Tweet
Naval
my code doesnt allow me to ADD or ALTER the DB tables
can you take a look and tell me why ?
after you told me to download the new one in order to save the path to uploaded images it doesnt ALTER or ADD a new table
thank you
my code doesnt allow me to ADD or ALTER the DB tables
can you take a look and tell me why ?
after you told me to download the new one in order to save the path to uploaded images it doesnt ALTER or ADD a new table
Code:
<?php
# ----------------------------------------------------
# -----
# ----- This script was created by DB Technosystems.com
# -----
# ----- [URL]http://www.dbtechnosystems.com[/URL]
# -----
# ----------------------------------------------------
error_reporting(55);
session_start();
$_SESSION[error] = "";
$error = "";
$length_array = array ("A" => "30", "B" => "60", "C" => "200", "D" => "500", "E" => "65536", "F" => "30", "G" => "60", "H" => "200", "J" => "500", "I" => "65536", "e" => "100");
if ($_SERVER['REQUEST_METHOD'] != 'POST'){
$error = "No direct access is allowed!";
include("dbts_ABVFP_errorpage.php");
exit;
}
function RecursiveMkdir($path)
{
if (!file_exists($path)) {
RecursiveMkdir(dirname($path));
mkdir($path, 0777);
}
}
require ("dbts_ABVFP_config.php");
$dbts_Formid = $_POST['Formid'];
$ndformurl1 = $_SERVER['HTTP_REFERER'];
if ($dbts_Formid == "") {
$error = "I cannot process the form. The form has not been correctly setup. !";
include ("dbts_ABVFP_errorpage.php");
exit;
}
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
$error = "Could not connect to the Database Server. Please check user details !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
mysql_select_db($db_name, $db);
if (!mysql_select_db($db_name, $db)) {
$error = "Could not select Database. Please check user details !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
$query = "SELECT Formname, Site, Formurl, Max_filesize, Uploadfolder, Emailaddress, EmailSubject, Emailheader, Emailfooter, Thankyoupage, Errorpage, Autoresponder, Include_email, Autoresponder_EmailSubject, Autoresponder_From, Autoresponder_Emailheader, Autoresponder_Emailfooter, Database_Store FROM ABVFP_Forms WHERE Formid= '$dbts_Formid'";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row =="") {
$error = "I cannot process the form. The form has not been correctly setup. !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
// -------- RECEIVIMG CONFIGURATION VARIABLES FROM THE DB -----------
$ndsite = $row[Site] ;
$ndformurl = $row[Formurl] ;
$ndfilesize = $row[Max_filesize] ;
$ndmailsubject = $row[EmailSubject] ;
$ndmailfirstline = $row[Emailheader] ;
$ndmaillastline = $row[Emailfooter] ;
$autoresponderfirstline = $row[Autoresponder_Emailheader] ;
$autoresponderlastline = $row[Autoresponder_Emailfooter] ;
$autoresponder = $row[Autoresponder] ;
$autoresponderfrom = $row[Autoresponder_From] ;
$autorespondersubject = $row[Autoresponder_EmailSubject] ;
$nduploadfolder = $row[Uploadfolder] ;
$returnpage = $row[Thankyoupage] ;
$errorpage = $row[Errorpage] ;
$ndmailaddress = $row[Emailaddress] ;
$ndincludeemail = $row[Include_email] ;
$ndDatabase_Store = $row[Database_Store] ;
//Captcha Verification
if (isset($_POST['captcha_code'])) {
if (isset($_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt']) {
unset($_POST['captcha_code'],$_SESSION['random_txt']);
}
else {
$_SESSION[error] = "The verification code you have entered is not correct! Please go back and try again.";
header("Location: $errorpage");
exit;
}
}
//Finding out if there are more than email addresses to receive the email
$ndmailaddress1 = explode(",", $ndmailaddress);
//Setting the autoresponder "From" email address
if (count($ndmailaddress1 ==0))
{
$ndmailaddress2 = $ndmailaddress;
}
if (count($ndmailaddress1 >=1)) {
$ndmailaddress2 = $ndmailaddress1[0];
}
// Fix the path if www. is missing or we are in the index page
// This is to avoid common error with www. missing, or Form URL containing the "index.html" etc.
// It also strips the slash if the referer is the index page, common error when the user doesn't add the slash in the form URL field.
if (substr($ndformurl1, 0, 7) == "http://" and substr_count($ndformurl1, 'http://www.') == 0) {
$ndformurl1 = "<A href="http://www.".substr($ndformurl1">http://www.".substr($ndformurl1, 7, strlen($ndformurl1)-7);
}
if (substr($ndformurl1, -1, 1) == "/") {
$ndformurl1 = substr($ndformurl1, 0, strlen($ndformurl1)-1);
}
if (substr_count($ndformurl1 , '/index') > 0) {
$ndformurl2 = explode("/index", $ndformurl1 );
$ndformurl1 = $ndformurl2[0];
}
if (substr($ndformurl, 0, 7) != "http://") {
$ndformurl = "<A href="http://".$ndformurl">http://".$ndformurl;
}
if (substr_count($ndformurl , '/index') > 0) {
$ndformurl2 = explode("/index", $ndformurl );
$ndformurl = $ndformurl2[0];
}
if (substr($ndformurl, -1, 1) == "/") {
$ndformurl = substr($ndformurl, 0, strlen($ndformurl)-1);
}
if ($ndformurl1 != "") {
if ($ndformurl1 != $ndformurl) {
$error = "Illegal Form Submission \n";
}
}
// -------- RECEIVIMG FIELDNAMES VALUES AND VALIDATION DETAILS------
$internalfields = array ("submit", "reset", "formid","send", "captcha_code");
$i = "0";
reset ($HTTP_POST_VARS);
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
if (!in_array(strtolower($key), $internalfields)) {
$fieldname = trim($key);
$fieldlenght = strlen(trim($key));
$realfieldlength = $fieldlenght;
if (substr($fieldname, -3, 1) == "-") {
$ndLast = substr($fieldname, -1, 1);
if ($ndLast == "R") {
$R[$i] = "R";
$V[$i] = substr($fieldname, -2, 1);
} else {
$V[$i] = substr($fieldname, -1, 1);
$R[$i] = substr($fieldname, -2, 1);
}
$realfieldlength = $fieldlenght-3;
}
if (substr($fieldname, -2, 1) == "-") {
$ndLast = substr($fieldname, -1, 1);
if ($ndLast == "R") {
$R[$i] = "R";
} else {
$V[$i] = substr($fieldname, -1, 1);
}
$realfieldlength = $fieldlenght-2;
}
// ------ Checking for multiple Choice Values ---------
@$fieldvalue = $_POST[$key];
if (is_array($fieldvalue)) {
@$fieldvalue = @implode(", ",$_POST[$key]);
}
// ----Setting the clear Field Names and Values-------
$fieldname = substr($key, 0, $realfieldlength);
if ($fieldname == "Email")
{
$ndemail = $fieldvalue;
}
$ndfieldname[] = addslashes($fieldname);
$ndfieldname_final[] = ucwords(str_replace("_", " ", $fieldname));
$ndfieldvalue[] = $fieldvalue;
$i = $i + 1 ;
}
}
// ------RECEIVING FILE VARIABLES--------------------
reset ($_FILES);
$i = 0;
while (list ($key, $val) = each ($_FILES)) {
if ($_FILES[$key]['name']!="") {
$upload_Name1 = ($_FILES[$key]['name']);
$upload_Name[] = str_replace(" ", "_", $upload_Name1);
$upload_Size[] = ($_FILES[$key]['size']);
$upload_Temp[] = ($_FILES[$key]['tmp_name']);
$upload_Type[] = ($_FILES[$key]['type']);
$uploadlink[] = "$nduploadfolder/$upload_Name[$i] \n";
$ndfieldname[] = $key;
$ndfieldname_final[] = ucwords(str_replace("_", " ", $key));
$ndfieldvalue[] = $uploadlink[$i];
// if the upload succeded, the file will exist
if (file_exists($upload_Temp[$i])){
// check to make sure that it is an uploaded file and not a system file
if(is_uploaded_file($upload_Temp[$i])){
// open the file for a binary read
$file = fopen($upload_Temp[$i],'rb');
// read the file content into a variable
$data1 = fread($file,filesize($upload_Temp[$i]));
// close the file
fclose($file);
// now we encode it and split it into acceptable length lines
$data[] = chunk_split(base64_encode($data1));
}
$i = $i + 1;
}
}
// checking for validation and injection
$crack_value = urldecode($ndfieldvalue[$i]);
if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {
$error .= "The field $ndfieldname[$i] contained e-mail headers in the value submitted.
This seems to be a cracking attempt and the message has not been sent.!\n";
echo "Fieldvalue = $ndfieldvalue[$i] <br>";
}
// Check for required fields
if ($R[$i] == "R") {
if (strlen($ndfieldvalue[$i]) == 0) {
$error .= "The field $ndfieldname[$i] is missing !\n";
}
}
// Check for Email field
if ($V[$i] == "e") {
if (trim($ndfieldvalue[$i]) != "") {
$fieldtype[$i] = "VARCHAR (100)" ;
if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', $ndfieldvalue[$i])) {
$error .= "Your $ndfieldname[$i] field (email address) seems incorrect !\n";
}
if (substr_count($ndfieldvalue[$i] , [EMAIL="'@'"]'@'[/EMAIL]) > 1) {
$error .= "The field $ndfieldname[$i] can only contain the @ character once !\n";
}
}
}
// Check for Length, Validation type, and set the DB column type
if ($V[$i] !="" and $V[$i] !="N" and $V[$i] !="e") {
if ($length_array[$i] <= 255) {
$column_type = "VARCHAR";
}
else {
$column_type = "TEXT";
}
$fieldtype[$i] = $column_type."(".$length_array[$V[$i]].")" ;
if (strlen($ndfieldvalue[$i]) > $length_array[$V[$i]]) {
$error .= "The field $ndfieldname[$i] must be less than ".$length_array[$V[$i]]." characters !\n";
}
if ($V[$i] =="A" or $V[$i] =="B" or $V[$i] =="C" or $V[$i] =="D" or $V[$i] =="E") {
if (substr_count($ndfieldvalue[$i] , [EMAIL="'@'"]'@'[/EMAIL]) > 0 or substr_count($ndfieldvalue[$i] , 'http://') >0 or substr_count($ndfieldvalue[$i] , 'www.') > 0 ) {
$error .= "The field $ndfieldname[$i] cannot contain the [EMAIL="'@'"]'@'[/EMAIL], 'http://' and 'www.' characters !\n";
}
}
if ($V[$i] =="F" or $V[$i] =="G" or $V[$i] =="H" or $V[$i] =="J" or $V[$i] =="I") {
if (substr_count($ndfieldvalue[$i] , [EMAIL="'@'"]'@'[/EMAIL]) > 1 or substr_count($ndfieldvalue[$i] , 'http://') >1 or substr_count($ndfieldvalue[$i] , 'www.') > 1 ) {
$error .= "The field $ndfieldname[$i] cannot contain the [EMAIL="'@'"]'@'[/EMAIL], 'http://' and 'www.' characters more than once!\n";
}
}
}
// Check for Numeric field
if ($V[$i] == "N") {
if ($ndfieldvalue[$i] != "") {
if (!is_numeric($ndfieldvalue[$i])) {
$error .= "The field $ndfieldname[$i] should be only numbers / No spaces allowed $nerror !\n";
}
}
$fieldtype[$i] = "VARCHAR (30)";
}
if ($V[$i] =="") {
$fieldtype[$i] = "VARCHAR (250)";
}
}
// ------------CHECKING FOR MAX UPLOADED FILE SIZE ----------------------
$ndfilesize1= $ndfilesize*1024;
for ($i = 0; $i < count($upload_Name); $i++) {
if ($upload_Name[$i] != "" ) {
if ($upload_Size[$i] >= $ndfilesize1) {
$error .= "The size of $upload_Name[$i] is bigger than the allowed $ndfilesize Kb !\n";
}
}
}
// If there is an error, send to the errorpage
if ($error != "") {
$_SESSION[error] = $error;
header("Location: $errorpage");
echo "Error = $error <br> Errorpage = $errorpage";
exit;
}
//--------- Move the files to destination----------------
$nduploadfolder1 = basename($nduploadfolder);
for ($i = 0; $i < count($upload_Name); $i++) {
if ($upload_Size[$i] < $ndfilesize1 and $upload_Size[$i] >0)
{
$uploadFile = "$nduploadfolder1/".$upload_Name[$i];
if (!is_dir(dirname($uploadFile)))
{
@RecursiveMkdir(dirname($uploadFile));
}
else
{
@chmod(dirname($uploadFile), 0777);
}
@move_uploaded_file( $upload_Temp[$i] , $uploadFile);
chmod($uploadFile, 0644);
}
}
//------------- Find Server date and Time--------------------
$date = date("l jS F Y, g:i A");
$Submission_Date = date("d/m/Y");
//----------------- Find Browser and IPaddress --------------
$browser =$_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
// ---- STORING FIELD VALUES IN THE DATABASE TABLE ---------------
if ($ndDatabase_Store == "Yes") {
$dbts_table = "_Form_Nr_$dbts_Formid";
// Check if the table exists already ------------
$result = mysql_list_tables($db_name);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$key= "Tables_in_$db_name";
$tablename[] = $row[$key];
}
if (!in_array($dbts_table, $tablename)) {
$query = "CREATE TABLE `$dbts_table` (";
$query .='`Record_Nr` INT NOT NULL AUTO_INCREMENT PRIMARY KEY, ';
for ($i = 0; $i < (count($ndfieldname)); $i++) {
//$ndmailbody .= "$ndfieldname[$i] = $ndfieldvalue[$i] \r\n";
$ndfieldname_tolower = strtolower($ndfieldname[$i]);
$query .= "`$ndfieldname_tolower` $fieldtype[$i], ";
}
$query .='`Submission_Date` VARCHAR (20),';
$query .='`IP_Address` VARCHAR (15)';
$query .=' )'
. ' ENGINE = myisam;';
}
if (mysql_query($query, $db)){
$message = "Installation completed";
}
else {
$_SESSION[error] = "There has been an unknown error during Form Table creation. Invalid Query = $query: Please contact support at [EMAIL="info@dbtechnosystems.com"]info@dbtechnosystems.com[/EMAIL]";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
// Check if the field exists in the table, to avoid crashes
$result = mysql_list_fields($db_name, $dbts_table, $db);
$fieldnumber = mysql_num_fields($result);
for ($i = 0; $i < $fieldnumber; $i++) {
$fieldstable[$i] = strtolower(mysql_field_name($result, $i));
$last_useful = $fieldnumber - 3;
}
//--- check if all fields exist in the database or columns have to be added
for ($i = 0; $i < (count($ndfieldname)); $i++) {
$ndfieldname_tolower = strtolower($ndfieldname[$i]);
$query = 'ALTER TABLE `'.$dbts_table.'` ';
if (!in_array($ndfieldname_tolower,$fieldstable)) {
$query .= 'ADD `'.$ndfieldname_tolower.'` '.$fieldtype[$i].' AFTER `'.$fieldstable[$last_useful].'`;';
$result = mysql_query($query);
if (!$result) {
$_SESSION[error] = "There has been an unknown error during Column addition. Invalid Query = $query .Please contact support at [EMAIL="info@dbtechnosystems.com"]info@dbtechnosystems.com[/EMAIL]";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
}
$fieldstable[] = $ndfieldname_tolower;
}
@$query = "INSERT INTO `$dbts_table`(";
for ($i = 0; $i < count($ndfieldname); $i++) {
$dbfield = strtolower($ndfieldname[$i]);
//$dbvalue = $ndfieldvalue[$i];
if (in_array($dbfield,$fieldstable)) {
@$query .= "`$dbfield` ,";
}
}
@$query .= "`Submission_Date` ,";
@$query .= "`IP_Address` ";
@$query .= ")";
@$query .= "VALUES (";
for ($i = 0; $i < count($ndfieldname); $i++) {
$dbfield = strtolower($ndfieldname[$i]);
if (in_array($dbfield,$fieldstable)) {
@$query .= "\"$ndfieldvalue[$i]\",";
}
}
@$query .= "\"$Submission_Date\",";
@$query .= "\"$ip\"";
@$query .= ")" ;
$db = mysql_connect($db_host, $db_user, $db_password);
if (!$db) {
$_SESSION[error] = "There has been a connection problem at line 572:". mysql_error()."Please contact support at [EMAIL="info@dbtechnosystems.com"]info@dbtechnosystems.com[/EMAIL]";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
$db_selected = mysql_select_db($db_name, $db);
if (!$db_selected) {
$_SESSION[error] = "There has been a connection problem at line 577:". mysql_error().". Please contact support at [EMAIL="info@dbtechnosystems.com"]info@dbtechnosystems.com[/EMAIL]";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
//insert new record
$result = mysql_query($query);
if (!$result) {
$_SESSION[error] = "There has been a DB problem at line 588: Query=$query".mysql_error().". Please contact support at [EMAIL="info@dbtechnosystems.com"]info@dbtechnosystems.com[/EMAIL]";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
mysql_close($db);
}
// ------------Building the mail ----------------------
if ($ndemail == "") {
$ndemail = $ndmailaddress2;
}
// generate a random string to be used as the boundary marker
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
// now we'll build the message headers
$ndmailhead = "From: $ndemail\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: multipart/mixed;\r\n" .
" boundary=\"{$mime_boundary}\"";
for ($i = 0; $i < count($ndfieldname); $i++) {
$ndmailbody .= "$ndfieldname_final[$i] = \t".stripslashes($ndfieldvalue[$i])." \r\n";
}
$ndmailbody1 .= "$ndmailfirstline \r\n"
. "$ndmailbody \r\n"
. "$ndmaillastline \r\n"
. "-----------------------------------------------------------\n"
. "Date of submission : $date\r\n"
. "Browser : $browser\r\n"
. "IP address : $ip\r\n";
$ndmailbody1 = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$ndmailbody1 . "\n\n";
// now we'll process our uploaded files
if (count($upload_Name)>0) {
for ($i = 0; $i < count($upload_Name); $i++){
// now we'll insert a boundary to indicate we're starting the attachment
// we have to specify the content type, file name, and disposition as
// an attachment, then add the file content.
// NOTE: we don't set another boundary to indicate that the end of the
// file has been reached here. we only want one boundary between each file
// we'll add the final one after the loop finishes.
$type = $upload_Type[$i];
$name = $upload_Name[$i];
$ndmailbody1 .= "--{$mime_boundary}\n" .
"Content-Type: {$type};\n" .
" name=\"{$name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data[$i] . "\n\n";
}
}
// here's our closing mime boundary that indicates the last of the message
$ndmailbody1.="--{$mime_boundary}--\n";
for ($i = 0; $i <= count($ndmailaddress1); $i++){
mail($ndmailaddress1[$i], $ndmailsubject, $ndmailbody1, $ndmailhead);
}
if ($autoresponder == "Yes")
{
if ($ndincludeemail == "Yes") {
$ndfromaddress = $ndmailaddress2;
}
else {
$ndfromaddress = "no_reply@";
if (substr_count($ndsite , 'http://www.') == 1) {
$ndfromaddress .= substr($ndsite, 11, strlen($ndsite)-11) ;
}
else if (substr_count($ndsite , 'http://') == 1) {
$ndfromaddress .= substr($ndsite, 7, strlen($ndsite)-7) ;
}
else if (substr_count($ndsite , 'www.') == 1) {
$ndfromaddress .= substr($ndsite, 4, strlen($ndsite)-4) ;
}
else{
$ndfromaddress .= $ndsite;
}
}
$ndmailsubject = $autorespondersubject;
$ndmailbody = "";
for ($i = 0; $i < (count($ndfieldname) - count($upload_Name)); $i++) {
$ndmailbody .= "$ndfieldname_final[$i] = ".stripslashes($ndfieldvalue[$i])." \r\n";
}
if (count($upload_Name)>0) {
$ndmailbody .= "You have also uploaded the following files: \r\n";
for ($i = 0; $i < count($upload_Name); $i++){
$k = $i +1;
$ndmailbody .= "File $k : $upload_Name[$i] \r\n" ;
}
}
$ndmailsubject = $autorespondersubject;
$ndmailhead = "MIME-Version: 1.0\r\n";
$ndmailhead .= "From: $autoresponderfrom < $ndmfromaddress >" . "\r\n";
$ndmailbody1 = "$autoresponderfirstline\n"
. "$ndmailbody\r\n"
. "$autoresponderlastline\r\n"
. "-----------------------------------------------------------\r\n"
. "Time of submission : $date\r\n"
. "-----------------------------------------------------------\r\n";
mail($ndemail, $ndmailsubject, $ndmailbody1, $ndmailhead);
}
header("Location: $returnpage");
?>
?>
thank you
Comment