Merged in nimetu/ryzomcore/php-mysqli-refactor-fixed (pull request #48)

Replace deprecated mysql functions with mysqli in login and ring scripts
This commit is contained in:
Matthew Lagoe 2014-02-05 13:05:14 -08:00
commit db18dda4f3
8 changed files with 131 additions and 110 deletions

View file

@ -74,19 +74,21 @@
die2(); die2();
} }
$domainName = getPost("domain"); $domainName = getPost("domain");
$nelLink = mysql_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName"); $nelLink = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($DBName, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName"); mysqli_select_db ($nelLink, $DBName) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName");
$domainName = mysqli_real_escape_string($nelLink, $domainName);
$query = "SELECT backup_patch_url, patch_urls FROM domain WHERE domain_name='$domainName'"; $query = "SELECT backup_patch_url, patch_urls FROM domain WHERE domain_name='$domainName'";
$result = mysql_query ($query, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query); $result = mysqli_query ($nelLink, $query) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query);
if (mysql_num_rows($result) != 1) if (mysqli_num_rows($result) != 1)
{ {
// unrecoverable error, we must giveup // unrecoverable error, we must giveup
$reason = "Can't find domain '".$domainName."' (error code x)"; $reason = "Can't find domain '".$domainName."' (error code x)";
$res = false; $res = false;
} }
$req = mysql_fetch_array($result); $req = mysqli_fetch_array($result);
$backup_patch_url = $req["backup_patch_url"]; $backup_patch_url = $req["backup_patch_url"];
$patch_urls = $req["patch_urls"]; $patch_urls = $req["patch_urls"];
@ -114,7 +116,7 @@
} }
echo "</version>\n"; echo "</version>\n";
mysql_close($nelLink); mysqli_close($nelLink);
unset($nelLink); unset($nelLink);
break; break;
@ -124,4 +126,3 @@
} }
?>

View file

@ -34,16 +34,16 @@
// gather the domain information (server version, patch urls and backup patch url // gather the domain information (server version, patch urls and backup patch url
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing; global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$query = "SELECT * FROM domain WHERE domain_id=$domainId"; $query = "SELECT * FROM domain WHERE domain_id=$domainId";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if( mysql_num_rows($result) != 1) if( mysqli_num_rows($result) != 1)
{ {
die(errorMsgBlock(3001, $domainId)); die(errorMsgBlock(3001, $domainId));
} }
$row = mysql_fetch_array($result); $row = mysqli_fetch_array($result);
// set the cookie // set the cookie
setcookie ( "ryzomId" , $cookie, 0, "/"); setcookie ( "ryzomId" , $cookie, 0, "/");
@ -178,27 +178,28 @@
{ {
////////////// Temporary code alpha 0 only ///////////////////////////////////// ////////////// Temporary code alpha 0 only /////////////////////////////////////
// check if the ring user exist, and create it if not // check if the ring user exist, and create it if not
$ringDb = mysql_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName)); $ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
mysql_select_db ($domainInfo['ring_db_name'], $ringDb) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName)); mysqli_select_db ($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '".$id."'"; $query = "SELECT user_id FROM ring_users where user_id = '".$id."'";
$result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error())); $result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
if (mysql_num_rows($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
// no ring user record, build one // no ring user record, build one
$query = "INSERT INTO ring_users SET user_id = '".$id."', user_name = '".$_GET["login"]."', user_type='ut_pioneer'"; $login = mysqli_real_escape_string($ringDb, $_GET['login']);
$result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error())); $query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
$result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
} }
// // check that there is a character record (deprecated) // // check that there is a character record (deprecated)
// $query = "SELECT user_id FROM characters where user_id = '".$id."'"; // $query = "SELECT user_id FROM characters where user_id = '".$id."'";
// $result = mysql_query ($query) or die("Query ".$query." failed"); // $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
// if (mysql_num_rows($result) == 0) // if (mysqli_num_rows($result) == 0)
// { // {
// // no characters record, build a default one // // no characters record, build a default one
// $charId = ($id * 16); // $charId = ($id * 16);
// $query = "INSERT INTO characters SET char_id='".$charId."', char_name='".$_GET["login"]."_default', user_id = '".$id."'"; // $query = "INSERT INTO characters SET char_id='".$charId."', char_name='".$_GET["login"]."_default', user_id = '".$id."'";
// $result = mysql_query ($query) or die("Query ".$query." failed"); // $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
// } // }
} }
@ -269,24 +270,25 @@
setMsgLanguage($lang); setMsgLanguage($lang);
// we map the client application to the domain name $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
$domainName = $clientApplication; mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
// we map the client application to the domain name
$domainName = mysqli_real_escape_string($link, $clientApplication);
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
// retreive the domain id // retreive the domain id
$query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'"; $query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
// unrecoverable error, we must giveup // unrecoverable error, we must giveup
$reason = errorMsg(3007, $domainName); $reason = errorMsg(3007, $domainName);
mysql_close($link); mysqli_close($link);
return false; return false;
} }
$row = mysql_fetch_array($result); $row = mysqli_fetch_array($result);
$domainId = $row[0]; $domainId = $row[0];
// retreive the domain info // retreive the domain info
@ -296,32 +298,34 @@
$accessPriv = strtoupper(substr($domainInfo['status'], 3)); $accessPriv = strtoupper(substr($domainInfo['status'], 3));
// now, retrieve the user infos // now, retrieve the user infos
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT * FROM user where Login='$login'"; $query = "SELECT * FROM user where Login='$login'";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows ($result) == 0) if (mysqli_num_rows ($result) == 0)
{ {
if ($AcceptUnknownUser) if ($AcceptUnknownUser)
{ {
// login doesn't exist, create it // login doesn't exist, create it
$password = mysqli_real_escape_string($link, $password);
$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')"; $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
// get the user to have his UId // get the user to have his UId
$query = "SELECT * FROM user WHERE Login='$login'"; $query = "SELECT * FROM user WHERE Login='$login'";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows ($result) == 1) if (mysqli_num_rows ($result) == 1)
{ {
$reason = errorMsg(3008, $login); $reason = errorMsg(3008, $login);
$row = mysql_fetch_array ($result); $row = mysqli_fetch_assoc ($result);
$id = $row["UId"]; $id = $row["UId"];
$priv = $row["Privilege"]; $priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"]; $extended = $row["ExtendedPrivilege"];
// add the default permission // add the default permission
$query = "INSERT INTO permission (UId, ClientApplication, AccessPrivilege) VALUES ('$id', 'r2', '$accessPriv')"; $query = "INSERT INTO permission (UId, ClientApplication, AccessPrivilege) VALUES ('$id', 'r2', '$accessPriv')";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$res = false; $res = false;
} }
@ -335,9 +339,9 @@
{ {
// Check if this is not an unconfirmed account // Check if this is not an unconfirmed account
$query = "SELECT GamePassword, Email, Language FROM signup_data WHERE login='$login'"; $query = "SELECT GamePassword, Email, Language FROM signup_data WHERE login='$login'";
$result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
$reason = errorMsg(2001, $login, 'checkUserValidity'); $reason = errorMsg(2001, $login, 'checkUserValidity');
$res = false; $res = false;
@ -346,7 +350,7 @@
{ {
// Check password to avoid revealing email address to third-party // Check password to avoid revealing email address to third-party
$passwordMatchedRow = false; $passwordMatchedRow = false;
while ($row = mysql_fetch_array($result)) while ($row = mysqli_fetch_assoc($result))
{ {
$salt = substr($row['GamePassword'],0,2); $salt = substr($row['GamePassword'],0,2);
if (($cp && $row['GamePassword'] == $password) || (!$cp && $row['GamePassword'] == crypt($password, $salt))) if (($cp && $row['GamePassword'] == $password) || (!$cp && $row['GamePassword'] == crypt($password, $salt)))
@ -369,7 +373,7 @@
} }
else else
{ {
$row = mysql_fetch_array ($result); $row = mysqli_fetch_assoc ($result);
$salt = substr($row["Password"],0,2); $salt = substr($row["Password"],0,2);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
{ {
@ -377,15 +381,16 @@
$_GET['login'] = $row['Login']; $_GET['login'] = $row['Login'];
// check if the user can use this application // check if the user can use this application
$clientApplication = mysqli_real_escape_string($link, $clientApplication);
$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'"; $query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows ($result) == 0) if (mysqli_num_rows ($result) == 0)
{ {
if ($AcceptUnknownUser) if ($AcceptUnknownUser)
{ {
// add default permission // add default permission
$query = "INSERT INTO permission (UId, ClientApplication, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$clientApplication', -1, '$domainStatus')"; $query = "INSERT INTO permission (UId, ClientApplication, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$clientApplication', -1, '$domainStatus')";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010); $reason = errorMsg(3010);
$res = false; $res = false;
@ -400,7 +405,7 @@
else else
{ {
// check that the access privilege for the domain // check that the access privilege for the domain
$permission = mysql_fetch_array($result); $permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv)) if (!strstr($permission['AccessPrivilege'], $accessPriv))
{ {
@ -409,7 +414,7 @@
{ {
// set an additionnal privilege for this player // set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE prim=".$permission['prim']; $query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE prim=".$permission['prim'];
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv); $reason = errorMsg(3012, $accessPriv);
$res = false; $res = false;
@ -435,10 +440,10 @@
// $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)"; // $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
// //
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"]; // $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error()); // $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
// //
// $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"]; // $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error()); // $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
// } // }
// else // else
// { // {
@ -462,7 +467,7 @@
$res = false; $res = false;
} }
} }
mysql_close($link); mysqli_close($link);
return $res; return $res;
} }
@ -474,13 +479,14 @@
setMsgLanguage($lang); setMsgLanguage($lang);
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT Password FROM user WHERE Login='$login'"; $query = "SELECT Password FROM user WHERE Login='$login'";
$result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows ($result) != 1) if (mysqli_num_rows ($result) != 1)
{ {
if ($AcceptUnknownUser) if ($AcceptUnknownUser)
{ {
@ -492,17 +498,17 @@
{ {
// Check if this is not an unconfirmed account // Check if this is not an unconfirmed account
$query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'"; $query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'";
$result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error())); $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysql_num_rows($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
// no user record, reject it // no user record, reject it
die (errorMsgBlock(2001, $login, 'askSalt')); die (errorMsgBlock(2001, $login, 'askSalt'));
} }
else if (mysql_num_rows($result) == 1) else if (mysqli_num_rows($result) == 1)
{ {
// one unconfirmed record, let the client send the encrypted password to get the corresponding email address // one unconfirmed record, let the client send the encrypted password to get the corresponding email address
$row = mysql_fetch_array($result); $row = mysqli_fetch_assoc($result);
$salt = substr($row['GamePassword'], 0, 2); $salt = substr($row['GamePassword'], 0, 2);
} }
else else
@ -511,7 +517,7 @@
{ {
// several matching records => display a multi-language message now // several matching records => display a multi-language message now
$languages = array(); $languages = array();
while ($row = mysql_fetch_array($result)) while ($row = mysqli_fetch_assoc($result))
{ {
$languages[$row['Language']] = true; $languages[$row['Language']] = true;
} }
@ -523,12 +529,11 @@
} }
else else
{ {
$res_array = mysql_fetch_array($result); $res_array = mysqli_fetch_assoc($result);
$salt = substr($res_array['Password'], 0, 2); $salt = substr($res_array['Password'], 0, 2);
} }
echo "1:".$salt; echo "1:".$salt;
mysql_close($link); mysqli_close($link);
} }
?>

View file

@ -16,9 +16,10 @@
$domainInfo = getDomainInfo($domainId); $domainInfo = getDomainInfo($domainId);
global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName; global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName"); $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName");
// Find out if the character has an open editing session // Find out if the character has an open editing session
$query = "SELECT session_id, state "; $query = "SELECT session_id, state ";
@ -26,8 +27,8 @@
$query .= " WHERE (owner = '".$charId."')"; $query .= " WHERE (owner = '".$charId."')";
$query .= " AND (session_type = 'st_edit')"; $query .= " AND (session_type = 'st_edit')";
$query .= " AND (NOT (state IN ('ss_closed', 'ss_locked')))"; $query .= " AND (NOT (state IN ('ss_closed', 'ss_locked')))";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query); $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
$num = mysql_num_rows ($result); $num = mysqli_num_rows($result);
if ($num > 1) if ($num > 1)
{ {
echo "Error: more than one editing sessions for char".$charId; echo "Error: more than one editing sessions for char".$charId;
@ -39,11 +40,14 @@
{ {
// Not found => first, create an editing session for this character, start the session and invite himself // Not found => first, create an editing session for this character, start the session and invite himself
$query = "SELECT char_name FROM characters WHERE char_id = $charId"; $query = "SELECT char_name FROM characters WHERE char_id = $charId";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query); $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
$num = mysql_num_rows ($result); $num = mysqli_num_rows($result);
$characterName = ""; $characterName = "";
if ($num > 0) if ($num > 0)
$characterName = mysql_result($result, 0, 0); {
$row = mysqli_fetch_assoc($result);
$characterName = $row['char_name'];
}
global $SessionId, $SessionToolsResult; global $SessionId, $SessionToolsResult;
planEditSession($charId, $domainId, "st_edit", $characterName, ""); planEditSession($charId, $domainId, "st_edit", $characterName, "");
if ($SessionToolsResult === false) if ($SessionToolsResult === false)
@ -55,7 +59,7 @@
} }
else else
{ {
$row = mysql_fetch_array($result); $row = mysqli_fetch_assoc($result);
$sessionId = $row['session_id']; $sessionId = $row['session_id'];
$state = $row['state']; $state = $row['state'];
echo "Found your session: $sessionId ($state)<br>"; echo "Found your session: $sessionId ($state)<br>";
@ -73,13 +77,12 @@
} }
// check that we character have a participation in the session and invite him if needed // check that we character have a participation in the session and invite him if needed
mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
$query = "SELECT count(*) FROM session_participant WHERE session_id = $sessionId AND char_id = $charId"; $query = "SELECT count(*) FROM session_participant WHERE session_id = $sessionId AND char_id = $charId";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query); $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
$num = mysql_num_rows ($result); $num = mysqli_num_rows($result);
if ($num != 1) if ($num != 1)
die ("Invalid result whil checking participation for char $charId in session $sessionId<br>"); die ("Invalid result whil checking participation for char $charId in session $sessionId<br>");
$value = mysql_fetch_array($result); $value = mysqli_fetch_row($result);
if ($value[0] == 0) if ($value[0] == 0)
{ {
// the character have not is own invitation ! // the character have not is own invitation !
@ -91,4 +94,4 @@
// Join the session // Join the session
joinSessionFromId($userId, $domainId, $sessionId); joinSessionFromId($userId, $domainId, $sessionId);
?>

View file

@ -42,24 +42,25 @@
if (isset($_POST["execute"])) if (isset($_POST["execute"]))
{ {
// lookup in the database to convert character name into // lookup in the database to convert character name into
global $DBHost, $DBUserName, $DBPassword, $RingDBName; global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName"); $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName"); mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName");
// extract the character that have the specified name // extract the character that have the specified name
$query = "select * from characters where char_name = '".$_POST["charName"]."'"; $charName = mysqli_real_escape_string($link, $_POST['charName']);
$result = mysql_query ($query) or die ("Can't execute the query: ".$query); $query = "select char_id, char_name from characters where char_name = '$charName'";
$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
echo "<h1>Can't find the character ".$_POST["charName"]."<h1>"; echo "<h1>Can't find the character ".$_POST["charName"]."<h1>";
} }
else else
{ {
$row = mysql_fetch_row($result); $row = mysqli_fetch_assoc($result);
$currentSession = $row[0]; $currentSession = $row['char_id'];
$currentchar = $row[1]; $currentchar = $row['char_name'];
// send the invitation info to the session manager // send the invitation info to the session manager
$invitePioneer = new InvitePioneerCb; $invitePioneer = new InvitePioneerCb;

View file

@ -184,13 +184,17 @@ function displayAllShards(&$onlineShardsBySessionId)
} }
// List all shards of the domain, including offline ones // List all shards of the domain, including offline ones
global $DBName; global $DBName, $DBHost, $DBUserName, $DBPassword;
mysql_select_db ($DBName) or die ("Can't access to the db dbname:$DBName"); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("Can't connect to nel database");
mysqli_select_db($link, $DBName) or die ("Can't access to the db dbname:$DBName");
$domainId = (int) $domainId;
$query = "select * from shard where domain_id = $domainId"; $query = "select * from shard where domain_id = $domainId";
$resShards = mysql_query ($query) or die ("Can't execute the query: ".$query." ".mysql_error()); $resShards = mysqli_query($link, $query) or die ("Can't execute the query: ".$query." ".mysqli_error($link));
echo "Select a shard to join:<br>"; echo "Select a shard to join:<br>";
//echo "<form name='far_tp' action='join_shard.php' method='post'>"; //echo "<form name='far_tp' action='join_shard.php' method='post'>";
while ($rowShard = mysql_fetch_array($resShards)) while ($rowShard = mysqli_fetch_assoc($resShards))
{ {
$mainlandSessionId = $rowShard['FixedSessionId']; $mainlandSessionId = $rowShard['FixedSessionId'];
$isOnline = isset($onlineShardsBySessionId[$mainlandSessionId]); $isOnline = isset($onlineShardsBySessionId[$mainlandSessionId]);
@ -245,4 +249,4 @@ function joinMainland($userId, $domainId)
global $FSHostResult; global $FSHostResult;
return $FSHostResult; return $FSHostResult;
} }
?>

View file

@ -108,19 +108,23 @@ function inviteOwnerInSession($charId, $domainId, $sessionId)
$RSMPort = $addr[1]; $RSMPort = $addr[1];
global $rsmProxy, $rsmSkel, $userId, $charId, $callbackClient, $RingDBName, /*$SessionId,*/ $SessionToolsResult; global $rsmProxy, $rsmSkel, $userId, $charId, $callbackClient, $RingDBName, /*$SessionId,*/ $SessionToolsResult;
global $DBHost, $RingDBUserName, $RingDBPassword;
$SessionId = $sessionId; $SessionId = $sessionId;
$DomainId = $domainId; $DomainId = $domainId;
mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName"); $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die("Can't connect to ring database");
mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName");
$sessionId = (int) $sessionId;
$query = "select session_type from sessions where session_id=".$sessionId; $query = "select session_type from sessions where session_id=".$sessionId;
$result = mysql_query ($query) or die ("Can't execute the query: ".$query); $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) != 1) if (mysqli_num_rows($result) != 1)
{ {
echo "Can't find 1 row for ring session ".$sessionId."<br>"; echo "Can't find 1 row for ring session ".$sessionId."<br>";
die(); die();
} }
$row = mysql_fetch_row($result); $row = mysqli_fetch_row($result);
$session_type = $row[0]; $session_type = $row[0];
$mode = ($session_type == "st_edit") ? "sps_edit_invited" : "sps_anim_invited"; $mode = ($session_type == "st_edit") ? "sps_edit_invited" : "sps_anim_invited";
echo "Inviting character ".$charId." of user ".$userId." in session ".$sessionId."<br>"; echo "Inviting character ".$charId." of user ".$userId." in session ".$sessionId."<br>";
@ -184,4 +188,4 @@ class InviteOwnerCb extends CRingSessionManagerWeb
echo '<p><p><a href="web_start.php">Back to menu</a>'; echo '<p><p><a href="web_start.php">Back to menu</a>';
} }
} }
?>

View file

@ -6,19 +6,20 @@
{ {
global $DBHost, $DBUserName, $DBPassword, $DBName; global $DBHost, $DBUserName, $DBPassword, $DBName;
$nelDb = mysql_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db"); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die("can't connect to nel db");
mysql_select_db ($DBName, $nelDb) or die("can't select nel db"); mysqli_select_db ($link, $DBName) or die("can't select nel db");
$query = "SELECT * FROM domain WHERE domain_id = '".$domainId."'";
$result = mysql_query ($query) or die("query ".$query." failed"); $domainId = (int)$domainId;
$query = "SELECT * FROM domain WHERE domain_id = $domainId";
$result = mysqli_query($link, $query) or die("query ($query) failed");
if (mysql_num_rows($result) == 0) if (mysqli_num_rows($result) == 0)
{ {
die("Can't find row for domain ".$domainId); die("Can't find row for domain ".$domainId);
} }
$domainInfo = mysql_fetch_array($result); $domainInfo = mysqli_fetch_array($result);
return $domainInfo; return $domainInfo;
} }
?>

View file

@ -16,7 +16,7 @@
function validateCookie(&$userId, &$domainId, &$charId) function validateCookie(&$userId, &$domainId, &$charId)
{ {
global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName, $AcceptUnknownUser; global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName, $AcceptUnknownUser;
if (!isset($_COOKIE["ryzomId"])) if (!isset($_COOKIE["ryzomId"]))
{ {
@ -40,18 +40,20 @@
} }
// check the cookie in the database // check the cookie in the database
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName"); $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName"); mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName");
$query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 0) $cookie = mysqli_real_escape_string($link, $cookie);
$query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
$result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
if (mysqli_num_rows($result) == 0)
{ {
echo "Can't find cookie $cookie in database<BR>"; echo "Can't find cookie $cookie in database<BR>";
return false; return false;
} }
$row = mysql_fetch_array($result); $row = mysqli_fetch_assoc($result);
if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" ) if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" )
{ {
@ -77,4 +79,4 @@
else else
return 0; // temp dev: use 0 as the "ring character" return 0; // temp dev: use 0 as the "ring character"
} }
?>