Migrated to mysqli HEAD master

11 files changed, 75 insertions, 321 deletions

@@ -0,0 +1 @@
+images/comics
@@ -8,11 +8,14 @@ if (!isset($_GET['id']))
         exit;
 }
 
-$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
-$getcomic2 = mysql_query($getcomic);
-$getcomic3 = mysql_fetch_array($getcomic2);
-
-if ($getcomic3['filename'] != ($_GET['id'] . '.png'))
+$getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE filename = ?");
+$real_filename = $_GET['id'] . ".png";
+$getcomic->bind_param("s", $real_filename);
+$getcomic->execute();
+$getcomic2 = $getcomic->get_result();
+$getcomic3 = $getcomic2->fetch_assoc();
+
+if ($getcomic3['filename'] != $real_filename)
 {
         header('Location: /');
         exit;
@@ -1,9 +1,7 @@
 <?php
 
-include_once('fix_mysql.inc.php');
 include('/srv/www/security/pillowcase.php');
 
-$mysql_conn = mysql_connect($dbhost, $dbuser, $dbpasswd);
-mysql_select_db($dbname);
+$mysql_conn = new mysqli($dbhost, $dbuser, $dbpasswd, $dbname);
 
 ?>
@@ -1,257 +0,0 @@
-<?php
-/**
-* replacement for all mysql functions
-*
-* @version 3
-* @git https://github.com/rubo77/php-mysql-fix
-*
-* Be aware, that this is just a workaround to fix-up some old code and the resulting project
-* will be more vulnerable than if you use the recommended newer mysqli-functions instead.
-* So only If you are sure that this is not setting your server at risk, you can fix your old
-* code by adding this line at the beginning of your old code:
-
-<?php
-include_once('fix_mysql.inc.php');
-*
-* see: https://stackoverflow.com/a/37877644/1069083
-*/
-
-if (!function_exists("mysql_connect")){
-  /* warning: fatal error "cannot redeclare" if a function was disabled in php.ini with disable_functions:
-  disable_functions =mysql_connect,mysql_pconnect,mysql_select_db,mysql_ping,mysql_query,mysql_fetch_assoc,mysql_num_rows,mysql_fetch_array,mysql_error,mysql_insert_id,mysql_close,mysql_real_escape_string,mysql_data_seek,mysql_result
-  */
-
-  define("MYSQL_ASSOC", MYSQLI_ASSOC);
-  define("MYSQL_NUM", MYSQLI_NUM);
-  define("MYSQL_BOTH", MYSQLI_BOTH);
-
-  function mysql_fetch_array($result, $result_type = MYSQL_BOTH){
-    $row = mysqli_fetch_array($result, $result_type);
-    return is_null($row) ? false : $row;
-  }
-
-  function mysql_fetch_assoc($result){
-    $row = mysqli_fetch_assoc($result);
-    return is_null($row) ? false : $row;
-  }
-
-  function mysql_fetch_row($result) {
-    $row = mysqli_fetch_row($result);
-    return is_null($row) ? false : $row;
-  }
-
-  function mysql_fetch_object($result) {
-    $row = mysqli_fetch_object($result);
-    return is_null($row) ? false : $row;
-  }
-
-  function mysql_connect($host, $username, $password, $new_link = FALSE, $client_flags = 0){
-    global $global_link_identifier;
-    $global_link_identifier = mysqli_connect($host, $username, $password);
-    return $global_link_identifier;
-  }
-
-  function mysql_pconnect($host, $username, $password, $client_flags = 0){
-    global $global_link_identifier;
-    $global_link_identifier = mysqli_connect("p:".$host, $username, $password);
-    return $global_link_identifier;
-  }
-
-  function mysql_select_db($dbname, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_select_db($link_identifier, $dbname);
-  }
-
-  function mysql_ping($link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_ping($link_identifier);
-  }
-
-  function mysql_query($stmt, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_query($link_identifier, $stmt);
-  }
-  
-  function mysql_db_query ($database, $query, $link_identifier = NULL){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    mysqli_select_db($link_identifier, $database);
-    return mysqli_query($link_identifier, $query);
-  }
-  
-  function mysql_num_rows($result){
-    return mysqli_num_rows($result);
-  }
-
-  function mysql_affected_rows($link_identifier = NULL){
-    // TODO: check, if working when called without argument: mysql_affected_rows()
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_affected_rows($link_identifier);
-  }
-
-  function mysql_list_tables($dbname, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    $sql = "SHOW TABLES FROM $dbname";
-    $result = mysql_query($sql, $link_identifier);
-    return $result;
-  }
-
-  function mysql_error($link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_error($link_identifier);
-  }
-
-  function mysql_errno($link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_errno($link_identifier);
-  }
-
-  function mysql_insert_id($link_identifier = NULL){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_insert_id($link_identifier);
-  }
-
-  function mysql_close($link_identifier = NULL){
-    return true;
-  }
-
-  function mysql_real_escape_string($unescaped_string, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_real_escape_string($link_identifier, $unescaped_string);
-  }
-
-  function mysql_data_seek($result, $row_number){
-    return mysqli_data_seek($result, $row_number);
-  }
-
-  function mysql_result($result, $row=0, $col=0){
-    $numrows = mysqli_num_rows($result);
-    if($numrows && $row <= ($numrows-1) && $row >= 0){
-      mysqli_data_seek($result, $row);
-      $resultrow = (is_numeric($col)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result);
-      if (isset($resultrow[$col])){
-        return $resultrow[$col];
-      }
-    }
-    return false;
-  }
-
-  function mysql_escape_string($s, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_real_escape_string($link_identifier, $s);
-  }
-
-  function mysql_fetch_field($result, $i = null) {
-    if ($i === null) {
-      return mysqli_fetch_field($result);
-    }
-    return mysqli_fetch_field_direct($result, $i);
-  }
-
-  function mysql_field_name($result, $i) {
-    return mysqli_fetch_field_direct($result, $i)->name;
-  }
-
-  function mysql_field_type($result, $i){
-    return mysqli_fetch_field_direct($result, $i)->type;
-  }
-
-  function mysql_field_len($result, $i){
-    return mysqli_fetch_field_direct($result, $i)->length;
-  }
-  
-  function mysql_num_fields($result){
-    return mysqli_num_fields($result);
-  }
-
-  function mysql_free_result($result) {
-    return mysqli_free_result($result);
-  }
-
-  function mysql_get_server_info($link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_get_server_info($link_identifier);
-  }
-
-  function mysql_set_charset($csname, $link_identifier = null){
-    global $global_link_identifier;
-    if($link_identifier == null) {
-      $link_identifier = $global_link_identifier;
-    }
-    return mysqli_set_charset($link_identifier, $csname);
-  }
-  
-  // aliases 
-  function mysql(...$args){ return mysql_db_query(...$args); }
-  function mysql_createdb(...$args){ return mysql_create_db(...$args); }
-  function mysql_db_name(...$args){ return mysql_result(...$args); }
-  function mysql_dbname(...$args){ return mysql_result(...$args); }
-  function mysql_dropdb(...$args){ return mysql_drop_db(...$args); }
-  function mysql_fieldflags(...$args){ return mysql_field_flags(...$args); }
-  function mysql_fieldlen(...$args){ return mysql_field_len(...$args); }
-  function mysql_fieldname(...$args){ return mysql_field_name(...$args); }
-  function mysql_fieldtable(...$args){ return mysql_field_table(...$args); }
-  function mysql_fieldtype(...$args){ return mysql_field_type(...$args); }
-  function mysql_freeresult(...$args){ return mysql_free_result(...$args); }
-  function mysql_listdbs(...$args){ return mysql_list_dbs(...$args); }
-  function mysql_listfields(...$args){ return mysql_list_fields(...$args); }
-  function mysql_listtables(...$args){ return mysql_list_tables(...$args); }
-  function mysql_numfields(...$args){ return mysql_num_fields(...$args); }
-  function mysql_numrows(...$args){ return mysql_num_rows(...$args); }
-  function mysql_selectdb(...$args){ return mysql_select_db(...$args); }
-  
-  // TODO: those functions are not defined yet:
-  function mysql_client_encoding(){ trigger_error("mysql_client_encoding is not defined yet", E_USER_ERROR); }
-  function mysql_create_db(){ trigger_error("mysql_create_db is not defined yet", E_USER_ERROR); }
-  function mysql_drop_db(){ trigger_error("mysql_drop_db is not defined yet", E_USER_ERROR); }
-  function mysql_fetch_lengths(){ trigger_error("mysql_fetch_lengths is not defined yet", E_USER_ERROR); }
-  function mysql_field_flags(){ trigger_error("mysql_field_flags is not defined yet", E_USER_ERROR); }
-  function mysql_field_seek(){ trigger_error("mysql_field_seek is not defined yet", E_USER_ERROR); }
-  function mysql_field_table(){ trigger_error("mysql_field_table is not defined yet", E_USER_ERROR); }
-  function mysql_get_client_info(){ trigger_error("mysql_get_client_info is not defined yet", E_USER_ERROR); }
-  function mysql_get_host_info(){ trigger_error("mysql_get_host_info is not defined yet", E_USER_ERROR); }
-  function mysql_get_proto_info(){ trigger_error("mysql_get_proto_info is not defined yet", E_USER_ERROR); }
-  function mysql_info(){ trigger_error("mysql_info is not defined yet", E_USER_ERROR); }
-  function mysql_list_dbs(){ trigger_error("mysql_list_dbs is not defined yet", E_USER_ERROR); }
-  function mysql_list_fields(){ trigger_error("mysql_list_fields is not defined yet", E_USER_ERROR); }
-  function mysql_list_processes(){ trigger_error("mysql_list_processes is not defined yet", E_USER_ERROR); }
-  function mysql_tablename(){ trigger_error("mysql_tablename is not defined yet", E_USER_ERROR); }
-  function mysql_stat(){ trigger_error("mysql_stat is not defined yet", E_USER_ERROR); }
-  function mysql_thread_id(){ trigger_error("mysql_thread_id is not defined yet", E_USER_ERROR); }
-  function mysql_unbuffered_query(){ trigger_error("mysql_unbuffered_query is not defined yet", E_USER_ERROR); }
-}
@@ -2,9 +2,12 @@
 
 function has_meta($id, $name)
 {
-        $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\"";
-        $getmeta2 = mysql_query($getmeta);
-        $getmeta3 = mysql_fetch_array($getmeta2);
+  global $mysql_conn;
+  $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?");
+  $getmeta->bind_param("is", $id, $name);
+  $getmeta->execute();
+  $getmeta2 = $getmeta->get_result();
+  $getmeta3 = $getmeta2->fetch_assoc();
 
         if ($getmeta3['name'] == $name)
         {
@@ -16,18 +19,21 @@ function has_meta($id, $name)
 
 function get_meta($id, $name)
 {
-        $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\"";
-        $getmeta2 = mysql_query($getmeta);
-        $getmeta3 = mysql_fetch_array($getmeta2);
+  global $mysql_conn;
+  $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?");
+  $getmeta->bind_param("is", $id, $name);
+  $getmeta->execute();
+  $getmeta2 = $getmeta->get_result();
+  $getmeta3 = $getmeta2->fetch_assoc();
 
         return $getmeta3['value'];      
 }
 
 function next_comic_id()
 {
-        $getcomic = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1";
-        $getcomic2 = mysql_query($getcomic);
-        $getcomic3 = mysql_fetch_array($getcomic2);
+  global $mysql_conn;
+        $getcomic = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1");
+  $getcomic3 = $getcomic->fetch_assoc();
 
         return ($getcomic3['comic_id']+1);
 }
@@ -1,27 +1,29 @@
 <?php
 
-$getlast = "SELECT * FROM config WHERE name = \"lastUpdated\"";
-$getlast2 = mysql_query($getlast);
-$getlast3 = mysql_fetch_array($getlast2);
+$getlast = $mysql_conn->query("SELECT * FROM config WHERE name = \"lastUpdated\"");
+$getlast3 = $getlast->fetch_assoc();
 
 $last = $getlast3['value'];
 if ($last != date('md'))
 {
-        $getpending = "SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1";
-        $getpending2 = mysql_query($getpending);
-        $getpending3 = mysql_fetch_array($getpending2);
+        $getpending = $mysql_conn->query("SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1");
+  $getpending3 = $getpending->fetch_assoc();
         if (!empty($getpending3))
         {
                 $id = next_comic_id();
 
-                $setcomic = "UPDATE comics SET status = \"publish\", comic_id = " . $id . " WHERE id = " . $getpending3['id'];
-                $setcomic2 = mysql_query($setcomic) or die($setcomic);
+    $setcomic = $mysql_conn->prepare("UPDATE comics SET status = \"publish\", comic_id = ? WHERE id = ?");
+    $setcomic->bind_param("ii", $id, $getpending3['id']);
+    $setcomic->execute() or die($setcomic);
 
-                $insmeta = "INSERT INTO meta (comic_id,name,value) VALUES (" . $getpending3['id'] . ",\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")";
-                $insmeta2 = mysql_query($insmeta) or die($insmeta);
+    $insmeta = $mysql_conn->prepare("INSERT INTO meta (comic_id,name,value) VALUES (?,\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")");
+    $insmeta->bind_param("i", $getpending3['id']);
+                $insmeta->execute() or die($insmeta);
 
-                $setconfig = "UPDATE config SET value = \"" . date('md') . "\" WHERE name = \"lastUpdated\"";
-                $setconfig2 = mysql_query($setconfig);
+    $setconfig = $mysql_conn->prepare("UPDATE config SET value = ? WHERE name = \"lastUpdated\"");
+    $newdate = date('md');
+    $setconfig->bind_param("s", $newdate);
+    $setconfig->execute();
         }
 }
 
@@ -10,25 +10,21 @@
 
 <?php
 
-$getseasons = "SELECT * FROM seasons ORDER BY season_id ASC";
-$getseasons2 = mysql_query($getseasons);
-while ($getseasons3 = mysql_fetch_array($getseasons2))
+$getseasons = $mysql_conn->query("SELECT * FROM seasons ORDER BY season_id ASC");
+foreach ($getseasons as $getseasons3)
 {
-        $getfc = "SELECT * FROM comics WHERE comic_id = " . $getseasons3['first_comic_id'];
-        $getfc2 = mysql_query($getfc);
-        $getfc3 = mysql_fetch_array($getfc2);
+        $getfc = $mysql_conn->query("SELECT * FROM comics WHERE comic_id = " . $getseasons3['first_comic_id']);
+        $getfc3 = $getfc->fetch_assoc();
 
         if (!is_null($getseasons3['last_comic_id']))
         {
-                $getlc = "SELECT * FROM comics WHERE comic_id = " . $getseasons3['last_comic_id'];
-                $getlc2 = mysql_query($getlc);
-                $getlc3 = mysql_fetch_array($getlc2);
+                $getlc = $mysql_conn->query("SELECT * FROM comics WHERE comic_id = " . $getseasons3['last_comic_id']);
+    $getlc3 = $getlc->fetch_assoc();
 
                 $count = $getseasons3['last_comic_id'] - ($getseasons3['first_comic_id']-1);
         } else {
-                $getcnt = "SELECT COUNT(*) FROM comics WHERE comic_id >= " . $getseasons3['first_comic_id'];
-                $getcnt2 = mysql_query($getcnt);
-                $getcnt3 = mysql_fetch_array($getcnt2);
+                $getcnt = $mysql_conn->query("SELECT COUNT(*) FROM comics WHERE comic_id >= " . $getseasons3['first_comic_id']);
+    $getcnt3 = $getcnt->fetch_assoc();
 
                 $count = $getcnt3[0];
         }
@@ -2,12 +2,16 @@
 
 if (isset($_GET['id']) && is_numeric($_GET['id']))
 {
-        $getcomic = "SELECT * FROM comics WHERE comic_id = " . $_GET['id'] . " AND status = \"publish\"";
+  $getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE comic_id = ? AND status = \"publish\"");
+  $comic_id = $_GET['id'];
+  $getcomic->bind_param("i", $comic_id);
+  $getcomic->execute();
+  $getcomic2 = $getcomic->get_result();
+  $getcomic3 = $getcomic2->fetch_assoc();
 } else {
-        $getcomic = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1";
+  $getcomic = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1");
+  $getcomic3 = $getcomic->fetch_assoc();
 }
-$getcomic2 = mysql_query($getcomic);
-$getcomic3 = mysql_fetch_array($getcomic2);
 
 $date = strtotime(get_meta($getcomic3['id'], 'pubDate'));
 
@@ -64,9 +68,8 @@ if (has_meta($getcomic3['id'], 'link'))
 
 $id = $getcomic3['comic_id'];
 
-$cntcomics = "SELECT COUNT(*) FROM comics WHERE status = \"publish\"";
-$cntcomics2 = mysql_query($cntcomics);
-$cntcomics3 = mysql_fetch_array($cntcomics2);
+$cntcomics = $mysql_conn->query("SELECT COUNT(*) FROM comics WHERE status = \"publish\"");
+$cntcomics3 = $cntcomics->fetch_assoc();
 $all = $cntcomics3['COUNT(*)'];
 
 if ($id > 2)
@@ -98,9 +101,8 @@ if ($id < $all)
         }
 }
 
-$cntpending = "SELECT COUNT(*) FROM comics WHERE status = \"pending\"";
-$cntpending2 = mysql_query($cntpending);
-$cntpending3 = mysql_fetch_array($cntpending2);
+$cntpending = $mysql_conn->query("SELECT COUNT(*) FROM comics WHERE status = \"pending\"");
+$cntpending3 = $cntpending->fetch_assoc();
 $numpending = $cntpending3['COUNT(*)'];
 
 ?>
@@ -1,8 +1,7 @@
 <?php
 
-$getcomic = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY RAND() LIMIT 1";
-$getcomic2 = mysql_query($getcomic);
-$getcomic3 = mysql_fetch_array($getcomic2);
+$getcomic = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY RAND() LIMIT 1");
+$getcomic3 = $getcomic->fetch_assoc();
 
 header('Location: http://pillowcase.fourisland.com/comic' . $getcomic3['comic_id'] . '.htm');
 
@@ -2,9 +2,11 @@
 
 if (is_numeric($_GET['season']))
 {
-        $getseason = "SELECT * FROM seasons WHERE season_id = " . $_GET['season'];
-        $getseason2 = mysql_query($getseason);
-        $getseason3 = mysql_fetch_array($getseason2);
+  $getseason = $mysql_conn->prepare("SELECT * FROM seasons WHERE season_id = ?");
+  $getseason->bind_param("i", $_GET['season']);
+  $getseason->execute();
+        $getseason2 = $getseason->get_result();
+        $getseason3 = $getseason2->fetch_assoc();
 }
 
 if (isset($getseason3) && ($getseason3['season_id'] == $_GET['season']))
@@ -18,13 +20,16 @@ if (isset($getseason3) && ($getseason3['season_id'] == $_GET['season']))
 
 if (!is_null($getseason3['last_comic_id']))
 {
-        $getcomics = "SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= " . $getseason3['first_comic_id'] . " AND comic_id <= " . $getseason3['last_comic_id'] . " ORDER BY comic_id ASC";
+  $getcomics = $mysql_conn->prepare("SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= ? AND comic_id <= ? ORDER BY comic_id ASC");
+  $getcomics->bind_param("ii", $getseason3["first_comic_id"], $getseason3["last_comic_id"]);
 } else {
-        $getcomics = "SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= " . $getseason3['first_comic_id'] . " ORDER BY comic_id ASC";
+  $getcomics = $mysql_conn->prepare("SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= ? ORDER BY comic_id ASC");
+  $getcomics->bind_param("i", $getseason3["first_comic_id"]);
 }
 
-$getcomics2 = mysql_query($getcomics);
-while ($getcomics3 = mysql_fetch_array($getcomics2))
+$getcomics->execute();
+$getcomics2 = $getcomics->get_result();
+foreach ($getcomics2 as $getcomics3)
 {
 ?>                              <LI><A HREF="/comic<?php echo($getcomics3['comic_id']); ?>.htm"><?php echo($getcomics3['title']); ?></A></LI>
 <?php
@@ -15,9 +15,8 @@ echo('<?xml version="1.0"?>');
                 <language>en-us</language>
 <?php
 
-$getitems = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,10";
-$getitems2 = mysql_query($getitems);
-while ($getitems3 = mysql_fetch_array($getitems2))
+$getitems = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,10");
+foreach ($getitems as $getitems3)
 {
 ?>
                 <item>