Replace deprecated mysql api

.gitignore

@@ -5,3 +5,5 @@
 
 # Ignore file with the account data
 /password.dat
+
+/pages/index/feed.rss

README.md

@@ -0,0 +1,89 @@
+# LibreSSL Documentation
+
+(c) 2005-2020 by CAcert Inc. License: GNU-GPLv2
+
+## System Requirements
+
+* Linux/POSIX PHP and Webserver (i.e. Apache httpd)
+* MySQL compatible database system
+
+
+* GetText UFPDF - PDF generation library from http://acko.net/node/56
+* OpenSSL - X.509 toolkit from http://www.openssl.org/
+* openssl-vulnkey including blacklists for all common key sizes
+* GnuPG - OpenPGP toolkit from http://www.gnupg.org/
+* whois - whois client from http://www.linux.it/~md/software/
+* XEnroll - Enrollment Active-X control for IE5/6 from Microsoft (search for xenroll.cab)
+* CommModule - CAcert Communication Module
+
+## Setup
+
+### Create a database and database user
+
+Create a new database with charset `latin1` and default collation
+`latin1_swedish_ci`. These settings are used for historical reasons.
+
+Create a user that has permissions on the database and has the global
+[`FILE`](https://mariadb.com/kb/en/grant/#file) permission that is required to export files using
+the `SELECT INTO OUTFILE` clause.
+
+The SQL commands can be executed in a shell via the regular mysql or mariadb command:
+
+```shell
+sudo mysql mysql <<<-EOF
+-- SQL commands
+EOF
+```
+
+```sql
+CREATE DATABASE cacert CHARSET latin1 COLLATE latin1_swedish_ci;
+CREATE USER cacertmigration@localhost IDENTIFIED BY 'hardtoguesslongpassword';
+GRANT ALL PRIVILEGES ON cacert.* TO cacertmigration@localhost;
+GRANT FILE ON *.* TO cacertmigration@localhost;
+```
+
+It is a good idea to create a different user for the application that has only the necessary privileges:
+
+```sql
+CREATE USER cacertapplication@localhost IDENTIFIED BY 'anotherhardpassword';
+GRANT CREATE TEMPORARY TABLES ON cacert.* TO cacertapplication@localhost;
+GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO cacertapplication@localhost;
+```
+
+### Apply schema migrations
+
+```shell
+sh scripts/db_migrations/version0.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version1.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version2.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version3.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version4.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version5.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+sh scripts/db_migrations/version6.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
+```
+
+### Configuration
+
+The application is configured via a set of environment variables. The variables can be defined via
+[`SetEnv` directives](https://httpd.apache.org/docs/current/mod/mod_env.html#setenv). The following environment
+variables are used:
+
+Variable | Description | Default value
+---- | ---- | ----
+`DEPLOYMENT_NAME` | name of the specific instance | `"CAcert.org Website"`
+`CRT_DIRECTORY`* | directory where certificates are stored | none
+`CSR_DIRECTORY`* | directory where CSRs are stored | none
+`MYSQL_WEBDB_DATABASE`* | database name | none
+`MYSQL_WEBDB_HOSTNAME`* | database hostname | none
+`MYSQL_WEBDB_PASSWORD`* | database password | none
+`MYSQL_WEBDB_USER`* | database user name | none
+`RETURN_ADDRESS`* | return address (Errors-To header) for outgoing mails | none
+`SMTP_HOST`* | mail server to use for outgoing mails | none
+`SMTP_PORT` | port of the mail server | `25`
+`INSECURE_PORT` | port to use for http | none (defaults to 80)
+`SECURE_PORT` | port to use for https | none (default to 443)
+`DEFAULT_HOSTNAME`* | hostname for the default URL | none
+`SECURE_HOSTNAME`* | hostname for client certificate authentication | none
+`TVERIFY_HOSTNAME`* | hostname for tverify | none
+
+Environment variables marked with an asterisk (*) need to be defined explicitly.

TODO.md

@@ -0,0 +1,30 @@
+# Development to do list
+
+## Modernization for PHP > 5 and newer OS
+
+* change from deprecated mysql to mysqli ✅
+* switch to supported PDF library ([tcpdf](https://tcpdf.org/))
+
+## Maintainability
+
+* rename numbered files to something more readable
+* implement release automation
+* implement automated tests
+
+## Best practice implementation
+
+* switch everything to UTF-8 (better i18n, support for international names, support for modern PDF library, ...)
+* use redirect after POST for all form actions
+* implement CSRF protection
+
+## Code quality
+
+* do not store request scoped objects in session
+* unify formatting
+* add copyright headers in all files
+* remove dead code / commented sections
+
+## Documentation
+
+* add documentation for all request flows
+* add documentation for the signer protocol

changelog.md

@@ -0,0 +1,6 @@
+# Change log
+
+## _unreleased_
+
+* switch from deprecated mysql_* APIs to [mysqli](https://www.php.net/manual/de/book.mysqli.php)
+* add documentation for setup (in [README.md](README.md)) and [development to do list](TODO.md)

includes/about_menu.php

@@ -8,7 +8,7 @@
 	<li><a href="http://bugs.CAcert.org/"><?=_("Bug Database")?></a></li>
 <? //	<li><a href="/index.php?id=47"><  = _ ("PR Materials" )  > </a></li> ?>
 <? //	<li><a href="/logos.php">< ? = _ ( " CAcert Logos " ) ? > </a></li> ?>
-<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>	<li><a href="/stats.php"><?=_("CAcert Statistics")?></a></li> <? } ?>
+<? if($GLOBALS["db_conn"]) { ?>	<li><a href="/stats.php"><?=_("CAcert Statistics")?></a></li> <? } ?>
 	<li><a href="http://blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li>
 <? //-	<li><a href="/index.php?id=7"> < ? = _ ( " Credits " ) ? > </a></li> ?>
 	<li><a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a></li>