vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject [4/4] vcl git commit: VCL-1106 - make PHP code compatible with PHP 7
Date Mon, 29 Oct 2018 19:46:26 GMT
VCL-1106 - make PHP code compatible with PHP 7

making changes that allow code to run under PHP7 - vast majority of
changes are related to switching from mysql_* functions to mysqli_*
functions

files modified:
addomain.php authentication.php authmethods/itecsauth.php authmethods/ldapauth.php authmethods/shibauth.php blockallocations.php computer.php config.php dashboard.php groups.php help.php image.php managementnode.php oneclick.php privileges.php requests.php resource.php schedule.php serverprofiles.php siteconfig.php sitemaintenance.php statistics.php userpreferences.php utils.php vm.php xmlrpcWrappers.php index.php shibauth/index.php

additional changes in utils.php:
-modified mysql_connect_plus: accept a database argument because the database is passed to mysqli_connect
-modified dbConnect: removed calls to mysql_select_db and added database argument to calls to mysql_connect_plus
-added vcl_mysql_escape_string: mysqli_real_escape_string requires the database handle to be passed; having a wrapper function prevents having to reference the database handle global variable in every function needing to escape database data
-modified datetimeToUnix: removed '-1' argument to mktime as it is removed in php7
-modified unixFlor15: removed '-1' argument to mktime as it is removed in php7


Project: http://git-wip-us.apache.org/repos/asf/vcl/repo
Commit: http://git-wip-us.apache.org/repos/asf/vcl/commit/e5058500
Tree: http://git-wip-us.apache.org/repos/asf/vcl/tree/e5058500
Diff: http://git-wip-us.apache.org/repos/asf/vcl/diff/e5058500

Branch: refs/heads/VCL-1106_updates_for_php7
Commit: e50585005773d6e33a9f475e5843633ae95f221f
Parents: 4e9e37c
Author: Josh Thompson <jfthomps@ncsu.edu>
Authored: Mon Oct 29 15:43:26 2018 -0400
Committer: Josh Thompson <jfthomps@ncsu.edu>
Committed: Mon Oct 29 15:43:26 2018 -0400

----------------------------------------------------------------------
 web/.ht-inc/addomain.php              |   6 +-
 web/.ht-inc/authentication.php        |  22 +-
 web/.ht-inc/authmethods/itecsauth.php |  36 +-
 web/.ht-inc/authmethods/ldapauth.php  |  32 +-
 web/.ht-inc/authmethods/shibauth.php  |  36 +-
 web/.ht-inc/blockallocations.php      | 106 +++---
 web/.ht-inc/computer.php              |  72 ++--
 web/.ht-inc/config.php                |  44 +--
 web/.ht-inc/dashboard.php             |  32 +-
 web/.ht-inc/groups.php                |  28 +-
 web/.ht-inc/help.php                  |   2 +-
 web/.ht-inc/image.php                 |  78 ++---
 web/.ht-inc/managementnode.php        |  18 +-
 web/.ht-inc/oneclick.php              |   4 +-
 web/.ht-inc/privileges.php            |  72 ++--
 web/.ht-inc/requests.php              |  18 +-
 web/.ht-inc/resource.php              |   4 +-
 web/.ht-inc/schedule.php              |   4 +-
 web/.ht-inc/serverprofiles.php        |  12 +-
 web/.ht-inc/siteconfig.php            |  82 ++---
 web/.ht-inc/sitemaintenance.php       |   8 +-
 web/.ht-inc/statistics.php            |  22 +-
 web/.ht-inc/userpreferences.php       |   4 +-
 web/.ht-inc/utils.php                 | 537 +++++++++++++++--------------
 web/.ht-inc/vm.php                    |  26 +-
 web/.ht-inc/xmlrpcWrappers.php        |  78 ++---
 web/index.php                         |   4 +-
 web/shibauth/index.php                |  16 +-
 28 files changed, 708 insertions(+), 695 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/addomain.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/addomain.php b/web/.ht-inc/addomain.php
index e75639d..a7259d5 100644
--- a/web/.ht-inc/addomain.php
+++ b/web/.ht-inc/addomain.php
@@ -204,7 +204,7 @@ class ADdomain extends Resource {
 				       . "WHERE cryptkeyid = $cryptkeyid AND "
 				       .       "secretid = $oldsecretid";
 				$qh = doQuery($query);
-				if(! ($row = mysql_fetch_assoc($qh))) {
+				if(! ($row = mysqli_fetch_assoc($qh))) {
 					# generate a new secret
 					$newsecretid = getSecretKeyID('addomain', 'secretid', 0);
 					$delids = array($oldsecretid);
@@ -221,7 +221,7 @@ class ADdomain extends Resource {
 					       . "WHERE cs.secretid = $oldsecretid AND "
 					       .       "ck.hosttype = 'managementnode'";
 					$qh = doQuery($query);
-					while($row = mysql_fetch_assoc($qh))
+					while($row = mysqli_fetch_assoc($qh))
 						$secretidset[$row['mnid']][$newsecretid] = 1;
 					$values = getMNcryptkeyUpdates($secretidset, $cryptkeyid);
 					addCryptSecretKeyUpdates($values);
@@ -586,7 +586,7 @@ class ADdomain extends Resource {
 		       .       "ia.imageid = i.id";
 		$qh = doQuery($query);
 		$images = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$images[] = $row['prettyname'];
 		if(count($images))
 			$msg = "This AD Domain cannot be deleted because the following <strong>images</strong> are using it:<br><br>\n" . implode("<br>\n", $images);

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/authentication.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authentication.php b/web/.ht-inc/authentication.php
index 5c933aa..7a93cc0 100644
--- a/web/.ht-inc/authentication.php
+++ b/web/.ht-inc/authentication.php
@@ -91,7 +91,7 @@ function readAuthCookie() {
 		# check to see if shibauth entry still exists for $shibauthed
 		$query = "SELECT ts FROM shibauth WHERE id = $shibauthed";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			$shibstart = $row['ts'];
 			# TODO if $shibstart is too old, expire the login session
 		}
@@ -363,7 +363,7 @@ function submitLogin() {
 ////////////////////////////////////////////////////////////////////////////////
 function ldapLogin($authtype, $userid, $passwd) {
 	global $HTMLheader, $printedHTMLheader, $authMechs, $phpVer;
-	$esc_userid = mysql_real_escape_string($userid);
+	$esc_userid = vcl_mysql_escape_string($userid);
 	if(! $fh = fsockopen($authMechs[$authtype]['server'], 636, $errno, $errstr, 5)) {
 		printLoginPageWithSkin($authtype, 1);
 		return;
@@ -435,7 +435,7 @@ function ldapLogin($authtype, $userid, $passwd) {
 		       . "WHERE unityid = '$esc_userid' AND "
 		       .       "affiliationid = {$authMechs[$authtype]['affiliationid']}";
 		$qh = doQuery($query, 101);
-		if(! mysql_num_rows($qh)) {
+		if(! mysqli_num_rows($qh)) {
 			// if not, add user
 			$newid = updateLDAPUser($authtype, $userid);
 			if(is_null($newid))
@@ -514,7 +514,7 @@ function localLogin($userid, $passwd, $authtype) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function validateLocalAccount($user, $pass) {
-	$user = mysql_real_escape_string($user);
+	$user = vcl_mysql_escape_string($user);
 	$query = "SELECT l.salt "
 	       . "FROM localauth l, "
 	       .      "user u, "
@@ -524,8 +524,8 @@ function validateLocalAccount($user, $pass) {
 	       .       "a.name = 'Local' AND "
 	       .       "l.userid = u.id";
 	$qh = doQuery($query, 101);
-	if(mysql_num_rows($qh) != 1 ||
-	   (! ($row = mysql_fetch_assoc($qh))))
+	if(mysqli_num_rows($qh) != 1 ||
+	   (! ($row = mysqli_fetch_assoc($qh))))
 		return 0;
 
 	$passhash = sha1("$pass{$row['salt']}");
@@ -539,7 +539,7 @@ function validateLocalAccount($user, $pass) {
 	       .       "u.affiliationid = a.id AND "
 	       .       "a.name = 'Local'";
 	$qh = doQuery($query, 101);
-	if(mysql_num_rows($qh) == 1)
+	if(mysqli_num_rows($qh) == 1)
 		return 1;
 	else
 		return 0;
@@ -559,8 +559,8 @@ function validateLocalAccount($user, $pass) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function addLoginLog($login, $mech, $affiliationid, $passfail, $code='none') {
-	$login = mysql_real_escape_string($login);
-	$mech = mysql_real_escape_string($mech);
+	$login = vcl_mysql_escape_string($login);
+	$mech = vcl_mysql_escape_string($mech);
 	$query = "INSERT INTO loginlog "
 	       .        "(user, "
 	       .        "authmech, "
@@ -613,8 +613,8 @@ function checkExpiredDemoUser($userid, $groups=0) {
 	       . "LIMIT 3";
 	$qh = doQuery($query, 101);
 	$expire = time() - (SECINDAY * 3);
-	$rows = mysql_num_rows($qh);
-	if($row = mysql_fetch_assoc($qh)) {
+	$rows = mysqli_num_rows($qh);
+	if($row = mysqli_fetch_assoc($qh)) {
 		if($rows >= 3 || datetimeToUnix($row['start']) < $expire) {
 			if(in_array($mode, $noHTMLwrappers))
 				# do a redirect and handle removal on next page load so user can

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/authmethods/itecsauth.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authmethods/itecsauth.php b/web/.ht-inc/authmethods/itecsauth.php
index ccdb9a4..be9b537 100644
--- a/web/.ht-inc/authmethods/itecsauth.php
+++ b/web/.ht-inc/authmethods/itecsauth.php
@@ -35,10 +35,10 @@
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function addITECSUser($loginid) {
-	global $mysql_link_vcl, $ENABLE_ITECSAUTH;
+	global $mysqli_link_vcl, $ENABLE_ITECSAUTH;
 	if(! $ENABLE_ITECSAUTH)
 		return NULL;
-	$esc_loginid = mysql_real_escape_string($loginid);
+	$esc_loginid = vcl_mysql_escape_string($loginid);
 	$query = "SELECT id AS uid, "
 	       .        "first, " 
 	       .        "last, "
@@ -49,13 +49,13 @@ function addITECSUser($loginid) {
 	       . "FROM user "
 	       . "WHERE email = '$esc_loginid'";
 	$qh = doQuery($query, 101, "accounts");
-	if($row = mysql_fetch_assoc($qh)) {
+	if($row = mysqli_fetch_assoc($qh)) {
 		// FIXME test replacing ''s
 		// FIXME do we care if the account is active?
-		$first = mysql_real_escape_string($row['first']);
-		$last = mysql_real_escape_string($row['last']);
-		$loweruser = mysql_real_escape_string(strtolower($row['email']));
-		$email = mysql_real_escape_string($row['email']);
+		$first = vcl_mysql_escape_string($row['first']);
+		$last = vcl_mysql_escape_string($row['last']);
+		$loweruser = vcl_mysql_escape_string(strtolower($row['email']));
+		$email = vcl_mysql_escape_string($row['email']);
 		$query = "INSERT INTO user ("
 		       .        "uid, "
 		       .        "unityid, "
@@ -79,9 +79,9 @@ function addITECSUser($loginid) {
 		// FIXME might want this logged
 		doQuery($query, 101, 'vcl', 1);
 	}
-	if(mysql_affected_rows($mysql_link_vcl)) {
+	if(mysqli_affected_rows($mysqli_link_vcl)) {
 		$qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101);
-		if(! $row = mysql_fetch_row($qh)) {
+		if(! $row = mysqli_fetch_row($qh)) {
 			abort(101);
 		}
 		return $row[0];
@@ -104,14 +104,14 @@ function validateITECSUser($loginid) {
 	global $ENABLE_ITECSAUTH;
 	if(! $ENABLE_ITECSAUTH)
 		return 0;
-	$loginid = mysql_real_escape_string($loginid);
+	$loginid = vcl_mysql_escape_string($loginid);
 	$query = "SELECT email "
 	       . "FROM user "
 	       . "WHERE email = '$loginid' AND "
 	       .       "(active = 1 OR "
 	       .       "activated = 0)";
 	$qh = doQuery($query, 101, "accounts");
-	if(mysql_num_rows($qh))
+	if(mysqli_num_rows($qh))
 		return 1;
 	return 0;
 }
@@ -160,7 +160,7 @@ function updateITECSUser($userid) {
 	       . "FROM user "
 	       . "WHERE email = '$userid'";
 	$qh = doQuery($query, 101, "accounts");
-	if(! ($userData = mysql_fetch_assoc($qh)))
+	if(! ($userData = mysqli_fetch_assoc($qh)))
 		return NULL;
 
 	$now = unixToDatetime(time());
@@ -191,11 +191,11 @@ function updateITECSUser($userid) {
 	// if get a row
 	//    update db
 	//    update results from select
-	$esc_userid = mysql_real_escape_string($userid);
-	$first = mysql_real_escape_string($userData['first']);
-	$last = mysql_real_escape_string($userData['last']);
-	$email = mysql_real_escape_string($userData['email']);
-	if($user = mysql_fetch_assoc($qh)) {
+	$esc_userid = vcl_mysql_escape_string($userid);
+	$first = vcl_mysql_escape_string($userData['first']);
+	$last = vcl_mysql_escape_string($userData['last']);
+	$email = vcl_mysql_escape_string($userData['email']);
+	if($user = mysqli_fetch_assoc($qh)) {
 		$user["unityid"] = $userid;
 		$user["firstname"] = $userData['first'];
 		$user["lastname"] = $userData["last"];
@@ -240,7 +240,7 @@ function updateITECSUser($userid) {
 		       . "WHERE u.affiliationid = af.id AND "
 		       .       "u.id = $id";
 		$qh = doQuery($query, 101);
-		$user = mysql_fetch_assoc($qh);
+		$user = mysqli_fetch_assoc($qh);
 
 		# add account to demo group
 		#$demoid = getUserGroupID('demo', getAffiliationID('ITECS'));

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/authmethods/ldapauth.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authmethods/ldapauth.php b/web/.ht-inc/authmethods/ldapauth.php
index cf415c3..8aa53c6 100644
--- a/web/.ht-inc/authmethods/ldapauth.php
+++ b/web/.ht-inc/authmethods/ldapauth.php
@@ -34,13 +34,13 @@
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function addLDAPUser($authtype, $userid) {
-	global $authMechs, $mysql_link_vcl;
+	global $authMechs, $mysqli_link_vcl;
 	$data = getLDAPUserData($authtype, $userid);
 	if(is_null($data))
 		return NULL;
 
 	$loweruserid = strtolower($userid);
-	$loweruserid = mysql_real_escape_string($loweruserid);
+	$loweruserid = vcl_mysql_escape_string($loweruserid);
 
 	# check for existance of an expired user if a numericid exists
 	if(array_key_exists('numericid', $data)) {
@@ -53,7 +53,7 @@ function addLDAPUser($authtype, $userid) {
 		       .       "unityid != '$loweruserid'";
 		       #.       "affiliationid = {$authMechs[$authtype]['affiliationid']}";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			# find the authtype for this user
 			foreach($authMechs as $index => $auth) {
 				if($auth['affiliationid'] == $row['affiliationid'] &&
@@ -95,9 +95,9 @@ function addLDAPUser($authtype, $userid) {
 	       .        "'{$data['emailnotices']}', "
 	       .        "NOW())";
 	doQuery($query, 101, 'vcl', 1);
-	if(mysql_affected_rows($mysql_link_vcl)) {
+	if(mysqli_affected_rows($mysqli_link_vcl)) {
 		$qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101);
-		if(! $row = mysql_fetch_row($qh)) {
+		if(! $row = mysqli_fetch_row($qh)) {
 			abort(101);
 		}
 		return $row[0];
@@ -171,7 +171,7 @@ function validateLDAPUser($type, $loginid) {
 ////////////////////////////////////////////////////////////////////////////////
 function updateLDAPUser($authtype, $userid) {
 	global $authMechs;
-	$esc_userid = mysql_real_escape_string($userid);
+	$esc_userid = vcl_mysql_escape_string($userid);
 	$userData = getLDAPUserData($authtype, $userid);
 	if(is_null($userData))
 		return NULL;
@@ -213,7 +213,7 @@ function updateLDAPUser($authtype, $userid) {
 	# check to see if there is a matching entry where uid is NULL but unityid and affiliationid match
 	if(array_key_exists('numericid', $userData) &&
 	   is_numeric($userData['numericid']) &&
-	   ! mysql_num_rows($qh)) {
+	   ! mysqli_num_rows($qh)) {
 		$updateuid = 1;
 		$query = $qbase . "u.unityid = '$esc_userid' AND "
 		       .          "u.affiliationid = $affilid";
@@ -222,7 +222,7 @@ function updateLDAPUser($authtype, $userid) {
 	// if get a row
 	//    update db
 	//    update results from select
-	if($user = mysql_fetch_assoc($qh)) {
+	if($user = mysqli_fetch_assoc($qh)) {
 		$user["unityid"] = $userid;
 		$user["firstname"] = $userData['first'];
 		$user["lastname"] = $userData["last"];
@@ -277,7 +277,7 @@ function updateLDAPUser($authtype, $userid) {
 		       . "WHERE u.affiliationid = af.id AND "
 		       .       "u.id = $id";
 		$qh = doQuery($query, 101);
-		if(! $user = mysql_fetch_assoc($qh))
+		if(! $user = mysqli_fetch_assoc($qh))
 			return NULL;
 		$user['sshpublickeys'] = htmlspecialchars($user['sshpublickeys']);
 	}
@@ -305,9 +305,9 @@ function updateLDAPUser($authtype, $userid) {
 /// \param $userid - a userid without the affiliation part
 ///
 /// \return an array of user information with the following keys:\n
-/// \b first - first name of user (escaped with mysql_real_escape_string)\n
-/// \b last - last name of user (escaped with mysql_real_escape_string)\n
-/// \b email - email address of user (escaped with mysql_real_escape_string)\n
+/// \b first - first name of user (escaped with vcl_mysql_escape_string)\n
+/// \b last - last name of user (escaped with vcl_mysql_escape_string)\n
+/// \b email - email address of user (escaped with vcl_mysql_escape_string)\n
 /// \b emailnotices - 0 or 1, whether or not emails should be sent to user\n
 /// \b numericid - numeric id of user if $authtype is configured to include it
 ///
@@ -315,7 +315,7 @@ function updateLDAPUser($authtype, $userid) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function getLDAPUserData($authtype, $userid) {
-	global $authMechs, $mysql_link_vcl;
+	global $authMechs, $mysqli_link_vcl;
 	$auth = $authMechs[$authtype];
 	$donumericid = 0;
 	if(array_key_exists('numericid', $auth))
@@ -392,16 +392,16 @@ function getLDAPUserData($authtype, $userid) {
 		}
 
 		if(array_key_exists(strtolower($auth['firstname']), $data))
-			$return['first'] = mysql_real_escape_string($data[strtolower($auth['firstname'])]);
+			$return['first'] = vcl_mysql_escape_string($data[strtolower($auth['firstname'])]);
 		else
 			$return['first'] = '';
 		if(array_key_exists(strtolower($auth['lastname']), $data))
-			$return['last'] = mysql_real_escape_string($data[strtolower($auth['lastname'])]);
+			$return['last'] = vcl_mysql_escape_string($data[strtolower($auth['lastname'])]);
 		else
 			$return['last'] = '';
 		if($donumericid && is_numeric($data[strtolower($auth['numericid'])]))
 			$return['numericid'] = $data[strtolower($auth['numericid'])];
-		$return['email'] = mysql_real_escape_string($data[strtolower($auth['email'])]);
+		$return['email'] = vcl_mysql_escape_string($data[strtolower($auth['email'])]);
 
 		return $return;
 	}

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/authmethods/shibauth.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authmethods/shibauth.php b/web/.ht-inc/authmethods/shibauth.php
index c814925..33d7b5d 100644
--- a/web/.ht-inc/authmethods/shibauth.php
+++ b/web/.ht-inc/authmethods/shibauth.php
@@ -39,7 +39,7 @@
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function updateShibUser($userid) {
-	global $mysql_link_vcl;
+	global $mysqli_link_vcl;
 	$rc = getAffilidAndLogin($userid, $affilid);
 	if($rc == -1)
 		return NULL;
@@ -83,7 +83,7 @@ function updateShibUser($userid) {
 	       . "WHERE unityid = '$userid' AND "
 	       .       "affiliationid = $affilid";
 	$qh = doQuery($query, 101);
-	if(! $row = mysql_fetch_assoc($qh)) {
+	if(! $row = mysqli_fetch_assoc($qh)) {
 		# add user to our db
 		$user['id'] = addShibUser($user);
 		return $user;
@@ -91,13 +91,13 @@ function updateShibUser($userid) {
 
 	# update user's data in db
 	$user['id'] = $row['id'];
-	$first = mysql_real_escape_string($user['firstname']);
-	$last = mysql_real_escape_string($user['lastname']);
+	$first = vcl_mysql_escape_string($user['firstname']);
+	$last = vcl_mysql_escape_string($user['lastname']);
 	$query = "UPDATE user "
 	       . "SET firstname = '$first', "
 	       .     "lastname = '$last', ";
 	if(array_key_exists('email', $user)) {
-		$email = mysql_real_escape_string($user['email']);
+		$email = vcl_mysql_escape_string($user['email']);
 		$query .= "email = '$email', ";
 	}
     $query .=    "lastupdated = NOW(), "
@@ -124,10 +124,10 @@ function updateShibUser($userid) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function addShibUser($user) {
-	global $mysql_link_vcl;
-	$unityid = mysql_real_escape_string($user['unityid']);
-	$first = mysql_real_escape_string($user['firstname']);
-	$last = mysql_real_escape_string($user['lastname']);
+	global $mysqli_link_vcl;
+	$unityid = vcl_mysql_escape_string($user['unityid']);
+	$first = vcl_mysql_escape_string($user['firstname']);
+	$last = vcl_mysql_escape_string($user['lastname']);
 	$query = "INSERT INTO user "
 	       .        "(unityid, "
 	       .        "affiliationid, "
@@ -143,14 +143,14 @@ function addShibUser($user) {
 	       .        "'$first', "
 	       .        "'$last', ";
 	if(array_key_exists('email', $user)) {
-		$email = mysql_real_escape_string($user['email']);
+		$email = vcl_mysql_escape_string($user['email']);
 		$query .=    "'$email', ";
 	}
 	$query .=       "0, "
 	       .        "NOW())";
 	doQuery($query, 101, 'vcl', 1);
-	if(mysql_affected_rows($mysql_link_vcl)) {
-		$user['id'] = mysql_insert_id($mysql_link_vcl);
+	if(mysqli_affected_rows($mysqli_link_vcl)) {
+		$user['id'] = mysqli_insert_id($mysqli_link_vcl);
 		return $user['id'];
 	}
 	else
@@ -188,18 +188,18 @@ function updateShibGroups($usernid, $groups) {
 		# get id for the group's affiliation
 		$query = "SELECT id FROM affiliation WHERE shibname = '$shibaffil'";
 		$qh = doQuery($query, 101);
-		$row = mysql_fetch_assoc($qh);
+		$row = mysqli_fetch_assoc($qh);
 		$affilid = $row['id'];
 		# prepend shib- and escape it for mysql
-		$grp = mysql_real_escape_string("shib-" . $name);
+		$grp = vcl_mysql_escape_string("shib-" . $name);
 		array_push($newusergroups, getUserGroupID($grp, $affilid));
 	}
 
 	$query = "SELECT id, name FROM affiliation WHERE shibname = '$shibaffil'";
 	$qh = doQuery($query, 101);
-	$row = mysql_fetch_assoc($qh);
+	$row = mysqli_fetch_assoc($qh);
 	$affilid = $row['id'];
-	$grp = mysql_real_escape_string("All {$row['name']} Users");
+	$grp = vcl_mysql_escape_string("All {$row['name']} Users");
 	array_push($newusergroups, getUserGroupID($grp, $affilid));
 
 	$newusergroups = array_unique($newusergroups);
@@ -224,7 +224,7 @@ function updateShibGroups($usernid, $groups) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function addShibUserStub($affilid, $userid) {
-	global $mysql_link_vcl;
+	global $mysqli_link_vcl;
 	$query = "INSERT INTO user "
 	       .        "(unityid, "
 	       .        "affiliationid, "
@@ -238,7 +238,7 @@ function addShibUserStub($affilid, $userid) {
 	       .        "0, "
 	       .        "0)";
 	doQuery($query);
-	if(mysql_affected_rows($mysql_link_vcl))
+	if(mysqli_affected_rows($mysqli_link_vcl))
 		return dbLastInsertID();
 	else
 		return NULL;

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/blockallocations.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/blockallocations.php b/web/.ht-inc/blockallocations.php
index 9e7f7f2..9bf25e2 100644
--- a/web/.ht-inc/blockallocations.php
+++ b/web/.ht-inc/blockallocations.php
@@ -75,7 +75,7 @@ function blockAllocations() {
 	       . "WHERE id in ($inids) AND "
 	       .       "status = 'accepted'";
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$blocks[$row['id']] = $row['name'];
 	print "<hr>\n";
 	print "<h2>" . i("Your Active Block Allocations") . "</h2>\n";
@@ -606,7 +606,7 @@ function AJblockAllocationSubmit() {
 			return;
 		}
 		$mnid = array_rand($managementnodes);
-		$escname = mysql_real_escape_string($data['name']);
+		$escname = vcl_mysql_escape_string($data['name']);
 		$query = "INSERT INTO blockRequest "
 		       .        "(name, "
 		       .        "imageid, "
@@ -644,7 +644,7 @@ function AJblockAllocationSubmit() {
 		       .       "end > NOW() AND "
 		       .       "blockRequestid = $blockreqid";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			$checkCurBlockTime = 1;
 			$curBlockTime = $row;
 		}
@@ -660,7 +660,7 @@ function AJblockAllocationSubmit() {
 		$query = "DELETE FROM blockWebTime WHERE blockRequestid = $blockreqid";
 		doQuery($query, 101);
 
-		$escname = mysql_real_escape_string($data['name']);
+		$escname = vcl_mysql_escape_string($data['name']);
 		$query = "UPDATE blockRequest "
 		       . "SET name = '$escname', " 
 		       .     "imageid = {$data['imageid']}, "
@@ -673,7 +673,7 @@ function AJblockAllocationSubmit() {
 		doQuery($query, 101);
 	}
 	elseif($method == 'request') {
-		$esccomments = mysql_real_escape_string($data['comments']);
+		$esccomments = vcl_mysql_escape_string($data['comments']);
 		$query = "INSERT INTO blockRequest "
 		       .        "(name, "
 		       .        "imageid, "
@@ -811,7 +811,7 @@ function AJblockAllocationSubmit() {
 		       .       "blockRequestid = $blockreqid AND "
 		       .       "id != {$curBlockTime['id']}";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			if($curBlockTime['end'] != $row['end']) {
 				# update old end time
 				$query = "UPDATE blockTimes "
@@ -1093,7 +1093,7 @@ function getBlockNotifyUsers($affiliationid) {
 	       .       "u.email != ''";
 	$qh = doQuery($query);
 	$addrs = array();
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$addrs[] = $row['email'];
 	return implode(',', $addrs);
 }
@@ -1119,7 +1119,7 @@ function deleteBlockSkipDuplicates($blockid) {
 	$qh = doQuery($query, 101);
 	$skips = array();
 	$noskips = array();
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		$key = "{$row['start']}:{$row['end']}";
 		if($row['skip'])
 			$skips[$key] = $row['id'];
@@ -1181,11 +1181,11 @@ function getCurrentBlockHTML($listonly=0) {
 	       . "ORDER BY b.name";
 	$allblockids = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		if($row['group'] == '') {
 			$query3 = "SELECT name FROM usergroup WHERE id = {$row['usergroupid']}";
 			$qh3 = doQuery($query3, 101);
-			if($row3 = mysql_fetch_assoc($qh3))
+			if($row3 = mysqli_fetch_assoc($qh3))
 				$row['group'] = $row3['name'];
 		}
 		$allblockids[] = $row['id'];
@@ -1200,7 +1200,7 @@ function getCurrentBlockHTML($listonly=0) {
 		        . "ORDER BY start "
 		        . "LIMIT 1";
 		$qh2 = doQuery($query2, 101);
-		if($row2 = mysql_fetch_assoc($qh2)) {
+		if($row2 = mysqli_fetch_assoc($qh2)) {
 			if(array_key_exists('tzoffset', $_SESSION['persistdata'])) {
 				$tmp = date('n/j/y+g:i=A=T', $row2['unixstart']);
 				$blocks[$row['id']]['nextstart'] = str_replace(array('+', '='), array('<br>', '&nbsp;'), $tmp);
@@ -1229,7 +1229,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebDate "
 			       . "WHERE blockRequestid = $id";
 			$qh = doQuery($query, 101);
-			if(! $row = mysql_fetch_assoc($qh))
+			if(! $row = mysqli_fetch_assoc($qh))
 				abort(101);
 			$blocks[$id] = array_merge($request, $row);
 			$wdays = array();
@@ -1250,7 +1250,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = {$request['id']} "
 			       . "ORDER BY startmeridian, starthour, startminute";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['swhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['swminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['swmeridian'][$row['order']] = $row['startmeridian'];
@@ -1267,7 +1267,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebDate "
 			       . "WHERE blockRequestid = $id";
 			$qh = doQuery($query, 101);
-			if(! $row = mysql_fetch_assoc($qh))
+			if(! $row = mysqli_fetch_assoc($qh))
 				abort(101);
 			$blocks[$id] = array_merge($request, $row);
 			$query = "SELECT starthour, "
@@ -1281,7 +1281,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = {$request['id']} "
 			       . "ORDER BY startmeridian, starthour, startminute";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['smhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['smminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['smmeridian'][$row['order']] = $row['startmeridian'];
@@ -1297,7 +1297,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = $id "
 			       . "ORDER BY start";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if($row['date'] == '00/00/00')
 					$blocks[$id]['date'][$row['order']] = '';
 				else
@@ -1313,7 +1313,7 @@ function getCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebTime "
 			       . "WHERE blockRequestid = {$request['id']}";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['slhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['slminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['slmeridian'][$row['order']] = $row['startmeridian'];
@@ -1528,7 +1528,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 	       . "ORDER BY b.name";
 	$qh = doQuery($query, 101);
 	$blocks = array();
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$blocks[$row['id']] = $row;
 	if(empty($blocks))
 		return;
@@ -1543,7 +1543,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebDate "
 			       . "WHERE blockRequestid = $id";
 			$qh = doQuery($query, 101);
-			if(! $row = mysql_fetch_assoc($qh))
+			if(! $row = mysqli_fetch_assoc($qh))
 				abort(101);
 			$blocks[$id] = array_merge($request, $row);
 			$wdays = array();
@@ -1564,7 +1564,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = {$request['id']} "
 			       . "ORDER BY startmeridian, starthour, startminute";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['swhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['swminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['swmeridian'][$row['order']] = $row['startmeridian'];
@@ -1581,7 +1581,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebDate "
 			       . "WHERE blockRequestid = $id";
 			$qh = doQuery($query, 101);
-			if(! $row = mysql_fetch_assoc($qh))
+			if(! $row = mysqli_fetch_assoc($qh))
 				abort(101);
 			$blocks[$id] = array_merge($request, $row);
 			$query = "SELECT starthour, "
@@ -1595,7 +1595,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = {$request['id']} "
 			       . "ORDER BY startmeridian, starthour, startminute";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['smhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['smminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['smmeridian'][$row['order']] = $row['startmeridian'];
@@ -1611,7 +1611,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "WHERE blockRequestid = $id "
 			       . "ORDER BY start";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if($row['date'] == '00/00/00')
 					$blocks[$id]['date'][$row['order']] = '';
 				else
@@ -1627,7 +1627,7 @@ function getUserCurrentBlockHTML($listonly=0) {
 			       . "FROM blockWebTime "
 			       . "WHERE blockRequestid = {$request['id']}";
 			$qh = doQuery($query, 101);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$blocks[$id]['slhour'][$row['order']] = $row['starthour'];
 				$blocks[$id]['slminute'][$row['order']] = $row['startminute'];
 				$blocks[$id]['slmeridian'][$row['order']] = $row['startmeridian'];
@@ -1823,7 +1823,7 @@ function getPendingBlockHTML($listonly=0) {
 	$h .= "  </tr>\n";
 	$d = '';
 	$groups = getUserGroups(0, $user['affiliationid']);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		if($row['repeating'] == 'weekly') {
 			$query2 = "SELECT DATE_FORMAT(start, '%m/%d/%y') AS swdate, "
 			        .        "DATE_FORMAT(end, '%m/%d/%y')AS ewdate, " 
@@ -1833,7 +1833,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "FROM blockWebDate "
 			        . "WHERE blockRequestid = {$row['id']}";
 			$qh2 = doQuery($query2, 101);
-			if(! $row2 = mysql_fetch_assoc($qh2))
+			if(! $row2 = mysqli_fetch_assoc($qh2))
 				abort(101);
 			$row = array_merge($row, $row2);
 			$wdays = array();
@@ -1854,7 +1854,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "ORDER BY startmeridian, starthour, startminute";
 			$qh2 = doQuery($query2, 101);
 			$row['times'] = array();
-			while($row2 = mysql_fetch_assoc($qh2)) {
+			while($row2 = mysqli_fetch_assoc($qh2)) {
 				$row['swhour'][$row2['order']] = $row2['starthour'];
 				$row['swminute'][$row2['order']] = $row2['startminute'];
 				$row['swmeridian'][$row2['order']] = $row2['startmeridian'];
@@ -1878,7 +1878,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "FROM blockWebDate "
 			        . "WHERE blockRequestid = {$row['id']}";
 			$qh2 = doQuery($query2, 101);
-			if(! $row2 = mysql_fetch_assoc($qh2))
+			if(! $row2 = mysqli_fetch_assoc($qh2))
 				abort(101);
 			$row = array_merge($row, $row2);
 			$query2 = "SELECT starthour, "
@@ -1893,7 +1893,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "ORDER BY startmeridian, starthour, startminute";
 			$qh2 = doQuery($query2, 101);
 			$row['times'] = array();
-			while($row2 = mysql_fetch_assoc($qh2)) {
+			while($row2 = mysqli_fetch_assoc($qh2)) {
 				$row['smhour'][$row2['order']] = $row2['starthour'];
 				$row['smminute'][$row2['order']] = $row2['startminute'];
 				$row['smmeridian'][$row2['order']] = $row2['startmeridian'];
@@ -1916,7 +1916,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "WHERE blockRequestid = {$row['id']} "
 			        . "ORDER BY start";
 			$qh2 = doQuery($query2, 101);
-			while($row2 = mysql_fetch_assoc($qh2)) {
+			while($row2 = mysqli_fetch_assoc($qh2)) {
 				if($row2['date'] == '00/00/00')
 					$row['date'][$row2['order']] = '';
 				else
@@ -1934,7 +1934,7 @@ function getPendingBlockHTML($listonly=0) {
 			        . "WHERE blockRequestid = {$row['id']}";
 			$qh2 = doQuery($query2, 101);
 			$row['slots'] = array(); # yyyy-mm-dd|hh:mm|hh:mm
-			while($row2 = mysql_fetch_assoc($qh2)) {
+			while($row2 = mysqli_fetch_assoc($qh2)) {
 				$row['slhour'][$row2['order']] = $row2['starthour'];
 				$row['slminute'][$row2['order']] = $row2['startminute'];
 				$row['slmeridian'][$row2['order']] = $row2['startmeridian'];
@@ -2467,7 +2467,7 @@ function AJacceptBlockAllocationConfirm() {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function AJacceptBlockAllocationSubmit() {
-	global $mysql_link_vcl, $user;
+	global $mysqli_link_vcl, $user;
 	$blockid = getContinuationVar('blockid');
 	$comments = getContinuationVar('comments');
 	$validemail = getContinuationVar('validemail');
@@ -2523,9 +2523,9 @@ function AJacceptBlockAllocationSubmit() {
 	if(! $err) {
 		# update values for block allocation
 		if($validemail)
-			$esccomments = mysql_real_escape_string("COMMENTS: $comments|EMAIL: $emailtext");
+			$esccomments = vcl_mysql_escape_string("COMMENTS: $comments|EMAIL: $emailtext");
 		else
-			$esccomments = mysql_real_escape_string("COMMENTS: $comments|USER NOT EMAILED");
+			$esccomments = vcl_mysql_escape_string("COMMENTS: $comments|USER NOT EMAILED");
 		$query = "UPDATE blockRequest "
 				 . "SET name = '$name', ";
 		if($setusergroup)
@@ -2535,7 +2535,7 @@ function AJacceptBlockAllocationSubmit() {
 			    .     "managementnodeid = '$mnid' "
 		       . "WHERE id = $blockid";
 		doQuery($query, 101);
-		if(! mysql_affected_rows($mysql_link_vcl)) {
+		if(! mysqli_affected_rows($mysqli_link_vcl)) {
 			$errmsg = i("Error encountered while updating status of block allocation.");
 			$err = 1;
 		}
@@ -2694,7 +2694,7 @@ function AJrejectBlockAllocationConfirm() {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function AJrejectBlockAllocationSubmit() {
-	global $mysql_link_vcl;
+	global $mysqli_link_vcl;
 	$blockid = getContinuationVar('blockid');
 	$comments = getContinuationVar('comments');
 	$validemail = getContinuationVar('validemail');
@@ -2727,16 +2727,16 @@ function AJrejectBlockAllocationSubmit() {
 	if(! $err) {
 		# update values for block allocation
 		if($validemail)
-			$esccomments = mysql_real_escape_string("COMMENTS: $comments|EMAIL: $emailtext");
+			$esccomments = vcl_mysql_escape_string("COMMENTS: $comments|EMAIL: $emailtext");
 		else
-			$esccomments = mysql_real_escape_string("COMMENTS: $comments|REJECTREASON: $emailtext");
+			$esccomments = vcl_mysql_escape_string("COMMENTS: $comments|REJECTREASON: $emailtext");
 		$query = "UPDATE blockRequest "
 				 . "SET name = 'rejected', "
 				 .     "status = 'rejected', "
 				 .     "comments = '$esccomments' "
 				 . "WHERE id = $blockid";
 		doQuery($query, 101);
-		if(! mysql_affected_rows($mysql_link_vcl)) {
+		if(! mysqli_affected_rows($mysqli_link_vcl)) {
 			$errmsg = i("Error encountered while updating status of block allocation.");
 			$err = 1;
 		}
@@ -2785,7 +2785,7 @@ function AJviewBlockAllocationTimes() {
 	$qh = doQuery($query, 101);
 	$data = array();
 	$items = array();
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$items[] = $row;
 	$cont = addContinuationsEntry('AJtoggleBlockTime', array('blockid' => $blockid));
 	$data['cont'] = $cont;
@@ -2809,7 +2809,7 @@ function AJtoggleBlockTime() {
 	       . "FROM blockTimes "
 	       . "WHERE id = $timeid";
 	$qh = doQuery($query, 101);
-	if(! ($row = mysql_fetch_assoc($qh)) || $row['blockRequestid'] != $blockid) {
+	if(! ($row = mysqli_fetch_assoc($qh)) || $row['blockRequestid'] != $blockid) {
 		$data['error'] = i("Invalid block time submitted");
 		sendJSON($data);
 		return;
@@ -3347,7 +3347,7 @@ function getBlockAllocationStatus($id) {
 	       . "ORDER BY t.start "
 	       . "LIMIT 1";
 	$qh = doQuery($query, 101);
-	if($data = mysql_fetch_assoc($qh)) {
+	if($data = mysqli_fetch_assoc($qh)) {
 		if(! is_numeric($data['subimages']))
 			$data['subimages'] = 0;
 		$query = "SELECT c.id, "
@@ -3370,7 +3370,7 @@ function getBlockAllocationStatus($id) {
 		       .       "c.stateid = s.id";
 		$qh = doQuery($query, 101);
 		$data['comps'] = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$data['comps'][$row['id']] = $row;
 		return $data;
 	}
@@ -3454,7 +3454,7 @@ function getBlockAllocationData($blockid) {
 	       . "WHERE b.id = d.blockRequestid AND "
 	       .       "b.id = $blockid";
 	$qh = doQuery($query, 101);
-	$row = mysql_fetch_assoc($qh);
+	$row = mysqli_fetch_assoc($qh);
 	if(empty($row))
 		return $rt;
 	$row['wdayschecked'] = $rt['wdayschecked'];
@@ -3505,7 +3505,7 @@ function AJpopulateBlockStore() {
 	$blockid = getContinuationVar('blockid');
 	$query = "SELECT repeating FROM blockRequest WHERE id = $blockid";
 	$qh = doQuery($query, 101);
-	if(! ($row = mysql_fetch_assoc($qh))) {
+	if(! ($row = mysqli_fetch_assoc($qh))) {
 		sendJSON(array('error' => i("Error: Failed to fetch start/end times for block allocation.")));
 		return;
 	}
@@ -3524,7 +3524,7 @@ function AJpopulateBlockStore() {
 		$startms = array();
 		$endhs = array();
 		$endms = array();
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			$starth = hour12to24($row['starthour'], $row['startmeridian']);
 			$endh = hour12to24($row['endhour'], $row['endmeridian']);
 			$starths[] = $starth;
@@ -3550,7 +3550,7 @@ function AJpopulateBlockStore() {
 		       . "WHERE blockRequestid = $blockid";
 		$qh = doQuery($query, 101);
 		$data = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$data[$row['order']] = $row;
 		$query = "SELECT MONTH(start) AS month, "
 		       .        "DAY(start) AS day, "
@@ -3566,7 +3566,7 @@ function AJpopulateBlockStore() {
 		$startms = array();
 		$endhs = array();
 		$endms = array();
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			$id = $row['days'];
 			$months[] = $row['month'];
 			$days[] = $row['day'];
@@ -3696,7 +3696,7 @@ function AJgetBlockAllocatedMachineData() {
 		       . "WHERE stateid IN (2, 3, 6, 8, 11) AND "
 		       .       "type = 'blade'";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_row($qh))
+		if($row = mysqli_fetch_row($qh))
 			$data['total'] = $row[0];
 	}
 	else
@@ -3743,7 +3743,7 @@ function AJgetBlockAllocatedMachineData() {
 		       .       "u.affiliationid = {$user['affiliationid']}";
 	}
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		for($binstart = $start, $binend = $start + 900, $binindex = 0; 
 		   $binend <= $end;
 		   $binstart += 900, $binend += 900, $binindex++) {
@@ -3770,7 +3770,7 @@ function AJgetBlockAllocatedMachineData() {
 		       . "WHERE stateid IN (2, 3, 6, 8, 11) AND "
 		       .       "type = 'virtualmachine'";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_row($qh))
+		if($row = mysqli_fetch_row($qh))
 			$data['total'] = $row[0];
 	}
 	else
@@ -3817,7 +3817,7 @@ function AJgetBlockAllocatedMachineData() {
 		       .       "u.affiliationid = {$user['affiliationid']}";
 	}
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		for($binstart = $start, $binend = $start + 900, $binindex = 0; 
 		   $binend <= $end;
 		   $binstart += 900, $binend += 900, $binindex++) {
@@ -3869,7 +3869,7 @@ function AJviewBlockAllocationUsage() {
 	$first = 1;
 	$firststart = '';
 	$laststart = '';
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		if(is_null($row['blockStart']))
 			continue;
 		if($first) {

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/computer.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/computer.php b/web/.ht-inc/computer.php
index 6c6668d..3a9e117 100644
--- a/web/.ht-inc/computer.php
+++ b/web/.ht-inc/computer.php
@@ -821,7 +821,7 @@ class Computer extends Resource {
 		       . "ORDER BY rq.start "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			$cdata = $this->basecdata;
 			$cdata['compid'] = $rscid;
 			$cont = addContinuationsEntry('AJcanceltovmhostinuse', $cdata, 300, 1, 0);
@@ -973,7 +973,7 @@ class Computer extends Resource {
 				       .       "vm.stateid = 10";
 				$qh = doQuery($query);
 				$vmids = array();
-				while($row = mysql_fetch_assoc($qh))
+				while($row = mysqli_fetch_assoc($qh))
 					$vmids[] = $row['id'];
 				$allids = implode(',', $vmids);
 				if($data['provisioning'] != 'none')  {
@@ -1235,7 +1235,7 @@ class Computer extends Resource {
 					       .       "vm.vmhostid = v.id";
 					$qh = doQuery($query);
 					$fail = 0;
-					while($row = mysql_fetch_assoc($qh)) {
+					while($row = mysqli_fetch_assoc($qh)) {
 						if(! simpleAddRequest($row['id'], $imageid, $revid, $startdt,
 						                      $enddt, 18, $vclreloadid)) {
 							$fail = 1;
@@ -1357,7 +1357,7 @@ class Computer extends Resource {
 					       .       "vm.vmhostid = v.id";
 					$qh = doQuery($query);
 					$fails = array();
-					while($row = mysql_fetch_assoc($qh)) {
+					while($row = mysqli_fetch_assoc($qh)) {
 						if(! simpleAddRequest($row['id'], $imageid, $revid, $startdt,
 						                      $enddt, 18, $vclreloadid)) {
 							$fails[] = $row['id'];
@@ -1451,7 +1451,7 @@ class Computer extends Resource {
 							$qh = doQuery($query);
 							$fails = array();
 							$cnt = 0;
-							while($row = mysql_fetch_assoc($qh)) {
+							while($row = mysqli_fetch_assoc($qh)) {
 								$cnt++;
 								if(! simpleAddRequest($row['id'], $imageid, $revid, $startdt,
 								                      $enddt, 18, $vclreloadid)) {
@@ -1781,7 +1781,7 @@ class Computer extends Resource {
 			       .       "deleted = 0";
 			$qh = doQuery($query);
 			$exists = array();
-			while($row = mysql_fetch_assoc($qh))
+			while($row = mysqli_fetch_assoc($qh))
 				$exists[] = $row['hostname'];
 			if(count($exists)) {
 				$hosts = implode(', ', $exists);
@@ -2049,7 +2049,7 @@ class Computer extends Resource {
 				       .       "rq.laststateid NOT IN (1,5,11,12) AND "
 				       .       "rq.userid != $vclreloadid";
 				$qh = doQuery($query);
-				if(mysql_num_rows($qh)) {
+				if(mysqli_num_rows($qh)) {
 					$return['error'] = 1;
 					$errormsg[] = "This computer has an active reservation. NAT settings cannot be changed for computers having<br>active reservations.";
 				}
@@ -2099,7 +2099,7 @@ class Computer extends Resource {
 				       .       "rq.laststateid NOT IN (1,5,11,12) AND "
 				       .       "rq.userid != $vclreloadid";
 				$qh = doQuery($query);
-				if(mysql_num_rows($qh)) {
+				if(mysqli_num_rows($qh)) {
 					$return['error'] = 1;
 					$errormsg[] = "This computer is the NAT host for other computers that have active reservations. NAT host<br>settings cannot be changed while providing NAT for active reservations.";
 				}
@@ -2140,7 +2140,7 @@ class Computer extends Resource {
 		if(! empty($compid))
 			$query .= " AND id != $compid";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh))
+		if(mysqli_num_rows($qh))
 			return 1;
 		return 0;
 	}
@@ -2170,7 +2170,7 @@ class Computer extends Resource {
 		if(! empty($compid))
 			$query .= " AND id != $compid";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh))
+		if(mysqli_num_rows($qh))
 			return 1;
 		return 0;
 	}
@@ -2199,7 +2199,7 @@ class Computer extends Resource {
 		if(! empty($compid))
 			$query .= " AND id != $compid";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh))
+		if(mysqli_num_rows($qh))
 			return 1;
 		return 0;
 	}
@@ -2377,7 +2377,7 @@ class Computer extends Resource {
 	///
 	////////////////////////////////////////////////////////////////////////////////
 	function AJcanceltovmhostinuse() {
-		global $mysql_link_vcl;
+		global $mysqli_link_vcl;
 		$compid = getContinuationVar('compid');
 		$type = 'none';
 		$query = "DELETE FROM request "
@@ -2387,7 +2387,7 @@ class Computer extends Resource {
 		       .              "FROM reservation "
 		       .              "WHERE computerid = $compid)";
 		doQuery($query);
-		if(mysql_affected_rows($mysql_link_vcl))
+		if(mysqli_affected_rows($mysqli_link_vcl))
 			$type = 'future';
 		$query = "UPDATE request rq, "
 		       .         "reservation rs, "
@@ -2399,7 +2399,7 @@ class Computer extends Resource {
 		       .       "rq.laststateid = ls.id AND "
 		       .       "ls.name = 'tovmhostinuse'";
 		doQuery($query);
-		if(mysql_affected_rows($mysql_link_vcl))
+		if(mysqli_affected_rows($mysqli_link_vcl))
 			$type = 'current';
 		$query = "SELECT rq.start "
 		       . "FROM request rq, "
@@ -2415,7 +2415,7 @@ class Computer extends Resource {
 		       .       "rq.end > NOW() "
 		       . "ORDER BY rq.start";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh))
+		if(mysqli_num_rows($qh))
 			$arr = array('status' => 'failed');
 		else {
 			if($type == 'now')
@@ -2477,7 +2477,7 @@ class Computer extends Resource {
 		       . "ORDER BY rq.start "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			if(! retryGetSemaphore($imageid, $revid, $mnid, $compid, $startdt, $enddt, $row['id']))
 				return 0;
 			# update existing reservation
@@ -2720,7 +2720,7 @@ class Computer extends Resource {
 			       .       "vm.vmhostid = v.id";
 			$qh = doQuery($query);
 			$fail = 0;
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if(! simpleAddRequest($row['id'], $imageid, $revid, $startdt,
 				                      $enddt, 18, $vclreloadid)) {
 					$fail = 1;
@@ -2811,7 +2811,7 @@ class Computer extends Resource {
 			       . "WHERE v.computerid = $compid AND "
 			       .       "vm.vmhostid = v.id";
 			$qh = doQuery($query);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				$checkstart = getExistingChangeStateStartTime($row['id'], 18);
 				if($checkstart) {
 					if($checkstart > $start)
@@ -3069,7 +3069,7 @@ class Computer extends Resource {
 							 .       "rq.end > '$startstamp' AND "
 							 .       "s.name NOT IN ('complete', 'deleted', 'failed', 'timeout')";
 					$qh = doQuery($query);
-					if(! mysql_num_rows($qh))
+					if(! mysqli_num_rows($qh))
 						$reloadnow[] = $compid;
 					else
 						$reloadasap[] = $compid;
@@ -3160,7 +3160,7 @@ class Computer extends Resource {
 		       .       "s.name NOT IN ('deleted', 'failed', 'complete') AND "
 		       .       "rq.end > NOW()";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$skipcompids[] = $row['computerid'];
 		$query = "SELECT DISTINCT bc.computerid "
 		       . "FROM blockTimes bt, "
@@ -3173,7 +3173,7 @@ class Computer extends Resource {
 		       .       "bt.skip = 0 AND "
 		       .       "br.status = 'accepted'";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$skipcompids[] = $row['computerid'];
 		$delids = array_diff($compids, $skipcompids);
 		$msg = '';
@@ -3254,7 +3254,7 @@ class Computer extends Resource {
 		       .       "s.name NOT IN ('deleted', 'failed', 'complete') AND "
 		       .       "rq.end > NOW()";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$fails[] = $row['computerid'];
 		$delids = array_diff($compids, $fails);
 
@@ -3429,7 +3429,7 @@ class Computer extends Resource {
 			       .       "rq.stateid NOT IN (1, 5, 11, 12) AND " # TODO might not want 11 (timeout)
 			       .       "rs.computerid IN ($allids)";
 			$qh = doQuery($query);
-			while($row = mysql_fetch_assoc($qh))
+			while($row = mysqli_fetch_assoc($qh))
 				$inusecompids[$row['computerid']] = 1;
 
 			# check initial conditions
@@ -3491,7 +3491,7 @@ class Computer extends Resource {
 				       . "WHERE h.id IN ($ids) "
 				       . "GROUP BY vh.computerid";
 				$qh = doQuery($query);
-				while($row = mysql_fetch_assoc($qh)) {
+				while($row = mysqli_fetch_assoc($qh)) {
 					if($row['count'])
 						$fails['hasvms'][] = $row['id'];
 					else
@@ -3507,7 +3507,7 @@ class Computer extends Resource {
 				       . "LEFT JOIN computer h ON (vh.computerid = h.id) "
 				       . "WHERE vm.id IN ($ids)";
 				$qh = doQuery($query);
-				while($row = mysql_fetch_assoc($qh)) {
+				while($row = mysqli_fetch_assoc($qh)) {
 					if($row['stateid'] != 20)
 						$fails['hostfail'][] = $row['id'];
 					else
@@ -3578,7 +3578,7 @@ class Computer extends Resource {
 				$notes = processInputVar('notes', ARG_STRING);
 				if(get_magic_quotes_gpc())
 					$notes = stripslashes($notes);
-				$notes = mysql_real_escape_string($notes);
+				$notes = vcl_mysql_escape_string($notes);
 				$notes = $user["unityid"] . " " . unixToDatetime(time()) . "@"
 				       . $notes;
 			}
@@ -3634,7 +3634,7 @@ class Computer extends Resource {
 						       .       "vm.vmhostid = v.id";
 						$qh = doQuery($query);
 						$setnoteids = array();
-						while($row = mysql_fetch_assoc($qh)) {
+						while($row = mysqli_fetch_assoc($qh)) {
 							$checkstart = getExistingChangeStateStartTime($row['id'], 18);
 							if($checkstart) {
 								if($checkstart > $reloadstart)
@@ -3865,7 +3865,7 @@ class Computer extends Resource {
 			       . "WHERE v.computerid IN ($allids) AND "
 			       .       "vm.vmhostid = v.id";
 			$qh = doQuery($query);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if(! array_key_exists($row['compid'], $maintvmids))
 					$maintvmids[$row['compid']] = array();
 				if($row['vmstateid'] == 10 &&
@@ -4000,8 +4000,8 @@ class Computer extends Resource {
 								       . "GROUP BY rs.computerid "
 								       . "ORDER BY start";
 								$qh = doQuery($query);
-								if(mysql_num_rows($qh) == count($allvmids)) {
-									while($row = mysql_fetch_assoc($qh)) {
+								if(mysqli_num_rows($qh) == count($allvmids)) {
+									while($row = mysqli_fetch_assoc($qh)) {
 										$times[$row['start']] = 1;
 										$reqids[] = $row['id'];
 									}
@@ -4022,7 +4022,7 @@ class Computer extends Resource {
 										       .       "rs.imageid = '{$profiles[$profileid]['imageid']}' AND "
 										       .       "rq.stateid = 21";
 										$qh = doQuery($query);
-										if($row = mysql_fetch_assoc($qh)) {
+										if($row = mysqli_fetch_assoc($qh)) {
 											# node was previously scheduled to be reloaded for vmhostinuse
 											if($times[0] > $start) {
 												# update existing reservations
@@ -4286,7 +4286,7 @@ class Computer extends Resource {
 		       .       "rq.start <= '$startcheckdt' AND "
 		       .       "rq.end > NOW()";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$fails[] = $row['computerid'];
 
 		$nowids = array_diff($compids, $fails);
@@ -4454,7 +4454,7 @@ class Computer extends Resource {
 		       .       "rq.laststateid NOT IN (1,5,11,12) AND "
 		       .       "rq.userid != $vclreloadid";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$inusecompids[] = $row['computerid'];
 
 		$tmp = getUserResources(array($this->restype . "Admin"), array("administer"), 0, 1);
@@ -4799,7 +4799,7 @@ class Computer extends Resource {
 		       .       "s.name NOT IN ('timedout','deleted','complete')";
 		$qh = doQuery($query);
 		$data = array();
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			$msg = "<strong>{$row['hostname']}</strong><br>";
 			if($row['start'] == '') {
 				$msg .= "(No reservations)<br><hr>";
@@ -4888,7 +4888,7 @@ class Computer extends Resource {
 		       .          "l.start DESC";
 		$qh = doQuery($query);
 		$data = array();
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			if(! is_numeric($row['end']))
 				continue;
 			$msg = "<strong>{$row['hostname']}</strong><br>";
@@ -5076,7 +5076,7 @@ class Computer extends Resource {
 		       .       "eth1macaddress IN ('$ineth1s')";
 		$qh = doQuery($query);
 		$errmsg = '';
-		if(mysql_num_rows($qh)) {
+		if(mysqli_num_rows($qh)) {
 			$errmsg .= "The specified starting MAC address combined with the number ";
 			$errmsg .= "of computers entered will result in a MAC address already ";
 			$errmsg .= "assigned to another computer.";

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/config.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/config.php b/web/.ht-inc/config.php
index 3ed2cb2..531424d 100644
--- a/web/.ht-inc/config.php
+++ b/web/.ht-inc/config.php
@@ -65,7 +65,7 @@ class Config extends Resource {
 		$query .= "ORDER BY cv.configid, cv.name";
 		$variables = array();
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$variables[$row['configid']][$row['id']] = $row;
 
 		# config subimages
@@ -85,7 +85,7 @@ class Config extends Resource {
 			$query .= "AND configid = $id ";
 		$query .= "ORDER BY s.configid, i.prettyname";
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$variables[$row['configid']][$row['id']] = $row;
 
 		# configs
@@ -121,7 +121,7 @@ class Config extends Resource {
 			$query .= " AND c.deleted = 0";
 		$qh = doQuery($query);
 		$configs = array();
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			if(array_key_exists($row['id'], $variables))
 				$row['variables'] = $variables[$row['id']];
 			else
@@ -166,7 +166,7 @@ class Config extends Resource {
 		       .       "c.configtypeid = ct.id AND "
 		       .       "c.deleted = 0";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			return $row;
 		else
 			return NULL;
@@ -245,11 +245,11 @@ class Config extends Resource {
 		}
 		$sets = array();
 		if($curdata['name'] != $vars['name']) {
-			$name = mysql_real_escape_string($vars['name']);
+			$name = vcl_mysql_escape_string($vars['name']);
 			$sets[] = "name = '$name'";
 		}
 		if($curdata['data'] != $vars['data']) {
-			$data = mysql_real_escape_string($vars['data']);
+			$data = vcl_mysql_escape_string($vars['data']);
 			$sets[] = "data = '$data'";
 		}
 		if($curdata['ownerid'] != $vars['ownerid'])
@@ -319,11 +319,11 @@ class Config extends Resource {
 				}
 				$sets = array();
 				if($vardata['name'] != $newvars[$id]['name']) {
-					$name = mysql_real_escape_string($newvars[$id]['name']);
+					$name = vcl_mysql_escape_string($newvars[$id]['name']);
 					$sets[] = "name = '$name'";
 				}
 				if($vardata['identifier'] != $newvars[$id]['identifier']) {
-					$identifier = mysql_real_escape_string($newvars[$id]['identifier']);
+					$identifier = vcl_mysql_escape_string($newvars[$id]['identifier']);
 					$sets[] = "identifier = '$identifier'";
 				}
 				if($vardata['datatypeid'] != $newvars[$id]['datatypeid']) {
@@ -332,7 +332,7 @@ class Config extends Resource {
 					$sets[] = "datatypeid = '{$newvars[$id]['datatypeid']}'";
 				}
 				if($vardata['defaultvalue'] != $newvars[$id]['defaultvalue']) {
-					$defaultvalue = mysql_real_escape_string($newvars[$id]['defaultvalue']);
+					$defaultvalue = vcl_mysql_escape_string($newvars[$id]['defaultvalue']);
 					$sets[] = "defaultvalue = '$defaultvalue'";
 				}
 				if($vardata['required'] != $newvars[$id]['required']) {
@@ -377,9 +377,9 @@ class Config extends Resource {
 		$inserts = array();
 		$datatypes = getConfigDataTypes();
 		foreach($newvars as $var) {
-			$name = mysql_real_escape_string($var['name']);
-			$identifier = mysql_real_escape_string($var['identifier']);
-			$defaultvalue = mysql_real_escape_string($var['defaultvalue']);
+			$name = vcl_mysql_escape_string($var['name']);
+			$identifier = vcl_mysql_escape_string($var['identifier']);
+			$defaultvalue = vcl_mysql_escape_string($var['defaultvalue']);
 			if(! array_key_exists($var['datatypeid'], $datatypes))
 				$var['datatypeid'] = $this->findDataTypeID($var['defaultvalue'], $datatypes);
 			$inserts[] = "('$name', "
@@ -407,7 +407,7 @@ class Config extends Resource {
 	///
 	////////////////////////////////////////////////////////////////////////////////
 	function addResource($vars) {
-		$name = mysql_real_escape_string($vars['name']);
+		$name = vcl_mysql_escape_string($vars['name']);
 		if($vars['type'] == 'Cluster') {
 			$query = "INSERT INTO config "
 			       .        "(name, "
@@ -436,7 +436,7 @@ class Config extends Resource {
 			doQuery($query);
 		}
 		else {
-			$data = mysql_real_escape_string($vars['data']);
+			$data = vcl_mysql_escape_string($vars['data']);
 			$query = "INSERT INTO config "
 			       .        "(name, "
 			       .        "configtypeid, "
@@ -501,10 +501,10 @@ class Config extends Resource {
 			return 0;
 		}
 		# check for existance of name
-		$name = mysql_real_escape_string($return['name']);
+		$name = vcl_mysql_escape_string($return['name']);
 		$query = "SELECT id FROM config WHERE name = '$name' AND id != $configid";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh)) {
+		if(mysqli_num_rows($qh)) {
 			$this->errmsg = "Another config with this name already exists.";
 			return 0;
 		}
@@ -1152,7 +1152,7 @@ class Config extends Resource {
 		       .       "c.deleted = 0";
 		$configmaps = array();
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh)) {
+		while($row = mysqli_fetch_assoc($qh)) {
 			switch($row['configmaptype']) {
 				case "Image":
 					$row['mapto'] = $row['image'];
@@ -1478,7 +1478,7 @@ class Config extends Resource {
 		       .       "configstageid = {$return['stageid']} AND "
 		       .       "id != $configmapid";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh)) {
+		if(mysqli_num_rows($qh)) {
 			$this->errmsg = "The specified mapping already exists.";
 			return 0;
 		}
@@ -1526,7 +1526,7 @@ class Config extends Resource {
 		       .       "c.id in ($inlist)";
 		$configs = array();
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$configs[$row['id']] = $row['name'];
 		return $configs;
 	}
@@ -1542,7 +1542,7 @@ class Config extends Resource {
 		$query = "SELECT id, name FROM configstage ORDER BY name";
 		$stages = array();
 		$qh = doQuery($query);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$stages[$row['id']] = $row['name'];
 		return $stages;
 	}
@@ -1597,7 +1597,7 @@ class Config extends Resource {
 			       .       "ct.prettyname = 'Config' AND "
 			       .       "cm.configid = c.id";
 			$qh = doQuery($query);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if($row['subid'] == $configid)
 					return $row['config'];
 				if($reccnt < 20) {
@@ -1624,7 +1624,7 @@ class Config extends Resource {
 			       .       "ct.prettyname = 'Subimage' AND "
 			       .       "cm.configid = c.id";
 			$qh = doQuery($query);
-			while($row = mysql_fetch_assoc($qh)) {
+			while($row = mysqli_fetch_assoc($qh)) {
 				if($row['configid'] == $configid)
 					return $row['config'];
 				if($reccnt < 20) {

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/dashboard.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/dashboard.php b/web/.ht-inc/dashboard.php
index 78e469c..3c2df3f 100644
--- a/web/.ht-inc/dashboard.php
+++ b/web/.ht-inc/dashboard.php
@@ -193,22 +193,22 @@ function getStatusData() {
 				 .       "rq.end > NOW()";
 	}
 	$qh = doQuery($query, 101);
-	if($row = mysql_fetch_row($qh))
+	if($row = mysqli_fetch_row($qh))
 		$data[0]['val'] = $row[0];
 
 	$query = "SELECT COUNT(id) FROM computer WHERE stateid IN (2, 3, 6, 8, 11)";
 	$qh = doQuery($query, 101);
-	if($row = mysql_fetch_row($qh))
+	if($row = mysqli_fetch_row($qh))
 		$data[1]['val'] = $row[0];
 
 	$query = "SELECT COUNT(id) FROM computer WHERE stateid = 8";
 	$qh = doQuery($query, 101);
-	if($row = mysql_fetch_row($qh))
+	if($row = mysqli_fetch_row($qh))
 		$data[2]['val'] = $row[0];
 
 	$query = "SELECT COUNT(id) FROM computer WHERE stateid = 5";
 	$qh = doQuery($query, 101);
-	if($row = mysql_fetch_row($qh))
+	if($row = mysqli_fetch_row($qh))
 		$data[3]['val'] = $row[0];
 	return $data;
 }
@@ -259,7 +259,7 @@ function getTopImageData() {
 	}
 	$data = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$data[] = $row;
 	return $data;
 }
@@ -310,7 +310,7 @@ function getTopLongImageData() {
 	}
 	$data = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$data[] = $row;
 	return $data;
 }
@@ -360,7 +360,7 @@ function getTopPastImageData() {
 	}
 	$data = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$data[] = $row;
 	return $data;
 }
@@ -407,7 +407,7 @@ function getTopFailedData() {
 	}
 	$data = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$data[] = $row;
 	return $data;
 }
@@ -458,7 +458,7 @@ function getTopFailedComputersData() {
 	}
 	$data = array();
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$data[] = $row;
 	return $data;
 }
@@ -522,7 +522,7 @@ function getActiveResChartData() {
 		       .       "l.userid != $reloadid";
 	}
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		if($row['stateid'] == 14)
 			$row['stateid'] = $row['laststateid'];
 		if($row['end'] > time() &&
@@ -583,7 +583,7 @@ function getBlockAllocationData() {
 				 .       "bt.end > NOW()";
 	}
 	$qh = doQuery($query, 101);
-	$row = mysql_fetch_row($qh);
+	$row = mysqli_fetch_row($qh);
 	$blockcount = $row[0];
 	# computers in blockComputers for active allocations
 	if($affilid == 0) {
@@ -612,7 +612,7 @@ function getBlockAllocationData() {
 	$qh = doQuery($query, 101);
 	$total = 0;
 	$used = 0;
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		$total++;
 		if($row['stateid'] == 3 || $row['stateid'] == 8)
 			$used++;
@@ -642,7 +642,7 @@ function getBlockAllocationData() {
 	}
 	$alloc = 0;
 	$qh = doQuery($query, 101);
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$alloc += $row['numMachines'];
 	if($alloc)
 		$failed = sprintf('%d / %d (%0.2f %%)', ($alloc - $total), $alloc, (($alloc - $total) / $alloc * 100));
@@ -700,7 +700,7 @@ function getNewReservationData() {
 	$query .= "ORDER BY rq.start";
 	$qh = doQuery($query, 101);
 	$data = array();
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		$tmp = explode('.', $row['computer']);
 		$row['computer'] = $tmp[0];
 		$row['start'] = date('D h:i', $row['start']);
@@ -758,7 +758,7 @@ function getFailedImagingData() {
 	$query .= "ORDER BY rq.start";
 	$qh = doQuery($query, 101);
 	$data = array();
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		if(is_null($row['revisioncomments']))
 			$row['revisioncomments'] = '(none)';
 		$tmp = explode('.', $row['computer']);
@@ -816,7 +816,7 @@ function getManagementNodeData() {
 	$current = array();
 	$old = array();
 	$never = array();
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		$tmp = explode('.', $row['hostname']);
 		$row['hostname'] = $tmp[0];
 		if($row['checkin'] < 0)

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/groups.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/groups.php b/web/.ht-inc/groups.php
index 29ae0f4..306395e 100644
--- a/web/.ht-inc/groups.php
+++ b/web/.ht-inc/groups.php
@@ -1102,7 +1102,7 @@ function processGroupInput($checks=1) {
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function checkForGroupName($name, $type, $id, $extraid) {
-	$name = mysql_real_escape_string($name);
+	$name = vcl_mysql_escape_string($name);
 	if($type == "user")
 		$query = "SELECT id FROM usergroup "
 		       . "WHERE name = '$name' AND "
@@ -1114,7 +1114,7 @@ function checkForGroupName($name, $type, $id, $extraid) {
 	if(! empty($id))
 		$query .= " AND id != $id";
 	$qh = doQuery($query, 101);
-	if(mysql_num_rows($qh))
+	if(mysqli_num_rows($qh))
 		return 1;
 	return 0;
 }
@@ -1162,7 +1162,7 @@ function updateGroup($data) {
 		       . "WHERE id = {$data['groupid']}";
 	}
 	doQuery($query, 300);
-	return mysql_affected_rows($GLOBALS['mysql_link_vcl']);
+	return mysqli_affected_rows($GLOBALS['mysqli_link_vcl']);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -1221,7 +1221,7 @@ function addGroup($data) {
 	}
 	$qh = doQuery($query, 305);
 	clearPrivCache();
-	return mysql_affected_rows($GLOBALS['mysql_link_vcl']);
+	return mysqli_affected_rows($GLOBALS['mysqli_link_vcl']);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -1254,7 +1254,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		       .       "rg.resourcetypeid = rt.id";
 		$usedby = array();
 		$qh = doQuery($query, 310);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Owning User Group for Resource Groups</h3>\n"
@@ -1269,7 +1269,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 				 .       "ug.affiliationid = a.id";
 		$usedby = array();
 		$qh = doQuery($query, 313);
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>'Editable by' Group for User Groups</h3>\n"
@@ -1281,7 +1281,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		       . "WHERE usergroupid = $groupid";
 		$qh = doQuery($query);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = getNodePath($row['privnodeid']);
 		if(count($usedby)) {
 			$msgs[] = "<h3>Assigned at Privilege Nodes</h3>\n"
@@ -1294,7 +1294,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		       .   "AND status IN ('requested', 'accepted')";
 		$qh = doQuery($query, 311);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Assigned for Block Allocations</h3>\n"
@@ -1304,7 +1304,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		$query = "SELECT name FROM serverprofile WHERE admingroupid = $groupid";
 		$qh = doQuery($query);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Admin User Group for Server Profiles</h3>\n"
@@ -1314,7 +1314,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		$query = "SELECT name FROM serverprofile WHERE logingroupid = $groupid";
 		$qh = doQuery($query);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Access User Group for Server Profiles</h3>\n"
@@ -1328,7 +1328,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		       .       "s.requestid = rq.id";
 		$qh = doQuery($query);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Admin User Group for Server Requests</h3>\n"
@@ -1342,7 +1342,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 		       .       "s.requestid = rq.id";
 		$qh = doQuery($query);
 		$usedby = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$usedby[] = $row['name'];
 		if(count($usedby)) {
 			$msgs[] = "<h3>Access User Group for Server Requests</h3>\n"
@@ -1366,7 +1366,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 	$query = "SELECT hostname FROM managementnode WHERE imagelibgroupid = $groupid";
 	$qh = doQuery($query);
 	$usedby = array();
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$usedby[] = $row['hostname'];
 	if(count($usedby)) {
 		$msgs[] = "<h3>Management Node Image Library Group</h3>\n"
@@ -1376,7 +1376,7 @@ function checkForGroupUsage($groupid, $type, &$msg='') {
 	$query = "SELECT DISTINCT privnodeid FROM resourcepriv WHERE resourcegroupid = $groupid";
 	$qh = doQuery($query);
 	$usedby = array();
-	while($row = mysql_fetch_assoc($qh))
+	while($row = mysqli_fetch_assoc($qh))
 		$usedby[] = getNodePath($row['privnodeid']);
 	if(count($usedby)) {
 		$msgs[] = "<h3>Assigned at Privilege Nodes</h3>\n"

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/help.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/help.php b/web/.ht-inc/help.php
index dd73adb..f632f6b 100644
--- a/web/.ht-inc/help.php
+++ b/web/.ht-inc/help.php
@@ -168,7 +168,7 @@ function submitHelpForm() {
 	       . "ORDER BY l.finalend DESC "
 	       . "LIMIT 5";
 	$qh = doQuery($query, 290);
-	while($row = mysql_fetch_assoc($qh)) {
+	while($row = mysqli_fetch_assoc($qh)) {
 		# only include 1 computer from cluster reservations
 		if(array_key_exists($row['id'], $requests))
 			continue;

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/image.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/image.php b/web/.ht-inc/image.php
index 9447aea..4e07dcd 100644
--- a/web/.ht-inc/image.php
+++ b/web/.ht-inc/image.php
@@ -187,7 +187,7 @@ class Image extends Resource {
 		       . "ORDER BY rq.end DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$msgs[] = sprintf(i("There is at least one <strong>reservation</strong> for this image. The latest end time is %s."), prettyDatetime($row['end'], 1));;
 
 		# check blockComputers
@@ -205,7 +205,7 @@ class Image extends Resource {
 		       . "ORDER BY bt.end DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$msgs[] = sprintf(i("There is at least one <strong>Block Allocation</strong> with computers currently allocated with this image. Block Allocation %s has the latest end time which is %s."), $row['name'], prettyDatetime($row['end'], 1));
 
 		# check blockRequest
@@ -221,7 +221,7 @@ class Image extends Resource {
 		       . "ORDER BY bt.end DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$msgs[] = sprintf(i("There is at least one <strong>Block Allocation</strong> configured to use this image. Block Allocation %s has the latest end time which is %s."), $row['name'], prettyDatetime($row['end'], 1));
 
 		# check serverprofile
@@ -230,7 +230,7 @@ class Image extends Resource {
 		       . "WHERE imageid = $rscid";
 		$qh = doQuery($query);
 		$profiles = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$profiles[] = $row['name'];
 		if(count($profiles))
 			$msgs[] = i("The following <strong>Server Profiles</strong> are configured to use this image:") . "<br><br>\n" . implode("<br>\n", $profiles);
@@ -245,7 +245,7 @@ class Image extends Resource {
 		       .       "s.imagemetaid = im.id AND "
 		       .       "s.imageid = $rscid";
 		$images = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$images[] = $row['prettyname'];
 		if(count($images))
 			$msgs[] = i("The following <strong>images</strong> have the selected image assigned as a <strong>subimage</strong>:") . "<br><br>\n" . implode("<br>\n", $images);
@@ -255,7 +255,7 @@ class Image extends Resource {
 		       . "FROM vmprofile "
 		       . "WHERE imageid = $rscid";
 		$profiles = array();
-		while($row = mysql_fetch_assoc($qh))
+		while($row = mysqli_fetch_assoc($qh))
 			$profiles[] = $row['profilename'];
 		if(count($profiles))
 			$msgs[] = i("The following <strong>VM Host Profiles</strong> have the this image selected:") . "<br><br>\n" . implode("<br>\n", $profiles);
@@ -801,12 +801,12 @@ class Image extends Resource {
 			$updates[] = "forcheckout = {$data['checkout']}";
 		# description
 		if($data['desc'] != $olddata['description']) {
-			$escdesc = mysql_real_escape_string($data['desc']);
+			$escdesc = vcl_mysql_escape_string($data['desc']);
 			$updates[] = "description = '$escdesc'";
 		}
 		# usage
 		if($data['usage'] != $olddata['usage']) {
-			$escusage = mysql_real_escape_string($data['usage']);
+			$escusage = vcl_mysql_escape_string($data['usage']);
 			$updates[] = "`usage` = '$escusage'";
 		}
 
@@ -821,7 +821,7 @@ class Image extends Resource {
 		if($olddata['ostype'] == 'windows') {
 			if($data['adauthenabled'] != $olddata['adauthenabled']) {
 				if($data['adauthenabled']) {
-					$esc_baseou = mysql_real_escape_string($data['baseou']);
+					$esc_baseou = vcl_mysql_escape_string($data['baseou']);
 					$query = "INSERT INTO imageaddomain "
 					       .        "(imageid, "
 					       .        "addomainid, "
@@ -841,7 +841,7 @@ class Image extends Resource {
 			elseif($data['adauthenabled'] &&
 			       ($data['addomainid'] != $olddata['addomainid'] ||
 			       $data['baseou'] != $olddata['baseOU'])) {
-				$esc_baseou = mysql_real_escape_string($data['baseou']);
+				$esc_baseou = vcl_mysql_escape_string($data['baseou']);
 				$query = "UPDATE imageaddomain "
 				       . "SET addomainid = {$data['addomainid']}, "
 				       .     "baseOU = '$esc_baseou' "
@@ -868,7 +868,7 @@ class Image extends Resource {
 					 .        "{$data['sethostname']})";
 			doQuery($query, 101);
 			$qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101);
-			if(! $row = mysql_fetch_row($qh))
+			if(! $row = mysqli_fetch_row($qh))
 				abort(101);
 			$imagemetaid = $row[0];
 			$query = "UPDATE image "
@@ -979,7 +979,7 @@ class Image extends Resource {
 		       .       "rq.id = rs.requestid";
 		doQuery($query, 101);
 
-		$agree = mysql_real_escape_string(getContinuationVar('agree'));
+		$agree = vcl_mysql_escape_string(getContinuationVar('agree'));
 		$query = "INSERT INTO clickThroughs "
 		       .        "(userid, "
 		       .        "imageid, "
@@ -1095,10 +1095,10 @@ class Image extends Resource {
 		       . "ORDER BY revision DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query, 101);
-		$row = mysql_fetch_assoc($qh);
+		$row = mysqli_fetch_assoc($qh);
 		$newrevision = $row['revision'] + 1;
 		$newname = preg_replace("/{$row['revision']}$/", $newrevision, $row['imagename']);
-		$comments = mysql_real_escape_string($comments);
+		$comments = vcl_mysql_escape_string($comments);
 		$query = "INSERT INTO imagerevision "
 		       .        "(imageid, "
 		       .        "revision, "
@@ -1155,7 +1155,7 @@ class Image extends Resource {
 		if($autocaptured)
 			return 1;
 	
-		$agree = mysql_real_escape_string(getContinuationVar('agree'));
+		$agree = vcl_mysql_escape_string(getContinuationVar('agree'));
 		$query = "INSERT INTO clickThroughs "
 		       .        "(userid, "
 		       .        "imageid, "
@@ -1188,9 +1188,9 @@ class Image extends Resource {
 	/////////////////////////////////////////////////////////////////////////////
 	function addResource($data) {
 		global $user;
-		$data['desc'] = mysql_real_escape_string($data['desc']);
-		$data['usage'] = mysql_real_escape_string($data['usage']);
-		$data['comments'] = mysql_real_escape_string($data['comments']);
+		$data['desc'] = vcl_mysql_escape_string($data['desc']);
+		$data['usage'] = vcl_mysql_escape_string($data['usage']);
+		$data['comments'] = vcl_mysql_escape_string($data['comments']);
 	
 		# get architecture of base image
 		$query = "SELECT i.architecture "
@@ -1199,7 +1199,7 @@ class Image extends Resource {
 		       . "WHERE ir.imageid = i.id AND "
 		       .       "ir.id = {$data['basedoffrevisionid']}";
 		$qh = doQuery($query);
-		$row = mysql_fetch_assoc($qh);
+		$row = mysqli_fetch_assoc($qh);
 		$arch = $row['architecture'];
 	
 		$ownerdata = getUserInfo($data['owner'], 1);
@@ -1244,7 +1244,7 @@ class Image extends Resource {
 
 		# ad authentication
 		if($data['adauthenabled']) {
-			$esc_baseou = mysql_real_escape_string($data['baseou']);
+			$esc_baseou = vcl_mysql_escape_string($data['baseou']);
 			$query = "INSERT INTO imageaddomain "
 			       .        "(imageid, "
 			       .        "addomainid, "
@@ -1554,7 +1554,7 @@ class Image extends Resource {
 				 . "FROM subimages "
 				 . "WHERE imagemetaid = $imagemetaid";
 		$qh = doQuery($query, 101);
-		$row = mysql_fetch_row($qh);
+		$row = mysqli_fetch_row($qh);
 		if($row[0] == 0) {
 			$rc = checkClearImageMeta($imagemetaid, $imageid, 'subimages');
 			if($rc)
@@ -1570,7 +1570,7 @@ class Image extends Resource {
 			$query = "SELECT imageid FROM subimages WHERE imagemetaid = $imagemetaid";
 			$qh = doQuery($query, 101);
 			$subimages = array();
-			while($row = mysql_fetch_assoc($qh))
+			while($row = mysqli_fetch_assoc($qh))
 				$subimages[] = $row['imageid'];
 		}
 	
@@ -1827,7 +1827,7 @@ class Image extends Resource {
 		if(! empty($id))
 			$query .= " AND id != $id";
 		$qh = doQuery($query, 101);
-		if(mysql_num_rows($qh))
+		if(mysqli_num_rows($qh))
 			return 1;
 		return 0;
 	}
@@ -1857,7 +1857,7 @@ class Image extends Resource {
 		        . "WHERE name = '$nodename' AND "
 		        .       "parent = 3";
 		$qh = doQuery($query, 101);
-		if(! $row = mysql_fetch_assoc($qh)) {
+		if(! $row = mysqli_fetch_assoc($qh)) {
 			$query2 = "INSERT INTO privnode "
 			        .        "(parent, "
 			        .        "name) "
@@ -1866,7 +1866,7 @@ class Image extends Resource {
 			        .        "'$nodename')";
 			doQuery($query2, 101);
 			$qh = doQuery($query, 101);
-			$row = mysql_fetch_assoc($qh);
+			$row = mysqli_fetch_assoc($qh);
 		}
 		$parent = $row['id'];
 		$query = "SELECT id "
@@ -1874,7 +1874,7 @@ class Image extends Resource {
 		        . "WHERE name = '{$ownerdata['login']}-$ownerid' AND "
 		        .       "parent = $parent";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$newnode = $row['id'];
 		else {
 			$query = "INSERT INTO privnode "
@@ -1882,7 +1882,7 @@ class Image extends Resource {
 			       . "VALUES ($parent, '{$ownerdata['login']}-$ownerid')";
 			doQuery($query, 101);
 			$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
-			$row = mysql_fetch_row($qh);
+			$row = mysqli_fetch_row($qh);
 			$newnode = $row[0];
 		}
 	
@@ -1895,7 +1895,7 @@ class Image extends Resource {
 		        . "FROM usergroup "
 		        . "WHERE name = 'manageNewImages'";
 		$qh = doQuery($query, 101);
-		$row = mysql_fetch_assoc($qh);
+		$row = mysqli_fetch_assoc($qh);
 		$ownergroupid = $row['id'];
 		if($virtual)
 			$prefix = 'newvmimages';
@@ -1907,7 +1907,7 @@ class Image extends Resource {
 		       .       "ownerusergroupid = $ownergroupid AND "
 		       .       "resourcetypeid = 13";
 		$qh = doQuery($query, 101);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$resourcegroupid = $row['id'];
 		else {
 			$query = "INSERT INTO resourcegroup "
@@ -1919,7 +1919,7 @@ class Image extends Resource {
 			       .         "13)";
 			doQuery($query, 305);
 			$qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
-			$row = mysql_fetch_row($qh);
+			$row = mysqli_fetch_row($qh);
 			$resourcegroupid = $row[0];
 	
 			// map group to newimages/newvmimages comp group
@@ -1932,7 +1932,7 @@ class Image extends Resource {
 			       . "WHERE name = '$rgroupname' AND "
 			       .       "resourcetypeid = 12";
 			$qh = doQuery($query, 101);
-			$row = mysql_fetch_assoc($qh);
+			$row = mysqli_fetch_assoc($qh);
 			$compResGrpid = $row['id'];
 			$query = "INSERT INTO resourcemap "
 			       .        "(resourcegroupid1, "
@@ -1980,7 +1980,7 @@ class Image extends Resource {
 		       . "WHERE resourcetypeid = 13 AND "
 		       .       "subid = $imageid";
 		$qh = doQuery($query);
-		if(! ($row = mysql_fetch_assoc($qh)))
+		if(! ($row = mysqli_fetch_assoc($qh)))
 			return;
 		$resid = $row['id'];
 		$olduserdata = getUserInfo($oldownerid, 1, 1);
@@ -1994,7 +1994,7 @@ class Image extends Resource {
 		       .       "rgm.resourcegroupid = rg.id AND "
 		       .       "rg.name IN ($oldgroups)";
 		$qh = doQuery($query);
-		if(! ($row = mysql_fetch_assoc($qh)))
+		if(! ($row = mysqli_fetch_assoc($qh)))
 			return;
 		$oldgroup = $row['name'];
 		$oldgroupid = $row['id'];
@@ -2108,7 +2108,7 @@ class Image extends Resource {
 			       .       "(cm.OStypeid = ot.id OR "
 			       .        "cm.OSid = o.id)";
 			$qh = doQuery($query, 101);
-			if(! (mysql_num_rows($qh))) {
+			if(! (mysqli_num_rows($qh))) {
 				# not enabled, add entry for method and image revision
 				$query = "INSERT INTO connectmethodmap "
 				       .        "(connectmethodid, "
@@ -2157,7 +2157,7 @@ class Image extends Resource {
 		$methods = getContinuationVar('methods');
 		$revids = getContinuationVar('revids');
 		$curmethods = getImageConnectMethods($imageid);
-		$remidlist = mysql_real_escape_string(processInputVar('ids', ARG_STRING));
+		$remidlist = vcl_mysql_escape_string(processInputVar('ids', ARG_STRING));
 		$remids = explode(',', $remidlist);
 		$revid = processInputVar('revid', ARG_NUMERIC);
 		$newimage = getContinuationVar('newimage');
@@ -2199,7 +2199,7 @@ class Image extends Resource {
 				       .       "(cm.OStypeid = ot.id OR "
 				       .        "cm.OSid = o.id)";
 				$qh = doQuery($query, 101);
-				if(mysql_num_rows($qh))
+				if(mysqli_num_rows($qh))
 					# if so, add disabled entry for image revision and method
 					$insvals[] = "($id, $revid, 1)";
 			}
@@ -2246,7 +2246,7 @@ class Image extends Resource {
 		$comments = htmlspecialchars($comments);
 		if(get_magic_quotes_gpc())
 			$comments = stripslashes($comments);
-		$comments = mysql_real_escape_string($comments);
+		$comments = vcl_mysql_escape_string($comments);
 		$query = "UPDATE imagerevision "
 		       . "SET comments = '$comments' "
 		       . "WHERE id = $revisionid";
@@ -2306,9 +2306,9 @@ class Image extends Resource {
 		       .       "rs.imagerevisionid IN ($checkedids) AND "
 		       .       "rq.stateid NOT IN (1, 5, 11, 12)";
 		$qh = doQuery($query);
-		if(mysql_num_rows($qh)) {
+		if(mysqli_num_rows($qh)) {
 			$inuseids = array();
-			while($row = mysql_fetch_assoc($qh))
+			while($row = mysqli_fetch_assoc($qh))
 				$inuseids[] = $row['revision'];
 			$inuseids = implode(',', $inuseids);
 			$rc = array('status' => 'error',

http://git-wip-us.apache.org/repos/asf/vcl/blob/e5058500/web/.ht-inc/managementnode.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/managementnode.php b/web/.ht-inc/managementnode.php
index 2b5b08e..dd49e2c 100644
--- a/web/.ht-inc/managementnode.php
+++ b/web/.ht-inc/managementnode.php
@@ -203,7 +203,7 @@ class ManagementNode extends Resource {
 		       . "ORDER BY rq.end DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$msgs[] = "There is at least one <strong>reservation</strong> being processed by this management node. The latest end time is " . prettyDatetime($row['end'], 1) . '.';
 
 		# check blockRequest
@@ -219,7 +219,7 @@ class ManagementNode extends Resource {
 		       . "ORDER BY bt.end DESC "
 		       . "LIMIT 1";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh))
+		if($row = mysqli_fetch_assoc($qh))
 			$msgs[] = "There is at least one <strong>Block Allocation</strong> being handled by this management node. Block Allocation \"{$row['name']}\" has the latest end time which is " . prettyDatetime($row['end'], 1) . '.';
 
 
@@ -246,7 +246,7 @@ class ManagementNode extends Resource {
 	function toggleDeleteResource($rscid) {
 		$query = "SELECT stateid FROM managementnode WHERE id = $rscid";
 		$qh = doQuery($query);
-		if($row = mysql_fetch_assoc($qh)) {
+		if($row = mysqli_fetch_assoc($qh)) {
 			if($row['stateid'] == 1)
 				$query = "UPDATE managementnode SET stateid = 10 WHERE id = $rscid";
 			else
@@ -514,8 +514,8 @@ class ManagementNode extends Resource {
 			}
 		}
 		else {
-			$esc = array('sysadminemail' => mysql_real_escape_string($data['sysadminemail']),
-			             'sharedmailbox' => mysql_real_escape_string($data['sharedmailbox']));
+			$esc = array('sysadminemail' => vcl_mysql_escape_string($data['sysadminemail']),
+			             'sharedmailbox' => vcl_mysql_escape_string($data['sharedmailbox']));
 
 			$olddata = getContinuationVar('olddata');
 			$updates = array();
@@ -992,7 +992,7 @@ class ManagementNode extends Resource {
 				       .       "rq.laststateid NOT IN (1,5,11,12) AND "
 				       .       "rq.userid != $vclreloadid";
 				$qh = doQuery($query);
-				if(mysql_num_rows($qh)) {
+				if(mysqli_num_rows($qh)) {
 					$return['error'] = 1;
 					$errormsg[] = "This management node is the NAT host for computers that have active reservations. NAT host<br>settings cannot be changed while providing NAT for active reservations.";
 				}
@@ -1020,8 +1020,8 @@ class ManagementNode extends Resource {
 	function addResource($data) {
 		global $user;
 		$ownerid = getUserlistID($data['owner']);
-		$esc = array('sysadminemail' => mysql_real_escape_string($data['sysadminemail']),
-		             'sharedmailbox' => mysql_real_escape_string($data['sharedmailbox']));
+		$esc = array('sysadminemail' => vcl_mysql_escape_string($data['sysadminemail']),
+		             'sharedmailbox' => vcl_mysql_escape_string($data['sharedmailbox']));
 		$keys = array('IPaddress',            'hostname',
 		              'ownerid',              'stateid',
 		              'checkininterval',      'installpath',
@@ -1116,7 +1116,7 @@ class ManagementNode extends Resource {
 		if($id != 0)
 			$query .= " AND id != $id";
 		$qh = doQuery($query);
-		return mysql_num_rows($qh);
+		return mysqli_num_rows($qh);
 	}
 }
 ?>


Mime
View raw message