diff --git a/code/ryzom/tools/server/www/login/client_install.php b/code/ryzom/tools/server/www/login/client_install.php
index 4387387f1..db93f8caa 100644
--- a/code/ryzom/tools/server/www/login/client_install.php
+++ b/code/ryzom/tools/server/www/login/client_install.php
@@ -74,19 +74,21 @@
die2();
}
$domainName = getPost("domain");
- $nelLink = mysql_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName");
- mysql_select_db ($DBName, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName");
+ $nelLink = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die2 (__FILE__. " " .__LINE__." Can't connect to database host:$DBHost user:$DBUserName");
+ mysqli_select_db ($nelLink, $DBName) or die2 (__FILE__. " " .__LINE__." Can't access to the table dbname:$DBName");
+
+ $domainName = mysqli_real_escape_string($nelLink, $domainName);
$query = "SELECT backup_patch_url, patch_urls FROM domain WHERE domain_name='$domainName'";
- $result = mysql_query ($query, $nelLink) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query);
+ $result = mysqli_query ($nelLink, $query) or die2 (__FILE__. " " .__LINE__." Can't execute the query: ".$query);
- if (mysql_num_rows($result) != 1)
+ if (mysqli_num_rows($result) != 1)
{
// unrecoverable error, we must giveup
$reason = "Can't find domain '".$domainName."' (error code x)";
$res = false;
}
- $req = mysql_fetch_array($result);
+ $req = mysqli_fetch_array($result);
$backup_patch_url = $req["backup_patch_url"];
$patch_urls = $req["patch_urls"];
@@ -114,7 +116,7 @@
}
echo "\n";
- mysql_close($nelLink);
+ mysqli_close($nelLink);
unset($nelLink);
break;
@@ -124,4 +126,3 @@
}
-?>
diff --git a/code/ryzom/tools/server/www/login/r2_login.php b/code/ryzom/tools/server/www/login/r2_login.php
index c6a9de6f2..c12340f1b 100644
--- a/code/ryzom/tools/server/www/login/r2_login.php
+++ b/code/ryzom/tools/server/www/login/r2_login.php
@@ -34,16 +34,16 @@
// gather the domain information (server version, patch urls and backup patch url
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
- $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
- mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+ $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
+ mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$query = "SELECT * FROM domain WHERE domain_id=$domainId";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if( mysql_num_rows($result) != 1)
+ if( mysqli_num_rows($result) != 1)
{
die(errorMsgBlock(3001, $domainId));
}
- $row = mysql_fetch_array($result);
+ $row = mysqli_fetch_array($result);
// set the cookie
setcookie ( "ryzomId" , $cookie, 0, "/");
@@ -178,27 +178,28 @@
{
////////////// Temporary code alpha 0 only /////////////////////////////////////
// check if the ring user exist, and create it if not
- $ringDb = mysql_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
- mysql_select_db ($domainInfo['ring_db_name'], $ringDb) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
+ $ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
+ mysqli_select_db ($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '".$id."'";
- $result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error()));
+ $result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
- if (mysql_num_rows($result) == 0)
+ if (mysqli_num_rows($result) == 0)
{
// no ring user record, build one
- $query = "INSERT INTO ring_users SET user_id = '".$id."', user_name = '".$_GET["login"]."', user_type='ut_pioneer'";
- $result = mysql_query ($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysql_error()));
+ $login = mysqli_real_escape_string($ringDb, $login);
+ $query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
+ $result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
}
// // check that there is a character record (deprecated)
// $query = "SELECT user_id FROM characters where user_id = '".$id."'";
-// $result = mysql_query ($query) or die("Query ".$query." failed");
-// if (mysql_num_rows($result) == 0)
+// $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
+// if (mysqli_num_rows($result) == 0)
// {
// // no characters record, build a default one
// $charId = ($id * 16);
// $query = "INSERT INTO characters SET char_id='".$charId."', char_name='".$_GET["login"]."_default', user_id = '".$id."'";
-// $result = mysql_query ($query) or die("Query ".$query." failed");
+// $result = mysqli_query ($ringDb, $query) or die("Query ".$query." failed");
// }
}
@@ -269,24 +270,25 @@
setMsgLanguage($lang);
+ $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
+ mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+
// we map the client application to the domain name
- $domainName = $clientApplication;
+ $domainName = mysqli_real_escape_string($link, $clientApplication);
- $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
- mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
// retreive the domain id
$query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows($result) == 0)
+ if (mysqli_num_rows($result) == 0)
{
// unrecoverable error, we must giveup
$reason = errorMsg(3007, $domainName);
- mysql_close($link);
+ mysqli_close($link);
return false;
}
- $row = mysql_fetch_array($result);
+ $row = mysqli_fetch_array($result);
$domainId = $row[0];
// retreive the domain info
@@ -296,32 +298,34 @@
$accessPriv = strtoupper(substr($domainInfo['status'], 3));
// now, retrieve the user infos
+ $login = mysqli_real_escape_string($link, $login);
$query = "SELECT * FROM user where Login='$login'";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows ($result) == 0)
+ if (mysqli_num_rows ($result) == 0)
{
if ($AcceptUnknownUser)
{
// login doesn't exist, create it
+ $password = mysqli_real_escape_string($link, $password);
$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
// get the user to have his UId
$query = "SELECT * FROM user WHERE Login='$login'";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows ($result) == 1)
+ if (mysqli_num_rows ($result) == 1)
{
$reason = errorMsg(3008, $login);
- $row = mysql_fetch_array ($result);
+ $row = mysqli_fetch_assoc ($result);
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
// add the default permission
$query = "INSERT INTO permission (UId, ClientApplication, AccessPrivilege) VALUES ('$id', 'r2', '$accessPriv')";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$res = false;
}
@@ -335,9 +339,9 @@
{
// Check if this is not an unconfirmed account
$query = "SELECT GamePassword, Email, Language FROM signup_data WHERE login='$login'";
- $result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows($result) == 0)
+ if (mysqli_num_rows($result) == 0)
{
$reason = errorMsg(2001, $login, 'checkUserValidity');
$res = false;
@@ -346,7 +350,7 @@
{
// Check password to avoid revealing email address to third-party
$passwordMatchedRow = false;
- while ($row = mysql_fetch_array($result))
+ while ($row = mysqli_fetch_assoc($result))
{
$salt = substr($row['GamePassword'],0,2);
if (($cp && $row['GamePassword'] == $password) || (!$cp && $row['GamePassword'] == crypt($password, $salt)))
@@ -369,7 +373,7 @@
}
else
{
- $row = mysql_fetch_array ($result);
+ $row = mysqli_fetch_assoc ($result);
$salt = substr($row["Password"],0,2);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
{
@@ -377,15 +381,16 @@
$_GET['login'] = $row['Login'];
// check if the user can use this application
+ $clientApplication = mysqli_real_escape_string($link, $clientApplication);
$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
- if (mysql_num_rows ($result) == 0)
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
+ if (mysqli_num_rows ($result) == 0)
{
if ($AcceptUnknownUser)
{
// add default permission
$query = "INSERT INTO permission (UId, ClientApplication, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$clientApplication', -1, '$domainStatus')";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010);
$res = false;
@@ -400,7 +405,7 @@
else
{
// check that the access privilege for the domain
- $permission = mysql_fetch_array($result);
+ $permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv))
{
@@ -409,7 +414,7 @@
{
// set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE prim=".$permission['prim'];
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv);
$res = false;
@@ -435,10 +440,10 @@
// $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
//
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
-// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
+// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
//
// $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
-// $result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
+// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
// }
// else
// {
@@ -462,7 +467,7 @@
$res = false;
}
}
- mysql_close($link);
+ mysqli_close($link);
return $res;
}
@@ -474,13 +479,14 @@
setMsgLanguage($lang);
- $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
- mysql_select_db ($DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+ $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
+ mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
+ $login = mysqli_real_escape_string($link, $login);
$query = "SELECT Password FROM user WHERE Login='$login'";
- $result = mysql_query ($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows ($result) != 1)
+ if (mysqli_num_rows ($result) != 1)
{
if ($AcceptUnknownUser)
{
@@ -492,17 +498,17 @@
{
// Check if this is not an unconfirmed account
$query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'";
- $result = mysql_query($query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysql_error()));
+ $result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
- if (mysql_num_rows($result) == 0)
+ if (mysqli_num_rows($result) == 0)
{
// no user record, reject it
die (errorMsgBlock(2001, $login, 'askSalt'));
}
- else if (mysql_num_rows($result) == 1)
+ else if (mysqli_num_rows($result) == 1)
{
// one unconfirmed record, let the client send the encrypted password to get the corresponding email address
- $row = mysql_fetch_array($result);
+ $row = mysqli_fetch_assoc($result);
$salt = substr($row['GamePassword'], 0, 2);
}
else
@@ -511,7 +517,7 @@
{
// several matching records => display a multi-language message now
$languages = array();
- while ($row = mysql_fetch_array($result))
+ while ($row = mysqli_fetch_assoc($result))
{
$languages[$row['Language']] = true;
}
@@ -523,12 +529,11 @@
}
else
{
- $res_array = mysql_fetch_array($result);
+ $res_array = mysqli_fetch_assoc($result);
$salt = substr($res_array['Password'], 0, 2);
}
echo "1:".$salt;
- mysql_close($link);
+ mysqli_close($link);
}
-?>
diff --git a/code/ryzom/tools/server/www/ring/edit_session.php b/code/ryzom/tools/server/www/ring/edit_session.php
index c782a408d..e567f2296 100644
--- a/code/ryzom/tools/server/www/ring/edit_session.php
+++ b/code/ryzom/tools/server/www/ring/edit_session.php
@@ -16,9 +16,10 @@
$domainInfo = getDomainInfo($domainId);
- global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName;
- $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
- mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
+ global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
+
+ $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
+ mysqli_select_db($link, $RingDBName) or die ("Can't access to the db dbname:$RingDBName");
// Find out if the character has an open editing session
$query = "SELECT session_id, state ";
@@ -26,8 +27,8 @@
$query .= " WHERE (owner = '".$charId."')";
$query .= " AND (session_type = 'st_edit')";
$query .= " AND (NOT (state IN ('ss_closed', 'ss_locked')))";
- $result = mysql_query ($query) or die ("Can't execute the query: ".$query);
- $num = mysql_num_rows ($result);
+ $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
+ $num = mysqli_num_rows($result);
if ($num > 1)
{
echo "Error: more than one editing sessions for char".$charId;
@@ -39,11 +40,14 @@
{
// Not found => first, create an editing session for this character, start the session and invite himself
$query = "SELECT char_name FROM characters WHERE char_id = $charId";
- $result = mysql_query ($query) or die ("Can't execute the query: ".$query);
- $num = mysql_num_rows ($result);
+ $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
+ $num = mysqli_num_rows($result);
$characterName = "";
if ($num > 0)
- $characterName = mysql_result($result, 0, 0);
+ {
+ $row = mysqli_fetch_assoc($result);
+ $characterName = $row['char_name'];
+ }
global $SessionId, $SessionToolsResult;
planEditSession($charId, $domainId, "st_edit", $characterName, "");
if ($SessionToolsResult === false)
@@ -55,7 +59,7 @@
}
else
{
- $row = mysql_fetch_array($result);
+ $row = mysqli_fetch_assoc($result);
$sessionId = $row['session_id'];
$state = $row['state'];
echo "Found your session: $sessionId ($state)
";
@@ -73,13 +77,12 @@
}
// check that we character have a participation in the session and invite him if needed
- mysql_select_db ($RingDBName) or die ("Can't access to the db dbname:$RingDBName");
$query = "SELECT count(*) FROM session_participant WHERE session_id = $sessionId AND char_id = $charId";
- $result = mysql_query ($query) or die ("Can't execute the query: ".$query);
- $num = mysql_num_rows ($result);
+ $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
+ $num = mysqli_num_rows($result);
if ($num != 1)
die ("Invalid result whil checking participation for char $charId in session $sessionId
");
- $value = mysql_fetch_array($result);
+ $value = mysqli_fetch_row($result);
if ($value[0] == 0)
{
// the character have not is own invitation !
@@ -91,4 +94,4 @@
// Join the session
joinSessionFromId($userId, $domainId, $sessionId);
-?>
+
diff --git a/code/ryzom/tools/server/www/ring/invite_pioneer.php b/code/ryzom/tools/server/www/ring/invite_pioneer.php
index b86ca5c9a..44cd83349 100644
--- a/code/ryzom/tools/server/www/ring/invite_pioneer.php
+++ b/code/ryzom/tools/server/www/ring/invite_pioneer.php
@@ -42,24 +42,25 @@
if (isset($_POST["execute"]))
{
// lookup in the database to convert character name into
- global $DBHost, $DBUserName, $DBPassword, $RingDBName;
+ global $DBHost, $RingDBUserName, $RingDBPassword, $RingDBName;
- $link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
- mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName");
+ $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
+ mysqli_select_db($link, $RingDBName) or die ("Can't access to the table dbname:$RingDBName");
// extract the character that have the specified name
- $query = "select * from characters where char_name = '".$_POST["charName"]."'";
- $result = mysql_query ($query) or die ("Can't execute the query: ".$query);
+ $charName = mysqli_real_escape_string($link, $_POST['charName']);
+ $query = "select char_id, char_name from characters where char_name = '$charName'";
+ $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
- if (mysql_num_rows ($result) == 0)
+ if (mysqli_num_rows($result) == 0)
{
echo "