From a9f9317dc93861cfec274618c787835bb9be0c42 Mon Sep 17 00:00:00 2001 From: Nimetu Date: Fri, 10 Jan 2014 14:00:09 +0200 Subject: [PATCH] Replace deprecated mysql functions with mysqli in login and ring scripts --- .../tools/server/www/login/client_install.php | 15 +-- .../ryzom/tools/server/www/login/r2_login.php | 111 +++++++++--------- .../tools/server/www/ring/edit_session.php | 31 ++--- .../tools/server/www/ring/invite_pioneer.php | 19 +-- .../tools/server/www/ring/join_shard.php | 14 ++- .../tools/server/www/ring/session_tools.php | 16 ++- .../tools/server/www/tools/domain_info.php | 17 +-- .../server/www/tools/validate_cookie.php | 18 +-- 8 files changed, 131 insertions(+), 110 deletions(-) diff --git a/code/ryzom/tools/server/www/login/client_install.php b/code/ryzom/tools/server/www/login/client_install.php index 4387387f1..db93f8caa 100644 --- a/code/ryzom/tools/server/www/login/client_install.php +++ b/code/ryzom/tools/server/www/login/client_install.php @@ -74,19 +74,21 @@ die2(); } $domainName = getPost("domain"); - $nelLink = mysql_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName"); - mysql_select_db ($DBName, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName"); + $nelLink = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName"); + mysqli_select_db ($nelLink, $DBName) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName"); + + $domainName = mysqli_real_escape_string($nelLink, $domainName); $query = "SELECT backup_patch_url, patch_urls FROM domain WHERE domain_name='$domainName'"; - $result = mysql_query ($query, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query); + $result = mysqli_query ($nelLink, $query) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query); - if (mysql_num_rows($result) != 1) + if (mysqli_num_rows($result) != 1) { // unrecoverable error, we must giveup $reason = "Can't find domain '".$domainName."' (error code x)"; $res = false; } - $req = mysql_fetch_array($result); + $req = mysqli_fetch_array($result); $backup_patch_url = $req["backup_patch_url"]; $patch_urls = $req["patch_urls"]; @@ -114,7 +116,7 @@ } echo "\n"; - mysql_close($nelLink); + mysqli_close($nelLink); unset($nelLink); break; @@ -124,4 +126,3 @@ } -?> diff --git a/code/ryzom/tools/server/www/login/r2_login.php b/code/ryzom/tools/server/www/login/r2_login.php index c6a9de6f2..c12340f1b 100644 --- a/code/ryzom/tools/server/www/login/r2_login.php +++ b/code/ryzom/tools/server/www/login/r2_login.php @@ -34,16 +34,16 @@ // gather the domain information (server version, patch urls and backup patch url global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing; - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); - mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); + $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); + mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); $query = "SELECT * FROM domain WHERE domain_id=$domainId"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if( mysql_num_rows($result) != 1) + if( mysqli_num_rows($result) != 1) { die(errorMsgBlock(3001, $domainId)); } - $row = mysql_fetch_array($result); + $row = mysqli_fetch_array($result); // set the cookie setcookie ( "ryzomId" , $cookie, 0, "/"); @@ -178,27 +178,28 @@ { ////////////// Temporary code alpha 0 only ///////////////////////////////////// // check if the ring user exist, and create it if not - $ringDb = mysql_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName)); - mysql_select_db ($domainInfo['ring_db_name'], $ringDb) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName)); + $ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName)); + mysqli_select_db ($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName)); $query = "SELECT user_id FROM ring_users where user_id = '".$id."'"; - $result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error())); + $result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb))); - if (mysql_num_rows($result) == 0) + if (mysqli_num_rows($result) == 0) { // no ring user record, build one - $query = "INSERT INTO ring_users SET user_id = '".$id."', user_name = '".$_GET["login"]."', user_type='ut_pioneer'"; - $result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error())); + $login = mysqli_real_escape_string($ringDb, $login); + $query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'"; + $result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb))); } // // check that there is a character record (deprecated) // $query = "SELECT user_id FROM characters where user_id = '".$id."'"; -// $result = mysql_query ($query) or die("Query ".$query." failed"); -// if (mysql_num_rows($result) == 0) +// $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed"); +// if (mysqli_num_rows($result) == 0) // { // // no characters record, build a default one // $charId = ($id * 16); // $query = "INSERT INTO characters SET char_id='".$charId."', char_name='".$_GET["login"]."_default', user_id = '".$id."'"; -// $result = mysql_query ($query) or die("Query ".$query." failed"); +// $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed"); // } } @@ -269,24 +270,25 @@ setMsgLanguage($lang); - // we map the client application to the domain name - $domainName = $clientApplication; + $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); + mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); + + // we map the client application to the domain name + $domainName = mysqli_real_escape_string($link, $clientApplication); - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); - mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); // retreive the domain id $query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows($result) == 0) + if (mysqli_num_rows($result) == 0) { // unrecoverable error, we must giveup $reason = errorMsg(3007, $domainName); - mysql_close($link); + mysqli_close($link); return false; } - $row = mysql_fetch_array($result); + $row = mysqli_fetch_array($result); $domainId = $row[0]; // retreive the domain info @@ -296,32 +298,34 @@ $accessPriv = strtoupper(substr($domainInfo['status'], 3)); // now, retrieve the user infos + $login = mysqli_real_escape_string($link, $login); $query = "SELECT * FROM user where Login='$login'"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows ($result) == 0) + if (mysqli_num_rows ($result) == 0) { if ($AcceptUnknownUser) { // login doesn't exist, create it + $password = mysqli_real_escape_string($link, $password); $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); // get the user to have his UId $query = "SELECT * FROM user WHERE Login='$login'"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows ($result) == 1) + if (mysqli_num_rows ($result) == 1) { $reason = errorMsg(3008, $login); - $row = mysql_fetch_array ($result); + $row = mysqli_fetch_assoc ($result); $id = $row["UId"]; $priv = $row["Privilege"]; $extended = $row["ExtendedPrivilege"]; // add the default permission $query = "INSERT INTO permission (UId, ClientApplication, AccessPrivilege) VALUES ('$id', 'r2', '$accessPriv')"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $res = false; } @@ -335,9 +339,9 @@ { // Check if this is not an unconfirmed account $query = "SELECT GamePassword, Email, Language FROM signup_data WHERE login='$login'"; - $result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows($result) == 0) + if (mysqli_num_rows($result) == 0) { $reason = errorMsg(2001, $login, 'checkUserValidity'); $res = false; @@ -346,7 +350,7 @@ { // Check password to avoid revealing email address to third-party $passwordMatchedRow = false; - while ($row = mysql_fetch_array($result)) + while ($row = mysqli_fetch_assoc($result)) { $salt = substr($row['GamePassword'],0,2); if (($cp && $row['GamePassword'] == $password) || (!$cp && $row['GamePassword'] == crypt($password, $salt))) @@ -369,7 +373,7 @@ } else { - $row = mysql_fetch_array ($result); + $row = mysqli_fetch_assoc ($result); $salt = substr($row["Password"],0,2); if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) { @@ -377,15 +381,16 @@ $_GET['login'] = $row['Login']; // check if the user can use this application + $clientApplication = mysqli_real_escape_string($link, $clientApplication); $query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); - if (mysql_num_rows ($result) == 0) + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); + if (mysqli_num_rows ($result) == 0) { if ($AcceptUnknownUser) { // add default permission $query = "INSERT INTO permission (UId, ClientApplication, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$clientApplication', -1, '$domainStatus')"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $reason = errorMsg(3010); $res = false; @@ -400,7 +405,7 @@ else { // check that the access privilege for the domain - $permission = mysql_fetch_array($result); + $permission = mysqli_fetch_assoc($result); if (!strstr($permission['AccessPrivilege'], $accessPriv)) { @@ -409,7 +414,7 @@ { // set an additionnal privilege for this player $query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE prim=".$permission['prim']; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $reason = errorMsg(3012, $accessPriv); $res = false; @@ -435,10 +440,10 @@ // $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)"; // // $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"]; -// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error()); +// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link)); // // $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"]; -// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error()); +// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link)); // } // else // { @@ -462,7 +467,7 @@ $res = false; } } - mysql_close($link); + mysqli_close($link); return $res; } @@ -474,13 +479,14 @@ setMsgLanguage($lang); - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); - mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); + $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); + mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); + $login = mysqli_real_escape_string($link, $login); $query = "SELECT Password FROM user WHERE Login='$login'"; - $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows ($result) != 1) + if (mysqli_num_rows ($result) != 1) { if ($AcceptUnknownUser) { @@ -492,17 +498,17 @@ { // Check if this is not an unconfirmed account $query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'"; - $result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); + $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysql_num_rows($result) == 0) + if (mysqli_num_rows($result) == 0) { // no user record, reject it die (errorMsgBlock(2001, $login, 'askSalt')); } - else if (mysql_num_rows($result) == 1) + else if (mysqli_num_rows($result) == 1) { // one unconfirmed record, let the client send the encrypted password to get the corresponding email address - $row = mysql_fetch_array($result); + $row = mysqli_fetch_assoc($result); $salt = substr($row['GamePassword'], 0, 2); } else @@ -511,7 +517,7 @@ { // several matching records => display a multi-language message now $languages = array(); - while ($row = mysql_fetch_array($result)) + while ($row = mysqli_fetch_assoc($result)) { $languages[$row['Language']] = true; } @@ -523,12 +529,11 @@ } else { - $res_array = mysql_fetch_array($result); + $res_array = mysqli_fetch_assoc($result); $salt = substr($res_array['Password'], 0, 2); } echo "1:".$salt; - mysql_close($link); + mysqli_close($link); } -?> diff --git a/code/ryzom/tools/server/www/ring/edit_session.php b/code/ryzom/tools/server/www/ring/edit_session.php index c782a408d..e567f2296 100644 --- a/code/ryzom/tools/server/www/ring/edit_session.php +++ b/code/ryzom/tools/server/www/ring/edit_session.php @@ -16,9 +16,10 @@ $domainInfo = getDomainInfo($domainId); - global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName; - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName"); - mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName"); + global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName; + + $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName"); + mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName"); // Find out if the character has an open editing session $query = "SELECT session_id, state "; @@ -26,8 +27,8 @@ $query .= " WHERE (owner = '".$charId."')"; $query .= " AND (session_type = 'st_edit')"; $query .= " AND (NOT (state IN ('ss_closed', 'ss_locked')))"; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); - $num = mysql_num_rows ($result); + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); + $num = mysqli_num_rows($result); if ($num > 1) { echo "Error: more than one editing sessions for char".$charId; @@ -39,11 +40,14 @@ { // Not found => first, create an editing session for this character, start the session and invite himself $query = "SELECT char_name FROM characters WHERE char_id = $charId"; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); - $num = mysql_num_rows ($result); + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); + $num = mysqli_num_rows($result); $characterName = ""; if ($num > 0) - $characterName = mysql_result($result, 0, 0); + { + $row = mysqli_fetch_assoc($result); + $characterName = $row['char_name']; + } global $SessionId, $SessionToolsResult; planEditSession($charId, $domainId, "st_edit", $characterName, ""); if ($SessionToolsResult === false) @@ -55,7 +59,7 @@ } else { - $row = mysql_fetch_array($result); + $row = mysqli_fetch_assoc($result); $sessionId = $row['session_id']; $state = $row['state']; echo "Found your session: $sessionId ($state)
"; @@ -73,13 +77,12 @@ } // check that we character have a participation in the session and invite him if needed - mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName"); $query = "SELECT count(*) FROM session_participant WHERE session_id = $sessionId AND char_id = $charId"; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); - $num = mysql_num_rows ($result); + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); + $num = mysqli_num_rows($result); if ($num != 1) die ("Invalid result whil checking participation for char $charId in session $sessionId
"); - $value = mysql_fetch_array($result); + $value = mysqli_fetch_row($result); if ($value[0] == 0) { // the character have not is own invitation ! @@ -91,4 +94,4 @@ // Join the session joinSessionFromId($userId, $domainId, $sessionId); -?> + diff --git a/code/ryzom/tools/server/www/ring/invite_pioneer.php b/code/ryzom/tools/server/www/ring/invite_pioneer.php index b86ca5c9a..44cd83349 100644 --- a/code/ryzom/tools/server/www/ring/invite_pioneer.php +++ b/code/ryzom/tools/server/www/ring/invite_pioneer.php @@ -42,24 +42,25 @@ if (isset($_POST["execute"])) { // lookup in the database to convert character name into - global $DBHost, $DBUserName, $DBPassword, $RingDBName; + global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName; - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName"); - mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName"); + $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName"); + mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName"); // extract the character that have the specified name - $query = "select * from characters where char_name = '".$_POST["charName"]."'"; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); + $charName = mysqli_real_escape_string($link, $_POST['charName']); + $query = "select char_id, char_name from characters where char_name = '$charName'"; + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); - if (mysql_num_rows ($result) == 0) + if (mysqli_num_rows($result) == 0) { echo "

Can't find the character ".$_POST["charName"]."

"; } else { - $row = mysql_fetch_row($result); - $currentSession = $row[0]; - $currentchar = $row[1]; + $row = mysqli_fetch_assoc($result); + $currentSession = $row['char_id']; + $currentchar = $row['char_name']; // send the invitation info to the session manager $invitePioneer = new InvitePioneerCb; diff --git a/code/ryzom/tools/server/www/ring/join_shard.php b/code/ryzom/tools/server/www/ring/join_shard.php index e5fcdffeb..4fc798fab 100644 --- a/code/ryzom/tools/server/www/ring/join_shard.php +++ b/code/ryzom/tools/server/www/ring/join_shard.php @@ -184,13 +184,17 @@ function displayAllShards(&$onlineShardsBySessionId) } // List all shards of the domain, including offline ones - global $DBName; - mysql_select_db ($DBName) or die ("Can't access to the db dbname:$DBName"); + global $DBName, $DBHost, $DBUserName, $DBPassword; + $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("Can't connect to nel database"); + mysqli_select_db($link, $DBName) or die ("Can't access to the db dbname:$DBName"); + + $domainId = (int) $domainId; $query = "select * from shard where domain_id = $domainId"; - $resShards = mysql_query ($query) or die ("Can't execute the query: ".$query." ".mysql_error()); + $resShards = mysqli_query($link, $query) or die ("Can't execute the query: ".$query." ".mysqli_error($link)); + echo "Select a shard to join:
"; //echo "
"; - while ($rowShard = mysql_fetch_array($resShards)) + while ($rowShard = mysqli_fetch_assoc($resShards)) { $mainlandSessionId = $rowShard['FixedSessionId']; $isOnline = isset($onlineShardsBySessionId[$mainlandSessionId]); @@ -245,4 +249,4 @@ function joinMainland($userId, $domainId) global $FSHostResult; return $FSHostResult; } -?> \ No newline at end of file + diff --git a/code/ryzom/tools/server/www/ring/session_tools.php b/code/ryzom/tools/server/www/ring/session_tools.php index 5b762ec88..de6900727 100644 --- a/code/ryzom/tools/server/www/ring/session_tools.php +++ b/code/ryzom/tools/server/www/ring/session_tools.php @@ -108,19 +108,23 @@ function inviteOwnerInSession($charId, $domainId, $sessionId) $RSMPort = $addr[1]; global $rsmProxy, $rsmSkel, $userId, $charId, $callbackClient, $RingDBName, /*$SessionId,*/ $SessionToolsResult; + global $DBHost, $RingDBUserName, $RingDBPassword; $SessionId = $sessionId; $DomainId = $domainId; - - mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName"); + + $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die("Can't connect to ring database"); + mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName"); + + $sessionId = (int) $sessionId; $query = "select session_type from sessions where session_id=".$sessionId; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); - if (mysql_num_rows ($result) != 1) + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); + if (mysqli_num_rows($result) != 1) { echo "Can't find 1 row for ring session ".$sessionId."
"; die(); } - $row = mysql_fetch_row($result); + $row = mysqli_fetch_row($result); $session_type = $row[0]; $mode = ($session_type == "st_edit") ? "sps_edit_invited" : "sps_anim_invited"; echo "Inviting character ".$charId." of user ".$userId." in session ".$sessionId."
"; @@ -184,4 +188,4 @@ class InviteOwnerCb extends CRingSessionManagerWeb echo '

Back to menu'; } } -?> \ No newline at end of file + diff --git a/code/ryzom/tools/server/www/tools/domain_info.php b/code/ryzom/tools/server/www/tools/domain_info.php index 40b07b08c..afed3949e 100644 --- a/code/ryzom/tools/server/www/tools/domain_info.php +++ b/code/ryzom/tools/server/www/tools/domain_info.php @@ -6,19 +6,20 @@ { global $DBHost, $DBUserName, $DBPassword, $DBName; - $nelDb = mysql_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db"); - mysql_select_db ($DBName, $nelDb) or die("can't select nel db"); - $query = "SELECT * FROM domain WHERE domain_id = '".$domainId."'"; - $result = mysql_query ($query) or die("query ".$query." failed"); + $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db"); + mysqli_select_db ($link, $DBName) or die("can't select nel db"); + + $domainId = (int)$domainId; + $query = "SELECT * FROM domain WHERE domain_id = $domainId"; + $result = mysqli_query($link, $query) or die("query ($query) failed"); - if (mysql_num_rows($result) == 0) + if (mysqli_num_rows($result) == 0) { die("Can't find row for domain ".$domainId); } - $domainInfo = mysql_fetch_array($result); + $domainInfo = mysqli_fetch_array($result); return $domainInfo; } - -?> \ No newline at end of file + diff --git a/code/ryzom/tools/server/www/tools/validate_cookie.php b/code/ryzom/tools/server/www/tools/validate_cookie.php index 53ccf7d7c..edea9904e 100644 --- a/code/ryzom/tools/server/www/tools/validate_cookie.php +++ b/code/ryzom/tools/server/www/tools/validate_cookie.php @@ -16,7 +16,7 @@ function validateCookie(&$userId, &$domainId, &$charId) { - global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName, $AcceptUnknownUser; + global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName, $AcceptUnknownUser; if (!isset($_COOKIE["ryzomId"])) { @@ -40,18 +40,20 @@ } // check the cookie in the database - $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName"); - mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName"); - $query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'"; - $result = mysql_query ($query) or die ("Can't execute the query: ".$query); + $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName"); + mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName"); - if (mysql_num_rows ($result) == 0) + $cookie = mysqli_real_escape_string($link, $cookie); + $query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'"; + $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query); + + if (mysqli_num_rows($result) == 0) { echo "Can't find cookie $cookie in database
"; return false; } - $row = mysql_fetch_array($result); + $row = mysqli_fetch_assoc($result); if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" ) { @@ -77,4 +79,4 @@ else return 0; // temp dev: use 0 as the "ring character" } -?> \ No newline at end of file +