Contact_MySQL_rtns
This is the PHP script that contains the MySQL routines for the token aspect of the Contact form.
1| <?php
2|
3| //Create a unique hash and add it to a database
4| function createHash($DBName, $host, $user, $pass, $table, $devmode)
5| {
6|
7| $hKey = hash("ripemd256",uniqid(mt_rand(),true));
8| $time = time();
9| $pasttime = $time - 259200; //3600 seconds per hour x 24 hours x 3 days
10|
11| //connect to the MySQL server
12| $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
13|
14| if(!$oConnection)
15| {
16| if(2005 == @mysqli_connect_errno())
17| {
18| $uError = "<p>Error 1000: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
19| $aError = "Error 1000: Unable to connect to the host. ".
20| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
21| }
22| elseif(1049 == @mysqli_connect_errno())
23| {
24| $uError = "<p>Error 1001: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
25| $aError = "Error 1001: Unable to connect to the database. ".
26| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
27| }
28| elseif(1044 == @mysqli_connect_errno())
29| {
30| $uError = "<p>Error 1002: Database username error.<br>\nPlease contact administrator: administrator email</p>";
31| $aError = "Error 1002: Database username error. ".
32| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
33| }
34| elseif(1045 == @mysqli_connect_errno())
35| {
36| $uError = "<p>Error 1003: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
37| $aError = "Error 1003: Database password corruption error. ".
38| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
39| }
40| else
41| {
42| $uError = "<p>Error 000A: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
43| $aError = "Error 000A: Unknown connection error. ".
44| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
45| }
46| ContactsErrorPage($uError);
47|
48| if($devmode)
49| {
50| error_file("error",$aError);
51| }
52|
53| exit();
54| }
55|
56| //Run the Querys
57|
58| //Query to clear old entries
59| $dbQueryClear = "DELETE FROM ".$table." WHERE catTimestamp < ".$pasttime.";";
60|
61| //Query to check if new hash is unique
62| $dbQueryCheck = "SELECT * FROM ".$table." WHERE catEncrypt = \"".$hKey."\" LIMIT 1;";
63|
64| //Query to insert hash into database
65| $dbQueryInsert = "INSERT INTO ".$table." VALUES('".$hKey."', '".$time."', 0);";
66|
67| //Delete old records
68| $Resultset = @mysqli_query($oConnection, $dbQueryClear);
69|
70| if(!$Resultset)
71| {
72| $uError = "<p>Error 1004: Unable to perform stage 1 query.<br>\nPlease contact administrator: administrator email</p>";
73| $aError = "Error 1004: Unable to perform stage 1 query.".
74| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
75| @mysqli_close($oConnection);
76| ContactsErrorPage($uError);
77| if($devmode)
78| {
79| error_file("error",$aError);
80| }
81| exit();
82| }
83|
84| //Check if new hash is unique
85| $Resultset = @mysqli_query($oConnection, $dbQueryCheck);
86|
87| if(!$Resultset)
88| {
89| $uError = "<p>Error 1005: Unable to perform stage 2 query.<br>\nPlease contact administrator: administrator email</p>";
90| $aError = "Error 1005: Unable to perform stage 2 query.".
91| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
92| @mysqli_close($oConnection);
93| ContactsErrorPage($uError);
94| if($devmode)
95| {
96| error_file("error",$aError);
97| }
98| exit();
99| }
100|
101| //Determine number of rows
102| $numRows = 0;
103| $numRows = @mysqli_num_rows($ResultSet);
104|
105| //If not unique rinse and repeat until unique
106| while($numRows != 0)
107| {
108| $hKey = hash("ripemd256",uniqid(mt_rand(),true));
109|
110| //Check if new hash is unique
111| $Resultset = @mysqli_query($oConnection, $dbQueryCheck);
112|
113| if(!$Resultset)
114| {
115| $uError = "<p>Error 1006: Unable to perform stage 2a query.<br>\nPlease contact administrator: administrator email</p>";
116| $aError = "Error 1006: Unable to perform stage 2a query.".
117| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
118| @mysqli_close($oConnection);
119| ContactsErrorPage($uError);
120| if($devmode)
121| {
122| error_file("error",$aError);
123| }
124| exit();
125| }
126|
127| //Determine number of rows
128| $numRows = 0;
129| $numRows = @mysqli_num_rows($ResultSet);
130| }
131|
132| //Insert record into database
133| $Resultset = @mysqli_query($oConnection, $dbQueryInsert);
134|
135| if(!$Resultset)
136| {
137| $uError = "<p>Error 1007: Unable to perform stage 3 query.<br>\nPlease contact administrator: administrator email</p>";
138| $aError = "Error 1007: Unable to perform stage 3 query.".
139| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
140| @mysqli_close($oConnection);
141| ContactsErrorPage($uError);
142| if($devmode)
143| {
144| error_file("error",$aError);
145| }
146| exit();
147| }
148|
149| @mysqli_free_result($ResultSet);
150| @mysqli_close($oConnection);
151|
152| return $hKey;
153| }
154|
155| //Check hash to see if it is unique and in database
156| function checkHash($DBName, $host, $user, $pass, $table, $hTok, $firstName, $lastName, $email, $subject, $message, $serverScript, $CapA, $CapB, $CapSign, $capAnswer)
157| {
158|
159| //Check if $hTok is blank
160| if(strcmp("", $hTok) == 0)
161| {
162| $uError = "<p>Error 1010: ID nonexistant.<br>Please resubmit.</p>";
163| $aError = "Error 1010: ID nonexistant. Please resubmit.";
164| $hTok = createHash($DBName, $host, $user, $pass, $table);
165| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $aError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
166| if($devmode)
167| {
168| error_file("error",$aError);
169| }
170| exit();
171| }
172|
173| //connect to the MySQL server
174| $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
175|
176| if(!$oConnection)
177| {
178| if(2005 == @mysqli_connect_errno())
179| {
180| $uError = "<p>Error 1011: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
181| $aError = "Error 1011: Unable to connect to the host. ".
182| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
183| }
184| elseif(1049 == @mysqli_connect_errno())
185| {
186| $uError = "<p>Error 1012: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
187| $aError = "Error 1012: Unable to connect to the database. ".
188| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
189| }
190| elseif(1044 == @mysqli_connect_errno())
191| {
192| $uError = "<p>Error 1013: Database username error.<br>\nPlease contact administrator: administrator email</p>";
193| $aError = "Error 1013: Database username error. ".
194| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
195| }
196| elseif(1045 == @mysqli_connect_errno())
197| {
198| $uError = "<p>Error 1014: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
199| $aError = "Error 1014: Database password corruption error. ".
200| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
201| }
202| else
203| {
204| $uError = "<p>Error 000B: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
205| $aError = "Error 000B: Unknown connection error. ".
206| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
207| }
208| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
209| if($devmode)
210| {
211| error_file("error",$aError);
212| }
213| exit();
214| }
215|
216| //Run the Querys
217|
218| //Query to check if new hash is unique
219| $hKey = mysqli_real_escape_string($oConnection,$hTok);
220|
221| $dbQuery = "SELECT * FROM ".$table." WHERE catEncrypt = \"".$hKey."\" LIMIT 1;";
222|
223| $Resultset = @mysqli_query($oConnection, $dbQuery);
224|
225| if(!$Resultset)
226| {
227| $uError = "<p>Error 1015: Unable to perform query.<br>\nPlease contact administrator: administrator email</p>";
228| $aError = "Error 1015: Unable to perform query.".
229| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
230| @mysqli_close($oConnection);
231| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $aError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
232| if($devmode)
233| {
234| error_file("error",$aError);
235| }
236| exit();
237| }
238|
239| //Determine number of rows
240| $numRows = 0;
241| $numRows = mysqli_num_rows($Resultset);
242|
243|
244| if($numRows = 0)
245| {
246| @mysqli_free_result($Resultset);
247| @mysqli_close($oConnection);
248| $uError = "<p>Error 1016: Contact ID missing.<br>Please resubmit.</p>";
249| $aError = "Error 1016: Contact ID missing. Please resubmit.";
250| $hTok = createHash($DBName, $host, $user, $pass, $table);
251| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
252| if($devmode)
253| {
254| error_file("warning",$aError);
255| }
256| exit();
257| }
258|
259| //fetch row key info
260| $row = mysqli_fetch_assoc($Resultset);
261|
262|
263| if($row['catEncrypt'] != $hKey)
264| {
265| @mysqli_free_result($Resultset);
266| @mysqli_close($oConnection);
267| $uError = "<p>Error 1017: Contact ID mismatch.<br>Please resubmit.</p>";
268| $aError = "Error 1017: Contact ID mismatch. Please resubmit.";
269| $hTok = createHash($DBName, $host, $user, $pass, $table);
270| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
271| if($devmode)
272| {
273| error_file("warning",$aError);
274| }
275| exit();
276| }
277|
278| //fetch row check info
279| $check = $row['catCheck'];
280|
281| return $check;
282|
283| }
284|
285| //Switch hash's catCheck switch from '0' to '1'
286| function sthHash($DBName, $host, $user, $pass, $table, $hTok, $firstName, $lastName, $email, $subject, $message, $serverScript, $CapA, $CapB, $CapSign, $capAnswer)
287| {
288| //connect to the MySQL server
289| $oConnection = @mysqli_connect($host, $user, $pass, $DBName);
290|
291| if(!$oConnection)
292| {
293| if(2005 == @mysqli_connect_errno())
294| {
295| $uError = "<p>Error 1020: Unable to connect to the host.<br>\nPlease contact administrator: administrator email</p>";
296| $aError = "Error 1020: Unable to connect to the host. ".
297| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
298| }
299| elseif(1049 == @mysqli_connect_errno())
300| {
301| $uError = "<p>Error 1021: Unable to connect to the database.<br>\nPlease contact administrator: administrator email</p>";
302| $aError = "Error 1021: Unable to connect to the database. ".
303| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
304| }
305| elseif(1044 == @mysqli_connect_errno())
306| {
307| $uError = "<p>Error 1022: Database username error.<br>\nPlease contact administrator: administrator email</p>";
308| $aError = "Error 1022: Database username error. ".
309| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
310| }
311| elseif(1045 == @mysqli_connect_errno())
312| {
313| $uError = "<p>Error 1023: Database password corruption error.<br>\nPlease contact administrator: administrator email</p>";
314| $aError = "Error 1023: Database password corruption error. ".
315| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
316| }
317| else
318| {
319| $uError = "<p>Error 000C: Unknown connection error.<br>\nPlease contact administrator: administrator email</p>";
320| $aError = "Error 000C: Unknown connection error. ".
321| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
322| }
323| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
324| if($devmode)
325| {
326| error_file("error",$aError);
327| }
328| exit();
329| }
330|
331| //Run the Querys
332|
333| //Query to change catCheck from '0' to '1' based on hash
334| $hKey = mysqli_real_escape_string($oConnection,$hTok);
335|
336| $dbQuery = "UPDATE ".$table." SET catCheck = \"1\" WHERE catEncrypt = \"".$hKey."\";";
337|
338| $Resultset = @mysqli_query($oConnection, $dbQuery);
339|
340| if(!$Resultset)
341| {
342| $uError = "<p>Error 1024: Unable to perform update query.<br>\nPlease contact administrator: administrator email</p>";
343| $aError = "Error 1024: Unable to perform update query.".
344| "Error Code: ".@mysqli_connect_errno()."Error: ".@mysqli_connect_error();
345| @mysqli_close($oConnection);
346| contactPage('Contact Error(s)', $serverScript, $firstName, $lastName, $email, $subject, $message, $uError, null, $hTok, $CapA, $CapB, $CapSign, $capAnswer);
347| if($devmode)
348| {
349| error_file("error",$aError);
350| }
351| exit();
352| }
353|
354| }
355|
356| //Contacts error page
357| function ContactsErrorPage($Error)
358| {
359| //Bring in header
360| pageHeader("../showcase/","Error",2,null);
361|
362| //Bring in master head
363| master(0);
364|
365| echo "<div id=\"content\">\n";
366| echo "<h1 class=\"center\">Error</h1>";
367| echo "<div class=\"error\">\n";
368| echo "<p>We're sorry...<br>\n".$Error."</p>";
369| echo "\n</div>\n";
370| echo "</div>\n";
371|
372| //Bring in plain html code and display the ending
373| pageEnding("../showcase/");
374|
375| }
376|
377| //create and maintain an error log
378| function error_file($Type, $Error)
379| {
380| $dirname = "log";
381| $filename = "error.log";
382|
383| //Create date/time stamp
384| $arrDay = array("Sun","Mon","Tue","Wed","Thu","Fri","Sat");
385| $intWeek = date(w);
386| $dtstrWeek = $arrDay[$intWeek];
387|
388| $dtCurrent = date('M d H:i:s Y');
389|
390| $dtStamp = "[".$dtstrWeek." ".$dtCurrent."]";
391|
392| $strError = "[".$Type."]";
393|
394| $strFinish = $dtStamp." ".$strError." ".$Error;
395|
396| //Create/Open/Write/Close directory
397| if(!is_dir($dirname))
398| {
399| mkdir($dirname);
400| }
401| else
402| {
403| //Create/Open/Write/Close file
404| $handleError = fopen($dirname."/".$filename, "a+");
405| fwrite($handleError, $strFinish);
406| fclose($handleError);
407| }
408| }
409|
410| //create and maintain an mail log for just in case mail() fails
411| function mail_file($to,$from,$subject,$message)
412| {
413| $dirname = "log";
414| $filename = "mail.log";
415| $time = time();
416|
417| $strStorage = $time."|".$to."|".$from."|".$subject."|".$message."\n";
418|
419| //Create/Open/Write/Close directory
420| if(!is_dir($dirname))
421| {
422| mkdir($dirname);
423| }
424| else
425| {
426| //Create/Open/Write/Close file
427| $handleError = fopen($dirname."/".$filename, "a+");
428| fwrite($handleError, $strStorage);
429| fclose($handleError);
430| }
431| }
432|
433| ?>