summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php766
-rw-r--r--includes/account_stuff.php4
-rw-r--r--includes/general.php78
-rw-r--r--includes/general_stuff.php4
-rw-r--r--includes/lib/account.php4
-rw-r--r--includes/lib/general.php22
-rw-r--r--includes/lib/l10n.php8
-rw-r--r--includes/loggedin.php10
-rw-r--r--includes/mysql.php.sample15
-rw-r--r--includes/notary.inc.php168
-rw-r--r--pages/account/12.php6
-rw-r--r--pages/account/13.php4
-rw-r--r--pages/account/15.php6
-rw-r--r--pages/account/18.php14
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/2.php4
-rw-r--r--pages/account/22.php12
-rw-r--r--pages/account/23.php6
-rw-r--r--pages/account/25.php12
-rw-r--r--pages/account/26.php6
-rw-r--r--pages/account/27.php2
-rw-r--r--pages/account/28.php2
-rw-r--r--pages/account/29.php4
-rw-r--r--pages/account/3.php4
-rw-r--r--pages/account/30.php4
-rw-r--r--pages/account/31.php2
-rw-r--r--pages/account/32.php8
-rw-r--r--pages/account/33.php2
-rw-r--r--pages/account/34.php6
-rw-r--r--pages/account/35.php14
-rw-r--r--pages/account/41.php10
-rw-r--r--pages/account/43.php140
-rw-r--r--pages/account/49.php30
-rw-r--r--pages/account/5.php6
-rw-r--r--pages/account/51.php8
-rw-r--r--pages/account/52.php24
-rw-r--r--pages/account/53.php22
-rw-r--r--pages/account/54.php18
-rw-r--r--pages/account/55.php14
-rw-r--r--pages/account/56.php4
-rw-r--r--pages/account/57.php6
-rw-r--r--pages/account/58.php12
-rw-r--r--pages/account/59.php36
-rw-r--r--pages/account/6.php6
-rw-r--r--pages/account/9.php6
-rw-r--r--pages/advertising/0.php20
-rw-r--r--pages/gpg/2.php6
-rw-r--r--pages/gpg/3.php6
-rw-r--r--pages/wot/1.php26
-rw-r--r--pages/wot/10.php18
-rw-r--r--pages/wot/12.php22
-rw-r--r--pages/wot/13.php36
-rw-r--r--pages/wot/9.php14
-rw-r--r--scripts/49de-lt2013-berlin-mail.php.txt8
-rw-r--r--scripts/50de-ate-luebeck-mail.php.txt8
-rw-r--r--scripts/51at-ate-graz-mail.php.txt8
-rw-r--r--scripts/52at-ate-wien-mail.php.txt8
-rw-r--r--scripts/53de-ate-amberg-mail.php.txt8
-rw-r--r--scripts/54at-ate-linz-mail.php.txt8
-rw-r--r--scripts/55de-ate-wiesbaden-mail.php.txt8
-rw-r--r--scripts/56at-ate-oberwart-mail.php.txt8
-rw-r--r--scripts/57at-ate-graz-mail.php.txt8
-rw-r--r--scripts/58at-ate-wien-mail.php.txt8
-rw-r--r--[-rwxr-xr-x]scripts/addpoints.php12
-rw-r--r--scripts/assurer.php6
-rw-r--r--[-rwxr-xr-x]scripts/consistence.php44
-rw-r--r--[-rwxr-xr-x]scripts/country.php4
-rw-r--r--[-rwxr-xr-x]scripts/cron/permissionreview.php6
-rw-r--r--[-rwxr-xr-x]scripts/cron/refresh_stats.php12
-rw-r--r--[-rwxr-xr-x]scripts/cron/removedead.php30
-rw-r--r--[-rwxr-xr-x]scripts/cron/updatesort.php24
-rw-r--r--[-rwxr-xr-x]scripts/cron/warning.php12
-rw-r--r--scripts/gpgcheck3.php18
-rw-r--r--scripts/gpgfillmissingemail.php8
-rw-r--r--scripts/gpgfillmissingkeyid.php8
-rw-r--r--scripts/mailing archive/45au-ate-melbourne-mail.php.txt8
-rw-r--r--scripts/mailing archive/46us-ate-raleigh-mail.php.txt8
-rw-r--r--scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt8
-rw-r--r--scripts/mailing archive/48de-ate-kiel-mail.php.txt8
-rw-r--r--scripts/mailing archive/oa01-allowance.php.txt6
-rw-r--r--scripts/mailing archive/oa02-orgainformation.php.txt6
-rw-r--r--scripts/mass-revoke.php16
-rw-r--r--[-rwxr-xr-x]scripts/newsletter.php6
-rw-r--r--[-rwxr-xr-x]scripts/newslettercebit.php6
-rw-r--r--[-rwxr-xr-x]scripts/notify.php6
-rw-r--r--scripts/resetpermissions.php12
-rw-r--r--[-rwxr-xr-x]scripts/scanforexponents.php24
-rw-r--r--scripts/send_heartbleed.php4
-rw-r--r--scripts/send_policy_cca_20140916.php4
-rw-r--r--scripts/send_thawte.php.txt4
-rw-r--r--stamp/certdet.php4
-rw-r--r--stamp/common.php38
-rw-r--r--stamp/displogo.php4
-rw-r--r--stamp/report.php10
-rw-r--r--tverify/index.php26
-rw-r--r--tverify/index/0.php10
-rw-r--r--www/ac.php14
-rw-r--r--www/account.php6
-rw-r--r--www/advertising.php6
-rw-r--r--www/alert_hash_collision.php8
-rw-r--r--www/api/ccsr.php40
-rw-r--r--www/api/cemails.php16
-rw-r--r--www/api/edu.php8
-rw-r--r--www/cats/cats_import.php32
-rw-r--r--www/disputes.php138
-rw-r--r--www/gpg.php28
-rw-r--r--www/index.php108
-rw-r--r--www/news.php6
-rw-r--r--www/rss.php4
-rw-r--r--www/sqldump.php6
-rw-r--r--www/stats.php6
-rw-r--r--www/verify.php40
-rw-r--r--www/wot.php58
113 files changed, 1350 insertions, 1349 deletions
diff --git a/includes/account.php b/includes/account.php
index 6dacf2d..d14e27d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -120,7 +120,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
+ if(trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newemail']))) == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Not a valid email address. Can't continue."));
@@ -128,7 +128,7 @@ function buildSubjectFromSession() {
exit;
}
$oldid=0;
- $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
+ $_REQUEST['email'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newemail'])));
if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
@@ -152,8 +152,8 @@ function buildSubjectFromSession() {
}
$hash = make_hash();
$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'],$query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
@@ -172,15 +172,15 @@ function buildSubjectFromSession() {
$id = 2;
$emailid = intval($_REQUEST['emailid']);
$query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"));
echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
$body .= _("You are receiving this email because you or someone else ".
"has changed the default email on your account.")."\n\n";
@@ -191,8 +191,8 @@ function buildSubjectFromSession() {
"support@cacert.org", "", "", "CAcert Support");
$_SESSION['profile']['email'] = $row['email'];
- $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ $query = "update `users` set `email`='".mysqli_real_escape_string($_SESSION['mconn'], $row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
showheader(_("My CAcert.org Account!"));
printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
showfooter();
@@ -216,11 +216,11 @@ function buildSubjectFromSession() {
}
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
- `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ `email`!='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['profile']['email'])."'";
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['email']."<br>\n";
account_email_delete($row['id']);
$delcount++;
@@ -326,10 +326,10 @@ function buildSubjectFromSession() {
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
- $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'],"select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(!$emails)
$defaultemail = $row['email'];
$emails .= "$count.emailAddress = ".$row['email']."\n";
@@ -345,7 +345,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if($_SESSION['_config']['SSO'] == 1)
$emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
@@ -389,13 +389,13 @@ function buildSubjectFromSession() {
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
if(is_array($addys))
foreach($addys as $addy)
- mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
@@ -411,7 +411,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
@@ -434,7 +434,7 @@ function buildSubjectFromSession() {
$defaultemail = "";
$csrsubject="";
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if(strlen($user['mname']) == 1)
$user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
@@ -450,10 +450,10 @@ function buildSubjectFromSession() {
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
- $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'],"select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($defaultemail == "")
$defaultemail = $row['email'];
$csrsubject .= "/emailAddress=".$row['email'];
@@ -490,27 +490,27 @@ function buildSubjectFromSession() {
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
if(is_array($addys))
foreach($addys as $addy)
- mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
+ mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysqli_real_escape_string($_SESSION['mconn'], $addy)."'");
$CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
waitForResult("emailcerts", $emailid, 4);
$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 4;
showheader(_("My CAcert.org Account!"));
@@ -547,12 +547,12 @@ function buildSubjectFromSession() {
}
$newdom = trim(escapeshellarg($newdomain));
- $newdomain = mysql_real_escape_string(trim($newdomain));
+ $newdomain = mysqli_real_escape_string($_SESSION['mconn'], trim($newdomain));
- $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
+ $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
- $res2 = mysql_query($query);
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
+ $res2 = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2))
{
$oldid=0;
$id = 7;
@@ -579,7 +579,7 @@ function buildSubjectFromSession() {
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
+ $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
}
} else {
if(is_array($adds))
@@ -597,7 +597,7 @@ function buildSubjectFromSession() {
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
+ $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
}
}
@@ -606,7 +606,7 @@ function buildSubjectFromSession() {
if(!in_array($sub, $addy))
$addy[] = $sub;
$_SESSION['_config']['addy'] = $addy;
- $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
+ $_SESSION['_config']['domain'] = mysqli_real_escape_string($_SESSION['mconn'], $newdomain);
}
if($process != "" && $oldid == 8)
@@ -615,7 +615,7 @@ function buildSubjectFromSession() {
$oldid=0;
$id = 8;
- $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
+ $authaddy = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['authaddy'])));
if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
{
@@ -633,9 +633,9 @@ function buildSubjectFromSession() {
exit;
}
- $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $query = "select * from `domains` where `domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['domain'])."' and `deleted`=0";
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
@@ -659,10 +659,10 @@ function buildSubjectFromSession() {
}
$hash = make_hash();
- $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
+ $query = "insert into `domains` set `domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['domain'])."',
`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
- mysql_query($query);
- $domainid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'],$query);
+ $domainid = mysqli_insert_id($_SESSION['mconn']);
$body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
@@ -689,10 +689,10 @@ function buildSubjectFromSession() {
{
$id = intval($id);
$query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['domain']."<br>\n";
account_domain_delete($row['id']);
}
@@ -810,20 +810,20 @@ function buildSubjectFromSession() {
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `domaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
- `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
- `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rows']['0'])."',
+ `domid`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rowid']['0'])."',
+ `created`=NOW(),`subject`='".mysqli_real_escape_string($_SESSION['mconn'], $subject)."',
+ `rootcert`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rootcert'])."',
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
- `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
- `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altrows']['0'])."',
+ `domid`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altid']['0'])."',
+ `created`=NOW(),`subject`='".mysqli_real_escape_string($_SESSION['mconn'], $subject)."',
+ `rootcert`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rootcert'])."',
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
@@ -831,24 +831,24 @@ function buildSubjectFromSession() {
exit;
}
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'],$query);
+ $CSRid = mysqli_insert_id($_SESSION['mconn']);
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname=generatecertpath("csr","server",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
- mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
waitForResult("domaincerts", $CSRid, 11);
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 11;
showheader(_("My CAcert.org Account!"));
@@ -878,14 +878,14 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -894,20 +894,20 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
`domid`='".intval($row['domid'])."',
- `CN`='".mysql_real_escape_string($row['CN'])."',
- `subject`='".mysql_real_escape_string($row['subject'])."',".
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
- "`created`='".mysql_real_escape_string($row['created'])."',
+ "`created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
`modified`=NOW(),
`rootcert`='".intval($row['rootcert'])."',
`type`='".intval($row['type'])."',
- `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
- `description`='".mysql_real_escape_string($row['description'])."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ `pkhash`='".mysqli_real_escape_string($_SESSION['mconn'], $row['pkhash'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $newid = mysqli_insert_id($_SESSION['mconn']);
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
$newfile_esc = escapeshellarg($newfile);
@@ -929,18 +929,18 @@ function buildSubjectFromSession() {
}
$subject = buildSubjectFromSession();
- $subject = mysql_real_escape_string($subject);
- mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
+ $subject = mysqli_real_escape_string($_SESSION['mconn'], $subject);
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
waitForResult("domaincerts", $newid,$oldid,0);
$query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
- $drow = mysql_fetch_assoc($res);
+ $drow = mysqli_fetch_assoc($res);
$crt_name = escapeshellarg($drow['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crt_name");
echo "<pre>\n$cert\n</pre>\n";
@@ -971,19 +971,19 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
@@ -1006,19 +1006,19 @@ function buildSubjectFromSession() {
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `domaincerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"delete from `domaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1036,8 +1036,8 @@ function buildSubjectFromSession() {
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1057,14 +1057,14 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -1073,34 +1073,34 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
`memid`='".intval($row['memid'])."',
- `CN`='".mysql_real_escape_string($row['CN'])."',
- `subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".mysql_real_escape_string($row['keytype'])."',
- `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
- `created`='".mysql_real_escape_string($row['created'])."',
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
+ `keytype`='".mysqli_real_escape_string($_SESSION['mconn'], $row['keytype'])."',
+ `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+ `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
`modified`=NOW(),
`disablelogin`='".intval($row['disablelogin'])."',
`codesign`='".intval($row['codesign'])."',
`rootcert`='".intval($row['rootcert'])."',
- `description`='".mysql_real_escape_string($row['description'])."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $newid = mysqli_insert_id($_SESSION['mconn']);
$newfile=generatecertpath("csr","client",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
- $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
- while($r2 = mysql_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+ $res = mysqli_query($_SESSION['mconn'],"select * from `emaillink` where `emailcertsid`='".$row['id']."'");
+ while($r2 = mysqli_fetch_assoc($res))
{
- mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
+ mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailid`='".$r2['emailid']."',
`emailcertsid`='$newid'");
}
waitForResult("emailcerts", $newid,$oldid,0);
$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
@@ -1131,19 +1131,19 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
@@ -1163,19 +1163,19 @@ function buildSubjectFromSession() {
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `emailcerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"delete from `emailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1194,14 +1194,14 @@ function buildSubjectFromSession() {
{
$cid = intval(substr($id,5));
$dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
}
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
if(!empty($_REQUEST['check_comment_'.$cid])) {
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+ $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+ mysqli_query($_SESSION['mconn'],"update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
}
}
}
@@ -1215,16 +1215,16 @@ function buildSubjectFromSession() {
csrf_check("perschange");
$_SESSION['_config']['user'] = $_SESSION['profile'];
- $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
- $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
- $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
- $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
- $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
- $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
- $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
- $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
- $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
- $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+ $_SESSION['_config']['user']['Q1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q1']))));
+ $_SESSION['_config']['user']['Q2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q2']))));
+ $_SESSION['_config']['user']['Q3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q3']))));
+ $_SESSION['_config']['user']['Q4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q4']))));
+ $_SESSION['_config']['user']['Q5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q5']))));
+ $_SESSION['_config']['user']['A1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A1']))));
+ $_SESSION['_config']['user']['A2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A2']))));
+ $_SESSION['_config']['user']['A3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A3']))));
+ $_SESSION['_config']['user']['A4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A4']))));
+ $_SESSION['_config']['user']['A5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A5']))));
if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
$_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
@@ -1276,16 +1276,16 @@ function buildSubjectFromSession() {
if($oldid == 13 && $process != "")
{
$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
- $ddres = mysql_query($ddquery);
- $ddrow = mysql_fetch_assoc($ddres);
+ $ddres = mysqli_query($_SESSION['mconn'],$ddquery);
+ $ddrow = mysqli_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
if($_SESSION['profile']['points'] == 0)
{
- $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
- $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
- $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
- $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
+ $_SESSION['_config']['user']['fname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['fname']))));
+ $_SESSION['_config']['user']['mname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['mname']))));
+ $_SESSION['_config']['user']['lname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['lname']))));
+ $_SESSION['_config']['user']['suffix'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
$_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
$_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
@@ -1316,7 +1316,7 @@ function buildSubjectFromSession() {
`suffix`='".$_SESSION['_config']['user']['suffix']."',
`dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
}
if ($showdetails!="") {
$query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
@@ -1330,16 +1330,16 @@ function buildSubjectFromSession() {
`A4`='".$_SESSION['_config']['user']['A4']."',
`A5`='".$_SESSION['_config']['user']['A5']."'
where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
}
$_SESSION['_config']['user']['set'] = 0;
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
$_SESSION['profile']['loggedin'] = 1;
$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
- $ddres = mysql_query($ddquery);
- $ddrow = mysql_fetch_assoc($ddres);
+ $ddres = mysqli_query($_SESSION['mconn'],$ddquery);
+ $ddrow = mysqli_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1352,9 +1352,9 @@ function buildSubjectFromSession() {
if($oldid == 14 && $process != "")
{
- $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
- $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
- $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
+ $_SESSION['_config']['user']['oldpass'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['oldpassword'])));
+ $_SESSION['_config']['user']['pword1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword1'])));
+ $_SESSION['_config']['user']['pword2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword2'])));
$id = 14;
csrf_check("pwchange");
@@ -1371,10 +1371,10 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
{
- $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
+ $match = mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
- $rc = mysql_num_rows($match);
+ $rc = mysqli_num_rows($match);
} else {
$rc = 1;
}
@@ -1392,7 +1392,7 @@ function buildSubjectFromSession() {
_("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
- mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
+ mysqli_query($_SESSION['mconn'],"update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
where `id`='".intval($_SESSION['profile']['id'])."'");
echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
@@ -1417,7 +1417,7 @@ function buildSubjectFromSession() {
foreach($_REQUEST['emails'] as $val)
{
- $val = mysql_real_escape_string(stripslashes(trim($val)));
+ $val = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($val)));
$bits = explode("@", $val);
$count = count($bits);
if($count != 2)
@@ -1434,7 +1434,7 @@ function buildSubjectFromSession() {
if($val != "")
$_SESSION['_config']['emails'][] = $val;
}
- $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
+ $_SESSION['_config']['name'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
$_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
@@ -1504,7 +1504,7 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['name'] != "")
$emails .= "commonName = ".$_SESSION['_config']['name']."\n";
if($_SESSION['_config']['OU'])
- $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n";
+ $emails .= "organizationalUnitName = ".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."\n";
if($org['O'])
$emails .= "organizationName = ".$org['O']."\n";
if($org['L'])
@@ -1529,19 +1529,19 @@ function buildSubjectFromSession() {
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
- `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+ `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
`keytype`='NS',
`orgid`='".intval($org['orgid'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
foreach($_SESSION['_config']['domids'] as $addy)
- mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'],"insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
@@ -1558,7 +1558,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = clean_csr($_REQUEST['CSR']);
if(strpos($csr,"---BEGIN") === FALSE)
@@ -1629,31 +1629,31 @@ function buildSubjectFromSession() {
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
- `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+ `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".intval($org['orgid'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
foreach($_SESSION['_config']['domids'] as $addy)
- mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+ mysqli_query($_SESSION['mconn'],"insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
- mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
waitForResult("orgemailcerts", $emailid,$oldid);
$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -1681,14 +1681,14 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -1697,7 +1697,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -1705,25 +1705,25 @@ function buildSubjectFromSession() {
}
$query = "insert into `orgemailcerts` set
`orgid`='".intval($row['orgid'])."',
- `CN`='".mysql_real_escape_string($row['CN'])."',
- `ou`='".mysql_real_escape_string($row['ou'])."',
- `subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".mysql_real_escape_string($row['keytype'])."',
- `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
- `created`='".mysql_real_escape_string($row['created'])."',
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+ `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $row['ou'])."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
+ `keytype`='".mysqli_real_escape_string($_SESSION['mconn'], $row['keytype'])."',
+ `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+ `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
`modified`=NOW(),
`codesign`='".intval($row['codesign'])."',
`rootcert`='".intval($row['rootcert'])."',
- `description`='".mysql_real_escape_string($row['description'])."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $newid = mysqli_insert_id($_SESSION['mconn']);
$newfile=generatecertpath("csr","orgclient",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
waitForResult("orgemailcerts", $newid,$oldid,0);
$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) > 0)
{
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
@@ -1754,19 +1754,19 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
@@ -1787,19 +1787,19 @@ function buildSubjectFromSession() {
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `orgemailcerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgemailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1817,8 +1817,8 @@ function buildSubjectFromSession() {
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1879,14 +1879,14 @@ function buildSubjectFromSession() {
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
- `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'";
- $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
+ `orgdomains`.`domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['0.CN'])."'";
+ $_SESSION['_config']['CNorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$query = "select * from `orginfo`,`org`,`orgdomains` where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
- `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'";
- $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
+ `orgdomains`.`domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['0.subjectAltName'])."'";
+ $_SESSION['_config']['SANorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
//echo "<pre>"; print_r($_SESSION['_config']); die;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
@@ -1946,7 +1946,7 @@ function buildSubjectFromSession() {
`orginfo`.`id`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
}
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$csrsubject = "";
if($_SESSION['_config']['OU'])
@@ -1972,42 +1972,42 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `orgdomaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rows']['0'])."',
`orgid`='".intval($org['id'])."',
`created`=NOW(),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
} else {
$query = "insert into `orgdomaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altrows']['0'])."',
`orgid`='".intval($org['id'])."',
`created`=NOW(),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
}
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'],$query);
+ $CSRid = mysqli_insert_id($_SESSION['mconn']);
$CSRname=generatecertpath("csr","orgserver",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
- mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+ mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+ mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
waitForResult("orgdomaincerts", $CSRid,$oldid);
$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2035,14 +2035,14 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -2051,7 +2051,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -2059,32 +2059,32 @@ function buildSubjectFromSession() {
}
$query = "insert into `orgdomaincerts` set
`orgid`='".intval($row['orgid'])."',
- `CN`='".mysql_real_escape_string($row['CN'])."',
- `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
- `created`='".mysql_real_escape_string($row['created'])."',
+ `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+ `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+ `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
`modified`=NOW(),
- `subject`='".mysql_real_escape_string($row['subject'])."',
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
`type`='".intval($row['type'])."',
`rootcert`='".intval($row['rootcert'])."',
- `description`='".mysql_real_escape_string($row['description'])."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+ mysqli_query($_SESSION['mconn'],$query);
+ $newid = mysqli_insert_id($_SESSION['mconn']);
//echo "NewID: $newid<br/>\n";
$newfile=generatecertpath("csr","orgserver",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."<br>\n";
- $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
- while($r2 = mysql_fetch_assoc($res))
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
+ $res = mysqli_query($_SESSION['mconn'],"select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
+ while($r2 = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
waitForResult("orgdomaincerts", $newid,$oldid,0);
$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
- $drow = mysql_fetch_assoc($res);
+ $drow = mysqli_fetch_assoc($res);
$crtname = escapeshellarg($drow['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
echo "<pre>\n$cert\n</pre>\n";
@@ -2114,19 +2114,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
@@ -2149,19 +2149,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
- mysql_query("delete from `orgdomaincerts` where `id`='$id'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgdomaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -2179,8 +2179,8 @@ function buildSubjectFromSession() {
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -2219,18 +2219,18 @@ function buildSubjectFromSession() {
if($oldid == 24 && $process != "")
{
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
- $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
- $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
- $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
- $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
- $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+ $_SESSION['_config']['O'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['O'])));
+ $_SESSION['_config']['contact'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['contact'])));
+ $_SESSION['_config']['L'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['L'])));
+ $_SESSION['_config']['ST'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['ST'])));
+ $_SESSION['_config']['C'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['C'])));
+ $_SESSION['_config']['comments'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comments'])));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ mysqli_query($_SESSION['mconn'],"insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2247,18 +2247,18 @@ function buildSubjectFromSession() {
{
csrf_check('orgdetchange');
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
- $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
- $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
- $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
- $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
- $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+ $_SESSION['_config']['O'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['O'])));
+ $_SESSION['_config']['contact'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['contact'])));
+ $_SESSION['_config']['L'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['L'])));
+ $_SESSION['_config']['ST'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['ST'])));
+ $_SESSION['_config']['C'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['C'])));
+ $_SESSION['_config']['comments'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comments'])));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ mysqli_query($_SESSION['mconn'],"update `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2274,9 +2274,9 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
{
- $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
- if(mysql_num_rows($res1) > 0)
+ $domain = $_SESSION['_config']['domain'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['domainname'])));
+ $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain`='$domain'");
+ if(mysqli_num_rows($res1) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2292,7 +2292,7 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
{
- mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
+ mysqli_query($_SESSION['mconn'],"insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
@@ -2302,11 +2302,11 @@ function buildSubjectFromSession() {
if($oldid == 29 && $process != "")
{
- $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
+ $domain = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
- $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
+ $res2 = mysqli_query($_SESSION['mconn'],"select * from `domains` where `domain` like '$domain' and `deleted`=0");
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2320,23 +2320,23 @@ function buildSubjectFromSession() {
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ while($row = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ while($row = mysqli_fetch_assoc($res))
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
}
if($oldid == 29 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
- mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `id`='".intval($domid)."'"));
+ mysqli_query($_SESSION['mconn'],"update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2346,9 +2346,9 @@ function buildSubjectFromSession() {
if($oldid == 30 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `id`='".intval($domid)."'"));
$domain = $row['domain'];
- mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2365,36 +2365,36 @@ function buildSubjectFromSession() {
if($oldid == 31 && $process != "")
{
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
+ $dres = mysqli_query($_SESSION['mconn'],$query);
+ while($drow = mysqli_fetch_assoc($dres))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
}
}
- mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ mysqli_query($_SESSION['mconn'],"delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
}
if($oldid == 31)
@@ -2406,7 +2406,7 @@ function buildSubjectFromSession() {
if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $_macc = mysql_num_rows(mysql_query($query));
+ $_macc = mysqli_num_rows(mysqli_query($_SESSION['mconn'],$query));
if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2419,7 +2419,7 @@ function buildSubjectFromSession() {
if($id == 35 || $oldid == 35)
{
$query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
- $is_orguser = mysql_num_rows(mysql_query($query));
+ $is_orguser = mysqli_num_rows(mysqli_query($_SESSION['mconn'],$query));
if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2433,8 +2433,8 @@ function buildSubjectFromSession() {
{
$orgid = intval($_SESSION['_config']['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = 35;
}
@@ -2447,17 +2447,17 @@ function buildSubjectFromSession() {
$masteracc = $_SESSION['_config']['masteracc'] = intval($_REQUEST['masteracc']);
else
$masteracc = $_SESSION['_config']['masteracc'] = 0;
- $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
+ $_REQUEST['email'] = $_SESSION['_config']['email'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['email'])));
$_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
- $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
- $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
- if(mysql_num_rows($res) <= 0)
+ $comments = $_SESSION['_config']['comments'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['comments'])));
+ $res = mysqli_query($_SESSION['mconn'],"select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
+ if(mysqli_num_rows($res) <= 0)
{
$id = $oldid;
$oldid=0;
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if ( !is_assurer(intval($row['id'])) )
{
$id = $oldid;
@@ -2465,12 +2465,12 @@ function buildSubjectFromSession() {
$_SESSION['_config']['errmsg'] =
_("The user is not an Assurer yet");
} else {
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"insert into `org`
set `memid`='".intval($row['id'])."',
`orgid`='".intval($_SESSION['_config']['orgid'])."',
`masteracc`='$masteracc',
- `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+ `OU`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
`comments`='$comments'");
}
}
@@ -2479,8 +2479,8 @@ function buildSubjectFromSession() {
if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
- $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],"select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
+ if(mysqli_num_rows($res) <= 0)
$id = 32;
}
@@ -2489,7 +2489,7 @@ function buildSubjectFromSession() {
$orgid = intval($_SESSION['_config']['orgid']);
$memid = intval($_REQUEST['memid']);
$query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
}
if($oldid == 34 || $oldid == 33)
@@ -2501,7 +2501,7 @@ function buildSubjectFromSession() {
if($id == 36)
{
- $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
$_REQUEST['general'] = $row['general'];
$_REQUEST['country'] = $row['country'];
$_REQUEST['regional'] = $row['regional'];
@@ -2510,7 +2510,7 @@ function buildSubjectFromSession() {
if($oldid == 36)
{
- $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'],"select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
if($rc > 0)
{
$query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
@@ -2525,7 +2525,7 @@ function buildSubjectFromSession() {
`radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
`memid`='".intval($_SESSION['profile']['id'])."'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
$id = $oldid;
$oldid=0;
}
@@ -2533,12 +2533,12 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'default')
{
csrf_check("mainlang");
- $lang = mysql_real_escape_string($_REQUEST['lang']);
+ $lang = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['lang']);
foreach(L10n::$translations as $key => $val)
{
if($key == $lang)
{
- mysql_query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
$_SESSION['profile']['language'] = $lang;
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
@@ -2556,9 +2556,9 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'addsec')
{
csrf_check("seclang");
- $addlang = mysql_real_escape_string($_REQUEST['addlang']);
+ $addlang = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['addlang']);
// Does the language exist?
- mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
+ mysqli_query($_SESSION['mconn'],"insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2568,8 +2568,8 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'dellang')
{
csrf_check("seclang");
- $remove = mysql_real_escape_string($_REQUEST['remove']);
- mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
+ $remove = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['remove']);
+ mysqli_query($_SESSION['mconn'],"delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2604,7 +2604,7 @@ function buildSubjectFromSession() {
$regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0);
$newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
- $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
+ $name = array_key_exists('name',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'], strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
$lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
@@ -2612,58 +2612,58 @@ function buildSubjectFromSession() {
if($locid > 0 && $action == "edit")
{
$query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'],$query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "edit") {
$query = "update `regions` set `name`='$name' where `id`='$regid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ mysqli_query($_SESSION['mconn'],$query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `regions` where `id`='$regid'"));
$_REQUEST['ccid'] = $row['ccid'];
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "add") {
- $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select `ccid` from `regions` where `id`='$regid'"));
$ccid = $row['ccid'];
$query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($ccid > 0 && $action == "add" && $name != "") {
$query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'],$query);
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
- mysql_query("delete from `localias` where `locid`='$locid'");
- mysql_query("delete from `locations` where `id`='$locid'");
+ mysqli_query($_SESSION['mconn'],"delete from `localias` where `locid`='$locid'");
+ mysqli_query($_SESSION['mconn'],"delete from `locations` where `id`='$locid'");
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "move") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
$oldregid = $row['regid'];
- mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'");
- mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ mysqli_query($_SESSION['mconn'],"update `locations` set `regid`='$newreg' where `id`='$locid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `regid`='$newreg' where `regid`='$oldregid'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `regions` where `id`='$regid'"));
$_REQUEST['ccid'] = $row['ccid'];
- mysql_query("delete from `locations` where `regid`='$regid'");
- mysql_query("delete from `regions` where `id`='$regid'");
+ mysqli_query($_SESSION['mconn'],"delete from `locations` where `regid`='$regid'");
+ mysqli_query($_SESSION['mconn'],"delete from `regions` where `id`='$regid'");
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
@@ -2672,12 +2672,12 @@ function buildSubjectFromSession() {
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
$name = htmlentities($name);
- $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'");
+ $row = mysqli_query($_SESSION['mconn'],"insert into `localias` set `locid`='$locid',`name`='$name'");
} else if($locid > 0 && $action == "delalias") {
$id = 54;
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
- $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'");
+ $row = mysqli_query($_SESSION['mconn'],"delete from `localias` where `locid`='$locid' and `name`='$name'");
}
}
@@ -2714,15 +2714,15 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- $fname = mysql_real_escape_string($_REQUEST['fname']);
- $mname = mysql_real_escape_string($_REQUEST['mname']);
- $lname = mysql_real_escape_string($_REQUEST['lname']);
- $suffix = mysql_real_escape_string($_REQUEST['suffix']);
+ $fname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['fname']);
+ $mname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['mname']);
+ $lname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['lname']);
+ $suffix = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['suffix']);
$day = intval($_REQUEST['day']);
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
}elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
$id = 43;
$oldid=0;
@@ -2761,7 +2761,7 @@ function buildSubjectFromSession() {
if($id == 44)
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
$id = 42;
else
@@ -2781,8 +2781,8 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ mysqli_query($_SESSION['mconn'],"update `users` set `password`=sha1('".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
$my_translation = L10n::get_translation();
@@ -2872,24 +2872,24 @@ function buildSubjectFromSession() {
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'],$query);
+ $CSRid = mysqli_insert_id($_SESSION['mconn']);
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+ mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+ mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
$CSRname=generatecertpath("csr","server",$CSRid);
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);
- mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ mysqli_query($_SESSION['mconn'],"update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
waitForResult("domaincerts", $CSRid,$oldid);
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'],$query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2913,9 +2913,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['tverify'];
- mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `tverify`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
@@ -2932,9 +2932,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `assurer`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer']);
$_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
@@ -2950,9 +2950,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2969,9 +2969,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['locked'];
- mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `locked`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2988,9 +2988,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['codesign'];
- mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `codesign`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['codesign']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3007,9 +3007,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['orgadmin'];
- mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `orgadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3026,9 +3026,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['ttpadmin'];
- mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `ttpadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3044,11 +3044,11 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = $row['adadmin'] + 1;
if($ver > 2)
$ver = 0;
- mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `adadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3064,9 +3064,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['locadmin'];
- mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `locadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3083,9 +3083,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['admin'];
- mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `users` set `admin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['admin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3101,9 +3101,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['general'];
- mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `alerts` set `general`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['general']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3119,9 +3119,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['country'];
- mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `alerts` set `country`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['country']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3137,9 +3137,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['regional'];
- mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `alerts` set `regional`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['regional']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3155,9 +3155,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
$ver = !$row['radius'];
- mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ mysqli_query($_SESSION['mconn'],"update `alerts` set `radius`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
$_REQUEST['userid'] = intval($_REQUEST['radius']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3169,7 +3169,7 @@ function buildSubjectFromSession() {
$_REQUEST['userid'] = intval($_REQUEST['userid']);
}
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "") {
$id = 42;
} else {
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 0fda2f1..71314d1 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -206,7 +206,7 @@ function hideall() {
<h3 class="pointer" onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3>
<ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul>
</div>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3>
<ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul>
@@ -216,7 +216,7 @@ function hideall() {
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
diff --git a/includes/general.php b/includes/general.php
index 2eef65e..8bcfad4 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -79,12 +79,12 @@
if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
{
- $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $locked = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if($locked['locked'] == 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
} else {
$_SESSION['profile'] = "";
@@ -286,13 +286,13 @@
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
$query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$cnok = 1;
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -344,13 +344,13 @@
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
$query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$altok = 1;
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -388,16 +388,16 @@
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
$query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -440,16 +440,16 @@
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -476,16 +476,16 @@
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
- $dom = mysql_real_escape_string($dom);
+ $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
$query = "select * from `org`,`orgdomains`,`orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
return(true);
}
}
@@ -498,12 +498,12 @@
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' and `deleted` = 0 group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'";
- if(mysql_num_rows(mysql_query($query)) < 1)
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) < 1)
{
if($points >= 100)
return(10);
@@ -554,7 +554,7 @@
function checkEmail($email)
{
- $myemail = mysql_real_escape_string($email);
+ $myemail = mysqli_real_escape_string($_SESSION['mconn'], $email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
list($username,$domain)=explode('@',$email,2);
@@ -664,10 +664,10 @@
fputs($fp, "QUIT\r\n");
fclose($fp);
- $line = mysql_real_escape_string(trim(strip_tags($line)));
+ $line = mysqli_real_escape_string($_SESSION['mconn'], trim(strip_tags($line)));
$query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
if(substr($line, 0, 3) != "250")
return $line;
@@ -678,7 +678,7 @@
}
$query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
`email`='$myemail', `result`='Failed to make a connection to the mail server'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
return _("Failed to make a connection to the mail server");
}
@@ -699,8 +699,8 @@
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
else
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$found = 1;
break;
@@ -712,10 +712,10 @@
{
if($show) showheader(_("My CAcert.org Account!"));
$query = "select * from `$table` where `id`='".intval($certid)."' ";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$body="";
$subject="";
- if(mysql_num_rows($res) > 0)
+ if(mysqli_num_rows($res) > 0)
{
printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
$subject="[CAcert.org] Certificate TIMEOUT";
@@ -742,8 +742,8 @@
function generateTicket()
{
$query = "insert into tickets (timestamp) values (now()) ";
- mysql_query($query);
- $ticket = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $ticket = mysqli_insert_id($_SESSION['mconn']);
return $ticket;
}
@@ -871,17 +871,17 @@
/**
* Run the sql query given in $sql.
- * The resource returned by mysql_query is
+ * The resource returned by mysqli_query is
* returned by this function.
*
- * It should be safe to replace every mysql_query
- * call by a mysql_extended_query call.
+ * It should be safe to replace every mysqli_query
+ * call by a mysqli_extended_query call.
*/
function mysql_timed_query($sql)
{
global $sql_data_log;
$query_start = microtime(true);
- $res = mysql_query($sql);
+ $res = mysqli_query($_SESSION['mconn'], $sql);
$query_end = microtime(true);
$sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start);
return $res;
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 10c4e0a..01e5e7f 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -69,8 +69,8 @@ google_color_border = "FFFFFF";
<h3 class="pointer" onclick="explode('recom')"><?=_("Advertising")?></h3>
<ul class="menu" id="recom"><?
$query = "select * from `advertising` where `expires`>NOW() and `active`=1";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
echo "<li><a href='$row[link]' target='_blank'>$row[title]</a></li>";
?></ul>
</div>
diff --git a/includes/lib/account.php b/includes/lib/account.php
index dd8afd3..26a29ce 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -55,7 +55,7 @@ function fix_assurer_flag($userID = NULL)
AND `n`.`deleted` = 0
) >= 100';
- $query = mysql_query($sql);
+ $query = mysqli_query($_SESSION['mconn'], $sql);
if (!$query) {
return false;
}
@@ -91,7 +91,7 @@ function fix_assurer_flag($userID = NULL)
) < 100
)';
- $query = mysql_query($sql);
+ $query = mysqli_query($_SESSION['mconn'], $sql);
if (!$query) {
return false;
}
diff --git a/includes/lib/general.php b/includes/lib/general.php
index 127c6b7..0ba4314 100644
--- a/includes/lib/general.php
+++ b/includes/lib/general.php
@@ -32,15 +32,15 @@
function get_user_id_from_cert($serial, $issuer_cn)
{
$query = "select `memid` from `emailcerts` where
- `serial`='".mysql_escape_string($serial)."' and
+ `serial`='".mysqli_real_escape_string($_SESSION['mconn'], $serial)."' and
`rootcert`= (select `id` from `root_certs` where
- `Cert_Text`='".mysql_escape_string($issuer_cn)."') and
+ `Cert_Text`='".mysqli_real_escape_string($_SESSION['mconn'], $issuer_cn)."') and
`revoked`=0 and disablelogin=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
return intval($row['memid']);
}
@@ -139,21 +139,21 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) {
function get_assurer_status($userID)
{
$Result = 0;
- $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
- if(mysql_num_rows($query) < 1)
+ if(mysqli_num_rows($query) < 1)
{
$Result |= 5;
}
- $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
- $row = mysql_fetch_assoc($query);
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
+ $row = mysqli_fetch_assoc($query);
if ($row['points'] < 100) {
$Result |= 3;
}
- $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
- $row = mysql_fetch_assoc($query);
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
+ $row = mysqli_fetch_assoc($query);
if ($row['assurer_blocked'] > 0) {
$Result |= 9;
}
diff --git a/includes/lib/l10n.php b/includes/lib/l10n.php
index 4859946..23b21b8 100644
--- a/includes/lib/l10n.php
+++ b/includes/lib/l10n.php
@@ -170,7 +170,7 @@ class L10n {
foreach($languages as $lang => $qvalue)
{
// ignore any non-conforming values (that's why we don't need to
- // mysql_real_escape() or escapeshellarg(), but take care of
+ // mysqli_real_escape_string($_SESSION['mconn'], ) or escapeshellarg(), but take care of
// the '*')
// spec: ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
if ( preg_match('/^(?:([a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*|\*)$/',
@@ -360,9 +360,9 @@ class L10n {
//returns the language of a recipient to make sure that the language is correct
//use together with
$query = "select `language` from `users` where `id`='".intval($accountid)."'";
- $res = mysql_query($query);
- if (mysql_num_rows($res)>=0) {
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if (mysqli_num_rows($res)>=0) {
+ $row = mysqli_fetch_assoc($res);
if (NULL==$row['language'] || $row['language']=='') {
self::set_translation('en');
} else {
diff --git a/includes/loggedin.php b/includes/loggedin.php
index c14f8c2..5bf157a 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -44,7 +44,7 @@
//session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($uid)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
@@ -70,7 +70,7 @@
//session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],
"select * from `users` where `id`='".intval($user_id)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
@@ -103,15 +103,15 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index 77be95f..befe079 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -16,13 +16,14 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $_SESSION['mconn'] = mysql_connect("127.0.0.1", "username", "password");
- if ($_SESSION['mconn'] != FALSE)
- {
- mysql_select_db("database");
- $_SESSION['mconn'] = TRUE;
- }
- $_SESSION['_config']['normalhostname'] = "www.cacert.org";
+ $_SESSION['mconn'] = mysqli_connect("127.0.0.1", "username", "password", "database");
+
+// if (!$_SESSION['mconn']) {
+// die('Connect Error (' . mysqli_connect_errno() . ') '
+// . mysqli_connect_error());
+// }
+
+ $_SESSION['_config']['normalhostname'] = "www.cacert.org";
$_SESSION['_config']['securehostname'] = "secure.cacert.org";
$_SESSION['_config']['tverify'] = "tverify.cacert.org";
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 3b8e736..a4c8ee7 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -21,18 +21,18 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function query_init ($query)
{
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
function query_getnextrow ($res)
{
- $row1 = mysql_fetch_assoc($res);
+ $row1 = mysqli_fetch_assoc($res);
return $row1;
}
function query_get_number_of_rows ($resultset)
{
- return intval(mysql_num_rows($resultset));
+ return intval(mysqli_num_rows($resultset));
}
function get_number_of_assurances ($userid)
@@ -125,7 +125,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function get_user ($userid)
{
$res = query_init ("select * from `users` where `id`='".intval($userid)."'");
- return mysql_fetch_assoc($res);
+ return mysqli_fetch_assoc($res);
}
function get_cats_state ($userid)
@@ -133,7 +133,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
$res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
- return mysql_num_rows($res);
+ return mysqli_num_rows($res);
}
@@ -587,7 +587,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
$sum_points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid), $log);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$assuree = get_user(intval($row['to']));
calc_experience($row, $sum_points, $sum_experience);
@@ -617,7 +617,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
$sum_points = 0;
$sumexperience = 0;
$res = get_received_assurances(intval($userid), $log);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$fromuser = get_user(intval($row['from']));
calc_assurances($row, $sum_points, $sum_experience);
@@ -661,7 +661,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
}
$res = get_received_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$points = calc_awarded($row);
@@ -674,7 +674,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
}
$res = get_given_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
switch ($row['method'])
{
@@ -860,8 +860,8 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
// write a new record to the table user_agreement
$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
- ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
- $res = mysql_query($query);
+ ",`document`='".mysqli_real_escape_string($_SESSION['mconn'], $document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysqli_real_escape_string($_SESSION['mconn'], $method)."',`comment`='".mysqli_real_escape_string($_SESSION['mconn'], $comment)."'" ;
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -873,9 +873,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
*/
function get_user_agreement_status($memid, $type="CCA"){
$query="SELECT u.`document` FROM `user_agreements` u
- WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
- $res = mysql_query($query);
- if(mysql_num_rows($res) <=0){
+ WHERE u.`document` = '" . mysqli_real_escape_string($_SESSION['mconn'], $type) . "' AND u.`memid`=" . intval($memid) ;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <=0){
return 0;
}else{
return 1;
@@ -897,7 +897,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function get_first_user_agreement($memid, $type=null, $active=null){
$filter = '';
if (!is_null($type)) {
- $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
}
if (!is_null($active)) {
@@ -908,9 +908,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
WHERE u.`memid`=".intval($memid)."
$filter
ORDER BY u.`date` LIMIT 1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >0){
- $rec = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >0){
+ $rec = mysqli_fetch_assoc($res);
}else{
$rec=array();
}
@@ -932,7 +932,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function get_last_user_agreement($memid, $type=null, $active=null){
$filter = '';
if (!is_null($type)) {
- $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
}
if (!is_null($active)) {
@@ -943,9 +943,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
WHERE u.`memid`=".intval($memid)."
$filter
ORDER BY u.`date` DESC LIMIT 1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >0){
- $rec = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >0){
+ $rec = mysqli_fetch_assoc($res);
}else{
$rec=array();
}
@@ -966,7 +966,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
function get_user_agreements($memid, $type=null, $active=null){
$filter = '';
if (!is_null($type)) {
- $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
}
if (!is_null($active)) {
@@ -977,7 +977,7 @@ function get_user_agreements($memid, $type=null, $active=null){
WHERE u.`memid`=".intval($memid)."
$filter
ORDER BY u.`date`";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -991,9 +991,9 @@ function get_user_agreements($memid, $type=null, $active=null){
if ($type === false) {
$filter = '';
} else {
- $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
+ $filter = " and `document` = '" . mysqli_real_escape_string($_SESSION['mconn'], $type) . "'";
}
- mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
+ mysqli_query($_SESSION['mconn'], "delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
}
// functions for 6.php (assure somebody)
@@ -1095,7 +1095,7 @@ function get_user_agreements($memid, $type=null, $active=null){
$mailid = intval($mailid);
revoke_all_client_cert($mailid);
$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
function account_domain_delete($domainid){
@@ -1106,7 +1106,7 @@ function get_user_agreements($memid, $type=null, $active=null){
//called from account_delete
$domainid = intval($domainid);
revoke_all_server_cert($domainid);
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `domains`
set `deleted`=NOW()
where `id` = '$domainid'");
@@ -1117,7 +1117,7 @@ function get_user_agreements($memid, $type=null, $active=null){
// called from www/account.php if($oldid == 50 && $process != "")
//change password
$id = intval($id);
- $arbno = mysql_real_escape_string($arbno);
+ $arbno = mysqli_real_escape_string($_SESSION['mconn'], $arbno);
$adminid = intval($adminid);
$pool = 'abcdefghijklmnopqrstuvwxyz';
$pool .= '0123456789!()§';
@@ -1128,33 +1128,33 @@ function get_user_agreements($memid, $type=null, $active=null){
{
$password .= substr($pool,(rand()%(strlen ($pool))), 1);
}
- mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
//create new mail for arbitration number
$query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
//set new mail as default
$query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//delete all other email address
$query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
account_email_delete($row['id']);
}
//delete all domains
$query = "select `id` from `domains` where `memid`='".$id."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
account_domain_delete($row['id']);
}
//clear alert settings
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `alerts` set
`general`='0',
`country`='0',
@@ -1164,17 +1164,17 @@ function get_user_agreements($memid, $type=null, $active=null){
//set default location
$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//clear listings
$query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//set lanuage to default
//set default language
- mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `language`='en_AU' where `id`='".$id."'");
//delete secondary langugaes
- mysql_query("delete from `addlang` where `userid`='".$id."'");
+ mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".$id."'");
//change secret questions
for($i=1;$i<=5;$i++){
@@ -1186,7 +1186,7 @@ function get_user_agreements($memid, $type=null, $active=null){
$a .= substr($pool,(rand()%(strlen ($pool))), 1);
}
$query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
//change personal information to arbitration number and DOB=1900-01-01
@@ -1196,10 +1196,10 @@ function get_user_agreements($memid, $type=null, $active=null){
`suffix`='".$arbno."',
`dob`='1900-01-01'
where `id`='".$id."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
//clear all admin and board flags
- mysql_query(
+ mmysqli_query($_SESSION['mconn'],
"update `users` set
`assurer`='0',
`assurer_blocked`='0',
@@ -1214,17 +1214,17 @@ function get_user_agreements($memid, $type=null, $active=null){
where `id`='$id'");
//block account
- mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ mysqli_query($_SESSION['mconn'], "update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
}
function check_email_exists($email){
// called from includes/account.php if($process != "" && $oldid == 1)
// called from includes/account.php if($oldid == 50 && $process != "")
- $email = mysql_real_escape_string($email);
+ $email = mysqli_real_escape_string($_SESSION['mconn'], $email);
$query = "select 1 from `email` where `email`='$email' and `deleted`=0";
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
function check_gpg_cert_running($uid,$cca=0){
@@ -1236,8 +1236,8 @@ function get_user_agreements($memid, $type=null, $active=null){
}else{
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
}
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
function check_client_cert_running($uid,$cca=0){
@@ -1251,10 +1251,10 @@ function get_user_agreements($memid, $type=null, $active=null){
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
- $res = mysql_query($query1);
- $r1 = mysql_num_rows($res)>0;
- $res = mysql_query($query2);
- $r2 = mysql_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query1);
+ $r1 = mysqli_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query2);
+ $r2 = mysqli_num_rows($res)>0;
return !!($r1 || $r2);
}
@@ -1287,10 +1287,10 @@ function get_user_agreements($memid, $type=null, $active=null){
where `domains`.`memid` = '$uid'
and `revoked`>(NOW()-90*86400)";
}
- $res = mysql_query($query1);
- $r1 = mysql_num_rows($res)>0;
- $res = mysql_query($query2);
- $r2 = mysql_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query1);
+ $r1 = mysqli_num_rows($res)>0;
+ $res = mysqli_query($_SESSION['mconn'], $query2);
+ $r2 = mysqli_num_rows($res)>0;
return !!($r1 || $r2);
}
@@ -1298,8 +1298,8 @@ function get_user_agreements($memid, $type=null, $active=null){
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
$query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
- $res = mysql_query($query);
- return mysql_num_rows($res) > 0;
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ return mysqli_num_rows($res) > 0;
}
@@ -1311,9 +1311,9 @@ function get_user_agreements($memid, $type=null, $active=null){
from `emaillink`,`emailcerts` where
`emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres)){
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ while($drow = mysqli_fetch_assoc($dres)){
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
}
}
@@ -1329,10 +1329,10 @@ function get_user_agreements($memid, $type=null, $active=null){
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$domainid'";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ while($drow = mysqli_fetch_assoc($dres))
{
- mysql_query(
+ mysqli_query($_SESSION['mconn'],
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
@@ -1345,15 +1345,15 @@ function get_user_agreements($memid, $type=null, $active=null){
//gpg revokation needs to be added to a later point
$uid=intval($uid);
$query = "select `id` from `email` where `memid`='".$uid."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
revoke_all_client_cert($row['id']);
}
$query = "select `id` from `domains` where `memid`='".$uid."'";
- $res=mysql_query($query);
- while($row = mysql_fetch_assoc($res)){
+ $res=mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)){
revoke_all_server_cert($row['id']);
}
}
@@ -1415,11 +1415,11 @@ function write_se_log($uid, $adminid, $type, $info){
//records all support engineer actions changing a user account
$uid = intval($uid);
$adminid = intval($adminid);
- $type = mysql_real_escape_string($type);
- $info = mysql_real_escape_string($info);
+ $type = mysqli_real_escape_string($_SESSION['mconn'], $type);
+ $info = mysqli_real_escape_string($_SESSION['mconn'], g($info);
$query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
(Now(), $uid, $adminid, '$type', '$info')";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1453,7 +1453,7 @@ function get_user_data($userid, $deleted=0){
$filter .=' and `users`.`deleted`=0';
}
$query = "select * from `users` where `users`.`id`='$userid' ".$filter;
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1462,7 +1462,7 @@ function get_user_data($userid, $deleted=0){
* @return array - associative array
*/
function get_alerts($userid){
- return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+ return mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($userid)."'"));
}
/**
@@ -1480,10 +1480,10 @@ function get_email_addresses($userid, $exclude, $deleted=0){
$filter .= ' and `deleted`=0';
}
if ($exclude) {
- $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
+ $filter .= " and `email`!='".mysqli_real_escape_string($_SESSION['mconn'], $exclude)."'";
}
$query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1500,7 +1500,7 @@ function get_domains($userid, $deleted=0){
$filter .= ' and `deleted`=0';
}
$query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1515,7 +1515,7 @@ function get_training_results($userid){
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
" ORDER BY `CP`.`pass_date`";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1529,7 +1529,7 @@ function get_se_log($userid){
FROM `adminlog`, `users`
WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
ORDER BY `adminlog`.`when`";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1560,7 +1560,7 @@ function get_client_certs($userid, $viewall=0){
$query .= " HAVING `timeleft` > 0";
}
$query .= " ORDER BY `emailcerts`.`modified` desc";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1590,7 +1590,7 @@ function get_server_certs($userid, $viewall=0){
$query .= " HAVING `timeleft` > 0";
}
$query .= " ORDER BY `domaincerts`.`modified` desc";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
/**
@@ -1611,7 +1611,7 @@ function get_gpg_certs($userid, $viewall=0){
$query .= " HAVING `timeleft` > 0";
}
$query .= " ORDER BY `issued` desc";
- return mysql_query($query);
+ return mysqli_query($_SESSION['mconn'], $query);
}
diff --git a/pages/account/12.php b/pages/account/12.php
index f4428aa..234891f 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -49,15 +49,15 @@
}
$query .= "ORDER BY `modified` desc";
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['timeleft'] > 0)
$verified = _("Valid");
diff --git a/pages/account/13.php b/pages/account/13.php
index ea28c0e..0dcf58b 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -17,8 +17,8 @@
*/ ?>
<?
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
- $res = mysql_query($query);
- $user = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $user = mysqli_fetch_assoc($res);
$year = intval(substr($user['dob'], 0, 4));
$month = intval(substr($user['dob'], 5, 2));
diff --git a/pages/account/15.php b/pages/account/15.php
index 405cb44..b7a5b6c 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -21,14 +21,14 @@
$query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
`domains`.`memid`='".intval($_SESSION['profile']['id'])."' and
`domains`.`id`=`domaincerts`.`domid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
diff --git a/pages/account/18.php b/pages/account/18.php
index ca0a3c8..cec7a49 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -37,9 +37,9 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
from `org`, `orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
ORDER BY `orginfo`.`O` ";
- $reso = mysql_query($query);
- if(mysql_num_rows($reso) >= 1){
- while($row = mysql_fetch_assoc($reso)){
+ $reso = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($reso) >= 1){
+ while($row = mysqli_fetch_assoc($reso)){
printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
}
}?>
@@ -106,8 +106,8 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc";
break;
}
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
@@ -116,7 +116,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
</tr>
<? } else {
$orgname='';
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if ($row['O']<>$orgname) {
$orgname=$row['O'];?>
@@ -188,4 +188,4 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
-</form> \ No newline at end of file
+</form>
diff --git a/pages/account/19.php b/pages/account/19.php
index d7259f3..0d01c6d 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -21,15 +21,15 @@
$query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
diff --git a/pages/account/2.php b/pages/account/2.php
index 36421f9..0894dd0 100644
--- a/pages/account/2.php
+++ b/pages/account/2.php
@@ -28,8 +28,8 @@
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
if($row['hash'] == "")
$verified = _("Verified");
diff --git a/pages/account/22.php b/pages/account/22.php
index 7b7db2d..5ccdd5e 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -37,9 +37,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
from `org`, `orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
ORDER BY `orginfo`.`O` ";
- $reso = mysql_query($query);
- if(mysql_num_rows($reso) >= 1){
- while($row = mysql_fetch_assoc($reso)){
+ $reso = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($reso) >= 1){
+ while($row = mysqli_fetch_assoc($reso)){
printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
}
}?>
@@ -109,8 +109,8 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
@@ -118,7 +118,7 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
</tr>
<? } else {
$orgname='';
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if ($row['O']<>$orgname) {
$orgname=$row['O'];?>
diff --git a/pages/account/23.php b/pages/account/23.php
index 4255b47..33f1101 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -21,14 +21,14 @@
$query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgdomaincerts`.`orgid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
diff --git a/pages/account/25.php b/pages/account/25.php
index a70f608..8241852 100644
--- a/pages/account/25.php
+++ b/pages/account/25.php
@@ -54,13 +54,13 @@
// Safe because $order_by only contains fixed strings
$query = sprintf("select * from `orginfo` ORDER BY %s", $order_by);
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
- $admincount = mysql_num_rows($r2);
- $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
- $domcount = mysql_num_rows($r2);
+ $r2 = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='".intval($row['id'])."'");
+ $admincount = mysqli_num_rows($r2);
+ $r2 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+ $domcount = mysqli_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
diff --git a/pages/account/26.php b/pages/account/26.php
index f8b195d..99a2bd2 100644
--- a/pages/account/26.php
+++ b/pages/account/26.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
@@ -30,8 +30,8 @@
</tr>
<?
$query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td>
diff --git a/pages/account/27.php b/pages/account/27.php
index a1086d4..7c73be4 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+ $row = mysqli_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/28.php b/pages/account/28.php
index 1212f9c..7d7f7aa 100644
--- a/pages/account/28.php
+++ b/pages/account/28.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/29.php b/pages/account/29.php
index 4229b3b..2132826 100644
--- a/pages/account/29.php
+++ b/pages/account/29.php
@@ -17,9 +17,9 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/3.php b/pages/account/3.php
index cd62ce0..a2d6bc0 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -38,8 +38,8 @@
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
diff --git a/pages/account/30.php b/pages/account/30.php
index 04ad229..8cf1a03 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -17,9 +17,9 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/31.php b/pages/account/31.php
index 9f3d27e..033d177 100644
--- a/pages/account/31.php
+++ b/pages/account/31.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<form method="post" action="account.php">
diff --git a/pages/account/32.php b/pages/account/32.php
index a05c927..6bb92ce 100644
--- a/pages/account/32.php
+++ b/pages/account/32.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
<tr>
@@ -32,10 +32,10 @@
</tr>
<?
$query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['memid'])."'"));
?>
<tr>
<td class="DataTD"><a href='mailto:<?=sanitizeHTML($user['email'])?>'><?=sanitizeHTML($user['fname'])?> <?=sanitizeHTML($user['lname'])?></a></td>
diff --git a/pages/account/33.php b/pages/account/33.php
index 9e2f67a..a8f894b 100644
--- a/pages/account/33.php
+++ b/pages/account/33.php
@@ -17,7 +17,7 @@
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
// Reset session variables regarding OrgAdmin's, present empty form
if (array_key_exists('email',$_SESSION['_config'])) $_SESSION['_config']['email']="";
diff --git a/pages/account/34.php b/pages/account/34.php
index b11bc7d..5c6c8b8 100644
--- a/pages/account/34.php
+++ b/pages/account/34.php
@@ -17,11 +17,11 @@
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$_SESSION['_config']['domain'] = $row['domain'];
?>
diff --git a/pages/account/35.php b/pages/account/35.php
index 05c7f2b..64f62e1 100644
--- a/pages/account/35.php
+++ b/pages/account/35.php
@@ -24,8 +24,8 @@ $query = "select *
where `orginfo`.`id`=`org`.`orgid`
and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-$res = mysql_query($query);
-while($row = mysql_fetch_assoc($res))
+$res = mysqli_query($_SESSION['mconn'], $query);
+while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
@@ -55,8 +55,8 @@ while($row = mysql_fetch_assoc($res))
//domain info
$query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'";
- $res1 = mysql_query($query);
- while($domain = mysql_fetch_assoc($res1))
+ $res1 = mysqli_query($_SESSION['mconn'], $query);
+ while($domain = mysqli_fetch_assoc($res1))
{
?>
<tr>
@@ -76,10 +76,10 @@ while($row = mysql_fetch_assoc($res))
//org admins
$query = "select * from `org` where `orgid`='".intval($row['id'])."'";
- $res2 = mysql_query($query);
- while($org = mysql_fetch_assoc($res2))
+ $res2 = mysqli_query($_SESSION['mconn'], $query);
+ while($org = mysqli_fetch_assoc($res2))
{
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($org['memid'])."'"));
?>
<tr>
<td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..381b0a4 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -54,10 +54,10 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
</tr>
<?
$query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysqli_real_escape_string($_SESSION['mconn'], $row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
@@ -70,8 +70,8 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
<td class="DataTD"><select name="addlang">
<?
$query = "select * from `languages` order by `locale`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
printf("<option value=\"%s\">[%s] %s (%s)</option>\n",
sanitizeHTML($row['locale']),
diff --git a/pages/account/43.php b/pages/account/43.php
index c889ce3..39c37fb 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -63,8 +63,8 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 1) {
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 1) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -75,7 +75,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
<td class="DataTD"><?=_("Email")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
@@ -85,7 +85,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
<?
}
- if(mysql_num_rows($res) >= 100) {
+ if(mysqli_num_rows($res) >= 100) {
?>
<tr>
<td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
@@ -94,15 +94,15 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
} else {
?>
<tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<?
}
?>
</table><br><br>
<?
- } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+ } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), sanitizeHTML($email));
@@ -113,13 +113,13 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
if(intval($_REQUEST['userid']) > 0) {
$userid = intval($_REQUEST['userid']);
$res =get_user_data($userid);
- if(mysql_num_rows($res) <= 0) {
+ if(mysqli_num_rows($res) <= 0) {
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$alerts =get_alerts(intval($row['id']));
//display account data
@@ -132,11 +132,11 @@ if(intval($_REQUEST['userid']) > 0) {
} else {
$assurance = intval($_REQUEST['assurance']);
$trow = 0;
- $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
+ $res = mysqli_query($_SESSION['mconn'], "select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
if ($res) {
- $trow = mysql_fetch_assoc($res);
+ $trow = mysqli_fetch_assoc($res);
if ($trow) {
- mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
+ mysqli_query($_SESSION['mconn'], "update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
fix_assurer_flag($trow['to']);
}
}
@@ -403,14 +403,14 @@ if(intval($_REQUEST['userid']) > 0) {
<?
//list secondary email addresses
$dres = get_email_addresses(intval($row['id']),$row['email']);
- if(mysql_num_rows($dres) > 0) {
+ if(mysqli_num_rows($dres) > 0) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
</tr>
<?
- while($drow = mysql_fetch_assoc($dres)) {
+ while($drow = mysqli_fetch_assoc($dres)) {
?>
<tr>
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
@@ -426,14 +426,14 @@ if(intval($_REQUEST['userid']) > 0) {
// list of domains
$dres=get_domains(intval($row['id']));
- if(mysql_num_rows($dres) > 0) {
+ if(mysqli_num_rows($dres) > 0) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Verified Domains")?></td>
</tr>
<?
- while($drow = mysql_fetch_assoc($dres)) {
+ while($drow = mysqli_fetch_assoc($dres)) {
?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
@@ -488,7 +488,7 @@ if(intval($_REQUEST['userid']) > 0) {
4. users.email = primary-email
--- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ select * from `users` where `email`='".mysqli_real_escape_string($_SESSION['mconn'], $_POST['email']))."'
and `deleted`=0
=> requirements
1. users.deleted = 0
@@ -527,8 +527,8 @@ if(intval($_REQUEST['userid']) > 0) {
// current userid intval($row['id'])
$query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$uemail = $drow['uemail'];
$udeleted = $drow['udeleted'];
$uverified = $drow['verified'];
@@ -538,16 +538,16 @@ if(intval($_REQUEST['userid']) > 0) {
where `memid`='".intval($row['id'])."' and
`email` ='".$uemail."' and
`deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ if ($drow = mysqli_fetch_assoc($dres)) {
$drow['edeleted'] = 0;
} else {
// try if there are deleted entries
$query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
where `memid`='".intval($row['id'])."' and
`email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
}
if ($drow) {
@@ -626,8 +626,8 @@ if(intval($_REQUEST['userid']) > 0) {
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -644,8 +644,8 @@ if(intval($_REQUEST['userid']) > 0) {
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "
@@ -655,8 +655,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `domains`.`memid` = '".intval($row['id'])."'
and `expire` <= NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "
@@ -666,8 +666,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `domains`.`memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -692,8 +692,8 @@ if(intval($_REQUEST['userid']) > 0) {
from `emailcerts`
where `memid` = '".intval($row['id'])."'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -709,8 +709,8 @@ if(intval($_REQUEST['userid']) > 0) {
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "
@@ -719,8 +719,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "
@@ -729,8 +729,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -755,8 +755,8 @@ if(intval($_REQUEST['userid']) > 0) {
from `gpg`
where `memid` = '".intval($row['id'])."'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -771,8 +771,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `memid` = '".intval($row['id'])."'
and `expire` > NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "
@@ -781,8 +781,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -809,8 +809,8 @@ if(intval($_REQUEST['userid']) > 0) {
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -827,8 +827,8 @@ if(intval($_REQUEST['userid']) > 0) {
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "
@@ -838,8 +838,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "
@@ -849,8 +849,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -877,8 +877,8 @@ if(intval($_REQUEST['userid']) > 0) {
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
@@ -895,8 +895,8 @@ if(intval($_REQUEST['userid']) > 0) {
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "
@@ -906,8 +906,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "
@@ -917,8 +917,8 @@ if(intval($_REQUEST['userid']) > 0) {
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
$revoked = $drow['revoked'];
?>
<td class="DataTD"><?=intval($total)?></td>
@@ -985,10 +985,10 @@ if(intval($_REQUEST['userid']) > 0) {
</tr>
<?
$query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
- $dres = mysql_query($query);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
$points = 0;
- while($drow = mysql_fetch_assoc($dres)) {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ while($drow = mysqli_fetch_assoc($dres)) {
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['from'])."'"));
$points += $drow['points'];
?>
<tr>
@@ -1032,10 +1032,10 @@ if(intval($_REQUEST['userid']) > 0) {
</tr>
<?
$query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
- $dres = mysql_query($query);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
$points = 0;
- while($drow = mysql_fetch_assoc($dres)) {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
+ while($drow = mysqli_fetch_assoc($dres)) {
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['to'])."'"));
$points += intval($drow['points']);
?>
<tr>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..b3b8d53 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,7 +19,7 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+ $domainsearch = $domain = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['domain']));
if(!strstr($domain, "%"))
$domainsearch = "%$domain%";
if(preg_match("/^\d+$/",$domain))
@@ -30,32 +30,32 @@
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['domid']?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<tr>
- <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<? } ?>
</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+<? } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -66,32 +66,32 @@
}
$query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<tr>
- <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
</tr>
<? } ?>
</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
+<? } elseif(mysqli_num_rows($res) == 1) {
+ $row = mysqli_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/5.php b/pages/account/5.php
index efed0ab..49ef4ca 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -53,15 +53,15 @@
$query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
$query .= " ORDER BY `modified` desc";
// echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['timeleft'] > 0)
$verified = _("Valid");
diff --git a/pages/account/51.php b/pages/account/51.php
index 7273840..d0b8367 100644
--- a/pages/account/51.php
+++ b/pages/account/51.php
@@ -19,13 +19,13 @@
<?
$uid = intval($_GET['photoid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) { ?>
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0) { ?>
<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo _("This UID has already been voted on.");
} else {
diff --git a/pages/account/52.php b/pages/account/52.php
index 6c00c26..5042852 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -21,13 +21,13 @@ if($_SESSION['profile']['tverify'] <= 0) {
} else {
$uid = intval($_GET['uid']);
$query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0) {
+ $row = mysqli_fetch_assoc($res);
$memid = intval($row['memid']);
$query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query2));
if($rc2 > 0) {
showheader(_("My CAcert.org Account!"));
echo _("You have already voted on this request.");
@@ -36,9 +36,9 @@ if($_SESSION['profile']['tverify'] <= 0) {
}
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
- $notary = mysql_fetch_assoc(mysql_query($query));
+ $notary = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `users` where `id`='".intval($memid)."'";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '') {
$tobe = 150 - $notary['points'];
@@ -74,8 +74,8 @@ if($_SESSION['profile']['tverify'] <= 0) {
<?
} else {
$query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0) {
echo _("This UID has already been voted on.")."<br/>";
} else {
if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
@@ -83,13 +83,13 @@ if($_SESSION['profile']['tverify'] <= 0) {
// Search for open requests:
$query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0) {
echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res)) {
+ while($row = mysqli_fetch_assoc($res)) {
$uid=intval($row['id']);
$query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
+ $rc3 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query3));
if($rc3 <= 0)
{
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..82509f6 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
@@ -29,7 +29,7 @@
if($regid > 0)
{
- $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&amp;regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;regid=$regid'>"._("Add")."</a>\n".
$display;
@@ -38,7 +38,7 @@
if($ccid > 0)
{
- $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'"));
+ $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='$ccid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&amp;ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;ccid=$ccid'>"._("Add")."</a>\n".
$display;
@@ -51,16 +51,16 @@
{
echo "<ul>\n";
$query = "select * from `countries` order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
echo "<li><a href='account.php?id=53&amp;ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif($regid <= 0) {
echo "<ul>\n";
$query = "select * from `regions` where `ccid`='$ccid' order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=edit&amp;id=54&regid=".intval($row['id'])."'>"._("edit")."</a> |";
echo " <a href='account.php?action=delete&amp;id=53&regid=".intval($row['id'])."'";
@@ -74,11 +74,11 @@
if($town != "")
{
$query = "select * from `locations` where `regid`='$regid' and `name` < '$town'";
- $start = mysql_num_rows(mysql_query($query));
+ $start = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
}
$query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=move&amp;id=54&amp;locid=".intval($row['id'])."'>"._("move")."</a> |";
echo " <a href='account.php?action=aliases&amp;id=54&amp;locid=".intval($row['id'])."'>"._("aliases")."</a> |";
@@ -89,7 +89,7 @@
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
$st="";$prev="";$end="";$next="";
- $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'"));
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `locations` where `regid`='$regid'"));
if($start > 0)
{
$prev = $start - $limit;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..714de6c 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'],$_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
@@ -41,7 +41,7 @@
</form>
<? } if($regid > 0 && $_REQUEST['action'] == "edit") {
$query = "select * from `regions` where `id`='$regid' order by `name`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$name = $row['name'];
?>
<form method="post" action="account.php">
@@ -89,7 +89,7 @@
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "edit") {
$query = "select * from `locations` where `id`='$locid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
if($name == "")
$name = $row['name'];
@@ -125,8 +125,8 @@
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {
$query = "select * from `localias` where `locid`='".intval($locid)."'";
- $res = mysql_query($query);
- $rc = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $rc = mysqli_num_rows($res);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -143,7 +143,7 @@
</td>
</tr>
<?
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
@@ -169,7 +169,7 @@ document.getElementById("display1").style.display = "none";
</script>
<? } if($locid > 0 && $_REQUEST['action'] == "move") {
$query = "select * from `locations` where `id`='$locid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$newreg = $_REQUEST['newreg'] = $row['regid'];
?>
<form method="post" action="account.php">
@@ -186,8 +186,8 @@ document.getElementById("display1").style.display = "none";
<td class="DataTD"><select name="newreg">
<?
$query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<option value='".intval($row['id'])."'";
if($_REQUEST['newreg'] == $row['id'])
diff --git a/pages/account/55.php b/pages/account/55.php
index 24cc86d..3d670a5 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -31,12 +31,12 @@
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -61,10 +61,10 @@
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
+ while($row = mysqli_fetch_array($res, MYSQL_NUM))
{
if ($row[1] == "Assurer Challenge") {
$HaveTest=1;
@@ -99,11 +99,11 @@
AND `n`.`deleted` = 0
GROUP BY `u`.`id`, `u`.`assurer`
';
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
if (!$res) {
print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
} else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
+ $row = mysqli_fetch_array($res, MYSQL_NUM);
if ($HaveTest && ($row[2]>=100)) {
if (!$row[1]) {
// This should not happen...
diff --git a/pages/account/56.php b/pages/account/56.php
index cabe8e0..796fa34 100644
--- a/pages/account/56.php
+++ b/pages/account/56.php
@@ -25,8 +25,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
</tr>
<?
$query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
?>
<tr>
diff --git a/pages/account/57.php b/pages/account/57.php
index 9db7ccf..a5c721c 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -25,12 +25,12 @@
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
diff --git a/pages/account/58.php b/pages/account/58.php
index af26b70..d6bebf6 100644
--- a/pages/account/58.php
+++ b/pages/account/58.php
@@ -21,19 +21,19 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1){
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1){
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
- if ($row = mysql_fetch_assoc($res)){
+ if ($row = mysqli_fetch_assoc($res)){
$username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
$query = "select `orginfo`.`o`, `org`.`masteracc`
FROM `orginfo`, `org`
WHERE `orginfo`.`id` = `org`.`orgid`
AND `org`.`memid`='$user_id' order by `orginfo`.`o`";
- $res1 = mysql_query($query);?>
+ $res1 = mysqli_query($_SESSION['mconn'], $query);?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
- if (mysql_num_rows($res1) <= 0) {?>
+ if (mysqli_num_rows($res1) <= 0) {?>
<tr>
<td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
</tr>
@@ -45,7 +45,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
<td class="DataTD"><b><?=_('Organisation')?></b></td>
<td class="DataTD"><b><?=_('Masteraccount')?></b></td>
</tr><?
- while($drow = mysql_fetch_assoc($res1)){?>
+ while($drow = mysqli_fetch_assoc($res1)){?>
<tr>
<td class="DataTD"><?=$drow['o']?></td>
<td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td>
diff --git a/pages/account/59.php b/pages/account/59.php
index 1c73ae5..9052cb3 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -21,13 +21,13 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$userid = intval($_REQUEST['userid']);
$res = get_user_data($userid);
-if (mysql_num_rows($res) <= 0)
+if (mysqli_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
exit;
}
-$user = mysql_fetch_assoc($res);
+$user = mysqli_fetch_assoc($res);
$fname = $user['fname'];
$mname = $user['mname'];
@@ -159,9 +159,9 @@ $dres = get_email_addresses($userid,'',1);
<td colspan="3" class="title"><?=_('Email addresses')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_log_email_header();
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_log_email($drow,$email);
}
@@ -185,9 +185,9 @@ $dres = get_domains($userid, 1);
<td colspan="3" class="title"><?=_('Domains')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_log_domains_header();
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_log_domains($drow);
}
@@ -211,9 +211,9 @@ $dres = get_training_results($userid);
<td colspan="3" class="title"><?=_('Trainings')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_log_training_header();
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_log_training($drow);
}
@@ -237,9 +237,9 @@ $dres = get_user_agreements($userid);
<td colspan="4" class="title"><?=_('User agreements')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_log_agreement_header();
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_log_agreement($drow);
}
@@ -267,9 +267,9 @@ if (1 == $support) {
<td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_client_cert_header($support);
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_client_cert($drow,$support);
}
@@ -297,9 +297,9 @@ if (1 == $support) {
<td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_server_certs_header($support);
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_server_certs($drow,$support);
}
@@ -327,9 +327,9 @@ if (1 == $support) {
<td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_gpg_certs_header($support);
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_gpg_certs($drow, $support);
}
@@ -362,9 +362,9 @@ if (1 == $support) {
<td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
</tr>
<?
-if (mysql_num_rows($dres) > 0) {
+if (mysqli_num_rows($dres) > 0) {
output_log_se_header($support);
- while ($drow = mysql_fetch_assoc($dres))
+ while ($drow = mysqli_fetch_assoc($dres))
{
output_log_se($drow,$support);
}
diff --git a/pages/account/6.php b/pages/account/6.php
index de8d1a3..d16ef84 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -39,14 +39,14 @@ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
where `emailcerts`.`id`='$certid' and
`emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
-$res = mysql_query($query);
-if(mysql_num_rows($res) <= 0) {
+$res = mysqli_query($_SESSION['mconn'], $query);
+if(mysqli_num_rows($res) <= 0) {
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
-$row = mysql_fetch_assoc($res);
+$row = mysqli_fetch_assoc($res);
if (array_key_exists('format', $_REQUEST)) {
diff --git a/pages/account/9.php b/pages/account/9.php
index 1be45f5..8d207ee 100644
--- a/pages/account/9.php
+++ b/pages/account/9.php
@@ -27,15 +27,15 @@
<?
$query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
if($row['hash'] == "")
$verified = _("Verified");
diff --git a/pages/advertising/0.php b/pages/advertising/0.php
index 0404a5e..c780856 100644
--- a/pages/advertising/0.php
+++ b/pages/advertising/0.php
@@ -24,13 +24,13 @@
{
$approve = intval($_REQUEST['approve']);
$query = "select * from `advertising` where `id`='$approve' and `expires`='0000-00-00 00:00:00'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
$query = "update `advertising` set `expires`='$end', `active`=1, `approvedby`='".$_SESSION['profile']['id']."' where `id`='$approve'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'],$query);
echo "<p>The ad was approved and is now active.</p>\n";
}
}
@@ -38,13 +38,13 @@
{
$deactive = intval($_REQUEST['deactive']);
$query = "select * from `advertising` where `id`='$deactive'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
$query = "update `advertising` set `active`=0 where `id`='$deactive'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
echo "<p>The ad was deactivated and is now inactive.</p>\n";
}
}
@@ -69,8 +69,8 @@
$query .= "and `active`=1 having `timeleft` > 0 ";
$query .= "order by `id` desc";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
if($row['expires'] == "0000-00-00 00:00:00")
$status = "Pending";
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index 84e11d2..7990236 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -33,15 +33,15 @@
`expire`, `id`, `level`,
`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$verified = '';
if($row['timeleft'] > 0)
diff --git a/pages/gpg/3.php b/pages/gpg/3.php
index d9f54fb..d33242f 100644
--- a/pages/gpg/3.php
+++ b/pages/gpg/3.php
@@ -18,14 +18,14 @@
<?
$certid = intval($_REQUEST['cert']);
$query = "select * from `gpg` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("No such OpenPGP key attached to your account.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
?>
<h3><?=_("Below is your OpenPGP key")?></h3>
<pre>
diff --git a/pages/wot/1.php b/pages/wot/1.php
index 9047f27..2a890b3 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+ $res=mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(acount) as summe from countries"));
$total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -29,7 +29,7 @@
$display = "";
if($locid > 0)
{
- $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `locations` where `id`='".$locid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&locid=".$locid."'>".$loc['name']." ("._("Listed").": ".$loc['acount'].")</a>\n".
$display;
@@ -38,7 +38,7 @@
if($regid > 0)
{
- $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
+ $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='".$regid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&regid=".$regid."'>".$reg['name']." ("._("Listed").": ".$reg['acount'].")</a>\n".
$display;
@@ -47,7 +47,7 @@
if($ccid > 0)
{
- $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
+ $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='".$ccid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&ccid=".$ccid."'>".$cnt['name']." ("._("Listed").": ".$cnt['acount'].")</a>\n".
$display;
@@ -60,8 +60,8 @@
{
echo "<ul>\n";
$query = "select * from countries where acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&ccid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -69,8 +69,8 @@
} elseif($ccid > 0 && $regid <= 0 && $locid <= 0) {
echo "<ul>\n";
$query = "select * from regions where ccid='".$ccid."' and acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&regid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -78,8 +78,8 @@
} elseif($regid > 0 && $locid <= 0) {
echo "<ul>\n";
$query = "select * from locations where regid='".$regid."' and acount>0 order by `name`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<li><a href='wot.php?id=1&locid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
}
@@ -93,8 +93,8 @@
`ccid`='".$ccid."' and `regid`='".$regid."' and
`locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
- $list = mysql_query($query);
- if(mysql_num_rows($list) > 0)
+ $list = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($list) > 0)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550">
@@ -106,7 +106,7 @@
<td class="title"><?=_("Assurer Challenge")?></td>
</tr>
-<? while($row = mysql_fetch_assoc($list)) { ?>
+<? while($row = mysqli_fetch_assoc($list)) { ?>
<tr>
<td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index b5e146c..7f3bd57 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -28,8 +28,8 @@
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$rc = intval($row['list']);
/*
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
@@ -40,7 +40,7 @@
inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
- $rank = mysql_num_rows(mysql_query($query)) + 1;
+ $rank = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) + 1;
?>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td>
</tr>
@@ -65,10 +65,10 @@
</tr>
<?
$query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
<td class="DataTD"><?=intval($row['id'])?></td>
@@ -115,10 +115,10 @@ if ($thawte)
<?
$points = 0;
$query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
+ $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
$points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
diff --git a/pages/wot/12.php b/pages/wot/12.php
index a0bbf50..1d4df85 100644
--- a/pages/wot/12.php
+++ b/pages/wot/12.php
@@ -65,26 +65,26 @@ document.f.location.focus();
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['0']));
+ $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['1']));
+ $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
- if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0)
{
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
- if(mysql_num_rows($res) <= 0)
+ if(mysqli_num_rows($res) <= 0)
die(_("Unable to find suitable location"));
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['location'] = $row['locid'];
}
@@ -92,7 +92,7 @@ document.f.location.focus();
$locid = intval($_REQUEST['location']);
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
if($maxdist <= 10)
{
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) *
@@ -108,7 +108,7 @@ document.f.location.focus();
`users`.`assurer` = 1 AND `users`.`listme` = 1 HAVING `distance` <= '$maxdist' ORDER BY `distance` LIMIT 50";
//echo $query;
}
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700">
<tr>
<td class="title"><?=_("Name")?></td>
@@ -117,7 +117,7 @@ document.f.location.focus();
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td>
</tr>
-<? while($row = mysql_fetch_assoc($res))
+<? while($row = mysqli_fetch_assoc($res))
{
$points = maxpoints($row['uid']);
if($points > 35)
diff --git a/pages/wot/13.php b/pages/wot/13.php
index eac7e18..7afb6c5 100644
--- a/pages/wot/13.php
+++ b/pages/wot/13.php
@@ -21,40 +21,40 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['0']));
+ $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['1']));
+ $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
- if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if($reg != "" && $ccname == "" && mysqli_num_rows($res) <= 0)
{
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`name` limit 1";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
}
- if(mysql_num_rows($res) <= 0)
+ if(mysqli_num_rows($res) <= 0)
die("Unable to find suitable location");
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$_REQUEST['location'] = $row['locid'];
}
$locid = intval($_REQUEST['location']);
$query = "select * from `locations` where `id`='$locid'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $loc = mysql_fetch_assoc($res);
+ $loc = mysqli_fetch_assoc($res);
$_SESSION['profile']['ccid'] = $loc['ccid'];
$_SESSION['profile']['regid'] = $loc['regid'];
$_SESSION['profile']['locid'] = $loc['id'];
$query = "update `users` set `locid`='$loc[id]', `regid`='$loc[regid]', `ccid`='$loc[ccid]' where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
echo "<p>"._("Your location has been updated")."</p>\n";
} else {
echo "<p>"._("I was unable to match your location with places in my database.")."</p>\n";
@@ -62,14 +62,14 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
}
$query = "select `name` from `locations` where `id`='".$_SESSION['profile']['locid']."'";
- $res = mysql_query($query);
- $loc = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $loc = mysqli_fetch_assoc($res);
$query = "select `name` from `regions` where `id`='".$_SESSION['profile']['regid']."'";
- $res = mysql_query($query);
- $reg = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $reg = mysqli_fetch_assoc($res);
$query = "select `name` from `countries` where `id`='".$_SESSION['profile']['ccid']."'";
- $res = mysql_query($query);
- $cc = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $cc = mysqli_fetch_assoc($res);
?>
<script language="javascript" src="/ac.js"></script>
<script language="javascript">
diff --git a/pages/wot/9.php b/pages/wot/9.php
index 20f2c6d..ea7a384 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -19,15 +19,15 @@
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
+ if(mysqli_num_rows($res) <= 0)
{
echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer.");
} else {
- $user = mysql_fetch_array($res);
+ $user = mysqli_fetch_array($res);
$userlang = L10n::normalise_translation($user['language']);
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0) {
echo _("Sorry, I was unable to locate that user.");
@@ -54,10 +54,10 @@
<? } ?>
<?
$query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
+ $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysqli_real_escape_string($_SESSION['mconn'], $row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/scripts/49de-lt2013-berlin-mail.php.txt b/scripts/49de-lt2013-berlin-mail.php.txt
index a5bef69..52014f6 100644
--- a/scripts/49de-lt2013-berlin-mail.php.txt
+++ b/scripts/49de-lt2013-berlin-mail.php.txt
@@ -81,7 +81,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -99,10 +99,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/50de-ate-luebeck-mail.php.txt b/scripts/50de-ate-luebeck-mail.php.txt
index 41721c5..d868522 100644
--- a/scripts/50de-ate-luebeck-mail.php.txt
+++ b/scripts/50de-ate-luebeck-mail.php.txt
@@ -85,7 +85,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -103,10 +103,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/51at-ate-graz-mail.php.txt b/scripts/51at-ate-graz-mail.php.txt
index 56dd4ff..590741e 100644
--- a/scripts/51at-ate-graz-mail.php.txt
+++ b/scripts/51at-ate-graz-mail.php.txt
@@ -88,7 +88,7 @@
$city = "16. August 2013";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -106,10 +106,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/52at-ate-wien-mail.php.txt b/scripts/52at-ate-wien-mail.php.txt
index 109bb81..9d7b7f9 100644
--- a/scripts/52at-ate-wien-mail.php.txt
+++ b/scripts/52at-ate-wien-mail.php.txt
@@ -92,7 +92,7 @@
$city = "15. Oktober 2013";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -110,10 +110,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/53de-ate-amberg-mail.php.txt b/scripts/53de-ate-amberg-mail.php.txt
index 4be2ebd..db497aa 100644
--- a/scripts/53de-ate-amberg-mail.php.txt
+++ b/scripts/53de-ate-amberg-mail.php.txt
@@ -95,7 +95,7 @@
$eventname = "ATE-Amberg";
$city = "06. Januar 2014";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -113,10 +113,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/54at-ate-linz-mail.php.txt b/scripts/54at-ate-linz-mail.php.txt
index 5ffdb24..0b668f2 100644
--- a/scripts/54at-ate-linz-mail.php.txt
+++ b/scripts/54at-ate-linz-mail.php.txt
@@ -102,7 +102,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -120,10 +120,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/55de-ate-wiesbaden-mail.php.txt b/scripts/55de-ate-wiesbaden-mail.php.txt
index 26666e4..bafffd3 100644
--- a/scripts/55de-ate-wiesbaden-mail.php.txt
+++ b/scripts/55de-ate-wiesbaden-mail.php.txt
@@ -84,7 +84,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -102,10 +102,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/56at-ate-oberwart-mail.php.txt b/scripts/56at-ate-oberwart-mail.php.txt
index 1035f17..89b5b7f 100644
--- a/scripts/56at-ate-oberwart-mail.php.txt
+++ b/scripts/56at-ate-oberwart-mail.php.txt
@@ -109,7 +109,7 @@
$city = "27. Juni 2014";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -127,10 +127,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/57at-ate-graz-mail.php.txt b/scripts/57at-ate-graz-mail.php.txt
index 0e6786f..aaef527 100644
--- a/scripts/57at-ate-graz-mail.php.txt
+++ b/scripts/57at-ate-graz-mail.php.txt
@@ -92,7 +92,7 @@
$city = "13. November 2014";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -110,10 +110,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/58at-ate-wien-mail.php.txt b/scripts/58at-ate-wien-mail.php.txt
index fe95455..2a17dd4 100644
--- a/scripts/58at-ate-wien-mail.php.txt
+++ b/scripts/58at-ate-wien-mail.php.txt
@@ -96,7 +96,7 @@
$city = "19. November 2014";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -114,10 +114,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mmysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/addpoints.php b/scripts/addpoints.php
index 932cd83..f707526 100755..100644
--- a/scripts/addpoints.php
+++ b/scripts/addpoints.php
@@ -22,17 +22,17 @@
include_once("../includes/mysql.php");
$query = "select * from `notary` group by `from`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "select *,sum(`points`) as `points` from `users`, `notary` where `users`.`id`=`notary`.`to` and `users`.`id`='".$row['from']."' group by `notary`.`to`";
- $drow = mysql_fetch_assoc(mysql_query($query));
+ $drow = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
if($drow['points'] < 100 || $drow['points'] >= 150)
continue;
$query = "select * from `notary` where `from`='".$drow['id']."' and `to`='".$drow['id']."'";
- $num = mysql_num_rows(mysql_query($query));
+ $num = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
$query = "select * from `notary` where `from`='".$drow['id']."' and `to`!='".$drow['id']."'";
- $newnum = mysql_num_rows(mysql_query($query));
+ $newnum = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
if($num < $newnum)
{
echo $drow['fname']." ".$drow['lname']." <".$drow['email']."> (memid: ".$drow['id']." points: ".$drow['points']." - num: $num newnum: $newnum)\n";
@@ -45,7 +45,7 @@
$newpoints = 1;
$query = "insert into `notary` set `from`='".$drow['id']."', `to`='".$drow['id']."',
`points`='$newpoints', `method`='Administrative Increase', `date`=NOW()";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$drow['points'] += $newpoints;
fix_assurer_flag($drow['id']);
}
diff --git a/scripts/assurer.php b/scripts/assurer.php
index d85a2a6..6a4090f 100644
--- a/scripts/assurer.php
+++ b/scripts/assurer.php
@@ -38,9 +38,9 @@ select u.email, fname, lname, sum(n.points) from users u, notary n
";
// echo $query;
// comment next line when starting to send mail not only to me
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
+ while($row = mysqli_fetch_assoc($res))
{
echo $row['pts']."..".$row['email']."...\n";
// uncomment next line to send mails ...
diff --git a/scripts/consistence.php b/scripts/consistence.php
index 8d6b39b..1c9d60c 100755..100644
--- a/scripts/consistence.php
+++ b/scripts/consistence.php
@@ -22,81 +22,81 @@
if(0)
{
$query = "select locations.id from locations, regions where locations.regid=regions.id and locations.ccid!=regions.ccid;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update users set `assurer`='1' where `id`='${row['uid']}'";
echo "inconsistence in location ".$row['locations.id']."\n";
- //mysql_query($query);
+ //mysqli_query($_SESSION['mconn'], $query);
}
}
if(0)
{
$query = "select id from locations where regid<1 or ccid<1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
//$query = "update users set `assurer`='1' where `id`='${row['uid']}'";
echo "inconsistence in location ".$row['id']."\n";
- //mysql_query($query);
+ //mysqli_query($_SESSION['mconn'], $query);
}
}
if(1)
{
$query = "select users.id, locations.regid from users inner join locations on users.locid=locations.id where users.regid!=locations.regid or users.ccid!=locations.ccid;";
- $res = mysql_query($query);
- echo mysql_error();
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ echo mysqli_error($_SESSION['mconn']);
+ while($row = mysqli_fetch_assoc($res))
{
echo "inconsistence in user #".$row['id']."\n";
$query = "update users set regid=".$row['regid']." where `id`=".$row['id'].";";
echo "query: $query\n";
- if($row['regid']=="1182") mysql_query($query);
+ if($row['regid']=="1182") mysqli_query($_SESSION['mconn'], $query);
}
}
exit();
- mysql_query("update `locations` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0");
$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1
GROUP BY `users`.`locid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `regions` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0");
$query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1
GROUP BY `users`.`regid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `countries` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0");
$query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1
GROUP BY `users`.`ccid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
diff --git a/scripts/country.php b/scripts/country.php
index 0c5fc4f..7e0939c 100755..100644
--- a/scripts/country.php
+++ b/scripts/country.php
@@ -20,8 +20,8 @@
include_once("../includes/mysql.php");
$query = "select * from `users` where ccid=13 OR email like '%.at'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['id']." ccid: ".$row['ccid'].")\n";
}
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
index ca95f18..8a759da 100755..100644
--- a/scripts/cron/permissionreview.php
+++ b/scripts/cron/permissionreview.php
@@ -117,11 +117,11 @@ $adminlist = array();
foreach ($flags as $flag => $flag_properties) {
$flagname = explode('=', $flag, 2 );
$query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'";
- if(! $res = mysql_query($query) ) {
+ if(! $res = mysqli_query($_SESSION['mconn'], $query) ) {
fwrite(STDERR,
"MySQL query for flag $flag failed:\n".
"\"$query\"\n".
- mysql_error()
+ mysqli_error($_SESSION['mconn'])
);
continue;
@@ -129,7 +129,7 @@ foreach ($flags as $flag => $flag_properties) {
$adminlist[$flag] = array();
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
$adminlist[$flag][] = $row;
}
diff --git a/scripts/cron/refresh_stats.php b/scripts/cron/refresh_stats.php
index 3b446ba..0cfd32e 100755..100644
--- a/scripts/cron/refresh_stats.php
+++ b/scripts/cron/refresh_stats.php
@@ -21,7 +21,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
require_once(dirname(__FILE__).'/../../includes/mysql.php');
/**
- * Wrapper around mysql_query() to provide some error handling. Prints an error
+ * Wrapper around mysqli_query($_SESSION['mconn'], ) to provide some error handling. Prints an error
* message and dies if query fails
*
* @param string $sql
@@ -30,9 +30,9 @@ require_once(dirname(__FILE__).'/../../includes/mysql.php');
* the MySQL result set
*/
function sql_query($sql) {
- $res = mysql_query($sql);
+ $res = mysqli_query($_SESSION['mconn'], $sql);
if (!$res) {
- fwrite(STDERR, "MySQL query failed:\n\"$sql\"\n".mysql_error());
+ fwrite(STDERR, "MySQL query failed:\n\"$sql\"\n".mysqli_error($_SESSION['mconn']));
die(1);
}
@@ -40,7 +40,7 @@ function sql_query($sql) {
}
function tc($sql) {
- $row = mysql_fetch_assoc(sql_query($sql));
+ $row = mysqli_fetch_assoc(sql_query($sql));
return(intval($row['count']));
}
@@ -52,13 +52,13 @@ function tc($sql) {
function updateCache($stats) {
$timestamp = time();
$sql = "insert into `statscache` (`timestamp`, `cache`) values
- ('$timestamp', '".mysql_real_escape_string(serialize($stats))."')";
+ ('$timestamp', '".mysqli_real_escape_string($_SESSION['mconn'], serialize($stats))."')";
sql_query($sql);
// Make sure the new statistic was inserted successfully
$res = sql_query(
"select 1 from `statscache` where `timestamp` = '$timestamp'");
- if (mysql_num_rows($res) !== 1) {
+ if (mysqli_num_rows($res) !== 1) {
fwrite(STDERR, "Error on inserting the new statistic");
return false;
}
diff --git a/scripts/cron/removedead.php b/scripts/cron/removedead.php
index f473788..b2653c9 100755..100644
--- a/scripts/cron/removedead.php
+++ b/scripts/cron/removedead.php
@@ -23,51 +23,51 @@
$query = "select * from `users` where `users`.`verified`=0 and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
- mysql_query("delete from `email` where `memid`='".$row['id']."'");
- mysql_query("delete from `users` where `id`='".$row['id']."'");
+ mysqli_query($_SESSION['mconn'], "delete from `email` where `memid`='".$row['id']."'");
+ mysqli_query($_SESSION['mconn'], "delete from `users` where `id`='".$row['id']."'");
delete_user_agreement($row['id']);
}
$query = "delete from `domains` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `email` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `disputedomain` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "delete from `disputeemail` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
// the folloing part is presently not used as there is no running programme that uses temporary increase
// in case that there is a new one the procedure needs a rework regarding the point claculation
/*
$query = "select * from `notary` where `expire`!=0 and `expire`<NOW()";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "select sum(`points`) as `points` from `notary` where `to`='$row[to]' and `expire`=0 group by `to`";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
+ $dres = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($dres);
if($drow['points'] >= 150)
{
$query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'";
} else {
$newpoints = 150 - $drow['points'];
$query = "update `notary` set `expire`=0, `points`='0' where `to`='$row[to]' and `from`='$row[from]' and `expire`='$row[expire]'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "insert into `notary` set `expire`=0, `points`='$newpoints', `to`='$row[to]', `from`='$row[from]', `when`=NOW(), `method`='Administrative Increase', `date`=NOW()";
}
- $data = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[to]'"));
+ $data = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$row[to]'"));
$body = sprintf("%s %s (%s) had a temporary increase, but this has just expired and they have been reduced to 150 points.", $data['fname'], $data['lname'], $data['email'])."\n\n";
sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Expired.", $body, "website@cacert.org", "", "", "CAcert Website");
@@ -84,7 +84,7 @@
sendmail($data['email'], "[CAcert.org] "._("Temporary points increase has expired."), $body, "support@cacert.org", "", "", "CAcert Website");
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
fix_assurer_flag($row[to]);
}
*/
diff --git a/scripts/cron/updatesort.php b/scripts/cron/updatesort.php
index 051b179..7e1e18f 100755..100644
--- a/scripts/cron/updatesort.php
+++ b/scripts/cron/updatesort.php
@@ -26,44 +26,44 @@
}
- mysql_query("update `locations` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0");
$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1
GROUP BY `users`.`locid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `regions` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0");
$query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1
GROUP BY `users`.`regid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
- mysql_query("update `countries` set `acount`=0");
+ mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0");
$query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users`
WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1
GROUP BY `users`.`ccid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'";
echo $query."\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 59b1aa2..0da9110 100755..100644
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -33,8 +33,8 @@
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP(NOW()) < $day * 86400 and
`emailcerts`.`renewed`=0 and `emailcerts`.`warning` <= '$warning' and
`emailcerts`.`revoked`=0 and `users`.`id`=`emailcerts`.`memid`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
L10n::set_recipient_language(intval($row['id']));
if($row['subject'] == "")
@@ -70,7 +70,7 @@
sendmail($row['email'], "[CAcert.org] "._("Your Certificate is about to expire"), $body, "support@cacert.org", "", "", "CAcert Support");
echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid']." Subj: ".$row['subject']." timeleft: ".$row['daysleft'].")\n";
$query = "update `emailcerts` set `warning`='".($warning+1)."' where `id`='".$row['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
}
@@ -107,8 +107,8 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid
`domains`
WHERE $where_clause
AND `domlink`.`domid` = `domains`.`id`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
L10n::set_recipient_language(intval($row['memid']));
if($row['subject'] == "")
@@ -128,7 +128,7 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid
sendmail($row['email'], "[CAcert.org] "._("Your Certificate is about to expire"), $body, "support@cacert.org", "", "", "CAcert Support");
echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid']." Subj: ".$row['CN']." timeleft: ".$row['daysleft'].")\n";
$query = "update `domaincerts` set `warning`='".($warning+1)."' where `id`='".$row['id']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
}
?>
diff --git a/scripts/gpgcheck3.php b/scripts/gpgcheck3.php
index a6f6097..57e380f 100644
--- a/scripts/gpgcheck3.php
+++ b/scripts/gpgcheck3.php
@@ -68,17 +68,17 @@ function csvize($str) {
}
mb_regex_encoding("UTF-8");
- $res = mysql_query("SELECT id, memid FROM gpg WHERE crt != ''");
+ $res = mysqli_query($_SESSION['mconn'], "SELECT id, memid FROM gpg WHERE crt != ''");
if (!$res) {
echo "Query FROM gpg failed!\n";
exit;
}
$keys = array();
- while ($row = mysql_fetch_row($res)) {
+ while ($row = mysqli_fetch_row($res)) {
array_push($keys, $row);
}
- mysql_free_result($res);
+ mysqli_free_result($res);
foreach ($keys as $key) {
$crt = "../crt/gpg-" . $key[0] . ".crt";
@@ -87,28 +87,28 @@ function csvize($str) {
continue;
}
- $res = mysql_query("SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]);
+ $res = mysqli_query($_SESSION['mconn'], "SELECT fname, mname, lname, suffix FROM users WHERE id = " . $key[1]);
if (!$res) {
echo "Query FROM users failed!\n";
exit;
}
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
if (!$user) {
echo "User #" . $key[1] . " not found?!\n";
continue;
}
- mysql_free_result($res);
+ mysqli_free_result($res);
- $res = mysql_query("SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]);
+ $res = mysqli_query($_SESSION['mconn'], "SELECT email FROM email WHERE hash = '' AND memid = " . $key[1]);
if (!$res) {
echo "Query FROM email failed!\n";
exit;
}
$addrs = array();
- while ($addr = mysql_fetch_row($res)) {
+ while ($addr = mysqli_fetch_row($res)) {
array_push($addrs, $addr[0]);
}
- mysql_free_result($res);
+ mysqli_free_result($res);
$gpg = `gpg --with-colons --homedir /tmp $crt 2>/dev/null`;
//echo "gpg says\n".htmlspecialchars($gpg);
diff --git a/scripts/gpgfillmissingemail.php b/scripts/gpgfillmissingemail.php
index 39f9d8f..fdfee45 100644
--- a/scripts/gpgfillmissingemail.php
+++ b/scripts/gpgfillmissingemail.php
@@ -42,7 +42,7 @@ function csvize($str)
mb_regex_encoding("UTF-8");
echo "Seaching ...\n";
- $res = mysql_query("SELECT * FROM gpg WHERE crt != '' and email=''");
+ $res = mysqli_query($_SESSION['mconn'], "SELECT * FROM gpg WHERE crt != '' and email=''");
if (!$res) {
echo "Query FROM gpg failed!\n";
exit;
@@ -50,7 +50,7 @@ echo "Seaching ...\n";
echo "Found:\n";
$keys = array();
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
echo "ID: ".$row["id"]."\n";
$crt=$row["crt"];
@@ -74,7 +74,7 @@ echo "Found:\n";
echo "EMail: *$mail**\n";
echo "update gpg set email='$mail' where id=$row[id]\n";
- mysql_query("update gpg set email='$mail' where id=$row[id];");
+ mysqli_query($_SESSION['mconn'], "update gpg set email='$mail' where id=$row[id];");
}
}
}
@@ -82,7 +82,7 @@ echo "Found:\n";
}
echo "Done\n";
- mysql_free_result($res);
+ mysqli_free_result($res);
?>
diff --git a/scripts/gpgfillmissingkeyid.php b/scripts/gpgfillmissingkeyid.php
index 8c5ce4a..2238e2b 100644
--- a/scripts/gpgfillmissingkeyid.php
+++ b/scripts/gpgfillmissingkeyid.php
@@ -27,7 +27,7 @@ function csvize($str)
mb_regex_encoding("UTF-8");
echo "Seaching ...\n";
- $res = mysql_query("SELECT * FROM gpg WHERE crt != '' and keyid is null");
+ $res = mysqli_query($_SESSION['mconn'], "SELECT * FROM gpg WHERE crt != '' and keyid is null");
if (!$res) {
echo "Query FROM gpg failed!\n";
exit;
@@ -35,7 +35,7 @@ echo "Seaching ...\n";
echo "Found:\n";
$keys = array();
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
echo "ID: ".$row["id"]."\n";
$crt=$row["crt"];
@@ -54,7 +54,7 @@ echo "Found:\n";
echo "laenge: ".strlen($bits[4])."\n";
if($row[id]>=1 && $row[id]<=100000 && strlen($bits[4])==16)
{
- mysql_query("update gpg set keyid='$bits[4]' where id=$row[id]\n");
+ mysqli_query($_SESSION['mconn'], "update gpg set keyid='$bits[4]' where id=$row[id]\n");
}
}
@@ -67,7 +67,7 @@ echo "Found:\n";
}
echo "Done\n";
- mysql_free_result($res);
+ mysqli_free_result($res);
?>
diff --git a/scripts/mailing archive/45au-ate-melbourne-mail.php.txt b/scripts/mailing archive/45au-ate-melbourne-mail.php.txt
index 5161e97..558af13 100644
--- a/scripts/mailing archive/45au-ate-melbourne-mail.php.txt
+++ b/scripts/mailing archive/45au-ate-melbourne-mail.php.txt
@@ -68,7 +68,7 @@
$city = "28th July 2012";
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -86,10 +86,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/mailing archive/46us-ate-raleigh-mail.php.txt b/scripts/mailing archive/46us-ate-raleigh-mail.php.txt
index 833fb7c..96dfe30 100644
--- a/scripts/mailing archive/46us-ate-raleigh-mail.php.txt
+++ b/scripts/mailing archive/46us-ate-raleigh-mail.php.txt
@@ -74,7 +74,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -92,10 +92,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt b/scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt
index 68c3a9f..6cf859b 100644
--- a/scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt
+++ b/scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt
@@ -71,7 +71,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -89,10 +89,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/mailing archive/48de-ate-kiel-mail.php.txt b/scripts/mailing archive/48de-ate-kiel-mail.php.txt
index 0b5d8c5..8d0b0cf 100644
--- a/scripts/mailing archive/48de-ate-kiel-mail.php.txt
+++ b/scripts/mailing archive/48de-ate-kiel-mail.php.txt
@@ -76,7 +76,7 @@
$query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
(COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
@@ -94,10 +94,10 @@
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
diff --git a/scripts/mailing archive/oa01-allowance.php.txt b/scripts/mailing archive/oa01-allowance.php.txt
index 50374e3..e579971 100644
--- a/scripts/mailing archive/oa01-allowance.php.txt
+++ b/scripts/mailing archive/oa01-allowance.php.txt
@@ -73,10 +73,10 @@ $query = "SELECT orginfo.contact as email, orginfo.O, 1 as status
// comment next line when starting to send mail not only to me
// $query = "select * from `users` where `email` like 'cacerttest%'";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
diff --git a/scripts/mailing archive/oa02-orgainformation.php.txt b/scripts/mailing archive/oa02-orgainformation.php.txt
index e0d8ca2..29cefc6 100644
--- a/scripts/mailing archive/oa02-orgainformation.php.txt
+++ b/scripts/mailing archive/oa02-orgainformation.php.txt
@@ -73,15 +73,15 @@
`orginfo`.`O`
";
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $xrows = mysqli_num_rows($res);
$report = "";
$report1 = "";
$report2 = "";
$report3 = "";
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
// uncomment next line to send mails ...
$fullname = $row['fname']." ".$row['lname'];
diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php
index 18c036b..14192b6 100644
--- a/scripts/mass-revoke.php
+++ b/scripts/mass-revoke.php
@@ -44,37 +44,37 @@ while($in_string = rtrim(fgets($in))) {
$query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01'
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
- if (!mysql_query($query)) {
+ if (!mysqli_query($_SESSION['mconn'], $query)) {
$num_failures++;
}
- $num_domain+=mysql_affected_rows();
+ $num_domain+=mysqli_affected_rows($_SESSION['mconn']);
} else if ($cert_type == "EmailCert") {
$query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01'
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
- if (!mysql_query($query)) {
+ if (!mysqli_query($_SESSION['mconn'], $query)) {
$num_failures++;
}
- $num_client+=mysql_affected_rows();
+ $num_client+=mysqli_affected_rows($_SESSION['mconn']);
} else if ($cert_type == "OrgServerCert") {
$query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01'
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
- if (!mysql_query($query)) {
+ if (!mysqli_query($_SESSION['mconn'], $query)) {
$num_failures++;
}
- $num_orgdomain+=mysql_affected_rows();
+ $num_orgdomain+=mysqli_affected_rows($_SESSION['mconn']);
} else if ($cert_type == "OrgEmailCert") {
$query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01'
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
- if (!mysql_query($query)) {
+ if (!mysqli_query($_SESSION['mconn'], $query)) {
$num_failures++;
}
- $num_orgclient+=mysql_affected_rows();
+ $num_orgclient+=mysqli_affected_rows();
}
}
diff --git a/scripts/newsletter.php b/scripts/newsletter.php
index 04897d2..6b2802a 100755..100644
--- a/scripts/newsletter.php
+++ b/scripts/newsletter.php
@@ -28,15 +28,15 @@
fclose($fp);
$query = "select * from `locations` where `id`='417638'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select `users`.* from `users`,`alerts`,`locations` where
((`lat` > ".$loc['lat']."-0.1 and `lat`<".$loc['lat']."+0.1 and `long`>".$loc['long']."-0.1 and `long`<".$loc['long']."+0.1)
)and
(`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) AND
`locations`.`id` = `users`.`locid` and `users`.`id`=`alerts`.`memid`";
//$query = "select * from `users` where `email`='pg@futureware.at'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
sendmail($row['email'], "[CAcert.org] Keysigningparty Koeln", $lines, "support@cacert.org", "", "", "CAcert Support", "returns@cacert.org", 1);
echo $row['email']."\n";
diff --git a/scripts/newslettercebit.php b/scripts/newslettercebit.php
index 9fd64d1..24fca52 100755..100644
--- a/scripts/newslettercebit.php
+++ b/scripts/newslettercebit.php
@@ -29,7 +29,7 @@
$query = "select * from `users` where `id`='1'";
$query = "select * from `locations` where `id`='718475'";
- $loc = mysql_fetch_assoc(mysql_query($query));
+ $loc = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$query = "select `users`.* from `users`,`alerts`,`locations` where
((`lat` > ".$loc['lat']."-5 and `lat`<".$loc['lat']."+5 and `long`>".$loc['long']."-5 and `long`<".$loc['long']."+5) OR
`users`.`email` like '%.at' OR `users`.`email` like '%.fr' OR `users`.`email` like '%.de' OR
@@ -38,8 +38,8 @@
(`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) AND
`locations`.`id` = `users`.`locid` and `users`.`id`=`alerts`.`memid`";
// $query = "select * from `users` where `email`='eg@linuxkun.de'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
sendmail($row['email'], "[CAcert.org] CeBIT 2006", $lines, "support@cacert.org", "", "", "CAcert Support", "returns@cacert.org", 1);
echo $row['email']."\n";
diff --git a/scripts/notify.php b/scripts/notify.php
index 9a96372..4db7d7b 100755..100644
--- a/scripts/notify.php
+++ b/scripts/notify.php
@@ -23,14 +23,14 @@
where `users`.`verified`=0 and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 300 and
`users`.`id`=`email`.`memid` and `users`.`email`=`email`.`email`";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
- mysql_query("update `email` set `hash`='$hash' where `id`='".$row['id']."'");
+ mysqli_query($_SESSION['mconn'], "update `email` set `hash`='$hash' where `id`='".$row['id']."'");
$body = "Hi ".$row['fname']."\n\n";
$body .= "Due to some bugs with the new website we initially had issues with emails being sent out. This email is being sent to those effected so they can be re-sent their email probe to over come earlier issues. We apologise for any inconvenience this may have cause. To verify your account, simply click on the link below.\n\n";
diff --git a/scripts/resetpermissions.php b/scripts/resetpermissions.php
index 0bfdaa3..8412669 100644
--- a/scripts/resetpermissions.php
+++ b/scripts/resetpermissions.php
@@ -26,26 +26,26 @@ foreach ($flags as $flag) {
echo "Resetting $flag flag:\n";
$query = "select `id`, `fname`, `lname`, `email` from `users`
where `$flag` = 1";
- if(! $res = mysql_query($query) ) {
+ if(! $res = mysqli_query($_SESSION['mconn'], $query) ) {
fwrite(STDERR,
"MySQL query for flag $flag failed:\n".
"\"$query\"\n".
- mysql_error()
+ mysqli_error($_SESSION['mconn'])
);
continue;
}
- while ($row = mysql_fetch_assoc($res)) {
+ while ($row = mysqli_fetch_assoc($res)) {
echo "$row[fname] $row[lname] $row[email]";
$update = "update `users` set `$flag` = 0 where `id` = $row[id]";
- if(! $res2 = mysql_query($update) ) {
+ if(! $res2 = mysqli_query($_SESSION['mconn'], $update) ) {
echo " NOT RESET!!!\n";
fwrite(STDERR,
"MySQL query for $flag flag reset on user $row[id] failed:\n".
"\"$update\"\n".
- mysql_error()
+ mysqli_error($_SESSION['mconn'])
);
} else {
@@ -68,4 +68,4 @@ EOF;
}
echo "\n\n";
-} \ No newline at end of file
+}
diff --git a/scripts/scanforexponents.php b/scripts/scanforexponents.php
index 388fe1e..a78bcf3 100755..100644
--- a/scripts/scanforexponents.php
+++ b/scripts/scanforexponents.php
@@ -53,15 +53,15 @@
`emailcerts`.`created` as `created`,`emailcerts`.`revoked` as `revoked`,
`emailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `emailcerts`,`users` where `emailcerts`.`id`='$id' and `users`.`id`=`emailcerts`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "orgclient") {
$query = "select `memid`,`serial`,`CN`,`subject`,`keytype`,`orgemailcerts`.`codesign` as `codesign`,`crt_name`,
@@ -69,15 +69,15 @@
`orgemailcerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `orgemailcerts`,`org`,`users` where `orgemailcerts`.`id`='$id' and
`orgemailcerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "server") {
$query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`,
@@ -85,15 +85,15 @@
`domaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `domaincerts`,`domains`,`users` where `domaincerts`.`id`='$id' and
`domains`.`id`=`domaincerts`.`domid` and `users`.`id`=`domains`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else if($type == "orgserver") {
$query = "select `memid`,`serial`,`CN`,`subject`,`crt_name`,
@@ -101,15 +101,15 @@
`orgdomaincerts`.`expire` as `expire`, `rootcert`, `md`, `fname`, `lname`, `language`
from `orgdomaincerts`,`org`,`users` where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`id` and `users`.`id`=`org`.`memid`";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo $query."\n";
echo "$file: $do\n";
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$email = $row['email'];
} else {
echo "$file: $do\n";
diff --git a/scripts/send_heartbleed.php b/scripts/send_heartbleed.php
index 6bf0f5f..4cb7936 100644
--- a/scripts/send_heartbleed.php
+++ b/scripts/send_heartbleed.php
@@ -222,9 +222,9 @@ $query = "
)
order by `id`";
-$res = mysql_query($query);
+$res = mysqli_query($_SESSION['mconn'], $query);
-while($row = mysql_fetch_assoc($res))
+while($row = mysqli_fetch_assoc($res))
{
$mailtxt = "Dear ${row["fname"]} ${row["lname"]},\n".$lines_EN."\n\n";
switch ($row["language"])
diff --git a/scripts/send_policy_cca_20140916.php b/scripts/send_policy_cca_20140916.php
index 4d8cd66..39f21ad 100644
--- a/scripts/send_policy_cca_20140916.php
+++ b/scripts/send_policy_cca_20140916.php
@@ -116,9 +116,9 @@ $query = "
AND `id` >= '$lastid'
ORDER BY `id`";
-$res = mysql_query($query);
+$res = mysqli_query($_SESSION['mconn'], $query);
-while($row = mysql_fetch_assoc($res))
+while($row = mysqli_fetch_assoc($res))
{
$mailtxt = "Dear ${row["fname"]} ${row["lname"]},\n".$lines_EN."\n\n";
diff --git a/scripts/send_thawte.php.txt b/scripts/send_thawte.php.txt
index d3a9e77..1070204 100644
--- a/scripts/send_thawte.php.txt
+++ b/scripts/send_thawte.php.txt
@@ -120,9 +120,9 @@
$query = "select `id`,`fname`,`lname`,`email`,`language` from `users` where `deleted` = 0 and `id` > '$lastid' order by `id`";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
- while($row = mysql_fetch_assoc($res))
+ while($row = mysqli_fetch_assoc($res))
{
$mailtxt = "Hello ${row["fname"]} ${row["lname"]},\n".$lines_EN."\n\n";
switch ($row["language"])
diff --git a/stamp/certdet.php b/stamp/certdet.php
index a43d2a0..2354c14 100644
--- a/stamp/certdet.php
+++ b/stamp/certdet.php
@@ -19,11 +19,11 @@
$tz = intval($_REQUEST['tz']);
$now = date("Y-m-d", gmmktime("U") + ($tz * 3600));
- $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
+ $arr = explode("//", mysqli_real_escape_string($_SESSION['mconn'], trim($_REQUEST['refer'])), 2);
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
- $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
+ $arr = explode("//", mysqli_real_escape_string($_SESSION['mconn'], trim($_SERVER['HTTP_REFERER'])), 2);
$arr = explode("/", $arr['1'], 2);
$siteref = $arr['0'];
diff --git a/stamp/common.php b/stamp/common.php
index d99a23a..13da662 100644
--- a/stamp/common.php
+++ b/stamp/common.php
@@ -20,7 +20,7 @@
function clean($key)
{
- return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
+ return(mysqli_real_escape_string($_SESSION['mconn'], strip_tags(trim($_REQUEST[$key]))));
}
function checkhostname($ref)
@@ -31,10 +31,10 @@
$stampid = 0;
$query = "select * from `stampcache` where `hostname`='$ref'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if($row['cacheexpire'] >= date("U"))
return(array($row['valid'], $row));
else {
@@ -46,13 +46,13 @@
$query = "select * from `orgdomaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
$query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
return(array($row['valid'], $row));
}
}
@@ -68,8 +68,8 @@
group by `domaincerts`.`id` order by `domaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
@@ -88,8 +88,8 @@
group by `domaincerts`.`id` order by `domaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
@@ -101,8 +101,8 @@
group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`";
if($_REQUEST['debug'] == 1)
echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$invalid = 1;
} else {
@@ -113,15 +113,15 @@
if($invalid == 0)
{
- $cert = mysql_fetch_assoc($res);
+ $cert = mysqli_fetch_assoc($res);
if($org == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' and `notary`.`deleted`=0 GROUP BY `notary`.`to`";
- $user = mysql_fetch_assoc(mysql_query($query));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
- $orgi = mysql_fetch_assoc(mysql_query($query));
+ $orgi = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
}
if($stampid <= 0)
@@ -134,12 +134,12 @@
`expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
`O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else if($stampid > 0) {
- mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
+ mysqli_query($_SESSION['mconn'], "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
} else {
$query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref,
diff --git a/stamp/displogo.php b/stamp/displogo.php
index 9c1f534..be519d1 100644
--- a/stamp/displogo.php
+++ b/stamp/displogo.php
@@ -16,11 +16,11 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
$img = "/www/stamp/images/CAverify.png";
- $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
+ $arr = explode("//", mysqli_real_escape_string($_SESSION['mconn'], trim($_REQUEST['refer'])), 2);
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
- $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
+ $arr = explode("//", mysqli_real_escape_string($_SESSION['mconn'], trim($_SERVER['HTTP_REFERER'])), 2);
$arr = explode("/", $arr['1'], 2);
$siteref = $arr['0'];
diff --git a/stamp/report.php b/stamp/report.php
index 519aa3a..b3a8392 100644
--- a/stamp/report.php
+++ b/stamp/report.php
@@ -15,11 +15,11 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
+ $arr = explode("//", mysqli_real_escape_string($_SESSION['mconn'], trim($_SESSION['_stamp']['ref'])), 2);
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
- $refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
+ $refer = mysqli_real_escape_string($_SESSION['mconn'], strip_tags(trim($_SESSION['_stamp']['ref'])));
$name = clean('name');
$email = clean('email');
$comment = clean('comment');
@@ -52,11 +52,11 @@
if($process != "")
{
- $IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR']));
+ $IP = mysqli_real_escape_string($_SESSION['mconn'], trim($_SERVER['REMOTE_ADDR']));
$iplong = ip2long($IP);
- mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
+ mysqli_query($_SESSION['mconn'], "insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
`comment`='$comment', `reason`='$reason'");
- $id = mysql_insert_id();
+ $id = mysqli_insert_id($_SESSION['mconn']);
$body = "New Abuse Report has been lodged via the the Stamp Interface:\n\n";
$body .= "Reported ID: $id\n";
diff --git a/tverify/index.php b/tverify/index.php
index 8976341..d287371 100644
--- a/tverify/index.php
+++ b/tverify/index.php
@@ -49,13 +49,13 @@
if($id == 1)
{
- $email = mysql_escape_string(trim($_REQUEST["email"]));
- $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"])));
- $URL = mysql_escape_string(trim($_REQUEST["notaryURL"]));
- $CN = mysql_escape_string($_SESSION['_config']['CN']);
+ $email = mysqli_real_escape_string($_SESSION['mconn'], trim($_REQUEST["email"]));
+ $password = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST["pword"])));
+ $URL = mysqli_real_escape_string($_SESSION['mconn'], trim($_REQUEST["notaryURL"]));
+ $CN = mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['CN']);
$memid = intval($_SESSION['_config']['uid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
- $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$memid'"));
+ $tmp = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `points` from `notary` where `to`='$memid'"));
if($URL != "" && $nofile == 0)
$max = 150;
@@ -88,21 +88,21 @@
{
$query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and
(`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))";
- if(mysql_num_rows(mysql_query($query)) <= 0)
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) <= 0)
{
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details (password) to your certificate to an account on this system.");
$id = 0;
} else {
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
- mysql_query($query);
- $tverify = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $tverify = mysqli_insert_id($_SESSION['mconn']);
if($nofile == 0)
{
$filename = $photoid['tmp_name'];
- $newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
+ $newfile = mysqli_real_escape_string($_SESSION['mconn'], '/www/photoid/'.$tverify.".".$ext);
move_uploaded_file($filename, $newfile);
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
}
}
@@ -125,12 +125,12 @@
{
if($points > 0)
{
- mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+ mysqli_query($_SESSION['mconn'], "insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
`method`='Thawte Points Transfer', `when`=NOW()");
fix_assurer_flag($memid);
}
$totalpoints = intval($tmp['points']) + $points;
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
+ mysqli_query($_SESSION['mconn'], "update `tverify` set `modified`=NOW() where `id`='$tverify'");
$body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
diff --git a/tverify/index/0.php b/tverify/index/0.php
index 2264bab..195cee3 100644
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@@ -34,8 +34,8 @@
if($bits['0'] == "emailAddress")
{
$query = "select * from `email` where `email`='".$bits['1']."' and `deleted`=0 and hash=''";
- $account = mysql_query($query);
- if(mysql_num_rows($account))
+ $account = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($account))
$addy[] = $bits['1'];
}
}
@@ -51,14 +51,14 @@
//If we found one, we extract the member-id from the sql result of the query we did above, and fetch the name of that user
if($continue == 1)
{
- $row = mysql_fetch_assoc($account);
+ $row = mysqli_fetch_assoc($account);
$memid = $row['memid'];
//Fetching the name of the user we have in the database:
$query = "select `fname`, `mname`, `lname`, `suffix` from `users` where `id`='$memid' and `deleted`=0";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
//Building the user´s name, and ignoring punctuation
$cacert_name=$row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
diff --git a/www/ac.php b/www/ac.php
index fe8ac18..04b0a4e 100644
--- a/www/ac.php
+++ b/www/ac.php
@@ -20,23 +20,23 @@
if($_REQUEST['i'] != "")
echo "<html><body><script language=\"JavaScript\"><!--\n";
- $s = mysql_real_escape_string($_REQUEST['s']);
+ $s = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['s']);
- $id = mysql_real_escape_string(strip_tags($_REQUEST['id']));
+ $id = mysqli_real_escape_string($_SESSION['mconn'], strip_tags($_REQUEST['id']));
echo "parent._ac_rpc('".sanitizeHTML($id)."',";
$bits = explode(",", $s);
- $loc = trim(mysql_real_escape_string($bits['0']));
- $reg = trim(mysql_real_escape_string($bits['1']));
- $ccname = trim(mysql_real_escape_string($bits['2']));
+ $loc = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['0']));
+ $reg = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['1']));
+ $ccname = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['2']));
$query = "select `locations`.`id` as `locid`, `locations`.`name` as `locname`, `regions`.`name` as `regname`,
`countries`.`name` as `ccname` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
order by `locations`.`acount` DESC, `locations`.`name` ASC limit 10";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
$rc++;
if($rc > 1)
diff --git a/www/account.php b/www/account.php
index c7f34a3..76a7b53 100644
--- a/www/account.php
+++ b/www/account.php
@@ -56,10 +56,10 @@
} else if($id == 51 && $_GET['img'] == "show") {
$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res))
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
readfile($row['photoid']);
} else {
die("No such file.");
diff --git a/www/advertising.php b/www/advertising.php
index 43e4f93..7a88042 100644
--- a/www/advertising.php
+++ b/www/advertising.php
@@ -35,8 +35,8 @@
if($oldid == 1 && $process != "")
{
- $title = mysql_real_escape_string(strip_tags(trim(htmlentities($_POST['title']))));
- $link = mysql_real_escape_string(strip_tags(trim($_POST['link'])));
+ $title = mysqli_real_escape_string($_SESSION['mconn'], strip_tags(trim(htmlentities($_POST['title']))));
+ $link = mysqli_real_escape_string($_SESSION['mconn'], strip_tags(trim($_POST['link'])));
$months = intval($_POST['months']);
if(!strstr($link, "://"))
@@ -73,7 +73,7 @@
{
$query = "insert into `advertising` set `link`='$link', `title`='$title', `months`='$months', `who`='".$_SESSION['profile']['id']."',
`when`=NOW()";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
unset($link);
unset($title);
unset($months);
diff --git a/www/alert_hash_collision.php b/www/alert_hash_collision.php
index bad60e8..1c751d1 100644
--- a/www/alert_hash_collision.php
+++ b/www/alert_hash_collision.php
@@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
{
- mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
- mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update emailcerts set coll_found=1 where memid='".mysqli_real_escape_string($_SESSION['mconn'], substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update domaincerts set coll_found=1 where memid='".mysqli_real_escape_string($_SESSION['mconn'], substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
else
{
- mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
- mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update orgemailcerts set coll_found=1 where memid='".mysqli_real_escape_string($_SESSION['mconn'], substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysqli_query($_SESSION['mconn'], "update orgdomaincerts set coll_found=1 where memid='".mysqli_real_escape_string($_SESSION['mconn'], substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
//exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 3bfe55a..31166f1 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -18,24 +18,24 @@
require_once '../../includes/lib/check_weak_key.php';
- $username = mysql_real_escape_string($_REQUEST['username']);
- $password = mysql_real_escape_string($_REQUEST['password']);
+ $username = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['username']);
+ $password = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
die("403,That username couldn't be found\n");
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
$memid = $user['id'];
$emails = array();
foreach($_REQUEST['email'] as $email)
{
- $email = mysql_real_escape_string(trim($email));
+ $email = mysqli_real_escape_string($_SESSION['mconn'], trim($email));
$query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$id = $row['id'];
$emails[$id] = $email;
}
@@ -43,11 +43,11 @@ require_once '../../includes/lib/check_weak_key.php';
if(count($emails) <= 0)
die("404,Wasn't able to match any emails sent against your account");
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
$name = "CAcert WoT User\n";
- $newname = mysql_real_escape_string(trim($_REQUEST['name']));
+ $newname = mysqli_real_escape_string($_SESSION['mconn'], trim($_REQUEST['name']));
if($points >= 50)
{
if($newname == $user['fname']." ".$user['lname'] ||
@@ -84,26 +84,26 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($emails as $id => $email)
$csrsubject .= "/emailAddress=".$email;
- $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS',
+ $query = "insert into `emailcerts` set `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $user['email'])."', `keytype`='MS',
`memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'";
- mysql_query($query);
- $certid = mysql_insert_id();
+ `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."', `codesign`='".intval($codesign)."'";
+ mysqli_query($_SESSION['mconn'], $query);
+ $certid = mysqli_insert_id($_SESSION['mconn']);
$CSRname = generatecertpath("csr","client",$certid);
rename($checkedcsr, $CSRname);
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
+ mysqli_query($_SESSION['mconn'], "update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
foreach($emails as $emailid => $email)
- mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
+ mysqli_query($_SESSION['mconn'], "insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
$do = shell_exec("../../scripts/runclient");
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
die("404,Your certificate request has failed. ID: ".intval($certid));
- $cert = mysql_fetch_assoc($res);
+ $cert = mysqli_fetch_assoc($res);
echo "200,Authentication Ok\n";
readfile("../".$cert['crt_name']);
?>
diff --git a/www/api/cemails.php b/www/api/cemails.php
index f937069..6fcce1a 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -15,18 +15,18 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $username = mysql_escape_string($_REQUEST['username']);
- $password = mysql_escape_string($_REQUEST['password']);
+ $username = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['username']);
+ $password = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
die("403,That username couldn't be found\n");
echo "200,Authentication Ok\n";
- $user = mysql_fetch_assoc($res);
+ $user = mysqli_fetch_assoc($res);
$memid = $user['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";
echo "NAME=CAcert WoT User\n";
@@ -41,8 +41,8 @@
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
$query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res)) {
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res)) {
echo "EMAIL=".sanitizeHTML($row['email'])."\n";
}
?>
diff --git a/www/api/edu.php b/www/api/edu.php
index 27b7b1b..f65b757 100644
--- a/www/api/edu.php
+++ b/www/api/edu.php
@@ -20,18 +20,18 @@
if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on")
{
- $serial=mysql_escape_string($_REQUEST["serial"]);
+ $serial=mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST["serial"]);
$root=intval($_REQUEST["root"]);
$sql="select memid from emailcerts where serial='$serial' and rootcert='$root'";
- $query= mysql_query($sql);
- if(mysql_num_rows($query) != 1)
+ $query= mysqli_query($_SESSION['mconn'], $sql);
+ if(mysqli_num_rows($query) != 1)
{
echo "NOT FOUND: ".sanitizeHTML($sql);
}
else
{
- $memid = mysql_fetch_assoc($query);
+ $memid = mysqli_fetch_assoc($query);
echo sanitizeHTML($memid['memid']);
}
}
diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php
index feb92d4..dd24af0 100644
--- a/www/cats/cats_import.php
+++ b/www/cats/cats_import.php
@@ -85,70 +85,70 @@ if (get_magic_quotes_gpc()) {
}
// Explicitly select all those IDs so I can insert new rows if needed.
-$query = mysql_query('SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysqli_real_escape_string($_SESSION['mconn'], $type).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$typeID = $result['0'];
} else {
- $query = mysql_query('INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysql_real_escape_string($type).'\');');
+ $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_type` (`type_text`) VALUES (\''.mysqli_real_escape_string($_SESSION['mconn'], $type).'\');');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
- $typeID = mysql_insert_id();
+ $typeID = mysqli_insert_id($_SESSION['mconn']);
}
-$query = mysql_query('SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysql_real_escape_string($variant).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_variant` WHERE `type_id` = \''.(int)intval($typeID).'\' AND `test_text` = \''.mysqli_real_escape_string($_SESSION['mconn'], $variant).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$variantID = $result['0'];
} else {
- $query = mysql_query('INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysql_real_escape_string($variant).'\');');
+ $query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_variant` (`type_id`, `test_text`) VALUES (\''.(int)intval($typeID).'\', \''.mysqli_real_escape_string($_SESSION['mconn'], $variant).'\');');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
- $variantID = mysql_insert_id();
+ $variantID = mysqli_insert_id($_SESSION['mconn']);
}
// Now find the userid from cert serial
-$query = mysql_query('SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysql_real_escape_string($serial).'\' AND `rc`.`cert_text` = \''.mysql_real_escape_string($root).'\';');
+$query = mysqli_query($_SESSION['mconn'], 'SELECT `ec`.`memid` FROM `emailcerts` AS `ec`, `root_certs` AS `rc` WHERE `ec`.`rootcert` = `rc`.`id` AND `ec`.`serial` = \''.mysqli_real_escape_string($_SESSION['mconn'], $serial).'\' AND `rc`.`cert_text` = \''.mysqli_real_escape_string($_SESSION['mconn'], $root).'\';');
if (!$query) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
}
-if (mysql_num_rows($query) > 0) {
- $result = mysql_fetch_array($query);
+if (mysqli_num_rows($query) > 0) {
+ $result = mysqli_fetch_array($query);
$userID = $result['0'];
} else {
echo 'Cannot find cert '.sanitize_string($serial).' / '.sanitize_string($root)."\r\n";
// Let's treat this as an error, since it should not happen.
- trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysql_error(), E_USER_ERROR);
+ trigger_error('Cannot find cert '.$serial.' / '.$root.'!'.mysqli_error($_SESSION['mconn']), E_USER_ERROR);
exit();
}
// The unique constraint on cats_passed assures that records are not stored multiply
-$query = mysql_query('INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysql_real_escape_string($date).'\');');
+$query = mysqli_query($_SESSION['mconn'], 'INSERT INTO `cats_passed` (`user_id`, `variant_id`, `pass_date`) VALUES (\''.(int)intval($userID).'\', \''.(int)intval($variantID).'\', \''.mysqli_real_escape_string($_SESSION['mconn'], $date).'\');');
if (!$query) {
- if (mysql_errno() != 1062) { // Duplicate Entry is considered success
+ if (mysqli_errno($_SESSION['mconn']) != 1062) { // Duplicate Entry is considered success
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();
diff --git a/www/disputes.php b/www/disputes.php
index 96c7c75..847a3ec 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -28,22 +28,22 @@
if($type == "reallyemail")
{
$emailid = intval($_SESSION['_config']['emailid']);
- $hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
+ $hash = mysqli_real_escape_string($_SESSION['mconn'], trim($_SESSION['_config']['hash']));
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['oldmemid'];
if($action == "reject")
{
- mysql_query("update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'");
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='reject' where `id`='".intval($emailid)."'");
showheader(_("Email Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
@@ -55,21 +55,21 @@
echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
$query = "select * from `email` where `id`='".intval($emailid)."' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
echo $row['email']."<br>\n";
account_email_delete($row['id']);
}
- mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'");
+ $user = mysqli_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
- mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
+ mysqli_query($_SESSION['mconn'], "update `users` set `deleted`=NOW() where `id`='$oldmemid'");
echo _("This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system.");
}
@@ -81,7 +81,7 @@
if($type == "email")
{
$emailid = intval($_REQUEST['emailid']);
- $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash'])));
+ $hash = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['hash'])));
if($emailid <= 0 || $hash == "")
{
showheader(_("Email Dispute"));
@@ -90,19 +90,19 @@
exit;
}
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
- $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
- mysql_query("update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
+ $row = mysqli_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Email Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result.");
- mysql_query("update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
} else
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID.");
showfooter();
@@ -116,7 +116,7 @@
}
$_SESSION['_config']['emailid'] = $emailid;
$_SESSION['_config']['hash'] = $hash;
- $row = mysql_fetch_assoc(mysql_query("select * from `disputeemail` where `id`='$emailid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `id`='$emailid'"));
$_SESSION['_config']['email'] = $row['email'];
showheader(_("Email Dispute"));
includeit("4", "disputes");
@@ -127,10 +127,10 @@
if($type == "reallydomain")
{
$domainid = intval($_SESSION['_config']['domainid']);
- $hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
+ $hash = mysqli_real_escape_string($_SESSION['mconn'], trim($_SESSION['_config']['hash']));
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Domain Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
@@ -140,7 +140,7 @@
if($action == "reject")
{
- mysql_query("update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
showheader(_("Domain Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
@@ -153,13 +153,13 @@
echo "<p>"._("The following accounts have been removed:")."<br>\n";
//new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
echo $_SESSION['_config']['domain']."<br>\n";
account_domain_delete($domainid);
}
- mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
exit;
}
@@ -168,7 +168,7 @@
if($type == "domain")
{
$domainid = intval($_REQUEST['domainid']);
- $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash'])));
+ $hash = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['hash'])));
if($domainid <= 0 || $hash == "")
{
showheader(_("Domain Dispute"));
@@ -177,19 +177,19 @@
exit;
}
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
+ if(mysqli_num_rows($res) <= 0)
{
- $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
- mysql_query("update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
+ $row = mysqli_fetch_assoc($res);
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Domain Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result.");
- mysql_query("update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
+ mysqli_query($_SESSION['mconn'], "update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
} else
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID.");
showfooter();
@@ -203,7 +203,7 @@
}
$_SESSION['_config']['domainid'] = $domainid;
$_SESSION['_config']['hash'] = $hash;
- $row = mysql_fetch_assoc(mysql_query("select * from `disputedomain` where `id`='$domainid'"));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `disputedomain` where `id`='$domainid'"));
$_SESSION['_config']['domain'] = $row['domain'];
showheader(_("Domain Dispute"));
includeit("6", "disputes");
@@ -214,7 +214,7 @@
if($oldid == "1")
{
csrf_check('emaildispute');
- $email = trim(mysql_escape_string(stripslashes($_REQUEST['dispute'])));
+ $email = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['dispute'])));
if($email == "")
{
showheader(_("Email Dispute"));
@@ -224,8 +224,8 @@
}
//check if email belongs to locked account
- $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
@@ -240,8 +240,8 @@
exit;
}
- $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select * from `disputeemail` where `email`='$email' and hash!=''");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($email));
@@ -251,15 +251,15 @@
unset($oldid);
$query = "select * from `email` where `email`='$email' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email));
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['memid'];
$emailid = $row['id'];
if($_SESSION['profile']['id'] == $oldmemid)
@@ -270,10 +270,10 @@
exit;
}
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='$oldmemid'");
+ $user = mysqli_fetch_assoc($res);
+ $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
if($user['email'] == $email && ($rc > 0 || $rc2 > 0))
{
showheader(_("Email Dispute"));
@@ -286,7 +286,7 @@
$query = "insert into `disputeemail` set `email`='$email',`memid`='".intval($_SESSION['profile']['id'])."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='".intval($emailid)."',
`IP`='".$_SERVER['REMOTE_ADDR']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$my_translation = L10n::get_translation();
L10n::set_recipient_language($oldmemid);
@@ -307,7 +307,7 @@
if($oldid == "2")
{
csrf_check('domaindispute');
- $domain = trim(mysql_escape_string(stripslashes($_REQUEST['dispute'])));
+ $domain = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['dispute'])));
if($domain == "")
{
showheader(_("Domain Dispute"));
@@ -317,8 +317,8 @@
}
//check if domain belongs to locked account
- $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], "select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
@@ -334,8 +334,8 @@
}
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($domain));
@@ -344,12 +344,12 @@
}
unset($oldid);
$query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$query = "select 1 from `orgdomains` where `domain`='$domain'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>');
@@ -361,7 +361,7 @@
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$oldmemid = $row['memid'];
if($_SESSION['profile']['id'] == $oldmemid)
{
@@ -389,7 +389,7 @@
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
}
} else {
if(is_array($adds))
@@ -406,7 +406,7 @@
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
- $addy[] = trim(mysql_escape_string(stripslashes($line)));
+ $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
}
}
@@ -423,7 +423,7 @@
if($oldid == "5")
{
- $authaddy = trim(mysql_escape_string(stripslashes($_REQUEST['authaddy'])));
+ $authaddy = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['authaddy'])));
if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "")
{
@@ -434,8 +434,8 @@
}
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Domain Dispute!"));
printf(_("The domain '%s' isn't in the system. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
@@ -446,12 +446,12 @@
$domainid = intval($_SESSION['_config']['domainid']);
$memid = intval($_SESSION['_config']['memid']);
$oldmemid = intval($_SESSION['_config']['oldmemid']);
- $domain = mysql_escape_string($_SESSION['_config']['domain']);
+ $domain = mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['domain']);
$hash = make_hash();
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$my_translation = L10n::get_translation();
L10n::set_recipient_language($oldmemid);
diff --git a/www/gpg.php b/www/gpg.php
index cb72475..63295d5 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -80,7 +80,7 @@ function verifyName($name)
function verifyEmail($email)
{
if($email == "") return 0;
- if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
+ if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysqli_real_escape_string($_SESSION['mconn'], $email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
return 0;
}
@@ -314,18 +314,18 @@ function verifyEmail($email)
if(trim($_REQUEST['description']) == ""){
$description= "";
}else{
- $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ $description= trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['description'])));
}
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
- `email`='".mysql_real_escape_string($lastvalidemail)."',
+ `email`='".mysqli_real_escape_string($_SESSION['mconn'], $lastvalidemail)."',
`level`='1',
- `expires`='".mysql_real_escape_string($expires)."',
- `multiple`='".mysql_real_escape_string($multiple)."',
- `keyid`='".mysql_real_escape_string($keyid)."',
- `description`='".mysql_real_escape_string($description)."'";
- mysql_query($query);
- $insert_id = mysql_insert_id();
+ `expires`='".mysqli_real_escape_string($_SESSION['mconn'], $expires)."',
+ `multiple`='".mysqli_real_escape_string($_SESSION['mconn'], $multiple)."',
+ `keyid`='".mysqli_real_escape_string($_SESSION['mconn'], $keyid)."',
+ `description`='".mysqli_real_escape_string($_SESSION['mconn'], $description)."'";
+ mysqli_query($_SESSION['mconn'], $query);
+ $insert_id = mysqli_insert_id($_SESSION['mconn']);
$cwd = '/tmp/gpgspace'.$insert_id;
@@ -527,14 +527,14 @@ function verifyEmail($email)
$cmd_keyid = escapeshellarg($keyid);
$do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname");
- mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
+ mysqli_query($_SESSION['mconn'], "update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
waitForResult('gpg', $insert_id);
showheader(_("Welcome to CAcert.org"));
echo $resulttable;
$query = "select * from `gpg` where `id`='$insert_id' and `crt`!=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
@@ -556,8 +556,8 @@ function verifyEmail($email)
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+ mysqli_query($_SESSION['mconn'], "update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
diff --git a/www/index.php b/www/index.php
index 8c5560c..9b32eb7 100644
--- a/www/index.php
+++ b/www/index.php
@@ -53,7 +53,7 @@ require_once('../includes/notary.inc.php');
$oldid = 0;
if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
{
- $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
+ $_SESSION['lostpw']['A1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A1']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
$answers++;
@@ -61,7 +61,7 @@ require_once('../includes/notary.inc.php');
}
if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
{
- $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
+ $_SESSION['lostpw']['A2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A2']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
$answers++;
@@ -69,7 +69,7 @@ require_once('../includes/notary.inc.php');
}
if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
{
- $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
+ $_SESSION['lostpw']['A3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A3']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
$answers++;
@@ -77,7 +77,7 @@ require_once('../includes/notary.inc.php');
}
if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
{
- $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
+ $_SESSION['lostpw']['A4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A4']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
$answers++;
@@ -85,15 +85,15 @@ require_once('../includes/notary.inc.php');
}
if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
{
- $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+ $_SESSION['lostpw']['A5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A5']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
}
- $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
- $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
+ $_SESSION['lostpw']['pw1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['newpass1']))));
+ $_SESSION['lostpw']['pw2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['newpass2']))));
if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
{
@@ -119,7 +119,7 @@ require_once('../includes/notary.inc.php');
} else {
$query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
- mysql_query($query) || die(mysql_error());
+ mysqli_query($_SESSION['mconn'], $query) || die(mysqli_error($_SESSION['mconn']));
showheader(_("Welcome to CAcert.org"));
echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
showfooter();
@@ -130,21 +130,21 @@ require_once('../includes/notary.inc.php');
if($oldid == 5 && $process != "")
{
- $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
+ $email = $_SESSION['lostpw']['email'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['email']))));
$_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
$_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
$_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
$dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
$query = "select * from `users` where `email`='$email' and `dob`='$dob'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
$id = $oldid;
$oldid = 0;
$_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
} else {
$id = 6;
- $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
+ $_SESSION['lostpw']['user'] = mysqli_fetch_assoc($res);
}
}
@@ -157,7 +157,7 @@ require_once('../includes/notary.inc.php');
if($user_id >= 0)
{
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],
"select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
@@ -186,33 +186,33 @@ require_once('../includes/notary.inc.php');
$_SESSION['_config']['errmsg'] = "";
- $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
- $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
+ $email = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags(trim($_REQUEST['email']))));
+ $pword = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['pword'])));
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
- $res = mysql_query($query);
+ $res = mysqli_query($_SESSION['mconn'], $query);
$query = "SELECT 1 FROM `users` WHERE `email`='$email' and (UNIX_TIMESTAMP(`lastLoginAttempt`) < UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - 5 or `lastLoginAttempt` is NULL)" ;
- $rateLimit = mysql_num_rows(mysql_query($query)) > 0;
- if(mysql_num_rows($res) > 0 && $rateLimit)
+ $rateLimit = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) > 0;
+ if(mysqli_num_rows($res) > 0 && $rateLimit)
{
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
- $_SESSION['profile'] = mysql_fetch_assoc($res);
+ $_SESSION['profile'] = mysqli_fetch_assoc($res);
$query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
$_SESSION['profile']['loggedin'] = 1;
if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
@@ -235,13 +235,13 @@ require_once('../includes/notary.inc.php');
exit;
} else if($rateLimit){
$query = "update `users` set `lastLoginAttempt`=CURRENT_TIMESTAMP WHERE `email`='$email'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=0 and `deleted`=0";
- $res = mysql_query($query);
- if(!$rateLimit || mysql_num_rows($res) <= 0) {
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(!$rateLimit || mysqli_num_rows($res) <= 0) {
$_SESSION['_config']['errmsg'] = _("Login failed due to incorrect email address, wrong passphrase or because the rate limit of one login per 5 seconds was hit.");
} else {
$_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
@@ -289,26 +289,26 @@ if ($oldid == 52 )
$_SESSION['_config']['errmsg'] = "";
- $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
- $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
- $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
- $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
- $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
+ $_SESSION['signup']['email'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['email']))));
+ $_SESSION['signup']['fname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['fname']))));
+ $_SESSION['signup']['mname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['mname']))));
+ $_SESSION['signup']['lname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['lname']))));
+ $_SESSION['signup']['suffix'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['signup']['day'] = intval($_REQUEST['day']);
$_SESSION['signup']['month'] = intval($_REQUEST['month']);
$_SESSION['signup']['year'] = intval($_REQUEST['year']);
- $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
- $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
- $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
- $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
- $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
- $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
- $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
- $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
- $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
- $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
- $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
- $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+ $_SESSION['signup']['pword1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword1'])));
+ $_SESSION['signup']['pword2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword2'])));
+ $_SESSION['signup']['Q1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q1']))));
+ $_SESSION['signup']['Q2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q2']))));
+ $_SESSION['signup']['Q3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q3']))));
+ $_SESSION['signup']['Q4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q4']))));
+ $_SESSION['signup']['Q5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q5']))));
+ $_SESSION['signup']['A1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A1']))));
+ $_SESSION['signup']['A2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A2']))));
+ $_SESSION['signup']['A3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A3']))));
+ $_SESSION['signup']['A4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A4']))));
+ $_SESSION['signup']['A5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A5']))));
$_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
$_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
$_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
@@ -403,21 +403,21 @@ if ($oldid == 52 )
if($id == 2)
{
$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
- $res1 = mysql_query($query);
+ $res1 = mysqli_query($_SESSION['mconn'], $query);
$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
- $res2 = mysql_query($query);
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ $res2 = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0)
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
}
$query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $domain = mysql_fetch_assoc($res);
+ $domain = mysqli_fetch_assoc($res);
$domain = $domain['domain'];
$id = 1;
$_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
@@ -462,20 +462,20 @@ if ($oldid == 52 )
`A4`='".$_SESSION['signup']['A4']."',
`A5`='".$_SESSION['signup']['A5']."',
`created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
- mysql_query($query);
- $memid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $memid = mysqli_insert_id($_SESSION['mconn']);
$query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
`hash`='$hash',
`created`=NOW(),
`memid`='$memid'";
- mysql_query($query);
- $emailid = mysql_insert_id();
+ mysqli_query($_SESSION['mconn'], $query);
+ $emailid = mysqli_insert_id($_SESSION['mconn']);
$query = "insert into `alerts` set `memid`='$memid',
`general`='".$_SESSION['signup']['general']."',
`country`='".$_SESSION['signup']['country']."',
`regional`='".$_SESSION['signup']['regional']."',
`radius`='".$_SESSION['signup']['radius']."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
write_user_agreement($memid, "CCA", "account creation", "", 1);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
diff --git a/www/news.php b/www/news.php
index f355b4b..b4ddd26 100644
--- a/www/news.php
+++ b/www/news.php
@@ -25,7 +25,7 @@
if($id > 0)
{
$query = "select * from `news` where `id`='$id'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
echo "<h3>".$row['short']."</h3>\n";
echo "<p>Posted by ".$row['who']." at ".$row['when']."</p>\n";
@@ -33,8 +33,8 @@
echo "<p>".str_replace("\n", "<br>\n", $row['story'])."</p>\n";
} else {
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{
echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
if($row['story'] != "")
diff --git a/www/rss.php b/www/rss.php
index f8eddb7..fedf9fd 100644
--- a/www/rss.php
+++ b/www/rss.php
@@ -12,8 +12,8 @@
<lastBuildDate><?=date("D, d M Y H:i:s O")?></lastBuildDate>
<ttl>3600</ttl><?
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 10";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ while($row = mysqli_fetch_assoc($res))
{ ?>
<item>
<title><?=strip_tags($row['short'])?></title>
diff --git a/www/sqldump.php b/www/sqldump.php
index f30b4d0..fcb9be6 100644
--- a/www/sqldump.php
+++ b/www/sqldump.php
@@ -25,14 +25,14 @@
# Database: `cacert`
#
<?
- $tables = mysql_query("SHOW TABLES");
- while(list($table_name) = mysql_fetch_array($tables))
+ $tables = mysqli_query($_SESSION['mconn'], "SHOW TABLES");
+ while(list($table_name) = mysqli_fetch_array($tables), MYSQLI_BOTH)
{
echo "# --------------------------------------------------------\n\n";
echo "#\n# Table structure for table `$table_name`\n#\n\n";
echo "DROP TABLE IF EXISTS `$table_name`;\n";
- $create = mysql_fetch_assoc(mysql_query("SHOW CREATE TABLE `$table_name`"));
+ $create = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "SHOW CREATE TABLE `$table_name`"));
echo $create['Create Table'].";\n\n";
}
?>
diff --git a/www/stats.php b/www/stats.php
index d4d892d..d19f467 100644
--- a/www/stats.php
+++ b/www/stats.php
@@ -25,9 +25,9 @@
*/
function getData() {
$sql = 'select * from `statscache` order by `timestamp` desc limit 1';
- $res = mysql_query($sql);
- if ($res && mysql_numrows($res) > 0) {
- $ar = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $sql);
+ if ($res && mysqli_numrows($res) > 0) {
+ $ar = mysqli_fetch_assoc($res);
$stats = unserialize($ar['cache']);
$stats['timestamp'] = $ar['timestamp'];
return $stats;
diff --git a/www/verify.php b/www/verify.php
index 6f603e4..766f8b0 100644
--- a/www/verify.php
+++ b/www/verify.php
@@ -43,41 +43,41 @@
{
$id = 1;
$emailid = intval($_REQUEST['emailid']);
- $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
+ $hash = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['hash']));
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
{
- mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
showfooter();
exit;
}
- mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
+ mysqli_query($_SESSION['mconn'], "update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
}
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, or something weird happened.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
{
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
$query = "update `users` set `verified`='1' where `id`='".intval($row['memid'])."' and `email`='".$row['email']."' and `verified`='0'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("Updated"), _("Updated"));
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
@@ -101,13 +101,13 @@
{
$id = 7;
$domainid = intval($_REQUEST['domainid']);
- $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
+ $hash = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['hash']));
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
{
@@ -118,23 +118,23 @@
exit;
}
$query = "update `domains` set `attempts`='".intval($row['attempts'])."' where `id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
}
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
showfooter();
exit;
}
- $row = mysql_fetch_assoc($res);
+ $row = mysqli_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
{
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
diff --git a/www/wot.php b/www/wot.php
index 35dce1f..ecfcbc5 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -134,7 +134,7 @@ function send_reminder()
$body .= "User ".$_SESSION['profile']['fname']." ".
$_SESSION['profile']['lname']." with email address '".
$_SESSION['profile']['email']."' is requesting a TTP assurances for ".
- mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+ mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['country'])).".\n\n";
if ($_POST['ttptopup']=='1') {
$body .= "The user is also requesting TTP TOPUP.\n\n";
}else{
@@ -181,9 +181,9 @@ function send_reminder()
if($oldid == 5)
{
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
+ $query = "select * from `users` where `email`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['email']))."' and `deleted`=0";
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) != 1)
{
$_SESSION['_config']['noemailfound'] = 1;
show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
@@ -191,7 +191,7 @@ function send_reminder()
} else
{
$_SESSION['_config']['noemailfound'] = 0;
- $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['notarise'] = mysqli_fetch_assoc($res);
if ($_SESSION['_config']['notarise']['verified'] == 0)
{
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
@@ -209,9 +209,9 @@ function send_reminder()
}
}
}
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) >= 1)
+ $query = "select * from `users` where `email`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['email']))."' and `locked`=1";
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) >= 1)
{
$_SESSION['_config']['noemailfound'] = 0;
show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
@@ -236,8 +236,8 @@ function send_reminder()
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and
`to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
exit;
@@ -321,8 +321,8 @@ function send_reminder()
}
$query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $row = mysqli_fetch_assoc($res);
$name = sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])." ".sanitizeHTML($row['suffix']);
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{
@@ -343,8 +343,8 @@ function send_reminder()
$newpoints = $awarded = 0;
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
- $res = mysql_query($query);
- $drow = mysql_fetch_assoc($res);
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ $drow = mysqli_fetch_assoc($res);
$_POST['expire'] = 0;
@@ -355,17 +355,17 @@ function send_reminder()
if($newpoints < 0)
$newpoints = 0;
- if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
+ if(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND
`to`='".intval($_SESSION['_config']['notarise']['id'])."' AND
`awarded`='".intval($awarded)."' AND
- `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND
+ `location`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['location']))."' AND
+ `date`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date']))."' AND
`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = mysqli_query($_SESSION['mconn'], $query);
+ if(mysqli_num_rows($res) > 0)
{
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
@@ -377,8 +377,8 @@ function send_reminder()
$query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
`to`='".intval($_SESSION['_config']['notarise']['id'])."',
`points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
- `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['location']))."',
+ `date`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
@@ -388,7 +388,7 @@ function send_reminder()
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']);
include_once("../includes/notary.inc.php");
@@ -402,11 +402,11 @@ function send_reminder()
$query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
`to`='".intval($_SESSION['profile']['id'])."',
`points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."',
- `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['location']))."',
+ `date`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
// No need to fix_assurer_flag here, this should only happen for assurers...
$_SESSION['profile']['points'] += $addpoints;
@@ -461,7 +461,7 @@ function send_reminder()
{
csrf_check("chgcontact");
- $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysqli_real_escape_string($_SESSION['mconn'], strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -470,7 +470,7 @@ function send_reminder()
$_SESSION['profile']['contactinfo'] = $info;
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ mysqli_query($_SESSION['mconn'], $query);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your account information has been updated.")."</p>";
@@ -490,8 +490,8 @@ function send_reminder()
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
+ $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{