MDCode

Doesn't work again. Someone keeps entering ' as password, making it \' as the password. It seems you can not update the password as well as I tried to revert it back to "test"

If a user were to clear their cookies they could simply log in and view the page again, thus incrementing it as many times as they want

This isn't really a big issue, but when logging in with invalid credentials, the error message seems a bit annoying. The placement and color do not match the site imo. Also it gets overlapped by "Login:"

I can not find any security vulnerabilities. However, before assessing completely, the errors of not being able to view/edit/delete pages with special characters needs to be fixed.

Invalid login

Make sure you filter that with mysql_real_escape_string or it will be a security risk.

If you have any html before the header location, it will give that error.

I am making a survey feature for my website. Nothing is wrong with the current security (that I know of :s) I was actually wondering what I could do to improve the security. Sorry for the lack of organization I have no code editor on this computer. submit_survey.php <?php require('check/ip_check.php'); if($id == "1"){ if($ip_check != "0") { echo "<p>Error: You have already taken this survey.<br>"; echo "<a href='../index.php'>Back</a></p>"; die; } else { if($_POST['agree'] == "Yes") { } else if($_POST['agree'] == "No") { } else { echo "<p>Error: Please select an answer for question 1<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } if($_POST['placement'] == "") { echo "<p>Error: Please enter text for question 2<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } if($_POST['different_location'] == "Yes") { if($_POST['location'] == ""){ echo "<p>Error: It seems you selected yes for question 3. Please enter text for question 4.<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } } else if($_POST['different_location'] == "No") { } else { echo "<p>Error: Please select an answer for question 3<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } include('add_survey1.php'); } } else { echo "Error: Invalid survey id"; } ?> Both ip_check.php (One for selecting survey, other for if a user were to make their own form and submit) <?php session_start(); require('../config.php'); $ip = $_SERVER['REMOTE_ADDR']; include('connection.php'); $getid = mysql_real_escape_string($_GET['id']); $sql ="SELECT * FROM Survey_Responses WHERE `ip` = '$ip' AND `id` = '$getid'"; $result = @mysql_query($sql, $connection) or die(mysql_error()); $ip_check = mysql_num_rows($result); ?> add_survey1.php <?php session_start(); require('../config.php'); include('connection.php'); $ip = $_SERVER['REMOTE_ADDR']; $question1 = htmlentities($_POST['agree'], ENT_QUOTES); $question1 = mysql_real_escape_string($question1); $question2 = htmlentities($_POST['placement'], ENT_QUOTES); $question2 = mysql_real_escape_string($question2); $question3 = htmlentities($_POST['different_location'], ENT_QUOTES); $question3 = mysql_real_escape_string($question3); $question4 = htmlentities($_POST['location'], ENT_QUOTES); $question4 = mysql_real_escape_string($question4); $question5 = htmlentities($_POST['other_locations'], ENT_QUOTES); $question5 = mysql_real_escape_string($question5); $sql ="INSERT INTO Survey_Responses VALUES('1', '$question1', '$question2', '$question3', '$question4', '$question5', '$ip')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); echo "Thank you for taking our survey. Your answers have been successfully recorded."; ?> Any help would be appreciated

Oops i put if (!error) instead of if (!$error) works perfectly now thank you all so much

Ty for that explanation...sorry I'm fairly new to php heres the update. It seems I can now send to Admins and have admin error displayed but neither for Users if($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } // changed if (!error) { //And now we stick the message in the database with all the correct information mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error()); //Add 1 to the pm count, update the reciever with the new pm count $pm_count++; mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'"); }

if($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else {

I have added an else if to the Users group check now nothing works.

Basicly my site has a ranking system. If a user ranks up certain extras will be added to their account. Right now I am just testing this feature. And there is an option to delete

No mysql errors displayed

ok so im making a basic private message system. I have been experimenting with using user group types to limit the amount of messages they can have. My issue is that when the form is submitted it is not sent or error reporting for Administrators but will report error for users and will not send. here is the sending code: <?php if (isset($_POST['Submit'])) { include ('check/group_check.php'); } $user = $_SESSION['user_name']; include 'db.php'; if(!$user) { echo "<br><p>Error: Not logged in</p><br>"; } else { $sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$user'"); $row = mysql_fetch_array ($sql); $pm_count = $row['pm_count']; $percent = $pm_count/'50'; $percent = $percent * '100'; ?> <br> <center> <b><p><a href="index.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b> <b><p><?php echo "$pm_count"." of 50 Total | "."$percent"."% full"; ?></p></b> </center> <br> <?php $reciever = $_POST['username']; $subject = $_POST['subject']; $message = $_POST['message']; $error = '0'; if(!$reciever AND !$subject AND !$message) { ?> <p><b>Please compose a message.</b></p> <br> <?php } else { if (!$reciever) { $error = 'You must enter a reciever to your message'; } if (!$subject) { $error = 'You must enter a subject'; } if (!$message) { $error = 'You must enter a message'; if($error != '0') { echo "<p>$error</p><br>"; } else { $user_check = mysql_query("SELECT username FROM authorize WHERE username='$reciever'"); $user_check = mysql_num_rows($user_check); if($user_check > '0') { $time = $_SESSION['time']; if($time > '0') { $old_time = $time; } $time = date('is'); $difference = $time - $old_time; $_SESSION['time'] = $time; if($difference >= '15') { $sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$reciever'"); $row = mysql_fetch_array ($sql); $pm_count = $row['pm_count']; if ($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The user you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else { mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error()); $pm_count++; mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'"); } echo "<p><b>You have successfully sent a private message!</b></p><br>"; } else { $error = 'You must wait 15 seconds before sending another private message'; } } else { $error = 'That username does not exist, please try again. Remember to check your spelling, and don\'t make stuff up at random.'; } } } if($error != '0') { echo "<p>$error</p><br>"; } else { ?> <form name="send" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <table width="80%"> <tr> <td width="150px" align="left" valign="top"><p>Username</p></td> <td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"; ?>"></td> </tr> <tr> <td width="150px" align="left" valign="top"><p>Subject</p></td> <td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>"></td> </tr> <tr> <td width="150px" align="left" valign="top"><p>Message Body</p></td> <td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="Submit" value="Send Message"></td> </tr> </table> </center> </form> <?php } } ?> $group_check is working properly so i have no idea what the problem could be