Merge branch 'bug-1442' into testserver-1260
authorBernhard Fröhlich <bernhard@cacert.org>
Sun, 18 Nov 2018 14:39:37 +0000 (15:39 +0100)
committerBernhard Fröhlich <bernhard@cacert.org>
Sun, 18 Nov 2018 14:39:37 +0000 (15:39 +0100)
# Conflicts:
# includes/account.php
# includes/general.php
# includes/lib/general.php
# includes/loggedin.php
# includes/notary.inc.php
# pages/account/27.php
# pages/account/41.php
# pages/account/43.php
# pages/account/49.php
# pages/account/51.php
# pages/account/52.php
# pages/account/53.php
# pages/account/54.php
# pages/wot/1.php
# pages/wot/12.php
# pages/wot/13.php
# pages/wot/9.php
# stamp/certdet.php
# stamp/common.php
# stamp/displogo.php
# stamp/report.php
# tverify/index.php
# tverify/index/0.php
# www/ac.php
# www/account.php
# www/alert_hash_collision.php
# www/api/ccsr.php
# www/api/cemails.php
# www/api/edu.php
# www/disputes.php
# www/index.php
# www/verify.php
# www/wot.php

30 files changed:
1  2 
includes/account.php
includes/account_stuff.php
includes/general.php
includes/general_stuff.php
includes/lib/account.php
includes/lib/general.php
includes/loggedin.php
includes/mysql.php.sample
includes/notary.inc.php
pages/account/13.php
pages/account/25.php
pages/account/27.php
pages/account/43.php
pages/account/49.php
pages/account/55.php
pages/account/6.php
pages/gpg/2.php
pages/wot/1.php
pages/wot/16.php
pages/wot/9.php
scripts/cron/refresh_stats.php
scripts/cron/updatesort.php
scripts/send_heartbleed.php
www/ac.php
www/account.php
www/cats/cats_import.php
www/gpg.php
www/index.php
www/stats.php
www/wot.php

@@@ -913,11 -904,10 +913,11 @@@ function buildSubjectFromSession() 
                                                `modified`=NOW(),
                                                `rootcert`='".intval($row['rootcert'])."',
                                                `type`='".intval($row['type'])."',
-                                               `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."',
+                                               `pkhash`='".mysqli_real_escape_string($_SESSION['mconn'], $row['pkhash'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
 +                                              `md`='".HashAlgorithms::clean($row['md'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","server",$newid);
                                copy($row['csr_name'], $newfile);
                                $newfile_esc = escapeshellarg($newfile);
                                                `disablelogin`='".intval($row['disablelogin'])."',
                                                `codesign`='".intval($row['codesign'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
 +                                              `md`='".HashAlgorithms::clean($row['md'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","client",$newid);
                                copy($row['csr_name'], $newfile);
-                               mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
-                               $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
-                               while($r2 = mysql_fetch_assoc($res))
+                               mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+                               $res = mysqli_query($_SESSION['mconn'],"select * from `emaillink` where `emailcertsid`='".$row['id']."'");
+                               while($r2 = mysqli_fetch_assoc($res))
                                {
-                                       mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
+                                       mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailid`='".$r2['emailid']."',
                                                        `emailcertsid`='$newid'");
                                }
                                waitForResult("emailcerts", $newid,$oldid,0);
                exit;
        }
  
-                       $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
 +      if($oldid == 6 && $_REQUEST['certid'] != "")
 +      {
 +              if(trim($_REQUEST['description']) != ""){
-               mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
++                      $description= trim(mysqli_real_escape_string($_SESSION['mconn'],stripslashes($_REQUEST['description'])));
 +              }else{
 +                      $description= "";
 +              }
 +
 +              if(trim($_REQUEST['disablelogin']) == "1"){
 +                      $disablelogin = 1;
 +              }else{
 +                      $disablelogin = 0;
 +              }
 +
++              mysqli_query($_SESSION['mconn'],"update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
 +      }
 +
        if($oldid == 13 && $process != "" && $showdetails!="")
        {
                csrf_check("perschange");
                }
  
                $_SESSION['_config']['user']['set'] = 0;
-               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+               $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                $_SESSION['profile']['loggedin'] = 1;
  
 -              $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
 -              $ddres = mysqli_query($_SESSION['mconn'],$ddquery);
 -              $ddrow = mysqli_fetch_assoc($ddres);
 -              $_SESSION['profile']['points'] = $ddrow['total'];
 -
 +              update_points_in_profile();
  
                $id = 13;
                showheader(_("My CAcert.org Account!"));
                echo _("Your details have been updated with the database.");
                                                `modified`=NOW(),
                                                `codesign`='".intval($row['codesign'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
 +                                              `md`='".HashAlgorithms::clean($row['md'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","orgclient",$newid);
                                copy($row['csr_name'], $newfile);
-                               mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
                                waitForResult("orgemailcerts", $newid,$oldid,0);
                                $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        printf(_("Certificate for '%s' has been renewed."), $row['CN']);
                                        echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
                                }
                                $query = "insert into `orgdomaincerts` set
                                                `orgid`='".intval($row['orgid'])."',
-                                               `CN`='".mysql_real_escape_string($row['CN'])."',
-                                               `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
-                                               `created`='".mysql_real_escape_string($row['created'])."',
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+                                               `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+                                               `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
                                                `modified`=NOW(),
-                                               `subject`='".mysql_real_escape_string($row['subject'])."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
                                                `type`='".intval($row['type'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
 +                                              `md`='".HashAlgorithms::clean($row['md'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                //echo "NewID: $newid<br/>\n";
                                $newfile=generatecertpath("csr","orgserver",$newid);
                                copy($row['csr_name'], $newfile);
                                showfooter();
                                exit;
                        }
-                       mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
-                       $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+                       mysqli_query($_SESSION['mconn'],"update `users` set `password`=sha1('".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
                        printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
  
 -              $my_translation = L10n::get_translation();
 -              L10n::set_recipient_language(intval($_REQUEST['userid']));
 +                      $my_translation = L10n::get_translation();
 +                      L10n::set_recipient_language(intval($_REQUEST['userid']));
                        $body  = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
                        $body .= _("You are receiving this email because a CAcert administrator ".
                                        "has changed the password on your account.")."\n\n";
                }
        }
  
 -
+       /* presently not needed
+       if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
+       {
+               $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
+               if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) {
+                       showheader(_("Something went wrong"));
+                       echo _("Writing to the admin log failed. Can't continue.");
+                       showfooter();
+                       exit;
+               }
+               $query = "select * from `users` where `id`='$memid'";
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
+               $ver = !$row['tverify'];
+               mysqli_query($_SESSION['mconn'],"update `users` set `tverify`='$ver' where `id`='$memid'");
+       }elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+       }
+       */
        if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
        {
                csrf_check('admsetassuret');
Simple merge
  
        if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
        {
-               $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+               $locked = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                if($locked['locked'] == 0)
                {
 -                      $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
 -                      $res = mysqli_query($_SESSION['mconn'], $query);
 -                      $row = mysqli_fetch_assoc($res);
 -                      $_SESSION['profile']['points'] = $row['total'];
 +                      update_points_in_profile();
                } else {
                        $_SESSION['profile'] = "";
                        unset($_SESSION['profile']);
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['row'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
 -                              $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
 +                              $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        $cnok = 1;
-                                       $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
                                        $rowid[] = $_SESSION['_config']['row']['id'];
                                        break;
                                }
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['altrow'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
 -                              $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
 +                              $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        $altok = 1;
-                                       $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
                                        $altid[] = $_SESSION['_config']['altrow']['id'];
                                        break;
                                }
  
        function checkEmail($email)
        {
-               $myemail = mysql_real_escape_string($email);
+               $myemail = mysqli_real_escape_string($_SESSION['mconn'], $email);
 -              if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
 +              $myuid = intval($_SESSION['profile']['id']);
 +              if(!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
                {
 -                      list($username,$domain)=explode('@',$email,2);
 -                      $mxhostrr = array();
 -                      $mxweight = array();
 -                      if( !getmxrr($domain, $mxhostrr, $mxweight) ) {
 -                              $mxhostrr = array($domain);
 -                              $mxweight = array(0);
 -                      } else if ( empty($mxhostrr) ) {
 -                              $mxhostrr = array($domain);
 -                              $mxweight = array(0);
 -                      }
 -
 -                      $mxhostprio = array();
 -                      for($i = 0; $i < count($mxhostrr); $i++) {
 -                              $mx_host = trim($mxhostrr[$i], '.');
 -                              $mx_prio = $mxweight[$i];
 -                              if(empty($mxhostprio[$mx_prio])) {
 -                                      $mxhostprio[$mx_prio] = array();
 -                              }
 -                              $mxhostprio[$mx_prio][] = $mx_host;
 +                      $query = "INSERT INTO `pinglog` SET `when` = NOW(), `uid` = '$myuid', `email` = '$myemail',
 +                              `result` = 'Format of email address not recognized'";
-                       mysql_query($query);
++                      mysqli_query($_SESSION['mconn'], $query);
 +                      return _("Format of email address not recognized");
 +              }
 +
 +              // Start with a blank transcript which is filled with information in the course of this routine
 +              $transcript = "";
 +
 +              list($username,$domain)=explode('@',$email,2);
 +              $transcript .= "Processing email address:\n";
 +              $transcript .= "- Domain Name:  " . sanitizeHTML($domain) . "\n";
 +              $transcript .= "- Mailbox Name: " . sanitizeHTML($username) . "\n";
 +
 +              $transcript .= "Determining MX records for mail delivery:\n";
 +              $mxhostrr = array();
 +              $mxweight = array();
 +              if( !getmxrr($domain, $mxhostrr, $mxweight) ) {
 +                      $transcript .= "- DNS lookup for MX records failed\n";
 +                      $transcript .= "- Defaulting to MX = '".sanitizeHTML($domain)."' at priority 0\n";
 +                      $mxhostrr = array($domain);
 +                      $mxweight = array(0);
 +              } else if ( empty($mxhostrr) ) {
 +                      $transcript .= "- DNS lookup for MX records returned empty result\n";
 +                      $transcript .= "- Defaulting to MX = '".sanitizeHTML($domain)."' at priority 0\n";
 +                      $mxhostrr = array($domain);
 +                      $mxweight = array(0);
 +              } else {
 +                      $transcript .= "- DNS lookup for MX records successful\n";
 +                      $transcript .= "- Received ".count($mxhostrr)." records\n";
 +              }
 +
 +              $transcript .= "Building priority queue for test of servers:\n";
 +              $mxhostprio = array();
 +              for($i = 0; $i < count($mxhostrr); $i++) {
 +                      $mx_host = trim($mxhostrr[$i], '.');
 +                      $mx_prio = $mxweight[$i];
 +                      if(empty($mxhostprio[$mx_prio])) {
 +                              $mxhostprio[$mx_prio] = array();
                        }
 +                      $mxhostprio[$mx_prio][] = $mx_host;
 +              }
  
 -                      array_walk($mxhostprio, function(&$mx) { shuffle($mx); } );
 -                      ksort($mxhostprio);
 +              array_walk($mxhostprio, function(&$mx) { shuffle($mx); } );
 +              ksort($mxhostprio);
  
 -                      $mxhosts = array();
 -                      foreach($mxhostprio as $mx_prio => $mxhostnames) {
 -                              foreach($mxhostnames as $mx_host) {
 -                                      $mxhosts[] = $mx_host;
 +              $mxhosts = array();
 +              foreach($mxhostprio as $mx_prio => $mxhostnames) {
 +                      foreach($mxhostnames as $mx_host) {
 +                              $transcript .= "- Will test server id ".count($mxhosts)." at host '".sanitizeHTML($mx_host)."' with priority ".intval($mx_prio)."\n";
 +                              $ipv6rr = dns_get_record($mx_host, DNS_AAAA);
 +                              if(!empty($ipv6rr)) {
 +                                      $transcript .= "- Will prefer IPv6 for server id ".count($mxhosts)." for host '".sanitizeHTML($mx_host)."'\n";
                                }
 +
 +                              $mxhosts[] = $mx_host;
                        }
 +              }
  
 -                      foreach($mxhosts as $key => $domain)
 -                      {
 -                              $fp_opt = array(
 -                                      'ssl' => array(
 -                                              'verify_peer'   => false,       // Opportunistic Encryption
 -                                              )
 -                                      );
 -                              $fp_ctx = stream_context_create($fp_opt);
 -                              $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
 -                              if($fp)
 -                              {
 -                                      stream_set_blocking($fp, true);
 -
 -                                      $has_starttls = false;
 -
 -                                      do {
 -                                              $line = fgets($fp, 4096);
 -                                      } while(substr($line, 0, 4) == "220-");
 -                                      if(substr($line, 0, 3) != "220") {
 -                                              fclose($fp);
 -                                              continue;
 -                                      }
 -
 -                                      fputs($fp, "EHLO www.cacert.org\r\n");
 -                                      do {
 -                                              $line = fgets($fp, 4096);
 -                                              $has_starttls |= substr(trim($line),4) == "STARTTLS";
 -                                      } while(substr($line, 0, 4) == "250-");
 -                                      if(substr($line, 0, 3) != "250") {
 -                                              fclose($fp);
 -                                              continue;
 -                                      }
 -
 -                                      if($has_starttls) {
 -                                              fputs($fp, "STARTTLS\r\n");
 -                                              do {
 -                                                      $line = fgets($fp, 4096);
 -                                              } while(substr($line, 0, 4) == "220-");
 -                                              if(substr($line, 0, 3) != "220") {
 -                                                      fclose($fp);
 -                                                      continue;
 -                                              }
 -
 -                                              stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
 -
 -                                              fputs($fp, "EHLO www.cacert.org\r\n");
 -                                              do {
 -                                                      $line = fgets($fp, 4096);
 -                                              } while(substr($line, 0, 4) == "250-");
 -                                              if(substr($line, 0, 3) != "250") {
 -                                                      fclose($fp);
 -                                                      continue;
 -                                              }
 -                                      }
 -
 -                                      fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
 -                                      do {
 -                                              $line = fgets($fp, 4096);
 -                                      } while(substr($line, 0, 4) == "250-");
 -                                      if(substr($line, 0, 3) != "250") {
 -                                              fclose($fp);
 -                                              continue;
 -                                      }
 -
 -                                      fputs($fp, "RCPT TO:<$email>\r\n");
 -                                      do {
 -                                              $line = fgets($fp, 4096);
 -                                      } while(substr($line, 0, 4) == "250-");
 -                                      if(substr($line, 0, 3) != "250") {
 -                                              fclose($fp);
 -                                              continue;
 -                                      }
 -
 -                                      fputs($fp, "QUIT\r\n");
 -                                      fclose($fp);
 +              foreach($mxhosts as $key => $domain) {
 +                      $transcript .= "\n";
 +                      $transcript .= "Starting test for id ".intval($key)." for host '".sanitizeHTML($domain)."'\n";
 +
 +                      $transcript .= "- Trying to connect to 'tcp://".sanitizeHTML($domain).":25' ... ";
 +                      $fp_opt = array(
 +                              'ssl' => array(
 +                                      'verify_peer'   => false,       // Opportunistic Encryption
 +                                      )
 +                              );
 +                      $fp_ctx = stream_context_create($fp_opt);
 +                      $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
 +
 +                      $transcript .= $fp ? "OK\n" : "FAILED\n";
 +                      if(!$fp) {
 +                              $transcript .= "- Connection failed with code $errno: ".sanitizeHTML($errstr)."\n";
 +                              continue;
 +                      }
 +
 +                      $transcript .= "- Settng up the socket for blocking operation\n";
 +                      stream_set_blocking($fp, true);
 +
 +                      $has_starttls = false;
  
 -                                      $line = mysqli_real_escape_string($_SESSION['mconn'], trim(strip_tags($line)));
 -                                      $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
 -                                      if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
 -                                      mysqli_query($_SESSION['mconn'], $query);
 +                      $transcript .= "- Connection set up, dialog follows:\n";
  
 -                                      if(substr($line, 0, 3) != "250")
 -                                              return $line;
 -                                      else
 -                                              return "OK";
 +                      do {
 +                              $line = fgets($fp, 4096);
 +                              $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                      } while(substr($line, 0, 4) == "220-");
 +                      if(substr($line, 0, 3) != "220") {
 +                              $transcript .= "- Unexpected status code, expected code 220\n";
 +                              $transcript .= "- Closing connection and trying the next host\n";
 +                              fclose($fp);
 +                              continue;
 +                      }
 +
 +                      $transcript .= "! C-&gt;S: EHLO www.cacert.org\n";
 +                      fputs($fp, "EHLO www.cacert.org\r\n");
 +                      do {
 +                              $line = fgets($fp, 4096);
 +                              $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                              $has_starttls |= substr(trim($line),4) == "STARTTLS";
 +                      } while(substr($line, 0, 4) == "250-");
 +                      if(substr($line, 0, 3) != "250") {
 +                              $transcript .= "- Unexpected status code, expected code 250\n";
 +                              $transcript .= "- Closing connection and trying the next host\n";
 +                              fclose($fp);
 +                              continue;
 +                      }
 +
 +                      if($has_starttls) {
 +                              $transcript .= "- STARTTLS support detected; will use it!\n";
 +                              $transcript .= "! C-&gt;S: STARTTLS\n";
 +                              fputs($fp, "STARTTLS\r\n");
 +                              do {
 +                                      $line = fgets($fp, 4096);
 +                                      $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                              } while(substr($line, 0, 4) == "220-");
 +                              if(substr($line, 0, 3) != "220") {
 +                                      $transcript .= "- Unexpected status code, expected code 220\n";
 +                                      $transcript .= "- Closing connection and trying the next host\n";
 +                                      fclose($fp);
 +                                      continue;
 +                              }
 +
 +                              $transcript .= "- Establishing encrypted connection\n";
 +                              stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
 +
 +                              $transcript .= "! C-&gt;S: EHLO www.cacert.org\n";
 +                              fputs($fp, "EHLO www.cacert.org\r\n");
 +                              do {
 +                                      $line = fgets($fp, 4096);
 +                                      $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                              } while(substr($line, 0, 4) == "250-");
 +                              if(substr($line, 0, 3) != "250") {
 +                                      $transcript .= "- Unexpected status code, expected code 250\n";
 +                                      $transcript .= "- Closing connection and trying the next host\n";
 +                                      fclose($fp);
 +                                      continue;
                                }
                        }
-                       $line = mysql_real_escape_string(trim(strip_tags($line)));
 +
 +                      $transcript .= "! C-&gt;S: MAIL FROM:&lt;returns@cacert.org&gt;\n";
 +                      fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
 +                      do {
 +                              $line = fgets($fp, 4096);
 +                              $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                      } while(substr($line, 0, 4) == "250-");
 +                      if(substr($line, 0, 3) != "250") {
 +                              $transcript .= "- Unexpected status code, expected code 250\n";
 +                              $transcript .= "- Closing connection and trying the next host\n";
 +                              fclose($fp);
 +                              continue;
 +                      }
 +
 +                      $transcript .= "! C-&gt;S: MAIL FROM:&lt;".sanitizeHTML($email)."&gt;\n";
 +                      fputs($fp, "RCPT TO:<$email>\r\n");
 +                      do {
 +                              $line = fgets($fp, 4096);
 +                              $transcript .= "! S-&gt;C: ".sanitizeHTML(rtrim($line,"\r\n\0"))."\n";
 +                      } while(substr($line, 0, 4) == "250-");
 +                      if(substr($line, 0, 3) != "250") {
 +                              $transcript .= "- Unexpected status code, expected code 250\n";
 +                              $transcript .= "- Closing connection and trying the next host\n";
 +                              fclose($fp);
 +                              continue;
 +                      }
 +
 +                      $transcript .= "! C-&gt;S: QUIT\n";
 +                      fputs($fp, "QUIT\r\n");
 +                      fclose($fp);
 +                      $transcript .= "- Connection to host closed\n";
 +
-                       mysql_query($query);
++                      $line = mysqli_real_escape_string($_SESSION['mconn'], trim(strip_tags($line)));
 +                      $query = "INSERT INTO `pinglog` SET `when` = NOW(), `uid` = '$myuid', `email` = '$myemail', `result` = '$line'";
++                      mysqli_query($_SESSION['mconn'], $query);
 +
 +                      if(substr($line, 0, 3) != "250") {
 +                              return "<pre>" . $transcript . "</pre>";
 +                      } else {
 +                              return "OK";
 +                      }
                }
 -              $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
 -                              `email`='$myemail', `result`='Failed to make a connection to the mail server'";
 +
 +              $query = "INSERT INTO `pinglog` SET `when` = NOW(), `uid` = '$myuid', `email`='$myemail',
 +                      `result` = 'None of the email servers could be reached'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
 -              return _("Failed to make a connection to the mail server");
 +              $transcript .= _("None of the email servers could be reached");
 +
 +              return "<pre>" . $transcript . "</pre>";
        }
  
        function waitForResult($table, $certid, $id = 0, $show = 1)
                {
                        if($show) showheader(_("My CAcert.org Account!"));
                        $query = "select * from `$table` where `id`='".intval($certid)."' ";
-                       $res = mysql_query($query);
+                       $res = mysqli_query($_SESSION['mconn'], $query);
                        $body="";
                        $subject="";
-                       if(mysql_num_rows($res) > 0)
+                       if(mysqli_num_rows($res) > 0)
                        {
 -                              printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
 +                              printf('<p>' . _("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status." . '</p>'));
                                $subject="[CAcert.org] Certificate TIMEOUT";
                                $body = "A certificate has timed out!\n\n";
                        }
@@@ -66,11 -66,11 +66,11 @@@ google_color_border = "FFFFFF"
      </div>
      <? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
      <div class="relatedLinks">
 -      <h3 class="pointer" onclick="explode('recom')"><?=_("Advertising")?></h3>
 +      <h3 class="pointer" onclick="explode('recom')">Funding</h3>
        <ul class="menu" id="recom"><?
        $query = "select * from `advertising` where `expires`>NOW() and `active`=1";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
                echo "<li><a href='$row[link]' target='_blank'>$row[title]</a></li>";
  ?></ul>
      </div>
Simple merge
Simple merge
Simple merge
      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */
  
-       $_SESSION['mconn'] = mysql_connect("127.0.0.1", "username", "password");
-       if ($_SESSION['mconn'] != FALSE)
-       {
-               mysql_select_db("database");
-               $_SESSION['mconn'] = TRUE;
-       }
-       $_SESSION['_config']['normalhostname'] = "www.cacert.org";
+     $_SESSION['mconn'] = mysqli_connect("127.0.0.1", "username", "password", "database");
+ //    if (!$_SESSION['mconn']) {
+ //    die('Connect Error (' . mysqli_connect_errno() . ') '
+ //            . mysqli_connect_error());
+ //    }
+     $_SESSION['_config']['normalhostname'] = "www.cacert.org";
        $_SESSION['_config']['securehostname'] = "secure.cacert.org";
 -      $_SESSION['_config']['tverify'] = "tverify.cacert.org";
  
        function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $use_utf8 = true)
        {
@@@ -322,69 -322,6 +322,69 @@@ define('THAWTE_REVOCATION_DATETIME', '2
                $rank_of_assuree = get_top_assuree_position($num_of_assurees);
        }
  
-               while($row = mysql_fetch_assoc($res))
 +      /**
 +       * Helper function to sum all assurance points received by the user
 +       * @param int  $userid
 +       */
 +      function get_received_assurance_points($userid)
 +      {
 +              $sum_points = 0;
 +              $sum_experience = 0;
 +              $res = get_received_assurances(intval($userid));
-               while($row = mysql_fetch_assoc($res))
++              while($row = mysqli_fetch_assoc($_SESSION['mconn'], $res))
 +              {
 +                      calc_assurances($row, $sum_points, $sum_experience);
 +              }
 +              return $sum_points;
 +      }
 +
 +      /**
 +       * Helper function to sum all assurance points received by the user
 +       * @param int  $userid
 +       */
 +      function get_received_experience_points($userid)
 +      {
 +              $sum_points = 0;
 +              $sum_experience = 0;
 +              $res = get_received_assurances(intval($userid));
 +
 +              // this loop sums experience points from recieved assurances
 +              // this happens when the member has assurances with more than 150 points (super assurances)
 +              // such points/assurances should be removed from the database. Afterwards, this logic can be removed.
-               while($row = mysql_fetch_assoc($res))
++              while($row = mysqli_fetch_assoc($_SESSION['mconn'],$res))
 +              {
 +                      calc_assurances($row, $sum_points, $sum_experience);
 +              }
 +
 +              $res = get_given_assurances(intval($userid));
++              while($row = mysqli_fetch_assoc($_SESSION['mconn'],$res))
 +              {
 +                      calc_experience($row, $sum_points, $sum_experience);
 +              }
 +              return $sum_experience;
 +      }
 +
 +      /**
 +       * Helper function to sum all points received by the user
 +       * @param int  $userid
 +       */
 +      function get_received_total_points($userid)
 +      {
 +              $assurance = min(100, get_received_assurance_points($userid));
 +              $experience = min(50, get_received_experience_points($userid));
 +              if($assurance < 100) {
 +                      return $assurance;
 +              } else {
 +                      return 100 + $experience;
 +              }
 +      }
 +
 +      /**
 +         * Updates the assurance points in $_SESSION['profile']
 +         */
 +      function update_points_in_profile(){
 +               $_SESSION['profile']['points'] = get_received_total_points($_SESSION['profile']['id']);
 +      }
  
  // ************* html table definitions ******************
  
                        $log)
        {
                $sum_points = 0;
 -              $sumexperience = 0;
 +              $sum_experience = 0;
                $res = get_given_assurances(intval($userid), $log);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        $assuree = get_user(intval($row['to']));
                        calc_experience($row, $sum_points, $sum_experience);
                        $log)
        {
                $sum_points = 0;
 -              $sumexperience = 0;
 +              $sum_experience = 0;
                $res = get_received_assurances(intval($userid), $log);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        $fromuser = get_user(intval($row['from']));
                        calc_assurances($row, $sum_points, $sum_experience);
@@@ -1165,7 -1106,7 +1165,7 @@@ function get_user_agreements($memid, $t
        //called from account_delete
                $domainid = intval($domainid);
                revoke_all_server_cert($domainid);
-               mysql_query(
 -              mysqli_query($_SESSION['mconn'], 
++              mysqli_query($_SESSION['mconn'],
                        "update `domains`
                        set `deleted`=NOW()
                        where `id` = '$domainid'");
                }
  
        //clear alert settings
-               mysql_query(
 -              mysqli_query($_SESSION['mconn'], 
++              mysqli_query($_SESSION['mconn'],
                        "update `alerts` set
                                `general`='0',
                                `country`='0',
                        `suffix`='".$arbno."',
                        `dob`='1900-01-01'
                        where `id`='".$id."'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
  
        //clear all admin and board flags
-               mysql_query(
 -              mmysqli_query($_SESSION['mconn'], 
++              mmysqli_query($_SESSION['mconn'],
                        "update `users` set
                                `assurer`='0',
                                `assurer_blocked`='0',
                                from `domaincerts`, `domlink`
                                where `domaincerts`.`id` = `domlink`.`certid`
                                and `domlink`.`domid` = '$domainid'";
-               $dres = mysql_query($query);
-               while($drow = mysql_fetch_assoc($dres))
+               $dres = mysqli_query($_SESSION['mconn'], $query);
+               while($drow = mysqli_fetch_assoc($dres))
                {
-                       mysql_query(
 -                      mysqli_query($_SESSION['mconn'], 
++                      mysqli_query($_SESSION['mconn'],
                        "update `domaincerts`
                                set `revoked`='1970-01-01 10:00:01'
                                where `id` = '".$drow['id']."'
                return (strtotime($date)<=time()+$diff*86400);
        }
  
-               $email = mysql_real_escape_string(trim($email));
 +      // table layout for organisation
 +      /**
 +       * org_edit_org_table()
 +       *
 +       * @param mixed $orgname
 +       * @param mixed $contactmail
 +       * @param mixed $town
 +       * @param mixed $state
 +       * @param mixed $country
 +       * @param mixed $comment
 +       * @param integer $type  0 - new, 1, edit
 +       * @return
 +       */
 +      function org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, $type=0){
 +              if ($type > 0) {
 +                      $title = _('Edit Organisation');
 +                      $action = _('Update');
 +              } else {
 +                      $title = _('New Organisation');
 +                      $action = _('Next');
 +              }
 +              org_edit_org_table_header($title);
 +              org_edit_org_table_row(_('Organisation Name'), 'O', $orgname, 64);
 +              org_edit_org_table_row(_('Contact Email'), 'contact', $contactmail, 255);
 +              org_edit_org_table_row(_('Town/Suburb'), 'L', $town, 128);
 +              org_edit_org_table_row(_('State/Province'), 'ST', $state, 128);
 +              org_edit_org_table_country(_('Country'), 'C', $country, 2);
 +              org_edit_org_table_comment(_('Comments'), 'comments', $comment);
 +              org_edit_org_table_footer($action);
 +      }
 +
 +      /**
 +       * org_edit_org_table_header()
 +       *
 +       * @param mixed $title
 +       * @return
 +       */
 +      function org_edit_org_table_header($title){
 +?>
 +              <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 +                      <tr>
 +                              <td colspan="3" class="title"><?=$title?></td>
 +                      </tr>
 +<?
 +      }
 +
 +      /**
 +       * org_edit_org_table_row()
 +       *
 +       * @param mixed $label
 +       * @param mixed $name
 +       * @param mixed $value
 +       * @param mixed $length
 +       * @return
 +       */
 +      function org_edit_org_table_row($label, $name, $value, $length){
 +?>
 +                      <tr>
 +                              <td class="DataTD"><?=$label?>:</td>
 +                              <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="90"></td>
 +                              <td class="DataTD"><? printf(_('max %d characters'),$length)?></td>
 +                      </tr>
 +<?
 +      }
 +
 +      /**
 +       * org_edit_org_table_country()
 +       *
 +       * @param mixed $label
 +       * @param mixed $name
 +       * @param mixed $value
 +       * @param mixed $length
 +       * @return
 +       */
 +      function org_edit_org_table_country($label, $name, $value, $length){
 +?>
 +                      <tr>
 +                              <td class="DataTD"><?=$label?>:</td>
 +                              <td class="DataTD">
 +                                      <input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="<?=intval($length)?>" />
 +                                      <? printf(_('(2 letter %s ISO code %s )'), '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', '</a>')?>
 +                              </td>
 +                              <td class="DataTD"><?=sprintf(_('max %d characters'),$length)?></td>
 +                      </tr>
 +<?
 +      }
 +
 +      /**
 +       * org_edit_org_table_comment()
 +       *
 +       * @param mixed $label
 +       * @param mixed $name
 +       * @param mixed $value
 +       * @return
 +       */
 +      function org_edit_org_table_comment($label, $name, $value){
 +?>
 +                      <tr>
 +                              <td class="DataTD"><?=$label?>:</td>
 +                              <td class="DataTD"><textarea name="<?=$name?>" cols=60 rows=10><?=SanitizeHTML($value)?></textarea></td>
 +                              <td class="DataTD">&nbsp</td>
 +                      </tr>
 +<?
 +      }
 +
 +      /**
 +       * org_edit_org_table_footer()
 +       *
 +       * @param mixed $label
 +       * @return
 +       */
 +      function org_edit_org_table_footer($label){
 +?>
 +                      <tr>
 +                              <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=$label?>"></td>
 +                      </tr>
 +              </table>
 +<?
 +    }
 +
 +      /**
 +       * get_array_from_ini()
 +       *  gets an array from an ini file and trims all entries
 +       * @param mixed $inifile, path and filename of the ini file
 +       * @return
 +       */
 +      function get_array_from_ini($inifile){
 +              $array = parse_ini_file('../config/ttp.ini');
 +              ksort($array);
 +              foreach($array as $key => $value)
 +              {
 +                      unset($array[$key]);
 +                      $array[trim($key)] = trim($value);
 +              }
 +              return  $array;
 +      }
 +
 +      /**
 +      *  create_selectbox_HTML()
 +       *
 +       * @param mixed $name, name for the select element
 +       * @param mixed $options, array with the data for the dropdown
 +       * @param string $value, TRUE if the value for the option should be added
 +       * @param string $firstline, if the should be a first line like´Choose country
 +       * @param string $selected, if selection matches option key the
 +       *         entry is preselected in the dropdownbox
 +       * @return
 +       */
 +      function create_selectbox_HTML($name, array $options, $firstline = '', $value='', $selected = ''){
 +              $return_str='<select name="' . $name . '">';
 +              if (''!= $firstline) {
 +                      $return_str .= '<option>' . $firstline .'</option>';
 +              }
 +              foreach ($options as $key => $avalue) {
 +                      $return_str.='<option';
 +                      if ($value) {
 +                              $return_str.=' value="'.$avalue.'"';
 +                      }
 +                      if ($key==$selected){
 +                              $return_str.=' selected="selected"';
 +                      }
 +                      $return_str.='>'.$key.'</option>';
 +              }
 +              $return_str.='</select>';
 +              return  $return_str;
 +      }
 +
 +      //user function
 +      function get_user_id_from_email($email){
++              $email = mysqli_real_escape_string($_SESSION['mconn'],trim($email));
 +              $res = query_init ("select `id` from `users` where `email` = '" . $email . "'");
 +              $row = query_getnextrow($res);
 +
 +              return intval($row['id']);
 +      }
 +
 +      function get_number_of_adminlog_entries($uid, $typeid, $hours=1){
 +              $uid = intval($uid);
 +              $typeid = intval($typeid);
 +              $hours = intval($hours);
 +              $res = query_init ("SELECT count(*) AS `no` FROM `adminlog`
 +                      WHERE `adminid` = " . $uid . " AND `actiontypeid`=" . $typeid . " and `when` >  NOW() - INTERVAL " . $hours . " HOUR " );
 +              $row = query_getnextrow($res);
 +
 +              return intval($row['no']);
 +      }
 +
  /**
 - * Write some information to the adminlog
 + * write_se_log()
 + *  writes an information to the adminlog
   *
   * @param int $uid - id of the user account
   * @param int $adminid - id of the admin
@@@ -1662,12 -1415,11 +1662,11 @@@ function write_se_log($uid, $adminid, $
        //records all support engineer actions changing a user account
        $uid = intval($uid);
        $adminid = intval($adminid);
-       $type = mysql_real_escape_string($type);
-       $info = mysql_real_escape_string($info);
+       $type = mysqli_real_escape_string($_SESSION['mconn'], $type);
+       $info = mysqli_real_escape_string($_SESSION['mconn'], g($info);
 -      $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
 -              (Now(), $uid, $adminid, '$type', '$info')";
 +      $typeid = intval($typeid);
 +      $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`,`actiontypeid`) values
-               (Now(), $uid, $adminid, '$type', '$info', '$typeid')";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
  }
  
  /**
@@@ -2386,40 -2138,3 +2385,40 @@@ function output_gpg_certs($row, $suppor
        </tr>
        <?
  }
-       mysql_query($query);
 +
 +/**
 + * revoke_assurance()
 + * revokes an assurance and adjusts the old point calculation
 + * @param mixed $assuranceid - id of the assurance
 + * @param mixed $toid        - id of the assuree
 + * @return
 + */
 +function revoke_assurance($assuranceid, $toid){
 +      $assuranceid = intval($assuranceid);
 +      $toid = intval($toid);
 +      $points = 0;
 +
 +      $query = "update `notary` set `deleted` = NOW() where `id` = '$assuranceid' LIMIT 1";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res)){
++      mysqli_query($_SESSION['mconn'],$query);
 +      recalculate_old_assurance_points($toid);
 +      fix_assurer_flag($toid);
 +}
 +
 +/**
 + * recalculates the old points of an assuree
 + * @param int $toid        - id of the assuree
 + */
 +function recalculate_old_assurance_points($toid){
 +      $query = "select * from `notary` where `to` = '$toid' and `method` != 'Administrative Increase' and `deleted` = 0 order by `when`";
-               mysql_query($query);
++      $res = mysqli_query($_SESSION['mconn'], $query);
++      while($row = mysqli_fetch_assoc($_SESSION['mconn'],$res)){
 +              $maxToAward = max(100 - $points, 0);
 +              $newpoints = min($row['awarded'], $maxToAward);
 +
 +              $points += $row['awarded'];
 +
 +              $query = "update `notary` set `points` = '". (int)$newpoints ."' where `id`='" . (int)$row['id'] . "' LIMIT 1";
++              mysqli_query($_SESSION['mconn'],$query);
 +      }
 +
 +}
      You should have received a copy of the GNU General Public License
      along with this program; if not, write to the Free Software
      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 -*/ ?>
 -<?
 +*/
 +
    $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
-   $res = mysql_query($query);
-   $user = mysql_fetch_assoc($res);
+   $res = mysqli_query($_SESSION['mconn'], $query);
+   $user = mysqli_fetch_assoc($res);
  
    $year = intval(substr($user['dob'], 0, 4));
    $month = intval(substr($user['dob'], 5, 2));
        
        // Safe because $order_by only contains fixed strings
        $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by);
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
-               $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
-               $admincount = mysql_num_rows($r2);
-               $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
-               $domcount = mysql_num_rows($r2);
+               $r2 = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='".intval($row['id'])."'");
+               $admincount = mysqli_num_rows($r2);
+               $r2 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+               $domcount = mysqli_num_rows($r2);
  ?>
    <tr>
 -    <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
 +    <td class="DataTD"><?=sanitizeHTML($row['O'])?>, <?=sanitizeHTML($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
      <td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['id'])?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
      <td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
      <td class="DataTD"><a href="account.php?id=27&amp;orgid=<?=$row['id']?>"><?=_("Edit")?></a></td>
      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */ ?>
  <?
 -      $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
 +    $orgid = intval($_REQUEST['orgid']);
-     $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='" . $orgid . "'"));
++    $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
 +    $orgname = $row['O'];
 +    $contactmail = $row['contact'];
 +    $town = $row['L'];
 +    $state = $row['ST'];
 +    $country = $row['C'];
 +    $comment = $row['comments'];
  ?>
  <form method="post" action="account.php">
 -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 -  <tr>
 -    <td colspan="2" class="title"><?=_("Edit Organisation")?></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("Organisation Name")?>:</td>
 -    <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>" size="90"></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("Contact Email")?>:</td>
 -    <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>" size="90"></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("Town/Suburb")?>:</td>
 -    <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>" size="90"></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("State/Province")?>:</td>
 -    <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>" size="90"></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("Country")?>:</td>
 -    <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5">
 -        <?php printf(_('(2 letter %s ISO code %s )'),
 -            '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
 -            '</a>')?>
 -    </td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD"><?=_("Comments")?>:</td>
 -    <td class="DataTD"><textarea name="comments" cols=60 rows=10><?=($row['comments'])?></textarea></td>
 -  </tr>
 -  <tr>
 -    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
 -  </tr>
 -</table>
 +<?
 +    org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 1);
 +?>
  <input type="hidden" name="oldid" value="<?=intval($id)?>">
 -<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
 +<input type="hidden" name="orgid" value="<?=$orgid?>">
  <input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
  </form>
@@@ -37,7 -37,7 +37,7 @@@ if(intval(array_key_exists('userid',$_R
  {
      $_REQUEST['userid'] = 0;
  
-     $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
 -    $emailsearch = $email = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['email']));
++    $emailsearch = $email = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['email'])));
  
      //Disabled to speed up the queries
      //if(!strstr($email, "%"))
  // display user information for given user id
  if(intval($_REQUEST['userid']) > 0) {
      $userid = intval($_REQUEST['userid']);
 -    $res =get_user_data($userid);
 -    if(mysqli_num_rows($res) <= 0) {
 +    $user_data_res =get_user_data($userid);
-     if(mysql_num_rows($user_data_res) <= 0) {
++    if(mysqli_num_rows($user_data_res) <= 0) {
          echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
      } else {
 -        $row = mysqli_fetch_assoc($res);
 -        $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
 -        $dres = mysqli_query($_SESSION['mconn'], $query);
 -        $drow = mysqli_fetch_assoc($dres);
 -        $alerts =get_alerts(intval($row['id']));
 -
 -//display account data
  
  //deletes an assurance
          if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
              } else {
                  $assurance = intval($_REQUEST['assurance']);
                  $trow = 0;
-                 $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
+                 $res = mysqli_query($_SESSION['mconn'], "select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
                  if ($res) {
-                     $trow = mysql_fetch_assoc($res);
+                     $trow = mysqli_fetch_assoc($res);
                      if ($trow) {
 -                        mysqli_query($_SESSION['mconn'], "update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
 -                        fix_assurer_flag($trow['to']);
 +                        revoke_assurance(intval($assurance),$trow['to']);
                      }
                  }
              }
              $ticketmsg=_('No assurance revoked. Ticket number is missing!');
          }
  
-         $row = mysql_fetch_assoc($user_data_res);
++        $row = mysqli_fetch_assoc($user_data_res);
 +        $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
-         $dres = mysql_query($query);
-         $drow = mysql_fetch_assoc($dres);
++        $dres = mysqli_query($_SESSION['mconn'], $query);
++        $drow = mysqli_fetch_assoc($dres);
 +        $alerts =get_alerts(intval($row['id']));
 +
 +//display account data
 +
 +
  //Ticket number
  ?>
  
        $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
        if($userid <= 0)
        {
-               $domainsearch = $domain = mysql_real_escape_string(trim(stripslashes($_POST['domain'])));
+               $domainsearch = $domain = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['domain']));
 -              if(!strstr($domain, "%"))
 +              if(!strstr($domain, "%")) {
                        $domainsearch = "%$domain%";
 -              if(preg_match("/^\d+$/",$domain))
 +              }
 +
 +              //check if request is id if not set search ID to -1
 +              if(preg_match('/^#(\d+)$/', $domain, $match)) {
                        $domainsearch = "";
 +                      $domainid = intval($match[1]);
 +              } else {
 +                      $domainid = -1;
 +              }
 +
                $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
                                where `users`.`id`=`domains`.`memid` and
 -                              (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
 +                              (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
                                `domains`.`deleted`=0 and `users`.`deleted`=0 and
                                `users`.`verified`=1
                                group by `users`.`id` limit 100";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 1) { ?>
+               $res = mysqli_query($_SESSION['mconn'], $query);
 -              if(mysqli_num_rows($res) >= 1) { ?>
++              if(mysqli_num_rows($res) > 1) { ?>
  <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
    <tr>
      <td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
    </tr>
- <?                    while($row = mysql_fetch_assoc($res)) { ?>
 -<?
 -      while($row = mysqli_fetch_assoc($res))
++<?    while($row = mysqli_fetch_assoc($res))
+       { ?>
    <tr>
      <td class="DataTD"><?=_("Domain")?>:</td>
      <td class="DataTD"><?=$row['domid']?></td>
    <tr>
      <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
    </tr>
 -<? } else { ?>
 +<?                    } else { ?>
    <tr>
-     <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+     <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
    </tr>
 -<? } ?>
 +<?                    } ?>
  </table><br><br>
- <?            } elseif(mysql_num_rows($res) == 1) {
-                       $row = mysql_fetch_assoc($res);
+ <?            } elseif(mysqli_num_rows($res) == 1) {
+                       $row = mysqli_fetch_assoc($res);
 -                      $_GET['userid'] = intval($row['id']);
 +                      $userid = intval($row['id']);
                } else {
                        ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
                                <tr>
                        </tr>
                </table><br><br><?
                }
 -
 -              $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
 +              $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 1) { ?>
+               $res = mysqli_query($_SESSION['mconn'], $query);
 -              if(mysqli_num_rows($res) >= 1) { ?>
++              if(mysqli_num_rows($res) > 1) { ?>
  <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
    <tr>
      <td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
    </tr>
- <?                    while($row = mysql_fetch_assoc($res)) { ?>
 -<?
 -      while($row = mysqli_fetch_assoc($res))
++<?    while($row = mysqli_fetch_assoc($res))
+       { ?>
    <tr>
      <td class="DataTD"><?=_("Domain")?>:</td>
      <td class="DataTD"><?=$row['id']?></td>
    <tr>
      <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
    </tr>
 -<? } else { ?>
 +<?                    } else { ?>
    <tr>
-     <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+     <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
    </tr>
 -<? } ?>
 +<?                    } ?>
  </table><br><br>
- <?            } elseif(mysql_num_rows($res) == 1) {
-                       $row = mysql_fetch_assoc($res);
+ <?            } elseif(mysqli_num_rows($res) == 1) {
+                       $row = mysqli_fetch_assoc($res);
 -                      $_GET['userid'] = intval($row['id']);
 +                      $userid = intval($row['id']);
                } else {
                        ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
                                <tr>
Simple merge
Simple merge
diff --cc pages/gpg/2.php
Simple merge
diff --cc pages/wot/1.php
        $query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
                        `ccid`='".$ccid."' and `regid`='".$regid."' and
                        `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
 -                      group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
 +                      AND `notary`.`method` != 'Administrative Increase' AND `notary`.`from` != `notary`.`to`
 +                      group by `notary`.`to` HAVING SUM(`awarded`) >= 100 order by `points` desc";
-       $list = mysql_query($query);
-       if(mysql_num_rows($list) > 0)
+       $list = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($list) > 0)
        {
  ?>
  <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550">
index 069b7a2,0000000..dcacb56
mode 100644,000000..100644
--- /dev/null
@@@ -1,143 -1,0 +1,143 @@@
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
 +<?php
 +/*LibreSSL - CAcert web application
 +Copyright (C) 2004-2008  CAcert Inc.
 +
 +This program is free software; you can redistribute it and/or modify
 +it under the terms of the GNU General Public License as published by
 +the Free Software Foundation; version 2 of the License.
 +
 +This program is distributed in the hope that it will be useful,
 +but WITHOUT ANY WARRANTY; without even the implied warranty of
 +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +GNU General Public License for more details.
 +
 +You should have received a copy of the GNU General Public License
 +along with this program; if not, write to the Free Software
 +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 +*/
 +
 +//*******************  TTP Console ************
 +
 +if ($_SESSION['profile']['ttpadmin'] < 1) {
 +      echo _("You are not allowed to view this page.");
 +      exit;
 +}
 +
 +//Check for test or productive environment, in case of test the user data for the print out is extended by 'test system'
 +$testserver='';
 +if ($_SESSION['_config']['normalhostname']=='cacert1.it-sls.de') {
 +      $testserver=' test system';
 +}
 +
 +$row = $_SESSION['_config']['notarise'];
 +$fname = $row['fname'];
 +$mname = $row['mname'];
 +$lname = $row['lname'];
 +$suffix = $row['suffix'];
 +$fullname = $fname." ".$mname." ".$lname." ".$suffix;
 +$email = $row['email'];
 +$dob = date_format(new DateTime($row['dob']), 'Y-m-d');
 +$userid = $row['id'];
 +
 +//List TTP Assurances and TotalPoints
 +//changed get_received_assurances ($userid, $support)
 +
 +//include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
 +include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
 +
 +output_received_assurances(intval($userid),2); //support==2 => TTP
 +
 +
 +$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($userid)."'";
- $ttp_assurances_count=$num_rows = mysql_num_rows($res);
++$dres = mysqli_query($_SESSION['mconn'],$query);
++$drow = mysqli_fetch_assoc($_SESSION['mconn'],$dres);
 +
 +$points=$drow['points'];
 +if ($points<1) {
 +      $points=0;
 +}
 +
 +$res = get_received_assurances(intval($userid), 2);
++$ttp_assurances_count=$num_rows = mysqli_num_rows($_SESSION['mconn'],$res);
 +
 +//Form
 +?>
 +<table align="center" class="wrapper">
 +      <tr>
 +              <td class="title"><?=sprintf(_('Total assurance points for %s'),$fullname)?></td>
 +      </tr>
 +      <tr>
 +              <td><?=sprintf(_('%s points'), $points)?></td>
 +      </tr>
 +</table>
 +<br/>
 +<form action="https://pdf.cacert.eu/cacertpdf.php" method="get" accept-charset="UTF-8">
 +      <table align="center" class="wrapper">
 +              <tr>
 +                      <td colspan="2" class="title"><?= _('TTP CAP form creation')?></td>
 +              </tr>
 +              <tr>
 +                      <td colspan="2" class="title"><?= _('User information')?></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Fullname')?><input type="hidden" name="fullname" value="<?=$fullname.$testserver?>"/></td>
 +                      <td><?=$fullname?></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Date of Birth')?><input type="hidden" name="dob" value="<?=$dob.$testserver?>"/></td>
 +                      <td><?=$dob?></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Email')?><input type="hidden" name="email" value="<?=$email.$testserver?>"/></td>
 +                      <td><?=$email?></td>
 +              </tr>
 +              <tr></tr>
 +              <tr>
 +                      <td><?=_('Country where the TTP will be visited')?></td>
 +                      <td>
 +                              <?
 +                              $ttpcountries=get_array_from_ini('../config/ttp.ini');
 +                              echo create_selectbox_HTML('type',$ttpcountries, '',TRUE);
 +                              ?>
 +                      </td>
 +              </tr>
 +              <tr>
 +                      <td colspan="2" class="title"><?=_('TTP Admin postal address, including name, street, country etc.')?></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Line').' 1'?></td>
 +                      <td><input type="text" name="adress" /></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Line').' 2'?></td>
 +                      <td><input type="text" name="adress1" /></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Line').' 3'?></td>
 +                      <td><input type="text" name="adress2" /></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Line').' 4'?></td>
 +                      <td><input type="text" name="adress3" /></td>
 +              </tr>
 +              <tr>
 +                      <td><?=_('Line').' 5'?></td>
 +                      <td><input type="text" name="adress4" /></td>
 +              </tr>
 +              <tr>
 +                      <td colspan="2" class="title">
 +                      <?
 +                      if ($points>=100 || $ttp_assurances_count>=2) {
 +                              echo _('No TTP assurance allowed');
 +                      }else{
 +                              ?><input type="submit" value="<?=_('Create TTP CAP pdf file')?>"/><?
 +                      }?>
 +                      </td>
 +              </tr>
 +      </table>
 +      <input type="hidden" name="lang" value="en"/>
 +</form>
 +
 +<div class="blockcenter">
 +      <a href="wot.php?id=6&amp;userid=<?=$userid ?>"><?=_("Back")?></a>
 +</div>
diff --cc pages/wot/9.php
                echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer.");
        } else {
  
-               $user = mysql_fetch_array($res);
+               $user = mysqli_fetch_array($res);
                $userlang = L10n::normalise_translation($user['language']);
 -              $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
 -                              where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
 +              $points = get_received_total_points(intval($user['id']));
                if($points <= 0) {
                        echo _("Sorry, I was unable to locate that user.");
                } else {
index b9d1f8e,0cfd32e..c267e24
mode 100755,100644..100644
@@@ -273,73 -299,6 +273,73 @@@ function getDataFromLive() 
        return $stats;
  }
  
-     $row = mysql_fetch_assoc(sql_query($query5));
 +/**
 + * assurer_count()
 + *   returns the number of new assurer in period given through from and to, type is defining the CATS type that is used as definition to be assurer
 + * @param mixed $from
 + * @param mixed $to
 + * @param integer $type
 + * @return
 + */
 +function assurer_count($from, $to, $type = 1){
 +    if ($type == 0) {
 +        $atype = "";
 +        $btype = "";
 +    } else {
 +        $atype = " AND n.`to` in (SELECT c.user_id FROM cats_passed as c, cats_variant as v WHERE c.variant_id = v.id and v.type_id = $type and pass_date < @a) ";
 +        $btype = " AND n.`to` in (SELECT c.user_id FROM cats_passed as c, cats_variant as v WHERE c.variant_id = v.id and v.type_id = $type and pass_date < @b) ";
 +    }
 +
 +    $query1 = "SET @a = '$from';";
 +
 +    $query2 = "SET @b = '$to';";
 +
 +    $query3 = "CREATE TEMPORARY TABLE a
 +            SELECT n.`to`, sum(n.awarded) as `received_pts`, max(n.`when`) as `last_assurance`
 +            FROM cacert.notary as n
 +            WHERE 1
 +                AND n.`from` != n.`to`
 +                AND (n.`deleted` = '0000-00-00 00:00:00')
 +                AND n.`when` < @a
 +                $atype
 +            GROUP by n.`to`
 +            HAVING 1
 +                AND `received_pts` >= 100
 +            ORDER by `last_assurance` DESC;";
 +
 +    $query4 = "CREATE TEMPORARY TABLE b
 +            SELECT n.`to`, sum(n.awarded) as `received_pts`, max(n.`when`) as `last_assurance`
 +            FROM cacert.notary as n
 +            WHERE 1
 +                AND n.`from` != n.`to`
 +                AND (n.`deleted` = '0000-00-00 00:00:00')
 +                AND n.`when` < @b
 +                $btype
 +            GROUP by n.`to`
 +            HAVING 1
 +                AND `received_pts` >= 100
 +            ORDER by `last_assurance` DESC;";
 +
 +    $query5 = "SELECT count(*) as `count` FROM b WHERE b.`to` NOT IN (SELECT a.`to` FROM a);";
 +
 +    $query6 = "DROP TEMPORARY TABLE a;";
 +
 +    $query7 = "DROP TEMPORARY TABLE b;";
 +
 +
 +    sql_query($query1);
 +    sql_query($query2);
 +    sql_query($query3);
 +    sql_query($query4);
 +
++    $row = mysqli_fetch_assoc($_SESSION['mconn'],sql_query($query5));
 +
 +    sql_query($query6);
 +    sql_query($query7);
 +
 +    return(intval($row['count']));
 +}
 +
  
  $stats = getDataFromLive();
  if (! updateCache($stats) ) {
index 4b2c29b,7e1e18f..daec9da
mode 100755,100644..100644
        }
  
  
-       mysql_query("update `locations` set `acount`=0");
+       mysqli_query($_SESSION['mconn'], "update `locations` set `acount`=0");
        $query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
 -                      WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1
 +                      WHERE users.assurer='1' AND `users`.`locid` != 0 and users.listme=1 and `users`.`deleted` = 0
                        GROUP BY `users`.`locid`";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
                $query = "update `locations` set `acount`='${row['total']}' where `id`='${row['locid']}'";
                echo $query."\n";
        }
  
  
-       mysql_query("update `regions` set `acount`=0");
+       mysqli_query($_SESSION['mconn'], "update `regions` set `acount`=0");
        $query = "SELECT `users`.`regid` AS `regid`, count(*) AS `total` FROM `users`
 -                      WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1
 +                      WHERE users.assurer='1' AND `users`.`regid` != 0 and users.listme=1 and `users`.`deleted` = 0
                        GROUP BY `users`.`regid`";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
                $query = "update `regions` set `acount`='${row['total']}' where `id`='${row['regid']}'";
                echo $query."\n";
  
  
  
-       mysql_query("update `countries` set `acount`=0");
+       mysqli_query($_SESSION['mconn'], "update `countries` set `acount`=0");
        $query = "SELECT `users`.`ccid` AS `ccid`, count(*) AS `total` FROM `users`
 -                      WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1
 +                      WHERE users.assurer='1' AND `users`.`ccid` != 0 and users.listme=1 and `users`.`deleted` = 0
                        GROUP BY `users`.`ccid`";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
                $query = "update `countries` set `acount`='${row['total']}' where `id`='${row['ccid']}'";
                echo $query."\n";
diff --cc www/ac.php
  */
        header('Content-Type: text/html; charset=UTF-8');
  
 -      if($_REQUEST['i'] != "")
 +      if(isset($_REQUEST['i']) && $_REQUEST['i'] != "")
                echo "<html><body><script language=\"JavaScript\"><!--\n";
  
-       $s = mysql_real_escape_string($_REQUEST['s']);
+       $s = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['s']);
  
-       $id = mysql_real_escape_string(strip_tags($_REQUEST['id']));
+       $id = mysqli_real_escape_string($_SESSION['mconn'], strip_tags($_REQUEST['id']));
        echo "parent._ac_rpc('".sanitizeHTML($id)."',";
  
        $bits = explode(",", $s);
  
-       $loc = trim(mysql_real_escape_string($bits[0]));
-       $reg = trim(mysql_real_escape_string(isset($bits[1])?$bits[1]:""));
-       $ccname = trim(mysql_real_escape_string(isset($bits[2])?$bits[2]:""));
+       $loc = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['0']));
 -      $reg = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['1']));
 -      $ccname = trim(mysqli_real_escape_string($_SESSION['mconn'], $bits['2']));
++      $reg = trim(mysqli_real_escape_string($_SESSION['mconn'], isset($bits[1])?$bits[1]:""));
++      $ccname = trim(mysqli_real_escape_string($_SESSION['mconn'], isset($bits[2])?$bits[2]:""));
        $query = "select `locations`.`id` as `locid`, `locations`.`name` as `locname`, `regions`.`name` as `regname`,
                        `countries`.`name` as `ccname` from `locations`, `regions`, `countries` where
                        `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
                        `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
                        order by `locations`.`acount` DESC, `locations`.`name` ASC limit 10";
-       $res = mysql_query($query);
+       $res = mysqli_query($_SESSION['mconn'], $query);
 +      $rc = 0;
-       while($row = mysql_fetch_assoc($res))
+       while($row = mysqli_fetch_assoc($res))
        {
                $rc++;
                if($rc > 1)
diff --cc www/account.php
                        exit;
                }
  
 -      } else if($id == 51 && $_GET['img'] == "show") {
 -              $query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
 -              $res = mysqli_query($_SESSION['mconn'], $query);
 -              if(mysqli_num_rows($res))
 -              {
 -                      $row = mysqli_fetch_assoc($res);
 -                      readfile($row['photoid']);
 -              } else {
 -                      die("No such file.");
 -              }
 -              exit;
++
        } else if ($id == 37) {
                $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
                $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
@@@ -85,9 -83,9 +85,9 @@@ if (get_magic_quotes_gpc()) 
   $variant = $_POST['variant'];
   $date = $_POST['date'];
  }
 -  
 +
  // Explicitly select all those IDs so I can insert new rows if needed.
- $query = mysql_query('SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysql_real_escape_string($type).'\';');
+ $query = mysqli_query($_SESSION['mconn'], 'SELECT `id` FROM `cats_type` WHERE `type_text` = \''.mysqli_real_escape_string($_SESSION['mconn'], $type).'\';');
  if (!$query) {
    echo 'Invalid query'."\r\n";
    trigger_error('Invalid query', E_USER_ERROR);
diff --cc www/gpg.php
@@@ -444,25 -64,15 +444,25 @@@ function verifyName($name
  {
        if($name == "") return 0;
  
-       $q = mysql_query("SELECT HEX(CONVERT(users.fname USING utf8)) as fname, HEX(CONVERT(users.mname USING utf8)) as mname, HEX(CONVERT(users.lname USING utf8)) as lname, HEX(CONVERT(users.suffix USING UTF8)) as suffix FROM users WHERE id='" . intval($_SESSION["profile"]["id"]) . "'");
-       if( false === ($row = mysql_fetch_assoc($q)) ) {
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'])) return 1; // John Doe
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname'])) return 1; // John Joseph Doe
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0]." ".$_SESSION['profile']['lname'])) return 1; // John J Doe
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0].". ".$_SESSION['profile']['lname'])) return 1; // John J. Doe
++      $q = mysqli_query($_SESSION['mconn'], "SELECT HEX(CONVERT(users.fname USING utf8)) as fname, HEX(CONVERT(users.mname USING utf8)) as mname, HEX(CONVERT(users.lname USING utf8)) as lname, HEX(CONVERT(users.suffix USING UTF8)) as suffix FROM users WHERE id='" . intval($_SESSION["profile"]["id"]) . "'");
++      if( false === ($row = mysqli_fetch_assoc($_SESSION['mconn'],$q)) ) {
 +              return 0;
 +      }
 +
 +      $row['fname'] = hex2bin($row['fname']);
 +      $row['mname'] = hex2bin($row['mname']);
 +      $row['lname'] = hex2bin($row['lname']);
 +      $row['suffix'] = hex2bin($row['suffix']);
  
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; // John Doe Jr.
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John Joseph Doe Jr.
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0]." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John J Doe Jr.
 -      if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0].". ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John J. Doe Jr.
 +      if(compareName($name, $row['fname']." ".$row['lname'])) return 1; // John Doe
 +      if(compareName($name, $row['fname']." ".$row['mname']." ".$row['lname'])) return 1; // John Joseph Doe
 +      if(compareName($name, $row['fname']." ".$row['mname'][0]." ".$row['lname'])) return 1; // John J Doe
 +      if(compareName($name, $row['fname']." ".$row['mname'][0].". ".$row['lname'])) return 1; // John J. Doe
 +
 +      if(compareName($name, $row['fname']." ".$row['lname']." ".$row['suffix'])) return 1; // John Doe Jr.
 +      if(compareName($name, $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'])) return 1; //John Joseph Doe Jr.
 +      if(compareName($name, $row['fname']." ".$row['mname'][0]." ".$row['lname']." ".$row['suffix'])) return 1; //John J Doe Jr.
 +      if(compareName($name, $row['fname']." ".$row['mname'][0].". ".$row['lname']." ".$row['suffix'])) return 1; //John J. Doe Jr.
  
        return 0;
  }
diff --cc www/index.php
@@@ -141,17 -141,10 +141,17 @@@ require_once('../includes/notary.inc.ph
                {
                        $id = $oldid;
                        $oldid = 0;
 -                      $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
 +                      $_SESSION['_config']['errmsg'] = _('Unable to match your details with any user accounts on file');
                } else {
-                       $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
 -                      $id = 6;
+                       $_SESSION['lostpw']['user'] = mysqli_fetch_assoc($res);
 +                      //check wether account is locked or deleted
 +                      if ($_SESSION['lostpw']['user']['locked'] == 1 || $_SESSION['lostpw']['user']['deleted'] != 0) {
 +                              $id = $oldid;
 +                              $oldid = 0;
 +                              $_SESSION['_config']['errmsg'] = sprintf(_('The account is not available, please get in contact with support (%s).'),'support@cacert.org');
 +                      } else {
 +                              $id = 6;
 +                      }
                }
        }
  
diff --cc www/stats.php
Simple merge
diff --cc www/wot.php
@@@ -343,15 -336,26 +343,15 @@@ function send_reminder(
        {
                $max =  maxpoints();
  
 -              $awarded = $newpoints = intval($_POST['points']);
 -              if($newpoints > $max)
 -                      $newpoints = $awarded = $max;
 -              if($newpoints < 0)
 -                      $newpoints = $awarded = 0;
 -
 -              $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
 -              $res = mysqli_query($_SESSION['mconn'], $query);
 -              $drow = mysqli_fetch_assoc($res);
 -
 -              $_POST['expire'] = 0;
 +              $awarded = intval($_POST['points']);
 +              if($awarded > $max)
 +                      $awarded = $max;
 +              if($awarded < 0)
 +                      $awarded = 0;
  
 -              if(($drow['total'] + $newpoints) > 100 && $max < 100)
 -                      $newpoints = 100 - $drow['total'];
 -              if(($drow['total'] + $newpoints) > $max && $max >= 100)
 -                      $newpoints = $max - $drow['total'];
 -              if($newpoints < 0)
 -                      $newpoints = 0;
 +              $drow_points = get_received_assurance_points(intval($_SESSION['_config']['notarise']['id']));
  
-               if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
+               if(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date'])) == "")
                        $_POST['date'] = date("Y-m-d H:i:s");
  
                $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND
        {
                $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
                                                `to`='".intval($_SESSION['_config']['notarise']['id'])."',
 -                                              `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
 +                                              `points`='0', `awarded`='".intval($awarded)."',
-                                               `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
-                                               `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
+                                               `location`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['location']))."',
+                                               `date`='".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['date']))."',
                                                `when`=NOW()";
                //record active acceptance by Assurer
                if (check_date_format(trim($_REQUEST['date']),2010)) {
                        write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
                        write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
                }
 -              if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
 +              if($_SESSION['profile']['ttpadmin'] >= 1 && $_POST['method'] == 'TTP-Assisted') {
                        $query .= ",\n`method`='TTP-Assisted'";
                }
-               mysql_query($query);
 +              if($_SESSION['profile']['ttpadmin'] == 2 && $_POST['method'] == 'TTP-TOPUP') {
 +                      $query .= ",\n`method`='TTP-TOPUP'";
 +              }
 -              fix_assurer_flag($_SESSION['_config']['notarise']['id']);
+               mysqli_query($_SESSION['mconn'], $query);
++
                include_once("../includes/notary.inc.php");
  
 +              recalculate_old_assurance_points($_SESSION['_config']['notarise']['id']);
 +              fix_assurer_flag($_SESSION['_config']['notarise']['id']);
                if($_SESSION['profile']['points'] < 150)
                {
                        $addpoints = 0;
                        $body = $_REQUEST['message'];
                        $subject = $_REQUEST['subject'];
                        $userid = intval($_REQUEST['userid']);
-                       $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
+                       $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
 -                      $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
 -                                              where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
 -                      if($points > 0)
 +                      if(is_assurer($userid) > 0)
                        {
                                $my_translation = L10n::get_translation();
                                L10n::set_translation($user['language']);
                exit;
        }
  
 -//    showheader(_("My CAcert.org Account!"));
 -//    echo "ID now = ".$id."/".$oldid.">>".$iecho;
 -//    includeit($id, "wot");
 -//    showfooter();
 +      // Assurer Check
 +      if($oldid == 17 )
 +      {
 +              $oldid = 0;
 +              $id = 17;
 +              $number = 5;
-               $email = mysql_real_escape_string(trim($_REQUEST['email']));
-               $reason = mysql_real_escape_string(trim($_REQUEST['reason']));
++              $email = mysqli_real_escape_string($_SESSION['mconn'],trim($_REQUEST['email']));
++              $reason = mysqli_real_escape_string($_SESSION['mconn'],trim($_REQUEST['reason']));
 +              $uid = get_user_id_from_email($email);
 +
 +              if ($uid == 0) {
 +                      show_page("AssurerCheck", "", _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
 +                      exit;
 +              }
 +
 +              if ($reason == "--") {
 +                      show_page("AssurerCheck", "" ,_("I'm sorry, there was no reason given why you need to check the assurer status."));
 +                      exit;
 +              }
 +
 +              if (get_number_of_adminlog_entries($_SESSION['profile']['id'],1000,1) > $number) {
 +                      show_page("AssurerCheck", "", sprintf(_("I'm sorry, you reached the maximum requests of %s per hour. Please wait until you try it again."),$number));
 +                      exit;
 +              }
 +
 +              if (is_assurer($uid)) {
 +                      $status = _('Is assurer');
 +              } else {
 +                       $status = _('Is no assurer');
 +              }
 +
 +              write_se_log($uid, $_SESSION['profile']['id'], 'User Assurer status check', '', 1000);
 +
 +              $assurer = get_user($uid);
 +
 +              //mail to member
 +              $my_translation = L10n::get_translation();
 +              L10n::set_translation($assurer['language']);
 +
 +              $subject = "[CAcert.org] ". _("Assurer status report for you");
 +
 +              $body  = sprintf(_("Hi %s,"), $assurer['fname'])."\n\n";
 +              $body .= sprintf(_("%s %s (%s) has requested your assurer status for %s."),
 +                      $_SESSION['profile']['fname'],
 +                      $_SESSION['profile']['lname'],
 +                      $_SESSION['profile']['email'],
 +                      $reason)."\n\n";
 +              $body .= sprintf(_("The transmitted result: %s"), $status)."\n";
 +              $body .= _("Best regards")."\n";
 +              $body .= _("CAcert Support Team");
 +
 +              sendmail($assurer['email'], "[CAcert.org] ". $subject, $body,
 +                      "support@cacert.org", //from
 +                      "", //replyto
 +                      "", //toname
 +                      "CAcert Support"); //fromname
 +
 +              L10n::set_translation($my_translation);
 +
 +              showheader(_("My CAcert.org Account!"));?>
 +              <p>
 +                      <?=sprintf(_('The assurer status for %s %s (%s) is: %s'),
 +                              $assurer['fname'],
 +                              $assurer['lname'],
 +                              $assurer['email'],
 +                              $status) . '<br/>'. _('The mail with the status request has been sent to the email address above.'); ?>
 +              </p>
 +              <?
 +              showfooter();
 +              exit;
 +      }
 +
  show_page ($id,"","");
 -?>