Help! I'm in over my head

muppetjones · March 4, 2008

I'm pretty new to this, and I'm buried pretty deep. I just got an email from my admin telling me I need to stop this script because it was core dumping (meaning a fatal error?), and it bounced over 7000 emails all over the system last night

Basically, I decided to update an old PHP4 user login script to PHP5 and include AJAX. Last night I was testing it, and I had no idea all of these problems were going on. I think the emails were from the error logging system -- they're supposed to go to a specified email address, but I never got any of them. Here's a copy of the email I received:

Your script located at http://squeezeoflime.com/Scripts/form_check.php has been moved to your account root. This script generated over 7000 emails that bounced back and forth on our server for an hour, which drive the load on this machine to inappropriate levels. Every time this script runs, it also core dumps on the server:

-rw------- 1 squeez7 squeez7 24M Mar 3 21:47 core.14811

-rw------- 1 squeez7 squeez7 24M Mar 3 21:51 core.15255

-rw------- 1 squeez7 squeez7 24M Mar 3 21:51 core.1342

I could really use some help, please! I've been over this code a million times, but I don't know the backend well enough to figure out how or what my program is doing to cause this!

Here's a quick rundown of how the program works:

1) user enters info (user name, email, first and last name): index.php

2) AJAX validates and returns response: ajax.js, form_check.php

3) user submits form: index.php

--3a) AJAX double checks form: ajax.php --> registration.php

--3b) AJAX registers user: UsrDB.php (extends BasicDB.php)

--3c) AJAX returns pass/fail

index.php --calls--> ajax.js --> form_check.php

form_check.php includes the classes Sys.php, Usr.php, and UsrDB.php.

Here is my AJAX script, and I'll post the others below...Thank you so much for the help!!!

/**********************************
Filename:	ajax.js
Date:			02.25.08
**********************************/

/***** CREATE XMLHTTP OBJECT *****/
function request() {
var browser = navigator.appName;		// get browser
var req = false;
if(browser == "Microsoft Internet Explorer") {	// IE
	try {
		req = new ActiveXObject("Msm12.XMLHTTP");		// -- Msm12
	} catch(err1) {
		try {
			req = new ActiveXObject("Microsoft.XMLHTTP");	// -- Microsoft
		} catch(err2) {
			req = false;		// FAIL!
		}
	}
} else {
	try {
		req = new XMLHttpRequest();	// not IE
	} catch(err) {
		req = false;
	}
}

return req;
}

var http = request();		// CREATE XMLHTTP object

var obj;							// other variables
var obj2;
var url;

/***** SEND AJAX REQUEST *******/
function send_post(params,use) {
http.open("POST", url, true);
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = eval(use);
http.send(params);
}

/********************************************************************************
***** USE FUNCTIONS *************************************************************
********************************************************************************/

/***** FORM *****/
function form_response() {
var vobj = "v"+obj;
if(http.readyState == 4) {
	if(http.status == 200) {
		var data = http.responseText.split(",");
		if(data[0] == 2) {		// no data -- do nothing
		} else if(data[0] == 0) {	// good data -- show check
			document.getElementById(vobj).innerHTML = "<img class=\"form_img\" src=\"../images/yes.png\"/>";
		} else {		// bad data -- show x and response
			document.getElementById(vobj).innerHTML = data[1]+" <img class=\"form_img\" src=\"../images/no.png\"/>";
		}
	} else {
		document.getElementById(vobj).innerHTML = "No server response.";
		//document.getElementsByName(obj)[0].className = "maybe";
	}
} else {
	document.getElementById(vobj).innerHTML = 'Checking...';
	//document.getElementsByName(obj)[0].className = "maybe";
}
}

/***** REGISTER *****/
function register_response() {
obj = 'message';	// set div id
var msg = '';
if(http.readyState == 4) {
	if(http.status == 200) {
		var data = http.responseText;
		document.getElementById(obj).innerHTML = data;
	} else {
		document.getElementById(obj).innerHTML = "Unable to complete request.";
	}
} else {
	document.getElementById(obj).innerHTML = "Working";
}
}


/********************************************************************************
***** CHECK FUNCTIONS ***********************************************************
********************************************************************************/

/* EMAIL */
function check_email() {
url = "../Scripts/form_check.php";
obj = "email";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value;
	send_post(params,"form_response"); }
}

/* USR */ 
function check_usr() {
url = "../Scripts/form_check.php";
obj = "usr";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value;
	send_post(params,"form_response"); }
}

/* FIRST */
function check_first() {
url = "../Scripts/form_check.php";
obj = "first";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value;
	send_post(params,"form_response"); }
}

/* LAST */
function check_last() {
url = "../Scripts/form_check.php";
obj = "last";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value;
	send_post(params,"form_response"); }
}

/* PASSWORD */
function check_password() {
url = "../Scripts/form_check.php";
obj = "password";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value;
	send_post(params,"form_response"); }
}
function check_confirm() {
url = "../Scripts/form_check.php";
obj = "confirm";
obj2 = "password";
if(document.getElementsByName(obj)[0].value != '') {
	var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value+
		"&data2="+document.getElementsByName(obj2)[0].value;
	send_post(params,"form_response"); }
}

/* REGISTER */
function register() {
url = "../Scripts/register.php";

if(document.getElementsByName('usr')[0].value != 0 &&
		document.getElementsByName('email')[0].value != 0 &&
		document.getElementsByName('first')[0].value != 0 &&
		document.getElementsByName('last')[0].value != 0) {
	params = "usr="+document.getElementsByName('usr')[0].value+
		"&email="+document.getElementsByName('email')[0].value+
		"&first="+document.getElementsByName('first')[0].value+
		"&last="+document.getElementsByName('last')[0].value;
	send_post(params,"register_response");
}
}

/* LOGIN */
function login() {
url = "../Scripts/login.php";

if(document.getElementsByName('name')[0].value != 0 &&
	document.getElementsByName('password')[0].value != 0) {
	params = "name="+document.getElementsByName('name')[0].value+
		"&password="+document.getElementsByName('password')[0].value;

	send_post(params,"register_response");
}
}

muppetjones · March 4, 2008

Here's the form_check.php

<?php

require_once("../Classes/Sys.php");
require_once("../Classes/Usr.php");
require_once("../Classes/UsrDB.php");

session_start();
header("Cache-control: private"); 

$db = new UsrDB($_SESSION['sys'],$_SESSION['usr']);

$return = "1,Invalid data";

if($_POST['data'] == '') {
echo "2,No data";
}

switch($_POST['object']) {
case "usr":
	if($db->verify_usr($_POST['data'])) {
		$return = "1,Existing user name"; }
	else {
		$return = "0,Available user name"; }
	break;
case "email":
	$find = "/[\w\d\_\-\.]*\@[\w\d\_\-\.]*\.(com|edu|gov|net|co)/";
	if(!preg_match($find,$_POST['data'])) {
		$return = "1,Invalid email"; }
	else {
		if($db->verify_email($_POST['data'])) {
			$return = "1,Existing email"; }
		else {
			$return = "0,Available email"; }
	}
	break;
case "first":
case "last":
	$find = "/[^a-zA-Z]/";
	if(preg_match($find,$_POST['data'])) {
		$return = "1,Invalid string"; }
	else {
		$return = "0,Valid string"; }
	break;
case "password":
	$find = "/\s/";
	if(preg_match($find,$_POST['data'])) {
		$return = "1,Invalid password"; }
	else {
		$return = "0,Valid password"; }
	break;
case "confirm":
	if($_POST['data'] == $_POST['data2']) {
		$return = "0,Passwords match"; }
	else {
		$return = "1,Passwords don't match"; }
	break;
default:
	break;
}

echo $return;

?>

muppetjones · March 4, 2008

Here's UsrDB.php:

<?php

require_once('BasicDB.php');	

class UsrDB extends BasicDB {	

/* CLASS VARIABLES */
protected $group;	// denotes project & permissions set
private $system;	// instance of the system class
private $user;	// instance of the user class
private $webmaster;	// email to send error messages to
private $date;	// date
private $day;	// day
private $time;	// time

/* PUBLIC FUNCTIONS */

/*********************************************************************** 
***** CONSTRUCTOR & DESTRUCTOR ***************************************** 
***********************************************************************/

/*********************************************************************** 
Constructor
	input: instance of the system and user classes
	output: none */
public function __construct($sys,$usr) {	
	$this->system	= $sys;	// System class
	$this->user		= $usr;	// Usr class
	$this->group 	= $this->system->group();	// GET system group
	$this->day		= date("Y:m:d");	
	$this->time		= date("H:i:s");	
	$this->date		= $day."::".$time;	
	$this->webmaster = "webmaster@------.com";	
}	 // END Constructor

public function __destruct() {	}	


/*********************************************************************** 
***** ERROR HANDLING FUNCTIONS ***************************************** 
***********************************************************************/

/*********************************************************************** 
Write_log($m)
	input: instruction (Error,LogIN,LogOUT,etc.), and message
	output: TRUE / FALSE
	*/
public function write_log($instruction,&$msg) {	
	/* LOG MESSAGE QUERY */
	$query = sprintf("INSERT INTO log (ses_id, log_date, log_time, log_msg, log_instruction)
		VALUES ( '%s', '%s', '%s', '%s', '%s' )",					// CREATE mysql query
			$this->system->id(),
			$this->day,
			$this->time,
			$msg,
			$instruction);	
	if(!$this->insert($query)) {	// IF our query has errors
		$to	= $this->webmaster;	
		$subj	= "[".$this->group."] Error";	
		$msg = "Function: write_log\n".
			"Problem: Unable to write to database\n".
			"Date: ".$this->date."\n".
			"User: ".$this->user->name();	
		$from	= "From: ".$this->webmaster;	
		mail($to,$subj,$msg,$from);	//	--NOTIFY the webmaster
		return false;	//	--RETURN FALSE
	}	

	return true;	// RETURN true
}	 // END log_err


/*********************************************************************** 
***** USRDB METHODS **************************************************** 
***********************************************************************/

/*********************************************************************** 
login()
	input: user name and password
	output: true if success, false if fail */
public function login($u,$p) {	
	$msg = '';	
	$row;	

	$usr_name = $this->mysql_safe($u);	// SECURE input data
	$usr_pass = $this->mysql_safe(sha1($p));	// SECURE & ENCRYPT data
	if(!$usr_name || !$usr_pass) {	 return false;	 }	// IF no good, RETURN false

	$query = sprintf("SELECT u.usr_id ".							// QUERY test for valid login
				"FROM pswd p, usr u ".
				"WHERE u.usr_name = %s AND u.usr_id = p.usr_id AND p.p_pswd = %s",
				$usr_name,
				$usr_pass);	
	if(!($row = $this->select($query))) {	 return false;	 }	 	// RUN query, RETURN false if no good
	$id = $row['usr_id'];	// SAVE the user id

	$query = sprintf("SELECT g.usrg_rank ".	// QUERY get user rank
				"FROM usr u, usr_grp g ".
				"WHERE u.usr_ID = %s AND u.usr_id = g.usr_id AND g.usrg_grp = %s",
				$this->user->id(),
				$this->group);	
	if(!($row = $this->select($query))) {	// IF user not in group
		$query = sprintf("INSERT INTO usr_grp (usr_id,usrg_grp,usrg_rank) ".		//	--QUERY add user as entry lvl
					"VALUES (%d,'%s',%d)",
					$id,
					$this->group,
					1);	
		if(!$this->insert($query)) {	 return false;	 }	//	--RUN query, RETURN false if no good
		$this->user->rank(1);	//	--SET user rank to one
	}	 else {	
		$this->user->rank($row['usrg_rank']);	// ELSE set rank
	}	
	$this->user->id($id);	// SET id
	$this->user->name($usr_name);	// SET name

	$this->session();	// LOG session data
	$this->write_log("Log","IN ".$this->user->name());	// LOG log in
	return true;	// RETURN true
}	 // END login

/*********************************************************************** 
logout()
	input: none
	output: none
	result: */
public function logout() {	
	$this->system->__destruct();	// KILL system instance
	unset($this->system);	// UNSET system instance
	$this->write_log("Log","OUT ".$this->user->name());	// LOG log out
}	 // END logout

/*********************************************************************** 
register()
	input: array of user name, first & last name, and email
	output: true if success, false if fail */
public function register($input_array) {	
	$usr 		= $this->mysql_safe($input_array['usr']);	// SECURE user input
	$first	= $this->mysql_safe($input_array['first']);	
	$last		= $this->mysql_safe($input_array['last']);	
	$email	= $this->mysql_safe($input_array['email']);	
	$msg		= '';	
	$row;	

	$query = sprintf("INSERT INTO usr (usr_name,usr_fname,usr_lname,usr_email)
		VALUES (%s,%s,%s,%s)",					// QUERY add user
			$usr,
			$first,
			$last,
			$email);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE if bad

	$query = sprintf("SELECT usr_id FROM usr WHERE usr_name = %s",$usr);	// QUERY get user id
	if(!($row = $this->select($query))) {	 return false;	 }	// RUN query, FALSE if bad
	$id = $row['usr_id'];	// SAVE user id

	$password = $this->random_password();	// CREATE random password
	$query = sprintf("INSERT INTO pswd (p_pswd,usr_id) VALUES ('%s',%d)",	// QUERY add encrypted password
			sha1($password),
			$id);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE if bad

	$query = sprintf("INSERT INTO usr_grp (usr_id,usrg_grp,usrg_rank) ".	// QUERY insert user into group
				"VALUES (%d,'%s',%d)",
			$id,
			$this->group,
			1);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE if bad

	$query = sprintf("INSERT INTO usr_meta (usr_id) VALUES (%d)",	// QUERY add user row in meta table
		$id);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE if bad

	$this->welcome($email,$usr,$password);	// SEND welcome email with password
	$this->write_log("Register",$usr);	// LOG register

	return true;	
}	 // END register

/*********************************************************************** 
session()
	input: none
	output: TRUE / FALSE */
public function session() {	
	if(!$this->system->verify_id() || !$this->system->verify_ip()) {	// IF we still have the same creds
		$this->logout();	//	--LOGOUT
		return false;	}	//	--RETURN false

	// Add session to database
	$query = sprintf("INSERT INTO session (usr_id,ses_grp,ses_ip,ses_addr,ses_php,ses_date,ses_time)
		VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s' )",	// QUERY add session data
			$this->user->id(),
			$this->group,
			$this->system->ip(),
			$this->system->addr(),
			$this->system->id(),
			$this->day,
			$this->time);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE if bad
	return true;	// RETURN true
}	 // END session

/*********************************************************************** 
welcome
	input: email, user name, password
	output: welcome email and password email  */
public function welcome($email,$usr,$password) {	
	$to	= $email;	
	$subj = "Welcome to ".$this->group;	
	$from	= "From: ".$this->webmaster;	
	$msg	= "
		Dear $usr,

		Thank you for signing up with ".$this->group."!

		For security reasons, your password has been sent to you in a
		different email. If you choose, you may log in and change your
		password to something you may remember more easily.

		Keep in mind that our site does not use cookies, so you will
		need to remember your password. A few password tips may be found
		here <http://www.microsoft.com/protect/yourself/password/create.mspx>.

		We would also like to remind you that your email will only be used
		to contact or identify you from this site. We will never sell nor give* your
		information to anyone.

		Please feel free to contact us if you need anything!

		Cheers,
		The ".$this->group." team



		*Unless an extreme security issue arises;	 an example would be information
		or copyright theft.

		---------------------------------------------------------------

		If you feel you are receiving this email in error (i.e. you have 
		not registered, changed your email, or changed your password)
		please let us know ASAP by contacting ".$this->webmaster." or
		contacting us through our webpage.
		";	
	mail($to,$subj,$msg,$from);	// SEND welcome email
	mail($to,$subj,$password,$from);	// SEND password email
	return true;	// RETURN true
}	// END welcome


/*********************************************************************** 
***** VERIFY FUNCTIONS ************************************************* 
***********************************************************************/

/*********************************************************************** 
verify_email
	input: email
	output: true | false */
public function verify_email($email) {	
	$email = $this->mysql_safe($email);	// SECURE user input
	$query = sprintf("SELECT usr_id FROM usr WHERE usr_email = %s",	// QUERY check if email is in database
				$email);	
	if(!($row = $this->select($query))) {	 return false;	 }	// RUN query, FALSE if not
	else {	 return true;	 }	// TRUE if it is
}	

/*********************************************************************** 
verify_usr
	input: user name
	output: true | false   */
public function verify_usr($usr) {	
	$usr = $this->mysql_safe($usr);	// SECURE user input
	$query = sprintf("SELECT usr_id FROM usr WHERE usr_name = %s",	// QUERY check if user name is in database
				$usr);	
	if(!($row = $this->select($query))) {	 return false;	 }	// RUN query, FALSE if not
	else {	 return true;	 }	// TRUE if it is
}	

/*********************************************************************** 
***** UPDATE FUNCTIONS ************************************************* 
***********************************************************************/

/*********************************************************************** 
change_password
	input: old password, new password, confirm password
	output: true | false   */
public function change_password($old,$new,$confirm) {	
	if(!verify_id() || !verify_ip()) {	 return false;	}	// VERIFY our credentials

	$old = $this->mysql_safe(sha1($old));	// SECURE user input
	$new = $this->mysql_safe(sha1($new));	
	$confirm = $this->mysql_safe(sha1($confirm));	

	$query = sprintf("SELECT u.usr_id ".	// QUERY valid login
				"FROM pswd p, usr u ".
				"WHERE u.usr_name = '%s' AND u.usr_id = p.usr_id AND p.p_pswd = %s",
				$this->user->name(),
				$old);	
	if(!($row = $this->select($query))) {	 return false;	 }	// RUN query, FALSE if bad
	$id = $row['usr_id'];	// SAVE user id

	// Test new password
	if($new != $confirm) {	 return false;	 }	// IF new pass don't match, FALSE
	$query = sprintf("UPDATE pswd ".			// QUERY update new password 
				"SET p_pswd = %s ".
				"WHERE usr_id = %d ",
				$new,
				$id);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE on fail

	$this->write_log("Password","Change: ".$this->user->name());	// LOG password change
	return true;	// RETURN true
}	

/*********************************************************************** 
new_password
	input: email
	output: welcome message with new password    */
public function new_password($email) {	
	$safe = $this->mysql_safe($email);	// SECURE user input
	$query = sprintf("SELECT usr_name FROM usr WHERE usr_email = %s",		// QUERY verify email
				$safe);	
	if(!($row = $this->select($query))) {	 return false;	 }	 	// RUN query, FALSE on fail
	$usr = $row['usr_name'];	// SAVE user name

	$password = $this->random_password();	// GENERATE random password
	$this->welcome($email,$usr,$password);	// SEND user email
	$this->write_log("Password","New: ".$usr);	// LOG new password
	return true;	// RETURN true
}	

/*********************************************************************** 
update_email()
	input: email
	output: true | false  */
public function update_email($email) {	
	$safe = $this->mysql_safe($email);	// SECURE user input
	$query = sprintf("UPDATE usr ".	// QUERY update email
		"SET usr_email = %s ".
		"WHERE u.usr_name = '%s'",
				$safe,
				$this->usr->name());	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE on fail

	$this->new_password($email);	// VERIFY new email, SEND new password
	$this->write_log("Email","Update: ".$this->usr->name());	// LOG email update
	return true;	// RETURN true
}	

/*********************************************************************** 
update_rank()
	input: user name, new rank
	output: true | false		*/
public function update_rank($usr_name, $rank) {	
	if($this->user->rank() < 3) {	 return false;	 }	// ADMIN function only
	$query = sprintf("UPDATE usr_grp g, usr u ".	// QUERY update user rank
		"SET g.usrg_rank = %d ".
		"WHERE u.usr_name = '%s' AND u.usr_id = g.usr_id",
				$rank,
				$usr_name);	
	if(!$this->insert($query)) {	 return false;	 }	// RUN query, FALSE on fail
	$this->write_log("Rank","$usr_name to $rank by ".$this->usr->name());	// LOG rank change
	return true;	// RETURN true
}	


/*********************************************************************** 
***** GET FUNCTIONS **************************************************** 
***********************************************************************/

/*********************************************************************** 
email_users()
	input: none
	output: email to all users of given rank		*/
public function email_users() {	
	if($this->user->rank() < 3) {	 return false;	 }	// ADMIN function only

	$subj = func_get_arg(0);	// GET subject
	$msg = func_get_arg(1);	// GET mesage
	$from = "From: ".$this->webmaster;	// ASSIGN from
	if(func_num_args() == 3) {	// IF rank was included
		$min_rank = func_get_arg(2);	 }	//	--GET rank
	else {	 $min_rank = 1;	 }	// ELSE set to all users

	$list = get_list("usr_email",$min_rank);	// GET all emails above rank
	$to = join(",",$list);	// JOIN email array to string

	mail($to,$subj,$msg,$from);	// SEND mail to all users
	$this->write_log("Email","Everyone $rank, from: ".$this->usr->name());	// LOG mass email
	return true;	// RETURN true
}	

/*********************************************************************** 
get_hash()
	input: desired attribute, minimum rank (opt)
	output: hash of user names 

	TEMPORARILY DISABLED --> NOT IN USE

public function get_user_hash() {	 return $this->get_hash("usr_name");	 }	// ALIAS for get_hash USER
public function get_email_hash() {	 return $this->get_hash("usr_email");	 }	// ALIAS for get_hash EMAIL
public function get_hash() {	
	$val = func_get_arg(0);	// SAVE desired attribute
	if(func_num_args() == 2) {	// IF more input
		$min_rank = func_get_arg(1);	 }	//	--SAVE desired rank
	else {	 $min_rank = 1;	 }	// ELSE get all ranks
	$query = sprintf("SELECT %s FROM usr WHERE usr_rank >= %d",						// QUERY get all rows
				$val,
				$min_rank);	
	$list = $this->select_simple_hash($query);	// SAVE rows as a hash
	return $list;	// RETURN hash
}	 // END get_list

/*********************************************************************** 
get_list()
	input: desired attribute, minimum rank (opt)
	output: array of user names */
public function get_user_list() {	 return $this->get_list("usr_name");	 }	// ALIAS for get_list USER
public function get_email_list() {	 return $this->get_list("usr_email");	 }	// ALIAS for get_list EMAIL
public function get_list() {	
	$val = func_get_arg(0);	// SAVE desired attribute
	if(func_num_args() == 2) {	// IF more input
		$min_rank = func_get_arg(1);	 }	//	--SAVE desired rank
	else {	 $min_rank = 1;	 }	// ELSE get all ranks
	$query = sprintf("SELECT %s FROM usr WHERE usr_rank >= %d",	// QUERY get all rows
				$val,
				$min_rank);	
	if(!($list = $this->select_simple_list($query))) {	 return false;	 }	// SAVE rows as a array, FALSE on fail
	return $list;	// RETURN array
}	 // END get_list

/*********************************************************************** 
get_fulllist()
	input: none
	output: array of user names 

	TEMPORARILY DISABLED --> NOT IN USE

public function get_fulllist() {	
	$query = sprintf("SELECT usr_lname,usr_fname,usr_name,usr_email,usrg_rank ".
				"FROM usr u, usr_grp g ".		// QUERY all attributes
				"WHERE u.usr_id = g.usr_id AND g.usrg_grp = %s ".
				"ORDER BY g.usrg_rank,u.usr_lname",
				$this->group);	
	if(!($list = $this->select_complex_list($query))) {	 return false;	 }	// RUN query, FALSE on fail	
	return $list;	// RETURN array
}	 // END get_fulllist

/*********************************************************************** 
random_password()
	input: none
	output: password generated */
public function random_password() {	
								// CREATE character arrays
	$letters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');	
	$numbers = array('1','2','3','4','5','6','7','8','9','0');	
	$symbols = array('!','@','#','$','%','^','&','*','(',')','<','>','.','?','/',':','{	','}	',',','.',';	','|','+','=','~');	
	$length 	= 10;	
	$password = '';	

	for($i = 0;	 $i <= $length;	 $i++) {	// LOOP for given length
		$set = mt_rand(0,2);	// CHOOSE which array to use
		if($set == 0) {	// IF letters
			$char = mt_rand(1,count($letters));	//	--GENERATE a random value
			$char--;	// --DECREMENT (to fit in array index)
			$password .= $letters[$char];	// --ADD to password
		}	 else if($set == 1) {	// IF numbers
			$char = mt_rand(1,count($numbers));	//	--see above
			$char--;	
			$password .= $numbers[$char];	
		}	 else if($set == 2) {	// IF symbols
			$char = mt_rand(1,count($symbols));	// -- see above
			$char--;	
			$password .= $symbols[$char];	
		}	 else {	}	
	}	

	return $password;	// RETURN password
}	 // END random_password

}	 // END CLASS

?>

muppetjones · March 4, 2008

Here's BasicDB.php:

<?php

class BasicDB {	

/* CLASS VARIABLES */
private $date;	// Date in Y:m:d::H:i:s form
private $day;	// Day in Y:m:d form
private $system;	// instance of the system class
private $time;	// Time in H:i:s form
private $webmaster;	// Email to send error notifications to

/* CLASS FUNCTIONS */

/*********************************************************************** 
***** CONSTRUCTOR & DESTRUCTOR ***************************************** 
***********************************************************************/

/*********************************************************************** 
Constructor
	input: instance of the system class
	output: none */
public function __construct($sys) {	
	$this->day		= date("Y:m:d");	
	$this->time		= date("H:i:s");	
	$this->date		= $day."::".$time;	
	$this->system	= $sys;	
	$this->webmaster = "webmaster@-------.com";	
}	 // END Constructor

/*********************************************************************** 
***** ERROR HANDLING FUNCTIONS ***************************************** 
***********************************************************************/

/*********************************************************************** 
$this->err($msg)
	input: error message
	output:	email to the webmaster 
				write to log 					*/
public function err($msg) {	
	$to	= $this->webmaster;	// assign To:
	$subj	= "[".$this->group."] Error";	// assign Subject:
	$msg .= "\n".$this->date;	// assign Message:
	$from	= "From: ".$this->webmaster;	// assign From:
	mail($to,$subj,$msg,$from);	// send mail
	$this->write_log("Error",$msg);	// log error
}	 // END $this->err()

/*********************************************************************** 
***** MYSQL FUNCTIONS ************************************************** 
***********************************************************************/

/*********************************************************************** 
DB_connect()
	input: none
	output: link resource */
public function db_connect() {	

	/* Squeeze of Lime server info*/
	$server = "----------";	
	$usr = '----------';	
	$pswd = '----------';	
	$db = '----------';	

	// opening db connection
	$link = mysql_connect($server,$usr,$pswd);	// OPEN mysql connection
	if(!$link) {	// IF no connection 
		$this->err("db_connect(): Unable to connect to db.");	//	--REPORT error
		return false;	//	--RETURN false
	}	 else {	 }	// ELSE continue

	$dbselect = mysql_select_db($db, $link);	// SELECT database
	if(!$dbselect) {	// IF no selection
		$this->err("db_connect(): Unable to select db.");	//	--REPORT error
		return false;	//	--RETURN false
	}	 else {	 }	// ELSE continue

	return $link;	// RETURN link resource
}	 // END db_connect()


/*********************************************************************** 
insert
	input: mysql query string (insert, delete, or update)
	output: query result (false on fail, true on success) 	*/
public function insert($query) {	
	return $this->result($query,1,0);	// CALL result function
}	

/*********************************************************************** 
select
	input: mysql query string (select)
	output: query result (false on fail, single result on success)  */
public function select($query) {	
	return $this->result($query,0,0);	// CALL result function
}	 // END select

/*********************************************************************** 
select_simple_list
	input: mysql query string (select)
	output: query result (false on fail, array of single field on success) */
public function select_simple_list($query) {	
	return $this->result($query,0,1);	// CALL result function
}	 // END select_simple_list

/*********************************************************************** 
result
	input: mysql query string, boolean, boolean
	output: */
public function result($query,$insert,$list) {	
	$count = 0;	// RESET count
	$link = $this->db_connect();	// GET a database link
	$data;	// INITIALIZE variable

	if(!$link) {	// IF we still don't connect
		$msg = "Function: check_result\n".	//	--CREATE error message
			"Problem: ".mysql_error()."\n".
			"Date: ".$this->date."\n";	
		$this->err($msg);	//	--REPORT error
		$this->logout();	//	--LOGOUT
		return false;	 }	//	--RETURN FALSE

	$count = 0;	// RESET count
	$result = mysql_query($query,$link);	// QUERY database
	if(!$result) {	// IF no result,
		$msg = "Function: check_result\n".	//	--CREATE error message
			"Problem: ".mysql_error()."\n".
			"Date: ".$this->date."\n".
			"Query: $query";	
		$this->err($msg);	//	--REPORT error
		$this->logout();	//	--LOGOUT
		return false;	 }	//	--RETURN FALSE

	if($insert) {	// IF an insert type query
		if(mysql_affected_rows() == 0) {	//	--CHECK for affected rows
			return false;	 }	//	--NONE? return false
		$data = true;	//	--OTHERWISE return true
	}	 else {	// ELSE a select type query
		if(mysql_num_rows($result) == 0) {	//	--CHECK for number of rows
			return false;	 }	//	--NONE? return false
		else if($list) {	//	--ELSE IF we want a list
			while($row = mysql_fetch_row($result)) {	//	--LOOP through the rows returned
				$data[] = $row[0];	 }	//	--SAVE first value in array
		}	 else {	//	--ELSE we want a single value
			$data = mysql_fetch_assoc($result);	//	--SAVE the query result
		}	
		mysql_free_result($result);	// FREE the result
	}	

	mysql_close($link);	// CLOSE database link
	return $data;	// RETURN our query data (if good result)
}	


/*********************************************************************** 
***** SAFE FUNCTIONS *************************************************** 
***********************************************************************/

/*********************************************************************** 
Mysql_safe($val)
	input: a string
	output: a safe, mysql 'executable' version of the string, in quotes
	note: (adapted from php.net) */
public function mysql_safe($value) {	
	$link = $this->db_connect();	// GET a database link
	if (get_magic_quotes_gpc()) {	 $value = stripslashes($value);	 }	// IF gmqg is turned on, USE it
	if (!is_numeric($value)) {	// IF its not a number
		$value = "\"" . mysql_real_escape_string($value,$link) . "\"";	 }	//	--ESCAPE and put in quotes
	return $value;	//	--RETURN our safe string
}	 // END mysql_safe

/*********************************************************************** 
Mysql_safe_nq($val)
	input: a string
	output: a safe, mysql 'executable' version of the string, W/O quotes
	note: (adapted from php.net) */
public function mysql_safe_nq($value) {	
	$link = $this->db_connect();	// GET a database link
	if (get_magic_quotes_gpc()) {	 $value = stripslashes($value);	 }	// IF gmqg is turned on, USE it
	if (!is_numeric($value)) {	// IF its not a number
		$value = mysql_real_escape_string($value,$link);	 }	//	--ESCAPE the string
	return $value;	//	--RETURN our safe string
}	 // END mysql_safe

}	 // END CLASS

?>

Sign In

Help! I'm in over my head

Recommended Posts

muppetjones

Link to comment

Share on other sites

muppetjones

Link to comment

Share on other sites

muppetjones

Link to comment

Share on other sites

muppetjones

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information