I have a piece of code that works weird. Sometimes it works, sometimes it doesn’t. The server has an absolutely ancient copy of PHP (5.1.6, five years, but with security fixes that were manually included by Red Hat).
Here's the code, including the debug lines I currently have:
<?php
include_once('json-functions.php');
$uid = $_POST['uid'];
$salted = false;
if(isset($_POST['salted'])){ $salted = true; }
if(is_null($uid) || $uid === ''){
$details = array(
'error' => 1,
'errorMessage' => 'No unique ID entered. Please try again.',
);
json_print($details);
}
$pattern = '/^[a-f0-9]{64}$/i';
if(preg_match($pattern, $uid) === 0){
$details = array(
'error' => 2,
'errorMessage' => 'Invalid unique ID.',
);
json_print($details);
}
include_once('../db.php');
header('Content-Type: text/plain');
var_dump($salted);
var_dump($uid);
if(!$salted){ $uid = hash('sha256', $salt.$uid); }
var_dump($uid);
$SQL = 'SELECT ';
$SQL .= 'p.patronID AS patronID, ';
$SQL .= 'uniqueID, ';
$SQL .= 'status, ';
$SQL .= 'active, ';
$SQL .= 'd.name AS department, ';
$SQL .= 'docdelivery, ';
$SQL .= 'terms, ';
$SQL .= 'copyright, ';
$SQL .= 'lastLogin, ';
$SQL .= 'updated, ';
$SQL .= 'TIMESTAMPDIFF(MINUTE, lastLogin, NOW()) AS recency, ';
$SQL .= 'DATEDIFF(NOW(), updated) AS stale, ';
$SQL .= 'AES_DECRYPT(first, ?) AS first, ';
$SQL .= 'AES_DECRYPT(last, ?) AS last, ';
$SQL .= 'AES_DECRYPT(barcode, ?) AS barcode, ';
$SQL .= 'INET_NTOA(AES_DECRYPT(ip, ?)) AS ip, ';
$SQL .= 'AES_DECRYPT(email, ?) AS email, ';
$SQL .= 'AES_DECRYPT(phone, ?) AS phone, ';
$SQL .= 'AES_DECRYPT(address1, ?) AS address1, ';
$SQL .= 'AES_DECRYPT(address2, ?) AS address2, ';
$SQL .= 'AES_DECRYPT(city, ?) AS city, ';
$SQL .= 'AES_DECRYPT(state, ?) AS state, ';
$SQL .= 'AES_DECRYPT(zip, ?) AS zip ';
$SQL .= 'FROM patrons p, departments d ';
$SQL .= 'WHERE department = d.deptID ';
$SQL .= 'AND uniqueID = ?';
$query = $DB->prepare($SQL);
$p = array(
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$uid,
);
$query->execute($p);
$result = $query->fetch();
var_dump($result);
print "\n\n";
var_dump($DB->errorInfo());
exit;
Here is an example output when it works correctly:
bool(true)
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
array(46) {
["patronID"]=>
string(1) "126"
[0]=>
string(1) "126"
["uniqueID"]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
[1]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
["status"]=>
string(1) "4"
[2]=>
string(1) "4"
["active"]=>
string(1) "1"
[3]=>
string(1) "1"
*** snip! ***
[21]=>
string(2) "TX"
["zip"]=>
string(5) "78623"
[22]=>
string(5) "78623"
}
array(1) {
[0]=>
string(5) "00000"
}
And here is an example output when it fails:
bool(true)
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
bool(false)
array(1) {
[0]=>
string(5) "00000"
}
I can’t understand why it works for SOME uids, but not for others. In addition, in the second example, the result set appears FALSE, but the database reports error 00000, which means "no errors." I already checked whether the request was prepared correctly, and this is in both cases.
What am I missing here?