $is_orguser = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2414,8 +2414,8 @@ function buildSubjectFromSession() {
{
$orgid = intval($_SESSION['_config']['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 35;
}
@@ -2431,14 +2431,14 @@ function buildSubjectFromSession() {
$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
$OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
- $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
+ if(mysqli_num_rows($res) <= 0)
{
$id = $oldid;
$oldid=0;
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if ( !is_assurer(intval($row['id'])) )
{
$id = $oldid;
@@ -2446,7 +2446,7 @@ function buildSubjectFromSession() {
$_SESSION['_config']['errmsg'] =
_("The user is not an Assurer yet");
} else {
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"insert into `org`
set `memid`='".intval($row['id'])."',
`orgid`='".intval($_SESSION['_config']['orgid'])."',
@@ -2460,8 +2460,8 @@ function buildSubjectFromSession() {
if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
- $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
+ if(mysqli_num_rows($res) <= 0)
$id = 32;
}
@@ -2470,7 +2470,7 @@ function buildSubjectFromSession() {
$orgid = intval($_SESSION['_config']['orgid']);
$memid = intval($_REQUEST['memid']);
$query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
if($oldid == 34 || $oldid == 33)
@@ -2482,7 +2482,7 @@ function buildSubjectFromSession() {
if($id == 36)
{
- $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
$_REQUEST['general'] = $row['general'];
$_REQUEST['country'] = $row['country'];
$_REQUEST['regional'] = $row['regional'];
@@ -2491,7 +2491,7 @@ function buildSubjectFromSession() {
if($oldid == 36)
{
- $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
if($rc > 0)
{
$query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
@@ -2506,7 +2506,7 @@ function buildSubjectFromSession() {
`radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
`memid`='".intval($_SESSION['profile']['id'])."'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$id = $oldid;
$oldid=0;
}
@@ -2519,7 +2519,7 @@ function buildSubjectFromSession() {
{
if($key == $lang)
{
- mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
$_SESSION['profile']['language'] = $lang;
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
@@ -2539,7 +2539,7 @@ function buildSubjectFromSession() {
csrf_check("seclang");
$addlang = mysql_real_escape_string($_REQUEST['addlang']);
// Does the language exist?
- mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
+ mysqli_query($_SESSION['mconn'], "insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2550,7 +2550,7 @@ function buildSubjectFromSession() {
{
csrf_check("seclang");
$remove = mysql_real_escape_string($_REQUEST['remove']);
- mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
+ mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2593,58 +2593,58 @@ function buildSubjectFromSession() {
if($locid > 0 && $action == "edit")
{
$query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "edit") {
$query = "update `regions` set `name`='$name' where `id`='$regid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'"));
$_REQUEST['ccid'] = $row['ccid'];
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "add") {
- $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `ccid` from `regions` where `id`='$regid'"));
$ccid = $row['ccid'];
$query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($ccid > 0 && $action == "add" && $name != "") {
$query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'"));
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
- mysql_query("delete from `localias` where `locid`='$locid'");
- mysql_query("delete from `locations` where `id`='$locid'");
+ mysqli_query($_SESSION['mconn'], "delete from `localias` where `locid`='$locid'");
+ mysqli_query($_SESSION['mconn'], "delete from `locations` where `id`='$locid'");
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "move") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'"));
$oldregid = $row['regid'];
- mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'");
- mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'], "update `locations` set `regid`='$newreg' where `id`='$locid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `regid`='$newreg' where `regid`='$oldregid'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'"));
$_REQUEST['ccid'] = $row['ccid'];
- mysql_query("delete from `locations` where `regid`='$regid'");
- mysql_query("delete from `regions` where `id`='$regid'");
+ mysqli_query($_SESSION['mconn'], "delete from `locations` where `regid`='$regid'");
+ mysqli_query($_SESSION['mconn'], "delete from `regions` where `id`='$regid'");
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
@@ -2653,12 +2653,12 @@ function buildSubjectFromSession() {
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
$name = htmlentities($name);
- $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'");
+ $row = mysqli_query($_SESSION['mconn'], "insert into `localias` set `locid`='$locid',`name`='$name'");
} else if($locid > 0 && $action == "delalias") {
$id = 54;
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
- $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'");
+ $row = mysqli_query($_SESSION['mconn'], "delete from `localias` where `locid`='$locid' and `name`='$name'");
}
}
@@ -2687,12 +2687,12 @@ function buildSubjectFromSession() {
$year = intval($_REQUEST['year']);
$userid = intval($_REQUEST['userid']);
$query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
+ $details = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
`new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
@@ -2718,7 +2718,7 @@ function buildSubjectFromSession() {
{
if($_REQUEST['userid'] != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
$id = 42;
else
@@ -2732,8 +2732,8 @@ function buildSubjectFromSession() {
{
echo _("No such user found.");
} else {
- mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
@@ -2813,24 +2813,24 @@ function buildSubjectFromSession() {
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $CSRid = mysqli_insert_id();
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'], "insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname=generatecertpath("csr","server",$CSRid);
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);
- mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'], "update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
waitForResult("domaincerts", $CSRid,$oldid);
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2847,9 +2847,9 @@ function buildSubjectFromSession() {
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['tverify'];
- mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `tverify`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
@@ -2857,18 +2857,18 @@ function buildSubjectFromSession() {
csrf_check('admsetassuret');
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `assurer`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
@@ -2876,9 +2876,9 @@ function buildSubjectFromSession() {
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['locked'];
- mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `locked`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
@@ -2886,9 +2886,9 @@ function buildSubjectFromSession() {
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['codesign'];
- mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `codesign`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
@@ -2896,9 +2896,9 @@ function buildSubjectFromSession() {
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['orgadmin'];
- mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `orgadmin`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
@@ -2906,29 +2906,29 @@ function buildSubjectFromSession() {
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['ttpadmin'];
- mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `ttpadmin`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = $row['adadmin'] + 1;
if($ver > 2)
$ver = 0;
- mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `adadmin`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['locadmin'];
- mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `locadmin`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
@@ -2936,45 +2936,45 @@ function buildSubjectFromSession() {
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['admin'];
- mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `admin`='$ver' where `id`='$memid'");
}
if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['general'];
- mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `alerts` set `general`='$ver' where `memid`='$memid'");
}
if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['country'];
- mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `alerts` set `country`='$ver' where `memid`='$memid'");
}
if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['regional'];
- mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `alerts` set `regional`='$ver' where `memid`='$memid'");
}
if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$ver = !$row['radius'];
- mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'], "update `alerts` set `radius`='$ver' where `memid`='$memid'");
}
if($id == 50)
@@ -2982,7 +2982,7 @@ function buildSubjectFromSession() {
if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
$id = 42;
else
@@ -3045,7 +3045,7 @@ function buildSubjectFromSession() {
{
$uid = intval($_REQUEST['uid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $rc = mysql_num_rows(mysql_query($query));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
if($rc <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -3058,7 +3058,7 @@ function buildSubjectFromSession() {
if($oldid == 52)
{
$query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
- $rc = mysql_num_rows(mysql_query($query));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
if($rc > 0)
{
showheader(_("My CAcert.org Account!"));
@@ -3079,16 +3079,16 @@ function buildSubjectFromSession() {
`memid`='".$_SESSION['profile']['id']."',
`when`=NOW(), `vote`='$vote',
`comment`='".mysql_real_escape_string($_REQUEST['comment'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
- $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
if($rc >= 8)
{
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
- $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+ mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$uid'");
+ $tverify = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `tverify` where `id`='$uid'"));
$memid = $tverify['memid'];
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
- $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'"));
+ $tmp = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `points` from `notary` where `to`='$memid'"));
$points = 0;
if($tverify['URL'] != "" && $tverify['photoid'] != "")
@@ -3103,15 +3103,15 @@ function buildSubjectFromSession() {
if($points > 0)
{
- mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+ mysqli_query($_SESSION['mconn'], "insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
`method`='Thawte Points Transfer', `when`=NOW()");
fix_assurer_flag($memid);
}
$totalpoints = intval($tmp['points']) + $points;
$body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n";
- $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
+ while($row = mysqli_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= "\n";
@@ -3120,17 +3120,17 @@ function buildSubjectFromSession() {
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
}
- $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
if($rc >= 4)
{
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
- $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+ mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$uid'");
+ $tverify = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `tverify` where `id`='$uid'"));
$memid = $tverify['memid'];
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'"));
$body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n";
- $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], "select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
+ while($row = mysqli_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= "\n";
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index dbebf6a..39d21a8 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -199,7 +199,7 @@ function hideall() {
<h3 class="pointer" onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3>
<ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul>
</div>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3>
<ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul>
@@ -209,7 +209,7 @@ function hideall() {
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
diff --git a/includes/general.php b/includes/general.php
index 95ed64a..7981e24 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -79,12 +79,12 @@
if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
{
- $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $locked = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
if($locked['locked'] == 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
} else {
$_SESSION['profile'] = "";
@@ -288,11 +288,11 @@
$_SESSION['_config']['row'] = "";
$dom = mysql_real_escape_string($dom);
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$cnok = 1;
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -340,11 +340,11 @@
$_SESSION['_config']['altrow'] = "";
$dom = mysql_real_escape_string($dom);
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$altok = 1;
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -382,10 +382,10 @@
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -430,10 +430,10 @@
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -462,10 +462,10 @@
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
return(true);
}
}
@@ -478,12 +478,12 @@
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
$query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'";
- if(mysql_num_rows(mysql_query($query)) < 1)
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) < 1)
{
if($points >= 100)
return(10);
@@ -582,7 +582,7 @@
$line = mysql_real_escape_string(trim(strip_tags($line)));
$query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
if(is_array($_SESSION['profile'])) $query.=", `uid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
if(substr($line, 0, 3) != "250")
return $line;
@@ -593,7 +593,7 @@
}
$query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."',
`email`='$myemail', `result`='Failed to make a connection to the mail server'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
return _("Failed to make a connection to the mail server");
}
@@ -614,8 +614,8 @@
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
else
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$found = 1;
break;
@@ -627,10 +627,10 @@
{
if($show) showheader(_("My CAcert.org Account!"));
$query = "select * from `$table` where `id`='".intval($certid)."' ";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$body="";
$subject="";
- if(mysql_num_rows($res) > 0)
+ if(mysqli_num_rows($res) > 0)
{
printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
$subject="[CAcert.org] Certificate TIMEOUT";
@@ -657,8 +657,8 @@
function generateTicket()
{
$query = "insert into tickets (timestamp) values (now()) ";
- mysql_query($query);
- $ticket = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $ticket = mysqli_insert_id();
return $ticket;
}
@@ -786,17 +786,17 @@
/**
* Run the sql query given in $sql.
- * The resource returned by mysql_query is
+ * The resource returned by mysqli_query is
* returned by this function.
*
- * It should be safe to replace every mysql_query
- * call by a mysql_extended_query call.
+ * It should be safe to replace every mysqli_query
+ * call by a mysqli_extended_query call.
*/
function mysql_timed_query($sql)
{
global $sql_data_log;
$query_start = microtime(true);
- $res = mysql_query($sql);
+ $res = mysqli_query($_SESSION['mconn'], $sql);
$query_end = microtime(true);
$sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start);
return $res;
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 4c1bd30..a4728f7 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -69,8 +69,8 @@ google_color_border = "FFFFFF";
<h3 class="pointer" onclick="explode('recom')"><?=_("Advertising")?></h3>
<ul class="menu" id="recom"><?
$query = "select * from `advertising` where `expires`>NOW() and `active`=1";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
echo "<li><a href='$row[link]' target='_blank'>$row[title]</a></li>";
?></ul>
</div>
diff --git a/includes/lib/account.php b/includes/lib/account.php
index e311668..1876d7e 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -54,7 +54,7 @@ function fix_assurer_flag($userID = NULL)
OR `n`.`expire` IS NULL)
) >= 100';
- $query = mysql_query($sql);
+ $query = mysqli_query($_SESSION['mconn'], $sql);
if (!$query) {
return false;
}
@@ -89,10 +89,10 @@ function fix_assurer_flag($userID = NULL)
) < 100
)';
- $query = mysql_query($sql);
+ $query = mysqli_query($_SESSION['mconn'], $sql);
if (!$query) {
return false;
}
return true;
-} \ No newline at end of file
+}
diff --git a/includes/lib/general.php b/includes/lib/general.php
index 85b132d..0bfabd5 100644
--- a/includes/lib/general.php
+++ b/includes/lib/general.php
@@ -32,15 +32,15 @@
function get_user_id_from_cert($serial, $issuer_cn)
{
$query = "select `memid` from `emailcerts` where
- `serial`='".mysql_escape_string($serial)."' and
+ `serial`='".mysql_real_escape_string($serial)."' and
`rootcert`= (select `id` from `root_certs` where
- `Cert_Text`='".mysql_escape_string($issuer_cn)."') and
+ `Cert_Text`='".mysql_real_escape_string($issuer_cn)."') and
`revoked`=0 and disablelogin=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
return intval($row['memid']);
}
@@ -130,7 +130,7 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) {
}
}
- // returns 0 if $userID is an Assurer
+ // returns 0 if $userID is an Assurer
// Otherwise :
// Bit 0 is always set
// Bit 1 is set if 100 Assurance Points are not reached
@@ -139,25 +139,24 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) {
function get_assurer_status($userID)
{
$Result = 0;
- $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
- if(mysql_num_rows($query) < 1)
+ if(mysqli_num_rows($query) < 1)
{
$Result |= 5;
}
- $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
- $row = mysql_fetch_assoc($query);
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
+ $row = mysqli_fetch_assoc($query);
if ($row['points'] < 100) {
$Result |= 3;
}
- $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
- $row = mysql_fetch_assoc($query);
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
+ $row = mysqli_fetch_assoc($query);
if ($row['assurer_blocked'] > 0) {
$Result |= 9;
}
return $Result;
}
- \ No newline at end of file
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 4f9b8e8..0ff24be 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -43,7 +43,7 @@
//session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$uid'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
@@ -69,7 +69,7 @@
//session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],
"select * from `users` where `id`='".$user_id."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
@@ -114,15 +114,15 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b34b2f4..18a7d91 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -18,18 +18,18 @@
function query_init ($query)
{
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
function query_getnextrow ($res)
{
- $row1 = mysql_fetch_assoc($res);
+ $row1 = mysqli_fetch_assoc($res);
return $row1;
}
function query_get_number_of_rows ($resultset)
{
- return intval(mysql_num_rows($resultset));
+ return intval(mysqli_num_rows($resultset));
}
function get_number_of_assurances ($userid)
@@ -102,7 +102,7 @@
function get_user ($userid)
{
$res = query_init ("select * from `users` where `id`='".intval($userid)."'");
- return mysql_fetch_assoc($res);
+ return mysqli_fetch_assoc($res);
}
function get_cats_state ($userid)
@@ -110,7 +110,7 @@
$res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
- return mysql_num_rows($res);
+ return mysqli_num_rows($res);
}
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
@@ -386,7 +386,7 @@
$points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
@@ -403,7 +403,7 @@
$points = 0;
$sumexperience = 0;
$res = get_received_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$fromuser = get_user (intval($row['from']));
calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
@@ -484,7 +484,7 @@
}
$res = get_received_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$points = calc_points ($row);
@@ -497,7 +497,7 @@
}
$res = get_given_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
switch ($row['method'])
{
@@ -636,7 +636,7 @@
// write a new record to the table user_agreement
$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -649,8 +649,8 @@
function get_user_agreement_status($memid, $type="CCA"){
$query="SELECT u.`document` FROM `user_agreements` u
WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
- $res = mysql_query($query);
- if(mysql_num_rows($res) <=0){
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <=0){
return 0;
}else{
return 1;
@@ -670,9 +670,9 @@
$query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) .
" ORDER BY u.`date` Limit 1;";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >0){
- $rec = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >0){
+ $rec = mysqli_fetch_assoc($res);
}else{
$rec=array();
}
@@ -689,9 +689,9 @@
function get_last_user_agreement($memid, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
$query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ;
- $res = mysql_query($query);
- if(mysql_num_rows($res) >0){
- $rec = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >0){
+ $rec = mysqli_fetch_assoc($res);
}else{
$rec=array();
}
@@ -712,7 +712,7 @@
} else {
$filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
}
- mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
+ mysqli_query($_SESSION['mconn'], "delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
}
// functions for 6.php (assure somebody)
@@ -814,7 +814,7 @@
$mailid = intval($mailid);
revoke_all_client_cert($mailid);
$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
function account_domain_delete($domainid){
@@ -825,7 +825,7 @@
//called from account_delete
$domainid = intval($domainid);
revoke_all_server_cert($domainid);
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `domains`
set `deleted`=NOW()
where `id` = '$domainid'");
@@ -847,33 +847,33 @@
{
$password .= substr($pool,(rand()%(strlen ($pool))), 1);
}
- mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
//create new mail for arbitration number
$query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
//set new mail as default
$query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//delete all other email address
$query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
account_email_delete($row['id']);
}
//delete all domains
$query = "select `id` from `domains` where `memid`='".$id."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
account_domain_delete($row['id']);
}
//clear alert settings
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `alerts` set
`general`='0',
`country`='0',
@@ -883,17 +883,17 @@
//set default location
$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//clear listings
$query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//set lanuage to default
//set default language
- mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `language`='en_AU' where `id`='".$id."'");
//delete secondary langugaes
- mysql_query("delete from `addlang` where `userid`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".$id."'");
//change secret questions
for($i=1;$i<=5;$i++){
@@ -905,25 +905,25 @@
$a .= substr($pool,(rand()%(strlen ($pool))), 1);
}
$query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
//change personal information to arbitration number and DOB=1900-01-01
$query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
+ $details = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
`new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
`suffix`='".$arbno."',
`dob`='1900-01-01'
where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//clear all admin and board flags
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `users` set
`assurer`='0',
`assurer_blocked`='0',
@@ -938,7 +938,7 @@
where `id`='$id'");
//block account
- mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ mysqli_query($_SESSION['mconn'], "update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
}
@@ -947,8 +947,8 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$email = mysql_real_escape_string($email);
$query = "select 1 from `email` where `email`='$email' and `deleted`=0";
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
function check_gpg_cert_running($uid,$cca=0){
@@ -960,8 +960,8 @@
}else{
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
}
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
function check_client_cert_running($uid,$cca=0){
@@ -975,10 +975,10 @@
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
- $res = mysql_query($query1);
- $r1 = mysql_num_rows($res)>0;
- $res = mysql_query($query2);
- $r2 = mysql_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query1);
+ $r1 = mysqli_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query2);
+ $r2 = mysqli_num_rows($res)>0;
return !!($r1 || $r2);
}
@@ -1011,10 +1011,10 @@
where `domains`.`memid` = '$uid'
and `revoked`>(NOW()-90*86400)";
}
- $res = mysql_query($query1);
- $r1 = mysql_num_rows($res)>0;
- $res = mysql_query($query2);
- $r2 = mysql_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query1);
+ $r1 = mysqli_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query2);
+ $r2 = mysqli_num_rows($res)>0;
return !!($r1 || $r2);
}
@@ -1022,8 +1022,8 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
$query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
@@ -1035,9 +1035,9 @@
from `emaillink`,`emailcerts` where
`emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres)){
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ while($drow = mysqli_fetch_assoc($dres)){
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
}
}
@@ -1053,10 +1053,10 @@
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$domainid'";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ while($drow = mysqli_fetch_assoc($dres))
{
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
@@ -1069,15 +1069,15 @@
//gpg revokation needs to be added to a later point
$uid=intval($uid);
$query = "select `id` from `email` where `memid`='".$uid."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
revoke_all_client_cert($row['id']);
}
$query = "select `id` from `domains` where `memid`='".$uid."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
revoke_all_server_cert($row['id']);
}
}
diff --git a/pages/account/12.php b/pages/account/12.php
index 9058a07..f597c27 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -46,15 +46,15 @@
}
$query .= "ORDER BY `domaincerts`.`modified` desc";
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['timeleft'] > 0)
$verified = _("Valid");
diff --git a/pages/account/13.php b/pages/account/13.php
index 08f325d..9e55862 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -17,8 +17,8 @@
*/ ?>
<?
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
- $res = mysql_query($query);
- $user = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $user = mysqli_fetch_assoc($res);
$year = intval(substr($user['dob'], 0, 4));
$month = intval(substr($user['dob'], 5, 2));
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..09df503 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -21,14 +21,14 @@
$query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
`domains`.`memid`='".intval($_SESSION['profile']['id'])."' and
`domains`.`id`=`domaincerts`.`domid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
?>
diff --git a/pages/account/18.php b/pages/account/18.php
index 9ab13b2..77c4b97 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -37,9 +37,9 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
from `org`, `orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
ORDER BY `orginfo`.`O` ";
- $reso = mysql_query($query);
- if(mysql_num_rows($reso) >= 1){
- while($row = mysql_fetch_assoc($reso)){
+ $reso = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($reso) >= 1){
+ while($row = mysqli_fetch_assoc($reso)){
printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
}
}?>
@@ -105,8 +105,8 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc";
break;
}
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
@@ -115,7 +115,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
</tr>
<? } else {
$orgname='';
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if ($row['O']<>$orgname) {
$orgname=$row['O'];?>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..3e3478d 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -21,15 +21,15 @@
$query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
diff --git a/pages/account/2.php b/pages/account/2.php
index 36421f9..0894dd0 100644
--- a/pages/account/2.php
+++ b/pages/account/2.php
@@ -28,8 +28,8 @@
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
if($row['hash'] == "")
$verified = _("Verified");
diff --git a/pages/account/22.php b/pages/account/22.php
index 0413da0..6bc0b4d 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -37,9 +37,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
from `org`, `orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
ORDER BY `orginfo`.`O` ";
- $reso = mysql_query($query);
- if(mysql_num_rows($reso) >= 1){
- while($row = mysql_fetch_assoc($reso)){
+ $reso = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($reso) >= 1){
+ while($row = mysqli_fetch_assoc($reso)){
printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
}
}?>
@@ -107,8 +107,8 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
@@ -116,7 +116,7 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
</tr>
<? } else {
$orgname='';
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if ($row['O']<>$orgname) {
$orgname=$row['O'];?>
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..f8c7a9b 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -21,14 +21,14 @@
$query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgdomaincerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname`;
?>
diff --git a/pages/account/25.php b/pages/account/25.php
index a70f608..8241852 100644
--- a/pages/account/25.php
+++ b/pages/account/25.php
@@ -54,13 +54,13 @@
// Safe because $order_by only contains fixed strings
$query = sprintf("select * from `orginfo` ORDER BY %s", $order_by);
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
- $admincount = mysql_num_rows($r2);
- $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
- $domcount = mysql_num_rows($r2);
+ $r2 = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='".intval($row['id'])."'");
+ $admincount = mysqli_num_rows($r2);
+ $r2 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+ $domcount = mysqli_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
diff --git a/pages/account/26.php b/pages/account/26.php
index f8b195d..99a2bd2 100644
--- a/pages/account/26.php
+++ b/pages/account/26.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
@@ -30,8 +30,8 @@
</tr>
<?
$query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td>
diff --git a/pages/account/27.php b/pages/account/27.php
index a1086d4..9b229d4 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/28.php b/pages/account/28.php
index 1212f9c..7d7f7aa 100644
--- a/pages/account/28.php
+++ b/pages/account/28.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/29.php b/pages/account/29.php
index 4229b3b..2132826 100644
--- a/pages/account/29.php
+++ b/pages/account/29.php
@@ -17,9 +17,9 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/3.php b/pages/account/3.php
index 7e34300..2684631 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -37,8 +37,8 @@
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
diff --git a/pages/account/30.php b/pages/account/30.php
index 04ad229..8cf1a03 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -17,9 +17,9 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/31.php b/pages/account/31.php
index 9f3d27e..033d177 100644
--- a/pages/account/31.php
+++ b/pages/account/31.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<form method="post" action="account.php">
diff --git a/pages/account/32.php b/pages/account/32.php
index a05c927..6bb92ce 100644
--- a/pages/account/32.php
+++ b/pages/account/32.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
<tr>
@@ -32,10 +32,10 @@
</tr>
<?
$query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['memid'])."'"));
?>
<tr>
<td class="DataTD"><a href='mailto:<?=sanitizeHTML($user['email'])?>'><?=sanitizeHTML($user['fname'])?> <?=sanitizeHTML($user['lname'])?></a></td>
diff --git a/pages/account/33.php b/pages/account/33.php
index 9e2f67a..a8f894b 100644
--- a/pages/account/33.php
+++ b/pages/account/33.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
// Reset session variables regarding OrgAdmin's, present empty form
if (array_key_exists('email',$_SESSION['_config'])) $_SESSION['_config']['email']="";
diff --git a/pages/account/34.php b/pages/account/34.php
index b11bc7d..5c6c8b8 100644
--- a/pages/account/34.php
+++ b/pages/account/34.php
@@ -17,11 +17,11 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/35.php b/pages/account/35.php
index 05c7f2b..64f62e1 100644
--- a/pages/account/35.php
+++ b/pages/account/35.php
@@ -24,8 +24,8 @@ $query = "select *
where `orginfo`.`id`=`org`.`orgid`
and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-$res = mysql_query($query);
-while($row = mysql_fetch_assoc($res))
+$res = mysqli_query($_SESSION['mconn'], $query);
+while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
@@ -55,8 +55,8 @@ while($row = mysql_fetch_assoc($res))
//domain info
$query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'";
- $res1 = mysql_query($query);
- while($domain = mysql_fetch_assoc($res1))
+ $res1 = mysqli_query($_SESSION['mconn'], $query);
+ while($domain = mysqli_fetch_assoc($res1))
{
?>
<tr>
@@ -76,10 +76,10 @@ while($row = mysql_fetch_assoc($res))
//org admins
$query = "select * from `org` where `orgid`='".intval($row['id'])."'";
- $res2 = mysql_query($query);
- while($org = mysql_fetch_assoc($res2))
+ $res2 = mysqli_query($_SESSION['mconn'], $query);
+ while($org = mysqli_fetch_assoc($res2))
{
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($org['memid'])."'"));
?>
<tr>
<td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..2cd490b 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -54,10 +54,10 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
</tr>
<?
$query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
@@ -70,8 +70,8 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
<td class="DataTD"><select name="addlang">
<?
$query = "select * from `languages` order by `locale`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
printf("<option value=\"%s\">[%s] %s (%s)</option>\n",
sanitizeHTML($row['locale']),
diff --git a/pages/account/43.php b/pages/account/43.php
index 53b24d3..c2689d1 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -21,13 +21,13 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
{
- $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
$row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ $res = mysqli_query($_SESSION['mconn'], "select `to` from `notary` where `id`='$assurance'");
if ($res) {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
}
- mysql_query("delete from `notary` where `id`='$assurance'");
+ mysqli_query($_SESSION['mconn'], "delete from `notary` where `id`='$assurance'");
if ($row) {
fix_assurer_flag($row['to']);
}
@@ -37,7 +37,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -63,8 +63,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 1) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
@@ -74,24 +74,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Email")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<? } ?>
</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+<? } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), sanitizeHTML($email));
@@ -102,16 +102,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
{
$userid = intval($_REQUEST['userid']);
$query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
+ $alerts = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($row['id'])."'"));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -302,15 +302,15 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
</table>
<br><?
$query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
- and `email`!='".mysql_escape_string($row['email'])."'";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
+ and `email`!='".mysql_real_escape_string($row['email'])."'";
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
</tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
+ $rc = mysqli_num_rows($dres);
+ while($drow = mysqli_fetch_assoc($dres))
{ ?>
<tr>
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
@@ -321,14 +321,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<br><? } ?>
<?
$query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Verified Domains")?></td>
</tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
+ $rc = mysqli_num_rows($dres);
+ while($drow = mysqli_fetch_assoc($dres))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
@@ -379,7 +379,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
4. users.email = primary-email
--- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
and `deleted`=0
=> requirements
1. users.deleted = 0
@@ -416,8 +416,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// current userid intval($row['id'])
$query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$uemail = $drow['uemail'];
$udeleted = $drow['udeleted'];
$uverified = $drow['verified'];
@@ -427,16 +427,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
where `memid`='".intval($row['id'])."' and
`email` ='".$uemail."' and
`deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ if ($drow = mysqli_fetch_assoc($dres)) {
$drow['edeleted'] = 0;
} else {
// try if there are deleted entries
$query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
where `memid`='".intval($row['id'])."' and
`email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
}
if ($drow) {
@@ -513,8 +513,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -529,8 +529,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
where `domains`.`memid` = '".intval($row['id'])."'
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
@@ -538,8 +538,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
@@ -547,8 +547,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -571,8 +571,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
from `emailcerts`
where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -586,24 +586,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
where `memid` = '".intval($row['id'])."'
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -626,8 +626,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
from `gpg`
where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -640,16 +640,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
from `gpg`
where `memid` = '".intval($row['id'])."'
and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `gpg`
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
?>
@@ -675,8 +675,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -691,8 +691,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
@@ -700,8 +700,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
@@ -709,8 +709,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -735,8 +735,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -751,8 +751,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
@@ -760,8 +760,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
@@ -769,8 +769,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -829,11 +829,11 @@ function showassuredto()
</tr>
<?
$query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
$points = 0;
- while($drow = mysql_fetch_assoc($dres))
+ while($drow = mysqli_fetch_assoc($dres))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['from'])."'"));
$points += $drow['points'];
?>
<tr>
@@ -875,11 +875,11 @@ function showassuredby()
</tr>
<?
$query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
$points = 0;
- while($drow = mysql_fetch_assoc($dres))
+ while($drow = mysqli_fetch_assoc($dres))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".$drow['to']."'"));
$points += $drow['points'];
?>
<tr>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..a565811 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,7 +19,7 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+ $domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain']));
if(!strstr($domain, "%"))
$domainsearch = "%$domain%";
if(preg_match("/^\d+$/",$domain))
@@ -30,32 +30,32 @@
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['domid']?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<tr>
- <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<? } ?>
</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+<? } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -66,32 +66,32 @@
}
$query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<tr>
- <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<? } ?>
</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+<? } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/5.php b/pages/account/5.php
index 934ca0c..0729e7a 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -52,15 +52,15 @@
$query .= " HAVING `timeleft` > 0 ";
$query .= " ORDER BY `emailcerts`.`modified` desc";
// echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['timeleft'] > 0)
$verified = _("Valid");
diff --git a/pages/account/51.php b/pages/account/51.php
index 7273840..d0b8367 100644
--- a/pages/account/51.php
+++ b/pages/account/51.php
@@ -19,13 +19,13 @@
<?
$uid = intval($_GET['photoid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0) { ?>
<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo _("This UID has already been voted on.");
} else {
diff --git a/pages/account/52.php b/pages/account/52.php
index 77a3bae..3f77077 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -19,14 +19,14 @@
<?
$uid = intval($_GET['uid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$memid = intval($row['memid']);
$query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query2));
if($rc2 > 0)
{
showheader(_("My CAcert.org Account!"));
@@ -36,9 +36,9 @@
}
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
- $notary = mysql_fetch_assoc(mysql_query($query));
+ $notary = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `users` where `id`='$memid'";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '')
$tobe = 150 - $notary['points'];
@@ -67,27 +67,27 @@
</form>
<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo _("This UID has already been voted on.")."<br/>";
} else {
if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
}
-
+
// Search for open requests:
$query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
- $uid=intval($row['id']);
+ $uid=intval($row['id']);
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
+ $rc3 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query3));
if($rc3 <= 0)
- {
+ {
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
}
}
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..73cf7a2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
@@ -29,7 +29,7 @@
if($regid > 0)
{
- $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&amp;regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;regid=$regid'>"._("Add")."</a>\n".
$display;
@@ -38,7 +38,7 @@
if($ccid > 0)
{
- $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'"));
+ $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='$ccid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&amp;ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;ccid=$ccid'>"._("Add")."</a>\n".
$display;
@@ -51,16 +51,16 @@
{
echo "<ul>\n";
$query = "select * from `countries` order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
echo "<li><a href='account.php?id=53&amp;ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif($regid <= 0) {
echo "<ul>\n";
$query = "select * from `regions` where `ccid`='$ccid' order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=edit&amp;id=54&regid=".intval($row['id'])."'>"._("edit")."</a> |";
echo " <a href='account.php?action=delete&amp;id=53&regid=".intval($row['id'])."'";
@@ -74,11 +74,11 @@
if($town != "")
{
$query = "select * from `locations` where `regid`='$regid' and `name` < '$town'";
- $start = mysql_num_rows(mysql_query($query));
+ $start = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
}
$query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=move&amp;id=54&amp;locid=".intval($row['id'])."'>"._("move")."</a> |";
echo " <a href='account.php?action=aliases&amp;id=54&amp;locid=".intval($row['id'])."'>"._("aliases")."</a> |";
@@ -89,7 +89,7 @@
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
$st="";$prev="";$end="";$next="";
- $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `locations` where `regid`='$regid'"));
if($start > 0)
{
$prev = $start - $limit;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..c06ce5f 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
@@ -41,7 +41,7 @@
</form>
<? } if($regid > 0 && $_REQUEST['action'] == "edit") {
$query = "select * from `regions` where `id`='$regid' order by `name`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$name = $row['name'];
?>
<form method="post" action="account.php">
@@ -89,7 +89,7 @@
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "edit") {
$query = "select * from `locations` where `id`='$locid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
if($name == "")
$name = $row['name'];
@@ -125,8 +125,8 @@
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {
$query = "select * from `localias` where `locid`='".intval($locid)."'";
- $res = mysql_query($query);
- $rc = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $rc = mysqli_num_rows($res);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -143,7 +143,7 @@
</td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
@@ -169,7 +169,7 @@ document.getElementById("display1").style.display = "none";
</script>
<? } if($locid > 0 && $_REQUEST['action'] == "move") {
$query = "select * from `locations` where `id`='$locid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$newreg = $_REQUEST['newreg'] = $row['regid'];
?>
<form method="post" action="account.php">
@@ -186,8 +186,8 @@ document.getElementById("display1").style.display = "none";
<td class="DataTD"><select name="newreg">
<?
$query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<option value='".intval($row['id'])."'";
if($_REQUEST['newreg'] == $row['id'])
diff --git a/pages/account/55.php b/pages/account/55.php
index ec401a0..57d1951 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -31,12 +31,12 @@
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -61,10 +61,10 @@
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
" ORDER BY `CP`.`pass_date`";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
+ while($row = mysqli_fetch_array($res, MYSQL_NUM))
{
if ($row[1] == "Assurer Challenge") {
$HaveTest=1;
@@ -89,11 +89,11 @@
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
if (!$res) {
print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
} else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
+ $row = mysqli_fetch_array($res, MYSQL_NUM);
if ($HaveTest && ($row[2]>=100)) {
if (!$row[1]) {
// This should not happen...
diff --git a/pages/account/56.php b/pages/account/56.php
index 348cc49..22ec692 100644
--- a/pages/account/56.php
+++ b/pages/account/56.php
@@ -25,8 +25,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
</tr>
<?
$query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
diff --git a/pages/account/57.php b/pages/account/57.php
index 76eee27..3868fa3 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -25,12 +25,12 @@
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
diff --git a/pages/account/58.php b/pages/account/58.php
index 1f6b1a0..4c06fa9 100644
--- a/pages/account/58.php
+++ b/pages/account/58.php
@@ -21,19 +21,19 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1){
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1){
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- if ($row = mysql_fetch_assoc($res)){
+ if ($row = mysqli_fetch_assoc($res)){
$username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
$query = "select `orginfo`.`o`, `org`.`masteracc`
FROM `orginfo`, `org`
WHERE `orginfo`.`id` = `org`.`orgid`
AND `org`.`memid`='$user_id' order by `orginfo`.`o`";
- $res1 = mysql_query($query);?>
+ $res1 = mysqli_query($_SESSION['mconn'], $query);?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
- if (mysql_num_rows($res1) <= 0) {?>
+ if (mysqli_num_rows($res1) <= 0) {?>
<tr>
<td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
</tr>
@@ -45,7 +45,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
<td class="DataTD"><b><?=_('Organisation')?></b></td>
<td class="DataTD"><b><?=_('Masteraccount')?></b></td>
</tr><?
- while($drow = mysql_fetch_assoc($res1)){?>
+ while($drow = mysqli_fetch_assoc($res1)){?>
<tr>
<td class="DataTD"><?=$drow['o']?></td>
<td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td>
diff --git a/pages/account/6.php b/pages/account/6.php
index 8455499..7465ad6 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -39,14 +39,14 @@ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
where `emailcerts`.`id`='$certid' and
`emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
-$res = mysql_query($query);
-if(mysql_num_rows($res) <= 0) {
+$res = mysqli_query($_SESSION['mconn'], $query);
+if(mysqli_num_rows($res) <= 0) {
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
-$row = mysql_fetch_assoc($res);
+$row = mysqli_fetch_assoc($res);
if (array_key_exists('format', $_REQUEST)) {
diff --git a/pages/account/9.php b/pages/account/9.php
index 1be45f5..8d207ee 100644
--- a/pages/account/9.php
+++ b/pages/account/9.php
@@ -27,15 +27,15 @@
<?
$query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['hash'] == "")
$verified = _("Verified");
diff --git a/pages/advertising/0.php b/pages/advertising/0.php
index 0404a5e..5a2db04 100644
--- a/pages/advertising/0.php
+++ b/pages/advertising/0.php
@@ -24,13 +24,13 @@
{
$approve = intval($_REQUEST['approve']);
$query = "select * from `advertising` where `id`='$approve' and `expires`='0000-00-00 00:00:00'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
$query = "update `advertising` set `expires`='$end', `active`=1, `approvedby`='".$_SESSION['profile']['id']."' where `id`='$approve'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
echo "<p>The ad was approved and is now active.</p>\n";
}
}
@@ -38,13 +38,13 @@
{
$deactive = intval($_REQUEST['deactive']);
$query = "select * from `advertising` where `id`='$deactive'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
$query = "update `advertising` set `active`=0 where `id`='$deactive'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
echo "<p>The ad was deactivated and is now inactive.</p>\n";
}
}
@@ -69,8 +69,8 @@
$query .= "and `active`=1 having `timeleft` > 0 ";
$query .= "order by `id` desc";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
if($row['expires'] == "0000-00-00 00:00:00")
$status = "Pending";
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index cc8a872..7fe9eab 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -33,15 +33,15 @@
`expire` as `expires`, `id`, `level`,
`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['timeleft'] > 0)
$verified = _("Valid");
diff --git a/pages/gpg/3.php b/pages/gpg/3.php
index d9f54fb..d33242f 100644
--- a/pages/gpg/3.php
+++ b/pages/gpg/3.php
@@ -18,14 +18,14 @@
<?
$certid = intval($_REQUEST['cert']);
$query = "select * from `gpg` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such OpenPGP key attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
?>
<h3><?=_("Below is your OpenPGP key")?></h3>
<pre>
diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..913e57d 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+ $res=mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(acount) as summe from countries"));
$total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -29,7 +29,7 @@
$display = "";
if($locid > 0)
{
- $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='".$locid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&locid=".$locid."'>".$loc['name']." ("._("Listed").": ".$loc['acount'].")</a>\n".
$display;
@@ -38,7 +38,7 @@
if($regid > 0)
{
- $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
+ $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='".$regid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&regid=".$regid."'>".$reg['name']." ("._("Listed").": ".$reg['acount'].")</a>\n".
$display;
@@ -47,7 +47,7 @@
if($ccid > 0)
{
- $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
+ $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='".$ccid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&ccid=".$ccid."'>".$cnt['name']." ("._("Listed").": ".$cnt['acount'].")</a>\n".
$display;
@@ -60,8 +60,8 @@
{
echo "<ul>\n";
$query = "select * from countries where acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&ccid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -69,8 +69,8 @@
} elseif($ccid > 0 && $regid <= 0 && $locid <= 0) {
echo "<ul>\n";
$query = "select * from regions where ccid='".$ccid."' and acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&regid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -78,8 +78,8 @@
} elseif($regid > 0 && $locid <= 0) {
echo "<ul>\n";
$query = "select * from locations where regid='".$regid."' and acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&locid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -93,8 +93,8 @@
`ccid`='".$ccid."' and `regid`='".$regid."' and
`locid`='".$locid."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
- $list = mysql_query($query);
- if(mysql_num_rows($list) > 0)
+ $list = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($list) > 0)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550">
@@ -106,7 +106,7 @@
<td class="title"><?=_("Assurer Challenge")?></td>
</tr>
-<? while($row = mysql_fetch_assoc($list)) { ?>
+<? while($row = mysqli_fetch_assoc($list)) { ?>
<tr>
<td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..685b90f 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -28,8 +28,8 @@
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$rc = intval($row['list']);
/*
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
@@ -40,7 +40,7 @@
inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
- $rank = mysql_num_rows(mysql_query($query)) + 1;
+ $rank = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) + 1;
?>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td>
</tr>
@@ -65,10 +65,10 @@
</tr>
<?
$query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
@@ -115,10 +115,10 @@ if ($thawte)
<?
$points = 0;
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['to'])."'"));
$points += $row['points'];
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
diff --git a/pages/wot/12.php b/pages/wot/12.php
index a0bbf50..c5d505c 100644
--- a/pages/wot/12.php
+++ b/pages/wot/12.php
@@ -65,26 +65,26 @@ document.f.location.focus();
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysql_real_escape_string($bits['0']));
+ $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1']));
+ $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
- if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0)
{
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
- if(mysql_num_rows($res) <= 0)
+ if(mysqli_num_rows($res) <= 0)
die(_("Unable to find suitable location"));
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['location'] = $row['locid'];
}
@@ -92,7 +92,7 @@ document.f.location.focus();
$locid = intval($_REQUEST['location']);
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
if($maxdist <= 10)
{
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) *
@@ -108,7 +108,7 @@ document.f.location.focus();
`users`.`assurer` = 1 AND `users`.`listme` = 1 HAVING `distance` <= '$maxdist' ORDER BY `distance` LIMIT 50";
//echo $query;
}
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700">
<tr>
<td class="title"><?=_("Name")?></td>
@@ -117,7 +117,7 @@ document.f.location.focus();
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td>
</tr>
-<? while($row = mysql_fetch_assoc($res))
+<? while($row = mysqli_fetch_assoc($res))
{
$points = maxpoints($row['uid']);
if($points > 35)
diff --git a/pages/wot/13.php b/pages/wot/13.php
index eac7e18..299ab46 100644
--- a/pages/wot/13.php
+++ b/pages/wot/13.php
@@ -21,40 +21,40 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysql_real_escape_string($bits['0']));
+ $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1']));
+ $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
- if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0)
{
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
- if(mysql_num_rows($res) <= 0)
+ if(mysqli_num_rows($res) <= 0)
die("Unable to find suitable location");
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['location'] = $row['locid'];
}
$locid = intval($_REQUEST['location']);
$query = "select * from `locations` where `id`='$locid'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $loc = mysql_fetch_assoc($res);
+ $loc = mysqli_fetch_assoc($res);
$_SESSION['profile']['ccid'] = $loc['ccid'];
$_SESSION['profile']['regid'] = $loc['regid'];
$_SESSION['profile']['locid'] = $loc['id'];
$query = "update `users` set `locid`='$loc[id]', `regid`='$loc[regid]', `ccid`='$loc[ccid]' where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
echo "<p>"._("Your location has been updated")."</p>\n";
} else {
echo "<p>"._("I was unable to match your location with places in my database.")."</p>\n";
@@ -62,14 +62,14 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
}
$query = "select `name` from `locations` where `id`='".$_SESSION['profile']['locid']."'";
- $res = mysql_query($query);
- $loc = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $loc = mysqli_fetch_assoc($res);
$query = "select `name` from `regions` where `id`='".$_SESSION['profile']['regid']."'";
- $res = mysql_query($query);
- $reg = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $reg = mysqli_fetch_assoc($res);
$query = "select `name` from `countries` where `id`='".$_SESSION['profile']['ccid']."'";
- $res = mysql_query($query);
- $cc = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $cc = mysqli_fetch_assoc($res);
?>
<script language="javascript" src="/ac.js"></script>
<script language="javascript">
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..931a773 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -19,15 +19,15 @@
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
+ if(mysqli_num_rows($res) <= 0)
{
echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer.");
} else {
- $user = mysql_fetch_array($res);
+ $user = mysqli_fetch_array($res);
$userlang = $user['language'];
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0)
{
@@ -55,10 +55,10 @@
<? } ?>
<?
$query = "select * from `addlang` where `userid`='".$user['id']."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+ $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='${row['lang']}'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/scripts/consistence.php b/scripts/consistence.php
index 8d6b39b..9ded540 100755
--- a/scripts/consistence.php
+++ b/scripts/consistence.php
@@ -22,81 +22,81 @@
if(0)
{
$query = "select locations.id from locations, regions where locations.regid=regions.id and locations.ccid!=regions.ccid;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update users set `assurer`='1' where `id`='${row['uid']}'";
echo "inconsistence in location ".$row['locations.id']."\n";
- //mysql_query($query);
+ //mysqli_query($_SESSION['mconn'], $query);
}
}
if(0)
{
$query = "select id from locations where regid<1 or ccid<1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
//$query = "update users set `assurer`='1' where `id`='${row['uid']}'";
echo "inconsistence in location ".$row['id']."\n";
- //mysql_query($query);
+ //mysqli_query($_SESSION['mconn'], $query);
}
}
if(1)
{
$query = "select users.id, locations.regid from users inner join locations on users.locid=locations.id where users.regid!=locations.regid or users.ccid!=locations.ccid;";
- $res = mysql_query($query);
- echo mysql_error();
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ echo mysqli_error();
+ while($row = mysqli_fetch_assoc($res))
{
echo "inconsistence in user #".$row['id']."\n";
$query = "update users set regid=".$row['regid']." where `id`=".$row['id'].";";
echo "query: $query\n";
- if($row['regid']=="1182") mysql_query($query);
+ if($row['regid']=="1182") mysqli_query($_SESSION['mconn'], $query);
}
}
exit();
- mysql_query("update `locations` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0");
$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1
GROUP BY `users`.`locid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `regions` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0");
$query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1
GROUP BY `users`.`regid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `countries` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0");
$query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1
GROUP BY `users`.`ccid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
diff --git a/scripts/country.php b/scripts/country.php
index 0c5fc4f..7e0939c 100755
--- a/scripts/country.php
+++ b/scripts/country.php
@@ -20,8 +20,8 @@
include_once("../includes/mysql.php");
$query = "select * from `users` where ccid=13 OR email like '%.at'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['id']." ccid: ".$row['ccid'].")\n";
}
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
index ca95f18..8f3a6c9 100755
--- a/scripts/cron/permissionreview.php
+++ b/scripts/cron/permissionreview.php
@@ -117,11 +117,11 @@ $adminlist = array();
foreach ($flags as $flag => $flag_properties) {
$flagname = explode('=', $flag, 2 );
$query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'";
- if(! $res = mysql_query($query) ) {
+ if(! $res = mysqli_query($_SESSION['mconn'], $query) ) {
fwrite(STDERR,
"MySQL query for flag $flag failed:\n".
"\"$query\"\n".
- mysql_error()
+ mysqli_error()
);
continue;
@@ -129,7 +129,7 @@ foreach ($flags as $flag => $flag_properties) {
$adminlist[$flag] = array();
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
$adminlist[$flag][] = $row;
}
diff --git a/scripts/cron/removedead.php b/scripts/cron/removedead.php
index f473788..b2653c9 100755
--- a/scripts/cron/removedead.php
+++ b/scripts/cron/removedead.php
@@ -23,51 +23,51 @@
$query = "select * from `users` where `users`.`verified`=0 and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("delete from `email` where `memid`='".$row['id']."'");
- mysql_query("delete from `users` where `id`='".$row['id']."'");
+ mysqli_query($_SESSION['mconn'], "delete from `email` where `memid`='".$row['id']."'");
+ mysqli_query($_SESSION['mconn'], "delete from `users` where `id`='".$row['id']."'");
delete_user_agreement($row['id']);
}
$query = "delete from `domains` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `email` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `disputedomain` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `disputeemail` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
// the folloing part is presently not used as there is no running programme that uses temporary increase
// in case that there is a new one the procedure needs a rework regarding the point claculation
/*
$query = "select * from `notary` where `expire`!=0 and `expire`<NOW()";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "select sum(`points`) as `points` from `notary` where `to`='$row[to]' and `expire`=0 group by `to`";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
if($drow['points'] >= 150)
{
$query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'";
} else {
$newpoints = 150 - $drow['points'];
$query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "insert into `notary` set `expire`=0, `points`='$newpoints', `to`='$row[to]', `from`='$row[from]', `when`=NOW(), `method`='Administrative Increase', `date`=NOW()";
}
- $data = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[to]'"));
+ $data = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$row[to]'"));
$body = sprintf("%s %s (%s) had a temporary increase, but this has just expired and they have been reduced to 150 points.", $data['fname'], $data['lname'], $data['email'])."\n\n";
sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Expired.", $body, "website@cacert.org", "", "", "CAcert Website");
@@ -84,7 +84,7 @@
sendmail($data['email'], "[CAcert.org] "._("Temporary points increase has expired."), $body, "support@cacert.org", "", "", "CAcert Website");
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
fix_assurer_flag($row[to]);
}
*/
diff --git a/scripts/cron/updatesort.php b/scripts/cron/updatesort.php
index 051b179..7e1e18f 100755
--- a/scripts/cron/updatesort.php
+++ b/scripts/cron/updatesort.php
@@ -26,44 +26,44 @@
}
- mysql_query("update `locations` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0");
$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1
GROUP BY `users`.`locid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `regions` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0");
$query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1
GROUP BY `users`.`regid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `countries` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0");
$query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1
GROUP BY `users`.`ccid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
diff --git a/scripts/gpgcheck3.php b/scripts/gpgcheck3.php
index a6f6097..57e380f 100644
--- a/scripts/gpgcheck3.php
+++ b/scripts/gpgcheck3.php
@@ -68,17 +68,17 @@ function csvize($str) {
}
mb_regex_encoding("UTF-8");
- $res = mysql_query("SELECT id, memid FROM gpg WHERE crt != ''");
+ $res = mysqli_query($_SESSION['mconn'], "SELECT id, memid FROM gpg WHERE crt != ''");
if (!$res) {
echo "Query FROM gpg failed!\n";
exit;
}
$keys = array();
- while ($row = mysql_fetch_row($res)) {
+ while ($row = mysqli_fetch_row($res)) {
array_push($keys, $row);
}
- mysql_free_result($res);
+ mysqli_free_result($res);
foreach ($keys as $key) {
$crt = "../crt/gpg-" . $key[0] . ".crt";
@@ -87,28 +87,28 @@ function csvize($str) {
continue;
}
- $res = mysql_query("SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]);
+ $res = mysqli_query($_SESSION['mconn'], "SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]);
if (!$res) {
echo "Query FROM users failed!\n";
exit;
}
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
if (!$user) {
echo "User #" . $key[1] . " not found?!\n";
continue;
}
- mysql_free_result($res);
+ mysqli_free_result($res);
- $res = mysql_query("SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]);
+ $res = mysqli_query($_SESSION['mconn'], "SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]);
if (!$res) {
echo "Query FROM email failed!\n";
exit;
}
$addrs = array();
- while ($addr = mysql_fetch_row($res)) {
+ while ($addr = mysqli_fetch_row($res)) {
array_push($addrs, $addr[0]);
}
- mysql_free_result($res);
+ mysqli_free_result($res);
$gpg = `gpg --with-colons --homedir /tmp $crt 2>/dev/null`;
//echo "gpg says\n".htmlspecialchars($gpg);
diff --git a/scripts/gpgfillmissingkeyid.php b/scripts/gpgfillmissingkeyid.php
index 8c5ce4a..c916ff5 100644
--- a/scripts/gpgfillmissingkeyid.php
+++ b/scripts/gpgfillmissingkeyid.php
@@ -27,7 +27,7 @@ function csvize($str)
mb_regex_encoding("UTF-8");
echo "Seaching ...\n";
- $res = mysql_query("SELECT * FROM gpg WHERE crt != '' and keyid is null");
+ $res = mysqli_query($_SESSION['mconn'], "SELECT * FROM gpg WHERE crt != '' and keyid is null");
if (!$res) {
echo "Query FROM gpg failed!\n";
exit;
@@ -35,7 +35,7 @@ echo "Seaching ...\n";
echo "Found:\n";
$keys = array();
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
echo "ID: ".$row["id"]."\n";
$crt=$row["crt"];
@@ -54,8 +54,7 @@ echo "Found:\n";
echo "laenge: ".strlen($bits[4])."\n";
if($row[id]>=1 && $row[id]<=100000 && strlen($bits[4])==16)
{
- mysql_query("update gpg set keyid='$bits[4]' where id=$row[id]\n");
-
+ mysqli_query($_SESSION['mconn'], "update gpg set keyid='$bits[4]' where id=$row[id]\n");
}
}
$match = false;
@@ -67,7 +66,7 @@ echo "Found:\n";
}
echo "Done\n";
- mysql_free_result($res);
+ mysqli_free_result($res);
?>
diff --git a/scripts/scanforexponents.php b/scripts/scanforexponents.php
index 7136723..ed175e7 100755
--- a/scripts/scanforexponents.php
+++ b/scripts/scanforexponents.php
@@ -52,15 +52,15 @@
`emailcerts`.`created` as `created`,`emailcerts`.`revoked` as `revoked`,
`emailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `emailcerts`,`users` where `emailcerts`.`id`='$id' and `users`.`id`=`emailcerts`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "orgclient") {
$query = "select `memid`,`serial`,`CN`,`subject`,`keytype`,`orgemailcerts`.`codesign` as `codesign`,`crt_name`,
@@ -68,15 +68,15 @@
`orgemailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `orgemailcerts`,`org`,`users` where `orgemailcerts`.`id`='$id' and
`orgemailcerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "server") {
$query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`,
@@ -84,15 +84,15 @@
`domaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `domaincerts`,`domains`,`users` where `domaincerts`.`id`='$id' and
`domains`.`id`=`domaincerts`.`domid` and `users`.`id`=`domains`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "orgserver") {
$query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`,
@@ -100,15 +100,15 @@
`orgdomaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `orgdomaincerts`,`org`,`users` where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else {
echo "$file: $do\n";
diff --git a/stamp/common.php b/stamp/common.php
index ff814dd..3ef644a 100644
--- a/stamp/common.php
+++ b/stamp/common.php
@@ -31,10 +31,10 @@
$stampid = 0;
$query = "select * from `stampcache` where `hostname`='$ref'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['cacheexpire'] >= date("U"))
return(array($row['valid'], $row));
else {
@@ -46,13 +46,13 @@
$query = "select * from `orgdomaincerts` where `id`='$row[certid]' and `expire`>NOW() and `revoked`=0";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
return(array($row['valid'], $row));
}
}
@@ -68,8 +68,8 @@
group by `domaincerts`.`id` order by `domaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
@@ -88,8 +88,8 @@
group by `domaincerts`.`id` order by `domaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
@@ -101,8 +101,8 @@
group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$invalid = 1;
} else {
@@ -113,15 +113,15 @@
if($invalid == 0)
{
- $cert = mysql_fetch_assoc($res);
+ $cert = mysqli_fetch_assoc($res);
if($org == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
- $orgi = mysql_fetch_assoc(mysql_query($query));
+ $orgi = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
}
if($stampid <= 0)
@@ -134,12 +134,12 @@
`expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
`O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else if($stampid > 0) {
- mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
+ mysqli_query($_SESSION['mconn'], "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
} else {
$query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref,
diff --git a/stamp/report.php b/stamp/report.php
index 519aa3a..897d246 100644
--- a/stamp/report.php
+++ b/stamp/report.php
@@ -54,9 +54,9 @@
{
$IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR']));
$iplong = ip2long($IP);
- mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
+ mysqli_query($_SESSION['mconn'], "insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
`comment`='$comment', `reason`='$reason'");
- $id = mysql_insert_id();
+ $id = mysqli_insert_id();
$body = "New Abuse Report has been lodged via the the Stamp Interface:\n\n";
$body .= "Reported ID: $id\n";
diff --git a/tverify/index.php b/tverify/index.php
index 8976341..35ae930 100644
--- a/tverify/index.php
+++ b/tverify/index.php
@@ -49,13 +49,13 @@
if($id == 1)
{
- $email = mysql_escape_string(trim($_REQUEST["email"]));
- $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"])));
- $URL = mysql_escape_string(trim($_REQUEST["notaryURL"]));
- $CN = mysql_escape_string($_SESSION['_config']['CN']);
+ $email = mysql_real_escape_string(trim($_REQUEST["email"]));
+ $password = mysql_real_escape_string(stripslashes(trim($_REQUEST["pword"])));
+ $URL = mysql_real_escape_string(trim($_REQUEST["notaryURL"]));
+ $CN = mysql_real_escape_string($_SESSION['_config']['CN']);
$memid = intval($_SESSION['_config']['uid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
- $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'"));
+ $tmp = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `points` from `notary` where `to`='$memid'"));
if($URL != "" && $nofile == 0)
$max = 150;
@@ -88,21 +88,21 @@
{
$query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and
(`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))";
- if(mysql_num_rows(mysql_query($query)) <= 0)
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) <= 0)
{
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details (password) to your certificate to an account on this system.");
$id = 0;
} else {
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
- mysql_query($query);
- $tverify = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $tverify = mysqli_insert_id();
if($nofile == 0)
{
$filename = $photoid['tmp_name'];
- $newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
+ $newfile = mysql_real_escape_string('/www/photoid/'.$tverify.".".$ext);
move_uploaded_file($filename, $newfile);
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
}
}
@@ -125,12 +125,12 @@
{
if($points > 0)
{
- mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+ mysqli_query($_SESSION['mconn'], "insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
`method`='Thawte Points Transfer', `when`=NOW()");
fix_assurer_flag($memid);
}
$totalpoints = intval($tmp['points']) + $points;
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
+ mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$tverify'");
$body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
diff --git a/tverify/index/0.php b/tverify/index/0.php
index 2264bab..195cee3 100644
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@@ -34,8 +34,8 @@
if($bits['0'] == "emailAddress")
{
$query = "select * from `email` where `email`='".$bits['1']."' and `deleted`=0 and hash=''";
- $account = mysql_query($query);
- if(mysql_num_rows($account))
+ $account = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($account))
$addy[] = $bits['1'];
}
}
@@ -51,14 +51,14 @@
//If we found one, we extract the member-id from the sql result of the query we did above, and fetch the name of that user
if($continue == 1)
{
- $row = mysql_fetch_assoc($account);
+ $row = mysqli_fetch_assoc($account);
$memid = $row['memid'];
//Fetching the name of the user we have in the database:
$query = "select `fname`, `mname`, `lname`, `suffix` from `users` where `id`='$memid' and `deleted`=0";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
//Building the userĀ“s name, and ignoring punctuation
$cacert_name=$row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
diff --git a/www/ac.php b/www/ac.php
index fe8ac18..a9f979c 100644
--- a/www/ac.php
+++ b/www/ac.php
@@ -35,8 +35,8 @@
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`acount` DESC, `locations`.`name` ASC limit 10";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$rc++;
if($rc > 1)
diff --git a/www/account.php b/www/account.php
index c7f34a3..76a7b53 100644
--- a/www/account.php
+++ b/www/account.php
@@ -56,10 +56,10 @@
} else if($id == 51 && $_GET['img'] == "show") {
$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res))
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
readfile($row['photoid']);
} else {
die("No such file.");
diff --git a/www/advertising.php b/www/advertising.php
index 43e4f93..9b3a04a 100644
--- a/www/advertising.php
+++ b/www/advertising.php
@@ -73,7 +73,7 @@
{
$query = "insert into `advertising` set `link`='$link', `title`='$title', `months`='$months', `who`='".$_SESSION['profile']['id']."',
`when`=NOW()";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
unset($link);
unset($title);
unset($months);
diff --git a/www/alert_hash_collision.php b/www/alert_hash_collision.php
index bad60e8..cbd895d 100644
--- a/www/alert_hash_collision.php
+++ b/www/alert_hash_collision.php
@@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
{
- mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
- mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update emailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update domaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
else
{
- mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
- mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update orgemailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update orgdomaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
//exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 7efdf8d..053ae8e 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -22,20 +22,20 @@ require_once '../../includes/lib/check_weak_key.php';
$password = mysql_real_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
die("403,That username couldn't be found\n");
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
$memid = $user['id'];
$emails = array();
foreach($_REQUEST['email'] as $email)
{
$email = mysql_real_escape_string(trim($email));
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$id = $row['id'];
$emails[$id] = $email;
}
@@ -43,7 +43,7 @@ require_once '../../includes/lib/check_weak_key.php';
if(count($emails) <= 0)
die("404,Wasn't able to match any emails sent against your account");
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
$name = "CAcert WoT User\n";
@@ -85,23 +85,23 @@ require_once '../../includes/lib/check_weak_key.php';
$query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
`memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject', `codesign`='$codesign'";
- mysql_query($query);
- $certid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $certid = mysqli_insert_id();
$CSRname = generatecertpath("csr","client",$certid);
rename($checkedcsr, $CSRname);
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
foreach($emails as $emailid => $email)
- mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
$do = `../../scripts/runclient`;
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
die("404,Your certificate request has failed. ID: $certid");
- $cert = mysql_fetch_assoc($res);
+ $cert = mysqli_fetch_assoc($res);
echo "200,Authentication Ok\n";
readfile("../".$cert['crt_name']);
?>
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 0d067ea..f3271f7 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -15,18 +15,18 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $username = mysql_escape_string($_REQUEST['username']);
- $password = mysql_escape_string($_REQUEST['password']);
+ $username = mysql_real_escape_string($_REQUEST['username']);
+ $password = mysql_real_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
die("403,That username couldn't be found\n");
echo "200,Authentication Ok\n";
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
$memid = $user['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";
echo "NAME=CAcert WoT User\n";
@@ -41,7 +41,7 @@
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
echo "EMAIL=".$row['email']."\n";
?>
diff --git a/www/api/edu.php b/www/api/edu.php
index 27b7b1b..22bb931 100644
--- a/www/api/edu.php
+++ b/www/api/edu.php
@@ -14,24 +14,24 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
$ipadress =$_SERVER['REMOTE_ADDR'];
-
+
if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on")
{
- $serial=mysql_escape_string($_REQUEST["serial"]);
+ $serial=mysql_real_escape_string($_REQUEST["serial"]);
$root=intval($_REQUEST["root"]);
-
+
$sql="select memid from emailcerts where serial='$serial' and rootcert='$root'";
- $query= mysql_query($sql);
- if(mysql_num_rows($query) != 1)
+ $query= mysqli_query($_SESSION['mconn'], $sql);
+ if(mysqli_num_rows($query) != 1)
{
echo "NOT FOUND: ".sanitizeHTML($sql);
}
else
{
- $memid = mysql_fetch_assoc($query);
+ $memid = mysqli_fetch_assoc($query);
echo sanitizeHTML($memid['memid']);
}
}
@@ -40,4 +40,3 @@
echo "UNAUTHORIZED ACCESS ".$ipadress." ".$_SERVER['HTTPS'];
}
?>
-
diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php
index feb92d4..9ab9a9f 100644
--- a/www/cats/cats_import.php
+++ b/www/cats/cats_import.php
@@ -85,70 +85,70 @@ if (get_magic_quotes_gpc()) {
}
// Explicitly select all those IDs so I can insert new rows if needed.
-$query = mysql_query('SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$typeID = $result['0'];
} else {
- $query = mysql_query('INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');');
+ $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
- $typeID = mysql_insert_id();
+ $typeID = mysqli_insert_id();
}
-$query = mysql_query('SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$variantID = $result['0'];
} else {
- $query = mysql_query('INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');');
+ $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
- $variantID = mysql_insert_id();
+ $variantID = mysqli_insert_id();
}
// Now find the userid from cert serial
-$query = mysql_query('SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$userID = $result['0'];
} else {
echo 'Cannot find cert '.sanitize_string($serial).' / '.sanitize_string($root)."\r\n";
// Let's treat this as an error, since it should not happen.
- trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysql_error(), E_USER_ERROR);
+ trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysqli_error(), E_USER_ERROR);
exit();
}
// The unique constraint on cats_passed assures that records are not stored multiply
-$query = mysql_query('INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');');
+$query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');');
if (!$query) {
- if (mysql_errno() != 1062) { // Duplicate Entry is considered success
+ if (mysqli_errno() != 1062) { // Duplicate Entry is considered success
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
@@ -162,6 +162,6 @@ if (!fix_assurer_flag($userID)) {
exit();
}
-echo 'OK'."\r\n";
+echo 'OK'."\r\n";
?>
diff --git a/www/disputes.php b/www/disputes.php
index 34a447a..a3a9417 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -27,22 +27,22 @@
if($type == "reallyemail")
{
$emailid = intval($_SESSION['_config']['emailid']);
- $hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
+ $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash']));
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['oldmemid'];
if($action == "reject")
{
- mysql_query("update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'");
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'");
showheader(_("Email Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
@@ -54,21 +54,21 @@
echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
$query = "select * from `email` where `id`='".intval($emailid)."' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['email']."<br>\n";
account_email_delete($row['id']);
}
- mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'");
+ $user = mysqli_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
- mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `deleted`=NOW() where `id`='$oldmemid'");
echo _("This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system.");
}
@@ -80,7 +80,7 @@
if($type == "email")
{
$emailid = intval($_REQUEST['emailid']);
- $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash'])));
+ $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash'])));
if($emailid <= 0 || $hash == "")
{
showheader(_("Email Dispute"));
@@ -89,19 +89,19 @@
exit;
}
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
- mysql_query("update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
+ $row = mysqli_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Email Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result.");
- mysql_query("update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
} else
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID.");
showfooter();
@@ -115,7 +115,7 @@
}
$_SESSION['_config']['emailid'] = $emailid;
$_SESSION['_config']['hash'] = $hash;
- $row = mysql_fetch_assoc(mysql_query("select * from `disputeemail` where `id`='$emailid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid'"));
$_SESSION['_config']['email'] = $row['email'];
showheader(_("Email Dispute"));
includeit("4", "disputes");
@@ -126,10 +126,10 @@
if($type == "reallydomain")
{
$domainid = intval($_SESSION['_config']['domainid']);
- $hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
+ $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash']));
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Domain Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
@@ -139,7 +139,7 @@
if($action == "reject")
{
- mysql_query("update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
showheader(_("Domain Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
@@ -152,13 +152,13 @@
echo "<p>"._("The following accounts have been removed:")."<br>\n";
//new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo $_SESSION['_config']['domain']."<br>\n";
account_domain_delete($domainid);
}
- mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
exit;
}
@@ -167,7 +167,7 @@
if($type == "domain")
{
$domainid = intval($_REQUEST['domainid']);
- $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash'])));
+ $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash'])));
if($domainid <= 0 || $hash == "")
{
showheader(_("Domain Dispute"));
@@ -176,19 +176,19 @@
exit;
}
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
- mysql_query("update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
+ $row = mysqli_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Domain Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result.");
- mysql_query("update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
} else
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID.");
showfooter();
@@ -202,7 +202,7 @@
}
$_SESSION['_config']['domainid'] = $domainid;
$_SESSION['_config']['hash'] = $hash;
- $row = mysql_fetch_assoc(mysql_query("select * from `disputedomain` where `id`='$domainid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid'"));
$_SESSION['_config']['domain'] = $row['domain'];
showheader(_("Domain Dispute"));
includeit("6", "disputes");
@@ -213,7 +213,7 @@
if($oldid == "1")
{
csrf_check('emaildispute');
- $email = trim(mysql_escape_string(stripslashes($_REQUEST['dispute'])));
+ $email = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute'])));
if($email == "")
{
showheader(_("Email Dispute"));
@@ -223,8 +223,8 @@
}
//check if email belongs to locked account
- $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
@@ -239,8 +239,8 @@
exit;
}
- $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `email`='$email' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($email));
@@ -250,15 +250,15 @@
unset($oldid);
$query = "select * from `email` where `email`='$email' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email));
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['memid'];
$emailid = $row['id'];
if($_SESSION['profile']['id'] == $oldmemid)
@@ -269,10 +269,10 @@
exit;
}
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'");
+ $user = mysqli_fetch_assoc($res);
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
if($user['email'] == $email && ($rc > 0 || $rc2 > 0))
{
showheader(_("Email Dispute"));
@@ -285,7 +285,7 @@
$query = "insert into `disputeemail` set `email`='$email',`memid`='".intval($_SESSION['profile']['id'])."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='".intval($emailid)."',
`IP`='".$_SERVER['REMOTE_ADDR']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
@@ -302,7 +302,7 @@
if($oldid == "2")
{
csrf_check('domaindispute');
- $domain = trim(mysql_escape_string(stripslashes($_REQUEST['dispute'])));
+ $domain = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute'])));
if($domain == "")
{
showheader(_("Domain Dispute"));
@@ -312,8 +312,8 @@
}
//check if domain belongs to locked account
- $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
@@ -329,8 +329,8 @@
}
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($domain));
@@ -339,12 +339,12 @@
}
unset($oldid);
$query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$query = "select 1 from `orgdomains` where `domain`='$domain'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>');
@@ -356,7 +356,7 @@
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['memid'];
if($_SESSION['profile']['id'] == $oldmemid)
{
@@ -384,7 +384,7 @@
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
}
} else {
if(is_array($adds))
@@ -401,7 +401,7 @@
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
}
}
@@ -418,7 +418,7 @@
if($oldid == "5")
{
- $authaddy = trim(mysql_escape_string(stripslashes($_REQUEST['authaddy'])));
+ $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "")
{
@@ -429,8 +429,8 @@
}
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Domain Dispute!"));
printf(_("The domain '%s' isn't in the system. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
@@ -441,12 +441,12 @@
$domainid = intval($_SESSION['_config']['domainid']);
$memid = intval($_SESSION['_config']['memid']);
$oldmemid = intval($_SESSION['_config']['oldmemid']);
- $domain = mysql_escape_string($_SESSION['_config']['domain']);
+ $domain = mysql_real_escape_string($_SESSION['_config']['domain']);
$hash = make_hash();
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$body = sprintf(_("You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $domain)."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=domain&domainid=$domainid&hash=$hash\n\n";
diff --git a/www/gpg.php b/www/gpg.php
index 263c1d3..31c4ae0 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -74,7 +74,7 @@ function verifyName($name)
function verifyEmail($email)
{
if($email == "") return 0;
- if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
return 0;
}
@@ -318,8 +318,8 @@ function verifyEmail($email)
`multiple`='".mysql_real_escape_string($multiple)."',
`keyid`='".mysql_real_escape_string($keyid)."',
`description`='".mysql_real_escape_string($description)."'";
- mysql_query($query);
- $insert_id = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $insert_id = mysqli_insert_id();
$cwd = '/tmp/gpgspace'.$insert_id;
@@ -521,14 +521,14 @@ function verifyEmail($email)
$cmd_keyid = escapeshellarg($keyid);
$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname`;
- mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
+ mysqli_query($_SESSION['mconn'], "update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
waitForResult('gpg', $insert_id);
showheader(_("Welcome to CAcert.org"));
echo $resulttable;
$query = "select * from `gpg` where `id`='$insert_id' and `crt`!=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
@@ -551,7 +551,7 @@ function verifyEmail($email)
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ mysqli_query($_SESSION['mconn'], "update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
diff --git a/www/index.php b/www/index.php
index c7cc03e..c79c961 100644
--- a/www/index.php
+++ b/www/index.php
@@ -53,7 +53,7 @@ require_once('../includes/lib/l10n.php');
$oldid = 0;
if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
{
- $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
+ $_SESSION['lostpw']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
$answers++;
@@ -61,7 +61,7 @@ require_once('../includes/lib/l10n.php');
}
if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
{
- $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
+ $_SESSION['lostpw']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
$answers++;
@@ -69,7 +69,7 @@ require_once('../includes/lib/l10n.php');
}
if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
{
- $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
+ $_SESSION['lostpw']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
$answers++;
@@ -77,7 +77,7 @@ require_once('../includes/lib/l10n.php');
}
if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
{
- $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
+ $_SESSION['lostpw']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
$answers++;
@@ -85,15 +85,15 @@ require_once('../includes/lib/l10n.php');
}
if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
{
- $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+ $_SESSION['lostpw']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
}
- $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
- $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
+ $_SESSION['lostpw']['pw1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
+ $_SESSION['lostpw']['pw2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
{
@@ -119,7 +119,7 @@ require_once('../includes/lib/l10n.php');
} else {
$query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
- mysql_query($query) || die(mysql_error());
+ mysqli_query($_SESSION['mconn'], $query) || die(mysqli_error());
showheader(_("Welcome to CAcert.org"));
echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
showfooter();
@@ -130,21 +130,21 @@ require_once('../includes/lib/l10n.php');
if($oldid == 5 && $process != "")
{
- $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
+ $email = $_SESSION['lostpw']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
$_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
$_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
$_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
$dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
$query = "select * from `users` where `email`='$email' and `dob`='$dob'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = $oldid;
$oldid = 0;
$_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
} else {
$id = 6;
- $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
+ $_SESSION['lostpw']['user'] = mysqli_fetch_assoc($res);
}
}
@@ -156,7 +156,7 @@ require_once('../includes/lib/l10n.php');
if($user_id >= 0)
{
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],
"select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
@@ -251,18 +251,18 @@ require_once('../includes/lib/l10n.php');
$_SESSION['_config']['errmsg'] = "";
- $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
- $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
+ $email = mysql_real_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
+ $pword = mysql_real_escape_string(stripslashes(trim($_REQUEST['pword'])));
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0";
- $otpres = mysql_query($otpquery);
- if(mysql_num_rows($otpres) > 0)
+ $otpres = mysqli_query($_SESSION['mconn'], $otpquery);
+ if(mysqli_num_rows($otpres) > 0)
{
- $otp = mysql_fetch_assoc($otpres);
+ $otp = mysqli_fetch_assoc($otpres);
$otphash = $otp['otphash'];
$otppin = $otp['otppin'];
if(strlen($pword) == 6)
@@ -275,13 +275,13 @@ require_once('../includes/lib/l10n.php');
}
$query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
- if(mysql_num_rows(mysql_query($query)) <= 0)
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) <= 0)
{
$query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
{
if($otppin > 0)
@@ -297,31 +297,31 @@ require_once('../includes/lib/l10n.php');
$md5 = getOTP32(md5("$i$otphash"));
if($pword == $md5)
- $res = mysql_query($otpquery);
+ $res = mysqli_query($_SESSION['mconn'], $otpquery);
}
}
}
}
- if(mysql_num_rows($res) > 0)
+ if(mysqli_num_rows($res) > 0)
{
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
- $_SESSION['profile'] = mysql_fetch_assoc($res);
+ $_SESSION['profile'] = mysqli_fetch_assoc($res);
$query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
$_SESSION['profile']['loggedin'] = 1;
if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
@@ -342,8 +342,8 @@ require_once('../includes/lib/l10n.php');
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=0 and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
} else {
@@ -358,26 +358,26 @@ require_once('../includes/lib/l10n.php');
$_SESSION['_config']['errmsg'] = "";
- $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
- $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
- $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
- $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
- $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
+ $_SESSION['signup']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
+ $_SESSION['signup']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
+ $_SESSION['signup']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
+ $_SESSION['signup']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
+ $_SESSION['signup']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['signup']['day'] = intval($_REQUEST['day']);
$_SESSION['signup']['month'] = intval($_REQUEST['month']);
$_SESSION['signup']['year'] = intval($_REQUEST['year']);
- $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
- $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
- $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
- $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
- $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
- $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
- $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
- $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
- $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
- $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
- $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
- $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+ $_SESSION['signup']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
+ $_SESSION['signup']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
+ $_SESSION['signup']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
+ $_SESSION['signup']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
+ $_SESSION['signup']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
+ $_SESSION['signup']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
+ $_SESSION['signup']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
+ $_SESSION['signup']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
+ $_SESSION['signup']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
+ $_SESSION['signup']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
+ $_SESSION['signup']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
+ $_SESSION['signup']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
$_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
$_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
$_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
@@ -472,21 +472,21 @@ require_once('../includes/lib/l10n.php');
if($id == 2)
{
$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
- $res1 = mysql_query($query);
+ $res1 = mysqli_query($_SESSION['mconn'], $query);
$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
- $res2 = mysql_query($query);
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ $res2 = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0)
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
}
$query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $domain = mysql_fetch_assoc($res);
+ $domain = mysqli_fetch_assoc($res);
$domain = $domain['domain'];
$id = 1;
$_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
@@ -531,20 +531,20 @@ require_once('../includes/lib/l10n.php');
`A4`='".$_SESSION['signup']['A4']."',
`A5`='".$_SESSION['signup']['A5']."',
`created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
- mysql_query($query);
- $memid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $memid = mysqli_insert_id();
$query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
`hash`='$hash',
`created`=NOW(),
`memid`='$memid'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id();
$query = "insert into `alerts` set `memid`='$memid',
`general`='".$_SESSION['signup']['general']."',
`country`='".$_SESSION['signup']['country']."',
`regional`='".$_SESSION['signup']['regional']."',
`radius`='".$_SESSION['signup']['radius']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
include_once("../includes/notary.inc.php");
write_user_agreement($memid, "CCA", "account creation", "", 1);
diff --git a/www/news.php b/www/news.php
index f355b4b..b4ddd26 100644
--- a/www/news.php
+++ b/www/news.php
@@ -25,7 +25,7 @@
if($id > 0)
{
$query = "select * from `news` where `id`='$id'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
echo "<h3>".$row['short']."</h3>\n";
echo "<p>Posted by ".$row['who']." at ".$row['when']."</p>\n";
@@ -33,8 +33,8 @@
echo "<p>".str_replace("\n", "<br>\n", $row['story'])."</p>\n";
} else {
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
if($row['story'] != "")
diff --git a/www/rss.php b/www/rss.php
index f8eddb7..fedf9fd 100644
--- a/www/rss.php
+++ b/www/rss.php
@@ -12,8 +12,8 @@
<lastBuildDate><?=date("D, d M Y H:i:s O")?></lastBuildDate>
<ttl>3600</ttl><?
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 10";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<item>
<title><?=strip_tags($row['short'])?></title>
diff --git a/www/sqldump.php b/www/sqldump.php
index f30b4d0..69be6ab 100644
--- a/www/sqldump.php
+++ b/www/sqldump.php
@@ -25,14 +25,14 @@
# Database: `cacert`
#
<?
- $tables = mysql_query("SHOW TABLES");
- while(list($table_name) = mysql_fetch_array($tables))
+ $tables = mysqli_query($_SESSION['mconn'], "SHOW TABLES");
+ while(list($table_name) = mysqli_fetch_array($tables))
{
echo "# --------------------------------------------------------\n\n";
echo "#\n# Table structure for table `$table_name`\n#\n\n";
echo "DROP TABLE IF EXISTS `$table_name`;\n";
- $create = mysql_fetch_assoc(mysql_query("SHOW CREATE TABLE `$table_name`"));
+ $create = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "SHOW CREATE TABLE `$table_name`"));
echo $create['Create Table'].";\n\n";
}
?>
diff --git a/www/stats.php b/www/stats.php
index 1599e17..7aa9d26 100644
--- a/www/stats.php
+++ b/www/stats.php
@@ -25,9 +25,9 @@
*/
function getData() {
$sql = 'select * from `statscache` order by `timestamp` desc limit 1';
- $res = mysql_query($sql);
- if ($res && mysql_numrows($res) > 0) {
- $ar = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $sql);
+ if ($res && mysqli_numrows($res) > 0) {
+ $ar = mysqli_fetch_assoc($res);
$stats = unserialize($ar['cache']);
$stats['timestamp'] = $ar['timestamp'];
return $stats;
diff --git a/www/verify.php b/www/verify.php
index 6f603e4..23a7d68 100644
--- a/www/verify.php
+++ b/www/verify.php
@@ -43,41 +43,41 @@
{
$id = 1;
$emailid = intval($_REQUEST['emailid']);
- $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
+ $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
{
- mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
showfooter();
exit;
}
- mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
}
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, or something weird happened.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
{
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "update `users` set `verified`='1' where `id`='".intval($row['memid'])."' and `email`='".$row['email']."' and `verified`='0'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("Updated"), _("Updated"));
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
@@ -101,13 +101,13 @@
{
$id = 7;
$domainid = intval($_REQUEST['domainid']);
- $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
+ $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
{
@@ -118,23 +118,23 @@
exit;
}
$query = "update `domains` set `attempts`='".intval($row['attempts'])."' where `id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
{
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
diff --git a/www/wot.php b/www/wot.php
index 7200517..22c1255 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -135,7 +135,7 @@ function send_reminder()
$body .= "User ".$_SESSION['profile']['fname']." ".
$_SESSION['profile']['lname']." with email address '".
$_SESSION['profile']['email']."' is requesting a TTP assurances for ".
- mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+ mysql_real_escape_string(stripslashes($_POST['country'])).".\n\n";
if ($_POST['ttptopup']=='1') {
$body .= "The user is also requesting TTP TOPUP.\n\n";
}else{
@@ -182,9 +182,9 @@ function send_reminder()
if($oldid == 5)
{
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
{
$_SESSION['_config']['noemailfound'] = 1;
show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
@@ -192,16 +192,16 @@ function send_reminder()
} else
{
$_SESSION['_config']['noemailfound'] = 0;
- $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['notarise'] = mysqli_fetch_assoc($res);
if ($_SESSION['_config']['notarise']['verified'] == 0)
{
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
exit;
}
}
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1)
+ $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1)
{
$_SESSION['_config']['noemailfound'] = 0;
show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
@@ -226,8 +226,8 @@ function send_reminder()
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
`to`='".$_SESSION['_config']['notarise']['id']."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
exit;
@@ -311,8 +311,8 @@ $iecho= "c";
}
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{
@@ -333,8 +333,8 @@ $iecho= "c";
$newpoints = $awarded = 0;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
- $res = mysql_query($query);
- $drow = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($res);
$_POST['expire'] = 0;
@@ -345,16 +345,16 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = 0;
- if(mysql_escape_string(stripslashes($_POST['date'])) == "")
+ if(trim($_POST['date']) == "")
$_POST['date'] = date("Y-m-d H:i:s");
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
`to`='".$_SESSION['_config']['notarise']['id']."' AND
`awarded`='$awarded' AND
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."'";
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
@@ -366,8 +366,8 @@ $iecho= "c";
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['_config']['notarise']['id']."',
`points`='$newpoints', `awarded`='$awarded',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
@@ -377,7 +377,7 @@ $iecho= "c";
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']);
include_once("../includes/notary.inc.php");
@@ -391,11 +391,11 @@ $iecho= "c";
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['profile']['id']."',
`points`='$addpoints', `awarded`='$addpoints',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
// No need to fix_assurer_flag here, this should only happen for assurers...
$_SESSION['profile']['points'] += $addpoints;
@@ -478,7 +478,7 @@ $iecho= "c";
{
csrf_check("chgcontact");
- $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -487,7 +487,7 @@ $iecho= "c";
$_SESSION['profile']['contactinfo'] = $info;
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your account information has been updated.")."</p>";
@@ -507,8 +507,8 @@ $iecho= "c";
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$userid' and `listme`=1"));
+ $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{