All mysql_-statments replaced by their corresponding mysqli_-statements
authorKarl-Heinz Gödderz (GuKKDevel) <Devel@GuKK-Online.de>
Tue, 30 Oct 2018 21:57:15 +0000 (22:57 +0100)
committerKarl-Heinz Gödderz (GuKKDevel) <Devel@GuKK-Online.de>
Wed, 31 Oct 2018 05:40:41 +0000 (06:40 +0100)
113 files changed:
includes/account.php
includes/account_stuff.php
includes/general.php
includes/general_stuff.php
includes/lib/account.php
includes/lib/general.php
includes/lib/l10n.php
includes/loggedin.php
includes/mysql.php.sample
includes/notary.inc.php
pages/account/12.php
pages/account/13.php
pages/account/15.php
pages/account/18.php
pages/account/19.php
pages/account/2.php
pages/account/22.php
pages/account/23.php
pages/account/25.php
pages/account/26.php
pages/account/27.php
pages/account/28.php
pages/account/29.php
pages/account/3.php
pages/account/30.php
pages/account/31.php
pages/account/32.php
pages/account/33.php
pages/account/34.php
pages/account/35.php
pages/account/41.php
pages/account/43.php
pages/account/49.php
pages/account/5.php
pages/account/51.php
pages/account/52.php
pages/account/53.php
pages/account/54.php
pages/account/55.php
pages/account/56.php
pages/account/57.php
pages/account/58.php
pages/account/59.php
pages/account/6.php
pages/account/9.php
pages/advertising/0.php
pages/gpg/2.php
pages/gpg/3.php
pages/wot/1.php
pages/wot/10.php
pages/wot/12.php
pages/wot/13.php
pages/wot/9.php
scripts/49de-lt2013-berlin-mail.php.txt
scripts/50de-ate-luebeck-mail.php.txt
scripts/51at-ate-graz-mail.php.txt
scripts/52at-ate-wien-mail.php.txt
scripts/53de-ate-amberg-mail.php.txt
scripts/54at-ate-linz-mail.php.txt
scripts/55de-ate-wiesbaden-mail.php.txt
scripts/56at-ate-oberwart-mail.php.txt
scripts/57at-ate-graz-mail.php.txt
scripts/58at-ate-wien-mail.php.txt
scripts/addpoints.php [changed mode: 0755->0644]
scripts/assurer.php
scripts/consistence.php [changed mode: 0755->0644]
scripts/country.php [changed mode: 0755->0644]
scripts/cron/permissionreview.php [changed mode: 0755->0644]
scripts/cron/refresh_stats.php [changed mode: 0755->0644]
scripts/cron/removedead.php [changed mode: 0755->0644]
scripts/cron/updatesort.php [changed mode: 0755->0644]
scripts/cron/warning.php [changed mode: 0755->0644]
scripts/gpgcheck3.php
scripts/gpgfillmissingemail.php
scripts/gpgfillmissingkeyid.php
scripts/mailing archive/45au-ate-melbourne-mail.php.txt
scripts/mailing archive/46us-ate-raleigh-mail.php.txt
scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt
scripts/mailing archive/48de-ate-kiel-mail.php.txt
scripts/mailing archive/oa01-allowance.php.txt
scripts/mailing archive/oa02-orgainformation.php.txt
scripts/mass-revoke.php
scripts/newsletter.php [changed mode: 0755->0644]
scripts/newslettercebit.php [changed mode: 0755->0644]
scripts/notify.php [changed mode: 0755->0644]
scripts/resetpermissions.php
scripts/scanforexponents.php [changed mode: 0755->0644]
scripts/send_heartbleed.php
scripts/send_policy_cca_20140916.php
scripts/send_thawte.php.txt
stamp/certdet.php
stamp/common.php
stamp/displogo.php
stamp/report.php
tverify/index.php
tverify/index/0.php
www/ac.php
www/account.php
www/advertising.php
www/alert_hash_collision.php
www/api/ccsr.php
www/api/cemails.php
www/api/edu.php
www/cats/cats_import.php
www/disputes.php
www/gpg.php
www/index.php
www/news.php
www/rss.php
www/sqldump.php
www/stats.php
www/verify.php
www/wot.php

index 6dacf2d..d14e27d 100644 (file)
@@ -120,7 +120,7 @@ function buildSubjectFromSession() {
                        showfooter();
                        exit;
                }
-               if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
+               if(trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newemail']))) == "")
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("Not a valid email address. Can't continue."));
@@ -128,7 +128,7 @@ function buildSubjectFromSession() {
                        exit;
                }
                $oldid=0;
-               $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
+               $_REQUEST['email'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newemail'])));
                if(check_email_exists($_REQUEST['email'])==true)
                {
                        showheader(_("My CAcert.org Account!"));
@@ -152,8 +152,8 @@ function buildSubjectFromSession() {
                }
                $hash = make_hash();
                $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
-               mysql_query($query);
-               $emailid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'],$query);
+               $emailid = mysqli_insert_id($_SESSION['mconn']);
 
                $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
                $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
@@ -172,15 +172,15 @@ function buildSubjectFromSession() {
                $id = 2;
                $emailid = intval($_REQUEST['emailid']);
                $query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        showheader(_("Error!"));
                        echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
                        showfooter();
                        exit;
                }
-               $row = mysql_fetch_assoc($res);
+               $row = mysqli_fetch_assoc($res);
                $body  = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
                $body .= _("You are receiving this email because you or someone else ".
                                "has changed the default email on your account.")."\n\n";
@@ -191,8 +191,8 @@ function buildSubjectFromSession() {
                                "support@cacert.org", "", "", "CAcert Support");
 
                $_SESSION['profile']['email'] = $row['email'];
-               $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
-               mysql_query($query);
+               $query = "update `users` set `email`='".mysqli_real_escape_string($_SESSION['mconn'], $row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
+               mysqli_query($_SESSION['mconn'],$query);
                showheader(_("My CAcert.org Account!"));
                printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
                showfooter();
@@ -216,11 +216,11 @@ function buildSubjectFromSession() {
                                }
                                $id = intval($id);
                                $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
-                                               `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                                               `email`!='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['profile']['email'])."'";
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $row = mysql_fetch_assoc($res);
+                                       $row = mysqli_fetch_assoc($res);
                                        echo $row['email']."<br>\n";
                                        account_email_delete($row['id']);
                                        $delcount++;
@@ -326,10 +326,10 @@ function buildSubjectFromSession() {
                        if(is_array($_SESSION['_config']['addid']))
                        foreach($_SESSION['_config']['addid'] as $id)
                        {
-                               $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'],"select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $row = mysql_fetch_assoc($res);
+                                       $row = mysqli_fetch_assoc($res);
                                        if(!$emails)
                                                $defaultemail = $row['email'];
                                        $emails .= "$count.emailAddress = ".$row['email']."\n";
@@ -345,7 +345,7 @@ function buildSubjectFromSession() {
                                showfooter();
                                exit;
                        }
-                       $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+                       $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                        if($_SESSION['_config']['SSO'] == 1)
                                $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
 
@@ -389,13 +389,13 @@ function buildSubjectFromSession() {
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
                                                `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
-                       mysql_query($query);
-                       $emailid = mysql_insert_id();
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $emailid = mysqli_insert_id($_SESSION['mconn']);
                        if(is_array($addys))
                        foreach($addys as $addy)
-                               mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+                               mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
                        $CSRname=generatecertpath("csr","client",$emailid);
                        $fp = fopen($CSRname, "w");
                        fputs($fp, $emails);
@@ -411,7 +411,7 @@ function buildSubjectFromSession() {
                                showfooter();
                                exit;
                        }
-                       mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
+                       mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
                        if($csr == "")
                                $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
@@ -434,7 +434,7 @@ function buildSubjectFromSession() {
                        $defaultemail = "";
                        $csrsubject="";
 
-                       $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+                       $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                        if(strlen($user['mname']) == 1)
                                $user['mname'] .= '.';
                        if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
@@ -450,10 +450,10 @@ function buildSubjectFromSession() {
                        if(is_array($_SESSION['_config']['addid']))
                        foreach($_SESSION['_config']['addid'] as $id)
                        {
-                               $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'],"select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $row = mysql_fetch_assoc($res);
+                                       $row = mysqli_fetch_assoc($res);
                                        if($defaultemail == "")
                                                $defaultemail = $row['email'];
                                        $csrsubject .= "/emailAddress=".$row['email'];
@@ -490,27 +490,27 @@ function buildSubjectFromSession() {
                                                `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
                                                `memid`='".intval($_SESSION['profile']['id'])."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-                                               `subject`='".mysql_real_escape_string($csrsubject)."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
                                                `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
-                       mysql_query($query);
-                       $emailid = mysql_insert_id();
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $emailid = mysqli_insert_id($_SESSION['mconn']);
                        if(is_array($addys))
                        foreach($addys as $addy)
-                               mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
+                               mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysqli_real_escape_string($_SESSION['mconn'], $addy)."'");
                        $CSRname=generatecertpath("csr","client",$emailid);
                        $fp = fopen($CSRname, "w");
                        fputs($fp, $csr);
                        fclose($fp);
-                       mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+                       mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                }
                waitForResult("emailcerts", $emailid, 4);
                $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        $id = 4;
                        showheader(_("My CAcert.org Account!"));
@@ -547,12 +547,12 @@ function buildSubjectFromSession() {
                }
 
                $newdom = trim(escapeshellarg($newdomain));
-               $newdomain = mysql_real_escape_string(trim($newdomain));
+               $newdomain = mysqli_real_escape_string($_SESSION['mconn'], trim($newdomain));
 
-               $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
+               $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain`='$newdomain'");
                $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
-               $res2 = mysql_query($query);
-               if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
+               $res2 = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2))
                {
                        $oldid=0;
                        $id = 7;
@@ -579,7 +579,7 @@ function buildSubjectFromSession() {
                                $bits = explode(":", $line, 2);
                                $line = trim($bits[1]);
                                if(!in_array($line, $addy) && $line != "")
-                                       $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
+                                       $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
                        }
                } else {
                        if(is_array($adds))
@@ -597,7 +597,7 @@ function buildSubjectFromSession() {
                                                $line = $bit;
                                }
                                if(!in_array($line, $addy) && $line != "")
-                                       $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
+                                       $addy[] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($line)));
                        }
                }
 
@@ -606,7 +606,7 @@ function buildSubjectFromSession() {
                        if(!in_array($sub, $addy))
                                $addy[] = $sub;
                $_SESSION['_config']['addy'] = $addy;
-               $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
+               $_SESSION['_config']['domain'] = mysqli_real_escape_string($_SESSION['mconn'], $newdomain);
        }
 
        if($process != "" && $oldid == 8)
@@ -615,7 +615,7 @@ function buildSubjectFromSession() {
                $oldid=0;
                $id = 8;
 
-               $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
+               $authaddy = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['authaddy'])));
 
                if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
                {
@@ -633,9 +633,9 @@ function buildSubjectFromSession() {
                        exit;
                }
 
-               $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0)
+               $query = "select * from `domains` where `domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['domain'])."' and `deleted`=0";
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) > 0)
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
@@ -659,10 +659,10 @@ function buildSubjectFromSession() {
                }
 
                $hash = make_hash();
-               $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
+               $query = "insert into `domains` set `domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['domain'])."',
                                        `memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
-               mysql_query($query);
-               $domainid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'],$query);
+               $domainid = mysqli_insert_id($_SESSION['mconn']);
 
                $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
                $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
@@ -689,10 +689,10 @@ function buildSubjectFromSession() {
                        {
                                $id = intval($id);
                                $query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $row = mysql_fetch_assoc($res);
+                                       $row = mysqli_fetch_assoc($res);
                                        echo $row['domain']."<br>\n";
                                        account_domain_delete($row['id']);
                                }
@@ -810,20 +810,20 @@ function buildSubjectFromSession() {
                if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
                {
                        $query = "insert into `domaincerts` set
-                                               `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
-                                               `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
-                                               `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rows']['0'])."',
+                                               `domid`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rowid']['0'])."',
+                                               `created`=NOW(),`subject`='".mysqli_real_escape_string($_SESSION['mconn'], $subject)."',
+                                               `rootcert`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rootcert'])."',
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
                } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
                        $query = "insert into `domaincerts` set
-                                               `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
-                                               `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
-                                               `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altrows']['0'])."',
+                                               `domid`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altid']['0'])."',
+                                               `created`=NOW(),`subject`='".mysqli_real_escape_string($_SESSION['mconn'], $subject)."',
+                                               `rootcert`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rootcert'])."',
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
                } else {
                        showheader(_("My CAcert.org Account!"));
                        echo _("Domain not verified.");
@@ -831,24 +831,24 @@ function buildSubjectFromSession() {
                        exit;
                }
 
-               mysql_query($query);
-               $CSRid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'],$query);
+               $CSRid = mysqli_insert_id($_SESSION['mconn']);
 
                if(is_array($_SESSION['_config']['rowid']))
                        foreach($_SESSION['_config']['rowid'] as $dom)
-                               mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+                               mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
                if(is_array($_SESSION['_config']['altid']))
                foreach($_SESSION['_config']['altid'] as $dom)
-                       mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+                       mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
 
                $CSRname=generatecertpath("csr","server",$CSRid);
                rename($_SESSION['_config']['tmpfname'], $CSRname);
                chmod($CSRname,0644);
-               mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
                waitForResult("domaincerts", $CSRid, 11);
                $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        $id = 11;
                        showheader(_("My CAcert.org Account!"));
@@ -878,14 +878,14 @@ function buildSubjectFromSession() {
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
                                        continue;
                                }
 
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
 
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
@@ -894,20 +894,20 @@ function buildSubjectFromSession() {
                                        continue;
                                }
 
-                               mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `renewed`='1' where `id`='$id'");
                                $query = "insert into `domaincerts` set
                                                `domid`='".intval($row['domid'])."',
-                                               `CN`='".mysql_real_escape_string($row['CN'])."',
-                                               `subject`='".mysql_real_escape_string($row['subject'])."',".
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',".
                                                //`csr_name`='".$row['csr_name']."', // RACE CONDITION
-                                               "`created`='".mysql_real_escape_string($row['created'])."',
+                                               "`created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
                                                `modified`=NOW(),
                                                `rootcert`='".intval($row['rootcert'])."',
                                                `type`='".intval($row['type'])."',
-                                               `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                                               `pkhash`='".mysqli_real_escape_string($_SESSION['mconn'], $row['pkhash'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","server",$newid);
                                copy($row['csr_name'], $newfile);
                                $newfile_esc = escapeshellarg($newfile);
@@ -929,18 +929,18 @@ function buildSubjectFromSession() {
                                }
 
                                $subject = buildSubjectFromSession();
-                               $subject = mysql_real_escape_string($subject);
-                               mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
+                               $subject = mysqli_real_escape_string($_SESSION['mconn'], $subject);
+                               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
 
                                echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
                                waitForResult("domaincerts", $newid,$oldid,0);
                                $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
                                } else {
-                                       $drow = mysql_fetch_assoc($res);
+                                       $drow = mysqli_fetch_assoc($res);
                                        $crt_name = escapeshellarg($drow['crt_name']);
                                        $cert = shell_exec("/usr/bin/openssl x509 -in $crt_name");
                                        echo "<pre>\n$cert\n</pre>\n";
@@ -971,19 +971,19 @@ function buildSubjectFromSession() {
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
                                printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
                        }
 
@@ -1006,19 +1006,19 @@ function buildSubjectFromSession() {
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['expired'] > 0)
                                {
                                        printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("delete from `domaincerts` where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"delete from `domaincerts` where `id`='$id'");
                                @unlink($row['csr_name']);
                                @unlink($row['crt_name']);
                                printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1036,8 +1036,8 @@ function buildSubjectFromSession() {
                        if(substr($id,0,14)=="check_comment_")
                        {
                                $cid = intval(substr($id,14));
-                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
-                               mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+                               $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+                               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `description`='$comment' where `id`='$cid'");
                        }
                }
                echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1057,14 +1057,14 @@ function buildSubjectFromSession() {
                                $id = intval($id);
                                $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
 
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
 
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
@@ -1073,34 +1073,34 @@ function buildSubjectFromSession() {
                                        continue;
                                }
 
-                               mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `emailcerts` set `renewed`='1' where `id`='$id'");
                                $query = "insert into emailcerts set
                                                `memid`='".intval($row['memid'])."',
-                                               `CN`='".mysql_real_escape_string($row['CN'])."',
-                                               `subject`='".mysql_real_escape_string($row['subject'])."',
-                                               `keytype`='".mysql_real_escape_string($row['keytype'])."',
-                                               `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
-                                               `created`='".mysql_real_escape_string($row['created'])."',
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
+                                               `keytype`='".mysqli_real_escape_string($_SESSION['mconn'], $row['keytype'])."',
+                                               `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+                                               `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
                                                `modified`=NOW(),
                                                `disablelogin`='".intval($row['disablelogin'])."',
                                                `codesign`='".intval($row['codesign'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","client",$newid);
                                copy($row['csr_name'], $newfile);
-                               mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
-                               $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
-                               while($r2 = mysql_fetch_assoc($res))
+                               mysqli_query($_SESSION['mconn'],"update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+                               $res = mysqli_query($_SESSION['mconn'],"select * from `emaillink` where `emailcertsid`='".$row['id']."'");
+                               while($r2 = mysqli_fetch_assoc($res))
                                {
-                                       mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
+                                       mysqli_query($_SESSION['mconn'],"insert into `emaillink` set `emailid`='".$r2['emailid']."',
                                                        `emailcertsid`='$newid'");
                                }
                                waitForResult("emailcerts", $newid,$oldid,0);
                                $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
                                } else {
@@ -1131,19 +1131,19 @@ function buildSubjectFromSession() {
                                $id = intval($id);
                                $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
                                printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
                        }
 
@@ -1163,19 +1163,19 @@ function buildSubjectFromSession() {
                                $id = intval($id);
                                $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
                                                where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['expired'] > 0)
                                {
                                        printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("delete from `emailcerts` where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"delete from `emailcerts` where `id`='$id'");
                                @unlink($row['csr_name']);
                                @unlink($row['crt_name']);
                                printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1194,14 +1194,14 @@ function buildSubjectFromSession() {
                        {
                                $cid = intval(substr($id,5));
                                $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
-                               mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
                        }
                        if(substr($id,0,14)=="check_comment_")
                        {
                                $cid = intval(substr($id,14));
                                if(!empty($_REQUEST['check_comment_'.$cid])) {
-                                       $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
-                                       mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+                                       $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+                                       mysqli_query($_SESSION['mconn'],"update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
                                }
                        }
                }
@@ -1215,16 +1215,16 @@ function buildSubjectFromSession() {
                csrf_check("perschange");
                $_SESSION['_config']['user'] = $_SESSION['profile'];
 
-               $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
-               $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
-               $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
-               $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
-               $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
-               $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
-               $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
-               $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
-               $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
-               $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
+               $_SESSION['_config']['user']['Q1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q1']))));
+               $_SESSION['_config']['user']['Q2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q2']))));
+               $_SESSION['_config']['user']['Q3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q3']))));
+               $_SESSION['_config']['user']['Q4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q4']))));
+               $_SESSION['_config']['user']['Q5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['Q5']))));
+               $_SESSION['_config']['user']['A1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A1']))));
+               $_SESSION['_config']['user']['A2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A2']))));
+               $_SESSION['_config']['user']['A3'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A3']))));
+               $_SESSION['_config']['user']['A4'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A4']))));
+               $_SESSION['_config']['user']['A5'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['A5']))));
 
                if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
                                $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
@@ -1276,16 +1276,16 @@ function buildSubjectFromSession() {
        if($oldid == 13 && $process != "")
        {
                $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $ddres = mysql_query($ddquery);
-               $ddrow = mysql_fetch_assoc($ddres);
+               $ddres = mysqli_query($_SESSION['mconn'],$ddquery);
+               $ddrow = mysqli_fetch_assoc($ddres);
                $_SESSION['profile']['points'] = $ddrow['total'];
 
                if($_SESSION['profile']['points'] == 0)
                {
-                       $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
-                       $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
-                       $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
-                       $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
+                       $_SESSION['_config']['user']['fname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['fname']))));
+                       $_SESSION['_config']['user']['mname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['mname']))));
+                       $_SESSION['_config']['user']['lname'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['lname']))));
+                       $_SESSION['_config']['user']['suffix'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes(strip_tags($_REQUEST['suffix']))));
                        $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
                        $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
                        $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
@@ -1316,7 +1316,7 @@ function buildSubjectFromSession() {
                                                `suffix`='".$_SESSION['_config']['user']['suffix']."',
                                                `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
                                                where `id`='".intval($_SESSION['profile']['id'])."'";
-                       mysql_query($query);
+                       mysqli_query($_SESSION['mconn'],$query);
                }
                if ($showdetails!="") {
                        $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
@@ -1330,16 +1330,16 @@ function buildSubjectFromSession() {
                                                        `A4`='".$_SESSION['_config']['user']['A4']."',
                                                        `A5`='".$_SESSION['_config']['user']['A5']."'
                                                        where `id`='".intval($_SESSION['profile']['id'])."'";
-                       mysql_query($query);
+                       mysqli_query($_SESSION['mconn'],$query);
                }
 
                $_SESSION['_config']['user']['set'] = 0;
-               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+               $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                $_SESSION['profile']['loggedin'] = 1;
 
                $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $ddres = mysql_query($ddquery);
-               $ddrow = mysql_fetch_assoc($ddres);
+               $ddres = mysqli_query($_SESSION['mconn'],$ddquery);
+               $ddrow = mysqli_fetch_assoc($ddres);
                $_SESSION['profile']['points'] = $ddrow['total'];
 
 
@@ -1352,9 +1352,9 @@ function buildSubjectFromSession() {
 
        if($oldid == 14 && $process != "")
        {
-               $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
-               $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
-               $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
+               $_SESSION['_config']['user']['oldpass'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['oldpassword'])));
+               $_SESSION['_config']['user']['pword1'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword1'])));
+               $_SESSION['_config']['user']['pword2'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['pword2'])));
 
                $id = 14;
                csrf_check("pwchange");
@@ -1371,10 +1371,10 @@ function buildSubjectFromSession() {
 
                        if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
                        {
-                               $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
+                               $match = mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
                                                (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
                                                `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
-                               $rc = mysql_num_rows($match);
+                               $rc = mysqli_num_rows($match);
                        } else {
                                $rc = 1;
                        }
@@ -1392,7 +1392,7 @@ function buildSubjectFromSession() {
                                        _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
                                echo _("You failed to correctly enter your current Pass Phrase.");
                        } else {
-                               mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
+                               mysqli_query($_SESSION['mconn'],"update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
                                                where `id`='".intval($_SESSION['profile']['id'])."'");
                                echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
                                echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
@@ -1417,7 +1417,7 @@ function buildSubjectFromSession() {
 
                foreach($_REQUEST['emails'] as $val)
                {
-                       $val = mysql_real_escape_string(stripslashes(trim($val)));
+                       $val = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($val)));
                        $bits = explode("@", $val);
                        $count = count($bits);
                        if($count != 2)
@@ -1434,7 +1434,7 @@ function buildSubjectFromSession() {
                        if($val != "")
                                $_SESSION['_config']['emails'][] = $val;
                }
-               $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
+               $_SESSION['_config']['name'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['name'])));
                $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
 
                $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
@@ -1504,7 +1504,7 @@ function buildSubjectFromSession() {
                        if($_SESSION['_config']['name'] != "")
                                $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
                        if($_SESSION['_config']['OU'])
-                               $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n";
+                               $emails .= "organizationalUnitName = ".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."\n";
                        if($org['O'])
                                $emails .= "organizationName = ".$org['O']."\n";
                        if($org['L'])
@@ -1529,19 +1529,19 @@ function buildSubjectFromSession() {
 
                        $query = "insert into `orgemailcerts` set
                                                `CN`='$defaultemail',
-                                               `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+                                               `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
                                                `keytype`='NS',
                                                `orgid`='".intval($org['orgid'])."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
-                       mysql_query($query);
-                       $emailid = mysql_insert_id();
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $emailid = mysqli_insert_id($_SESSION['mconn']);
 
                        foreach($_SESSION['_config']['domids'] as $addy)
-                               mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+                               mysqli_query($_SESSION['mconn'],"insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
 
                        $CSRname=generatecertpath("csr","orgclient",$emailid);
                        $fp = fopen($CSRname, "w");
@@ -1558,7 +1558,7 @@ function buildSubjectFromSession() {
                                showfooter();
                                exit;
                        }
-                       mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+                       mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
                        $csr = clean_csr($_REQUEST['CSR']);
                        if(strpos($csr,"---BEGIN") === FALSE)
@@ -1629,31 +1629,31 @@ function buildSubjectFromSession() {
 
                        $query = "insert into `orgemailcerts` set
                                                `CN`='$defaultemail',
-                                               `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+                                               `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
                                                `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
                                                `orgid`='".intval($org['orgid'])."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-                                               `subject`='".mysql_real_escape_string($csrsubject)."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                               `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
-                                               `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
-                       mysql_query($query);
-                       $emailid = mysql_insert_id();
+                                               `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $emailid = mysqli_insert_id($_SESSION['mconn']);
 
                        foreach($_SESSION['_config']['domids'] as $addy)
-                               mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
+                               mysqli_query($_SESSION['mconn'],"insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
 
                        $CSRname=generatecertpath("csr","orgclient",$emailid);
                        $fp = fopen($CSRname, "w");
                        fputs($fp, $csr);
                        fclose($fp);
-                       mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
+                       mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                }
                waitForResult("orgemailcerts", $emailid,$oldid);
                $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -1681,14 +1681,14 @@ function buildSubjectFromSession() {
                                $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
                                                where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                                `org`.`orgid`=`orgemailcerts`.`orgid`";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
 
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
 
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
@@ -1697,7 +1697,7 @@ function buildSubjectFromSession() {
                                        continue;
                                }
 
-                               mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -1705,25 +1705,25 @@ function buildSubjectFromSession() {
                                }
                                $query = "insert into `orgemailcerts` set
                                                `orgid`='".intval($row['orgid'])."',
-                                               `CN`='".mysql_real_escape_string($row['CN'])."',
-                                               `ou`='".mysql_real_escape_string($row['ou'])."',
-                                               `subject`='".mysql_real_escape_string($row['subject'])."',
-                                               `keytype`='".mysql_real_escape_string($row['keytype'])."',
-                                               `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
-                                               `created`='".mysql_real_escape_string($row['created'])."',
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+                                               `ou`='".mysqli_real_escape_string($_SESSION['mconn'], $row['ou'])."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
+                                               `keytype`='".mysqli_real_escape_string($_SESSION['mconn'], $row['keytype'])."',
+                                               `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+                                               `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
                                                `modified`=NOW(),
                                                `codesign`='".intval($row['codesign'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                $newfile=generatecertpath("csr","orgclient",$newid);
                                copy($row['csr_name'], $newfile);
-                               mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
                                waitForResult("orgemailcerts", $newid,$oldid,0);
                                $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        printf(_("Certificate for '%s' has been renewed."), $row['CN']);
                                        echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
@@ -1754,19 +1754,19 @@ function buildSubjectFromSession() {
                                $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
                                                where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                                `org`.`orgid`=`orgemailcerts`.`orgid`";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
                                printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
                        }
 
@@ -1787,19 +1787,19 @@ function buildSubjectFromSession() {
                                $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
                                                where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                                `org`.`orgid`=`orgemailcerts`.`orgid`";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['expired'] > 0)
                                {
                                        printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("delete from `orgemailcerts` where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgemailcerts` where `id`='$id'");
                                @unlink($row['csr_name']);
                                @unlink($row['crt_name']);
                                printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -1817,8 +1817,8 @@ function buildSubjectFromSession() {
                        if(substr($id,0,14)=="check_comment_")
                        {
                                $cid = intval(substr($id,14));
-                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
-                               mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+                               $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
                        }
                }
                echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -1879,14 +1879,14 @@ function buildSubjectFromSession() {
                                `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                `org`.`orgid`=`orginfo`.`id` and
                                `org`.`orgid`=`orgdomains`.`orgid` and
-                               `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'";
-               $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
+                               `orgdomains`.`domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['0.CN'])."'";
+               $_SESSION['_config']['CNorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $query = "select * from `orginfo`,`org`,`orgdomains` where
                                `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                `org`.`orgid`=`orginfo`.`id` and
                                `org`.`orgid`=`orgdomains`.`orgid` and
-                               `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'";
-               $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
+                               `orgdomains`.`domain`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['0.subjectAltName'])."'";
+               $_SESSION['_config']['SANorg'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
 //echo "<pre>"; print_r($_SESSION['_config']); die;
 
                if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
@@ -1946,7 +1946,7 @@ function buildSubjectFromSession() {
                                        `orginfo`.`id`=`org`.`orgid` and
                                        `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
                }
-               $org = mysql_fetch_assoc(mysql_query($query));
+               $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $csrsubject = "";
 
                if($_SESSION['_config']['OU'])
@@ -1972,42 +1972,42 @@ function buildSubjectFromSession() {
                if($_SESSION['_config']['rowid']['0'] > 0)
                {
                        $query = "insert into `orgdomaincerts` set
-                                       `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+                                       `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['rows']['0'])."',
                                        `orgid`='".intval($org['id'])."',
                                        `created`=NOW(),
-                                       `subject`='".mysql_real_escape_string($csrsubject)."',
+                                       `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
                                        `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                       `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+                                       `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
                                        `type`='".$type."',
-                                       `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+                                       `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
                } else {
                        $query = "insert into `orgdomaincerts` set
-                                       `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+                                       `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['altrows']['0'])."',
                                        `orgid`='".intval($org['id'])."',
                                        `created`=NOW(),
-                                       `subject`='".mysql_real_escape_string($csrsubject)."',
+                                       `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $csrsubject)."',
                                        `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
-                                       `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+                                       `md`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['hash_alg'])."',
                                        `type`='".$type."',
-                                       `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+                                       `description`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['description'])."'";
                }
-               mysql_query($query);
-               $CSRid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'],$query);
+               $CSRid = mysqli_insert_id($_SESSION['mconn']);
 
                $CSRname=generatecertpath("csr","orgserver",$CSRid);
                rename($_SESSION['_config']['tmpfname'], $CSRname);
                chmod($CSRname,0644);
-               mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
                if(is_array($_SESSION['_config']['rowid']))
                        foreach($_SESSION['_config']['rowid'] as $id)
-                               mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+                               mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
                if(is_array($_SESSION['_config']['altid']))
                        foreach($_SESSION['_config']['altid'] as $id)
-                               mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+                               mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
                waitForResult("orgdomaincerts", $CSRid,$oldid);
                $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2035,14 +2035,14 @@ function buildSubjectFromSession() {
                                                where `orgdomaincerts`.`id`='$id' and
                                                `orgdomaincerts`.`orgid`=`org`.`orgid` and
                                                `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
 
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
 
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
@@ -2051,7 +2051,7 @@ function buildSubjectFromSession() {
                                        continue;
                                }
 
-                               mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -2059,32 +2059,32 @@ function buildSubjectFromSession() {
                                }
                                $query = "insert into `orgdomaincerts` set
                                                `orgid`='".intval($row['orgid'])."',
-                                               `CN`='".mysql_real_escape_string($row['CN'])."',
-                                               `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
-                                               `created`='".mysql_real_escape_string($row['created'])."',
+                                               `CN`='".mysqli_real_escape_string($_SESSION['mconn'], $row['CN'])."',
+                                               `csr_name`='".mysqli_real_escape_string($_SESSION['mconn'], $row['csr_name'])."',
+                                               `created`='".mysqli_real_escape_string($_SESSION['mconn'], $row['created'])."',
                                                `modified`=NOW(),
-                                               `subject`='".mysql_real_escape_string($row['subject'])."',
+                                               `subject`='".mysqli_real_escape_string($_SESSION['mconn'], $row['subject'])."',
                                                `type`='".intval($row['type'])."',
                                                `rootcert`='".intval($row['rootcert'])."',
-                                               `description`='".mysql_real_escape_string($row['description'])."'";
-                               mysql_query($query);
-                               $newid = mysql_insert_id();
+                                               `description`='".mysqli_real_escape_string($_SESSION['mconn'], $row['description'])."'";
+                               mysqli_query($_SESSION['mconn'],$query);
+                               $newid = mysqli_insert_id($_SESSION['mconn']);
                                //echo "NewID: $newid<br/>\n";
                                $newfile=generatecertpath("csr","orgserver",$newid);
                                copy($row['csr_name'], $newfile);
-                               mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
+                               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
                                echo _("Renewing").": ".$row['CN']."<br>\n";
-                               $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
-                               while($r2 = mysql_fetch_assoc($res))
-                                       mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
+                               $res = mysqli_query($_SESSION['mconn'],"select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
+                               while($r2 = mysqli_fetch_assoc($res))
+                                       mysqli_query($_SESSION['mconn'],"insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
                                waitForResult("orgdomaincerts", $newid,$oldid,0);
                                $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
                                } else {
-                                       $drow = mysql_fetch_assoc($res);
+                                       $drow = mysqli_fetch_assoc($res);
                                        $crtname = escapeshellarg($drow['crt_name']);
                                        $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
                                        echo "<pre>\n$cert\n</pre>\n";
@@ -2114,19 +2114,19 @@ function buildSubjectFromSession() {
                                                where `orgdomaincerts`.`id`='$id' and
                                                `orgdomaincerts`.`orgid`=`org`.`orgid` and
                                                `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
                                printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
                        }
 
@@ -2149,19 +2149,19 @@ function buildSubjectFromSession() {
                                                where `orgdomaincerts`.`id`='$id' and
                                                `orgdomaincerts`.`orgid`=`org`.`orgid` and
                                                `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
+                               $res = mysqli_query($_SESSION['mconn'],$query);
+                               if(mysqli_num_rows($res) <= 0)
                                {
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               $row = mysql_fetch_assoc($res);
+                               $row = mysqli_fetch_assoc($res);
                                if($row['expired'] > 0)
                                {
                                        printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               mysql_query("delete from `orgdomaincerts` where `id`='$id'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgdomaincerts` where `id`='$id'");
                                @unlink($row['csr_name']);
                                @unlink($row['crt_name']);
                                printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
@@ -2179,8 +2179,8 @@ function buildSubjectFromSession() {
                        if(substr($id,0,14)=="check_comment_")
                        {
                                $cid = intval(substr($id,14));
-                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
-                               mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+                               $comment=trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comment_'.$cid])));
+                               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
                        }
                }
                echo(_("Certificate settings have been changed.")."<br/>\n");
@@ -2219,18 +2219,18 @@ function buildSubjectFromSession() {
        if($oldid == 24 && $process != "")
        {
                $id = intval($oldid);
-               $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
-               $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
-               $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
-               $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
-               $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
-               $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+               $_SESSION['_config']['O'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['O'])));
+               $_SESSION['_config']['contact'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['contact'])));
+               $_SESSION['_config']['L'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['L'])));
+               $_SESSION['_config']['ST'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['ST'])));
+               $_SESSION['_config']['C'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['C'])));
+               $_SESSION['_config']['comments'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comments'])));
 
                if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
                {
                        $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
                } else {
-                       mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
+                       mysqli_query($_SESSION['mconn'],"insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
                                                `contact`='".$_SESSION['_config']['contact']."',
                                                `L`='".$_SESSION['_config']['L']."',
                                                `ST`='".$_SESSION['_config']['ST']."',
@@ -2247,18 +2247,18 @@ function buildSubjectFromSession() {
        {
                csrf_check('orgdetchange');
                $id = intval($oldid);
-               $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
-               $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
-               $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
-               $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
-               $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
-               $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+               $_SESSION['_config']['O'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['O'])));
+               $_SESSION['_config']['contact'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['contact'])));
+               $_SESSION['_config']['L'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['L'])));
+               $_SESSION['_config']['ST'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['ST'])));
+               $_SESSION['_config']['C'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['C'])));
+               $_SESSION['_config']['comments'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['comments'])));
 
                if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
                {
                        $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
                } else {
-                       mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
+                       mysqli_query($_SESSION['mconn'],"update `orginfo` set `O`='".$_SESSION['_config']['O']."',
                                                `contact`='".$_SESSION['_config']['contact']."',
                                                `L`='".$_SESSION['_config']['L']."',
                                                `ST`='".$_SESSION['_config']['ST']."',
@@ -2274,9 +2274,9 @@ function buildSubjectFromSession() {
 
        if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
        {
-               $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
-               $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
-               if(mysql_num_rows($res1) > 0)
+               $domain = $_SESSION['_config']['domain'] = trim(mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['domainname'])));
+               $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain`='$domain'");
+               if(mysqli_num_rows($res1) > 0)
                {
                        $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
                        $id = $oldid;
@@ -2292,7 +2292,7 @@ function buildSubjectFromSession() {
 
        if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
        {
-               mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
+               mysqli_query($_SESSION['mconn'],"insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
                showheader(_("My CAcert.org Account!"));
                printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
                echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
@@ -2302,11 +2302,11 @@ function buildSubjectFromSession() {
 
        if($oldid == 29 && $process != "")
        {
-               $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
+               $domain = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['domainname'])));
 
-               $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
-               $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
-               if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+               $res1 = mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
+               $res2 = mysqli_query($_SESSION['mconn'],"select * from `domains` where `domain` like '$domain' and `deleted`=0");
+               if(mysqli_num_rows($res1) > 0 || mysqli_num_rows($res2) > 0)
                {
                        $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
                        $id = $oldid;
@@ -2320,23 +2320,23 @@ function buildSubjectFromSession() {
                                `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                `orgdomains`.`id`='".intval($domid)."'";
-               $res = mysql_query($query);
-               while($row = mysql_fetch_assoc($res))
-                       mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               while($row = mysqli_fetch_assoc($res))
+                       mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
 
                $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                `orgemaillink`.`domid`=`orgdomains`.`id` and
                                `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                `orgdomains`.`id`='".intval($domid)."'";
-               $res = mysql_query($query);
-               while($row = mysql_fetch_assoc($res))
-                       mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               while($row = mysqli_fetch_assoc($res))
+                       mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
        }
 
        if($oldid == 29 && $process != "")
        {
-               $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
-               mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `id`='".intval($domid)."'"));
+               mysqli_query($_SESSION['mconn'],"update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
                showheader(_("My CAcert.org Account!"));
                printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
                echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2346,9 +2346,9 @@ function buildSubjectFromSession() {
 
        if($oldid == 30 && $process != "")
        {
-               $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `orgdomains` where `id`='".intval($domid)."'"));
                $domain = $row['domain'];
-               mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
+               mysqli_query($_SESSION['mconn'],"delete from `orgdomains` where `id`='".intval($domid)."'");
                showheader(_("My CAcert.org Account!"));
                printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
                echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
@@ -2365,36 +2365,36 @@ function buildSubjectFromSession() {
        if($oldid == 31 && $process != "")
        {
                $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
-               $dres = mysql_query($query);
-               while($drow = mysql_fetch_assoc($dres))
+               $dres = mysqli_query($_SESSION['mconn'],$query);
+               while($drow = mysqli_fetch_assoc($dres))
                {
                        $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
                                        `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                        `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
-                       $res = mysql_query($query);
-                       while($row = mysql_fetch_assoc($res))
+                       $res = mysqli_query($_SESSION['mconn'],$query);
+                       while($row = mysqli_fetch_assoc($res))
                        {
-                               mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
-                               mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
-                               mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
                        }
 
                        $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                        `orgemaillink`.`domid`=`orgdomains`.`id` and
                                        `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
-                       $res = mysql_query($query);
-                       while($row = mysql_fetch_assoc($res))
+                       $res = mysqli_query($_SESSION['mconn'],$query);
+                       while($row = mysqli_fetch_assoc($res))
                        {
-                               mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
-                               mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
-                               mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
                        }
                }
-               mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
-               mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
-               mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
+               mysqli_query($_SESSION['mconn'],"delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+               mysqli_query($_SESSION['mconn'],"delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+               mysqli_query($_SESSION['mconn'],"delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
        }
 
        if($oldid == 31)
@@ -2406,7 +2406,7 @@ function buildSubjectFromSession() {
        if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
        {
                $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
-               $_macc = mysql_num_rows(mysql_query($query));
+               $_macc = mysqli_num_rows(mysqli_query($_SESSION['mconn'],$query));
                if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
                {
                        showheader(_("My CAcert.org Account!"));
@@ -2419,7 +2419,7 @@ function buildSubjectFromSession() {
        if($id == 35 || $oldid == 35)
        {
                $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
-               $is_orguser = mysql_num_rows(mysql_query($query));
+               $is_orguser = mysqli_num_rows(mysqli_query($_SESSION['mconn'],$query));
                if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
                {
                        showheader(_("My CAcert.org Account!"));
@@ -2433,8 +2433,8 @@ function buildSubjectFromSession() {
        {
                $orgid = intval($_SESSION['_config']['orgid']);
                $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        $id = 35;
                }
@@ -2447,17 +2447,17 @@ function buildSubjectFromSession() {
                        $masteracc = $_SESSION['_config']['masteracc'] = intval($_REQUEST['masteracc']);
                else
                        $masteracc = $_SESSION['_config']['masteracc'] = 0;
-               $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
+               $_REQUEST['email'] = $_SESSION['_config']['email'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['email'])));
                $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
-               $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
-               $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
-               if(mysql_num_rows($res) <= 0)
+               $comments = $_SESSION['_config']['comments'] = mysqli_real_escape_string($_SESSION['mconn'], stripslashes(trim($_REQUEST['comments'])));
+               $res = mysqli_query($_SESSION['mconn'],"select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
+               if(mysqli_num_rows($res) <= 0)
                {
                        $id = $oldid;
                        $oldid=0;
                        $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
                } else {
-                       $row = mysql_fetch_assoc($res);
+                       $row = mysqli_fetch_assoc($res);
                        if ( !is_assurer(intval($row['id'])) )
                        {
                                $id = $oldid;
@@ -2465,12 +2465,12 @@ function buildSubjectFromSession() {
                                $_SESSION['_config']['errmsg'] =
                                                _("The user is not an Assurer yet");
                        } else {
-                               mysql_query(
+                               mysqli_query($_SESSION['mconn'],
                                        "insert into `org`
                                                set `memid`='".intval($row['id'])."',
                                                        `orgid`='".intval($_SESSION['_config']['orgid'])."',
                                                        `masteracc`='$masteracc',
-                                                       `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+                                                       `OU`='".mysqli_real_escape_string($_SESSION['mconn'], $_SESSION['_config']['OU'])."',
                                                        `comments`='$comments'");
                        }
                }
@@ -2479,8 +2479,8 @@ function buildSubjectFromSession() {
        if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
        {
                $orgid = intval($_SESSION['_config']['orgid']);
-               $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],"select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
+               if(mysqli_num_rows($res) <= 0)
                        $id = 32;
        }
 
@@ -2489,7 +2489,7 @@ function buildSubjectFromSession() {
                $orgid = intval($_SESSION['_config']['orgid']);
                $memid = intval($_REQUEST['memid']);
                $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'],$query);
        }
 
        if($oldid == 34 || $oldid == 33)
@@ -2501,7 +2501,7 @@ function buildSubjectFromSession() {
 
        if($id == 36)
        {
-               $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
                $_REQUEST['general'] = $row['general'];
                $_REQUEST['country'] = $row['country'];
                $_REQUEST['regional'] = $row['regional'];
@@ -2510,7 +2510,7 @@ function buildSubjectFromSession() {
 
        if($oldid == 36)
        {
-               $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+               $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'],"select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
                if($rc > 0)
                {
                        $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
@@ -2525,7 +2525,7 @@ function buildSubjectFromSession() {
                                                        `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
                                                        `memid`='".intval($_SESSION['profile']['id'])."'";
                }
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'],$query);
                $id = $oldid;
                $oldid=0;
        }
@@ -2533,12 +2533,12 @@ function buildSubjectFromSession() {
        if($oldid == 41 && $_REQUEST['action'] == 'default')
        {
                csrf_check("mainlang");
-               $lang = mysql_real_escape_string($_REQUEST['lang']);
+               $lang = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['lang']);
                foreach(L10n::$translations as $key => $val)
                {
                        if($key == $lang)
                        {
-                               mysql_query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
+                               mysqli_query($_SESSION['mconn'],"update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
                                $_SESSION['profile']['language'] = $lang;
                                showheader(_("My CAcert.org Account!"));
                                echo _("Your language setting has been updated.");
@@ -2556,9 +2556,9 @@ function buildSubjectFromSession() {
        if($oldid == 41 && $_REQUEST['action'] == 'addsec')
        {
                csrf_check("seclang");
-               $addlang = mysql_real_escape_string($_REQUEST['addlang']);
+               $addlang = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['addlang']);
                // Does the language exist?
-               mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
+               mysqli_query($_SESSION['mconn'],"insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
                showheader(_("My CAcert.org Account!"));
                echo _("Your language setting has been updated.");
                showfooter();
@@ -2568,8 +2568,8 @@ function buildSubjectFromSession() {
        if($oldid == 41 && $_REQUEST['action'] == 'dellang')
        {
                csrf_check("seclang");
-               $remove = mysql_real_escape_string($_REQUEST['remove']);
-               mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
+               $remove = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['remove']);
+               mysqli_query($_SESSION['mconn'],"delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
                showheader(_("My CAcert.org Account!"));
                echo _("Your language setting has been updated.");
                showfooter();
@@ -2604,7 +2604,7 @@ function buildSubjectFromSession() {
                $regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0);
                $newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
                $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
-               $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
+               $name = array_key_exists('name',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'], strip_tags($_REQUEST['name'])):"";
                $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
                $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
                $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
@@ -2612,58 +2612,58 @@ function buildSubjectFromSession() {
                if($locid > 0 && $action == "edit")
                {
                        $query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
-                       mysql_query($query);
-                       $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
                        $_REQUEST['regid'] = $row['regid'];
                        unset($_REQUEST['ccid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($regid > 0 && $action == "edit") {
                        $query = "update `regions` set `name`='$name' where `id`='$regid'";
-                       mysql_query($query);
-                       $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `regions` where `id`='$regid'"));
                        $_REQUEST['ccid'] = $row['ccid'];
                        unset($_REQUEST['regid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($regid > 0 && $action == "add") {
-                       $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select `ccid` from `regions` where `id`='$regid'"));
                        $ccid = $row['ccid'];
                        $query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
-                       mysql_query($query);
+                       mysqli_query($_SESSION['mconn'],$query);
                        unset($_REQUEST['ccid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($ccid > 0 && $action == "add" && $name != "") {
                        $query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";
-                       mysql_query($query);
-                       $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+                       mysqli_query($_SESSION['mconn'],$query);
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
                        unset($_REQUEST['regid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($locid > 0 && $action == "delete") {
-                       $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
                        $_REQUEST['regid'] = $row['regid'];
-                       mysql_query("delete from `localias` where `locid`='$locid'");
-                       mysql_query("delete from `locations` where `id`='$locid'");
+                       mysqli_query($_SESSION['mconn'],"delete from `localias` where `locid`='$locid'");
+                       mysqli_query($_SESSION['mconn'],"delete from `locations` where `id`='$locid'");
                        unset($_REQUEST['ccid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($locid > 0 && $action == "move") {
-                       $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
                        $oldregid = $row['regid'];
-                       mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'");
-                       mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
-                       $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+                       mysqli_query($_SESSION['mconn'],"update `locations` set `regid`='$newreg' where `id`='$locid'");
+                       mysqli_query($_SESSION['mconn'],"update `users` set `regid`='$newreg' where `regid`='$oldregid'");
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `locations` where `id`='$locid'"));
                        $_REQUEST['regid'] = $row['regid'];
                        unset($_REQUEST['ccid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
                } else if($regid > 0 && $action == "delete") {
-                       $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `regions` where `id`='$regid'"));
                        $_REQUEST['ccid'] = $row['ccid'];
-                       mysql_query("delete from `locations` where `regid`='$regid'");
-                       mysql_query("delete from `regions` where `id`='$regid'");
+                       mysqli_query($_SESSION['mconn'],"delete from `locations` where `regid`='$regid'");
+                       mysqli_query($_SESSION['mconn'],"delete from `regions` where `id`='$regid'");
                        unset($_REQUEST['regid']);
                        unset($_REQUEST['locid']);
                        unset($_REQUEST['action']);
@@ -2672,12 +2672,12 @@ function buildSubjectFromSession() {
                        $_REQUEST['action'] = "aliases";
                        $_REQUEST['locid'] = $locid;
                        $name = htmlentities($name);
-                       $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'");
+                       $row = mysqli_query($_SESSION['mconn'],"insert into `localias` set `locid`='$locid',`name`='$name'");
                } else if($locid > 0 && $action == "delalias") {
                        $id = 54;
                        $_REQUEST['action'] = "aliases";
                        $_REQUEST['locid'] = $locid;
-                       $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'");
+                       $row = mysqli_query($_SESSION['mconn'],"delete from `localias` where `locid`='$locid' and `name`='$name'");
                }
        }
 
@@ -2714,15 +2714,15 @@ function buildSubjectFromSession() {
                        showfooter();
                        exit;
                }
-               $fname = mysql_real_escape_string($_REQUEST['fname']);
-               $mname = mysql_real_escape_string($_REQUEST['mname']);
-               $lname = mysql_real_escape_string($_REQUEST['lname']);
-               $suffix = mysql_real_escape_string($_REQUEST['suffix']);
+               $fname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['fname']);
+               $mname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['mname']);
+               $lname = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['lname']);
+               $suffix = mysqli_real_escape_string($_SESSION['mconn'], $_REQUEST['suffix']);
                $day = intval($_REQUEST['day']);
                $month = intval($_REQUEST['month']);
                $year = intval($_REQUEST['year']);
                $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'],$query);
        }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
                $id = 43;
                $oldid=0;
@@ -2761,7 +2761,7 @@ function buildSubjectFromSession() {
        if($id == 44)
        {
                $_REQUEST['userid'] = intval($_REQUEST['userid']);
-               $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
                if($row['email'] == "")
                        $id = 42;
                else
@@ -2781,8 +2781,8 @@ function buildSubjectFromSession() {
                                showfooter();
                                exit;
                        }
-                       mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
-                       $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+                       mysqli_query($_SESSION['mconn'],"update `users` set `password`=sha1('".mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
+                       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
                        printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
 
                $my_translation = L10n::get_translation();
@@ -2872,24 +2872,24 @@ function buildSubjectFromSession() {
                                                `CN`='".$_SESSION['_config']['0.CN']."',
                                                `domid`='".$_SESSION['_config']['row']['id']."',
                                                `created`=NOW()";
-               mysql_query($query);
-               $CSRid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'],$query);
+               $CSRid = mysqli_insert_id($_SESSION['mconn']);
 
                foreach($_SESSION['_config']['rowid'] as $dom)
-                       mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+                       mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
                if(is_array($_SESSION['_config']['altid']))
                foreach($_SESSION['_config']['altid'] as $dom)
-                       mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+                       mysqli_query($_SESSION['mconn'],"insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
 
                $CSRname=generatecertpath("csr","server",$CSRid);
                $fp = fopen($CSRname, "w");
                fputs($fp, $_SESSION['_config']['CSR']);
                fclose($fp);
-               mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+               mysqli_query($_SESSION['mconn'],"update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
                waitForResult("domaincerts", $CSRid,$oldid);
                $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
+               $res = mysqli_query($_SESSION['mconn'],$query);
+               if(mysqli_num_rows($res) <= 0)
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
@@ -2913,9 +2913,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['tverify'];
-               mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `tverify`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
@@ -2932,9 +2932,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['assurer'];
-               mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `assurer`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['assurer']);
                $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
@@ -2950,9 +2950,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['assurer_blocked'];
-               mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2969,9 +2969,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['locked'];
-               mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `locked`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['locked']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2988,9 +2988,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['codesign'];
-               mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `codesign`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['codesign']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3007,9 +3007,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['orgadmin'];
-               mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `orgadmin`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3026,9 +3026,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['ttpadmin'];
-               mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `ttpadmin`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3044,11 +3044,11 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = $row['adadmin'] + 1;
                if($ver > 2)
                        $ver = 0;
-               mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `adadmin`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3064,9 +3064,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['locadmin'];
-               mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `locadmin`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3083,9 +3083,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `users` where `id`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['admin'];
-               mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `users` set `admin`='$ver' where `id`='$memid'");
        }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['admin']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3101,9 +3101,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `alerts` where `memid`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['general'];
-               mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `alerts` set `general`='$ver' where `memid`='$memid'");
        }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['general']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3119,9 +3119,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `alerts` where `memid`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['country'];
-               mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `alerts` set `country`='$ver' where `memid`='$memid'");
        }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['country']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3137,9 +3137,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `alerts` where `memid`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['regional'];
-               mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `alerts` set `regional`='$ver' where `memid`='$memid'");
        }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
                $_REQUEST['userid'] = intval($_REQUEST['regional']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3155,9 +3155,9 @@ function buildSubjectFromSession() {
                        exit;
                }
                $query = "select * from `alerts` where `memid`='$memid'";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],$query));
                $ver = !$row['radius'];
-               mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+               mysqli_query($_SESSION['mconn'],"update `alerts` set `radius`='$ver' where `memid`='$memid'");
        }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
                $_REQUEST['userid'] = intval($_REQUEST['radius']);
                $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3169,7 +3169,7 @@ function buildSubjectFromSession() {
                        $_REQUEST['userid'] = intval($_REQUEST['userid']);
                }
 
-               $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'],"select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
                if($row['email'] == "") {
                        $id = 42;
                } else {
index 0fda2f1..71314d1 100644 (file)
@@ -206,7 +206,7 @@ function hideall() {
       <h3 class="pointer" onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3>
       <ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul>
     </div>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
     <div class="relatedLinks">
       <h3 class="pointer" onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3>
       <ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul>
@@ -216,7 +216,7 @@ function hideall() {
       <ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
     </div>
 <? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
     <div class="relatedLinks">
       <h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
       <ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
index 2eef65e..8bcfad4 100644 (file)
 
        if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
        {
-               $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+               $locked = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                if($locked['locked'] == 0)
                {
                        $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-                       $res = mysql_query($query);
-                       $row = mysql_fetch_assoc($res);
+                       $res = mysqli_query($_SESSION['mconn'], $query);
+                       $row = mysqli_fetch_assoc($res);
                        $_SESSION['profile']['points'] = $row['total'];
                } else {
                        $_SESSION['profile'] = "";
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['row'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
                                $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        $cnok = 1;
-                                       $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
                                        $rowid[] = $_SESSION['_config']['row']['id'];
                                        break;
                                }
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['altrow'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
                                $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
                                        $altok = 1;
-                                       $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
                                        $altid[] = $_SESSION['_config']['altrow']['id'];
                                        break;
                                }
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['row'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
                                $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
                                                `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                                `org`.`orgid`=`orginfo`.`id` and
                                                `orgdomains`.`orgid`=`orginfo`.`id` and
                                                `orgdomains`.`domain`='$dom'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
                                        $rowid[] = $_SESSION['_config']['row']['id'];
                                        break;
                                }
                                else
                                        $dom = $bits[$i];
                                $_SESSION['_config']['altrow'] = "";
-                               $dom = mysql_real_escape_string($dom);
+                               $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
                                $query = "select * from `orginfo`,`orgdomains`,`org` where
                                                `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                                                `org`.`orgid`=`orginfo`.`id` and
                                                `orgdomains`.`orgid`=`orginfo`.`id` and
                                                `orgdomains`.`domain`='$dom'";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) > 0)
+                               $res = mysqli_query($_SESSION['mconn'], $query);
+                               if(mysqli_num_rows($res) > 0)
                                {
-                                       $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+                                       $_SESSION['_config']['altrow'] = mysqli_fetch_assoc($res);
                                        $altid[] = $_SESSION['_config']['altrow']['id'];
                                        break;
                                }
                                $dom = $bits[$i].".".$dom;
                        else
                                $dom = $bits[$i];
-                       $dom = mysql_real_escape_string($dom);
+                       $dom = mysqli_real_escape_string($_SESSION['mconn'], $dom);
                        $query = "select * from `org`,`orgdomains`,`orginfo`
                                        where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
                                        and `orgdomains`.`orgid`=`org`.`orgid`
                                        and `orginfo`.`id`=`org`.`orgid`
                                        and `orgdomains`.`domain`='$dom'";
-                       $res = mysql_query($query);
-                       if(mysql_num_rows($res) > 0)
+                       $res = mysqli_query($_SESSION['mconn'], $query);
+                       if(mysqli_num_rows($res) > 0)
                        {
-                               $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+                               $_SESSION['_config']['row'] = mysqli_fetch_assoc($res);
                                return(true);
                        }
                }
                        $id = $_SESSION['profile']['id'];
 
                $query = "select sum(`points`) as `points` from `notary` where `to`='$id' and `deleted` = 0 group by `to`";
-               $row = mysql_fetch_assoc(mysql_query($query));
+               $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
                $points = $row['points'];
 
                $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
                $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'";
-               if(mysql_num_rows(mysql_query($query)) < 1)
+               if(mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query)) < 1)
                {
                        if($points >= 100)
                                return(10);
 
        function checkEmail($email)
        {
-               $myemail = mysql_real_escape_string($email);
+               $myemail = mysqli_real_escape_string($_SESSION['mconn'], $email);
                if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
                {
                        list($username,$domain)=explode('@',$email,2);
                                        fputs($fp, "QUIT\r\n");
                                        fclose($fp);
 
-                                       $line = mysql_real_escape_string(trim(strip_tags($line)));
+                                       $line = mysqli_real_escape_string($_SESSION['mconn'], trim(strip_tags($line)));
                                        $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
                                        if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
-                                       mysql_query($query);
+                                       mysqli_query($_SESSION['mconn'], $query);
 
                                        if(substr($line, 0, 3) != "250")
                                                return $line;
                }
                $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
                                `email`='$myemail', `result`='Failed to make a connection to the mail server'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
                return _("Failed to make a connection to the mail server");
        }
 
                                $query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
                        else
                                $query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
-                       $res = mysql_query($query);
-                       if(mysql_num_rows($res) > 0)
+                       $res = mysqli_query($_SESSION['mconn'], $query);
+                       if(mysqli_num_rows($res) > 0)
                        {
                                $found = 1;
                                break;
                {
                        if($show) showheader(_("My CAcert.org Account!"));
                        $query = "select * from `$table` where `id`='".intval($certid)."' ";
-                       $res = mysql_query($query);
+                       $res = mysqli_query($_SESSION['mconn'], $query);
                        $body="";
                        $subject="";
-                       if(mysql_num_rows($res) > 0)
+                       if(mysqli_num_rows($res) > 0)
                        {
                                printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
                                $subject="[CAcert.org] Certificate TIMEOUT";
        function generateTicket()
        {
                $query = "insert into tickets (timestamp) values (now()) ";
-               mysql_query($query);
-               $ticket = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'], $query);
+               $ticket = mysqli_insert_id($_SESSION['mconn']);
                return $ticket;
        }
 
 
        /**
          * Run the sql query given in $sql.
-         * The resource returned by mysql_query is
+         * The resource returned by mysqli_query is
          * returned by this function.
          *
-         * It should be safe to replace every mysql_query
-         * call by a mysql_extended_query call.
+         * It should be safe to replace every mysqli_query
+         * call by a mysqli_extended_query call.
          */
        function mysql_timed_query($sql)
        {
                global $sql_data_log;
                $query_start = microtime(true);
-               $res = mysql_query($sql);
+               $res = mysqli_query($_SESSION['mconn'], $sql);
                $query_end = microtime(true);
                $sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start);
                return $res;
index 10c4e0a..01e5e7f 100644 (file)
@@ -69,8 +69,8 @@ google_color_border = "FFFFFF";
       <h3 class="pointer" onclick="explode('recom')"><?=_("Advertising")?></h3>
       <ul class="menu" id="recom"><?
        $query = "select * from `advertising` where `expires`>NOW() and `active`=1";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
                echo "<li><a href='$row[link]' target='_blank'>$row[title]</a></li>";
 ?></ul>
     </div>
index dd8afd3..26a29ce 100644 (file)
@@ -55,7 +55,7 @@ function fix_assurer_flag($userID = NULL)
                                        AND `n`.`deleted` = 0
                        ) >= 100';
 
-       $query = mysql_query($sql);
+       $query = mysqli_query($_SESSION['mconn'], $sql);
        if (!$query) {
                return false;
        }
@@ -91,7 +91,7 @@ function fix_assurer_flag($userID = NULL)
                                ) < 100
                        )';
 
-       $query = mysql_query($sql);
+       $query = mysqli_query($_SESSION['mconn'], $sql);
        if (!$query) {
                return false;
        }
index 127c6b7..0ba4314 100644 (file)
 function get_user_id_from_cert($serial, $issuer_cn)
 {
        $query = "select `memid` from `emailcerts` where
-                       `serial`='".mysql_escape_string($serial)."' and
+                       `serial`='".mysqli_real_escape_string($_SESSION['mconn'], $serial)."' and
                        `rootcert`= (select `id` from `root_certs` where
-                               `Cert_Text`='".mysql_escape_string($issuer_cn)."') and
+                               `Cert_Text`='".mysqli_real_escape_string($_SESSION['mconn'], $issuer_cn)."') and
                        `revoked`=0 and disablelogin=0 and
                        UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) > 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) > 0)
        {
-               $row = mysql_fetch_assoc($res);
+               $row = mysqli_fetch_assoc($res);
                return intval($row['memid']);
        }
 
@@ -139,21 +139,21 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) {
        function get_assurer_status($userID)
        {
                $Result = 0;
-               $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+               $query = mysqli_query($_SESSION['mconn'], 'SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
                        '  WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
-               if(mysql_num_rows($query) < 1)
+               if(mysqli_num_rows($query) < 1)
                {
                        $Result |= 5;
                }
 
-               $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
-               $row = mysql_fetch_assoc($query);
+               $query = mysqli_query($_SESSION['mconn'], 'SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
+               $row = mysqli_fetch_assoc($query);
                if ($row['points'] < 100) {
                        $Result |= 3;
                }
 
-               $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
-               $row = mysql_fetch_assoc($query);
+               $query = mysqli_query($_SESSION['mconn'], 'SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
+               $row = mysqli_fetch_assoc($query);
                if ($row['assurer_blocked'] > 0) {
                        $Result |= 9;
                }
index 4859946..23b21b8 100644 (file)
@@ -170,7 +170,7 @@ class L10n {
                foreach($languages as $lang => $qvalue)
                {
                        // ignore any non-conforming values (that's why we don't need to
-                       // mysql_real_escape() or escapeshellarg(), but take care of
+                       // mysqli_real_escape_string($_SESSION['mconn'], ) or escapeshellarg(), but take care of
                        // the '*')
                        // spec: ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
                        if ( preg_match('/^(?:([a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*|\*)$/',
@@ -360,9 +360,9 @@ class L10n {
                //returns the language of a recipient to make sure that the language is correct
                //use together with
                $query = "select `language` from `users` where `id`='".intval($accountid)."'";
-               $res = mysql_query($query);
-               if (mysql_num_rows($res)>=0) {
-                       $row = mysql_fetch_assoc($res);
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if (mysqli_num_rows($res)>=0) {
+                       $row = mysqli_fetch_assoc($res);
                        if (NULL==$row['language'] || $row['language']=='') {
                                self::set_translation('en');
                        } else {
index c14f8c2..5bf157a 100644 (file)
@@ -44,7 +44,7 @@
                        //session_unregister($key);
                }
 
-               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
+               $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($uid)."'"));
                if($_SESSION['profile']['locked'] == 0)
                        $_SESSION['profile']['loggedin'] = 1;
                else
@@ -70,7 +70,7 @@
                                //session_unregister($key);
                        }
 
-                       $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+                       $_SESSION['profile'] = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], 
                                        "select * from `users` where `id`='".intval($user_id)."'"));
                        if($_SESSION['profile']['locked'] == 0)
                                $_SESSION['profile']['loggedin'] = 1;
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
        {
                $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $res = mysql_query($query);
-               $row = mysql_fetch_assoc($res);
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               $row = mysqli_fetch_assoc($res);
                $_SESSION['profile']['points'] = $row['total'];
 
                if($_SESSION['profile']['language'] == "")
                {
                        $query = "update `users` set `language`='".L10n::get_translation()."'
                                                        where `id`='".intval($_SESSION['profile']['id'])."'";
-                       mysql_query($query);
+                       mysqli_query($_SESSION['mconn'], $query);
                } else {
                        L10n::set_translation($_SESSION['profile']['language']);
                        L10n::init_gettext();
index 77be95f..befe079 100644 (file)
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-       $_SESSION['mconn'] = mysql_connect("127.0.0.1", "username", "password");
-       if ($_SESSION['mconn'] != FALSE)
-       {
-               mysql_select_db("database");
-               $_SESSION['mconn'] = TRUE;
-       }
-       $_SESSION['_config']['normalhostname'] = "www.cacert.org";
+    $_SESSION['mconn'] = mysqli_connect("127.0.0.1", "username", "password", "database");
+
+//    if (!$_SESSION['mconn']) {
+//    die('Connect Error (' . mysqli_connect_errno() . ') '
+//            . mysqli_connect_error());
+//    }
+
+    $_SESSION['_config']['normalhostname'] = "www.cacert.org";
        $_SESSION['_config']['securehostname'] = "secure.cacert.org";
        $_SESSION['_config']['tverify'] = "tverify.cacert.org";
 
index 3b8e736..a4c8ee7 100644 (file)
@@ -21,18 +21,18 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
 
        function query_init ($query)
        {
-               return mysql_query($query);
+               return mysqli_query($_SESSION['mconn'], $query);
        }
 
        function query_getnextrow ($res)
        {
-               $row1 = mysql_fetch_assoc($res);
+               $row1 = mysqli_fetch_assoc($res);
                return $row1;
        }
 
        function query_get_number_of_rows ($resultset)
        {
-               return intval(mysql_num_rows($resultset));
+               return intval(mysqli_num_rows($resultset));
        }
 
        function get_number_of_assurances ($userid)
@@ -125,7 +125,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
        function get_user ($userid)
        {
                $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
-               return mysql_fetch_assoc($res);
+               return mysqli_fetch_assoc($res);
        }
 
        function get_cats_state ($userid)
@@ -133,7 +133,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
 
                $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
                        WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
-               return mysql_num_rows($res);
+               return mysqli_num_rows($res);
        }
 
 
@@ -587,7 +587,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                $sum_points = 0;
                $sumexperience = 0;
                $res = get_given_assurances(intval($userid), $log);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        $assuree = get_user(intval($row['to']));
                        calc_experience($row, $sum_points, $sum_experience);
@@ -617,7 +617,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                $sum_points = 0;
                $sumexperience = 0;
                $res = get_received_assurances(intval($userid), $log);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        $fromuser = get_user(intval($row['from']));
                        calc_assurances($row, $sum_points, $sum_experience);
@@ -661,7 +661,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                }
 
                $res = get_received_assurances_summary($userid);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        $points = calc_awarded($row);
 
@@ -674,7 +674,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                }
 
                $res = get_given_assurances_summary($userid);
-               while($row = mysql_fetch_assoc($res))
+               while($row = mysqli_fetch_assoc($res))
                {
                        switch ($row['method'])
                        {
@@ -860,8 +860,8 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
        function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
        // write a new record to the table user_agreement
                $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
-                       ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
-               $res = mysql_query($query);
+                       ",`document`='".mysqli_real_escape_string($_SESSION['mconn'], $document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysqli_real_escape_string($_SESSION['mconn'], $method)."',`comment`='".mysqli_real_escape_string($_SESSION['mconn'], $comment)."'" ;
+               $res = mysqli_query($_SESSION['mconn'], $query);
        }
 
        /**
@@ -873,9 +873,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
         */
        function get_user_agreement_status($memid, $type="CCA"){
                $query="SELECT u.`document` FROM `user_agreements` u
-                       WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <=0){
+                       WHERE u.`document` = '" . mysqli_real_escape_string($_SESSION['mconn'], $type) . "' AND u.`memid`=" . intval($memid) ;
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) <=0){
                        return 0;
                }else{
                        return 1;
@@ -897,7 +897,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
        function get_first_user_agreement($memid, $type=null, $active=null){
                $filter = '';
                if (!is_null($type)) {
-                       $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+                       $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
                }
 
                if (!is_null($active)) {
@@ -908,9 +908,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                        WHERE u.`memid`=".intval($memid)."
                                $filter
                        ORDER BY u.`date` LIMIT 1";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) >0){
-                       $rec = mysql_fetch_assoc($res);
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) >0){
+                       $rec = mysqli_fetch_assoc($res);
                }else{
                        $rec=array();
                }
@@ -932,7 +932,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
        function get_last_user_agreement($memid, $type=null, $active=null){
                $filter = '';
                if (!is_null($type)) {
-                       $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+                       $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
                }
 
                if (!is_null($active)) {
@@ -943,9 +943,9 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
                        WHERE u.`memid`=".intval($memid)."
                                $filter
                        ORDER BY u.`date` DESC LIMIT 1";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) >0){
-                       $rec = mysql_fetch_assoc($res);
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) >0){
+                       $rec = mysqli_fetch_assoc($res);
                }else{
                        $rec=array();
                }
@@ -966,7 +966,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
 function get_user_agreements($memid, $type=null, $active=null){
        $filter = '';
        if (!is_null($type)) {
-               $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+               $filter .= " AND u.`document` = '".mysqli_real_escape_string($_SESSION['mconn'], $type)."'";
        }
 
        if (!is_null($active)) {
@@ -977,7 +977,7 @@ function get_user_agreements($memid, $type=null, $active=null){
                WHERE u.`memid`=".intval($memid)."
                        $filter
                ORDER BY u.`date`";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
        /**
@@ -991,9 +991,9 @@ function get_user_agreements($memid, $type=null, $active=null){
                if ($type === false) {
                        $filter = '';
                } else {
-                       $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
+                       $filter = " and `document` = '" . mysqli_real_escape_string($_SESSION['mconn'], $type) . "'";
                }
-               mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
+               mysqli_query($_SESSION['mconn'], "delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
        }
 
        // functions for 6.php (assure somebody)
@@ -1095,7 +1095,7 @@ function get_user_agreements($memid, $type=null, $active=null){
                $mailid = intval($mailid);
                revoke_all_client_cert($mailid);
                $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
        }
 
        function account_domain_delete($domainid){
@@ -1106,7 +1106,7 @@ function get_user_agreements($memid, $type=null, $active=null){
        //called from account_delete
                $domainid = intval($domainid);
                revoke_all_server_cert($domainid);
-               mysql_query(
+               mysqli_query($_SESSION['mconn'], 
                        "update `domains`
                        set `deleted`=NOW()
                        where `id` = '$domainid'");
@@ -1117,7 +1117,7 @@ function get_user_agreements($memid, $type=null, $active=null){
        // called from www/account.php if($oldid == 50 && $process != "")
        //change password
                $id = intval($id);
-               $arbno = mysql_real_escape_string($arbno);
+               $arbno = mysqli_real_escape_string($_SESSION['mconn'], $arbno);
                $adminid = intval($adminid);
                $pool = 'abcdefghijklmnopqrstuvwxyz';
                $pool .= '0123456789!()§';
@@ -1128,33 +1128,33 @@ function get_user_agreements($memid, $type=null, $active=null){
                {
                        $password .= substr($pool,(rand()%(strlen ($pool))), 1);
                }
-               mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+               mysqli_query($_SESSION['mconn'], "update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
 
        //create new mail for arbitration number
                $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
-               mysql_query($query);
-               $emailid = mysql_insert_id();
+               mysqli_query($_SESSION['mconn'], $query);
+               $emailid = mysqli_insert_id($_SESSION['mconn']);
 
        //set new mail as default
                $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
 
        //delete all other email address
                $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
-               $res=mysql_query($query);
-               while($row = mysql_fetch_assoc($res)){
+               $res=mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res)){
                        account_email_delete($row['id']);
                }
 
        //delete all domains
                $query = "select `id` from `domains` where `memid`='".$id."'";
-               $res=mysql_query($query);
-               while($row = mysql_fetch_assoc($res)){
+               $res=mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res)){
                        account_domain_delete($row['id']);
                }
 
        //clear alert settings
-               mysql_query(
+               mysqli_query($_SESSION['mconn'], 
                        "update `alerts` set
                                `general`='0',
                                `country`='0',
@@ -1164,17 +1164,17 @@ function get_user_agreements($memid, $type=null, $active=null){
 
        //set default location
                $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
 
        //clear listings
                $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
 
        //set lanuage to default
                //set default language
-               mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+               mysqli_query($_SESSION['mconn'], "update `users` set `language`='en_AU' where `id`='".$id."'");
                //delete secondary langugaes
-               mysql_query("delete from `addlang` where `userid`='".$id."'");
+               mysqli_query($_SESSION['mconn'], "delete from `addlang` where `userid`='".$id."'");
 
        //change secret questions
                for($i=1;$i<=5;$i++){
@@ -1186,7 +1186,7 @@ function get_user_agreements($memid, $type=null, $active=null){
                                $a .= substr($pool,(rand()%(strlen ($pool))), 1);
                        }
                        $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
-                       mysql_query($query);
+                       mysqli_query($_SESSION['mconn'], $query);
                }
 
        //change personal information to arbitration number and DOB=1900-01-01
@@ -1196,10 +1196,10 @@ function get_user_agreements($memid, $type=null, $active=null){
                        `suffix`='".$arbno."',
                        `dob`='1900-01-01'
                        where `id`='".$id."'";
-               mysql_query($query);
+               mysqli_query($_SESSION['mconn'], $query);
 
        //clear all admin and board flags
-               mysql_query(
+               mmysqli_query($_SESSION['mconn'], 
                        "update `users` set
                                `assurer`='0',
                                `assurer_blocked`='0',
@@ -1214,17 +1214,17 @@ function get_user_agreements($memid, $type=null, $active=null){
                        where `id`='$id'");
 
        //block account
-               mysql_query("update `users` set `locked`='1' where `id`='$id'");  //, `deleted`=Now()
+               mysqli_query($_SESSION['mconn'], "update `users` set `locked`='1' where `id`='$id'");  //, `deleted`=Now()
        }
 
 
        function check_email_exists($email){
        // called from includes/account.php if($process != "" && $oldid == 1)
        // called from includes/account.php     if($oldid == 50 && $process != "")
-               $email = mysql_real_escape_string($email);
+               $email = mysqli_real_escape_string($_SESSION['mconn'], $email);
                $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
-               $res = mysql_query($query);
-               return mysql_num_rows($res) > 0;
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               return mysqli_num_rows($res) > 0;
        }
 
        function check_gpg_cert_running($uid,$cca=0){
@@ -1236,8 +1236,8 @@ function get_user_agreements($memid, $type=null, $active=null){
                }else{
                        $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
                }
-               $res = mysql_query($query);
-               return mysql_num_rows($res) > 0;
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               return mysqli_num_rows($res) > 0;
        }
 
        function check_client_cert_running($uid,$cca=0){
@@ -1251,10 +1251,10 @@ function get_user_agreements($memid, $type=null, $active=null){
                        $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
                        $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
                }
-               $res = mysql_query($query1);
-               $r1 = mysql_num_rows($res)>0;
-               $res = mysql_query($query2);
-               $r2 = mysql_num_rows($res)>0;
+               $res = mysqli_query($_SESSION['mconn'], $query1);
+               $r1 = mysqli_num_rows($res)>0;
+               $res = mysqli_query($_SESSION['mconn'], $query2);
+               $r2 = mysqli_num_rows($res)>0;
                return !!($r1 || $r2);
        }
 
@@ -1287,10 +1287,10 @@ function get_user_agreements($memid, $type=null, $active=null){
                                where `domains`.`memid` = '$uid'
                                        and `revoked`>(NOW()-90*86400)";
                }
-               $res = mysql_query($query1);
-               $r1 = mysql_num_rows($res)>0;
-               $res = mysql_query($query2);
-               $r2 = mysql_num_rows($res)>0;
+               $res = mysqli_query($_SESSION['mconn'], $query1);
+               $r1 = mysqli_num_rows($res)>0;
+               $res = mysqli_query($_SESSION['mconn'], $query2);
+               $r2 = mysqli_num_rows($res)>0;
                return !!($r1 || $r2);
        }
 
@@ -1298,8 +1298,8 @@ function get_user_agreements($memid, $type=null, $active=null){
                // called from includes/account.php     if($oldid == 50 && $process != "")
                $uid = intval($uid);
                $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
-               $res = mysql_query($query);
-               return mysql_num_rows($res) > 0;
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               return mysqli_num_rows($res) > 0;
        }
 
 
@@ -1311,9 +1311,9 @@ function get_user_agreements($memid, $type=null, $active=null){
                        from `emaillink`,`emailcerts` where
                        `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
                        group by `emailcerts`.`id`";
-               $dres = mysql_query($query);
-               while($drow = mysql_fetch_assoc($dres)){
-                       mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+               $dres = mysqli_query($_SESSION['mconn'], $query);
+               while($drow = mysqli_fetch_assoc($dres)){
+                       mysqli_query($_SESSION['mconn'], "update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
                }
        }
 
@@ -1329,10 +1329,10 @@ function get_user_agreements($memid, $type=null, $active=null){
                                from `domaincerts`, `domlink`
                                where `domaincerts`.`id` = `domlink`.`certid`
                                and `domlink`.`domid` = '$domainid'";
-               $dres = mysql_query($query);
-               while($drow = mysql_fetch_assoc($dres))
+               $dres = mysqli_query($_SESSION['mconn'], $query);
+               while($drow = mysqli_fetch_assoc($dres))
                {
-                       mysql_query(
+                       mysqli_query($_SESSION['mconn'], 
                        "update `domaincerts`
                                set `revoked`='1970-01-01 10:00:01'
                                where `id` = '".$drow['id']."'
@@ -1345,15 +1345,15 @@ function get_user_agreements($memid, $type=null, $active=null){
                //gpg revokation needs to be added to a later point
                $uid=intval($uid);
                $query = "select `id` from `email` where `memid`='".$uid."'";
-               $res=mysql_query($query);
-               while($row = mysql_fetch_assoc($res)){
+               $res=mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res)){
                        revoke_all_client_cert($row['id']);
                }
 
 
                $query = "select `id` from `domains` where `memid`='".$uid."'";
-               $res=mysql_query($query);
-               while($row = mysql_fetch_assoc($res)){
+               $res=mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res)){
                        revoke_all_server_cert($row['id']);
                }
        }
@@ -1415,11 +1415,11 @@ function write_se_log($uid, $adminid, $type, $info){
        //records all support engineer actions changing a user account
        $uid = intval($uid);
        $adminid = intval($adminid);
-       $type = mysql_real_escape_string($type);
-       $info = mysql_real_escape_string($info);
+       $type = mysqli_real_escape_string($_SESSION['mconn'], $type);
+       $info = mysqli_real_escape_string($_SESSION['mconn'], g($info);
        $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
                (Now(), $uid, $adminid, '$type', '$info')";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1453,7 +1453,7 @@ function get_user_data($userid, $deleted=0){
                $filter .=' and `users`.`deleted`=0';
        }
        $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1462,7 +1462,7 @@ function get_user_data($userid, $deleted=0){
  * @return array - associative array
  */
 function get_alerts($userid){
-       return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+       return mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `alerts` where `memid`='".intval($userid)."'"));
 }
 
 /**
@@ -1480,10 +1480,10 @@ function get_email_addresses($userid, $exclude, $deleted=0){
                $filter .= ' and `deleted`=0';
        }
        if ($exclude) {
-               $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
+               $filter .= " and `email`!='".mysqli_real_escape_string($_SESSION['mconn'], $exclude)."'";
        }
        $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1500,7 +1500,7 @@ function get_domains($userid, $deleted=0){
                $filter .= ' and `deleted`=0';
        }
        $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1515,7 +1515,7 @@ function get_training_results($userid){
                " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
                " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
                " ORDER BY `CP`.`pass_date`";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1529,7 +1529,7 @@ function get_se_log($userid){
                FROM `adminlog`, `users`
                WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
                ORDER BY `adminlog`.`when`";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1560,7 +1560,7 @@ function get_client_certs($userid, $viewall=0){
                $query .= " HAVING `timeleft` > 0";
        }
        $query .= " ORDER BY `emailcerts`.`modified` desc";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1590,7 +1590,7 @@ function get_server_certs($userid, $viewall=0){
                $query .= " HAVING `timeleft` > 0";
        }
        $query .= " ORDER BY `domaincerts`.`modified` desc";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 /**
@@ -1611,7 +1611,7 @@ function get_gpg_certs($userid, $viewall=0){
                $query .= " HAVING `timeleft` > 0";
        }
        $query .= " ORDER BY `issued` desc";
-       return mysql_query($query);
+       return mysqli_query($_SESSION['mconn'], $query);
 }
 
 
index f4428aa..234891f 100644 (file)
        }
        $query .= "ORDER BY `modified` desc";
 //echo $query."<br>\n";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) <= 0)
        {
 ?>
   <tr>
     <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
   </tr>
 <? } else {
-       while($row = mysql_fetch_assoc($res))
+       while($row = mysqli_fetch_assoc($res))
        {
                if($row['timeleft'] > 0)
                        $verified = _("Valid");
index ea28c0e..0dcf58b 100644 (file)
@@ -17,8 +17,8 @@
 */ ?>
 <?
   $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
-  $res = mysql_query($query);
-  $user = mysql_fetch_assoc($res);
+  $res = mysqli_query($_SESSION['mconn'], $query);
+  $user = mysqli_fetch_assoc($res);
 
   $year = intval(substr($user['dob'], 0, 4));
   $month = intval(substr($user['dob'], 5, 2));
index 405cb44..b7a5b6c 100644 (file)
        $query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
                        `domains`.`memid`='".intval($_SESSION['profile']['id'])."' and
                        `domains`.`id`=`domaincerts`.`domid`";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) <= 0)
        {
                echo _("No such certificate attached to your account.");
                showfooter();
                exit;
        }
-       $row = mysql_fetch_assoc($res);
+       $row = mysqli_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
        $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 ?>
index ca0a3c8..cec7a49 100644 (file)
@@ -37,9 +37,9 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
       from `org`, `orginfo`
       where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
       ORDER BY `orginfo`.`O` ";
-    $reso = mysql_query($query);
-    if(mysql_num_rows($reso) >= 1){
-      while($row = mysql_fetch_assoc($reso)){
+    $reso = mysqli_query($_SESSION['mconn'], $query);
+    if(mysqli_num_rows($reso) >= 1){
+      while($row = mysqli_fetch_assoc($reso)){
         printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
       }
     }?>
@@ -106,8 +106,8 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
       $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc";
       break;
   }
-  $res = mysql_query($query);
-  if(mysql_num_rows($res) <= 0)
+  $res = mysqli_query($_SESSION['mconn'], $query);
+  if(mysqli_num_rows($res) <= 0)
   {
 ?>
 
@@ -116,7 +116,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
   </tr>
 <? } else {
   $orgname='';
-  while($row = mysql_fetch_assoc($res))
+  while($row = mysqli_fetch_assoc($res))
   {
     if ($row['O']<>$orgname) {
       $orgname=$row['O'];?>
@@ -188,4 +188,4 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
-</form>
\ No newline at end of file
+</form>
index d7259f3..0d01c6d 100644 (file)
        $query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and
                        `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                        `org`.`orgid`=`orgemailcerts`.`orgid`";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) <= 0)
        {
                showheader(_("My CAcert.org Account!"));
                echo _("No such certificate attached to your account.");
                showfooter();
                exit;
        }
-       $row = mysql_fetch_assoc($res);
+       $row = mysqli_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
        $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 
index 36421f9..0894dd0 100644 (file)
@@ -28,8 +28,8 @@
 
 <?
        $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
                if($row['hash'] == "")
                        $verified = _("Verified");
index 7b7db2d..5ccdd5e 100644 (file)
@@ -37,9 +37,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
       from `org`, `orginfo`
       where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
       ORDER BY `orginfo`.`O` ";
-    $reso = mysql_query($query);
-    if(mysql_num_rows($reso) >= 1){
-      while($row = mysql_fetch_assoc($reso)){
+    $reso = mysqli_query($_SESSION['mconn'], $query);
+    if(mysqli_num_rows($reso) >= 1){
+      while($row = mysqli_fetch_assoc($reso)){
         printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
       }
     }?>
@@ -109,8 +109,8 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
 
 
 //echo $query."<br>\n";
-  $res = mysql_query($query);
-  if(mysql_num_rows($res) <= 0)
+  $res = mysqli_query($_SESSION['mconn'], $query);
+  if(mysqli_num_rows($res) <= 0)
   {
 ?>
   <tr>
@@ -118,7 +118,7 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
   </tr>
 <? } else {
   $orgname='';
-  while($row = mysql_fetch_assoc($res))
+  while($row = mysqli_fetch_assoc($res))
   {
     if ($row['O']<>$orgname) {
       $orgname=$row['O'];?>
index 4255b47..33f1101 100644 (file)
        $query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
                        `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
                        `org`.`orgid`=`orgdomaincerts`.`orgid`";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) <= 0)
        {
                echo _("No such certificate attached to your account.");
                showfooter();
                exit;
        }
-       $row = mysql_fetch_assoc($res);
+       $row = mysqli_fetch_assoc($res);
         $crtname=escapeshellarg($row['crt_name']);
        $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
 ?>
index a70f608..8241852 100644 (file)
        
        // Safe because $order_by only contains fixed strings
        $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by);
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
-               $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
-               $admincount = mysql_num_rows($r2);
-               $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
-               $domcount = mysql_num_rows($r2);
+               $r2 = mysqli_query($_SESSION['mconn'], "select * from `org` where `orgid`='".intval($row['id'])."'");
+               $admincount = mysqli_num_rows($r2);
+               $r2 = mysqli_query($_SESSION['mconn'], "select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+               $domcount = mysqli_num_rows($r2);
 ?>
   <tr>
     <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
index f8b195d..99a2bd2 100644 (file)
@@ -17,7 +17,7 @@
 */ ?>
 <?
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
   <tr>
@@ -30,8 +30,8 @@
   </tr>
 <?
        $query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        { ?>
   <tr>
     <td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td>
index a1086d4..7c73be4 100644 (file)
@@ -16,7 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-       $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+       $row = mysqli_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
 ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
index 1212f9c..7d7f7aa 100644 (file)
@@ -17,7 +17,7 @@
 */ ?>
 <?
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
index 4229b3b..2132826 100644 (file)
@@ -17,9 +17,9 @@
 */ ?>
 <?
        $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $org = mysql_fetch_assoc(mysql_query($query));
+       $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 
        $_SESSION['_config']['domain'] = $row['domain'];
 ?>
index cd62ce0..a2d6bc0 100644 (file)
@@ -38,8 +38,8 @@
 
 <?
        $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        { ?>
   <tr>
     <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
index 04ad229..8cf1a03 100644 (file)
@@ -17,9 +17,9 @@
 */ ?>
 <?
        $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $org = mysql_fetch_assoc(mysql_query($query));
+       $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 
        $_SESSION['_config']['domain'] = $row['domain'];
 ?>
index 9f3d27e..033d177 100644 (file)
@@ -17,7 +17,7 @@
 */ ?>
 <?
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $org = mysql_fetch_assoc(mysql_query($query));
+       $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 
 ?>
 <form method="post" action="account.php">
index a05c927..6bb92ce 100644 (file)
@@ -17,7 +17,7 @@
 */ ?>
 <?
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
   <tr>
   </tr>
 <?
        $query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
-               $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'"));
+               $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($row['memid'])."'"));
 ?>
   <tr>
     <td class="DataTD"><a href='mailto:<?=sanitizeHTML($user['email'])?>'><?=sanitizeHTML($user['fname'])?> <?=sanitizeHTML($user['lname'])?></a></td>
index 9e2f67a..a8f894b 100644 (file)
@@ -17,7 +17,7 @@
 */ ?>
 <?
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        
        // Reset session variables regarding OrgAdmin's, present empty form
   if (array_key_exists('email',$_SESSION['_config']))     $_SESSION['_config']['email']=""; 
index b11bc7d..5c6c8b8 100644 (file)
 */ ?>
 <?
        $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
-       $org = mysql_fetch_assoc(mysql_query($query));
+       $org = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        $query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'";
-       $user = mysql_fetch_assoc(mysql_query($query));
+       $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
 
        $_SESSION['_config']['domain'] = $row['domain'];
 ?>
index 05c7f2b..64f62e1 100644 (file)
@@ -24,8 +24,8 @@ $query = "select *
                        where `orginfo`.`id`=`org`.`orgid`
                        and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
 
-$res = mysql_query($query);
-while($row = mysql_fetch_assoc($res))
+$res = mysqli_query($_SESSION['mconn'], $query);
+while($row = mysqli_fetch_assoc($res))
 {
        ?>
        <tr>
@@ -55,8 +55,8 @@ while($row = mysql_fetch_assoc($res))
        
        //domain info
        $query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'";
-       $res1 = mysql_query($query);
-       while($domain = mysql_fetch_assoc($res1))
+       $res1 = mysqli_query($_SESSION['mconn'], $query);
+       while($domain = mysqli_fetch_assoc($res1))
        {
                ?>
                <tr>
@@ -76,10 +76,10 @@ while($row = mysql_fetch_assoc($res))
        
        //org admins
        $query = "select * from `org` where `orgid`='".intval($row['id'])."'";
-       $res2 = mysql_query($query);
-       while($org = mysql_fetch_assoc($res2))
+       $res2 = mysqli_query($_SESSION['mconn'], $query);
+       while($org = mysqli_fetch_assoc($res2))
        {
-               $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'"));
+               $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($org['memid'])."'"));
                ?> 
                <tr>
                        <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
index d61d8db..381b0a4 100644 (file)
@@ -54,10 +54,10 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
   </tr>
 <?
        $query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
-               $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+               $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysqli_real_escape_string($_SESSION['mconn'], $row['lang'])."'"));
 ?>
   <tr>
     <td class="DataTD"><?=_("Additional Language")?>:</td>
@@ -70,8 +70,8 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
     <td class="DataTD"><select name="addlang">
 <?
        $query = "select * from `languages` order by `locale`";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
                printf("<option value=\"%s\">[%s] %s (%s)</option>\n",
                        sanitizeHTML($row['locale']),
index c889ce3..39c37fb 100644 (file)
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
 {
     $_REQUEST['userid'] = 0;
 
-    $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+    $emailsearch = $email = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['email']));
 
     //Disabled to speed up the queries
     //if(!strstr($email, "%"))
@@ -63,8 +63,8 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
             group by `users`.`id` limit 100";
     }
     // bug-975 ted+uli changes --- end
-    $res = mysql_query($query);
-    if(mysql_num_rows($res) > 1) {
+    $res = mysqli_query($_SESSION['mconn'], $query);
+    if(mysqli_num_rows($res) > 1) {
 ?>
         <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
             <tr>
@@ -75,7 +75,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
                 <td class="DataTD"><?=_("Email")?></td>
             </tr>
 <?
-        while($row = mysql_fetch_assoc($res))
+        while($row = mysqli_fetch_assoc($res))
         {
 ?>
             <tr>
@@ -85,7 +85,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
 <?
         }
 
-        if(mysql_num_rows($res) >= 100) {
+        if(mysqli_num_rows($res) >= 100) {
 ?>
             <tr>
                 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
@@ -94,15 +94,15 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
         } else {
 ?>
             <tr>
-                <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+                <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
             </tr>
 <?
         }
 ?>
         </table><br><br>
 <?
-    } elseif(mysql_num_rows($res) == 1) {
-        $row = mysql_fetch_assoc($res);
+    } elseif(mysqli_num_rows($res) == 1) {
+        $row = mysqli_fetch_assoc($res);
         $_REQUEST['userid'] = $row['id'];
     } else {
         printf(_("No users found matching %s"), sanitizeHTML($email));
@@ -113,13 +113,13 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
 if(intval($_REQUEST['userid']) > 0) {
     $userid = intval($_REQUEST['userid']);
     $res =get_user_data($userid);
-    if(mysql_num_rows($res) <= 0) {
+    if(mysqli_num_rows($res) <= 0) {
         echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
     } else {
-        $row = mysql_fetch_assoc($res);
+        $row = mysqli_fetch_assoc($res);
         $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
-        $dres = mysql_query($query);
-        $drow = mysql_fetch_assoc($dres);
+        $dres = mysqli_query($_SESSION['mconn'], $query);
+        $drow = mysqli_fetch_assoc($dres);
         $alerts =get_alerts(intval($row['id']));
 
 //display account data
@@ -132,11 +132,11 @@ if(intval($_REQUEST['userid']) > 0) {
             } else {
                 $assurance = intval($_REQUEST['assurance']);
                 $trow = 0;
-                $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
+                $res = mysqli_query($_SESSION['mconn'], "select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
                 if ($res) {
-                    $trow = mysql_fetch_assoc($res);
+                    $trow = mysqli_fetch_assoc($res);
                     if ($trow) {
-                        mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
+                        mysqli_query($_SESSION['mconn'], "update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
                         fix_assurer_flag($trow['to']);
                     }
                 }
@@ -403,14 +403,14 @@ if(intval($_REQUEST['userid']) > 0) {
     <?
     //list secondary email addresses
                 $dres = get_email_addresses(intval($row['id']),$row['email']);
-                if(mysql_num_rows($dres) > 0) {
+                if(mysqli_num_rows($dres) > 0) {
     ?>
     <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
         <tr>
             <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
         </tr>
     <?
-                    while($drow = mysql_fetch_assoc($dres)) {
+                    while($drow = mysqli_fetch_assoc($dres)) {
     ?>
         <tr>
             <td class="DataTD"><?=_("Secondary Emails")?>:</td>
@@ -426,14 +426,14 @@ if(intval($_REQUEST['userid']) > 0) {
 
     // list of domains
                 $dres=get_domains(intval($row['id']));
-                if(mysql_num_rows($dres) > 0) {
+                if(mysqli_num_rows($dres) > 0) {
     ?>
     <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
         <tr>
             <td colspan="5" class="title"><?=_("Verified Domains")?></td>
         </tr>
     <?
-                    while($drow = mysql_fetch_assoc($dres)) {
+                    while($drow = mysqli_fetch_assoc($dres)) {
     ?>
         <tr>
             <td class="DataTD"><?=_("Domain")?>:</td>
@@ -488,7 +488,7 @@ if(intval($_REQUEST['userid']) > 0) {
                    4. users.email = primary-email
 
                 --- Assurer, assure someone find user query
-                select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+                select * from `users` where `email`='".mysqli_real_escape_string($_SESSION['mconn'], $_POST['email']))."'
                     and `deleted`=0
                  => requirements
                    1. users.deleted = 0
@@ -527,8 +527,8 @@ if(intval($_REQUEST['userid']) > 0) {
                 // current userid  intval($row['id'])
                 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
                     from `users` where `id`='".intval($row['id'])."' ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $uemail    = $drow['uemail'];
                 $udeleted  = $drow['udeleted'];
                 $uverified = $drow['verified'];
@@ -538,16 +538,16 @@ if(intval($_REQUEST['userid']) > 0) {
                     where `memid`='".intval($row['id'])."' and
                         `email` ='".$uemail."' and
                         `deleted` = 0";
-                $dres = mysql_query($query);
-                if ($drow = mysql_fetch_assoc($dres)) {
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                if ($drow = mysqli_fetch_assoc($dres)) {
                     $drow['edeleted'] = 0;
                 } else {
                     // try if there are deleted entries
                     $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
                         where `memid`='".intval($row['id'])."' and
                             `email` ='".$uemail."'";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                 }
 
                 if ($drow) {
@@ -626,8 +626,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         on `domains`.`id` = `domaincerts`.`domid`
                     where `domains`.`memid` = '".intval($row['id'])."'
                     ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $total = $drow['total'];
 
                 $maxexpire = "0000-00-00 00:00:00";
@@ -644,8 +644,8 @@ if(intval($_REQUEST['userid']) > 0) {
                             and `revoked` = '0000-00-00 00:00:00'
                             and `expire` > NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $valid = $drow['valid'];
 
                     $query = "
@@ -655,8 +655,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `domains`.`memid` = '".intval($row['id'])."'
                             and `expire` <= NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $expired = $drow['expired'];
 
                     $query = "
@@ -666,8 +666,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `domains`.`memid` = '".intval($row['id'])."'
                             and `revoked` != '0000-00-00 00:00:00'
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $revoked = $drow['revoked'];
     ?>
             <td class="DataTD"><?=intval($total)?></td>
@@ -692,8 +692,8 @@ if(intval($_REQUEST['userid']) > 0) {
                     from `emailcerts`
                     where `memid` = '".intval($row['id'])."'
                     ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $total = $drow['total'];
 
                 $maxexpire = "0000-00-00 00:00:00";
@@ -709,8 +709,8 @@ if(intval($_REQUEST['userid']) > 0) {
                             and `revoked` = '0000-00-00 00:00:00'
                             and `expire` > NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $valid = $drow['valid'];
 
                     $query = "
@@ -719,8 +719,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `memid` = '".intval($row['id'])."'
                             and `expire` <= NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $expired = $drow['expired'];
 
                     $query = "
@@ -729,8 +729,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `memid` = '".intval($row['id'])."'
                             and `revoked` != '0000-00-00 00:00:00'
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $revoked = $drow['revoked'];
     ?>
             <td class="DataTD"><?=intval($total)?></td>
@@ -755,8 +755,8 @@ if(intval($_REQUEST['userid']) > 0) {
                     from `gpg`
                     where `memid` = '".intval($row['id'])."'
                     ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $total = $drow['total'];
 
                 $maxexpire = "0000-00-00 00:00:00";
@@ -771,8 +771,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `memid` = '".intval($row['id'])."'
                             and `expire` > NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $valid = $drow['valid'];
 
                     $query = "
@@ -781,8 +781,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `memid` = '".intval($row['id'])."'
                             and `expire` <= NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $expired = $drow['expired'];
     ?>
             <td class="DataTD"><?=intval($total)?></td>
@@ -809,8 +809,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         on `orgcerts`.`orgid` = `org`.`orgid`
                     where `org`.`memid` = '".intval($row['id'])."'
                     ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $total = $drow['total'];
 
                 $maxexpire = "0000-00-00 00:00:00";
@@ -827,8 +827,8 @@ if(intval($_REQUEST['userid']) > 0) {
                             and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
                             and `orgcerts`.`expire` > NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $valid = $drow['valid'];
 
                     $query = "
@@ -838,8 +838,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `org`.`memid` = '".intval($row['id'])."'
                             and `orgcerts`.`expire` <= NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $expired = $drow['expired'];
 
                     $query = "
@@ -849,8 +849,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `org`.`memid` = '".intval($row['id'])."'
                             and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $revoked = $drow['revoked'];
     ?>
             <td class="DataTD"><?=intval($total)?></td>
@@ -877,8 +877,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         on `orgcerts`.`orgid` = `org`.`orgid`
                     where `org`.`memid` = '".intval($row['id'])."'
                     ";
-                $dres = mysql_query($query);
-                $drow = mysql_fetch_assoc($dres);
+                $dres = mysqli_query($_SESSION['mconn'], $query);
+                $drow = mysqli_fetch_assoc($dres);
                 $total = $drow['total'];
 
                 $maxexpire = "0000-00-00 00:00:00";
@@ -895,8 +895,8 @@ if(intval($_REQUEST['userid']) > 0) {
                             and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
                             and `orgcerts`.`expire` > NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $valid = $drow['valid'];
 
                     $query = "
@@ -906,8 +906,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `org`.`memid` = '".intval($row['id'])."'
                             and `orgcerts`.`expire` <= NOW()
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $expired = $drow['expired'];
 
                     $query = "
@@ -917,8 +917,8 @@ if(intval($_REQUEST['userid']) > 0) {
                         where `org`.`memid` = '".intval($row['id'])."'
                             and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
                         ";
-                    $dres = mysql_query($query);
-                    $drow = mysql_fetch_assoc($dres);
+                    $dres = mysqli_query($_SESSION['mconn'], $query);
+                    $drow = mysqli_fetch_assoc($dres);
                     $revoked = $drow['revoked'];
     ?>
             <td class="DataTD"><?=intval($total)?></td>
@@ -985,10 +985,10 @@ if(intval($_REQUEST['userid']) > 0) {
         </tr>
     <?
         $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'  and `deleted` = 0";
-        $dres = mysql_query($query);
+        $dres = mysqli_query($_SESSION['mconn'], $query);
         $points = 0;
-        while($drow = mysql_fetch_assoc($dres)) {
-            $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+        while($drow = mysqli_fetch_assoc($dres)) {
+            $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['from'])."'"));
             $points += $drow['points'];
     ?>
         <tr>
@@ -1032,10 +1032,10 @@ if(intval($_REQUEST['userid']) > 0) {
         </tr>
     <?
         $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
-        $dres = mysql_query($query);
+        $dres = mysqli_query($_SESSION['mconn'], $query);
         $points = 0;
-        while($drow = mysql_fetch_assoc($dres)) {
-            $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
+        while($drow = mysqli_fetch_assoc($dres)) {
+            $fromuser = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($drow['to'])."'"));
             $points += intval($drow['points']);
     ?>
         <tr>
index 0218fa0..b3b8d53 100644 (file)
@@ -19,7 +19,7 @@
        $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
        if($userid <= 0)
        {
-               $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+               $domainsearch = $domain = mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_POST['domain']));
                if(!strstr($domain, "%"))
                        $domainsearch = "%$domain%";
                if(preg_match("/^\d+$/",$domain))
                                `domains`.`deleted`=0 and `users`.`deleted`=0 and
                                `users`.`verified`=1
                                group by `users`.`id` limit 100";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) >= 1) { ?>
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) >= 1) { ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
   </tr>
 <?
-       while($row = mysql_fetch_assoc($res))
+       while($row = mysqli_fetch_assoc($res))
        { ?>
   <tr>
     <td class="DataTD"><?=_("Domain")?>:</td>
     <td class="DataTD"><?=$row['domid']?></td>
     <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
   </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
   <tr>
     <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
   </tr>
 <? } else { ?>
   <tr>
-    <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+    <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
   </tr>
 <? } ?>
 </table><br><br>
-<?             } elseif(mysql_num_rows($res) == 1) {
-                       $row = mysql_fetch_assoc($res);
+<?             } elseif(mysqli_num_rows($res) == 1) {
+                       $row = mysqli_fetch_assoc($res);
                        $_GET['userid'] = intval($row['id']);
                } else {
                        ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
                }
 
                $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) >= 1) { ?>
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) >= 1) { ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
   </tr>
 <?
-       while($row = mysql_fetch_assoc($res))
+       while($row = mysqli_fetch_assoc($res))
        { ?>
   <tr>
     <td class="DataTD"><?=_("Domain")?>:</td>
     <td class="DataTD"><?=$row['id']?></td>
     <td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
   </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? } if(mysqli_num_rows($res) >= 100) { ?>
   <tr>
     <td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
   </tr>
 <? } else { ?>
   <tr>
-    <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+    <td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysqli_num_rows($res)); ?></td>
   </tr>
 <? } ?>
 </table><br><br>
-<?             } elseif(mysql_num_rows($res) == 1) {
-                       $row = mysql_fetch_assoc($res);
+<?             } elseif(mysqli_num_rows($res) == 1) {
+                       $row = mysqli_fetch_assoc($res);
                        $_GET['userid'] = intval($row['id']);
                } else {
                        ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
index efed0ab..49ef4ca 100644 (file)
                $query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
        $query .= " ORDER BY `modified` desc";
 // echo $query."<br>\n";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) <= 0)
        {
 ?>
   <tr>
     <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
   </tr>
 <? } else {
-       while($row = mysql_fetch_assoc($res))
+       while($row = mysqli_fetch_assoc($res))
        {
                if($row['timeleft'] > 0)
                        $verified = _("Valid");
index 7273840..d0b8367 100644 (file)
 <?
        $uid = intval($_GET['photoid']);
        $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) > 0) { ?>
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) > 0) { ?>
 <img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
 <? } else {
         $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
-        $res = mysql_query($query);
-        if(mysql_num_rows($res) > 0)
+        $res = mysqli_query($_SESSION['mconn'], $query);
+        if(mysqli_num_rows($res) > 0)
         {
                 echo _("This UID has already been voted on.");
         } else {
index 6c00c26..5042852 100644 (file)
@@ -21,13 +21,13 @@ if($_SESSION['profile']['tverify'] <= 0) {
 } else {
        $uid = intval($_GET['uid']);
        $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) > 0) {
-               $row = mysql_fetch_assoc($res);
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       if(mysqli_num_rows($res) > 0) {
+               $row = mysqli_fetch_assoc($res);
                $memid = intval($row['memid']);
 
                $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
-               $rc2 = mysql_num_rows(mysql_query($query2));
+               $rc2 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query2));
                if($rc2 > 0) {
                        showheader(_("My CAcert.org Account!"));
                        echo _("You have already voted on this request.");
@@ -36,9 +36,9 @@ if($_SESSION['profile']['tverify'] <= 0) {
                }
 
                $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
-               $notary = mysql_fetch_assoc(mysql_query($query));
+               $notary = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
                $query = "select * from `users` where `id`='".intval($memid)."'";
-               $user = mysql_fetch_assoc(mysql_query($query));
+               $user = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
                $tobe = 50 - $notary['points'];
                if($row['URL'] != '' && $row['photoid'] != '') {
                        $tobe = 150 - $notary['points'];
@@ -74,8 +74,8 @@ if($_SESSION['profile']['tverify'] <= 0) {
 <?
        } else {
                $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0) {
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) > 0) {
                        echo _("This UID has already been voted on.")."<br/>";
                } else {
                        if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
@@ -83,13 +83,13 @@ if($_SESSION['profile']['tverify'] <= 0) {
 
                // Search for open requests:
                $query = "select * from `tverify` where `modified`=0";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0) {
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               if(mysqli_num_rows($res) > 0) {
                        echo "<br/>"._("The following requests are still open:")."<br/><ul>";
-                       while($row = mysql_fetch_assoc($res)) {
+                       while($row = mysqli_fetch_assoc($res)) {
                                $uid=intval($row['id']);
                                $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
-                               $rc3 = mysql_num_rows(mysql_query($query3));
+                               $rc3 = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query3));
                                if($rc3 <= 0)
                                {
                                        echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
index cc9e2d6..82509f6 100644 (file)
@@ -16,7 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-       $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+       $town = array_key_exists('town',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'], stripslashes($_REQUEST['town'])):"";
        $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
        $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
        $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
@@ -29,7 +29,7 @@
 
        if($regid > 0)
        {
-               $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+               $reg = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `regions` where `id`='$regid'"));
                $display = "<ul class='top'>\n<li>\n".
                        "<a href='account.php?id=53&amp;regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;regid=$regid'>"._("Add")."</a>\n".
                        $display;
@@ -38,7 +38,7 @@
 
        if($ccid > 0)
        {
-               $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'"));
+               $cnt = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `countries` where `id`='$ccid'"));
                $display = "<ul class='top'>\n<li>\n".
                        "<a href='account.php?id=53&amp;ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;ccid=$ccid'>"._("Add")."</a>\n".
                        $display;
        {
                echo "<ul>\n";
                $query = "select * from `countries` order by `name`";
-               $res = mysql_query($query);
-               while($row = mysql_fetch_assoc($res))
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res))
                        echo "<li><a href='account.php?id=53&amp;ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
 
                echo "</ul>\n</li>\n</ul></div>\n<br>\n";
        } elseif($regid <= 0) {
                echo "<ul>\n";
                $query = "select * from `regions` where `ccid`='$ccid' order by `name`";
-               $res = mysql_query($query);
-               while($row = mysql_fetch_assoc($res))
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res))
                {
                        echo "<li>( <a href='account.php?action=edit&amp;id=54&regid=".intval($row['id'])."'>"._("edit")."</a> |";
                        echo " <a href='account.php?action=delete&amp;id=53&regid=".intval($row['id'])."'";
                if($town != "")
                {
                        $query = "select * from `locations` where `regid`='$regid' and `name` < '$town'";
-                       $start = mysql_num_rows(mysql_query($query));
+                       $start = mysqli_num_rows(mysqli_query($_SESSION['mconn'], $query));
                }
                $query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit";
-               $res = mysql_query($query);
-               while($row = mysql_fetch_assoc($res))
+               $res = mysqli_query($_SESSION['mconn'], $query);
+               while($row = mysqli_fetch_assoc($res))
                {
                        echo "<li>( <a href='account.php?action=move&amp;id=54&amp;locid=".intval($row['id'])."'>"._("move")."</a> |";
                        echo " <a href='account.php?action=aliases&amp;id=54&amp;locid=".intval($row['id'])."'>"._("aliases")."</a> |";
@@ -89,7 +89,7 @@
 
                echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
                $st="";$prev="";$end="";$next="";
-               $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'"));
+               $rc = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select * from `locations` where `regid`='$regid'"));
                if($start > 0)
                {
                        $prev = $start - $limit;
index 753b4af..714de6c 100644 (file)
@@ -19,7 +19,7 @@
        $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
        $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
        $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
-       $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+       $name = array_key_exists('name',$_REQUEST)?mysqli_real_escape_string($_SESSION['mconn'],$_REQUEST['name']):"";
 
        if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
 <form method="post" action="account.php">
@@ -41,7 +41,7 @@
 </form>
 <? } if($regid > 0 && $_REQUEST['action'] == "edit") {
        $query = "select * from `regions` where `id`='$regid' order by `name`";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], $query));
        $name = $row['name'];
 ?>
 <form method="post" action="account.php">
@@ -89,7 +89,7 @@
 </form>
 <? } if($locid > 0 && $_REQUEST['action'] == "edit") {
        $query = "select * from `locations` where `id`='$locid'";
-       $row = mysql_fetch_assoc(mysql_query($query));
+       $row = mysqli_fetch_assoc(mysqli_