Contact_MySQL_rtns

This is the PHP script that contains the MySQL routines for the token aspect of the Contact form.

    1| <?php
    2| 
    3| //Create a unique hash and add it to a database
    4| function createHash($DBName, $host, $user, $pass, $table, $devmode)
    5| {
    6| 
    7|     $hKey = hash("ripemd256",uniqid(mt_rand(),true));
    8|     $time = time();
    9|     $pasttime = $time - 259200; //3600 seconds per hour x 24 hours x 3 days
  10| 
  11|     //connect to the MySQL server
  12|     $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
  13| 
  14|     if(!$oConnection)
  15|     {
  16|         if(2005 == @mysqli_connect_errno())
  17|         {
  18|             $uError = "<p>Error 1000: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
  19|             $aError = "Error 1000: Unable to connect to the host. ".
  20|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  21|         }
  22|         elseif(1049 == @mysqli_connect_errno())
  23|         {
  24|             $uError = "<p>Error 1001: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
  25|             $aError = "Error 1001: Unable to connect to the database. ".
  26|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  27|         }
  28|         elseif(1044 == @mysqli_connect_errno())
  29|         {
  30|             $uError = "<p>Error 1002: Database username error.<br>\nPlease contact administrator: administrator email</p>";
  31|             $aError = "Error 1002: Database username error. ".
  32|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  33|         }
  34|         elseif(1045 == @mysqli_connect_errno())
  35|         {
  36|             $uError = "<p>Error 1003: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
  37|             $aError = "Error 1003: Database password corruption error. ".
  38|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  39|         }
  40|         else
  41|         {
  42|             $uError = "<p>Error 000A: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
  43|             $aError = "Error 000A: Unknown connection error. ".
  44|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  45|         }
  46|         ContactsErrorPage($uError);
  47| 
  48|         if($devmode)
  49|         {
  50|             error_file("error",$aError);
  51|         }
  52| 
  53|         exit();
  54|     }
  55| 
  56|     //Run the Querys
  57| 
  58|     //Query to clear old entries
  59|     $dbQueryClear = "DELETE FROM ".$table." WHERE catTimestamp < ".$pasttime.";";
  60| 
  61|     //Query to check if new hash is unique
  62|     $dbQueryCheck = "SELECT * FROM ".$table." WHERE catEncrypt = \"".$hKey."\" LIMIT 1;";
  63| 
  64|     //Query to insert hash into database
  65|     $dbQueryInsert = "INSERT INTO ".$table." VALUES('".$hKey."', '".$time."', 0);";
  66| 
  67|     //Delete old records
  68|     $Resultset = @mysqli_query($oConnection, $dbQueryClear);
  69| 
  70|     if(!$Resultset)
  71|     {
  72|         $uError = "<p>Error 1004: Unable to perform stage 1 query.<br>\nPlease contact administrator: administrator email</p>";
  73|         $aError = "Error 1004: Unable to perform stage 1 query.".
  74|         "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  75|         @mysqli_close($oConnection);
  76|         ContactsErrorPage($uError);
  77|         if($devmode)
  78|         {
  79|             error_file("error",$aError);
  80|         }
  81|         exit();
  82|     }
  83| 
  84|     //Check if new hash is unique
  85|     $Resultset = @mysqli_query($oConnection, $dbQueryCheck);
  86| 
  87|     if(!$Resultset)
  88|     {
  89|         $uError = "<p>Error 1005: Unable to perform stage 2 query.<br>\nPlease contact administrator: administrator email</p>";
  90|         $aError = "Error 1005: Unable to perform stage 2 query.".
  91|         "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
  92|         @mysqli_close($oConnection);
  93|         ContactsErrorPage($uError);
  94|         if($devmode)
  95|         {
  96|             error_file("error",$aError);
  97|         }
  98|         exit();
  99|     }
100| 
101|     //Determine number of rows
102|     $numRows = 0;
103|     $numRows = @mysqli_num_rows($ResultSet);
104| 
105|     //If not unique rinse and repeat until unique
106|     while($numRows != 0)
107|     {
108|         $hKey = hash("ripemd256",uniqid(mt_rand(),true));
109| 
110|         //Check if new hash is unique
111|         $Resultset = @mysqli_query($oConnection, $dbQueryCheck);
112| 
113|         if(!$Resultset)
114|         {
115|             $uError = "<p>Error 1006: Unable to perform stage 2a query.<br>\nPlease contact administrator: administrator email</p>";
116|             $aError = "Error 1006: Unable to perform stage 2a query.".
117|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
118|             @mysqli_close($oConnection);
119|             ContactsErrorPage($uError);
120|             if($devmode)
121|             {
122|             error_file("error",$aError);
123|             }
124|             exit();
125|         }
126| 
127|         //Determine number of rows
128|         $numRows = 0;
129|         $numRows = @mysqli_num_rows($ResultSet);
130|     }
131| 
132|     //Insert record into database
133|     $Resultset = @mysqli_query($oConnection, $dbQueryInsert);
134| 
135|     if(!$Resultset)
136|     {
137|         $uError = "<p>Error 1007: Unable to perform stage 3 query.<br>\nPlease contact administrator: administrator email</p>";
138|         $aError = "Error 1007: Unable to perform stage 3 query.".
139|         "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
140|         @mysqli_close($oConnection);
141|         ContactsErrorPage($uError);
142|         if($devmode)
143|         {
144|             error_file("error",$aError);
145|         }
146|         exit();
147|     }
148| 
149|     @mysqli_free_result($ResultSet);
150|     @mysqli_close($oConnection);
151| 
152|     return $hKey;
153| }
154| 
155| //Check hash to see if it is unique and in database
156| function checkHash($DBName, $host, $user, $pass, $table, $hTok, $firstName, $lastName, $email, $subject, $message, $serverScript, $CapA, $CapB, $CapSign, $capAnswer)
157| {
158| 
159|     //Check if $hTok is blank
160|     if(strcmp("", $hTok) == 0)
161|     {
162|         $uError = "<p>Error 1010: ID nonexistant.<br>Please resubmit.</p>";
163|         $aError = "Error 1010: ID nonexistant. Please resubmit.";
164|         $hTok = createHash($DBName, $host, $user, $pass, $table);
165|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $aError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
166|         if($devmode)
167|         {
168|             error_file("error",$aError);
169|         }
170|         exit();
171|     }
172| 
173|     //connect to the MySQL server
174|     $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
175| 
176|     if(!$oConnection)
177|     {
178|         if(2005 == @mysqli_connect_errno())
179|         {
180|             $uError = "<p>Error 1011: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
181|             $aError = "Error 1011: Unable to connect to the host. ".
182|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
183|         }
184|         elseif(1049 == @mysqli_connect_errno())
185|         {
186|             $uError = "<p>Error 1012: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
187|             $aError = "Error 1012: Unable to connect to the database. ".
188|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
189|         }
190|         elseif(1044 == @mysqli_connect_errno())
191|         {
192|             $uError = "<p>Error 1013: Database username error.<br>\nPlease contact administrator: administrator email</p>";
193|             $aError = "Error 1013: Database username error. ".
194|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
195|         }
196|         elseif(1045 == @mysqli_connect_errno())
197|         {
198|             $uError = "<p>Error 1014: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
199|             $aError = "Error 1014: Database password corruption error. ".
200|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
201|         }
202|         else
203|         {
204|             $uError = "<p>Error 000B: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
205|             $aError = "Error 000B: Unknown connection error. ".
206|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
207|         }
208|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
209|         if($devmode)
210|         {
211|             error_file("error",$aError);
212|         }
213|         exit();
214|     }
215| 
216|     //Run the Querys
217| 
218|     //Query to check if new hash is unique
219|     $hKey = mysqli_real_escape_string($oConnection,$hTok);
220| 
221|     $dbQuery = "SELECT * FROM ".$table." WHERE catEncrypt = \"".$hKey."\" LIMIT 1;";
222| 
223|     $Resultset = @mysqli_query($oConnection, $dbQuery);
224| 
225|     if(!$Resultset)
226|     {
227|         $uError = "<p>Error 1015: Unable to perform query.<br>\nPlease contact administrator: administrator email</p>";
228|         $aError = "Error 1015: Unable to perform query.".
229|         "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
230|         @mysqli_close($oConnection);
231|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $aError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
232|         if($devmode)
233|         {
234|             error_file("error",$aError);
235|         }
236|         exit();
237|     }
238| 
239|     //Determine number of rows
240|     $numRows = 0;
241|     $numRows = mysqli_num_rows($Resultset);
242| 
243| 
244|     if($numRows = 0)
245|     {
246|         @mysqli_free_result($Resultset);
247|         @mysqli_close($oConnection);
248|         $uError = "<p>Error 1016: Contact ID missing.<br>Please resubmit.</p>";
249|         $aError = "Error 1016: Contact ID missing. Please resubmit.";
250|         $hTok = createHash($DBName, $host, $user, $pass, $table);
251|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
252|         if($devmode)
253|         {
254|             error_file("warning",$aError);
255|         }
256|         exit();
257|     }
258| 
259|     //fetch row key info
260|     $row = mysqli_fetch_assoc($Resultset);
261| 
262| 
263|     if($row['catEncrypt'] != $hKey)
264|     {
265|         @mysqli_free_result($Resultset);
266|         @mysqli_close($oConnection);
267|         $uError = "<p>Error 1017: Contact ID mismatch.<br>Please resubmit.</p>";
268|         $aError = "Error 1017: Contact ID mismatch. Please resubmit.";
269|         $hTok = createHash($DBName, $host, $user, $pass, $table);
270|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
271|         if($devmode)
272|         {
273|             error_file("warning",$aError);
274|         }
275|         exit();
276|     }
277| 
278|     //fetch row check info
279|     $check = $row['catCheck'];
280| 
281|     return $check;
282| 
283| }
284| 
285| //Switch hash's catCheck switch from '0' to '1'
286| function sthHash($DBName, $host, $user, $pass, $table, $hTok, $firstName, $lastName, $email, $subject, $message, $serverScript, $CapA, $CapB, $CapSign, $capAnswer)
287| {
288|     //connect to the MySQL server
289|     $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
290| 
291|     if(!$oConnection)
292|     {
293|         if(2005 == @mysqli_connect_errno())
294|         {
295|             $uError = "<p>Error 1020: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
296|             $aError = "Error 1020: Unable to connect to the host. ".
297|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
298|         }
299|         elseif(1049 == @mysqli_connect_errno())
300|         {
301|             $uError = "<p>Error 1021: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
302|             $aError = "Error 1021: Unable to connect to the database. ".
303|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
304|         }
305|         elseif(1044 == @mysqli_connect_errno())
306|         {
307|             $uError = "<p>Error 1022: Database username error.<br>\nPlease contact administrator: administrator email</p>";
308|             $aError = "Error 1022: Database username error. ".
309|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
310|         }
311|         elseif(1045 == @mysqli_connect_errno())
312|         {
313|             $uError = "<p>Error 1023: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
314|             $aError = "Error 1023: Database password corruption error. ".
315|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
316|         }
317|         else
318|         {
319|             $uError = "<p>Error 000C: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
320|             $aError = "Error 000C: Unknown connection error. ".
321|             "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
322|         }
323|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
324|         if($devmode)
325|         {
326|             error_file("error",$aError);
327|         }
328|         exit();
329|     }
330| 
331|     //Run the Querys
332| 
333|     //Query to change catCheck from '0' to '1' based on hash
334|     $hKey = mysqli_real_escape_string($oConnection,$hTok);
335| 
336|     $dbQuery = "UPDATE ".$table." SET catCheck = \"1\" WHERE catEncrypt = \"".$hKey."\";";
337| 
338|     $Resultset = @mysqli_query($oConnection, $dbQuery);
339| 
340|     if(!$Resultset)
341|     {
342|         $uError = "<p>Error 1024: Unable to perform update query.<br>\nPlease contact administrator: administrator email</p>";
343|         $aError = "Error 1024: Unable to perform update query.".
344|         "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
345|         @mysqli_close($oConnection);
346|         contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
347|         if($devmode)
348|         {
349|             error_file("error",$aError);
350|         }
351|         exit();
352|     }
353| 
354| }
355| 
356| //Contacts error page
357| function ContactsErrorPage($Error)
358| {
359|     //Bring in header
360|     pageHeader("../showcase/","Error",2,null);
361| 
362|     //Bring in master head
363|     master(0);
364| 
365|     echo "<div id=\"content\">\n";
366|     echo "<h1 class=\"center\">Error</h1>";
367|     echo "<div class=\"error\">\n";
368|     echo "<p>We're sorry...<br>\n".$Error."</p>";
369|     echo "\n</div>\n";
370|     echo "</div>\n";
371| 
372|     //Bring in plain html code and display the ending
373|     pageEnding("../showcase/");
374| 
375| }
376| 
377| //create and maintain an error log
378| function error_file($Type, $Error)
379| {
380|     $dirname = "log";
381|     $filename = "error.log";
382| 
383|     //Create date/time stamp
384|     $arrDay = array("Sun","Mon","Tue","Wed","Thu","Fri","Sat");
385|     $intWeek = date(w);
386|     $dtstrWeek = $arrDay[$intWeek];
387| 
388|     $dtCurrent = date('M d H:i:s Y');
389| 
390|     $dtStamp = "[".$dtstrWeek." ".$dtCurrent."]";
391| 
392|     $strError = "[".$Type."]";
393| 
394|     $strFinish = $dtStamp." ".$strError." ".$Error;
395| 
396|     //Create/Open/Write/Close directory
397|     if(!is_dir($dirname))
398|     {
399|         mkdir($dirname);
400|     }
401|     else
402|     {
403|         //Create/Open/Write/Close file
404|         $handleError = fopen($dirname."/".$filename, "a+");
405|         fwrite($handleError, $strFinish);
406|         fclose($handleError);
407|     }
408| }
409| 
410| //create and maintain an mail log for just in case mail() fails
411| function mail_file($to,$from,$subject,$message)
412| {
413|     $dirname = "log";
414|     $filename = "mail.log";
415|     $time = time();
416| 
417|     $strStorage = $time."|".$to."|".$from."|".$subject."|".$message."\n";
418| 
419|     //Create/Open/Write/Close directory
420|     if(!is_dir($dirname))
421|     {
422|         mkdir($dirname);
423|     }
424|     else
425|     {
426|         //Create/Open/Write/Close file
427|         $handleError = fopen($dirname."/".$filename, "a+");
428|         fwrite($handleError, $strStorage);
429|         fclose($handleError);
430|     }
431| }
432| 
433| ?>