ABVFP ADD and ALTER problems

dannysheps@hotmail.com · #1 04-05-2008, 06:34 PM

Naval

my code doesnt allow me to ADD or ALTER the DB tables

can you take a look and tell me why ?
after you told me to download the new one in order to save the path to uploaded images it doesnt ALTER or ADD a new table

Code:

<?php
# ----------------------------------------------------
# -----
# ----- This script was created by DB Technosystems.com
# -----
# ----- http://www.dbtechnosystems.com
# -----
# ----------------------------------------------------
error_reporting(55);
session_start();
$_SESSION[error] = "";
$error = "";
$length_array = array ("A" => "30", "B" => "60", "C" => "200", "D" => "500", "E" => "65536", "F" => "30", "G" => "60", "H" => "200", "J" => "500", "I" => "65536", "e" => "100");
if ($_SERVER['REQUEST_METHOD'] != 'POST'){
$error = "No direct access is allowed!";
include("dbts_ABVFP_errorpage.php");
exit;
}
function RecursiveMkdir($path)
{
    if (!file_exists($path)) {
        RecursiveMkdir(dirname($path));
        mkdir($path, 0777);
    }
}
require ("dbts_ABVFP_config.php");
$dbts_Formid = $_POST['Formid'];
$ndformurl1 = $_SERVER['HTTP_REFERER'];
if ($dbts_Formid == "") {
$error = "I cannot process the form. The form has not been correctly setup. !";
include ("dbts_ABVFP_errorpage.php");
exit;
}
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
$error = "Could not connect to the Database Server. Please check user details !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
mysql_select_db($db_name, $db);
if (!mysql_select_db($db_name, $db)) {
$error = "Could not select Database. Please check user details !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
$query = "SELECT Formname, Site, Formurl, Max_filesize, Uploadfolder, Emailaddress, EmailSubject, Emailheader, Emailfooter, Thankyoupage, Errorpage, Autoresponder, Include_email, Autoresponder_EmailSubject, Autoresponder_From, Autoresponder_Emailheader, Autoresponder_Emailfooter, Database_Store FROM ABVFP_Forms WHERE Formid= '$dbts_Formid'";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row =="") {
$error = "I cannot process the form. The form has not been correctly setup. !";
mysql_close($db);
include ("dbts_ABVFP_errorpage.php");
exit;
}
// -------- RECEIVIMG CONFIGURATION VARIABLES FROM THE DB -----------

$ndsite = $row[Site] ;
$ndformurl = $row[Formurl] ;
$ndfilesize = $row[Max_filesize] ;
$ndmailsubject = $row[EmailSubject] ;
$ndmailfirstline = $row[Emailheader] ;
$ndmaillastline = $row[Emailfooter] ;
$autoresponderfirstline = $row[Autoresponder_Emailheader] ;
$autoresponderlastline = $row[Autoresponder_Emailfooter] ;
$autoresponder = $row[Autoresponder] ;
$autoresponderfrom = $row[Autoresponder_From] ;
$autorespondersubject = $row[Autoresponder_EmailSubject] ;
$nduploadfolder = $row[Uploadfolder] ;
$returnpage = $row[Thankyoupage] ;
$errorpage = $row[Errorpage] ;
$ndmailaddress = $row[Emailaddress] ;
$ndincludeemail = $row[Include_email] ;
$ndDatabase_Store = $row[Database_Store] ;
//Captcha Verification
if (isset($_POST['captcha_code'])) {
if (isset($_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt']) {
  unset($_POST['captcha_code'],$_SESSION['random_txt']);
}
else {
 $_SESSION[error] = "The verification code you have entered is not correct! Please go back and try again.";
  header("Location: $errorpage");
  exit;
}
}

//Finding out if there are more than email addresses to receive the email

$ndmailaddress1 = explode(",", $ndmailaddress);
//Setting the autoresponder "From" email address
if (count($ndmailaddress1 ==0))
{
$ndmailaddress2 = $ndmailaddress;
}
if (count($ndmailaddress1 >=1)) {
$ndmailaddress2 = $ndmailaddress1[0];
}
// Fix the path if www. is missing or we are in the index page
// This is to avoid common error with www. missing, or Form URL containing the "index.html" etc.
// It also strips the slash if the referer is the index page, common error when the user doesn't add the slash in the form URL field.

if (substr($ndformurl1, 0, 7) == "http://" and substr_count($ndformurl1, 'http://www.') == 0) {
$ndformurl1 = "<A href="http://www.".substr($ndformurl1">http://www.".substr($ndformurl1, 7, strlen($ndformurl1)-7);
}
if (substr($ndformurl1, -1, 1) == "/") {
$ndformurl1 = substr($ndformurl1, 0, strlen($ndformurl1)-1);
}
if (substr_count($ndformurl1 , '/index') > 0) {
$ndformurl2 = explode("/index", $ndformurl1 );
$ndformurl1 = $ndformurl2[0];
}
if (substr($ndformurl, 0, 7) != "http://") {
$ndformurl = "<A href="http://".$ndformurl">http://".$ndformurl;
}
if (substr_count($ndformurl , '/index') > 0) {
$ndformurl2 = explode("/index", $ndformurl );
$ndformurl = $ndformurl2[0];
}
if (substr($ndformurl, -1, 1) == "/") {
$ndformurl = substr($ndformurl, 0, strlen($ndformurl)-1);
}
if ($ndformurl1 != "") {
if ($ndformurl1 != $ndformurl) {
$error = "Illegal Form Submission \n";
}
}
// -------- RECEIVIMG FIELDNAMES VALUES AND VALIDATION DETAILS------

$internalfields = array ("submit", "reset", "formid","send", "captcha_code");
$i = "0";
reset ($HTTP_POST_VARS);
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
    if (!in_array(strtolower($key), $internalfields)) {
        $fieldname = trim($key);
        $fieldlenght = strlen(trim($key));
        $realfieldlength = $fieldlenght;
        if (substr($fieldname, -3, 1) == "-") {
            $ndLast = substr($fieldname, -1, 1);
            if ($ndLast == "R") {
                $R[$i] = "R";
                $V[$i] = substr($fieldname, -2, 1);
            } else {
                $V[$i] = substr($fieldname, -1, 1);
                $R[$i] = substr($fieldname, -2, 1);
            }
            $realfieldlength = $fieldlenght-3;
        }
  if (substr($fieldname, -2, 1) == "-") {
            $ndLast = substr($fieldname, -1, 1);
            if ($ndLast == "R") {
                $R[$i] = "R";
            } else {
                $V[$i] = substr($fieldname, -1, 1);
            }
            $realfieldlength = $fieldlenght-2;
            }
 
// ------ Checking for multiple Choice Values ---------
         @$fieldvalue = $_POST[$key];
         if (is_array($fieldvalue)) {
@$fieldvalue = @implode(", ",$_POST[$key]);
         }
// ----Setting the clear Field Names and Values-------
        $fieldname = substr($key, 0, $realfieldlength);
  if ($fieldname == "Email")
  {
        $ndemail = $fieldvalue;
        }
        $ndfieldname[] = addslashes($fieldname);
        $ndfieldname_final[] = ucwords(str_replace("_", " ", $fieldname));
        $ndfieldvalue[] = $fieldvalue;
        $i = $i + 1 ;
           }
}
// ------RECEIVING FILE VARIABLES--------------------
reset ($_FILES);
$i = 0;
while (list ($key, $val) = each ($_FILES)) {
if ($_FILES[$key]['name']!="") {
    $upload_Name1 = ($_FILES[$key]['name']);
    $upload_Name[] = str_replace(" ", "_", $upload_Name1);
    $upload_Size[] = ($_FILES[$key]['size']);
    $upload_Temp[] = ($_FILES[$key]['tmp_name']);
    $upload_Type[] = ($_FILES[$key]['type']);
    $uploadlink[] = "$nduploadfolder/$upload_Name[$i] \n";
    $ndfieldname[] = $key;
    $ndfieldname_final[] = ucwords(str_replace("_", " ", $key));
    $ndfieldvalue[] = $uploadlink[$i];
    // if the upload succeded, the file will exist
      if (file_exists($upload_Temp[$i])){
         // check to make sure that it is an uploaded file and not a system file
         if(is_uploaded_file($upload_Temp[$i])){
            // open the file for a binary read
            $file = fopen($upload_Temp[$i],'rb');
            // read the file content into a variable
            $data1 = fread($file,filesize($upload_Temp[$i]));
            // close the file
            fclose($file);
            // now we encode it and split it into acceptable length lines
            $data[] = chunk_split(base64_encode($data1));
         }
    $i = $i + 1;
}
}
 
// checking for validation and injection
$crack_value = urldecode($ndfieldvalue[$i]);
if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {
$error .= "The field $ndfieldname[$i] contained e-mail headers in the value submitted.
  This seems to be a cracking attempt and the message has not been sent.!\n";
  echo "Fieldvalue = $ndfieldvalue[$i] <br>";
}
 
 
// Check for required fields
if ($R[$i] == "R") {
        if (strlen($ndfieldvalue[$i]) == 0) {
            $error .= "The field $ndfieldname[$i] is missing !\n";
        }
    }
// Check for Email field
    if ($V[$i] == "e") {
    if (trim($ndfieldvalue[$i]) != "") {
    $fieldtype[$i] = "VARCHAR (100)" ;
        if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', $ndfieldvalue[$i])) {
            $error .= "Your $ndfieldname[$i] field (email address) seems incorrect !\n";
        }
        if (substr_count($ndfieldvalue[$i] , '@') > 1) {
            $error .= "The field $ndfieldname[$i] can only contain the @ character once !\n";
        }
}
}
// Check for Length, Validation type, and set the DB column type
if ($V[$i] !="" and $V[$i] !="N" and $V[$i] !="e") {
    if ($length_array[$i] <= 255) {
    $column_type = "VARCHAR";
    }
    else {
    $column_type = "TEXT";
    }
    $fieldtype[$i] = $column_type."(".$length_array[$V[$i]].")" ;
        if (strlen($ndfieldvalue[$i]) > $length_array[$V[$i]]) {
            $error .= "The field $ndfieldname[$i] must be less than ".$length_array[$V[$i]]." characters !\n";
  }
  if ($V[$i] =="A" or $V[$i] =="B" or $V[$i] =="C" or $V[$i] =="D" or $V[$i] =="E") {
        if (substr_count($ndfieldvalue[$i] , '@') > 0 or substr_count($ndfieldvalue[$i] , 'http://') >0 or substr_count($ndfieldvalue[$i] , 'www.') > 0 ) {
            $error .= "The field $ndfieldname[$i] cannot contain the '@', 'http://' and 'www.' characters !\n";
        }
}
  if ($V[$i] =="F" or $V[$i] =="G" or $V[$i] =="H" or $V[$i] =="J" or $V[$i] =="I") {
        if (substr_count($ndfieldvalue[$i] , '@') > 1 or substr_count($ndfieldvalue[$i] , 'http://') >1 or substr_count($ndfieldvalue[$i] , 'www.') > 1 ) {
            $error .= "The field $ndfieldname[$i] cannot contain the '@', 'http://' and 'www.' characters more than once!\n";
        }
}

}
// Check for Numeric field
    if ($V[$i] == "N") {
    if ($ndfieldvalue[$i] != "") {
                       if (!is_numeric($ndfieldvalue[$i])) {
            $error .= "The field $ndfieldname[$i] should be only numbers / No spaces allowed  $nerror  !\n";
        }
  }
$fieldtype[$i] = "VARCHAR (30)";
    }
 
if ($V[$i] =="") {
    $fieldtype[$i] = "VARCHAR (250)";
    }
}
    // ------------CHECKING FOR MAX UPLOADED FILE SIZE ----------------------
$ndfilesize1= $ndfilesize*1024;
for ($i = 0; $i < count($upload_Name); $i++) {
      if ($upload_Name[$i] != "" ) {
       if ($upload_Size[$i] >= $ndfilesize1) {
       $error .= "The size of $upload_Name[$i] is bigger than the allowed $ndfilesize Kb !\n";
       }
      }

}
// If there is an error, send to the errorpage
if ($error != "") {
$_SESSION[error] = $error;
header("Location: $errorpage");
echo "Error = $error <br> Errorpage = $errorpage";
exit;
}
//--------- Move the files to destination----------------
$nduploadfolder1 = basename($nduploadfolder);
for ($i = 0; $i < count($upload_Name); $i++) {
if ($upload_Size[$i] < $ndfilesize1 and $upload_Size[$i] >0)
{
$uploadFile = "$nduploadfolder1/".$upload_Name[$i];
if (!is_dir(dirname($uploadFile)))
  {
    @RecursiveMkdir(dirname($uploadFile));
  }
else
  {
  @chmod(dirname($uploadFile), 0777);
  }
@move_uploaded_file( $upload_Temp[$i] , $uploadFile);
chmod($uploadFile, 0644);
}
}
//------------- Find Server date and Time--------------------
 $date = date("l jS F Y, g:i A");
    $Submission_Date = date("d/m/Y");
//----------------- Find Browser and IPaddress --------------
$browser =$_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
 
 
// ----  STORING FIELD VALUES IN THE DATABASE TABLE ---------------
if ($ndDatabase_Store == "Yes") {
$dbts_table = "_Form_Nr_$dbts_Formid";
// Check if the table exists already ------------

$result = mysql_list_tables($db_name);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$key= "Tables_in_$db_name";
 $tablename[] = $row[$key];
}
if (!in_array($dbts_table, $tablename)) {
$query = "CREATE TABLE `$dbts_table` (";
$query .='`Record_Nr` INT  NOT NULL AUTO_INCREMENT PRIMARY KEY, ';
 for ($i = 0; $i < (count($ndfieldname)); $i++)  {
//$ndmailbody .= "$ndfieldname[$i] = $ndfieldvalue[$i] \r\n";
$ndfieldname_tolower = strtolower($ndfieldname[$i]);
$query .= "`$ndfieldname_tolower` $fieldtype[$i], ";
}
$query .='`Submission_Date` VARCHAR (20),';
$query .='`IP_Address` VARCHAR (15)';
$query .=' )'
       . ' ENGINE = myisam;';
}

if (mysql_query($query, $db)){
$message = "Installation completed";
}
else {
$_SESSION[error] = "There has been an unknown error during Form Table creation. Invalid Query = $query: Please contact support at info@dbtechnosystems.com";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}

// Check if the field exists in the table, to avoid crashes
$result = mysql_list_fields($db_name, $dbts_table, $db);
$fieldnumber = mysql_num_fields($result);
for ($i = 0; $i < $fieldnumber; $i++) {
$fieldstable[$i] = strtolower(mysql_field_name($result, $i));
$last_useful = $fieldnumber - 3;
}
//--- check if all fields exist in the database or columns have to be added

for ($i = 0; $i < (count($ndfieldname)); $i++) {
$ndfieldname_tolower = strtolower($ndfieldname[$i]);
$query = 'ALTER TABLE `'.$dbts_table.'` ';
if (!in_array($ndfieldname_tolower,$fieldstable)) {
$query .= 'ADD `'.$ndfieldname_tolower.'` '.$fieldtype[$i].' AFTER `'.$fieldstable[$last_useful].'`;';
$result = mysql_query($query);
if (!$result) {
$_SESSION[error] = "There has been an unknown error during Column addition. Invalid Query = $query   .Please contact support at info@dbtechnosystems.com";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
}
$fieldstable[] = $ndfieldname_tolower;
}

@$query = "INSERT INTO `$dbts_table`(";
for ($i = 0; $i < count($ndfieldname); $i++) {
$dbfield = strtolower($ndfieldname[$i]);
//$dbvalue = $ndfieldvalue[$i];
if (in_array($dbfield,$fieldstable)) {
@$query .= "`$dbfield` ,";
}
}
@$query .= "`Submission_Date` ,";
@$query .= "`IP_Address` ";
@$query .= ")";

@$query .= "VALUES (";
for ($i = 0; $i < count($ndfieldname); $i++) {
$dbfield = strtolower($ndfieldname[$i]);
if (in_array($dbfield,$fieldstable)) {
@$query .= "\"$ndfieldvalue[$i]\",";
}
}
@$query .= "\"$Submission_Date\",";
@$query .= "\"$ip\"";
@$query .= ")" ;

$db = mysql_connect($db_host, $db_user, $db_password);
if (!$db) {
$_SESSION[error] = "There has been a connection problem at line 572:".  mysql_error()."Please contact support at info@dbtechnosystems.com";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
$db_selected = mysql_select_db($db_name, $db);
if (!$db_selected) {
$_SESSION[error] = "There has been a connection problem at line 577:".  mysql_error().". Please contact support at info@dbtechnosystems.com";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
//insert new record
$result = mysql_query($query);
if (!$result) {
$_SESSION[error] = "There has been a DB problem at line 588: Query=$query".mysql_error().". Please contact support at info@dbtechnosystems.com";
mysql_close($db);
header("Location: dbts_ABVFP_errorpage.php");
exit;
}
mysql_close($db);
}
 
// ------------Building the mail ----------------------
if ($ndemail == "") {
$ndemail = $ndmailaddress2;
}

 // generate a random string to be used as the boundary marker
   $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
   // now we'll build the message headers
   $ndmailhead = "From: $ndemail\r\n" .
        "MIME-Version: 1.0\r\n" .
        "Content-Type: multipart/mixed;\r\n" .
        " boundary=\"{$mime_boundary}\"";

for ($i = 0; $i < count($ndfieldname); $i++) {
$ndmailbody .= "$ndfieldname_final[$i] = \t".stripslashes($ndfieldvalue[$i])." \r\n";
}
$ndmailbody1 .= "$ndmailfirstline \r\n"
. "$ndmailbody \r\n"
. "$ndmaillastline \r\n"
. "-----------------------------------------------------------\n"
. "Date of submission    : $date\r\n"
. "Browser               : $browser\r\n"
. "IP address            : $ip\r\n";
 
$ndmailbody1 = "This is a multi-part message in MIME format.\n\n" .
      "--{$mime_boundary}\n" .
      "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
      "Content-Transfer-Encoding: 7bit\n\n" .
   $ndmailbody1 . "\n\n";
   // now we'll process our uploaded files
   if (count($upload_Name)>0) {
for ($i = 0; $i < count($upload_Name); $i++){
         // now we'll insert a boundary to indicate we're starting the attachment
         // we have to specify the content type, file name, and disposition as
         // an attachment, then add the file content.
         // NOTE: we don't set another boundary to indicate that the end of the
         // file has been reached here. we only want one boundary between each file
         // we'll add the final one after the loop finishes.

$type = $upload_Type[$i];
$name = $upload_Name[$i];
$ndmailbody1 .= "--{$mime_boundary}\n" .
            "Content-Type: {$type};\n" .
            " name=\"{$name}\"\n" .
            "Content-Disposition: attachment;\n" .
            " filename=\"{$fileatt_name}\"\n" .
            "Content-Transfer-Encoding: base64\n\n" .
         $data[$i] . "\n\n";
      }
   }
   // here's our closing mime boundary that indicates the last of the message
   $ndmailbody1.="--{$mime_boundary}--\n";
 
for ($i = 0; $i <= count($ndmailaddress1); $i++){
mail($ndmailaddress1[$i], $ndmailsubject, $ndmailbody1, $ndmailhead);
}
if ($autoresponder == "Yes")
 {
if ($ndincludeemail == "Yes") {
$ndfromaddress = $ndmailaddress2;
}
else {
 $ndfromaddress = "no_reply@";
if (substr_count($ndsite , 'http://www.') == 1) {
 $ndfromaddress .= substr($ndsite, 11, strlen($ndsite)-11) ;
 }
else if (substr_count($ndsite , 'http://') == 1) {
 $ndfromaddress .= substr($ndsite, 7, strlen($ndsite)-7) ;
 }
else if (substr_count($ndsite , 'www.') == 1) {
 $ndfromaddress .= substr($ndsite, 4, strlen($ndsite)-4) ;
 }
else{
 $ndfromaddress .= $ndsite;
}
}
$ndmailsubject = $autorespondersubject;
$ndmailbody = "";
 for ($i = 0; $i < (count($ndfieldname) - count($upload_Name)); $i++)  {
$ndmailbody .= "$ndfieldname_final[$i] = ".stripslashes($ndfieldvalue[$i])." \r\n";
}
if (count($upload_Name)>0) {
$ndmailbody .= "You have also uploaded the following files: \r\n";
for ($i = 0; $i < count($upload_Name); $i++){
$k = $i +1;
$ndmailbody .= "File $k : $upload_Name[$i] \r\n" ;
 }
 }
$ndmailsubject = $autorespondersubject;
$ndmailhead  = "MIME-Version: 1.0\r\n";
$ndmailhead .= "From: $autoresponderfrom < $ndmfromaddress >" . "\r\n";
$ndmailbody1 = "$autoresponderfirstline\n"
. "$ndmailbody\r\n"
. "$autoresponderlastline\r\n"
. "-----------------------------------------------------------\r\n"
. "Time of submission : $date\r\n"
. "-----------------------------------------------------------\r\n";
mail($ndemail, $ndmailsubject, $ndmailbody1, $ndmailhead);
 }
header("Location: $returnpage");
?>
 
 
?>

thank you

navaldesign · #2 04-05-2008, 10:03 PM

Which part doesn't work ?

If you have not made any changes to ABVFP, please replace it entirely with the last version, available from my website. If you have made changes, you will need to make them again in the new code.

dannysheps@hotmail.com · #3 04-06-2008, 01:18 AM

will try to redownload it indeed

does your new code still will save the path to uploaded files ?

thanks

navaldesign · #4 04-06-2008, 07:45 AM

Yes, it does.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)