\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = $res->fetch_assoc(); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } - mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); + $db_conn->query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } @@ -1787,19 +1793,19 @@ function buildSubjectFromSession() { $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + $res = $db_conn->query($query); + if($res->num_rows <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } - $row = mysql_fetch_assoc($res); + $row = $res->fetch_assoc(); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']); continue; } - mysql_query("delete from `orgemailcerts` where `id`='$id'"); + $db_conn->query("delete from `orgemailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."
\n", $row['CN']); @@ -1817,8 +1823,8 @@ function buildSubjectFromSession() { if(substr($id,0,14)=="check_comment_") { $cid = intval(substr($id,14)); - $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'"); + $comment=trim($db_conn->real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); + $db_conn->query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'"); } } echo(_("Certificate settings have been changed.")."
\n"); @@ -1879,14 +1885,14 @@ function buildSubjectFromSession() { `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and - `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'"; - $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query)); + `orgdomains`.`domain`='".$db_conn->real_escape_string($_SESSION['_config']['0.CN'])."'"; + $_SESSION['_config']['CNorg'] = $db_conn->query($query)->fetch_assoc(); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and - `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'"; - $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query)); + `orgdomains`.`domain`='".$db_conn->real_escape_string($_SESSION['_config']['0.subjectAltName'])."'"; + $_SESSION['_config']['SANorg'] = $db_conn->query($query)->fetch_assoc(); //echo "
"; print_r($_SESSION['_config']); die;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
@@ -1946,7 +1952,7 @@ function buildSubjectFromSession() {
`orginfo`.`id`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
}
- $org = mysql_fetch_assoc(mysql_query($query));
+ $org = $db_conn->query($query)->fetch_assoc();
$csrsubject = "";
if($_SESSION['_config']['OU'])
@@ -1972,42 +1978,42 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `orgdomaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+ `CN`='".$db_conn->real_escape_string($_SESSION['_config']['rows']['0'])."',
`orgid`='".intval($org['id'])."',
`created`=NOW(),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".$db_conn->real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `md`='".$db_conn->real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `description`='".$db_conn->real_escape_string($_SESSION['_config']['description'])."'";
} else {
$query = "insert into `orgdomaincerts` set
- `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+ `CN`='".$db_conn->real_escape_string($_SESSION['_config']['altrows']['0'])."',
`orgid`='".intval($org['id'])."',
`created`=NOW(),
- `subject`='".mysql_real_escape_string($csrsubject)."',
+ `subject`='".$db_conn->real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
- `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `md`='".$db_conn->real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
- `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ `description`='".$db_conn->real_escape_string($_SESSION['_config']['description'])."'";
}
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ $db_conn->query($query);
+ $CSRid = $db_conn->insert_id;
$CSRname=generatecertpath("csr","orgserver",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
- mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ $db_conn->query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+ $db_conn->query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
+ $db_conn->query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
waitForResult("orgdomaincerts", $CSRid,$oldid);
$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "", "");
@@ -2035,14 +2041,14 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = $res->fetch_assoc();
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
@@ -2051,7 +2057,7 @@ function buildSubjectFromSession() {
continue;
}
- mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+ $db_conn->query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']);
@@ -2059,32 +2065,32 @@ function buildSubjectFromSession() {
}
$query = "insert into `orgdomaincerts` set
`orgid`='".intval($row['orgid'])."',
- `CN`='".mysql_real_escape_string($row['CN'])."',
- `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
- `created`='".mysql_real_escape_string($row['created'])."',
+ `CN`='".$db_conn->real_escape_string($row['CN'])."',
+ `csr_name`='".$db_conn->real_escape_string($row['csr_name'])."',
+ `created`='".$db_conn->real_escape_string($row['created'])."',
`modified`=NOW(),
- `subject`='".mysql_real_escape_string($row['subject'])."',
+ `subject`='".$db_conn->real_escape_string($row['subject'])."',
`type`='".intval($row['type'])."',
`rootcert`='".intval($row['rootcert'])."',
- `description`='".mysql_real_escape_string($row['description'])."'";
- mysql_query($query);
- $newid = mysql_insert_id();
+ `description`='".$db_conn->real_escape_string($row['description'])."'";
+ $db_conn->query($query);
+ $newid = $db_conn->insert_id;
//echo "NewID: $newid
\n";
$newfile=generatecertpath("csr","orgserver",$newid);
copy($row['csr_name'], $newfile);
- mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
+ $db_conn->query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."
\n";
- $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
- while($r2 = mysql_fetch_assoc($res))
- mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
+ $res = $db_conn->query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
+ while($r2 = $res->fetch_assoc())
+ $db_conn->query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
waitForResult("orgdomaincerts", $newid,$oldid,0);
$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "", "");
} else {
- $drow = mysql_fetch_assoc($res);
+ $drow = $res->fetch_assoc();
$crtname = escapeshellarg($drow['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
echo "\n$cert\n
\n";
@@ -2114,19 +2120,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = $res->fetch_assoc();
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']);
continue;
}
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
+ $db_conn->query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
@@ -2149,19 +2155,19 @@ function buildSubjectFromSession() {
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id);
continue;
}
- $row = mysql_fetch_assoc($res);
+ $row = $res->fetch_assoc();
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']);
continue;
}
- mysql_query("delete from `orgdomaincerts` where `id`='$id'");
+ $db_conn->query("delete from `orgdomaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."
\n", $row['CN']);
@@ -2179,8 +2185,8 @@ function buildSubjectFromSession() {
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
- $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
- mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ $comment=trim($db_conn->real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ $db_conn->query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."
\n");
@@ -2219,18 +2225,18 @@ function buildSubjectFromSession() {
if($oldid == 24 && $process != "")
{
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
- $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
- $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
- $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
- $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
- $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+ $_SESSION['_config']['O'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['O'])));
+ $_SESSION['_config']['contact'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['contact'])));
+ $_SESSION['_config']['L'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['L'])));
+ $_SESSION['_config']['ST'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['ST'])));
+ $_SESSION['_config']['C'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['C'])));
+ $_SESSION['_config']['comments'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['comments'])));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ $db_conn->query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2247,18 +2253,18 @@ function buildSubjectFromSession() {
{
csrf_check('orgdetchange');
$id = intval($oldid);
- $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
- $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
- $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
- $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
- $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
- $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
+ $_SESSION['_config']['O'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['O'])));
+ $_SESSION['_config']['contact'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['contact'])));
+ $_SESSION['_config']['L'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['L'])));
+ $_SESSION['_config']['ST'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['ST'])));
+ $_SESSION['_config']['C'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['C'])));
+ $_SESSION['_config']['comments'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['comments'])));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
- mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
+ $db_conn->query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
@@ -2274,9 +2280,9 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
{
- $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
- if(mysql_num_rows($res1) > 0)
+ $domain = $_SESSION['_config']['domain'] = trim($db_conn->real_escape_string(stripslashes($_REQUEST['domainname'])));
+ $res1 = $db_conn->query("select * from `orgdomains` where `domain`='$domain'");
+ if($res1->num_rows > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2292,7 +2298,7 @@ function buildSubjectFromSession() {
if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
{
- mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
+ $db_conn->query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
@@ -2302,11 +2308,11 @@ function buildSubjectFromSession() {
if($oldid == 29 && $process != "")
{
- $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
+ $domain = $db_conn->real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
- $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
- if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ $res1 = $db_conn->query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
+ $res2 = $db_conn->query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
+ if($res1->num_rows > 0 || $res2->num_rows > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
@@ -2320,23 +2326,23 @@ function buildSubjectFromSession() {
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
+ $res = $db_conn->query($query);
+ while($row = $res->fetch_assoc())
+ $db_conn->query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ $res = $db_conn->query($query);
+ while($row = $res->fetch_assoc())
+ $db_conn->query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
}
if($oldid == 29 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
- mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
+ $row = $db_conn->query("select * from `orgdomains` where `id`='".intval($domid)."'")->fetch_assoc();
+ $db_conn->query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
@@ -2346,9 +2352,10 @@ function buildSubjectFromSession() {
if($oldid == 30 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+ $res = $db_conn->query("select * from `orgdomains` where `id`='".intval($domid)."'");
+ $row = $res->fetch_assoc();
$domain = $row['domain'];
- mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
+ $db_conn->query("delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
@@ -2365,36 +2372,36 @@ function buildSubjectFromSession() {
if($oldid == 31 && $process != "")
{
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
+ $dres = $db_conn->query($query);
+ while($drow = $dres->fetch_assoc())
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = $db_conn->query($query);
+ while($row = $res->fetch_assoc())
{
- mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
- mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
+ $db_conn->query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ $db_conn->query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
+ $db_conn->query("delete from `orgdomlink` where `orgcertid`='".intval($row['id'])."'");
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
+ $res = $db_conn->query($query);
+ while($row = $res->fetch_assoc())
{
- mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
- mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
+ $db_conn->query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
+ $db_conn->query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
+ $db_conn->query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
}
}
- mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
- mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
+ $db_conn->query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ $db_conn->query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
+ $db_conn->query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
}
if($oldid == 31)
@@ -2406,7 +2413,8 @@ function buildSubjectFromSession() {
if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $_macc = mysql_num_rows(mysql_query($query));
+ $res = $db_conn->query($query);
+ $_macc = $res->num_rows;
if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2419,7 +2427,7 @@ function buildSubjectFromSession() {
if($id == 35 || $oldid == 35)
{
$query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
- $is_orguser = mysql_num_rows(mysql_query($query));
+ $is_orguser = $db_conn->query($query->num_rows);
if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2433,8 +2441,8 @@ function buildSubjectFromSession() {
{
$orgid = intval($_SESSION['_config']['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
$id = 35;
}
@@ -2447,17 +2455,17 @@ function buildSubjectFromSession() {
$masteracc = $_SESSION['_config']['masteracc'] = intval($_REQUEST['masteracc']);
else
$masteracc = $_SESSION['_config']['masteracc'] = 0;
- $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
+ $_REQUEST['email'] = $_SESSION['_config']['email'] = $db_conn->real_escape_string(stripslashes(trim($_REQUEST['email'])));
$_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
- $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
- $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
- if(mysql_num_rows($res) <= 0)
+ $comments = $_SESSION['_config']['comments'] = $db_conn->real_escape_string(stripslashes(trim($_REQUEST['comments'])));
+ $res = $db_conn->query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
+ if($res->num_rows <= 0)
{
$id = $oldid;
$oldid=0;
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
- $row = mysql_fetch_assoc($res);
+ $row = $res->fetch_assoc();
if ( !is_assurer(intval($row['id'])) )
{
$id = $oldid;
@@ -2465,12 +2473,12 @@ function buildSubjectFromSession() {
$_SESSION['_config']['errmsg'] =
_("The user is not an Assurer yet");
} else {
- mysql_query(
+ $db_conn->query(
"insert into `org`
set `memid`='".intval($row['id'])."',
`orgid`='".intval($_SESSION['_config']['orgid'])."',
`masteracc`='$masteracc',
- `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+ `OU`='".$db_conn->real_escape_string($_SESSION['_config']['OU'])."',
`comments`='$comments'");
}
}
@@ -2479,8 +2487,8 @@ function buildSubjectFromSession() {
if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
- $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
+ if($res->num_rows <= 0)
$id = 32;
}
@@ -2489,7 +2497,7 @@ function buildSubjectFromSession() {
$orgid = intval($_SESSION['_config']['orgid']);
$memid = intval($_REQUEST['memid']);
$query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
- mysql_query($query);
+ $db_conn->query($query);
}
if($oldid == 34 || $oldid == 33)
@@ -2501,7 +2509,8 @@ function buildSubjectFromSession() {
if($id == 36)
{
- $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $res = $db_conn->query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'");
+ $row = $res->fetch_assoc();
$_REQUEST['general'] = $row['general'];
$_REQUEST['country'] = $row['country'];
$_REQUEST['regional'] = $row['regional'];
@@ -2510,7 +2519,8 @@ function buildSubjectFromSession() {
if($oldid == 36)
{
- $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
+ $result = $db_conn->query("select * from `alerts` where `memid`='" . intval($_SESSION['profile']['id']) . "'");
+ $rc = $result->num_rows;
if($rc > 0)
{
$query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
@@ -2525,7 +2535,7 @@ function buildSubjectFromSession() {
`radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
`memid`='".intval($_SESSION['profile']['id'])."'";
}
- mysql_query($query);
+ $db_conn->query($query);
$id = $oldid;
$oldid=0;
}
@@ -2533,12 +2543,12 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'default')
{
csrf_check("mainlang");
- $lang = mysql_real_escape_string($_REQUEST['lang']);
+ $lang = $db_conn->real_escape_string($_REQUEST['lang']);
foreach(L10n::$translations as $key => $val)
{
if($key == $lang)
{
- mysql_query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
+ $db_conn->query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
$_SESSION['profile']['language'] = $lang;
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
@@ -2556,9 +2566,9 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'addsec')
{
csrf_check("seclang");
- $addlang = mysql_real_escape_string($_REQUEST['addlang']);
+ $addlang = $db_conn->real_escape_string($_REQUEST['addlang']);
// Does the language exist?
- mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
+ $db_conn->query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2568,8 +2578,8 @@ function buildSubjectFromSession() {
if($oldid == 41 && $_REQUEST['action'] == 'dellang')
{
csrf_check("seclang");
- $remove = mysql_real_escape_string($_REQUEST['remove']);
- mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
+ $remove = $db_conn->real_escape_string($_REQUEST['remove']);
+ $db_conn->query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
@@ -2604,7 +2614,7 @@ function buildSubjectFromSession() {
$regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0);
$newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
- $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
+ $name = array_key_exists('name',$_REQUEST)?$db_conn->real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
$lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
@@ -2612,58 +2622,60 @@ function buildSubjectFromSession() {
if($locid > 0 && $action == "edit")
{
$query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $db_conn->query($query);
+ $res = $db_conn->query("select * from `locations` where `id`='$locid'");
+ $row = $res->fetch_assoc();
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "edit") {
$query = "update `regions` set `name`='$name' where `id`='$regid'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $db_conn->query($query);
+ $res = $db_conn->query("select * from `regions` where `id`='$regid'");
+ $row = $res->fetch_assoc();
$_REQUEST['ccid'] = $row['ccid'];
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "add") {
- $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
+ $row = $db_conn->query("select `ccid` from `regions` where `id`='$regid'")->fetch_assoc();
$ccid = $row['ccid'];
$query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
- mysql_query($query);
+ $db_conn->query($query);
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($ccid > 0 && $action == "add" && $name != "") {
$query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";
- mysql_query($query);
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $db_conn->query($query);
+ $row = $db_conn->query("select * from `locations` where `id`='$locid'")->fetch_assoc();
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = $db_conn->query("select * from `locations` where `id`='$locid'")->fetch_assoc();
$_REQUEST['regid'] = $row['regid'];
- mysql_query("delete from `localias` where `locid`='$locid'");
- mysql_query("delete from `locations` where `id`='$locid'");
+ $db_conn->query("delete from `localias` where `locid`='$locid'");
+ $db_conn->query("delete from `locations` where `id`='$locid'");
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($locid > 0 && $action == "move") {
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $row = $db_conn->query("select * from `locations` where `id`='$locid'")->fetch_assoc();
$oldregid = $row['regid'];
- mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'");
- mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
- $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
+ $db_conn->query("update `locations` set `regid`='$newreg' where `id`='$locid'");
+ $db_conn->query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
+ $row = $db_conn->query("select * from `locations` where `id`='$locid'")->fetch_assoc();
$_REQUEST['regid'] = $row['regid'];
unset($_REQUEST['ccid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
} else if($regid > 0 && $action == "delete") {
- $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $row = $db_conn->query("select * from `regions` where `id`='$regid'")->fetch_assoc();
$_REQUEST['ccid'] = $row['ccid'];
- mysql_query("delete from `locations` where `regid`='$regid'");
- mysql_query("delete from `regions` where `id`='$regid'");
+ $db_conn->query("delete from `locations` where `regid`='$regid'");
+ $db_conn->query("delete from `regions` where `id`='$regid'");
unset($_REQUEST['regid']);
unset($_REQUEST['locid']);
unset($_REQUEST['action']);
@@ -2672,12 +2684,12 @@ function buildSubjectFromSession() {
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
$name = htmlentities($name);
- $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'");
+ $row = $db_conn->query("insert into `localias` set `locid`='$locid',`name`='$name'");
} else if($locid > 0 && $action == "delalias") {
$id = 54;
$_REQUEST['action'] = "aliases";
$_REQUEST['locid'] = $locid;
- $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'");
+ $row = $db_conn->query("delete from `localias` where `locid`='$locid' and `name`='$name'");
}
}
@@ -2714,15 +2726,15 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- $fname = mysql_real_escape_string($_REQUEST['fname']);
- $mname = mysql_real_escape_string($_REQUEST['mname']);
- $lname = mysql_real_escape_string($_REQUEST['lname']);
- $suffix = mysql_real_escape_string($_REQUEST['suffix']);
+ $fname = $db_conn->real_escape_string($_REQUEST['fname']);
+ $mname = $db_conn->real_escape_string($_REQUEST['mname']);
+ $lname = $db_conn->real_escape_string($_REQUEST['lname']);
+ $suffix = $db_conn->real_escape_string($_REQUEST['suffix']);
$day = intval($_REQUEST['day']);
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
- mysql_query($query);
+ $db_conn->query($query);
}elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
$id = 43;
$oldid=0;
@@ -2761,7 +2773,7 @@ function buildSubjectFromSession() {
if($id == 44)
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = $db_conn->query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")->fetch_assoc();
if($row['email'] == "")
$id = 42;
else
@@ -2781,8 +2793,8 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $db_conn->query("update `users` set `password`=sha1('".$db_conn->real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
+ $row = $db_conn->query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")->fetch_assoc();
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
$my_translation = L10n::get_translation();
@@ -2872,24 +2884,24 @@ function buildSubjectFromSession() {
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
- mysql_query($query);
- $CSRid = mysql_insert_id();
+ $db_conn->query($query);
+ $CSRid = $db_conn->insert_id;
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+ $db_conn->query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
+ $db_conn->query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
$CSRname=generatecertpath("csr","server",$CSRid);
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);
- mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
+ $db_conn->query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
waitForResult("domaincerts", $CSRid,$oldid);
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "", "");
@@ -2913,9 +2925,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['tverify'];
- mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `tverify`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
@@ -2932,9 +2944,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `assurer`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer']);
$_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
@@ -2950,9 +2962,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2969,9 +2981,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['locked'];
- mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `locked`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2988,9 +3000,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['codesign'];
- mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `codesign`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['codesign']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3007,9 +3019,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['orgadmin'];
- mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3026,9 +3038,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['ttpadmin'];
- mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3044,11 +3056,11 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = $row['adadmin'] + 1;
if($ver > 2)
$ver = 0;
- mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `adadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3064,9 +3076,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['locadmin'];
- mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `locadmin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3083,9 +3095,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['admin'];
- mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ $db_conn->query("update `users` set `admin`='$ver' where `id`='$memid'");
}elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['admin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3101,9 +3113,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['general'];
- mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ $db_conn->query("update `alerts` set `general`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['general']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3119,9 +3131,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['country'];
- mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ $db_conn->query("update `alerts` set `country`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['country']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3137,9 +3149,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['regional'];
- mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ $db_conn->query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['regional']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3155,9 +3167,9 @@ function buildSubjectFromSession() {
exit;
}
$query = "select * from `alerts` where `memid`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $row = $db_conn->query($query)->fetch_assoc();
$ver = !$row['radius'];
- mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ $db_conn->query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
}elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
$_REQUEST['userid'] = intval($_REQUEST['radius']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3169,7 +3181,7 @@ function buildSubjectFromSession() {
$_REQUEST['userid'] = intval($_REQUEST['userid']);
}
- $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
+ $row = $db_conn->query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")->fetch_assoc();
if($row['email'] == "") {
$id = 42;
} else {
@@ -3216,7 +3228,7 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
- if (check_is_orgadmin(intval($_REQUEST['userid']),1)) {
+ if (check_is_orgadmin(intval($_REQUEST['userid']))) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
printf('
' . _('Back to previous page.') .'');
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 0fda2f1a..524be4d2 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -1,6 +1,6 @@
">
- 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")
+ ->num_rows > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
- 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")->num_rows > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+
diff --git a/includes/general.php b/includes/general.php
index 735f3578..d7a35965 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -1,6 +1,6 @@
0)
{
- $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
+ $res = $db_conn->query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'");
+ $locked = $res->fetch_assoc();
+ $res->close();
if($locked['locked'] == 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
+ $res = $db_conn->query($query);
+ $row = $res->fetch_assoc();
+ $res->close();
$_SESSION['profile']['points'] = $row['total'];
} else {
$_SESSION['profile'] = "";
@@ -111,6 +115,8 @@ function loadem($section = "index")
function includeit($id = "0", $section = "index")
{
+ global /** @noinspection PhpUnusedLocalVariableInspection */
+ $db_conn;
$id = intval($id);
if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "tverify" && $section != "advertising")
{
@@ -268,6 +274,7 @@ function extractit()
function getcn()
{
+ global $db_conn;
unset($_SESSION['_config']['rows']);
unset($_SESSION['_config']['rowid']);
unset($_SESSION['_config']['rejected']);
@@ -286,13 +293,12 @@ function getcn()
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = $db_conn->real_escape_string($dom);
$query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
+ $res = $db_conn->query($query);
+ if ($res->num_rows > 0) {
$cnok = 1;
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = $res->fetch_assoc();
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -322,6 +328,8 @@ function getcn()
function getalt()
{
+ global $db_conn;
+
unset($_SESSION['_config']['altrows']);
unset($_SESSION['_config']['altid']);
$altrows=array();
@@ -344,13 +352,12 @@ function getalt()
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = $db_conn->real_escape_string($dom);
$query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
+ $res = $db_conn->query($query);
+ if($res->num_rows > 0) {
$altok = 1;
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = $res->fetch_assoc();
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -374,6 +381,7 @@ function getalt()
function getcn2()
{
+ global $db_conn;
$rows=array();
$rowid=array();
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
@@ -388,16 +396,16 @@ function getcn2()
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = $db_conn->real_escape_string($dom);
$query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows > 0)
{
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['row'] = $res->fetch_assoc();
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
@@ -421,6 +429,7 @@ function getcn2()
function getalt2()
{
+ global $db_conn;
$altrows=array();
$altid=array();
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
@@ -440,16 +449,16 @@ function getalt2()
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
- $dom = mysql_real_escape_string($dom);
+ $dom = $db_conn->real_escape_string($dom);
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows > 0)
{
- $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
+ $_SESSION['_config']['altrow'] = $res->fetch_assoc();
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
@@ -468,6 +477,7 @@ function getalt2()
function checkownership($hostname)
{
+ global $db_conn;
$bits = explode(".", $hostname);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
@@ -476,16 +486,15 @@ function checkownership($hostname)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
- $dom = mysql_real_escape_string($dom);
+ $dom = $db_conn->real_escape_string($dom);
$query = "select * from `org`,`orgdomains`,`orginfo`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
+ $res = $db_conn->query($query);
+ if($res->num_rows > 0) {
+ $_SESSION['_config']['row'] = $res->fetch_assoc();
return(true);
}
}
@@ -494,16 +503,19 @@ function checkownership($hostname)
function maxpoints($id = 0)
{
+ global $db_conn;
if($id <= 0)
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' and `deleted` = 0 group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
+ $res = $db_conn->query($query);
+ $row = $res->fetch_assoc();
$points = $row['points'];
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'";
- if(mysql_num_rows(mysql_query($query)) < 1)
+ $res = $db_conn->query($query);
+ if($res->num_rows < 1)
{
if($points >= 100)
return(10);
@@ -554,7 +566,8 @@ function signmail($to, $subject, $message, $from, $replyto = "")
function checkEmail($email)
{
- $myemail = mysql_real_escape_string($email);
+ global $db_conn;
+ $myemail = $db_conn->real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
list($username,$domain)=explode('@',$email,2);
@@ -665,10 +678,12 @@ function checkEmail($email)
fputs($fp, "QUIT\r\n");
fclose($fp);
- $line = mysql_real_escape_string(trim(strip_tags($line)));
- $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
+ $line = $db_conn->real_escape_string(trim(strip_tags($line)));
+ $query = sprintf(
+ "INSERT INTO pinglog SET `when`=NOW(), email='%s', result='%s'",
+ $myemail, $line);
if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
+ $db_conn->query($query);
if(substr($line, 0, 3) != "250")
return $line;
@@ -677,14 +692,16 @@ function checkEmail($email)
}
}
}
- $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
- `email`='$myemail', `result`='Failed to make a connection to the mail server'";
- mysql_query($query);
+ $query = sprintf(
+ "INSERT INTO pinglog SET `when`=NOW(), uid='%s', email='%s', result='Failed to make a connection to the mail server'",
+ intval($_SESSION['profile']['id']), $myemail);
+ $db_conn->query($query);
return _("Failed to make a connection to the mail server");
}
function waitForResult($table, $certid, $id = 0, $show = 1)
{
+ global $db_conn;
$found = $trycount = 0;
if($certid<=0)
{
@@ -700,8 +717,8 @@ function waitForResult($table, $certid, $id = 0, $show = 1)
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
else
$query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $res = $db_conn->query($query);
+ if($res->num_rows > 0)
{
$found = 1;
break;
@@ -713,10 +730,10 @@ function waitForResult($table, $certid, $id = 0, $show = 1)
{
if($show) showheader(_("My CAcert.org Account!"));
$query = "select * from `$table` where `id`='".intval($certid)."' ";
- $res = mysql_query($query);
+ $res = $db_conn->query($query);
$body="";
$subject="";
- if(mysql_num_rows($res) > 0)
+ if($res->num_rows > 0)
{
printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
$subject="[CAcert.org] Certificate TIMEOUT";
@@ -742,9 +759,10 @@ function waitForResult($table, $certid, $id = 0, $show = 1)
function generateTicket()
{
+ global $db_conn;
$query = "insert into tickets (timestamp) values (now()) ";
- mysql_query($query);
- $ticket = mysql_insert_id();
+ $db_conn->query($query);
+ $ticket = $db_conn->insert_id;
return $ticket;
}
@@ -870,23 +888,4 @@ function generatecertpath($type,$kind,$id)
return $name;
}
- /**
- * Run the sql query given in $sql.
- * The resource returned by mysql_query is
- * returned by this function.
- *
- * It should be safe to replace every mysql_query
- * call by a mysql_extended_query call.
- */
- function mysql_timed_query($sql)
- {
- global $sql_data_log;
- $query_start = microtime(true);
- $res = mysql_query($sql);
- $query_end = microtime(true);
- $sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start);
- return $res;
- }
-
-
?>
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 10c4e0a5..3a4e3da0 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -1,6 +1,6 @@
@@ -44,13 +45,13 @@ function showbodycontent($title = "CAcert.org", $title2 = "")