Replace deprecated mysql functions with mysqli in login and ring scripts

2014-01-10 14:00:09 +02:00 · 2014-01-10 14:00:09 +02:00 · a9f9317dc9
commit a9f9317dc9
parent fa7d165252
8 changed files with 131 additions and 110 deletions
--- a/code/ryzom/tools/server/www/login/client_install.php
+++ b/code/ryzom/tools/server/www/login/client_install.php
@ -74,19 +74,21 @@
 			die2();
 		}
 		$domainName = getPost("domain");
-		$nelLink = mysql_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName");
+		$nelLink = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName");
-		mysql_select_db ($DBName, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName");
+		mysqli_select_db ($nelLink, $DBName) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName");
 		$domainName = mysqli_real_escape_string($nelLink, $domainName);
 		$query = "SELECT backup_patch_url, patch_urls FROM domain WHERE domain_name='$domainName'";	
-		$result = mysql_query ($query, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query);
+		$result = mysqli_query ($nelLink, $query) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query);
-		if (mysql_num_rows($result) != 1)
+		if (mysqli_num_rows($result) != 1)
 		{
 			// unrecoverable error, we must giveup
 			$reason = "Can't find domain '".$domainName."' (error code x)";
 			$res = false;
 		}
-		$req = mysql_fetch_array($result);
+		$req = mysqli_fetch_array($result);
 		$backup_patch_url = $req["backup_patch_url"];
 		$patch_urls = $req["patch_urls"];
@ -114,7 +116,7 @@
 		}
 		echo "</version>\n";
-		mysql_close($nelLink);
+		mysqli_close($nelLink);
 		unset($nelLink);
 		break;
@ -124,4 +126,3 @@
 	}
 ?>
--- a/code/ryzom/tools/server/www/login/r2_login.php
+++ b/code/ryzom/tools/server/www/login/r2_login.php
@ -34,16 +34,16 @@
 				// gather the domain information (server version, patch urls and backup patch url
 				global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
-				$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
+				$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
-				mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+				mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
 				$query = "SELECT * FROM domain WHERE domain_id=$domainId";
-				$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-				if( mysql_num_rows($result) != 1)
+				if( mysqli_num_rows($result) != 1)
 				{
 					die(errorMsgBlock(3001, $domainId));
 				}
-				$row = mysql_fetch_array($result);
+				$row = mysqli_fetch_array($result);
 				// set the cookie
 				setcookie ( "ryzomId" , $cookie, 0, "/");
@ -178,27 +178,28 @@
 			{
 				////////////// Temporary code alpha 0 only /////////////////////////////////////
 				// check if the ring user exist, and create it if not
-				$ringDb = mysql_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
+				$ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
-				mysql_select_db ($domainInfo['ring_db_name'], $ringDb) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
+				mysqli_select_db ($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
 				$query = "SELECT user_id FROM ring_users where user_id = '".$id."'";
-				$result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error()));
+				$result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
-				if (mysql_num_rows($result) == 0)
+				if (mysqli_num_rows($result) == 0)
 				{
 					// no ring user record, build one
-					$query = "INSERT INTO ring_users SET user_id = '".$id."', user_name = '".$_GET["login"]."', user_type='ut_pioneer'";
+					$login = mysqli_real_escape_string($ringDb, $login);
-					$result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error()));
+					$query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
 					$result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
 				}
 //				// check that there is a character record (deprecated)
 //				$query = "SELECT user_id FROM characters where user_id = '".$id."'";
-//				$result = mysql_query ($query) or die("Query ".$query." failed");
+//				$result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
-//				if (mysql_num_rows($result) == 0)
+//				if (mysqli_num_rows($result) == 0)
 //				{
 //					// no characters record, build a default one
 //					$charId = ($id * 16);
 //					$query = "INSERT INTO characters SET char_id='".$charId."', char_name='".$_GET["login"]."_default', user_id = '".$id."'";
-//					$result = mysql_query ($query) or die("Query ".$query." failed");
+//					$result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
 //				}
 			}
@ -269,24 +270,25 @@
 		setMsgLanguage($lang);
-		// we map the client application to the domain name
+		$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
-		$domainName = $clientApplication;
+		mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
 		// we map the client application to the domain name
 		$domainName = mysqli_real_escape_string($link, $clientApplication);
 		$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
 		mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
 		// retreive the domain id
 		$query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'";
-		$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+		$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-		if (mysql_num_rows($result) == 0)
+		if (mysqli_num_rows($result) == 0)
 		{
 			// unrecoverable error, we must giveup
 			$reason = errorMsg(3007, $domainName);
-			mysql_close($link);
+			mysqli_close($link);
 			return false;
 		}
-		$row = mysql_fetch_array($result);
+		$row = mysqli_fetch_array($result);
 		$domainId = $row[0];
 		// retreive the domain info
@ -296,32 +298,34 @@
 		$accessPriv = strtoupper(substr($domainInfo['status'], 3));
 		// now, retrieve the user infos
 		$login = mysqli_real_escape_string($link, $login);
 		$query = "SELECT * FROM user where Login='$login'";
-		$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+		$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-		if (mysql_num_rows ($result) == 0)
+		if (mysqli_num_rows ($result) == 0)
 		{
 			if ($AcceptUnknownUser)
 			{
 				// login doesn't exist, create it
 				$password = mysqli_real_escape_string($link, $password);
 				$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
-				$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 				// get the user to have his UId
 				$query = "SELECT * FROM user WHERE Login='$login'";
-				$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-				if (mysql_num_rows ($result) == 1)
+				if (mysqli_num_rows ($result) == 1)
 				{
 					$reason = errorMsg(3008, $login);
-					$row = mysql_fetch_array ($result);
+					$row = mysqli_fetch_assoc ($result);
 					$id = $row["UId"];
 					$priv = $row["Privilege"];
 					$extended = $row["ExtendedPrivilege"];
 					// add the default permission
 					$query = "INSERT INTO permission (UId, ClientApplication, AccessPrivilege) VALUES ('$id', 'r2', '$accessPriv')";
-					$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+					$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 					$res = false;
 				}
@ -335,9 +339,9 @@
 			{
 				// Check if this is not an unconfirmed account
 				$query = "SELECT GamePassword, Email, Language FROM signup_data WHERE login='$login'";
-				$result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-				if (mysql_num_rows($result) == 0)
+				if (mysqli_num_rows($result) == 0)
 				{
 					$reason = errorMsg(2001, $login, 'checkUserValidity');
 					$res = false;
@ -346,7 +350,7 @@
 				{
 					// Check password to avoid revealing email address to third-party
 					$passwordMatchedRow = false;
-					while ($row = mysql_fetch_array($result))
+					while ($row = mysqli_fetch_assoc($result))
 					{
 						$salt = substr($row['GamePassword'],0,2);
 						if (($cp && $row['GamePassword'] == $password) || (!$cp && $row['GamePassword'] == crypt($password, $salt)))
@ -369,7 +373,7 @@
 		}
 		else
 		{
-			$row = mysql_fetch_array ($result);
+			$row = mysqli_fetch_assoc ($result);
 			$salt = substr($row["Password"],0,2);
 			if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
 			{
@ -377,15 +381,16 @@
 				$_GET['login'] = $row['Login'];
 				// check if the user can use this application
 				$clientApplication = mysqli_real_escape_string($link, $clientApplication);
 				$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'";
-				$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-				if (mysql_num_rows ($result) == 0)
+				if (mysqli_num_rows ($result) == 0)
 				{
 					if ($AcceptUnknownUser)
 					{
 						// add default permission
 						$query = "INSERT INTO permission (UId, ClientApplication, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$clientApplication', -1, '$domainStatus')";
-						$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+						$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 						$reason = errorMsg(3010);
 						$res = false;
@ -400,7 +405,7 @@
 				else
 				{
 					// check that the access privilege for the domain
-					$permission = mysql_fetch_array($result);
+					$permission = mysqli_fetch_assoc($result);
 					if (!strstr($permission['AccessPrivilege'], $accessPriv))
 					{
@ -409,7 +414,7 @@
 						{
 							// set an additionnal privilege for this player
 							$query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE prim=".$permission['prim'];
-							$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+							$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 							$reason = errorMsg(3012, $accessPriv);
 							$res = false;
@ -435,10 +440,10 @@
 //								$reason =  $reason."was just disconnected. Now you can retry the identification (error code 54)";
 //
 //								$query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
-//								$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
+//								$result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
 //
 //								$query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
-//								$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
+//								$result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
 //							}
 //							else
 //							{
@ -462,7 +467,7 @@
 				$res = false;
 			}
 		}
-		mysql_close($link);
+		mysqli_close($link);
 		return $res;
 	}
@ -474,13 +479,14 @@
 		setMsgLanguage($lang);
-		$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
+		$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
-		mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+		mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
 		$login = mysqli_real_escape_string($link, $login);
 		$query = "SELECT Password FROM user WHERE Login='$login'";
-		$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+		$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-		if (mysql_num_rows ($result) != 1)
+		if (mysqli_num_rows ($result) != 1)
 		{
 			if ($AcceptUnknownUser)
 			{
@ -492,17 +498,17 @@
 			{
 				// Check if this is not an unconfirmed account
 				$query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'";
-				$result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+				$result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-				if (mysql_num_rows($result) == 0)
+				if (mysqli_num_rows($result) == 0)
 				{
 					// no user record, reject it
 					die (errorMsgBlock(2001, $login, 'askSalt'));
 				}
-				else if (mysql_num_rows($result) == 1)
+				else if (mysqli_num_rows($result) == 1)
 				{
 					// one unconfirmed record, let the client send the encrypted password to get the corresponding email address
-					$row = mysql_fetch_array($result);
+					$row = mysqli_fetch_assoc($result);
 					$salt = substr($row['GamePassword'], 0, 2);
 				}
 				else
@ -511,7 +517,7 @@
 					{
 						// several matching records => display a multi-language message now
 						$languages = array();
-						while ($row = mysql_fetch_array($result))
+						while ($row = mysqli_fetch_assoc($result))
 						{
 							$languages[$row['Language']] = true;
 						}
@ -523,12 +529,11 @@
 		}
 		else
 		{
-			$res_array = mysql_fetch_array($result);
+			$res_array = mysqli_fetch_assoc($result);
 			$salt = substr($res_array['Password'], 0, 2);
 		}
 		echo "1:".$salt;
-		mysql_close($link);
+		mysqli_close($link);
 	}
 ?>
--- a/code/ryzom/tools/server/www/ring/edit_session.php
+++ b/code/ryzom/tools/server/www/ring/edit_session.php
@ -16,9 +16,10 @@
 	$domainInfo = getDomainInfo($domainId);
-	global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName;
+	global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
-	$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
+
-	mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
+	$link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
 	mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName");
 	// Find out if the character has an open editing session
 	$query = "SELECT session_id, state ";
@ -26,8 +27,8 @@
 	$query .= " WHERE (owner = '".$charId."')";
 	$query .= " AND (session_type = 'st_edit')";
 	$query .= " AND (NOT (state IN ('ss_closed', 'ss_locked')))";
-	$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+	$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
-	$num = mysql_num_rows ($result);
+	$num = mysqli_num_rows($result);
 	if ($num > 1)
 	{
 		echo "Error: more than one editing sessions for char".$charId;
@ -39,11 +40,14 @@
 	{
 		// Not found => first, create an editing session for this character, start the session and invite himself
 		$query = "SELECT char_name FROM characters WHERE char_id = $charId";
-		$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+		$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
-		$num = mysql_num_rows ($result);
+		$num = mysqli_num_rows($result);
 		$characterName = "";
 		if ($num > 0)
-			$characterName = mysql_result($result, 0, 0);
+		{
 			$row = mysqli_fetch_assoc($result);
 			$characterName = $row['char_name'];
 		}
 		global $SessionId, $SessionToolsResult;
 		planEditSession($charId, $domainId, "st_edit", $characterName, "");
 		if ($SessionToolsResult === false)
@ -55,7 +59,7 @@
 	}
 	else
 	{
-		$row = mysql_fetch_array($result);
+		$row = mysqli_fetch_assoc($result);
 		$sessionId = $row['session_id'];
 		$state = $row['state'];
 		echo "Found your session: $sessionId ($state)<br>";
@ -73,13 +77,12 @@
 	}
 	// check that we character have a participation in the session and invite him if needed
 	mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
 	$query = "SELECT count(*) FROM session_participant WHERE session_id = $sessionId AND char_id = $charId";
-	$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+	$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
-	$num = mysql_num_rows ($result);
+	$num = mysqli_num_rows($result);
 	if ($num != 1)
 		die ("Invalid result whil checking participation for char $charId in session $sessionId<br>");
-	$value = mysql_fetch_array($result);
+	$value = mysqli_fetch_row($result);
 	if ($value[0] == 0)
 	{
 		// the character have not is own invitation !
@ -91,4 +94,4 @@
 	// Join the session
 	joinSessionFromId($userId, $domainId, $sessionId);
-?>
+
--- a/code/ryzom/tools/server/www/ring/invite_pioneer.php
+++ b/code/ryzom/tools/server/www/ring/invite_pioneer.php
@ -42,24 +42,25 @@
 	if (isset($_POST["execute"]))
 	{
 		// lookup in the database to convert character name into
-		global $DBHost, $DBUserName, $DBPassword, $RingDBName;
+		global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
-		$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
+		$link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
-		mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName");
+		mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName");
 		// extract the character that have the specified name
-		$query = "select * from characters where char_name = '".$_POST["charName"]."'";
+		$charName = mysqli_real_escape_string($link, $_POST['charName']);
-		$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+		$query = "select char_id, char_name from characters where char_name = '$charName'";
 		$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
-		if (mysql_num_rows ($result) == 0)
+		if (mysqli_num_rows($result) == 0)
 		{
 			echo "<h1>Can't find the character ".$_POST["charName"]."<h1>";
 		}
 		else
 		{
-			$row = mysql_fetch_row($result);
+			$row = mysqli_fetch_assoc($result);
-			$currentSession = $row[0];
+			$currentSession = $row['char_id'];
-			$currentchar = $row[1];
+			$currentchar = $row['char_name'];
 			// send the invitation info to the session manager
 			$invitePioneer = new InvitePioneerCb;
--- a/code/ryzom/tools/server/www/ring/join_shard.php
+++ b/code/ryzom/tools/server/www/ring/join_shard.php
@ -184,13 +184,17 @@ function displayAllShards(&$onlineShardsBySessionId)
 	}
 	// List all shards of the domain, including offline ones
-	global $DBName;
+	global $DBName, $DBHost, $DBUserName, $DBPassword;
-	mysql_select_db ($DBName) or die ("Can't access to the db dbname:$DBName");
+	$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("Can't connect to nel database");
 	mysqli_select_db($link, $DBName) or die ("Can't access to the db dbname:$DBName");
 	$domainId = (int) $domainId;
 	$query = "select * from shard where domain_id = $domainId";
-	$resShards = mysql_query ($query) or die ("Can't execute the query: ".$query." ".mysql_error());
+	$resShards = mysqli_query($link, $query) or die ("Can't execute the query: ".$query." ".mysqli_error($link));
 	echo "Select a shard to join:<br>";
 	//echo "<form name='far_tp' action='join_shard.php' method='post'>";
-	while ($rowShard = mysql_fetch_array($resShards))
+	while ($rowShard = mysqli_fetch_assoc($resShards))
 	{
 		$mainlandSessionId = $rowShard['FixedSessionId'];
 		$isOnline = isset($onlineShardsBySessionId[$mainlandSessionId]);
@ -245,4 +249,4 @@ function joinMainland($userId, $domainId)
 	global $FSHostResult;
 	return $FSHostResult;
 }
-?>
+
--- a/code/ryzom/tools/server/www/ring/session_tools.php
+++ b/code/ryzom/tools/server/www/ring/session_tools.php
@ -108,19 +108,23 @@ function inviteOwnerInSession($charId, $domainId, $sessionId)
 	$RSMPort = $addr[1];
 	global $rsmProxy, $rsmSkel, $userId, $charId, $callbackClient, $RingDBName, /*$SessionId,*/ $SessionToolsResult;
 	global $DBHost, $RingDBUserName, $RingDBPassword;
 	$SessionId = $sessionId;
 	$DomainId = $domainId;
-	
+
-	mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
+	$link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die("Can't connect to ring database");
 	mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName");
 	$sessionId = (int) $sessionId;
 	$query = "select session_type from sessions where session_id=".$sessionId;
-	$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+	$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
-	if (mysql_num_rows ($result) != 1)
+	if (mysqli_num_rows($result) != 1)
 	{
 		echo "Can't find 1 row for ring session ".$sessionId."<br>";
 		die();
 	}
-	$row = mysql_fetch_row($result);
+	$row = mysqli_fetch_row($result);
 	$session_type = $row[0];
 	$mode = ($session_type == "st_edit") ? "sps_edit_invited" : "sps_anim_invited";
 	echo "Inviting character ".$charId." of user ".$userId." in session ".$sessionId."<br>";
@ -184,4 +188,4 @@ class InviteOwnerCb extends CRingSessionManagerWeb
 		echo '<p><p><a href="web_start.php">Back to menu</a>';
 	}
 }
-?>
+
--- a/code/ryzom/tools/server/www/tools/domain_info.php
+++ b/code/ryzom/tools/server/www/tools/domain_info.php
@ -6,19 +6,20 @@
 	{
 		global $DBHost, $DBUserName, $DBPassword, $DBName;
-		$nelDb = mysql_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db");
+		$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db");
-		mysql_select_db ($DBName, $nelDb) or die("can't select nel db");
+		mysqli_select_db ($link, $DBName) or die("can't select nel db");
-		$query = "SELECT * FROM domain WHERE domain_id = '".$domainId."'";
+
-		$result = mysql_query ($query) or die("query ".$query." failed");
+		$domainId = (int)$domainId;
 		$query = "SELECT * FROM domain WHERE domain_id = $domainId";
 		$result = mysqli_query($link, $query) or die("query ($query) failed");
-		if (mysql_num_rows($result) == 0)
+		if (mysqli_num_rows($result) == 0)
 		{
 			die("Can't find row for domain ".$domainId);
 		}
-		$domainInfo = mysql_fetch_array($result);
+		$domainInfo = mysqli_fetch_array($result);
 		return $domainInfo;
 	}	
-	
+
 ?>
--- a/code/ryzom/tools/server/www/tools/validate_cookie.php
+++ b/code/ryzom/tools/server/www/tools/validate_cookie.php
@ -16,7 +16,7 @@
 	function validateCookie(&$userId, &$domainId, &$charId)
 	{
-		global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName, $AcceptUnknownUser;
+		global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName, $AcceptUnknownUser;
 		if (!isset($_COOKIE["ryzomId"]))
 		{
@ -40,18 +40,20 @@
 		}
 		// check the cookie in the database		
-		$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
+		$link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
-		mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName");
+		mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName");
 		$query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
 		$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
-		if (mysql_num_rows ($result) == 0)
+		$cookie = mysqli_real_escape_string($link, $cookie);
 		$query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
 		$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
 		if (mysqli_num_rows($result) == 0)
 		{
 			echo "Can't find cookie $cookie in database<BR>";
 			return false;
 		}
-		$row = mysql_fetch_array($result);
+		$row = mysqli_fetch_assoc($result);
 		if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" )
 		{
@ -77,4 +79,4 @@
 		else
 			return 0; // temp dev: use 0 as the "ring character"
 	}
-?>
+