database gotcha new code any inprovements welcome

[redarrow]

This script is a one page database gotcha for login arth

 

can anyone add any more secuity to it please.........

 

please try before re coding cheers....

 

datababse

create database test;
create table gotcha(id int not null primary_key auto_increment,
                            number varchar(100) not null,
                            date int not null);

 

<?php session_start(); // start session.....


// datbase connection..........

$db=mysql_connect("localhost","username","password");
$db_result=mysql_select_db("captcha",$db);

// make sure there a database connection

if(!$db_result){

echo "DATABASE CONNECTION PROBLAM";

die;
}


// post number randomly

$number=mysql_real_escape_string($_POST['number']);


// make number round.

$number=rand(000000,999999);	


// if a number isset........

if(isset($number)){


// post date with database protection.........

$date=mysql_real_escape_string($_POST['date']);	


// date as timestamp 

$date=time();	

// md5 number 

$numbers=MD5($number);

// insert number and date

$query="INSERT INTO sec (number,date) values('$numbers',$date)";
$result=mysql_query($query)or die(mysql_error());	

}

// if post submit from form....

if($_POST['submit']){

// post num as md5

$num=MD5($_POST['num']);

// select num from database.......

$query2="SELECT * FROM sec WHERE number='$num'";

$result2=mysql_query($query2)or die (mysql_error());

// if there is a result of 1

if(mysql_num_rows($result2)==1){


//send them to google if there number is correct....

$v=header("location: http://www.google.com");


// delete num from database.

$delete1="DELETE from sec WHERE number='$num'";

$delete_result1=mysql_query($delete1) or die (mysql_error());


// unset a session cmd

unset($_SESSION['cmd']);


}else{

// delete everthink from databse if the number is wrong........

$delete2="DELETE from sec";

$delete_result2=mysql_query($delete2) or die (mysql_error());


// send them back to the same page.........

header("location: http://simpleforum.ath.cx/gotcha.php");   

// set session cmd

$_SESSION['cmd']="Wrong secuity number try agin please......";

}
}

// if cmd

if($_SESSION['cmd']){

// echo cmd.......

echo $_SESSION['cmd'];
}

// echo v ........

echo $v;

?>

<form method="POST" action=" ">

<br></br>

<?php echo $number; ?>

<br><br>

Secuity number please.....

<br><br>

<input type="text" name="num">

<br><br>

<input  type="submit" name="submit" value="Submit Form">

</form>

 

[Psycho]

I see problems right at the beginning and stopped looking through the rest of the code.

<?php
// post number randomly

$number=mysql_real_escape_string($_POST['number']);


// make number round.

$number=rand(000000,999999);	


// if a number isset........

if(isset($number)){

?>

 

That makes no sense. The code first sets $number based upon $_POST['number']

 

Then regardless if there is any value or not it is reset to rand(000000,999999)

 

Then there is this IF statement if(isset($number))

 

But that will ALWAYS be true duve to the random number assigned in the previous step. Seems to be some logic problems here.

[redarrow]

The code flow is correct becouse number needs

posting and the if is there for code flow what you on about.........

 

the code works fine need more secuity m8........

[redarrow]

the first post for number is for the form not md5 ok

[Psycho]

the first post for number is for the form not md5 ok

 

But, the value gets overwritten on the very next line of code. So, the line

$number=mysql_real_escape_string($_POST['number']);

is of no use.

[redarrow]

agree deleted cheers going mad lol...........

 

anythink elese mate.............